@codemoot/cli 0.2.3 → 0.2.5

package/dist/index.js

@@ -7,7 +7,7 @@ import { CLEANUP_TIMEOUT_SEC, VERSION as VERSION2 } from "@codemoot/core";
 // src/commands/build.ts
 import { BuildStore, DebateStore, REVIEW_DIFF_MAX_CHARS, REVIEW_TEXT_MAX_CHARS, SessionManager, buildHandoffEnvelope, generateId, loadConfig, openDatabase as openDatabase2 } from "@codemoot/core";
 import chalk3 from "chalk";
-import { execSync } from "child_process";
+import { execFileSync, execSync } from "child_process";
 import { unlinkSync } from "fs";
 import { join as join2 } from "path";
 
@@ -103,13 +103,25 @@ function getDbPath(projectDir) {
 }
 async function withDatabase(fn) {
   const db = openDatabase(getDbPath());
+  const originalExit = process.exit;
+  let requestedExitCode;
+  process.exit = ((code) => {
+    requestedExitCode = typeof code === "number" ? code : 1;
+    throw new Error("__WITH_DATABASE_EXIT__");
+  });
   try {
     return await fn(db);
   } catch (error) {
-    console.error(chalk2.red(`Error: ${error instanceof Error ? error.message : String(error)}`));
-    process.exit(1);
+    if (requestedExitCode === void 0) {
+      console.error(chalk2.red(`Error: ${error instanceof Error ? error.message : String(error)}`));
+    }
+    throw error;
   } finally {
+    process.exit = originalExit;
     db.close();
+    if (requestedExitCode !== void 0) {
+      originalExit(requestedExitCode);
+    }
   }
 }
 
@@ -367,7 +379,7 @@ async function buildReviewCommand(buildId) {
         try {
           execSync(`git read-tree HEAD`, { cwd: projectDir, encoding: "utf-8", env: { ...process.env, GIT_INDEX_FILE: tmpIndex } });
           execSync("git add -A", { cwd: projectDir, encoding: "utf-8", env: { ...process.env, GIT_INDEX_FILE: tmpIndex } });
-          diff = execSync(`git diff --cached ${run.baselineRef}`, { cwd: projectDir, encoding: "utf-8", maxBuffer: 1024 * 1024, env: { ...process.env, GIT_INDEX_FILE: tmpIndex } });
+          diff = execFileSync("git", ["diff", "--cached", "--", run.baselineRef], { cwd: projectDir, encoding: "utf-8", maxBuffer: 1024 * 1024, env: { ...process.env, GIT_INDEX_FILE: tmpIndex } });
         } finally {
           try {
             unlinkSync(tmpIndex);
@@ -963,8 +975,8 @@ import { readFileSync } from "fs";
 async function cleanupCommand(path, options) {
   let db;
   try {
-    const { resolve: resolve2 } = await import("path");
-    const projectDir = resolve2(path);
+    const { resolve: resolve3 } = await import("path");
+    const projectDir = resolve3(path);
     if (options.background) {
       const bgDb = openDatabase4(getDbPath());
       const jobStore = new JobStore(bgDb);
@@ -1169,8 +1181,8 @@ Scan complete in ${(durationMs / 1e3).toFixed(1)}s`));
       durationMs
     });
     if (options.output) {
-      const { writeFileSync: writeFileSync3 } = await import("fs");
-      writeFileSync3(options.output, JSON.stringify(report, null, 2), "utf-8");
+      const { writeFileSync: writeFileSync4 } = await import("fs");
+      writeFileSync4(options.output, JSON.stringify(report, null, 2), "utf-8");
       console.error(chalk5.green(`  Findings written to ${options.output}`));
     }
     console.log(JSON.stringify(report, null, 2));
@@ -1585,7 +1597,9 @@ async function eventsCommand(options) {
 }
 
 // src/commands/fix.ts
-import { execFileSync, execSync as execSync3 } from "child_process";
+import { execFileSync as execFileSync2, execSync as execSync3 } from "child_process";
+import { readFileSync as readFileSync2, writeFileSync } from "fs";
+import { resolve } from "path";
 import {
   DEFAULT_RULES,
   ModelRegistry as ModelRegistry3,
@@ -1597,6 +1611,54 @@ import {
   REVIEW_DIFF_MAX_CHARS as REVIEW_DIFF_MAX_CHARS2
 } from "@codemoot/core";
 import chalk9 from "chalk";
