@ateriss_/aiv-cli 0.1.0

package/src/config/index.ts

@@ -0,0 +1,241 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as yaml from 'js-yaml';
+import { GlobalConfig, RepoConfig, ResolvedConfig, AivRules, GithubAccount, CustomProviderConfig } from '../types';
+import { t } from '../i18n';
+
+// ─── Paths ─────────────────────────────────────────────────────────────────────
+
+export function globalAivDir(): string {
+  return path.join(os.homedir(), '.aiv');
+}
+
+export function globalConfigPath(): string {
+  return path.join(globalAivDir(), 'config.yml');
+}
+
+export function getAivDir(cwd: string = process.cwd()): string {
+  return path.join(cwd, '.aiv');
+}
+
+export function configPath(cwd?: string): string {
+  return path.join(getAivDir(cwd), 'config.yml');
+}
+
+export function rulesPath(cwd?: string): string {
+  return path.join(getAivDir(cwd), 'rules.yml');
+}
+
+export function contextPath(cwd?: string): string {
+  return path.join(getAivDir(cwd), 'context.md');
+}
+
+export function treePath(cwd?: string): string {
+  return path.join(getAivDir(cwd), 'tree.json');
+}
+
+// ─── State checks ──────────────────────────────────────────────────────────────
+
+export function isInitialized(cwd?: string): boolean {
+  return fs.existsSync(configPath(cwd));
+}
+
+export function isGlobalSetup(): boolean {
+  return fs.existsSync(globalConfigPath());
+}
+
+// ─── Global config (~/.aiv/config.yml) ────────────────────────────────────────
+
+export function loadGlobalConfig(): GlobalConfig {
+  const file = globalConfigPath();
+  if (!fs.existsSync(file)) return { ...DEFAULT_GLOBAL_CONFIG };
+  const parsed = yaml.load(fs.readFileSync(file, 'utf8')) as GlobalConfig;
+  parsed.github ??= DEFAULT_GLOBAL_CONFIG.github;
+  parsed.github.accounts ??= {};
+  return parsed;
+}
+
+export function saveGlobalConfig(config: GlobalConfig): void {
+  const dir = globalAivDir();
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(globalConfigPath(), yaml.dump(config, { lineWidth: 120 }), 'utf8');
+}
+
+// ─── Repo config (.aiv/config.yml) ────────────────────────────────────────────
+
+export function loadRepoConfig(cwd?: string): RepoConfig {
+  const file = configPath(cwd);
+  if (!fs.existsSync(file)) return {};
+  return yaml.load(fs.readFileSync(file, 'utf8')) as RepoConfig;
+}
+
+export function saveRepoConfig(config: RepoConfig, cwd?: string): void {
+  fs.writeFileSync(configPath(cwd), yaml.dump(config, { lineWidth: 120 }), 'utf8');
+}
+
+// ─── Rules (always per-repo) ───────────────────────────────────────────────────
+
+export function loadRules(cwd?: string): AivRules {
+  const file = rulesPath(cwd);
+  if (!fs.existsSync(file)) return {};
+  return yaml.load(fs.readFileSync(file, 'utf8')) as AivRules;
+}
+
+export function saveRules(rules: AivRules, cwd?: string): void {
+  fs.writeFileSync(rulesPath(cwd), yaml.dump(rules, { lineWidth: 120 }), 'utf8');
+}
+
+// ─── Resolution ───────────────────────────────────────────────────────────────
+
+export function resolveConfig(cwd?: string): ResolvedConfig {
+  const global = loadGlobalConfig();
+  const repo = loadRepoConfig(cwd);
+
+  const accountName = repo.github?.account ?? global.github.default_account ?? 'default';
+  const account: GithubAccount =
+    global.github.accounts[accountName] ??
+    global.github.accounts[global.github.default_account] ??
+    Object.values(global.github.accounts)[0] ??
