@claudemini/shit-cli 1.8.1 → 1.9.0

package/lib/review.js

@@ -1,18 +1,19 @@
 /**
  * Structured code review over session artifacts.
- * Inspired by mco's findings model:
- * - fixed findings schema
- * - evidence-grounded findings
- * - deterministic severity/confidence
- * - dedup + aggregation for CI/PR workflows
+ * Uses goatchain agent output and keeps the existing findings/report schema.
  */
 
-import { existsSync, readFileSync, readdirSync, statSync } from 'fs';
+import { existsSync, readdirSync, statSync } from 'fs';
 import { join } from 'path';
 import { createHash } from 'crypto';
 import { getLogDir, getProjectRoot, SESSION_ID_REGEX } from './config.js';
-import { redactSecrets } from './redact.js';
 import { dispatchWebhook } from './webhook.js';
+import {
+  loadJsonIfExists,
+  normalizeEvidence,
+  normalizeLocation,
+  normalizeLocationKey,
+} from './review-common.js';
 
 const SEVERITY_SCORE = {
   info: 1,
@@ -30,7 +31,7 @@ const CONFIDENCE_SCORE = {
 
 function parseArgs(args) {
   const options = {
-    format: 'text', // text | json | markdown
+    format: 'text',
     strict: false,
     minSeverity: 'info',
     failOn: 'high',
@@ -38,6 +39,12 @@ function parseArgs(args) {
     recent: 1,
     all: false,
     help: false,
+    engine: 'agent',
+    agentTimeoutMs: 120000,
+    allowWorktreeDiff: false,
+    agentAutoApprove: true,
+    deprecatedFlags: [],
+    deprecatedEngineValue: null,
   };
 
   for (const arg of args) {
@@ -57,6 +64,10 @@ function parseArgs(args) {
       options.all = true;
       continue;
     }
+    if (arg === '--agent') {
+      options.deprecatedFlags.push('--agent');
+      continue;
+    }
     if (arg === '--help' || arg === '-h') {
       options.help = true;
       continue;
@@ -82,6 +93,41 @@ function parseArgs(args) {
       }
       continue;
     }
+    if (arg.startsWith('--engine=')) {
+      const value = (arg.split('=')[1] || '').toLowerCase();
+      options.deprecatedFlags.push('--engine');
+      options.deprecatedEngineValue = value || null;
+      continue;
+    }
+    if (arg.startsWith('--agent-timeout-ms=')) {
+      const value = Number.parseInt(arg.split('=')[1], 10);
+      if (Number.isFinite(value) && value > 0) {
+        options.agentTimeoutMs = value;
+      }
+      continue;
+    }
+    if (arg === '--allow-worktree-diff') {
+      options.allowWorktreeDiff = true;
+      continue;
+    }
+    if (arg === '--agent-auto-approve') {
+      options.agentAutoApprove = true;
+      continue;
+    }
+    if (arg === '--no-agent-auto-approve') {
+      options.agentAutoApprove = false;
+      continue;
+    }
+    if (arg.startsWith('--agent-auto-approve=')) {
+      const value = (arg.split('=')[1] || '').toLowerCase();
+      if (value === 'true' || value === '1' || value === 'yes') {
+        options.agentAutoApprove = true;
+      }
+      if (value === 'false' || value === '0' || value === 'no') {
+        options.agentAutoApprove = false;
+      }
+      continue;
+    }
     if (!arg.startsWith('-') && !options.sessionId) {
       options.sessionId = arg;
     }
@@ -100,7 +146,15 @@ function printUsage() {
   console.log('  --all                         Review all sessions');
   console.log('  --min-severity=<level>        Filter findings below severity');
   console.log('  --fail-on=<level>             Strict mode failure threshold (default: high)');
+  console.log('  --agent-timeout-ms=<ms>       Agent timeout in milliseconds (default: 120000)');
+  console.log('  --allow-worktree-diff         Allow worktree diff fallback without checkpoint commits');
+  console.log('  --agent-auto-approve=<bool>   Auto approve agent tool calls (default: true)');
+  console.log('  --no-agent-auto-approve       Disable auto approval for agent tool calls');
   console.log('  --strict                      Exit non-zero when findings hit fail-on threshold');
+  console.log('');
+  console.log('Deprecated options (accepted but ignored):');
+  console.log('  --agent');
+  console.log('  --engine=<name>');
 }
 
