@ateriss_/aiv-cli 0.1.0

package/src/agents/base.ts

@@ -0,0 +1,125 @@
+import { AgentResult, AgentFinding, PRDiff, AivRules } from '../types';
+import { LLMProvider } from '../providers/base';
+
+export interface AgentContext {
+  projectContext: string;
+  rules: AivRules;
+  diff: PRDiff;
+}
+
+export abstract class BaseAgent {
+  abstract readonly agentName: string;
+  abstract readonly systemPrompt: string;
+
+  constructor(protected provider: LLMProvider) {}
+
+  async run(ctx: AgentContext): Promise<AgentResult> {
+    const userMessage = this.buildUserMessage(ctx);
+
+    const response = await this.provider.complete(
+      [{ role: 'user', content: userMessage }],
+      this.systemPrompt,
+      4096,
+    );
+
+    return this.parseResponse(response.content);
+  }
+
+  protected buildUserMessage(ctx: AgentContext): string {
+    const rulesSection = JSON.stringify(ctx.rules, null, 2);
+    const filesSummary = ctx.diff.files
+      .map(f => `${f.status.toUpperCase()} ${f.filename} (+${f.additions}/-${f.deletions})`)
+      .join('\n');
+
+    const patches = ctx.diff.files
+      .filter(f => f.patch)
+      .map(f => `### ${f.filename}\n\`\`\`diff\n${f.patch}\n\`\`\``)
+      .join('\n\n');
+
+    return `## PR: #${ctx.diff.pr.number} — ${ctx.diff.pr.title}
+
+**Author:** ${ctx.diff.pr.author}
+**Branch:** ${ctx.diff.pr.branch} → ${ctx.diff.pr.base}
+**Description:** ${ctx.diff.pr.description ?? 'No description provided.'}
+
+---
+
+## Project Context
+${ctx.projectContext}
+
+---
+
+## Business Rules (from .aiv/rules.yml)
+\`\`\`json
+${rulesSection}
+\`\`\`
+
+---
+
+## Files Changed (${ctx.diff.files.length} files)
+${filesSummary}
+
+---
+
+## Diff
+${patches}
+
+---
+
+Analyze the above and return a JSON response matching this schema:
+{
+  "summary": "string — concise summary of your findings",
+  "findings": [
+    {
+      "severity": "critical|high|medium|low|info",
+      "category": "string",
+      "title": "string",
+      "description": "string",
+      "file": "string (optional)",
+      "suggestion": "string (optional)"
+    }
+  ],
+  "riskScore": 0-100,
+  "possibleRegressions": ["string"]
+}
+
+Return ONLY valid JSON. No markdown fences, no explanation outside the JSON.`;
+  }
+
+  protected parseResponse(raw: string): AgentResult {
+    let parsed: any;
+
+    try {
+      const cleaned = raw.replace(/```json\n?/g, '').replace(/```\n?/g, '').trim();
+      parsed = JSON.parse(cleaned);
+    } catch {
+      return {
+        agentName: this.agentName,
+        findings: [{
+          severity: 'info',
+          category: 'parse-error',
+          title: 'Could not parse agent response',
+          description: raw.slice(0, 500),
+        }],
+        summary: 'Agent returned unparseable response.',
+        riskScore: 0,
+      };
+    }
+
+    const findings: AgentFinding[] = (parsed.findings ?? []).map((f: any) => ({
+      severity: f.severity ?? 'info',
+      category: f.category ?? 'general',
+      title: f.title ?? 'Untitled',
+      description: f.description ?? '',
+      file: f.file,
+      suggestion: f.suggestion,
+    }));
+
+    return {
+      agentName: this.agentName,
+      findings,
+      summary: parsed.summary ?? '',
+      riskScore: Math.max(0, Math.min(100, parseInt(parsed.riskScore ?? '0'))),
+    };
+  }
+}