+    { token_env: 'GITHUB_TOKEN' };
+
+  const globalReview = global.review ?? DEFAULT_GLOBAL_CONFIG.review!;
+
+  const gProviders = global.providers ?? DEFAULT_GLOBAL_CONFIG.providers;
+
+  return {
+    lang: global.lang ?? 'en',
+    providers: {
+      default: gProviders.default ?? 'claude',
+      fallback: gProviders.fallback ?? [],
+      agents: gProviders.agents ?? {},
+    },
+    claude:           global.claude           ?? DEFAULT_GLOBAL_CONFIG.claude!,
+    openai:           global.openai           ?? DEFAULT_GLOBAL_CONFIG.openai!,
+    gemini:           global.gemini           ?? DEFAULT_GLOBAL_CONFIG.gemini!,
+    custom_providers: global.custom_providers ?? {},
+    review: {
+      max_tokens: repo.review?.max_tokens ?? globalReview.max_tokens,
+      max_findings: repo.review?.max_findings ?? globalReview.max_findings,
+    },
+    github: {
+      accountName,
+      token_env: account.token_env,
+      username: account.username,
+      owner: repo.github?.owner,
+      repo: repo.github?.repo,
+    },
+  };
+}
+
+// ─── Token helper ─────────────────────────────────────────────────────────────
+
+export function getGithubToken(config: ResolvedConfig): string {
+  const token = process.env[config.github.token_env];
+  if (!token) throw new Error(t().errorMissingToken(config.github.token_env, config.github.accountName));
+  return token;
+}
+
+// ─── Account management ───────────────────────────────────────────────��───────
+
+export function addAccount(name: string, account: GithubAccount): void {
+  const config = loadGlobalConfig();
+  config.github.accounts[name] = account;
+  if (Object.keys(config.github.accounts).length === 1) {
+    config.github.default_account = name;
+  }
+  saveGlobalConfig(config);
+}
+
+export function removeAccount(name: string): void {
+  const config = loadGlobalConfig();
+  if (!(name in config.github.accounts)) throw new Error(t().errorAccountNotFound(name));
+  // eslint-disable-next-line @typescript-eslint/no-dynamic-delete
+  delete config.github.accounts[name];
+  if (config.github.default_account === name) {
+    config.github.default_account = Object.keys(config.github.accounts)[0] ?? '';
+  }
+  saveGlobalConfig(config);
+}
+
+export function setDefaultAccount(name: string): void {
+  const config = loadGlobalConfig();
+  if (!(name in config.github.accounts)) throw new Error(t().errorAccountNotFound(name));
+  config.github.default_account = name;
+  saveGlobalConfig(config);
+}
+
+export function setRepoAccount(name: string, cwd?: string): void {
+  const global = loadGlobalConfig();
+  if (!(name in global.github.accounts)) throw new Error(t().errorAccountNotFoundGlobal(name));
+  const repo = loadRepoConfig(cwd);
+  repo.github ??= {};
+  repo.github.account = name;
+  saveRepoConfig(repo, cwd);
+}
+
+export function listAccounts(): Array<{ name: string; account: GithubAccount; isDefault: boolean; hasToken: boolean }> {
+  const config = loadGlobalConfig();
+  return Object.entries(config.github.accounts).map(([name, account]) => ({
+    name,
+    account,
+    isDefault: name === config.github.default_account,
+    hasToken: Boolean(process.env[account.token_env]),
+  }));
+}
+
+// ─── Defaults ──────────────────────────────────────────────────────────────────
+
+export const DEFAULT_GLOBAL_CONFIG: GlobalConfig = {
+  lang: 'en',
+  providers: { default: 'claude' },
+  claude:  { model: 'claude-sonnet-4-6', api_key_env: 'CLAUDE_API_KEY' },
+  openai:  { model: 'gpt-4.1',           api_key_env: 'OPENAI_API_KEY' },
+  gemini:  { model: 'gemini-2.0-flash',  api_key_env: 'GEMINI_API_KEY' },
+  custom_providers: {},
+  review: { max_tokens: 20000, max_findings: 20 },
+  github: {
+    default_account: 'default',
+    accounts: {
+      default: { token_env: 'GITHUB_TOKEN', description: 'Default GitHub account' },
+    },
+  },