+function parseFixes(text) {
+  const fixes = [];
+  const fixPattern = /FIX:\s*(\S+?):(\d+)\s+(.+?)(?:\n```old\n([\s\S]*?)\n```\s*\n```new\n([\s\S]*?)\n```|(?:\n```\n([\s\S]*?)\n```))/g;
+  let match;
+  match = fixPattern.exec(text);
+  while (match !== null) {
+    const file = match[1];
+    const line = Number.parseInt(match[2], 10);
+    const description = match[3].trim();
+    if (match[4] !== void 0 && match[5] !== void 0) {
+      fixes.push({ file, line, description, oldCode: match[4], newCode: match[5] });
+    } else if (match[6] !== void 0) {
+      fixes.push({ file, line, description, oldCode: "", newCode: match[6] });
+    }
+    match = fixPattern.exec(text);
+  }
+  return fixes;
+}
+function applyFix(fix, projectDir) {
+  const filePath = resolve(projectDir, fix.file);
+  const normalizedProject = resolve(projectDir) + (process.platform === "win32" ? "\\" : "/");
+  if (!resolve(filePath).startsWith(normalizedProject)) {
+    return false;
+  }
+  let content;
+  try {
+    content = readFileSync2(filePath, "utf-8");
+  } catch {
+    return false;
+  }
+  const lines = content.split("\n");
+  if (fix.oldCode) {
+    const trimmedOld = fix.oldCode.trim();
+    if (content.includes(trimmedOld)) {
+      const updated = content.replace(trimmedOld, fix.newCode.trim());
+      writeFileSync(filePath, updated, "utf-8");
+      return true;
+    }
+    return false;
+  }
+  const lineIdx = fix.line - 1;
+  if (lineIdx < 0 || lineIdx >= lines.length) return false;
+  const newLines = fix.newCode.trim().split("\n");
+  const oldLineCount = Math.max(1, newLines.length);
+  lines.splice(lineIdx, oldLineCount, ...newLines);
+  writeFileSync(filePath, lines.join("\n"), "utf-8");
+  return true;
+}
 async function fixCommand(fileOrGlob, options) {
   const projectDir = process.cwd();
   const db = openDatabase7(getDbPath());
@@ -1627,6 +1689,8 @@ async function fixCommand(fileOrGlob, options) {
   let threadId = currentSession?.codexThreadId ?? void 0;
   const rounds = [];
   let converged = false;
+  const stuckFingerprints = /* @__PURE__ */ new Set();
+  let prevFingerprints = /* @__PURE__ */ new Set();
   console.error(
     chalk9.cyan(
       `Autofix loop: ${fileOrGlob} (max ${options.maxRounds} rounds, focus: ${options.focus})`
@@ -1644,7 +1708,7 @@ async function fixCommand(fileOrGlob, options) {
     let diffContent = "";
     if (options.diff) {
       try {
-        diffContent = execFileSync("git", ["diff", ...options.diff.split(/\s+/)], {
+        diffContent = execFileSync2("git", ["diff", "--", ...options.diff.split(/\s+/)], {
           cwd: projectDir,
           encoding: "utf-8",
           maxBuffer: 1024 * 1024
@@ -1653,23 +1717,46 @@ async function fixCommand(fileOrGlob, options) {
         diffContent = "";
       }
     }
+    const fixOutputContract = [
+      "You are an autofix engine. For EVERY fixable issue, you MUST output this EXACT format:",
+      "",
+      "FIX: path/to/file.ts:42 Description of the bug",
+      "```old",
+      "exact old code copied from the file",
+      "```",
+      "```new",
+      "exact replacement code",
+      "```",
+      "",
+      "Then end with:",
+      "VERDICT: APPROVED or VERDICT: NEEDS_REVISION",
+      "SCORE: X/10",
+      "",
+      "Rules:",
+      "- The ```old block MUST be an exact substring copy from the file (whitespace-sensitive).",
+      "- One FIX block per issue.",
+      "- Issues without a FIX block are IGNORED by the autofix engine.",
+      "- If the code is clean, output VERDICT: APPROVED with no FIX blocks."
+    ].join("\n");
     const reviewPrompt = buildHandoffEnvelope3({
-      command: "review",
+      command: "custom",
       task: options.diff ? `Review and identify fixable issues in this diff.
