@in-the-loop-labs/pair-review 1.3.1 → 1.3.3

package/README.md

@@ -144,7 +144,7 @@ Configuration is stored in `~/.pair-review/config.json`:
   "port": 7247,
   "theme": "light",
   "default_provider": "claude",
-  "default_model": "sonnet"
+  "default_model": "opus"
 }
 ```
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@in-the-loop-labs/pair-review",
-  "version": "1.3.1",
+  "version": "1.3.3",
   "description": "Your AI-powered code review partner - Close the feedback loop with AI coding agents",
   "main": "src/server.js",
   "bin": {

package/plugin/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "pair-review",
-  "version": "1.3.1",
+  "version": "1.3.3",
   "description": "pair-review app integration — Open PRs and local changes in the pair-review web UI, run server-side AI analysis, and address review feedback. Requires the pair-review MCP server.",
   "author": {
     "name": "in-the-loop-labs",

package/plugin-code-critic/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "code-critic",
-  "version": "1.3.1",
+  "version": "1.3.3",
   "description": "AI-powered code review analysis — Run three-level AI analysis and implement-review-fix loops directly in your coding agent. Works standalone, no server required.",
   "author": {
     "name": "in-the-loop-labs",

package/public/js/components/AnalysisConfigModal.js

@@ -11,7 +11,7 @@ class AnalysisConfigModal {
     this.onCancel = null;
     this.escapeHandler = null;
     this.selectedProvider = 'claude';
-    this.selectedModel = 'sonnet';
+    this.selectedModel = 'opus';
     this.selectedPresets = new Set();
     this.rememberModel = false;
     this.repoInstructions = '';
@@ -92,9 +92,9 @@ class AnalysisConfigModal {
           id: 'claude',
           name: 'Claude',
           models: [
-            { id: 'sonnet', name: 'Sonnet', tier: 'balanced', default: true }
+            { id: 'opus', name: 'Opus 4.6 High', tier: 'thorough', default: true }
           ],
-          defaultModel: 'sonnet'
+          defaultModel: 'opus'
         }
       };
       this.models = this.providers.claude.models;

package/public/js/local.js

@@ -363,7 +363,7 @@ class LocalManager {
         const providerStorageKey = `pair-review-provider:local-${reviewId}`;
         const rememberedModel = localStorage.getItem(modelStorageKey);
         const rememberedProvider = localStorage.getItem(providerStorageKey);
-        const currentModel = rememberedModel || repoSettings?.default_model || 'sonnet';
+        const currentModel = rememberedModel || repoSettings?.default_model || 'opus';
         const currentProvider = rememberedProvider || repoSettings?.default_provider || 'claude';
 
         // Show config modal
@@ -1027,7 +1027,7 @@ class LocalManager {
         },
         body: JSON.stringify({
           provider: config.provider || 'claude',
-          model: config.model || 'sonnet',
+          model: config.model || 'opus',
           tier: config.tier || 'balanced',
           customInstructions: config.customInstructions || null,
           skipLevel3: config.skipLevel3 || false

package/public/js/modules/analysis-history.js

@@ -734,6 +734,10 @@ class AnalysisHistoryManager {
       'haiku': 'fast',
       'sonnet': 'balanced',
       'opus': 'thorough',
+      'opus-4.5': 'balanced',
+      'opus-4.6-low': 'balanced',
+      'opus-4.6-medium': 'balanced',
+      'opus-4.6-1m': 'balanced',
       // Gemini models
       'flash': 'fast',
       'pro': 'balanced',

package/public/js/pr.js

@@ -3515,7 +3515,7 @@ class PRManager {
       const providerStorageKey = PRManager.getRepoStorageKey('pair-review-provider', owner, repo);
       const rememberedModel = localStorage.getItem(modelStorageKey);
       const rememberedProvider = localStorage.getItem(providerStorageKey);
-      const currentModel = rememberedModel || repoSettings?.default_model || 'sonnet';
+      const currentModel = rememberedModel || repoSettings?.default_model || 'opus';
       const currentProvider = rememberedProvider || repoSettings?.default_provider || 'claude';
 
       // Show the config modal
@@ -3593,7 +3593,7 @@ class PRManager {
         },
         body: JSON.stringify({
           provider: config.provider || 'claude',
-          model: config.model || 'sonnet',
+          model: config.model || 'opus',
           tier: config.tier || 'balanced',
           customInstructions: config.customInstructions || null,
           skipLevel3: config.skipLevel3 || false

package/public/js/repo-settings.js

@@ -208,23 +208,11 @@ class RepoSettingsPage {
 
     } catch (error) {
       console.error('Error loading providers:', error);
-      // Last-resort degraded mode: hardcoded Claude fallback when the /api/providers
-      // endpoint is unavailable. This allows basic functionality even if the backend
-      // is partially broken. The canonical provider definitions live in
-      // src/ai/claude-provider.js - this fallback should mirror those values.