+};
+
+// ─── Custom provider management ───────────────────────────────────────────────
+
+export function addCustomProvider(name: string, cfg: CustomProviderConfig): void {
+  const config = loadGlobalConfig();
+  config.custom_providers ??= {};
+  config.custom_providers[name] = cfg;
+  saveGlobalConfig(config);
+}
+
+export function removeCustomProvider(name: string): void {
+  const config = loadGlobalConfig();
+  if (!config.custom_providers?.[name]) throw new Error(t().customProviderNotFound(name));
+  delete config.custom_providers[name];
+  saveGlobalConfig(config);
+}
+
+export function listCustomProviders(): Array<{ name: string; cfg: CustomProviderConfig; hasToken: boolean }> {
+  const config = loadGlobalConfig();
+  return Object.entries(config.custom_providers ?? {}).map(([name, cfg]) => ({
+    name,
+    cfg,
+    hasToken: Boolean(process.env[cfg.api_key_env]),
+  }));
+}
+
+export const DEFAULT_REPO_CONFIG: RepoConfig = {
+  github: {},
+  context: { provider: 'local' },
+};
+
+export const DEFAULT_RULES: AivRules = {
+  sensitive_modules: ['auth', 'payroll', 'payments', 'billing'],
+  business_rules: {
+    payroll: { required_calls: ['auditLog', 'validateTransaction'] },
+    auth: { required_checks: ['permissionValidation'] },
+  },
+};

package/src/context/builder.ts

@@ -0,0 +1,199 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+const IGNORED = new Set([
+  'node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'coverage',
+  '.aiv', '.cache', 'vendor', '__pycache__', '.venv', 'venv',
+]);
+
+const TECH_SIGNATURES: Array<[string, string]> = [
+  ['package.json', 'Node.js'],
+  ['tsconfig.json', 'TypeScript'],
+  ['requirements.txt', 'Python'],
+  ['Pipfile', 'Python (Pipenv)'],
+  ['pyproject.toml', 'Python (Poetry)'],
+  ['pom.xml', 'Java (Maven)'],
+  ['build.gradle', 'Java/Kotlin (Gradle)'],
+  ['Cargo.toml', 'Rust'],
+  ['go.mod', 'Go'],
+  ['composer.json', 'PHP (Composer)'],
+  ['Gemfile', 'Ruby'],
+  ['docker-compose.yml', 'Docker Compose'],
+  ['Dockerfile', 'Docker'],
+  ['terraform.tf', 'Terraform'],
+  ['.terraform', 'Terraform'],
+  ['kubernetes', 'Kubernetes'],
+  ['k8s', 'Kubernetes'],
+  ['prisma', 'Prisma ORM'],
+  ['drizzle.config', 'Drizzle ORM'],
+  ['sequelize', 'Sequelize ORM'],
+  ['typeorm', 'TypeORM'],
+  ['mongoose', 'MongoDB (Mongoose)'],
+  ['next.config', 'Next.js'],
+  ['nuxt.config', 'Nuxt.js'],
+  ['vite.config', 'Vite'],
+  ['webpack.config', 'Webpack'],
+  ['jest.config', 'Jest'],
+  ['vitest.config', 'Vitest'],
+];
+
+const SENSITIVE_PATTERNS = [
+  'auth', 'login', 'password', 'token', 'session', 'jwt', 'oauth',
+  'payment', 'billing', 'invoice', 'stripe', 'paypal',
+  'payroll', 'salary', 'compensation',
+  'admin', 'permission', 'role', 'acl', 'rbac',
+  'crypto', 'encrypt', 'decrypt', 'hash', 'secret',
+  'migration', 'seed', 'database', 'schema',
+];
+
+export async function buildContext(cwd: string): Promise<string> {
+  const name = path.basename(cwd);
+  const entries = fs.readdirSync(cwd);
+
+  const technologies = detectTechnologies(cwd, entries);
+  const modules = detectModules(cwd);
+  const sensitiveZones = detectSensitiveZones(cwd);
+  const dependencies = detectCriticalDeps(cwd);
+
+  return `# Project Context: ${name}
+
+## Architecture
+${inferArchitecture(cwd, entries, technologies)}
+
+## Modules
+${modules.map(m => `- ${m}`).join('\n') || '- (not detected)'}
+
+## Technologies
+${technologies.map(t => `- ${t}`).join('\n') || '- (not detected)'}
+
+## Critical Dependencies
+${dependencies.map(d => `- ${d}`).join('\n') || '- (not detected)'}
+
+## Sensitive Zones
+${sensitiveZones.map(z => `- ${z}`).join('\n') || '- (none detected)'}
+
+## Business Rules
+(Edit this section to document key business rules for the AI reviewers)
+
+## System Summary
+${name} — ${technologies.slice(0, 3).join(', ')} project.
