@ateriss_/aiv-cli 1.0.2 → 1.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ateriss_/aiv-cli",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "AI-powered PR reviewer CLI — local-first, multi-agent semantic analysis",
   "main": "dist/index.js",
   "bin": {
@@ -21,7 +21,7 @@
     "claude",
     "openai"
   ],
-  "author": "",
+  "author": "Alexandra Linares Viña (Ateriss)",
   "license": "MIT",
   "dependencies": {
     "@anthropic-ai/sdk": "^0.37.0",

package/src/agents/architecture.ts

@@ -6,23 +6,19 @@ export class ArchitectureReviewer extends BaseAgent {
 
   readonly systemPrompt = `You are a principal software architect performing a code review.
 
-Your job is to analyze Pull Request changes from an architectural and structural perspective.
-
-Focus on:
-- Layer violations (e.g., business logic leaking into controllers, DB logic in service layer)
-- Module coupling: are new dependencies being introduced unnecessarily?
-- Single Responsibility: are files/classes/functions doing too many things?
-- Dependency direction: does data flow in the correct direction through the system?
-- Abstraction quality: are new abstractions well-named, well-scoped, and necessary?
-- Scalability concerns: will this break under load or as the system grows?
-- Consistency with existing patterns in the codebase
-- Over-engineering or under-engineering
-- Fragile design decisions that will require future rework
+First, assess whether this PR contains structural changes worth reviewing (new modules, refactors, dependency changes, layer interactions). If the diff only touches styles, templates, copy, config values, or trivial one-liners with no structural impact, return riskScore: 0, empty findings, and a one-line summary like "No architectural concerns."
+
+When the diff IS structurally relevant, focus on:
+- Layer violations (business logic in controllers, DB logic in service layer, etc.)
+- Unnecessary coupling or new cross-module dependencies
+- Single Responsibility violations: files/classes doing too many things
+- Abstraction quality: poorly named, too broad, or unnecessary abstractions
+- Structural decisions that will require future rework
 
 You are NOT checking syntax, linting, or security.
 
-Use the project context to understand the existing architecture. Flag deviations.
-Assign a riskScore from 0 (clean) to 100 (structural problem that needs blocking).
+Be concise: titles ≤ 8 words, descriptions ≤ 2 sentences, suggestions ≤ 1 sentence, summary ≤ 3 sentences.
+For INFO-level findings, write description as a single short phrase ending with " — OK" or " — noted".
 
 Return only valid JSON as specified.`;
 

package/src/agents/base.ts

@@ -41,10 +41,18 @@ export abstract class BaseAgent {
       ? '\n\nIMPORTANT: Respond in Spanish. All string values in the JSON (summary, title, description, suggestion, possibleRegressions) must be written in Spanish.'
       : '';
 
+    const baseBranch = ctx.diff.pr.base;
+    const headBranch = ctx.diff.pr.branch;
+    const isProductionMerge = /^(main|master|production|prod|release)$/i.test(baseBranch);
+    const branchRisk = isProductionMerge
+      ? `⚠️ DIRECT MERGE TO ${baseBranch.toUpperCase()} — apply stricter scrutiny. Findings here affect production.`
+      : `Target: ${baseBranch} (non-production). Calibrate severity accordingly.`;
+
     return `## PR: #${ctx.diff.pr.number} — ${ctx.diff.pr.title}
 
 **Author:** ${ctx.diff.pr.author}
-**Branch:** ${ctx.diff.pr.branch} → ${ctx.diff.pr.base}
+**Merge:** \`${headBranch}\` → \`${baseBranch}\`
+**${branchRisk}**
 **Description:** ${ctx.diff.pr.description ?? 'No description provided.'}
 
 ---
@@ -73,19 +81,19 @@ ${patches}
 
 Analyze the above and return a JSON response matching this schema:
 {
-  "summary": "string — concise summary of your findings",
+  "summary": "2-3 sentences max",
   "findings": [
     {
       "severity": "critical|high|medium|low|info",
       "category": "string",
-      "title": "string",
-      "description": "string",
+      "title": "string — 8 words max",
+      "description": "1-2 sentences max",
       "file": "string (optional)",
-      "suggestion": "string (optional)"
+      "suggestion": "1 sentence max (optional)"
     }
   ],
   "riskScore": 0-100,
-  "possibleRegressions": ["string"]
+  "possibleRegressions": ["one short phrase each"]
 }
 
