npm - @hone-ai/cli - Versions diffs - 1.8.0 → 1.8.1 - Mend

@hone-ai/cli 1.8.0 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/hone-cli.js CHANGED Viewed

@@ -4429,6 +4429,216 @@ process.on('SIGINT', () => {
   process.exit(0);
 });
+// ── Release Review (pre-deployment holistic review) ──────────────────────────
+program
+  .command('release-review')
+  .description('Holistic code review of all changed files before deployment (runs Opus)')
+  .option('--base <branch>', 'Base branch to diff against', 'main')
+  .option('--format <fmt>', 'Output format: pretty or json', 'pretty')
+  .option('--dry-run', 'Show what would be reviewed without calling the LLM', false)
+  .option('--max-files <n>', 'Max source files to include in review', '40')
+  .action(async (opts) => {
+    const { execSync } = require('child_process');
+    const fs = require('fs');
+    const repoRoot = process.cwd();
+    // 1. Get changed files
+    let changedFiles;
+    try {
+      const raw = execSync(`git diff --name-only origin/${opts.base}...HEAD`, { encoding: 'utf8', cwd: repoRoot });
+      changedFiles = raw.trim().split('\n').filter(Boolean);
+    } catch {
+      try {
+        const raw = execSync('git diff --name-only HEAD~10', { encoding: 'utf8', cwd: repoRoot });
+        changedFiles = raw.trim().split('\n').filter(Boolean);
+      } catch {
+        console.error('Could not determine changed files. Run from a git repo.');
+        process.exit(1);
+      }
+    }
+    if (changedFiles.length === 0) {
+      console.log('No changed files found. Nothing to review.');
+      process.exit(0);
+    }
+    // 2. Filter to source files
+    const sourceExts = ['.js', '.ts', '.py', '.go', '.java', '.rb', '.rs', '.sql', '.yml', '.yaml'];
+    const sourceFiles = changedFiles.filter(f =>
+      sourceExts.some(ext => f.endsWith(ext)) &&
+      !f.includes('node_modules') && !f.includes('.test.') && !f.includes('/test/')
+    );
+    const maxFiles = parseInt(opts.maxFiles, 10) || 40;
+    const filesToReview = sourceFiles.slice(0, maxFiles);
+    console.log('');
+    console.log('Hone AI — Production Review');
+    console.log('================================');
+    console.log(`Base: ${opts.base}`);
+    console.log(`Changed files: ${changedFiles.length} total, ${sourceFiles.length} source, ${filesToReview.length} to review`);
+    console.log('');
+    if (opts.dryRun) {
+      console.log('Source files that would be reviewed:');
+      for (const f of filesToReview) console.log(`  ${f}`);
+      if (sourceFiles.length > maxFiles) console.log(`  ... and ${sourceFiles.length - maxFiles} more (increase --max-files)`);
+      process.exit(0);
+    }
+    // 3. Check for API key
+    const apiKey = process.env.ANTHROPIC_API_KEY;
+    if (!apiKey) {
+      console.error('ANTHROPIC_API_KEY not set. Required for production review (Opus model).');
+      console.error('Set it: export ANTHROPIC_API_KEY=sk-ant-...');
+      process.exit(1);
+    }
+    // 4. Build the diff content (truncated per-file to stay within context)
+    let diffContent;
+    try {
+      diffContent = execSync(`git diff origin/${opts.base}...HEAD -- ${filesToReview.map(f => `'${f}'`).join(' ')}`, {
+        encoding: 'utf8', cwd: repoRoot, maxBuffer: 10 * 1024 * 1024,
+      });
+    } catch {
+      try {
+        diffContent = execSync('git diff HEAD~10', { encoding: 'utf8', cwd: repoRoot, maxBuffer: 10 * 1024 * 1024 });
+      } catch (e) {
+        console.error(`Could not generate diff: ${e.message}`);
+        process.exit(1);
+      }
+    }
+    // Truncate if over 100k chars (~25k tokens) to stay within budget
+    const MAX_DIFF_CHARS = 100000;
+    if (diffContent.length > MAX_DIFF_CHARS) {
+      diffContent = diffContent.slice(0, MAX_DIFF_CHARS) + '\n\n[... diff truncated at 100k chars ...]';
+    }
+    // 5. Build the prompt
+    const systemPrompt = [
+      '# Production Reviewer — Pre-Deployment Gate',
+      '',
+      'You are reviewing ALL changed files holistically before deployment.',
+      'Your job is to catch cross-file issues that per-story reviews miss.',
+      '',
+      '## Check each file for:',
+      '1. SQL injection (parameterized queries?)',
+      '2. Tenant isolation (org_id in every query?)',
+      '3. Error handling (unhandled promises?)',
+      '4. Race conditions (concurrent access?)',
+      '5. Resource leaks (connections released?)',
+      '6. Security (secrets exposed? auth correct?)',
+      '7. Logic bugs (null handling? type coercion?)',
+      '8. Dead code (built but never wired?)',
+      '9. Performance (N+1? unbounded? large payloads?)',
+      '',
+      '## Check cross-file interactions:',
+      '- Do modules wire together correctly?',
+      '- Is auth middleware in correct order?',
+      '- Are exported functions imported somewhere?',
+      '- Do CLI messages reference options that exist?',
+      '- Are DB constraints consistent with app validation?',
+      '',
+      '## Rate each finding: CRITICAL / HIGH / MEDIUM / LOW',
+      '- CRITICAL: tenant isolation breach, data leak, security bypass',
+      '- HIGH: race condition, dead safety code, UX broken',
+      '- MEDIUM: performance waste, missing validation, resource leak',
+      '- LOW: dead code, cosmetic',
+      '',
+      '## Output as JSON:',
+      '```json',
+      '{',
+      '  "findings": [{ "severity": "...", "file": "...", "line": N, "issue": "...", "recommendation": "..." }],',
+      '  "crossFileChecks": [{ "check": "...", "status": "ok|issue", "detail": "..." }],',
+      '  "summary": { "critical": N, "high": N, "medium": N, "low": N },',
+      '  "recommendation": "DEPLOY | FIX_FIRST | DO_NOT_DEPLOY"',
+      '}',
+      '```',
+    ].join('\n');
+    const userPrompt = [
+      `## Files changed (${filesToReview.length} source files):`,
+      filesToReview.map(f => `- ${f}`).join('\n'),
+      '',
+      '## Full diff:',
+      '```diff',
+      diffContent,
+      '```',
+      '',
+      'Review ALL files holistically. Return findings as JSON.',
+    ].join('\n');
+    console.log('Calling Anthropic API (claude-opus-4-20250514)...');
+    console.log('');
+    // 6. Call Anthropic Messages API
+    try {
+      const { data } = await axios.post('https://api.anthropic.com/v1/messages', {
+        model: 'claude-opus-4-20250514',
+        max_tokens: 8192,
+        system: systemPrompt,
+        messages: [{ role: 'user', content: userPrompt }],
+      }, {
+        headers: {
+          'x-api-key': apiKey,
+          'anthropic-version': '2023-06-01',
+          'content-type': 'application/json',
+        },
+        timeout: 120000,
+      });
+      const responseText = data.content?.[0]?.text || '';
+      // 7. Parse and display results
+      if (opts.format === 'json') {
+        // Try to extract JSON from response
+        const jsonMatch = responseText.match(/\{[\s\S]*\}/);
+        if (jsonMatch) {
+          try {
+            const parsed = JSON.parse(jsonMatch[0]);
+            console.log(JSON.stringify({
+              base: opts.base,
+              totalFiles: changedFiles.length,
+              sourceFiles: sourceFiles.length,
+              reviewedFiles: filesToReview.length,
+              model: 'claude-opus-4-20250514',
+              inputTokens: data.usage?.input_tokens || 0,
+              outputTokens: data.usage?.output_tokens || 0,
+              ...parsed,
+            }, null, 2));
+          } catch {
+            console.log(JSON.stringify({ raw: responseText }, null, 2));
+          }
+        } else {
+          console.log(JSON.stringify({ raw: responseText }, null, 2));
+        }
+      } else {
+        console.log(responseText);
+      }
+      // 8. Exit code based on findings
+      const hasCritical = responseText.includes('"CRITICAL"') || responseText.includes('"critical"');
+      const recommendation = responseText.includes('DO_NOT_DEPLOY');
+      if (hasCritical || recommendation) {
+        console.log('');
+        console.log('CRITICAL issues found. Fix before deploying.');
+        process.exit(1);
+      }
+    } catch (e) {
+      const status = e.response?.status;
+      const msg = e.response?.data?.error?.message || e.message;
+      if (status === 401) {
+        console.error('Invalid ANTHROPIC_API_KEY. Check your key and try again.');
+      } else if (status === 429) {
+        console.error('Rate limited by Anthropic API. Try again shortly.');
+      } else {
+        console.error(`Production review failed: ${msg}`);
+      }
+      process.exit(1);
+    }
+  });
 // ── CLI setup ─────────────────────────────────────────────────────────────────
 program
   .name('hone')