 
 GIT DIFF (${options.diff}):
-${diffContent.slice(0, REVIEW_DIFF_MAX_CHARS2)}` : `Review ${fileOrGlob} and identify fixable issues. Read the file(s) first, then report issues with exact line numbers.`,
+${diffContent.slice(0, REVIEW_DIFF_MAX_CHARS2)}
+
+${fixOutputContract}` : `Review ${fileOrGlob} and identify fixable issues. Read the file(s) first, then report issues with exact line numbers and exact fixes.
+
+${fixOutputContract}`,
       constraints: [
         `Focus: ${options.focus}`,
-        "For each issue, provide the EXACT fix as a code snippet.",
-        "Format fixes as: FIX: <file>:<line> <description>\n```\n<fixed code>\n```",
-        round > 1 ? `This is re-review round ${round}. Previous fixes were applied. Check if issues are resolved.` : ""
+        round > 1 ? `This is re-review round ${round}. Previous fixes were applied by the host. Only report REMAINING unfixed issues.` : ""
       ].filter(Boolean),
       resumed: Boolean(threadId)
     });
     const timeoutMs = options.timeout * 1e3;
     const progress = createProgressCallbacks("fix-review");
-    console.error(chalk9.dim("  Reviewing..."));
+    console.error(chalk9.dim("  GPT reviewing..."));
     const reviewResult = await adapter.callWithResume(reviewPrompt, {
       sessionId: threadId,
       timeout: timeoutMs,
@@ -1680,6 +1767,18 @@ ${diffContent.slice(0, REVIEW_DIFF_MAX_CHARS2)}` : `Review ${fileOrGlob} and ide
       sessionMgr.updateThreadId(session2.id, reviewResult.sessionId);
     }
     sessionMgr.addUsageFromResult(session2.id, reviewResult.usage, reviewPrompt, reviewResult.text);
+    sessionMgr.recordEvent({
+      sessionId: session2.id,
+      command: "fix",
+      subcommand: `review-round-${round}`,
+      promptPreview: `Fix review round ${round}: ${fileOrGlob}`,
+      responsePreview: reviewResult.text.slice(0, 500),
+      promptFull: reviewPrompt,
+      responseFull: reviewResult.text,
+      usageJson: JSON.stringify(reviewResult.usage),
+      durationMs: reviewResult.durationMs,
+      codexThreadId: reviewResult.sessionId
+    });
     const tail = reviewResult.text.slice(-500);
     const verdictMatch = tail.match(/VERDICT:\s*(APPROVED|NEEDS_REVISION)/i);
     const scoreMatch = tail.match(/SCORE:\s*(\d+)\/10/);
@@ -1697,66 +1796,113 @@ ${diffContent.slice(0, REVIEW_DIFF_MAX_CHARS2)}` : `Review ${fileOrGlob} and ide
         reviewScore: score,
         criticalCount,
         warningCount,
-        fixApplied: false,
+        fixesProposed: 0,
+        fixesApplied: 0,
+        fixesFailed: 0,
+        exitReason: "all_resolved",
         durationMs: Date.now() - roundStart
       });
       converged = true;
-      console.error(chalk9.green("  Review APPROVED \u2014 no fixes needed."));
+      console.error(chalk9.green("  APPROVED \u2014 all issues resolved."));
+      break;
+    }
+    const fixes = parseFixes(reviewResult.text);
+    console.error(chalk9.dim(`  Found ${fixes.length} fix proposal(s)`));
+    if (fixes.length === 0) {
+      rounds.push({
+        round,
+        reviewVerdict: verdict,
+        reviewScore: score,
+        criticalCount,
+        warningCount,
+        fixesProposed: 0,
+        fixesApplied: 0,
+        fixesFailed: 0,
+        exitReason: "no_fixes_proposed",
+        durationMs: Date.now() - roundStart
+      });
+      console.error(chalk9.yellow("  GPT found issues but proposed no structured fixes. Stopping."));
       break;
     }
     if (options.dryRun) {
-      console.error(chalk9.yellow("  Dry-run: skipping fix application."));
+      console.error(chalk9.yellow("  Dry-run: showing proposed fixes without applying."));
+      for (const fix of fixes) {
+        console.error(chalk9.dim(`    ${fix.file}:${fix.line} \u2014 ${fix.description}`));
+      }
       rounds.push({
         round,
         reviewVerdict: verdict,
         reviewScore: score,
         criticalCount,
         warningCount,
-        fixApplied: false,
+        fixesProposed: fixes.length,
+        fixesApplied: 0,
+        fixesFailed: 0,
+        exitReason: "dry_run",
         durationMs: Date.now() - roundStart
       });
       continue;
     }
-    console.error(chalk9.dim("  Applying fixes..."));
-    const fixPrompt = buildHandoffEnvelope3({
-      command: "custom",
-      task: `Based on the review above, apply ALL suggested fixes to the codebase. Use your file editing tools to make the changes. After applying, verify the changes compile correctly. Only fix issues that were identified \u2014 do not refactor or change unrelated code.`,
-      constraints: [
-        "Make minimal, targeted changes only.",
-        "Do not add comments, docstrings, or formatting changes.",
-        "If a fix is ambiguous, skip it rather than guess."
