@codecora/cli 0.0.3 → 0.0.5

package/README.md

@@ -1,27 +1,14 @@
 # CORA CLI
 
-> AI-powered code review before you commit.
+> Catch bugs & security issues BEFORE you commit. Save 2+ hours/week on code reviews.
 
-CORA CLI brings AI code review to your local development workflow. Get instant feedback on your code changes before they leave your machine.
-
-## ✅ Verified & Tested
-
-All CLI features have been tested and verified working:
+![npm version](https://badge.fury.io/js/%40codecora%2Fcli.svg)
+![downloads](https://img.shields.io/npm/dm/%40codecora/cli.svg)
+![license](https://img.shields.io/npm/l/%40codecora/cli.svg)
 
-| Feature | Status | Description |
-|---------|--------|-------------|
-| Authentication | ✅ | `cora auth status` shows user info, session validity, expiration |
-| Code Review | ✅ | Reviews staged/unstaged changes with token usage tracking |
-| Output Formats | ✅ | Pretty (default), JSON, Compact formats |
-| Git Hooks | ✅ | Automatic pre-commit review on every commit |
-| Mock Mode | ✅ | Testing without using API credits |
-| Error Handling | ✅ | Graceful handling of network errors and invalid input |
+**Website:** [https://codecora.dev](https://codecora.dev) | **Docs:** [https://codecora.dev/docs/cli](https://codecora.dev/docs/cli)
 
-**Response includes:**
-- Issues with severity (critical, major, minor, info)
-- Token breakdown (input/output/execution time)
-- Quota information
-- AI-generated summaries and suggested fixes
+CORA CLI brings AI code review to your local development workflow. Get instant feedback on your code changes before they leave your machine.
 
 ## Features
 
@@ -31,49 +18,87 @@ All CLI features have been tested and verified working:
 - **Git Hooks** - Automatic review on every commit
 - **Cross-platform** - Works on macOS, Linux, and Windows
 
+## Benefits
+
+- **Save Time** - Reduce code review time by 2+ hours per week
+- **Catch Bugs Early** - Find issues before they reach production
+- **Security First** - Detect vulnerabilities and security risks
+- **Learn Best Practices** - Get AI-powered suggestions for code improvement
+- **Zero Friction** - Works with your existing Git workflow
+
 ## Installation
 
-### Option 1: Using npm/bun (Requires Node.js 20+)
+### Using npm/bun (Requires Node.js 20+)
 
 ```bash
 # Using npm
 npm install -g @codecora/cli
 
 # Using bun
-bun install -g @cora/cli
+bun install -g @codecora/cli
 ```
 
-### Option 2: Standalone Binary (No Node.js Required)
+## Quick Start
 
-Download the appropriate binary for your platform from the [releases page](https://github.com/ajianaz/cora/releases):
+```bash
+# 1. Install CORA CLI
+npm install -g @codecora/cli
 
-| Platform | Download |
-|----------|----------|
-| macOS (Intel) | `cora-macos-x64` |
-| macOS (Apple Silicon) | `cora-macos-arm64` |
-| Linux (x64) | `cora-linux-x64` |
-| Windows (x64) | `cora-win-x64.exe` |
+# 2. Login to CORA
+cora auth login
 
-```bash
-# Example for macOS
-curl -L https://github.com/ajianaz/cora/releases/latest/download/cora-macos-arm64 -o cora
-chmod +x cora
-sudo mv cora /usr/local/bin/
+# 3. Review staged changes
+cora review
 ```
 
-## Quick Start
+**Example Output:**
 
-```bash
-# 1. Login to CORA
-cora auth login
+```
+✅ Review complete
 
-# 2. Review staged changes
-cora review
+Found 2 issues:
 
-# 3. Enable automatic pre-commit review (optional)
-cora enable
+  🔴 Critical: SQL injection risk
+    File: src/auth.ts:45
+    User input not sanitized before query
+
+  🟡 Major: Missing error handling
+    File: src/api.ts:12
+    API call lacks try-catch block
+
+💡 Suggestions available. Run with --include-walkthrough for details.
 ```
 