+Auto-generated context. Edit ${cwd}/.aiv/context.md to add business-specific knowledge.
+`;
+}
+
+const DEP_TECH_MAP: Array<[string[], string]> = [
+  [['react'], 'React'],
+  [['vue'], 'Vue.js'],
+  [['@angular/core'], 'Angular'],
+  [['express'], 'Express.js'],
+  [['fastify'], 'Fastify'],
+  [['nestjs', '@nestjs/core'], 'NestJS'],
+  [['graphql'], 'GraphQL'],
+  [['apollo-server', '@apollo/server'], 'Apollo Server'],
+  [['knex'], 'Knex.js'],
+];
+
+function detectTechnologies(cwd: string, entries: string[]): string[] {
+  const found: string[] = [];
+
+  for (const [sig, tech] of TECH_SIGNATURES) {
+    if (entries.some(e => e.toLowerCase().startsWith(sig.toLowerCase()))) {
+      found.push(tech);
+    }
+  }
+
+  const pkgPath = path.join(cwd, 'package.json');
+  if (fs.existsSync(pkgPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8')) as Record<string, unknown>;
+      const allDeps = { ...(pkg['dependencies'] as object), ...(pkg['devDependencies'] as object) } as Record<string, unknown>;
+      for (const [keys, tech] of DEP_TECH_MAP) {
+        if (keys.some(k => k in allDeps)) found.push(tech);
+      }
+    } catch { /* unreadable package.json — skip */ }
+  }
+
+  return [...new Set(found)];
+}
+
+function detectModules(cwd: string): string[] {
+  const srcPaths = ['src', 'app', 'lib', 'packages', 'modules'];
+  const modules: string[] = [];
+
+  for (const base of srcPaths) {
+    const p = path.join(cwd, base);
+    if (fs.existsSync(p) && fs.statSync(p).isDirectory()) {
+      const dirs = fs.readdirSync(p).filter(e => {
+        try { return fs.statSync(path.join(p, e)).isDirectory(); } catch { return false; }
+      });
+      dirs.forEach(d => modules.push(`${base}/${d}`));
+    }
+  }
+
+  return modules.slice(0, 20);
+}
+
+function detectSensitiveZones(cwd: string): string[] {
+  const zones: string[] = [];
+
+  function scan(dir: string, depth: number = 0): void {
+    if (depth > 3) return;
+    let entries: string[];
+    try { entries = fs.readdirSync(dir); } catch { return; }
+
+    for (const entry of entries) {
+      if (IGNORED.has(entry)) continue;
+      const lower = entry.toLowerCase();
+      for (const pattern of SENSITIVE_PATTERNS) {
+        if (lower.includes(pattern)) {
+          const rel = path.relative(cwd, path.join(dir, entry));
+          zones.push(rel);
+          break;
+        }
+      }
+      const full = path.join(dir, entry);
+      try {
+        if (fs.statSync(full).isDirectory()) scan(full, depth + 1);
+      } catch {}
+    }
+  }
+
+  scan(cwd);
+  return [...new Set(zones)].slice(0, 15);
+}
+
+function detectCriticalDeps(cwd: string): string[] {
+  const pkgPath = path.join(cwd, 'package.json');
+  if (!fs.existsSync(pkgPath)) return [];
+
+  try {
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    const all = { ...pkg.dependencies };
+    const critical = Object.keys(all).filter(dep => {
+      const d = dep.toLowerCase();
+      return d.includes('auth') || d.includes('jwt') || d.includes('passport') ||
+        d.includes('crypto') || d.includes('stripe') || d.includes('paypal') ||
+        d.includes('prisma') || d.includes('typeorm') || d.includes('sequelize') ||
+        d.includes('mongoose') || d.includes('knex') || d.includes('pg') ||
+        d.includes('mysql') || d.includes('redis') || d.includes('aws-sdk') ||
+        d.includes('@aws') || d.includes('firebase');
+    });
+    return critical.slice(0, 15);
+  } catch {
+    return [];
+  }
+}
+
+function inferArchitecture(cwd: string, entries: string[], technologies: string[]): string {
+  const hasSrc = entries.includes('src');
+  const hasPackages = entries.includes('packages');
+  const hasApps = entries.includes('apps');
+  const hasModules = entries.includes('modules');
+
+  if (hasPackages && hasApps) return 'Monorepo (apps/ + packages/ structure)';