-      ],
-      resumed: true
-    });
-    const fixResult = await adapter.callWithResume(fixPrompt, {
-      sessionId: threadId,
-      timeout: timeoutMs,
-      ...progress
-    });
-    if (fixResult.sessionId) {
-      threadId = fixResult.sessionId;
-      sessionMgr.updateThreadId(session2.id, fixResult.sessionId);
+    let applied = 0;
+    let failed = 0;
+    const currentFingerprints = /* @__PURE__ */ new Set();
+    for (const fix of fixes) {
+      const fingerprint = `${fix.file}:${fix.description}`;
+      currentFingerprints.add(fingerprint);
+      if (stuckFingerprints.has(fingerprint)) {
+        console.error(chalk9.dim(`    Skip (stuck): ${fix.file}:${fix.line}`));
+        continue;
+      }
+      if (prevFingerprints.has(fingerprint)) {
+        stuckFingerprints.add(fingerprint);
+        console.error(chalk9.yellow(`    Stuck (recurring): ${fix.file}:${fix.line} \u2014 ${fix.description}`));
+        failed++;
+        continue;
+      }
+      const success = applyFix(fix, projectDir);
+      if (success) {
+        applied++;
+        console.error(chalk9.green(`    Fixed: ${fix.file}:${fix.line} \u2014 ${fix.description}`));
+      } else {
+        failed++;
+        console.error(chalk9.red(`    Failed: ${fix.file}:${fix.line} \u2014 could not match old code`));
+      }
     }
-    sessionMgr.addUsageFromResult(session2.id, fixResult.usage, fixPrompt, fixResult.text);
-    const fixApplied = !fixResult.text.includes("no changes") && !fixResult.text.includes("No fixes");
-    console.error(
-      fixApplied ? chalk9.green("  Fixes applied.") : chalk9.yellow("  No fixes applied.")
-    );
+    prevFingerprints = currentFingerprints;
+    if (applied > 0 && !options.noStage) {
+      try {
+        execFileSync2("git", ["add", "-A"], { cwd: projectDir, stdio: "pipe" });
+        console.error(chalk9.dim("  Changes staged."));
+      } catch {
+        console.error(chalk9.yellow("  Could not stage changes (not a git repo?)."));
+      }
+    }
+    const exitReason2 = applied === 0 ? "no_diff" : "continue";
     rounds.push({
       round,
       reviewVerdict: verdict,
       reviewScore: score,
       criticalCount,
       warningCount,
-      fixApplied,
+      fixesProposed: fixes.length,
+      fixesApplied: applied,
+      fixesFailed: failed,
+      exitReason: exitReason2,
       durationMs: Date.now() - roundStart
     });
-    if (!fixApplied) {
-      console.error(chalk9.yellow("  No changes made \u2014 stopping loop."));
+    if (applied === 0) {
+      console.error(chalk9.yellow("  No fixes applied \u2014 stopping loop."));
       break;
     }
+    if (stuckFingerprints.size >= fixes.length) {
+      console.error(chalk9.yellow("  All remaining issues are stuck \u2014 stopping."));
+      break;
+    }
+    console.error(chalk9.dim(`  Applied ${applied}, failed ${failed}. Continuing to re-review...`));
   }
   const lastRound = rounds[rounds.length - 1];
+  const totalApplied = rounds.reduce((sum, r) => sum + r.fixesApplied, 0);
+  const totalProposed = rounds.reduce((sum, r) => sum + r.fixesProposed, 0);
   const policyCtx = {
     criticalCount: lastRound?.criticalCount ?? 0,
     warningCount: lastRound?.warningCount ?? 0,
@@ -1765,17 +1911,31 @@ ${diffContent.slice(0, REVIEW_DIFF_MAX_CHARS2)}` : `Review ${fileOrGlob} and ide
     cleanupHighCount: 0
   };
   const policy = evaluatePolicy("review.completed", policyCtx, DEFAULT_RULES);
+  const exitReason = converged ? "all_resolved" : stuckFingerprints.size > 0 ? "all_stuck" : lastRound?.exitReason ?? "max_iterations";
   const output = {
     target: fileOrGlob,
     converged,
+    exitReason,
     rounds,
     totalRounds: rounds.length,
+    totalFixesProposed: totalProposed,