-      this.providers = {
-        claude: {
-          id: 'claude',
-          name: 'Claude',
-          models: [
-            { id: 'haiku', name: 'Haiku', tier: 'fast', badge: 'Fastest', badgeClass: 'badge-speed', tagline: 'Lightning Fast', description: 'Quick analysis for simple changes' },
-            { id: 'sonnet', name: 'Sonnet', tier: 'balanced', default: true, badge: 'Recommended', badgeClass: 'badge-recommended', tagline: 'Best Balance', description: 'Recommended for most reviews' },
-            { id: 'opus', name: 'Opus', tier: 'thorough', badge: 'Most Thorough', badgeClass: 'badge-power', tagline: 'Most Capable', description: 'Deep analysis for complex code' }
-          ],
-          defaultModel: 'sonnet'
-        }
-      };
+      // No hardcoded fallback — rely on the /api/providers endpoint as the single source of truth.
+      // If the endpoint is unavailable, show an empty state rather than stale data.
+      this.providers = {};
       this.renderProviderButtons();
+      this.showToast('error', 'Failed to load AI providers. Please refresh the page.');
     }
   }
 

package/src/ai/analyzer.js

@@ -26,10 +26,10 @@ const { buildSparseCheckoutGuidance } = require('./prompts/sparse-checkout-guida
 class Analyzer {
   /**
    * @param {Object} database - Database instance
-   * @param {string} model - Model to use (e.g., 'sonnet', 'gemini-2.5-pro')
+   * @param {string} model - Model to use (e.g., 'opus', 'gemini-2.5-pro')
    * @param {string} provider - Provider ID (e.g., 'claude', 'gemini'). Defaults to 'claude'.
    */
-  constructor(database, model = 'sonnet', provider = 'claude') {
+  constructor(database, model = 'opus', provider = 'claude') {
     // Store model and provider for creating provider instances per level
     this.model = model;
     this.provider = provider;

package/src/ai/claude-cli.js

@@ -5,7 +5,7 @@ const logger = require('../utils/logger');
 const { extractJSON } = require('../utils/json-extractor');
 
 class ClaudeCLI {
-  constructor(model = 'sonnet') {
+  constructor(model = 'opus') {
     // Check for environment variable to override default command
     // Use PAIR_REVIEW_CLAUDE_CMD environment variable if set, otherwise default to 'claude'
     const claudeCmd = process.env.PAIR_REVIEW_CLAUDE_CMD || 'claude';
@@ -123,6 +123,11 @@ class ClaudeCLI {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      claude.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin with backpressure handling
       claude.stdin.write(prompt, (err) => {
         if (err) {

package/src/ai/claude-provider.js

@@ -22,7 +22,7 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
 const CLAUDE_MODELS = [
   {
     id: 'haiku',
-    name: 'Haiku',
+    name: 'Haiku 4.5',
     tier: 'fast',
     tagline: 'Lightning Fast',
     description: 'Quick analysis for simple changes',
@@ -31,21 +31,65 @@ const CLAUDE_MODELS = [
   },
   {
     id: 'sonnet',
-    name: 'Sonnet',
+    name: 'Sonnet 4.5',
     tier: 'balanced',
     tagline: 'Best Balance',
     description: 'Recommended for most reviews',
-    badge: 'Recommended',
-    badgeClass: 'badge-recommended',
-    default: true
+    badge: 'Standard',
+    badgeClass: 'badge-recommended'
+  },
+  {
+    id: 'opus-4.5',
+    cli_model: 'claude-opus-4-5-20251101',
+    name: 'Opus 4.5',
+    tier: 'balanced',
+    tagline: 'Deep Thinker',