 function getSessionDirs(logDir) {
@@ -121,6 +175,7 @@ function getSessionDirs(logDir) {
     } catch {
       continue;
     }
+
     if (!stat.isDirectory()) {
       continue;
     }
@@ -135,25 +190,8 @@ function getSessionDirs(logDir) {
   return sessions.sort((a, b) => b.mtime - a.mtime);
 }
 
-function loadJsonIfExists(filePath, fallback = null) {
-  if (!existsSync(filePath)) {
-    return fallback;
-  }
-  try {
-    return JSON.parse(readFileSync(filePath, 'utf-8'));
-  } catch {
-    return fallback;
-  }
-}
-
-function normalizeEvidence(evidence) {
-  return evidence
-    .filter(Boolean)
-    .map(item => String(item).trim())
-    .filter(Boolean);
-}
-
 function normalizeFinding(input) {
+  const sessions = Array.isArray(input.sessions) ? [...new Set(input.sessions)] : [];
   return {
     id: input.id || '',
     rule_id: input.rule_id || 'review.generic',
@@ -163,27 +201,19 @@ function normalizeFinding(input) {
     summary: input.summary || '',
     details: input.details || '',
     suggestion: input.suggestion || '',
-    location: input.location || null,
-    evidence: normalizeEvidence(input.evidence || []),
-    sessions: Array.isArray(input.sessions) ? [...new Set(input.sessions)] : [],
+    location: normalizeLocation(input.location),
+    evidence: normalizeEvidence(input.evidence, {
+      fallbackItems: sessions.length > 0 ? sessions.map(id => `session_id=${id}`) : ['evidence_missing=true'],
+    }),
+    sessions,
   };
 }
 
-function normalizeLocation(location) {
-  if (!location || typeof location !== 'object') {
-    return '';
-  }
-  const file = location.file || '';
-  const line = location.line || '';
-  const column = location.column || '';
-  return `${file}:${line}:${column}`;
-}
-
 function canonicalFindingKey(finding) {
   return [
     String(finding.rule_id || '').trim().toLowerCase(),
     String(finding.category || '').trim().toLowerCase(),
-    normalizeLocation(finding.location),
+    normalizeLocationKey(finding.location),
     String(finding.summary || '').trim().toLowerCase(),
   ].join('|');
 }
@@ -219,6 +249,7 @@ function dedupeFindings(findings) {
       evidence: [...new Set([...prev.evidence, ...finding.evidence])],
       sessions: [...new Set([...(prev.sessions || []), ...(finding.sessions || [])])],
     };
+
     merged.id = prev.id;
     map.set(key, merged);
   }
@@ -226,209 +257,6 @@ function dedupeFindings(findings) {
   return [...map.values()].sort((a, b) => SEVERITY_SCORE[b.severity] - SEVERITY_SCORE[a.severity]);
 }
 