package/src/agents/business.ts

@@ -0,0 +1,32 @@
+import { BaseAgent } from './base';
+import { LLMProvider } from '../providers/base';
+
+export class BusinessReviewer extends BaseAgent {
+  readonly agentName = 'business';
+
+  readonly systemPrompt = `You are a senior business analyst and domain expert performing a code review.
+
+Your job is to analyze Pull Request changes STRICTLY from a business and domain perspective.
+
+Focus on:
+- Business logic correctness: does the code behave as the domain requires?
+- Domain rule violations: are any business invariants broken?
+- Functional regressions: could this break existing behavior users depend on?
+- Side effects on other business flows (billing, notifications, state machines, etc.)
+- Missing required steps (auditing, logging, approvals, notifications)
+- Incorrect calculations, status transitions, or conditional logic
+- Data integrity concerns (missing validations, incorrect defaults)
+
+You are NOT a linter, NOT a security scanner. You analyze MEANING, not syntax.
+
+If the rules.yml specifies required_calls or required_checks for a module, verify they are present.
+
+Be concrete. Reference specific lines or functions when relevant.
+Assign a riskScore from 0 (no risk) to 100 (critical business risk).
+
+Return only valid JSON as specified.`;
+
+  constructor(provider: LLMProvider) {
+    super(provider);
+  }
+}

package/src/agents/index.ts

@@ -0,0 +1,4 @@
+export { BaseAgent } from './base';
+export { BusinessReviewer } from './business';
+export { ArchitectureReviewer } from './architecture';
+export { SecurityReviewer } from './security';

package/src/agents/security.ts

@@ -0,0 +1,33 @@
+import { BaseAgent } from './base';
+import { LLMProvider } from '../providers/base';
+
+export class SecurityReviewer extends BaseAgent {
+  readonly agentName = 'security';
+
+  readonly systemPrompt = `You are a senior application security engineer performing a code review.
+
+Your job is to analyze Pull Request changes for security vulnerabilities and risks.
+
+Focus on:
+- Authentication and authorization flaws (missing checks, privilege escalation)
+- Injection vulnerabilities (SQL, NoSQL, command, LDAP, template injection)
+- Insecure direct object references (IDOR)
+- Sensitive data exposure (logging secrets, returning PII, insecure storage)
+- Cryptographic issues (weak algorithms, hardcoded secrets, insecure RNG)
+- Input validation gaps (missing sanitization, unsafe deserialization)
+- Race conditions or TOCTOU vulnerabilities
+- Broken access control in API endpoints
+- SSRF, path traversal, open redirects
+- Dependency security (new packages with known issues)
+
+Mark findings involving sensitive_modules from the rules with higher severity.
+
+Be precise: name the vulnerability class (OWASP), the file, and the specific line or pattern.
+Assign a riskScore from 0 (no security issues) to 100 (active vulnerability, block immediately).
+
+Return only valid JSON as specified.`;
+
+  constructor(provider: LLMProvider) {
+    super(provider);
+  }
+}

package/src/cache/index.ts

@@ -0,0 +1,47 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { getAivDir } from '../config';
+
+const CACHE_DIR = 'cache';
+const TTL_MS = 1000 * 60 * 60; // 1 hour
+
+export class Cache {
+  private readonly dir: string;
+
+  constructor(cwd: string = process.cwd()) {
+    this.dir = path.join(getAivDir(cwd), CACHE_DIR);
+    if (!fs.existsSync(this.dir)) {
+      fs.mkdirSync(this.dir, { recursive: true });
+    }
+  }
+
+  get<T>(key: string): T | null {
+    const file = this.keyPath(key);
+    if (!fs.existsSync(file)) return null;
+
+    try {
+      const raw = JSON.parse(fs.readFileSync(file, 'utf8'));
+      if (Date.now() - raw.ts > TTL_MS) {
+        fs.unlinkSync(file);
+        return null;
+      }
+      return raw.data as T;
+    } catch {
+      return null;
+    }
+  }
+
+  set<T>(key: string, data: T): void {
+    fs.writeFileSync(this.keyPath(key), JSON.stringify({ ts: Date.now(), data }), 'utf8');
+  }
+
+  invalidate(key: string): void {
+    const file = this.keyPath(key);
+    if (fs.existsSync(file)) fs.unlinkSync(file);
+  }
+
+  private keyPath(key: string): string {
+    const safe = key.replace(/[^a-zA-Z0-9_-]/g, '_');
+    return path.join(this.dir, `${safe}.json`);
+  }
+}