 Return ONLY valid JSON. No markdown fences, no explanation outside the JSON.${langInstruction}`;
@@ -124,7 +132,7 @@ Return ONLY valid JSON. No markdown fences, no explanation outside the JSON.${la
       agentName: this.agentName,
       findings,
       summary: parsed.summary ?? '',
-      riskScore: Math.max(0, Math.min(100, parseInt(parsed.riskScore ?? '0'))),
+      riskScore: Math.max(0, Math.min(100, Number.parseInt(parsed.riskScore ?? '0'))),
     };
   }
 }

package/src/agents/business.ts

@@ -6,23 +6,18 @@ export class BusinessReviewer extends BaseAgent {
 
   readonly systemPrompt = `You are a senior business analyst and domain expert performing a code review.
 
-Your job is to analyze Pull Request changes STRICTLY from a business and domain perspective.
-
-Focus on:
-- Business logic correctness: does the code behave as the domain requires?
-- Domain rule violations: are any business invariants broken?
-- Functional regressions: could this break existing behavior users depend on?
-- Side effects on other business flows (billing, notifications, state machines, etc.)
-- Missing required steps (auditing, logging, approvals, notifications)
+First, assess whether this PR contains changes relevant to business logic (data mutations, calculations, state transitions, domain rules, flows, validations). If the diff is purely cosmetic (styles, colors, text copy, console.log removal, import reordering, type annotations only), return riskScore: 0, empty findings, and a one-line summary like "No business logic changes."
+
+When the diff IS business-relevant, focus on:
+- Business logic correctness and domain rule violations
+- Functional regressions that break existing user-facing behavior
+- Missing required steps (auditing, logging, approvals) per rules.yml
 - Incorrect calculations, status transitions, or conditional logic
-- Data integrity concerns (missing validations, incorrect defaults)
 
 You are NOT a linter, NOT a security scanner. You analyze MEANING, not syntax.
 
-If the rules.yml specifies required_calls or required_checks for a module, verify they are present.
-
-Be concrete. Reference specific lines or functions when relevant.
-Assign a riskScore from 0 (no risk) to 100 (critical business risk).
+Be concise: titles ≤ 8 words, descriptions ≤ 2 sentences, suggestions ≤ 1 sentence, summary ≤ 3 sentences.
+For INFO-level findings (positive or neutral observations), write description as a single short phrase ending with " — OK" or " — noted".
 
 Return only valid JSON as specified.`;
 

package/src/agents/security.ts

@@ -6,24 +6,22 @@ export class SecurityReviewer extends BaseAgent {
 
   readonly systemPrompt = `You are a senior application security engineer performing a code review.
 
-Your job is to analyze Pull Request changes for security vulnerabilities and risks.
-
-Focus on:
-- Authentication and authorization flaws (missing checks, privilege escalation)
-- Injection vulnerabilities (SQL, NoSQL, command, LDAP, template injection)
-- Insecure direct object references (IDOR)
-- Sensitive data exposure (logging secrets, returning PII, insecure storage)
-- Cryptographic issues (weak algorithms, hardcoded secrets, insecure RNG)
+First, assess whether this PR touches code with security implications (auth, API endpoints, data storage, input handling, dependencies, secrets, permissions). If the diff only changes styles, UI copy, non-sensitive config values, or cosmetic code, return riskScore: 0, empty findings, and a one-line summary like "No security-relevant changes."
+
+When the diff IS security-relevant, focus on:
+- Auth/authorization flaws (missing checks, privilege escalation)
+- Injection vulnerabilities (SQL, NoSQL, command injection)
+- Sensitive data exposure (logging secrets, returning PII)
 - Input validation gaps (missing sanitization, unsafe deserialization)
-- Race conditions or TOCTOU vulnerabilities
 - Broken access control in API endpoints
-- SSRF, path traversal, open redirects
-- Dependency security (new packages with known issues)
+- New dependencies with known vulnerabilities
 
-Mark findings involving sensitive_modules from the rules with higher severity.
+Mark findings in sensitive_modules from rules.yml with higher severity.
+Name the vulnerability class (OWASP) when applicable.
+Assign a riskScore from 0 (no issues) to 100 (block immediately).
 