+## Use Cases
+
+CORA CLI is perfect for:
+
+- **Pre-commit Hooks** - Automatically review code before every commit
+- **CI/CD Pipelines** - Integrate into GitHub Actions, GitLab CI, Jenkins
+- **Legacy Code Audit** - Review entire codebases with `--base` flag
+- **Pull Request Reviews** - Check feature branches before merging
+- **Learning Projects** - Get AI feedback on code quality and best practices
+
+## Why CORA vs Others?
+
+| Feature | CORA | SonarQube | CodeClimate | DeepSource |
+|---------|------|-----------|-------------|------------|
+| **Setup Time** | 30 seconds | Hours | Hours | Hours |
+| **Pre-commit** | ✅ Native | ❌ Plugin | ❌ Plugin | ❌ Plugin |
+| **AI-Powered** | ✅ GPT-4/Claude | ❌ Rule-based | ❌ Rule-based | ❌ Rule-based |
+| **Your AI Key** | ✅ Use your own | ❌ Locked in | ❌ Locked in | ❌ Locked in |
+| **Privacy** | ✅ Code stays local | ⚠️ Cloud scan | ⚠️ Cloud scan | ⚠️ Cloud scan |
+| **Free Tier** | ✅ 100 reviews/mo | ❌ $120/yr min | ❌ $50/yr min | ❌ Subscription |
+| **Languages** | All languages | Limited | Limited | Limited |
+
+**Key Differentiators:**
+- **Fastest Setup** - Install and run in 30 seconds, no configuration needed
+- **AI-Powered** - Uses latest GPT-4/Claude models, not outdated rule engines
+- **Your AI Key** - Use your own OpenAI/Anthropic key, no vendor lock-in
+- **Privacy-First** - Code analyzed by YOUR AI provider, we never see your code
+- **Zero Maintenance** - No servers to manage, no databases to configure
+- **Always Updated** - Automatically benefits from latest AI model improvements
+
 ## Usage
 
 ### Authentication
@@ -92,12 +117,6 @@ cora auth logout
 cora auth config [key] [value]
 ```
 
-**Important:** For CLI authentication to work, you must add `http://localhost:4200/callback` to your GitHub App's redirect URIs:
-
-1. Go to your GitHub App settings
-2. Navigate to **General** → **Homepage URL**
-3. Add `http://localhost:4200/callback` to the redirect URIs
-
 ### Review Code
 
 ```bash
@@ -110,8 +129,11 @@ cora review --unstaged
 # Review specific files
 cora review --files src/app.ts src/utils.ts
 
-# Mock mode for testing
-cora review --mock
+# Review committed changes
+cora review --base main              # Review branch vs main
+cora review --commits 3               # Review last 3 commits
+cora review --revision-range abc..def # Review specific range
+cora review --unpushed               # Review unpushed commits
 
 # JSON output for CI/CD
 cora review --format json
@@ -144,9 +166,10 @@ cora disable   # Uninstall pre-commit hook
 | `-s, --staged` | Review staged changes (default) |
 | `-u, --unstaged` | Review unstaged changes |
 | `-f, --files <files...>` | Review specific files |
-| `-m, --max-tokens <number>` | Maximum tokens to use |
-| `-i, --include-walkthrough` | Include full walkthrough |
-| `--mock` | Mock mode for testing |
+| `--base <ref>` | Review changes from base ref to HEAD (e.g., "main") |
+| `--revision-range <range>` | Review specific commit range (e.g., "HEAD~3..HEAD") |
+| `--commits <number>` | Review last N commits |
+| `--unpushed` | Review unpushed commits |
 | `--format <format>` | Output format (pretty, json, compact) |
 
 ## Configuration
@@ -163,13 +186,32 @@ Configuration is stored in `~/.codecora/`:
 | `CORA_SKIP` | Skip pre-commit hook when set to 1 |
 | `CORA_SERVER` | Override server URL |
 | `CORA_WORKSPACE` | Override workspace ID |
-| `CORA_API_KEY` | API key for CI/CD authentication (see [API Keys Documentation](../../../docs/API_KEYS.md)) |
+| `CORA_API_KEY` | API key for CI/CD authentication |
 
 ## CI/CD Integration
 
+### Supported Languages
+
+CORA CLI supports code review for all programming languages including:
+- JavaScript / TypeScript
+- Python
+- Java / Kotlin
+- Go
+- Rust
+- PHP
+- Ruby
+- C# / .NET
+- And more...
+
 ### Using API Keys (Recommended)
 