+  if (hasModules) return 'Modular monolith (modules/ structure)';
+  if (hasSrc) return 'Standard source layout (src/)';
+  if (technologies.includes('NestJS')) return 'NestJS application (controllers/services/modules)';
+  if (technologies.includes('Next.js')) return 'Next.js application (pages/ or app/ router)';
+  return 'Standard project layout';
+}

package/src/context/generator.ts

@@ -0,0 +1,138 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { LLMProvider } from '../providers/base';
+import { treePath } from '../config';
+
+const IGNORED = new Set(['node_modules', '.git', 'dist', 'build', '.aiv', '.next', 'coverage']);
+const SOURCE_EXT = /\.(ts|js|tsx|jsx|py|go|java|rb|php|cs|rs)$/;
+
+export async function generateContextAndRules(
+  cwd: string,
+  provider: LLMProvider,
+): Promise<{ context: string; rules: string }> {
+  const name = path.basename(cwd);
+
+  const treeFile = treePath(cwd);
+  const treeData = fs.existsSync(treeFile)
+    ? fs.readFileSync(treeFile, 'utf8').slice(0, 6000)
+    : '(tree not available — run aiv context refresh first)';
+
+  const pkgInfo  = readPackageJson(cwd);
+  const samples  = readSampleFiles(cwd);
+
+  const userMessage = `
+Project name: ${name}
+
+package.json summary:
+${pkgInfo}
+
+Project file tree (tree.json):
+${treeData}
+
+Sample source files:
+${samples}
+
+Generate context.md and rules.yml suitable for AI PR reviewers for this project.
+Return ONLY valid JSON with exactly these two fields:
+{
+  "context": "<full context.md content as a string>",
+  "rules": "<full rules.yml content as a string>"
+}`;
+
+  const systemPrompt = `You are an expert software architect.
+Given a project's structure, dependencies, and sample code, produce:
+
+1. context.md — Markdown file with these sections:
+   ## Architecture — overall pattern (monorepo, monolith, microservices, layers, etc.)
+   ## Modules — key modules or directories and their responsibilities
+   ## Technologies — main frameworks and libraries in use
+   ## Critical Dependencies — security-sensitive or infrastructure packages
+   ## Sensitive Zones — paths that require extra scrutiny (auth, payments, migrations, etc.)
+   ## Business Rules — inferred invariants the codebase enforces (edit this section after generation)
+   ## System Summary — one paragraph description
+
+2. rules.yml — YAML file with:
+   sensitive_modules: [list of folder/module names that are sensitive]
+   business_rules:
+     <module>:
+       required_calls: [functions that must always be called in this module]
+       required_checks: [validations that must be present]
+       forbidden_patterns: [patterns that must never appear]
+
+Be specific. Infer real module names from the file tree. Do not invent generic placeholders.
+Return ONLY the JSON object — no explanation, no markdown fences.`;
+
+  const response = await provider.complete(
+    [{ role: 'user', content: userMessage }],
+    systemPrompt,
+    4000,
+  );
+
+  return parseResponse(response.content);
+}
+
+function parseResponse(raw: string): { context: string; rules: string } {
+  const jsonMatch = /\{[\s\S]*\}/.exec(raw.trim());
+  if (!jsonMatch) throw new Error('AI returned no JSON');
+
+  try {
+    const parsed = JSON.parse(jsonMatch[0]) as { context?: string; rules?: string };
+    if (!parsed.context || !parsed.rules) throw new Error('missing fields');
+    return { context: parsed.context, rules: parsed.rules };
+  } catch {
+    return {
+      context: raw,
+      rules: 'sensitive_modules: []\nbusiness_rules: {}\n',
+    };
+  }
+}
+
+function readPackageJson(cwd: string): string {
+  const file = path.join(cwd, 'package.json');
+  if (!fs.existsSync(file)) return '(not found)';
+  try {
+    const pkg = JSON.parse(fs.readFileSync(file, 'utf8'));
+    const deps = Object.keys({ ...pkg.dependencies, ...pkg.devDependencies }).slice(0, 30);