+    description: 'Extended thinking for complex analysis',
+    badge: 'Previous Gen',
+    badgeClass: 'badge-power'
+  },
+  {
+    id: 'opus-4.6-low',
+    cli_model: 'opus',
+    env: { CLAUDE_CODE_EFFORT_LEVEL: 'low' },
+    name: 'Opus 4.6 Low',
+    tier: 'balanced',
+    tagline: 'Fast Opus',
+    description: 'Opus 4.6 with low effort — quick and capable',
+    badge: 'Balanced',
+    badgeClass: 'badge-recommended'
+  },
+  {
+    id: 'opus-4.6-medium',
+    cli_model: 'opus',
+    env: { CLAUDE_CODE_EFFORT_LEVEL: 'medium' },
+    name: 'Opus 4.6 Medium',
+    tier: 'balanced',
+    tagline: 'Balanced Opus',
+    description: 'Opus 4.6 with medium effort — balanced depth',
+    badge: 'Thorough',
+    badgeClass: 'badge-power'
   },
   {
     id: 'opus',
-    name: 'Opus',
+    aliases: ['opus-4.6-high'],
+    env: { CLAUDE_CODE_EFFORT_LEVEL: 'high' },
+    name: 'Opus 4.6 High',
     tier: 'thorough',
-    tagline: 'Most Capable',
-    description: 'Deep analysis for complex code',
+    tagline: 'Maximum Depth',
+    description: 'Opus 4.6 with high effort — deepest analysis',
     badge: 'Most Thorough',
+    badgeClass: 'badge-power',
+    default: true
+  },
+  {
+    id: 'opus-4.6-1m',
+    cli_model: 'opus[1m]',
+    name: 'Opus 4.6 1M',
+    tier: 'balanced',
+    tagline: 'Extended Context',
+    description: 'Opus 4.6 high effort with 1M token context window',
+    badge: 'More Context',
     badgeClass: 'badge-power'
   }
 ];
@@ -59,7 +103,7 @@ class ClaudeProvider extends AIProvider {
    * @param {Object} configOverrides.env - Additional environment variables
    * @param {Object[]} configOverrides.models - Custom model definitions
    */
-  constructor(model = 'sonnet', configOverrides = {}) {
+  constructor(model = 'opus', configOverrides = {}) {
     super(model);
 
     // Command precedence: ENV > config > default
@@ -67,7 +111,7 @@ class ClaudeProvider extends AIProvider {
     const configCmd = configOverrides.command;
     const claudeCmd = envCmd || configCmd || 'claude';
 
-    // Store for use in getExtractionConfig and testAvailability
+    // Store for use in getExtractionConfig, buildArgsForModel, and testAvailability
     this.claudeCmd = claudeCmd;
     this.configOverrides = configOverrides;
 
@@ -77,6 +121,9 @@ class ClaudeProvider extends AIProvider {
     // Check for budget limit environment variable
     const maxBudget = process.env.PAIR_REVIEW_MAX_BUDGET_USD;
 
+    // Resolve model config using shared helper
+    const { builtIn, configModel, cliModelArgs, extraArgs, env } = this._resolveModelConfig(model);
+
     // Build args: base args + provider extra_args + model extra_args
     // Use --output-format stream-json for JSONL streaming output (better debugging visibility)
     //
@@ -116,43 +163,98 @@ class ClaudeProvider extends AIProvider {
       ].join(',');
       permissionArgs = ['--allowedTools', allowedTools];
     }
-    const baseArgs = ['-p', '--verbose', '--model', model, '--output-format', 'stream-json', ...permissionArgs];
+    const baseArgs = ['-p', '--verbose', ...cliModelArgs, '--output-format', 'stream-json', ...permissionArgs];
     if (maxBudget) {
       const budgetNum = parseFloat(maxBudget);
       if (isNaN(budgetNum) || budgetNum <= 0) {
-        console.warn(`Warning: PAIR_REVIEW_MAX_BUDGET_USD="${maxBudget}" is not a valid positive number, ignoring`);