-For CI/CD workflows, use API Keys instead of session tokens:
+For CI/CD workflows, use API Keys instead of session tokens.
+
+**Getting an API Key:**
+1. Login to [codecora.dev](https://codecora.dev)
+2. Go to Dashboard → API Keys
+3. Click "Generate API Key"
+4. Copy the key and use in your CI/CD pipeline
 
 ```yaml
 # Example: GitHub Actions
@@ -190,8 +232,6 @@ For CI/CD workflows, use API Keys instead of session tokens:
 
 **Create API Key:** Visit Dashboard → API Keys to generate a key for CI/CD.
 
-See [API Keys Documentation](../../../docs/API_KEYS.md) for complete guide.
-
 ## Troubleshooting
 
 ### Authentication Errors
@@ -226,17 +266,28 @@ CORA_SKIP=1 git commit -m "message"
 
 ## Requirements
 
-- **Node.js 20+** (if installing via npm/bun)
-- **OR** standalone binary (no dependencies)
+- **Node.js 20+** or **Bun 1.0+**
 - A Codecora account (sign up at https://codecora.dev)
 - An OpenAI-compatible API key configured in your workspace
 
+## Pricing
+
+- **Free Tier** - 100 reviews/month during beta
+- **Pro Tier** - Coming soon
+- **Enterprise** - Contact us for custom solutions
+
 ## License
 
 MIT © [CORA](https://codecora.dev)
 
 ## Support
 
-- [Documentation](https://codecora.dev/docs/cli)
-- [GitHub Issues](https://github.com/ajianaz/cora/issues)
-- [GitHub Discussions](https://github.com/ajianaz/cora/discussions)
+- 📧 **Email**: support@codecora.dev
+- 📚 [Documentation](https://codecora.dev/docs/cli)
+- 🌐 [Website](https://codecora.dev)
+- 💬 [Community Discord](https://discord.gg/codecora)
+
+**Getting Help:**
+- Check our [Documentation](https://codecora.dev/docs/cli) for detailed guides
+- Join our [Discord community](https://discord.gg/codecora) for quick questions
+- Email us at support@codecora.dev for technical issues

package/bin/cora.js

@@ -84,6 +84,10 @@ program
   .option('-s, --staged', 'Review staged changes (default: true)')
   .option('-u, --unstaged', 'Review unstaged changes')
   .option('-f, --files <files...>', 'Review specific files')
+  .option('--base <ref>', 'Review changes from base ref to HEAD (e.g., "main", "develop")')
+  .option('--revision-range <range>', 'Review specific commit range (e.g., "HEAD~3..HEAD", "abc123..def456")')
+  .option('--commits <number>', 'Review last N commits', parseInt)
+  .option('--unpushed', 'Review unpushed commits')
   .option('-m, --max-tokens <number>', 'Maximum tokens to use', parseInt)
   .option('-i, --include-walkthrough', 'Include full walkthrough')
   .option('--mock', 'Mock mode for testing')
@@ -96,6 +100,10 @@ program
         branch: options.branch,
         staged: options.unstaged ? false : options.staged !== false,
         files: options.files,
+        base: options.base,
+        revisionRange: options.revisionRange,
+        commits: options.commits,
+        unpushed: options.unpushed,
         maxTokens: options.maxTokens,
         includeWalkthrough: options.includeWalkthrough,
         mock: options.mock,

package/dist/commands/auth.js

@@ -48,7 +48,7 @@ export async function login(serverUrl) {
         }
         // Store session directly from server response
         await setAuthToken(authResult.token, targetServerUrl, authResult.userId, authResult.email, authResult.expiresAt);
-        console.log(`\nSuccessfully logged in as ${authResult.email}`);
+        console.log(`\nSuccessfully logged in${authResult.email ? ` as ${authResult.email}` : ''}`);
         process.exit(0);
     }
     catch (error) {
@@ -171,7 +171,7 @@ function createCallbackServer() {
             const url = new URL(req.url, `http://localhost:${FIXED_PORT}`);
             const token = url.searchParams.get('token');
             const userId = url.searchParams.get('userId');
-            const email = url.searchParams.get('email');
+            const email = url.searchParams.get('email'); // Optional, can be fetched via API
             const expiresAt = url.searchParams.get('expiresAt');
             const error = url.searchParams.get('error');
             if (error) {
@@ -181,7 +181,8 @@ function createCallbackServer() {
                 server.close();
                 return;
             }
-            if (token && userId && email && expiresAt) {
+            // Email is optional - can be fetched via API after login