+    totalFixesApplied: totalApplied,
+    stuckCount: stuckFingerprints.size,
     finalVerdict: lastRound?.reviewVerdict ?? "unknown",
     finalScore: lastRound?.reviewScore ?? null,
     policy,
     sessionId: session2.id,
     codexThreadId: threadId
   };
+  const color = converged ? chalk9.green : chalk9.red;
+  console.error(color(`
+Result: ${converged ? "CONVERGED" : "NOT CONVERGED"} (${exitReason})`));
+  console.error(`  Rounds: ${rounds.length}/${options.maxRounds}`);
+  console.error(`  Fixes: ${totalApplied} applied, ${totalProposed - totalApplied} failed/skipped`);
+  if (stuckFingerprints.size > 0) {
+    console.error(chalk9.yellow(`  Stuck issues: ${stuckFingerprints.size}`));
+  }
+  console.error(`  Final: ${lastRound?.reviewVerdict ?? "?"} (${lastRound?.reviewScore ?? "?"}/10)`);
   console.log(JSON.stringify(output, null, 2));
   db.close();
 }
@@ -1819,7 +1979,7 @@ Initialized with '${presetName}' preset`));
 }
 
 // src/commands/install-skills.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync } from "fs";
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync3, writeFileSync as writeFileSync2 } from "fs";
 import { dirname, join as join5 } from "path";
 import chalk11 from "chalk";
 var SKILLS = [
@@ -2197,7 +2357,7 @@ async function installSkillsCommand(options) {
       continue;
     }
     mkdirSync2(dir, { recursive: true });
-    writeFileSync(fullPath, skill.content, "utf-8");
+    writeFileSync2(fullPath, skill.content, "utf-8");
     console.error(chalk11.green(`  OK   ${skill.path}`));
     installed++;
   }
@@ -2206,7 +2366,7 @@ async function installSkillsCommand(options) {
   const claudeMdPath = join5(cwd, "CLAUDE.md");
   const marker = "## CodeMoot \u2014 Multi-Model Collaboration";
   if (existsSync3(claudeMdPath)) {
-    const existing = readFileSync2(claudeMdPath, "utf-8");
+    const existing = readFileSync3(claudeMdPath, "utf-8");
     if (existing.includes(marker)) {
       if (options.force) {
         const markerIdx = existing.indexOf(marker);
@@ -2214,7 +2374,7 @@ async function installSkillsCommand(options) {
         const afterMarker = existing.slice(markerIdx + marker.length);
         const nextHeadingMatch = afterMarker.match(/\n#{1,2} (?!#)(?!CodeMoot)/);
         const after = nextHeadingMatch ? afterMarker.slice(nextHeadingMatch.index) : "";
-        writeFileSync(claudeMdPath, before.trimEnd() + "\n" + CLAUDE_MD_SECTION + after, "utf-8");
+        writeFileSync2(claudeMdPath, before.trimEnd() + "\n" + CLAUDE_MD_SECTION + after, "utf-8");
         console.error(chalk11.green("  OK   CLAUDE.md (updated CodeMoot section)"));
         installed++;
       } else {
@@ -2222,12 +2382,12 @@ async function installSkillsCommand(options) {
         skipped++;
       }
     } else {
-      writeFileSync(claudeMdPath, existing.trimEnd() + "\n" + CLAUDE_MD_SECTION, "utf-8");
+      writeFileSync2(claudeMdPath, existing.trimEnd() + "\n" + CLAUDE_MD_SECTION, "utf-8");
       console.error(chalk11.green("  OK   CLAUDE.md (appended CodeMoot section)"));
       installed++;
     }
   } else {
-    writeFileSync(claudeMdPath, `# Project Instructions
+    writeFileSync2(claudeMdPath, `# Project Instructions
 ${CLAUDE_MD_SECTION}`, "utf-8");
     console.error(chalk11.green("  OK   CLAUDE.md (created with CodeMoot section)"));
     installed++;
@@ -2238,7 +2398,7 @@ ${CLAUDE_MD_SECTION}`, "utf-8");
   const settingsPath = join5(settingsDir, "settings.json");
   if (existsSync3(settingsPath)) {
     try {
-      const existing = JSON.parse(readFileSync2(settingsPath, "utf-8"));
+      const existing = JSON.parse(readFileSync3(settingsPath, "utf-8"));