-Be precise: name the vulnerability class (OWASP), the file, and the specific line or pattern.
-Assign a riskScore from 0 (no security issues) to 100 (active vulnerability, block immediately).
+Be concise: titles ≤ 8 words, descriptions ≤ 2 sentences, suggestions ≤ 1 sentence, summary ≤ 3 sentences.
+For INFO-level findings, write description as a single short phrase ending with " — OK" or " — noted".
 
 Return only valid JSON as specified.`;
 

package/src/agents/triage.ts

@@ -0,0 +1,66 @@
+import { PRDiff } from '../types';
+import { LLMProvider } from '../providers/base';
+
+export type TriageResult = {
+  agents: Array<'business' | 'architecture' | 'security'>;
+  reasoning: string;
+};
+
+const ALL_AGENTS: TriageResult['agents'] = ['business', 'architecture', 'security'];
+
+const SYSTEM_PROMPT = `You are a code review triage specialist.
+Given a PR's metadata and changed file list, decide which review agents are needed.
+
+Available agents:
+- business: domain logic, business rules, calculations, state transitions, data integrity
+- architecture: layer violations, module coupling, structural patterns, dependency direction
+- security: auth, injection, data exposure, input validation, access control, secrets
+
+Rules:
+- Only include an agent if the changes are genuinely relevant to its domain
+- Cosmetic changes (styles, colors, copy, console.log removal, comment edits) need NO agents — return []
+- CSS/SCSS/style-only changes → skip all agents
+- Purely adding tests with no production code change → business only (regression check), skip security and architecture
+- Config-only changes (env vars, CI files) → security only if secrets/permissions involved, otherwise skip
+- When in doubt about an agent, skip it — it's better to miss a low-risk finding than waste tokens
+
+Return ONLY valid JSON: { "agents": ["security", "business"], "reasoning": "one sentence" }
+No markdown fences. No explanation outside the JSON.`;
+
+export async function triageAgents(diff: PRDiff, provider: LLMProvider): Promise<TriageResult> {
+  const fileList = diff.files
+    .map(f => `${f.status.toUpperCase()} ${f.filename} (+${f.additions}/-${f.deletions})`)
+    .join('\n');
+
+  const message = `PR #${diff.pr.number}: ${diff.pr.title}
+Branch: ${diff.pr.branch} → ${diff.pr.base}
+Description: ${diff.pr.description ?? 'none'}
+
+Changed files (${diff.files.length}):
+${fileList}`;
+
+  try {
+    const response = await provider.complete(
+      [{ role: 'user', content: message }],
+      SYSTEM_PROMPT,
+      256,
+    );
+
+    const match = /\{[\s\S]*\}/.exec(response.content.trim());
+    if (!match) return fallback();
+
+    const parsed = JSON.parse(match[0]) as { agents?: unknown; reasoning?: string };
+    const agents = (Array.isArray(parsed.agents) ? parsed.agents : [])
+      .filter((a): a is TriageResult['agents'][number] =>
+        a === 'business' || a === 'architecture' || a === 'security'
+      );
+
+    return { agents, reasoning: parsed.reasoning ?? '' };
+  } catch {
+    return fallback();
+  }
+}
+
+function fallback(): TriageResult {
+  return { agents: ALL_AGENTS, reasoning: 'triage failed — running all agents' };
+}