-function getAllCommands(summary) {
-  const commandGroups = summary?.activity?.commands || {};
-  return Object.values(commandGroups).flatMap(list => Array.isArray(list) ? list : []);
-}
-
-const WINDOWS_ABS_PATH_REGEX = /(^|[\s([{:="'`])([A-Za-z]:\\(?:[^\\\s"'`|<>]+\\){1,}[^\\\s"'`|<>]+)/g;
-const UNIX_SENSITIVE_ROOT_PATH_REGEX = /(^|[\s([{:="'`])(\/(?:Users|home|var|tmp|opt|etc|private|Volumes|workspace|workspaces|usr)(?:\/[^\s"'`|<>]+){2,})/g;
-const UNIX_FILE_PATH_WITH_EXT_REGEX = /(^|[\s([{:="'`])(\/(?:[^\/\s"'`|<>]+\/){2,}[^\/\s"'`|<>]*\.[A-Za-z0-9]{1,10})/g;
-
-function sanitizeErrorDetails(message) {
-  const text = String(message || 'Tool returned an error');
-  const redacted = redactSecrets(text)
-    .replace(WINDOWS_ABS_PATH_REGEX, '$1[PATH]')
-    .replace(UNIX_SENSITIVE_ROOT_PATH_REGEX, '$1[PATH]')
-    .replace(UNIX_FILE_PATH_WITH_EXT_REGEX, '$1[PATH]')
-    .replace(/\b[A-Z_]{2,}=[^\s"'`|<>]+/g, '[ENV_REDACTED]');
-  return redacted.slice(0, 200);
-}
-
-function generateFindings(summary, state, sessionId) {
-  const findings = [];
-  const reviewHints = summary?.review_hints || {};
-  const changes = summary?.changes?.files || [];
-  const activity = summary?.activity || {};
-  const errors = Array.isArray(activity.errors) ? activity.errors : [];
-  const commands = getAllCommands(summary);
-  const modifiedSourceFiles = changes.filter(file =>
-    file.category === 'source' &&
-    Array.isArray(file.operations) &&
-    file.operations.some(op => op !== 'read')
-  );
-
-  if (modifiedSourceFiles.length > 0 && !reviewHints.tests_run) {
-    findings.push({
-      rule_id: 'testing.no_tests_after_source_changes',
-      category: 'testing',
-      severity: modifiedSourceFiles.length >= 5 ? 'high' : 'medium',
-      confidence: 'high',
-      summary: 'Source code changed without test execution evidence',
-      details: `Detected ${modifiedSourceFiles.length} modified source file(s), but no test command was recorded.`,
-      suggestion: 'Run targeted tests for changed modules and attach the command/output in the session.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `review_hints.tests_run=${Boolean(reviewHints.tests_run)}`,
-        `modified_source_files=${modifiedSourceFiles.length}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if (reviewHints.migration_added && !reviewHints.tests_run) {
-    findings.push({
-      rule_id: 'correctness.migration_without_tests',
-      category: 'correctness',
-      severity: 'high',
-      confidence: 'high',
-      summary: 'Database migration changed without test validation',
-      details: 'Migration-related changes are present and no test run was captured.',
-      suggestion: 'Run migration verification and regression tests before merge.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `review_hints.migration_added=${Boolean(reviewHints.migration_added)}`,
-        `review_hints.tests_run=${Boolean(reviewHints.tests_run)}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if (reviewHints.config_changed && !reviewHints.build_verified) {
-    findings.push({
-      rule_id: 'reliability.config_without_build',
-      category: 'reliability',
-      severity: 'medium',
-      confidence: 'high',
-      summary: 'Configuration changed without build verification',
-      details: 'Config-level edits were detected, but no build/compile command was recorded.',
-      suggestion: 'Run a full build/compile and include output to reduce deployment risk.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `review_hints.config_changed=${Boolean(reviewHints.config_changed)}`,
-        `review_hints.build_verified=${Boolean(reviewHints.build_verified)}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if (reviewHints.large_change && !reviewHints.tests_run && !reviewHints.build_verified) {
-    findings.push({
-      rule_id: 'maintainability.large_change_without_validation',
-      category: 'maintainability',
-      severity: 'high',
-      confidence: 'medium',
-      summary: 'Large change set lacks both test and build signals',
-      details: 'A large multi-file change was made without recorded test/build validation.',
-      suggestion: 'Split change into smaller PRs or provide CI/local validation evidence.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `review_hints.large_change=${Boolean(reviewHints.large_change)}`,