       const hasCodemootHook = Array.isArray(existing.hooks?.PostToolUse) && existing.hooks.PostToolUse.some((h) => h.command?.includes("codemoot"));
       if (hasCodemootHook && !options.force) {
         console.error(chalk11.dim("  SKIP .claude/settings.json (codemoot hook exists)"));
@@ -2249,7 +2409,7 @@ ${CLAUDE_MD_SECTION}`, "utf-8");
           ...existing.hooks,
           PostToolUse: [...otherHooks, ...HOOKS_CONFIG.hooks.PostToolUse]
         };
-        writeFileSync(settingsPath, JSON.stringify(existing, null, 2), "utf-8");
+        writeFileSync2(settingsPath, JSON.stringify(existing, null, 2), "utf-8");
         console.error(chalk11.green("  OK   .claude/settings.json (added post-commit hint hook)"));
         installed++;
       }
@@ -2260,7 +2420,7 @@ ${CLAUDE_MD_SECTION}`, "utf-8");
     }
   } else {
     mkdirSync2(settingsDir, { recursive: true });
-    writeFileSync(settingsPath, JSON.stringify(HOOKS_CONFIG, null, 2), "utf-8");
+    writeFileSync2(settingsPath, JSON.stringify(HOOKS_CONFIG, null, 2), "utf-8");
     console.error(chalk11.green("  OK   .claude/settings.json (created with post-commit hook)"));
     installed++;
   }
@@ -2558,7 +2718,7 @@ async function jobsStatusCommand(jobId) {
 }
 
 // src/commands/plan.ts
-import { writeFileSync as writeFileSync2 } from "fs";
+import { writeFileSync as writeFileSync3 } from "fs";
 import { ModelRegistry as ModelRegistry4, Orchestrator, loadConfig as loadConfig6, openDatabase as openDatabase9 } from "@codemoot/core";
 import chalk15 from "chalk";
 
@@ -2673,7 +2833,7 @@ async function planCommand(task, options) {
       maxRounds: options.rounds
     });
     if (options.output) {
-      writeFileSync2(options.output, result.finalOutput, "utf-8");
+      writeFileSync3(options.output, result.finalOutput, "utf-8");
       console.log(chalk15.green(`Plan saved to ${options.output}`));
     }
     printSessionSummary(result);
@@ -2688,9 +2848,9 @@ async function planCommand(task, options) {
 // src/commands/review.ts
 import { loadConfig as loadConfig7, ModelRegistry as ModelRegistry5, BINARY_SNIFF_BYTES, REVIEW_DIFF_MAX_CHARS as REVIEW_DIFF_MAX_CHARS3, SessionManager as SessionManager7, JobStore as JobStore3, openDatabase as openDatabase10, buildHandoffEnvelope as buildHandoffEnvelope4, getReviewPreset } from "@codemoot/core";
 import chalk16 from "chalk";
-import { execFileSync as execFileSync2, execSync as execSync4 } from "child_process";
-import { closeSync, globSync, openSync, readFileSync as readFileSync3, readSync, statSync, existsSync as existsSync4 } from "fs";
-import { resolve } from "path";
+import { execFileSync as execFileSync3, execSync as execSync4 } from "child_process";
+import { closeSync, globSync, openSync, readFileSync as readFileSync4, readSync, statSync, existsSync as existsSync4 } from "fs";
+import { resolve as resolve2 } from "path";
 var MAX_FILE_SIZE = 100 * 1024;
 var MAX_TOTAL_SIZE = 200 * 1024;
 async function reviewCommand(fileOrGlob, options) {
@@ -2805,7 +2965,7 @@ Start by listing candidate files, then inspect them thoroughly.`,
     } else if (mode === "diff") {
       let diff;
       try {
-        diff = execFileSync2("git", ["diff", ...options.diff.split(/\s+/)], {
+        diff = execFileSync3("git", ["diff", "--", ...options.diff.split(/\s+/)], {
           cwd: projectDir,
           encoding: "utf-8",
           maxBuffer: 1024 * 1024
@@ -2833,12 +2993,13 @@ ${diff.slice(0, REVIEW_DIFF_MAX_CHARS3)}`,
       console.error(chalk16.cyan(`Reviewing diff ${options.diff} (session: ${session2.id.slice(0, 8)}...)...`));
     } else {
       let globPattern = fileOrGlob;
-      const resolvedInput = resolve(projectDir, globPattern);
+      const resolvedInput = resolve2(projectDir, globPattern);