+            if (token && userId && expiresAt) {
                 res.writeHead(200, { 'Content-Type': 'text/html' });
                 res.end(`
           <!DOCTYPE html>
@@ -193,7 +194,7 @@ function createCallbackServer() {
           </body>
           </html>
         `);
-                resolvePromise({ token, userId, email, expiresAt });
+                resolvePromise({ token, userId, email: email || undefined, expiresAt });
                 server.close();
             }
             else {

package/dist/commands/review.js

@@ -36,6 +36,10 @@ export async function review(options = {}) {
             staged: options.staged !== false,
             files: options.files,
             cwd,
+            base: options.base,
+            revisionRange: options.revisionRange,
+            commits: options.commits,
+            unpushed: options.unpushed,
         });
     }
     catch (error) {

package/dist/config/storage.js

@@ -112,9 +112,11 @@ export async function setAuthToken(sessionToken, serverUrl, userId, email, expir
             serverUrl,
             expiresAt,
         },
-        user: {
+        user: email ? {
             id: userId,
             email,
+        } : {
+            id: userId,
         },
     });
 }

package/dist/git/diff.js

@@ -149,7 +149,21 @@ export function validateDiffSize(diff, maxSize = 10 * 1024 * 1024 // 10MB defaul
  * Main function to get diff based on options.
  */
 export function getReviewDiff(options) {
-    const { staged = true, files, cwd = process.cwd() } = options;
+    const { staged = true, files, cwd = process.cwd(), base, revisionRange, commits, unpushed, } = options;
+    // Commit-based review takes precedence
+    if (revisionRange) {
+        return getCommitDiff(revisionRange, cwd);
+    }
+    if (unpushed) {
+        return getUnpushedDiff(cwd);
+    }
+    if (commits !== undefined) {
+        return getLastCommitsDiff(commits, cwd);
+    }
+    if (base) {
+        return getBaseDiff(base, cwd);
+    }
+    // Default behavior: staged/unstaged/files
     if (files && files.length > 0) {
         return getFilesDiff(files, staged, cwd);
     }
@@ -160,3 +174,51 @@ export function getReviewDiff(options) {
         return getUnstagedDiff(cwd);
     }
 }
+/**
+ * Get diff between two git refs (commits, branches, tags)
+ *
+ * Examples:
+ * - "main...HEAD" - changes from main to current branch
+ * - "abc123..def456" - changes between two commits
+ * - "v1.0.0..HEAD" - changes since tag v1.0.0
+ */
+export function getCommitDiff(revisionRange, cwd = process.cwd()) {
+    const result = execFileSafe('git', ['diff', revisionRange], { cwd });
+    if (result.status !== 0) {
+        throw new Error(`Failed to get commit diff: ${result.stderr || result.error?.message}`);
+    }
+    return result.stdout;
+}
+/**
+ * Get diff of unpushed commits
+ *
+ * Returns diff between HEAD and the remote tracking branch.
+ */
+export function getUnpushedDiff(cwd = process.cwd()) {
+    // First, get the remote tracking branch
+    const trackingResult = execFileSafe('git', ['rev-parse', '--abbrev-ref', '--symbolic-full-name', '@{u}'], { cwd });
+    if (trackingResult.status !== 0) {
+        throw new Error('No upstream branch found. Cannot determine unpushed commits. ' +
+            'Hint: Set upstream with `git push -u origin <branch>`');
+    }
+    const trackingBranch = trackingResult.stdout.trim();
+    return getCommitDiff(`${trackingBranch}...HEAD`, cwd);
+}
+/**
+ * Get diff of last N commits
+ *
+ * Returns diff between HEAD~N and HEAD.
+ */
+export function getLastCommitsDiff(count, cwd = process.cwd()) {
+    const revisionRange = `HEAD~${count}..HEAD`;
+    return getCommitDiff(revisionRange, cwd);
+}
+/**
+ * Get diff from base branch to HEAD
+ *
+ * Compares current HEAD with the specified base branch.
+ */
+export function getBaseDiff(base, cwd = process.cwd()) {
+    const revisionRange = `${base}...HEAD`;
+    return getCommitDiff(revisionRange, cwd);
+}

package/dist/version.js

@@ -1 +1 @@
-export const VERSION = '0.0.3';
+export const VERSION = '0.0.5';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codecora/cli",
-  "version": "0.0.3",
+  "version": "0.0.5",
   "type": "module",
   "description": "CORA CLI - AI code review before commit",
   "main": "./dist/index.js",