package/lib/eval-contracts.js CHANGED Viewed

@@ -56,6 +56,32 @@ const PIPELINE_CONTRACTS = [
     outputGate: 'step_3',
     metadataField: 'step_3.gate_result',
   },
+  {
+    agent: 'e2e-test-spec-writer',
+    step: '5a',
+    inputArtifact: 'step-4-implementation.md',
+    inputGate: 'step_4.gate_result',
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'Playwright', check: 'playwright', detail: 'generates Playwright specs' },
+      { text: 'data-testid', check: 'data_testid', detail: 'uses data-testid selectors' },
+    ],
+  },
+  {
+    agent: 'e2e-qa-spec-healer',
+    step: 'independent',
+    inputArtifact: null,
+    inputGate: null,
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'DIAGNOSIS', check: 'diagnosis', detail: 'provides diagnosis category' },
+      { text: 'Application bug', check: 'app_bug_handling', detail: 'handles application bugs (skip + file bug)' },
+    ],
+  },
   {
     agent: 'code-builder',
     step: 4,
@@ -106,6 +132,21 @@ const PIPELINE_CONTRACTS = [
       { text: 'test_strategy', check: 'test_strategy', detail: 'includes test_strategy in plan' },
     ],
   },
+  {
+    agent: 'release-reviewer',
+    step: 'independent',
+    inputArtifact: null,
+    inputGate: null,
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'CRITICAL', check: 'severity_critical', detail: 'defines CRITICAL severity level' },
+      { text: 'cross-file', check: 'cross_file_review', detail: 'checks cross-file interactions' },
+      { text: 'tenant', check: 'tenant_isolation', detail: 'checks tenant isolation' },
+      { text: 'DEPLOY', check: 'deploy_recommendation', detail: 'provides deploy/no-deploy recommendation' },
+    ],
+  },
 ];
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hone-ai/cli",
-  "version": "1.8.0",
+  "version": "1.8.1",
   "description": "Hone AI — Enterprise SDLC Pipeline CLI",
   "main": "hone-cli.js",
   "bin": {