package/src/cli/commands/check.ts

@@ -0,0 +1,216 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import { resolveConfig, loadRules, getGithubToken, isInitialized } from '../../config';
+import type { ReviewResult, AgentFinding } from '../../types';
+import { GithubClient } from '../../git/github';
+import { detectRepoInfo, isGitRepo } from '../../git/utils';
+import { getCurrentBranch, detectBaseBranch, buildLocalPRDiff, getLastCommitTitle, hasUnpushedCommits } from '../../git/local';
+import { Orchestrator } from '../../orchestrator';
+import { ContextManager } from '../../context/manager';
+import { renderReview } from '../renderer';
+import { selectPrecheckAction, promptPRDetails } from '../selector';
+import { t } from '../../i18n';
+
+function terminalLink(label: string, filePath: string): string {
+  const url = 'file:///' + filePath.replaceAll('\\', '/');
+  return `]8;;${url}${label}]8;;`;
+}
+
+export function checkCommand(): Command {
+  return new Command('check')
+    .alias('c')
+    .description('Analyze local diff before creating a PR')
+    .argument('[base]', 'Base branch to compare against (default: main/master)')
+    .option('--owner <owner>', 'GitHub owner (for PR creation)')
+    .option('--repo <repo>', 'GitHub repo (for PR creation)')
+    .option('--agent <agents...>', 'Run specific agents only (business, architecture, security)')
+    .option('--json', 'Output raw JSON result')
+    .action(async (baseArg: string | undefined, opts) => {
+      if (!isInitialized()) {
+        console.log(chalk.red(t().notInitialized));
+        return;
+      }
+
+      const cwd = process.cwd();
+
+      if (!isGitRepo(cwd)) {
+        console.log(chalk.red(t().precheckNotGitRepo));
+        return;
+      }
+
+      const head = getCurrentBranch(cwd);
+      const base = baseArg ?? detectBaseBranch(cwd);
+
+      console.log(chalk.bold(t().precheckTitle(head, base)));
+
+      const diffSpinner = ora(t().precheckBuilding(base)).start();
+      let prDiff: ReturnType<typeof buildLocalPRDiff>;
+      try {
+        prDiff = buildLocalPRDiff(cwd, base);
+        if (prDiff.files.length === 0) {
+          diffSpinner.warn(chalk.yellow(t().precheckNoChanges));
+          return;
+        }
+        diffSpinner.succeed(t().precheckDiffBuilt(prDiff.files.length));
+      } catch (e: any) {
+        diffSpinner.fail(chalk.red(t().precheckDiffFailed(e.message)));
+        return;
+      }
+
+      const config = resolveConfig();
+      const rules = loadRules();
+      const activeAgents = opts.agent ?? ['business', 'architecture', 'security'];
+      const auto = !opts.agent;
+
+      const ctxSpinner = ora(t().reviewLoadingContext).start();
+      const context = new ContextManager(cwd).buildReviewContext(prDiff);
+      ctxSpinner.succeed(t().reviewContextLoaded);
+      console.log(chalk.dim(t().reviewRunningAgents(activeAgents.join(', '))));
+
+      let result: ReviewResult;
+      try {
+        result = await new Orchestrator(config, rules).run(prDiff, context, activeAgents, auto);
+      } catch (e: any) {
+        console.log(chalk.red(t().reviewFailed(e.message)));
+        return;
+      }
+
+      if (opts.json) {
+        console.log(JSON.stringify(result, null, 2));
+        return;
+      }
+
+      renderReview(result);
+      if (!process.stdout.isTTY) return;
+
+      const needsPush = hasUnpushedCommits(cwd, head);
+      const hasFindings = result.riskScore > 0 || result.agents.some(a => a.findings.length > 0);
+      const action = await selectPrecheckAction(t().precheckSelectAction, needsPush, hasFindings);
+
+      if (action === 'skip') return;
+
+      if (action === 'save_checklist') {
+        await doSaveChecklist(cwd, result, head, base);
+        return;
+      }
+
+      if (action === 'create_pr') {
+        await doCreatePR(cwd, opts, config, result, head, base, needsPush);
+      }
+    });
+}
+
+async function doCreatePR(
+  cwd: string,
+  opts: any,