package/src/cli/banner.ts

@@ -0,0 +1,32 @@
+import chalk from 'chalk';
+
+// Read version at runtime to avoid stale compiled value
+function getVersion(): string {
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const pkg = require('../../package.json') as { version: string };
+    return pkg.version;
+  } catch {
+    return '0.1.0';
+  }
+}
+
+const ART = `
+ █████╗ ██╗    ██████╗ ██████╗     ██████╗ ███████╗██╗   ██╗██╗███████╗██╗    ██╗███████╗██████╗
+██╔══██╗██║    ██╔══██╗██╔══██╗    ██╔══██╗██╔════╝██║   ██║██║██╔════╝██║    ██║██╔════╝██╔══██╗
+███████║██║    ██████╔╝██████╔╝    ██████╔╝█████╗  ██║   ██║██║█████╗  ██║ █╗ ██║█████╗  ██████╔╝
+██╔══██║██║    ██╔═══╝ ██╔══██╗    ██╔══██╗██╔══╝  ╚██╗ ██╔╝██║██╔══╝  ██║███╗██║██╔══╝  ██╔══██╗
+██║  ██║██║    ██║     ██║  ██║    ██║  ██║███████╗ ╚████╔╝ ██║███████╗╚███╔███╔╝███████╗██║  ██║
+╚═╝  ╚═╝╚═╝    ╚═╝     ╚═╝  ╚═╝    ╚═╝  ╚═╝╚══════╝  ╚═══╝  ╚═╝╚══════╝ ╚══╝╚══╝ ╚══════╝╚═╝  ╚═╝`;
+
+export function printBanner(): void {
+  // Skip banner when output is piped or --json is requested
+  if (!process.stdout.isTTY || process.argv.includes('--json')) return;
+
+  const version = getVersion();
+
+  console.log(chalk.cyan(`\n    AIV V${version} BETA`));
+  console.log(chalk.cyan(ART));
+  console.log(chalk.dim('                                                                              by Ateriss'));
+  console.log(chalk.white.bold('  AI  Pull Request Reviewer\n'));
+}

package/src/cli/commands/agents.ts

@@ -0,0 +1,49 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { table } from 'table';
+import { t } from '../../i18n';
+
+export function agentsCommand(): Command {
+  return new Command('agents')
+    .alias('a')
+    .description('List available AI review agents')
+    .action(() => {
+      const tr = t();
+      const agents = [
+        { name: 'business',     desc: tr.agentBusinessDesc, focus: tr.agentBusinessFocus },
+        { name: 'architecture', desc: tr.agentArchDesc,     focus: tr.agentArchFocus },
+        { name: 'security',     desc: tr.agentSecDesc,      focus: tr.agentSecFocus },
+      ];
+
+      console.log(chalk.bold(tr.agentsTitle));
+
+      const rows = agents.map(a => [
+        chalk.cyan(a.name),
+        a.desc,
+        chalk.dim(a.focus),
+      ]);
+
+      const header = [
+        chalk.bold(tr.agentsColAgent),
+        chalk.bold(tr.agentsColDesc),
+        chalk.bold(tr.agentsColFocus),
+      ];
+
+      console.log(table([header, ...rows], {
+        border: {
+          topBody: '─', topJoin: '┬', topLeft: '╭', topRight: '╮',
+          bottomBody: '─', bottomJoin: '┴', bottomLeft: '╰', bottomRight: '╯',
+          bodyLeft: '│', bodyRight: '│', bodyJoin: '│',
+          joinBody: '─', joinLeft: '├', joinRight: '┤', joinJoin: '┼',
+        },
+        columns: [
+          { width: 14 },
+          { width: 44, wrapWord: true },
+          { width: 52, wrapWord: true },
+        ],
+        columnDefault: { paddingLeft: 1, paddingRight: 1 },
+      }));
+
+      console.log(chalk.dim(`  ${tr.agentsFooter}\n`));
+    });
+}