+        logger.warn(`Warning: PAIR_REVIEW_MAX_BUDGET_USD="${maxBudget}" is not a valid positive number, ignoring`);
       } else {
         baseArgs.push('--max-budget-usd', String(budgetNum));
       }
     }
-    const providerArgs = configOverrides.extra_args || [];
-    const modelConfig = configOverrides.models?.find(m => m.id === model);
-    const modelArgs = modelConfig?.extra_args || [];
 
-    // Merge env: provider env + model env
-    this.extraEnv = {
-      ...(configOverrides.env || {}),
-      ...(modelConfig?.env || {})
-    };
+    // Three-way merge for env: built-in model → provider config → per-model config
+    this.extraEnv = env;
 
     if (this.useShell) {
-      // Quote the allowedTools value to prevent shell interpretation of special characters
-      // (commas, parentheses in patterns like "Bash(git diff*)")
-      const quotedBaseArgs = baseArgs.map((arg, i) => {
-        // The allowedTools value follows the --allowedTools flag
-        if (baseArgs[i - 1] === '--allowedTools') {
-          return `'${arg}'`;
-        }
-        return arg;
-      });
-      this.command = `${claudeCmd} ${[...quotedBaseArgs, ...providerArgs, ...modelArgs].join(' ')}`;
+      const allArgs = [...baseArgs, ...extraArgs];
+      this.command = `${claudeCmd} ${this._quoteShellArgs(allArgs).join(' ')}`;
       this.args = [];
     } else {
       this.command = claudeCmd;
-      this.args = [...baseArgs, ...providerArgs, ...modelArgs];
+      this.args = [...baseArgs, ...extraArgs];
     }
   }
 
+  /**
+   * Quote shell-sensitive arguments for safe shell execution.
+   * Any arg containing characters that could be interpreted by the shell
+   * (brackets, parentheses, commas, etc.) is wrapped in single quotes
+   * with internal single quotes escaped using the POSIX pattern.
+   *
+   * @param {string[]} args - Array of CLI arguments
+   * @returns {string[]} Args with shell-sensitive values quoted
+   * @private
+   */
+  _quoteShellArgs(args) {
+    return args.map((arg, i) => {
+      const prevArg = args[i - 1];
+      if (prevArg === '--allowedTools' || prevArg === '--model') {
+        if (/[][*?(){}$!&|;<>,\s']/.test(arg)) {
+          return `'${arg.replace(/'/g, "'\\''")}'`;
+        }
+      }
+      return arg;
+    });
+  }
+
+  /**
+   * Resolve model configuration by looking up built-in and config override definitions.
+   * Consolidates the CLAUDE_MODELS.find() and configOverrides.models.find() lookups
+   * used across the constructor, buildArgsForModel(), and getExtractionConfig().
+   *
+   * @param {string} modelId - The model identifier to resolve
+   * @returns {Object} Resolved configuration
+   * @returns {Object|undefined} .builtIn - Built-in model definition from CLAUDE_MODELS
+   * @returns {Object|undefined} .configModel - Config override model definition
+   * @returns {string[]} .cliModelArgs - Args array for --model (empty if suppressed)
+   * @returns {string[]} .extraArgs - Merged extra_args from built-in, provider, and config model
+   * @returns {Object} .env - Merged env from built-in, provider, and config model
+   * @private
+   */
+  _resolveModelConfig(modelId) {
+    const configOverrides = this.configOverrides || {};
+
+    // Resolve cli_model: config model > built-in model > id
+    // cli_model decouples the app-level model ID from the CLI --model argument.