+  config: ReturnType<typeof resolveConfig>,
+  result: ReviewResult,
+  head: string,
+  base: string,
+  needsPush: boolean,
+): Promise<void> {
+  let token: string;
+  try {
+    token = getGithubToken(config);
+  } catch {
+    console.log(chalk.red(t().prsMissingToken(config.github.token_env)));
+    return;
+  }
+
+  const repoInfo = detectRepoInfo(cwd);
+  const owner = opts.owner ?? config.github.owner ?? repoInfo?.owner;
+  const repo = opts.repo ?? config.github.repo ?? repoInfo?.repo;
+
+  if (!owner || !repo) {
+    console.log(chalk.red(t().precheckMissingConfig));
+    return;
+  }
+
+  if (needsPush) {
+    const pushSpinner = ora(`Pushing ${chalk.cyan(head)}...`).start();
+    try {
+      const { execSync } = await import('node:child_process');
+      execSync(`git push origin ${head}`, { cwd, stdio: 'pipe' });
+      pushSpinner.succeed(chalk.green(`Branch ${chalk.cyan(head)} pushed.`));
+    } catch (e: any) {
+      pushSpinner.fail(chalk.red(`Push failed: ${e.message}`));
+      return;
+    }
+  }
+
+  const defaultTitle = getLastCommitTitle(cwd) || head;
+  const { title, body } = await promptPRDetails(defaultTitle);
+
+  const spinner = ora(t().precheckCreatingPR).start();
+  try {
+    const pr = await new GithubClient(token).createPR(owner, repo, title, body, head, base);
+    spinner.succeed(chalk.green(t().precheckPRCreated(pr.url)));
+  } catch (e: any) {
+    spinner.fail(chalk.red(t().precheckPRFailed(e.message)));
+  }
+}
+
+async function doSaveChecklist(cwd: string, result: ReviewResult, head: string, base: string): Promise<void> {
+  const aivDir = path.join(cwd, '.aiv');
+  if (!fs.existsSync(aivDir)) fs.mkdirSync(aivDir, { recursive: true });
+
+  const filePath = path.join(aivDir, 'checklist.md');
+  const content = buildChecklist(result, head, base);
+
+  const spinner = ora(t().precheckSavingChecklist).start();
+  try {
+    fs.writeFileSync(filePath, content, 'utf8');
+    const link = terminalLink('.aiv/checklist.md', filePath);
+    spinner.succeed(chalk.green(t().precheckChecklistSaved(link)));
+  } catch (e: any) {
+    spinner.fail(chalk.red(`Failed to save checklist: ${e.message}`));
+  }
+}
+
+function findingLine(f: AgentFinding, bold: boolean): string[] {
+  const loc = f.file ? ` — \`${f.file}\`` : '';
+  const label = bold ? `**[${f.severity.toUpperCase()}]**` : `[${f.severity.toUpperCase()}]`;
+  const row = `- [ ] ${label} ${f.title}${loc}`;
+  return f.suggestion ? [row, `  > ${f.suggestion}`] : [row];
+}
+
+function section(heading: string, items: string[]): string[] {
+  return [`## ${heading}`, '', ...items, ''];
+}
+
+function buildChecklist(result: ReviewResult, head: string, base: string): string {
+  const date = new Date(result.generatedAt).toISOString().split('T')[0];
+  const all = [...result.securityIssues, ...result.businessRisks, ...result.architectureIssues];
+
+  const critical = all.filter(f => f.severity === 'critical');
+  const high     = all.filter(f => f.severity === 'high');
+  const medium   = all.filter(f => f.severity === 'medium');
+  const low      = all.filter(f => f.severity === 'low' || f.severity === 'info');
+
+  const body: string[] = [];
+
+  if (critical.length > 0 || high.length > 0) {
+    body.push(...section('Critical & High', [...critical, ...high].flatMap(f => findingLine(f, true))));
+  }
+  if (medium.length > 0) {
+    body.push(...section('Medium', medium.flatMap(f => findingLine(f, true))));
+  }
+  if (low.length > 0) {
+    body.push(...section('Low / Info', low.flatMap(f => findingLine(f, false))));
+  }
+  if (result.possibleRegressions.length > 0) {
+    body.push(...section('Possible Regressions', result.possibleRegressions.map(r => `- [ ] ${r}`)));
+  }
+
+  return [
+    `# aiv Check: ${head} → ${base}`,
+    `Generated: ${date}  |  Risk: ${result.riskLabel} (${result.riskScore}/100)`,
+    '',
+    ...body,
+    '---',
+    '*Generated by [aiv](https://www.npmjs.com/package/@ateriss_/aiv-cli)*',
+  ].join('\n');
+}