-        `review_hints.tests_run=${Boolean(reviewHints.tests_run)}`,
-        `review_hints.build_verified=${Boolean(reviewHints.build_verified)}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if (Array.isArray(reviewHints.files_without_tests) && reviewHints.files_without_tests.length > 0) {
-    const sample = reviewHints.files_without_tests.slice(0, 3);
-    findings.push({
-      rule_id: 'testing.files_without_tests',
-      category: 'testing',
-      severity: reviewHints.files_without_tests.length > 5 ? 'high' : 'medium',
-      confidence: 'medium',
-      summary: 'Modified source files have no corresponding test changes',
-      details: `Detected ${reviewHints.files_without_tests.length} file(s) without related test updates.`,
-      suggestion: 'Add/adjust tests for changed source files or document why tests are not needed.',
-      location: { file: sample[0] },
-      evidence: [
-        `session_id=${sessionId}`,
-        `review_hints.files_without_tests_count=${reviewHints.files_without_tests.length}`,
-        ...sample.map(file => `file_without_test=${file}`),
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  for (const error of errors.slice(-3)) {
-    findings.push({
-      rule_id: 'reliability.tool_error',
-      category: 'reliability',
-      severity: 'medium',
-      confidence: 'high',
-      summary: `Tool error detected: ${error.tool || 'unknown tool'}`,
-      details: sanitizeErrorDetails(error.message),
-      suggestion: 'Confirm the error is resolved and include successful rerun evidence.',
-      evidence: [
-        `session_id=${sessionId}`,
-        'activity.errors_present=true',
-        `error_tool=${error.tool || 'unknown'}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  const rollbackCommands = commands.filter(cmd =>
-    /\bgit\s+(reset|restore|revert)\b/i.test(cmd) ||
-    /\bgit\s+checkout\s+--\b/i.test(cmd) ||
-    /\bundo\b/i.test(cmd)
-  );
-  if (rollbackCommands.length >= 2) {
-    findings.push({
-      rule_id: 'maintainability.frequent_rollback_commands',
-      category: 'maintainability',
-      severity: rollbackCommands.length >= 4 ? 'high' : 'medium',
-      confidence: 'medium',
-      summary: 'Frequent rollback/undo commands detected in one session',
-      details: `Detected ${rollbackCommands.length} rollback-style command(s), which may indicate unstable iteration.`,
-      suggestion: 'Split the change and validate each step to reduce back-and-forth edits.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `rollback_command_count=${rollbackCommands.length}`,
-        ...rollbackCommands.slice(0, 3).map(cmd => `rollback_cmd=${cmd.slice(0, 80)}`),
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if ((summary?.session?.risk || '') === 'high') {
-    findings.push({
-      rule_id: 'maintainability.high_risk_session',
-      category: 'maintainability',
-      severity: 'medium',
-      confidence: 'medium',
-      summary: 'Session-level risk was classified as high',
-      details: 'The extraction engine labeled this session as high risk based on change shape.',
-      suggestion: 'Require manual reviewer sign-off and verify rollback/checkpoint strategy.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `summary.session.risk=${summary.session.risk}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  if (state?.checkpoints && state.checkpoints.length > 0) {
-    findings.push({
-      rule_id: 'maintainability.checkpoints_present',
-      category: 'maintainability',
-      severity: 'info',
-      confidence: 'high',
-      summary: 'Checkpoint chain exists for this session',
-      details: `Detected ${state.checkpoints.length} checkpoint commit(s), enabling safer rollback.`,
-      suggestion: 'Use "shit rewind <checkpoint>" if post-merge regression appears.',
-      evidence: [
-        `session_id=${sessionId}`,
-        `state.checkpoints_count=${state.checkpoints.length}`,
-      ],
-      sessions: [sessionId],
-    });
-  }
-
-  return findings;
-}
-
 function generateSummaryMissingFinding(sessionId) {
   return {
     rule_id: 'integrity.missing_summary',
@@ -451,15 +279,12 @@ function generateCrossSessionFindings(snapshots) {
   const fileToSessions = new Map();
 