       if (existsSync4(resolvedInput) && statSync(resolvedInput).isDirectory()) {
         globPattern = `${globPattern}/**/*`;
         console.error(chalk16.dim(`  Expanding directory to: ${globPattern}`));
       }
-      const paths = globSync(globPattern, { cwd: projectDir }).map((p) => resolve(projectDir, p));
+      const projectRoot = resolve2(projectDir) + (process.platform === "win32" ? "\\" : "/");
+      const paths = globSync(globPattern, { cwd: projectDir }).map((p) => resolve2(projectDir, p)).filter((p) => p.startsWith(projectRoot) || p === resolve2(projectDir));
       if (paths.length === 0) {
         console.error(chalk16.red(`No files matched: ${fileOrGlob}`));
         db.close();
@@ -2865,7 +3026,7 @@ ${diff.slice(0, REVIEW_DIFF_MAX_CHARS3)}`,
           console.error(chalk16.yellow(`Skipping ${filePath} (binary file)`));
           continue;
         }
-        const content = readFileSync3(filePath, "utf-8");
+        const content = readFileSync4(filePath, "utf-8");
         const relativePath = filePath.replace(projectDir, "").replace(/\\/g, "/").replace(/^\//, "");
         files.push({ path: relativePath, content });
         totalSize += stat.size;
@@ -3114,7 +3275,7 @@ async function shipitCommand(options) {
 
 // src/commands/start.ts
 import { existsSync as existsSync5 } from "fs";
-import { execFileSync as execFileSync3, execSync as execSync6 } from "child_process";
+import { execFileSync as execFileSync4, execSync as execSync6 } from "child_process";
 import { join as join6, basename as basename2 } from "path";
 import chalk19 from "chalk";
 import { loadConfig as loadConfig9, writeConfig as writeConfig2 } from "@codemoot/core";
@@ -3179,7 +3340,7 @@ async function startCommand() {
   codemoot review ${reviewTarget} --preset quick-scan
 `));
   try {
-    const output = execFileSync3("codemoot", ["review", reviewTarget, "--preset", "quick-scan"], {
+    const output = execFileSync4("codemoot", ["review", reviewTarget, "--preset", "quick-scan"], {
       cwd,
       encoding: "utf-8",
       timeout: 3e5,
@@ -3450,11 +3611,12 @@ async function workerCommand(options) {
     console.error(chalk21.cyan(`Processing job ${job.id} (type: ${job.type})`));
     jobStore.appendLog(job.id, "info", "job_started", `Worker ${workerId} claimed job`);
     try {
-      const { resolve: resolve2, normalize } = await import("path");
+      const { resolve: resolve3, normalize } = await import("path");
       const payload = JSON.parse(job.payloadJson);
-      const rawCwd = resolve2(payload.path ?? payload.cwd ?? projectDir);
+      const rawCwd = resolve3(payload.path ?? payload.cwd ?? projectDir);
       const cwd = normalize(rawCwd);
-      if (!cwd.startsWith(normalize(projectDir))) {
+      const sep = process.platform === "win32" ? "\\" : "/";
+      if (cwd !== normalize(projectDir) && !cwd.startsWith(normalize(projectDir) + sep)) {
         throw new Error(`Path traversal blocked: "${cwd}" is outside project directory "${projectDir}"`);
       }
       const timeout = (payload.timeout ?? 600) * 1e3;
@@ -3472,14 +3634,14 @@ Start by listing candidate files, then inspect them thoroughly.`,
             resumed: false
           });
         } else if (payload.diff) {
-          const { execFileSync: execFileSync4 } = await import("child_process");
+          const { execFileSync: execFileSync5 } = await import("child_process");
           const diffArgs = payload.diff.split(/\s+/).filter((a) => a.length > 0);
           for (const arg of diffArgs) {
             if (arg.startsWith("-") || !/^[a-zA-Z0-9_.~^:\/\\@{}]+$/.test(arg)) {
               throw new Error(`Invalid diff argument: "${arg}" \u2014 only git refs and paths allowed`);
             }