+    // - undefined: fall through the resolution chain
+    // - string: use this exact value for --model
+    // - null: explicitly suppress --model (for tools that want the model set via env instead)
+    const builtIn = CLAUDE_MODELS.find(m => m.id === modelId || (m.aliases && m.aliases.includes(modelId)));
+    const configModel = configOverrides.models?.find(m => m.id === modelId);
+    const resolvedCliModel = configModel?.cli_model !== undefined
+      ? configModel.cli_model
+      : (builtIn?.cli_model !== undefined ? builtIn.cli_model : modelId);
+
+    // Conditionally include --model in base args (null = suppress, empty string passes through to surface CLI error)
+    const cliModelArgs = resolvedCliModel !== null ? ['--model', resolvedCliModel] : [];
+
+    // Three-way merge for extra_args: built-in model → provider config → per-model config
+    const builtInArgs = builtIn?.extra_args || [];
+    const providerArgs = configOverrides.extra_args || [];
+    const configModelArgs = configModel?.extra_args || [];
+    const extraArgs = [...builtInArgs, ...providerArgs, ...configModelArgs];
+
+    // Three-way merge for env: built-in model → provider config → per-model config
+    const env = {
+      ...(builtIn?.env || {}),
+      ...(configOverrides.env || {}),
+      ...(configModel?.env || {})
+    };
+
+    return { builtIn, configModel, cliModelArgs, extraArgs, env };
+  }
+
   /**
    * Execute Claude CLI with a prompt
    * @param {string} prompt - The prompt to send to Claude
@@ -294,24 +396,28 @@ class ClaudeProvider extends AIProvider {
         } else {
           // Regex extraction failed, try LLM-based extraction as fallback
           logger.warn(`${levelPrefix} Regex extraction failed: ${parsed.error}`);
-          logger.info(`${levelPrefix} Raw response length: ${stdout.length} characters`);
+          // Pass extracted text content to LLM fallback (not raw JSONL stdout).
+          // The text content is the actual LLM response text extracted from JSONL
+          // events and is much smaller and more relevant than the full JSONL stream.
+          const llmFallbackInput = parsed.textContent || stdout;
+          logger.info(`${levelPrefix} LLM fallback input length: ${llmFallbackInput.length} characters (${parsed.textContent ? 'text content' : 'raw stdout'})`);
           logger.info(`${levelPrefix} Attempting LLM-based JSON extraction fallback...`);
 
           // Use async IIFE to handle the async LLM extraction
           (async () => {
             try {
-              const llmExtracted = await this.extractJSONWithLLM(stdout, { level, analysisId, registerProcess });
+              const llmExtracted = await this.extractJSONWithLLM(llmFallbackInput, { level, analysisId, registerProcess });
               if (llmExtracted.success) {
                 logger.success(`${levelPrefix} LLM extraction fallback succeeded`);
                 settle(resolve, llmExtracted.data);
               } else {
                 logger.warn(`${levelPrefix} LLM extraction fallback also failed: ${llmExtracted.error}`);
-                logger.info(`${levelPrefix} Raw response preview: ${stdout.substring(0, 500)}...`);
-                settle(resolve, { raw: stdout, parsed: false });
+                logger.info(`${levelPrefix} Raw response preview: ${llmFallbackInput.substring(0, 500)}...`);
+                settle(resolve, { raw: llmFallbackInput, parsed: false });
               }
             } catch (llmError) {
               logger.warn(`${levelPrefix} LLM extraction fallback error: ${llmError.message}`);
-              settle(resolve, { raw: stdout, parsed: false });
+              settle(resolve, { raw: llmFallbackInput, parsed: false });
             }
           })();
         }
@@ -328,6 +434,11 @@ class ClaudeProvider extends AIProvider {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      claude.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin
       claude.stdin.write(prompt, (err) => {
         if (err) {