   for (const snap of snapshots) {
-    const files = Array.isArray(snap.summary?.changes?.files) ? snap.summary.changes.files : [];
-    for (const file of files) {
-      if (file.category !== 'source') {
-        continue;
-      }
-      if (!fileToSessions.has(file.path)) {
-        fileToSessions.set(file.path, new Set());
+    const sourcePaths = collectSessionSourcePaths(snap);
+    for (const sourcePath of sourcePaths) {
+      if (!fileToSessions.has(sourcePath)) {
+        fileToSessions.set(sourcePath, new Set());
       }
-      fileToSessions.get(file.path).add(snap.id);
+      fileToSessions.get(sourcePath).add(snap.id);
     }
   }
 
@@ -491,6 +316,58 @@ function generateCrossSessionFindings(snapshots) {
   }));
 }
 
+function collectSessionSourcePaths(snapshot) {
+  const pathsFromSummary = Array.isArray(snapshot.summary?.changes?.files)
+    ? snapshot.summary.changes.files
+      .filter(file => file?.category === 'source')
+      .map(file => String(file.path || '').trim())
+      .filter(Boolean)
+    : [];
+
+  if (pathsFromSummary.length > 0) {
+    return [...new Set(pathsFromSummary)];
+  }
+
+  const statePaths = new Set();
+  collectPathCandidates(snapshot.state?.edits, statePaths);
+  collectPathCandidates(snapshot.state?.file_ops, statePaths);
+  return [...statePaths];
+}
+
+function collectPathCandidates(entries, outputSet) {
+  if (!Array.isArray(entries)) {
+    return;
+  }
+
+  for (const entry of entries) {
+    if (typeof entry === 'string') {
+      addPathCandidate(entry, outputSet);
+      continue;
+    }
+    if (!entry || typeof entry !== 'object') {
+      continue;
+    }
+
+    addPathCandidate(entry.path, outputSet);
+    addPathCandidate(entry.file, outputSet);
+    addPathCandidate(entry.target, outputSet);
+    addPathCandidate(entry.source, outputSet);
+    addPathCandidate(entry.from, outputSet);
+    addPathCandidate(entry.to, outputSet);
+  }
+}
+
+function addPathCandidate(pathValue, outputSet) {
+  const path = String(pathValue || '').trim();
+  if (!path) {
+    return;
+  }
+  if (path.startsWith('.git/') || path.startsWith('.shit-logs/') || path.includes('/.git/')) {
+    return;
+  }
+  outputSet.add(path);
+}
+
 function filterBySeverity(findings, minSeverity) {
   const threshold = SEVERITY_SCORE[minSeverity] || SEVERITY_SCORE.info;
   return findings.filter(f => (SEVERITY_SCORE[f.severity] || 0) >= threshold);
@@ -532,30 +409,19 @@ function buildSessionSnapshot(sessionEntry) {
   };
 }
 
-function buildReport(selectedSessions, options) {
-  const snapshots = selectedSessions.map(buildSessionSnapshot);
-  const rawFindings = [];
-
-  for (const snap of snapshots) {
-    if (!snap.summary) {
-      rawFindings.push(generateSummaryMissingFinding(snap.id));
-      continue;
-    }
-    rawFindings.push(...generateFindings(snap.summary, snap.state, snap.id));
-  }
-  rawFindings.push(...generateCrossSessionFindings(snapshots.filter(snap => snap.summary)));
-
+function buildReportFromRawFindings(snapshots, rawFindings, options) {
   const deduped = dedupeFindings(rawFindings);
   const filteredFindings = filterBySeverity(deduped, options.minSeverity);
   const verdict = computeVerdict(filteredFindings, options.failOn);
 