package/src/cli/commands/prs.ts

@@ -63,7 +63,7 @@ export function prsCommand(): Command {
         chalk.cyan(`#${pr.number}`),
         truncate(pr.title, 50),
         chalk.dim(pr.author),
-        chalk.dim(pr.branch),
+        chalk.dim(pr.branch) + chalk.dim(' → ') + chalk.cyan(pr.base),
         chalk.green(`+${pr.additions}`) + chalk.dim('/') + chalk.red(`-${pr.deletions}`),
         chalk.dim(formatDate(pr.createdAt)),
       ]);

package/src/cli/commands/review.ts

@@ -26,6 +26,7 @@ export interface RunReviewOptions {
 export async function runReview(opts: RunReviewOptions): Promise<void> {
   const { prNumber, owner, repo, config, token } = opts;
   const rules = loadRules();
+  const auto = !opts.agents;
   const activeAgents = opts.agents ?? ['business', 'architecture', 'security'];
   const client = new GithubClient(token);
 
@@ -42,7 +43,7 @@ export async function runReview(opts: RunReviewOptions): Promise<void> {
     return;
   }
 
-  const result = await resolveResult(client, { owner, repo, prNumber }, config, rules, prDiff, activeAgents, opts.json);
+  const result = await resolveResult(client, { owner, repo, prNumber }, { config, rules, agents: activeAgents, auto }, prDiff, opts.json);
   if (!result) return;
 
   if (opts.json) {
@@ -70,14 +71,16 @@ export async function runReview(opts: RunReviewOptions): Promise<void> {
 }
 
 interface RepoRef { owner: string; repo: string; prNumber: number; }
+interface AgentOpts { config: ResolvedConfig; rules: ReturnType<typeof loadRules>; agents: string[]; auto: boolean; }
 
 async function resolveResult(
   client: GithubClient,
   ref: RepoRef,
-  config: ResolvedConfig, rules: ReturnType<typeof loadRules>,
+  agentOpts: AgentOpts,
   prDiff: Awaited<ReturnType<GithubClient['getPRDiff']>>,
-  activeAgents: string[], json?: boolean,
+  json?: boolean,
 ): Promise<ReviewResult | null> {
+  const { config, rules, agents: activeAgents, auto } = agentOpts;
   const { owner, repo, prNumber } = ref;
   if (!json && process.stdout.isTTY) {
     const cached = await client.findAivReview(owner, repo, prNumber);
@@ -98,7 +101,7 @@ async function resolveResult(
   console.log(chalk.dim(t().reviewRunningAgents(activeAgents.join(', '))));
 
   try {
-    return await new Orchestrator(config, rules).run(prDiff, context, activeAgents);
+    return await new Orchestrator(config, rules).run(prDiff, context, activeAgents, auto);
   } catch (e: any) {
     console.log(chalk.red(t().reviewFailed(e.message)));
     return null;

package/src/cli/selector.ts

@@ -94,13 +94,65 @@ export async function selectMergeStrategy(message: string): Promise<MergeStrateg
   return answers['strategy'] as MergeStrategy;
 }
 
+export type PrecheckAction = 'create_pr' | 'save_checklist' | 'skip';
+
+export async function selectPrecheckAction(message: string, needsPush: boolean, hasFindings: boolean): Promise<PrecheckAction> {
+  const inquirer = await getInquirer();
+  const prLabel = needsPush
+    ? chalk.cyan('🚀  Push y crear PR en GitHub')
+    : chalk.cyan('🚀  Crear PR en GitHub');
+
+  const checklistChoice = hasFindings
+    ? [{ name: chalk.yellow('📋  Guardar checklist en .aiv/'), value: 'save_checklist', short: 'Guardar Checklist' }]
+    : [];
+
+  const choices = [
+    { name: prLabel, value: 'create_pr', short: 'Crear PR' },
+    ...checklistChoice,
+    new inquirer.Separator('─'.repeat(42)),
+    { name: chalk.dim('↩  Skip'), value: 'skip', short: 'Skip' },
+  ];
+
+  const answers = await inquirer.prompt([{
+    type: 'list',
+    name: 'action',
+    message,
+    choices,
+    pageSize: 4,
+    loop: false,
+  }]);
+  return answers['action'] as PrecheckAction;
+}
+
+export async function promptPRDetails(defaultTitle: string): Promise<{ title: string; body: string }> {
+  const inquirer = await getInquirer();
+  const answers = await inquirer.prompt([
+    {
+      type: 'input',
+      name: 'title',
+      message: 'PR title:',
+      default: defaultTitle,
+    },
+    {
+      type: 'input',
+      name: 'body',
+      message: 'PR description (optional, Enter to skip):',
+      default: '',
+    },
+  ]);
+  return {
+    title: answers['title'] as string,
+    body: answers['body'] as string,
+  };
+}
+
 export async function confirmReview(pr: PullRequest, label: string): Promise<boolean> {
   const inquirer = await getInquirer();
 
   const answers = await inquirer.prompt([{
     type: 'confirm',
     name: 'ok',
-    message: `${label} ${chalk.cyan(`#${pr.number}`)} — ${pr.title}?`,
+    message: `${label} ${chalk.cyan('#' + pr.number)} — ${pr.title}?`,
     default: true,
   }]);