@@ -351,15 +462,12 @@ class ClaudeProvider extends AIProvider {
    * @returns {string[]} Complete args array for the CLI
    */
   buildArgsForModel(model) {
+    const { cliModelArgs, extraArgs } = this._resolveModelConfig(model);
+
     // Base args for extraction (simple prompt mode, no tools needed)
-    const baseArgs = ['-p', '--model', model];
-    // Provider-level extra_args (from configOverrides)
-    const providerArgs = this.configOverrides?.extra_args || [];
-    // Model-specific extra_args (from the model config for the given model)
-    const modelConfig = this.configOverrides?.models?.find(m => m.id === model);
-    const modelArgs = modelConfig?.extra_args || [];
-
-    return [...baseArgs, ...providerArgs, ...modelArgs];
+    const baseArgs = ['-p', ...cliModelArgs];
+
+    return [...baseArgs, ...extraArgs];
   }
 
   /**
@@ -373,22 +481,26 @@ class ClaudeProvider extends AIProvider {
     const claudeCmd = this.claudeCmd;
     const useShell = this.useShell;
 
-    // Build args consistently using the shared method, applying provider and model extra_args
-    const args = this.buildArgsForModel(model);
+    // Single call to _resolveModelConfig for both args and env
+    const { cliModelArgs, extraArgs, env } = this._resolveModelConfig(model);
+    const args = ['-p', ...cliModelArgs, ...extraArgs];
 
     if (useShell) {
+      const quotedArgs = this._quoteShellArgs(args);
       return {
-        command: `${claudeCmd} ${args.join(' ')}`,
+        command: `${claudeCmd} ${quotedArgs.join(' ')}`,
         args: [],
         useShell: true,
-        promptViaStdin: true
+        promptViaStdin: true,
+        env
       };
     }
     return {
       command: claudeCmd,
       args,
       useShell: false,
-      promptViaStdin: true
+      promptViaStdin: true,
+      env
     };
   }
 
@@ -623,9 +735,10 @@ class ClaudeProvider extends AIProvider {
           return extracted;
         }
 
-        // If no JSON found, return the raw text
+        // If no JSON found, return with textContent so the caller can
+        // pass it (not raw JSONL stdout) to the LLM extraction fallback
         logger.warn(`${levelPrefix} Text content is not JSON, treating as raw text`);
-        return { success: false, error: 'Text content is not valid JSON' };
+        return { success: false, error: 'Text content is not valid JSON', textContent };
       }
 
       // No text content found - don't fall back to raw stdout extraction
@@ -729,7 +842,7 @@ class ClaudeProvider extends AIProvider {
   }
 
   static getDefaultModel() {
-    return 'sonnet';
+    return 'opus';
   }
 
   static getInstallInstructions() {

package/src/ai/codex-provider.js

@@ -271,24 +271,25 @@ class CodexProvider extends AIProvider {
         } else {
           // Regex extraction failed, try LLM-based extraction as fallback
           logger.warn(`${levelPrefix} Regex extraction failed: ${parsed.error}`);
-          logger.info(`${levelPrefix} Raw response length: ${stdout.length} characters`);
+          const llmFallbackInput = parsed.textContent || stdout;
+          logger.info(`${levelPrefix} LLM fallback input length: ${llmFallbackInput.length} characters (${parsed.textContent ? 'text content' : 'raw stdout'})`);
           logger.info(`${levelPrefix} Attempting LLM-based JSON extraction fallback...`);
 
           // Use async IIFE to handle the async LLM extraction
           (async () => {
             try {
-              const llmExtracted = await this.extractJSONWithLLM(stdout, { level, analysisId, registerProcess });
+              const llmExtracted = await this.extractJSONWithLLM(llmFallbackInput, { level, analysisId, registerProcess });
               if (llmExtracted.success) {
                 logger.success(`${levelPrefix} LLM extraction fallback succeeded`);
                 settle(resolve, llmExtracted.data);
               } else {
                 logger.warn(`${levelPrefix} LLM extraction fallback also failed: ${llmExtracted.error}`);