   return {
-    schema_version: '1.1',
+    schema_version: '1.2',
     generated_at: new Date().toISOString(),
     policy: {
       min_severity: options.minSeverity,
       fail_on: options.failOn,
       strict: options.strict,
+      engine: options.engine,
       recent: options.all ? 'all' : options.recent,
       session_filter: options.sessionId || null,
     },
@@ -583,7 +449,7 @@ function printHumanReport(report) {
   console.log(`🧪 Code Review`);
   console.log(`   Sessions: ${report.stats.reviewed_sessions}`);
   console.log(`   Verdict: ${report.verdict.toUpperCase()} | Findings: ${report.findings.length}`);
-  console.log(`   Policy: min=${report.policy.min_severity}, fail-on=${report.policy.fail_on}`);
+  console.log(`   Policy: engine=${report.policy.engine}, min=${report.policy.min_severity}, fail-on=${report.policy.fail_on}`);
   console.log();
 
   if (report.sessions.length === 1) {
@@ -627,11 +493,12 @@ function printMarkdownReport(report) {
   lines.push(`- Verdict: **${report.verdict.toUpperCase()}**`);
   lines.push(`- Sessions: **${report.stats.reviewed_sessions}**`);
   lines.push(`- Findings: **${report.findings.length}**`);
-  lines.push(`- Policy: \`min=${report.policy.min_severity}, fail-on=${report.policy.fail_on}\``);
+  lines.push(`- Policy: \`engine=${report.policy.engine}, min=${report.policy.min_severity}, fail-on=${report.policy.fail_on}\``);
   lines.push('');
 
   lines.push('## Findings');
   lines.push('');
+
   if (report.findings.length === 0) {
     lines.push('No findings above threshold.');
     console.log(lines.join('\n'));
@@ -645,9 +512,11 @@ function printMarkdownReport(report) {
     const summary = finding.summary.replace(/\|/g, '\\|');
     lines.push(`| ${finding.severity.toUpperCase()} | ${finding.category} | \`${finding.rule_id}\` | ${summary} | ${sessions} |`);
   }
+
   lines.push('');
   lines.push('## Details');
   lines.push('');
+
   for (const finding of report.findings) {
     lines.push(`### [${finding.severity.toUpperCase()}] ${finding.summary}`);
     lines.push(`- Rule: \`${finding.rule_id}\``);
@@ -678,9 +547,11 @@ function selectSessions(allSessions, options) {
     const matched = allSessions.find(s => s.id === options.sessionId || s.id.startsWith(options.sessionId));
     return matched ? [matched] : [];
   }
+
   if (options.all) {
     return allSessions;
   }
+
   return allSessions.slice(0, options.recent);
 }
 
@@ -692,6 +563,13 @@ export default async function review(args) {
       return 0;
     }
 
+    if (options.deprecatedFlags.length > 0) {
+      console.error(`⚠️  Deprecated review flags are ignored: ${[...new Set(options.deprecatedFlags)].join(', ')}.`);
+      if (options.deprecatedEngineValue && options.deprecatedEngineValue !== 'agent') {
+        console.error(`⚠️  --engine=${options.deprecatedEngineValue} is unsupported. Using goatchain agent review.`);
+      }
+    }
+
     const projectRoot = getProjectRoot();
     const logDir = getLogDir(projectRoot);
     const sessions = getSessionDirs(logDir);
@@ -707,10 +585,24 @@ export default async function review(args) {
       return 1;
     }
 
-    const report = buildReport(selectedSessions, options);
+    const snapshots = selectedSessions.map(buildSessionSnapshot);
+    const rawFindings = [];
 