+    return `name: ${pkg.name ?? '?'}\nscripts: ${Object.keys(pkg.scripts ?? {}).join(', ')}\ndependencies: ${deps.join(', ')}`;
+  } catch {
+    return '(unreadable)';
+  }
+}
+
+function readSampleFiles(cwd: string): string {
+  const srcRoots = ['src', 'app', 'lib', 'packages', 'modules']
+    .map(d => path.join(cwd, d))
+    .filter(d => { try { return fs.statSync(d).isDirectory(); } catch { return false; } });
+
+  const files: string[] = [];
+  for (const root of srcRoots.slice(0, 2)) {
+    collectSourceFiles(root, files);
+    if (files.length >= 12) break;
+  }
+
+  return files.slice(0, 12).map(f => {
+    const rel = path.relative(cwd, f);
+    const content = fs.readFileSync(f, 'utf8').slice(0, 400);
+    return `--- ${rel} ---\n${content}`;
+  }).join('\n\n').slice(0, 7000);
+}
+
+function collectSourceFiles(dir: string, out: string[], depth = 0): void {
+  if (depth > 3 || out.length >= 12) return;
+  let entries: string[];
+  try { entries = fs.readdirSync(dir); } catch { return; }
+
+  for (const entry of entries) {
+    if (IGNORED.has(entry)) continue;
+    const full = path.join(dir, entry);
+    try {
+      const stat = fs.statSync(full);
+      if (stat.isFile() && SOURCE_EXT.test(entry)) {
+        out.push(full);
+      } else if (stat.isDirectory()) {
+        collectSourceFiles(full, out, depth + 1);
+      }
+    } catch {}
+    if (out.length >= 12) break;
+  }
+}

package/src/context/manager.ts

@@ -0,0 +1,83 @@
+import * as fs from 'node:fs';
+import { contextPath, treePath, isInitialized } from '../config';
+import { buildContext } from './builder';
+import { buildTree } from './tree';
+import { PRDiff } from '../types';
+
+export async function refreshContextFiles(cwd: string): Promise<{ treeOk: boolean; contextOk: boolean }> {
+  let treeOk = false;
+  let contextOk = false;
+
+  try {
+    const tree = await buildTree(cwd);
+    fs.writeFileSync(treePath(cwd), JSON.stringify(tree, null, 2), 'utf8');
+    treeOk = true;
+  } catch {}
+
+  try {
+    const context = await buildContext(cwd);
+    fs.writeFileSync(contextPath(cwd), context, 'utf8');
+    contextOk = true;
+  } catch {}
+
+  return { treeOk, contextOk };
+}
+
+export class ContextManager {
+  private readonly cwd: string;
+
+  constructor(cwd: string = process.cwd()) {
+    this.cwd = cwd;
+  }
+
+  readContext(): string {
+    if (!isInitialized(this.cwd)) return '';
+    const file = contextPath(this.cwd);
+    if (!fs.existsSync(file)) return '';
+    return fs.readFileSync(file, 'utf8');
+  }
+
+  readTree(): object | null {
+    const file = treePath(this.cwd);
+    if (!fs.existsSync(file)) return null;
+    try {
+      return JSON.parse(fs.readFileSync(file, 'utf8'));
+    } catch {
+      return null;
+    }
+  }
+
+  buildReviewContext(prDiff: PRDiff): string {
+    const context = this.readContext();
+
+    // Filter tree to only nodes relevant to changed files
+    const tree = this.readTree();
+    const changedPaths = new Set(prDiff.files.map(f => f.filename));
+    const relevantTree = tree ? summarizeRelevantTree(tree, changedPaths) : '';
+
+    return [
+      context,
+      relevantTree ? `\n## Relevant Project Tree\n\`\`\`json\n${relevantTree}\n\`\`\`` : '',
+    ].filter(Boolean).join('\n');
+  }
+}
+
+function summarizeRelevantTree(tree: object, changedPaths: Set<string>): string {
+  // Extract top-level structure only, to keep token count low
+  const topLevel = (tree as any).children ?? [];
+  const relevant = topLevel
+    .filter((node: any) => {
+      const nodePath = node.path ?? '';
+      return Array.from(changedPaths).some(p => p.startsWith(nodePath)) ||
+        node.sensitivity === 'high';
+    })
+    .map((node: any) => ({
+      path: node.path,
+      type: node.type,
+      module_type: node.module_type,
+      sensitivity: node.sensitivity,
+    }));
+
+  if (relevant.length === 0) return '';
+  return JSON.stringify(relevant, null, 2);
+}