           }
-          const diff = execFileSync4("git", ["diff", ...diffArgs], {
+          const diff = execFileSync5("git", ["diff", ...diffArgs], {
             cwd,
             encoding: "utf-8",
             maxBuffer: 1024 * 1024
@@ -3600,7 +3762,7 @@ jobs.command("status").description("Show job details with recent logs").argument
 jobs.command("logs").description("Show job logs").argument("<job-id>", "Job ID").option("--from-seq <n>", "Start from log sequence number", (v) => Number.parseInt(v, 10), 0).option("--limit <n>", "Max log entries", (v) => Number.parseInt(v, 10), 100).action(jobsLogsCommand);
 jobs.command("cancel").description("Cancel a queued or running job").argument("<job-id>", "Job ID").action(jobsCancelCommand);
 jobs.command("retry").description("Retry a failed job").argument("<job-id>", "Job ID").action(jobsRetryCommand);
-program.command("fix").description("Autofix loop: review code, apply fixes, re-review until approved").argument("<file-or-glob>", "File path or glob pattern to fix").option("--max-rounds <n>", "Max review-fix rounds", (v) => Number.parseInt(v, 10), 3).addOption(new Option("--focus <area>", "Focus area").choices(["security", "performance", "bugs", "all"]).default("bugs")).option("--timeout <seconds>", "Timeout per round", (v) => Number.parseInt(v, 10), 600).option("--dry-run", "Review only, do not apply fixes", false).option("--diff <revspec>", "Fix issues in a git diff").option("--session <id>", "Use specific session").action(fixCommand);
+program.command("fix").description("Autofix loop: review code, apply fixes, re-review until approved").argument("<file-or-glob>", "File path or glob pattern to fix").option("--max-rounds <n>", "Max review-fix rounds", (v) => Number.parseInt(v, 10), 3).addOption(new Option("--focus <area>", "Focus area").choices(["security", "performance", "bugs", "all"]).default("bugs")).option("--timeout <seconds>", "Timeout per round", (v) => Number.parseInt(v, 10), 600).option("--dry-run", "Review only, do not apply fixes", false).option("--no-stage", "Do not git-stage applied fixes").option("--diff <revspec>", "Fix issues in a git diff").option("--session <id>", "Use specific session").action(fixCommand);
 program.command("shipit").description("Run composite workflow: lint \u2192 test \u2192 review \u2192 cleanup \u2192 commit").addOption(new Option("--profile <profile>", "Workflow profile").choices(["fast", "safe", "full"]).default("safe")).option("--dry-run", "Print planned steps without executing", false).option("--no-commit", "Run checks but skip commit step").option("--json", "Machine-readable JSON output", false).option("--strict-output", "Strict model output parsing", false).action(shipitCommand);
 program.command("cost").description("Token usage and cost dashboard").addOption(new Option("--scope <scope>", "Time scope").choices(["session", "daily", "all"]).default("daily")).option("--days <n>", "Number of days for daily scope", (v) => Number.parseInt(v, 10), 30).option("--session <id>", "Session ID for session scope").action(costCommand);
 program.command("watch").description("Watch files and enqueue reviews on change").option("--glob <pattern>", "Glob pattern to watch", "**/*.{ts,tsx,js,jsx}").addOption(new Option("--focus <area>", "Focus area").choices(["security", "performance", "bugs", "all"]).default("all")).option("--timeout <seconds>", "Review timeout", (v) => Number.parseInt(v, 10), 600).option("--quiet-ms <ms>", "Quiet period before flush", (v) => Number.parseInt(v, 10), 800).option("--max-wait-ms <ms>", "Max wait before forced flush", (v) => Number.parseInt(v, 10), 5e3).option("--cooldown-ms <ms>", "Cooldown after flush", (v) => Number.parseInt(v, 10), 1500).action(watchCommand);