-    // Dispatch webhook for review completion
-    dispatchWebhook(projectRoot, 'review.completed', report).catch(() => {});
+    for (const snap of snapshots) {
+      if (!snap.summary) {
+        rawFindings.push(generateSummaryMissingFinding(snap.id));
+      }
+    }
+
+    const { runAgentReview } = await import('./agent-review.js');
+    const agentFindings = await runAgentReview(projectRoot, selectedSessions, options);
+    rawFindings.push(...agentFindings);
+    // Intentional: include snapshots without summary and fallback to state paths when available.
+    rawFindings.push(...generateCrossSessionFindings(snapshots));
+
+    const report = buildReportFromRawFindings(snapshots, rawFindings, options);
+
+    await dispatchWebhook(projectRoot, 'review.completed', report);
 
     if (options.format === 'json') {
       console.log(JSON.stringify(report, null, 2));
@@ -718,12 +610,13 @@ export default async function review(args) {
       printMarkdownReport(report);
     } else {
       printHumanReport(report);
-      console.log('Options: --json --markdown --recent=<n> --all --strict --min-severity=<...> --fail-on=<...>');
+      console.log('Options: --json --markdown --recent=<n> --all --strict --min-severity=<...> --fail-on=<...> --agent-timeout-ms=<...>');
     }
 
     if (options.strict && shouldFailByThreshold(report.findings, options.failOn)) {
       return 1;
     }
+
     return 0;
   } catch (error) {
     console.error('❌ Failed to run review:', error.message);

package/lib/summarize.js

@@ -22,7 +22,7 @@ const DEFAULT_CONFIG = {
 /**
  * Get API configuration from environment or config file
  */
-function getApiConfig(projectRoot) {
+export function getApiConfig(projectRoot) {
   const config = { ...DEFAULT_CONFIG };
 
   // Check for project config
@@ -51,6 +51,18 @@ function getApiConfig(projectRoot) {
   if (process.env.OPENAI_ENDPOINT) {
     config.openai_endpoint = process.env.OPENAI_ENDPOINT;
   }
+  // Universal override for all providers.
+  if (process.env.AI_MODEL) {
+    config.model = process.env.AI_MODEL;
+  }
+
+  // Provider-specific overrides take precedence when applicable.
+  if (config.provider === 'openai' && process.env.OPENAI_MODEL) {
+    config.model = process.env.OPENAI_MODEL;
+  }
+  if (config.provider === 'anthropic' && process.env.ANTHROPIC_MODEL) {
+    config.model = process.env.ANTHROPIC_MODEL;
+  }
 
   return config;
 }
@@ -203,7 +215,9 @@ async function callOpenAI(apiKey, endpoint, model, prompt, maxTokens, temperatur
   }
 
   const data = await response.json();
-  return data.choices[0].message.content;
+  const msg = data.choices[0].message;
+  // Some OpenAI-compatible providers return reasoning output in `reasoning_content`.
+  return msg.content || msg.reasoning_content || '';
 }
 
 /**
@@ -325,6 +339,9 @@ export default async function summarize(args) {
     console.log('  OPENAI_API_KEY     # Use OpenAI for summarization');
     console.log('  OPENAI_BASE_URL    # OpenAI-compatible base URL (e.g. https://api.openai.com/v1)');
     console.log('  OPENAI_ENDPOINT    # Full OpenAI-compatible endpoint (overrides OPENAI_BASE_URL)');
+    console.log('  AI_MODEL           # Universal model override (applies to all providers)');
+    console.log('  OPENAI_MODEL       # OpenAI-only model override');
+    console.log('  ANTHROPIC_MODEL    # Anthropic-only model override');
     console.log('  ANTHROPIC_API_KEY  # Use Anthropic for summarization');
     console.log('\nConfiguration (.shit-logs/config.json):');
     console.log(`  {"provider": "openai", "model": "gpt-4o-mini", "openai_base_url": "https://api.openai.com/v1"}`);

package/lib/webhook.js

@@ -28,7 +28,11 @@ export function loadWebhookConfig(projectRoot) {
   }
 
   // Resolve: process.env > config.json env > config.json webhooks field
-  const env = (key) => process.env[key] || configEnv[key] || '';
+  const env = (key) => {
+    if (key in process.env) return process.env[key];
+    if (key in configEnv) return configEnv[key];
+    return '';
+  };
 
   const url = env('SHIT_WEBHOOK_URL') || fileConfig.url;
   if (!url) return null;