-                logger.info(`${levelPrefix} Raw response preview: ${stdout.substring(0, 500)}...`);
-                settle(resolve, { raw: stdout, parsed: false });
+                logger.info(`${levelPrefix} Raw response preview: ${llmFallbackInput.substring(0, 500)}...`);
+                settle(resolve, { raw: llmFallbackInput, parsed: false });
               }
             } catch (llmError) {
               logger.warn(`${levelPrefix} LLM extraction fallback error: ${llmError.message}`);
-              settle(resolve, { raw: stdout, parsed: false });
+              settle(resolve, { raw: llmFallbackInput, parsed: false });
             }
           })();
         }
@@ -305,6 +306,11 @@ class CodexProvider extends AIProvider {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      codex.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin
       codex.stdin.write(prompt, (err) => {
         if (err) {
@@ -368,9 +374,10 @@ class CodexProvider extends AIProvider {
           return extracted;
         }
 
-        // If no JSON found, return the raw message
+        // If no JSON found, return with textContent so the caller can
+        // pass it (not raw JSONL stdout) to the LLM extraction fallback
         logger.warn(`${levelPrefix} Agent message is not JSON, treating as raw text`);
-        return { success: false, error: 'Agent message is not valid JSON' };
+        return { success: false, error: 'Agent message is not valid JSON', textContent: agentMessageText };
       }
 
       // No agent message found, try extracting JSON directly from stdout

package/src/ai/cursor-agent-provider.js

@@ -314,7 +314,8 @@ class CursorAgentProvider extends AIProvider {
         } else {
           // Regex extraction failed, try LLM-based extraction as fallback
           logger.warn(`${levelPrefix} Regex extraction failed: ${parsed.error}`);
-          logger.info(`${levelPrefix} Raw response length: ${stdout.length} characters`);
+          const llmFallbackInput = parsed.textContent || stdout;
+          logger.info(`${levelPrefix} LLM fallback input length: ${llmFallbackInput.length} characters (${parsed.textContent ? 'text content' : 'raw stdout'})`);
           logger.info(`${levelPrefix} Attempting LLM-based JSON extraction fallback...`);
 
           // Use async IIFE to handle the async LLM extraction
@@ -324,18 +325,18 @@ class CursorAgentProvider extends AIProvider {
               // orphan processes if timeout fired between close-handler entry
               // and reaching this point.
               if (settled) return;
-              const llmExtracted = await this.extractJSONWithLLM(stdout, { level, analysisId, registerProcess });
+              const llmExtracted = await this.extractJSONWithLLM(llmFallbackInput, { level, analysisId, registerProcess });
               if (llmExtracted.success) {
                 logger.success(`${levelPrefix} LLM extraction fallback succeeded`);
                 settle(resolve, llmExtracted.data);
               } else {
                 logger.warn(`${levelPrefix} LLM extraction fallback also failed: ${llmExtracted.error}`);
-                logger.info(`${levelPrefix} Raw response preview: ${stdout.substring(0, 500)}...`);
-                settle(resolve, { raw: stdout, parsed: false });
+                logger.info(`${levelPrefix} Raw response preview: ${llmFallbackInput.substring(0, 500)}...`);
+                settle(resolve, { raw: llmFallbackInput, parsed: false });
               }
             } catch (llmError) {
               logger.warn(`${levelPrefix} LLM extraction fallback error: ${llmError.message}`);
-              settle(resolve, { raw: stdout, parsed: false });
+              settle(resolve, { raw: llmFallbackInput, parsed: false });
             }
           })();
         }
@@ -352,6 +353,11 @@ class CursorAgentProvider extends AIProvider {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      agent.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin
       agent.stdin.write(prompt, (err) => {
         if (err) {
@@ -461,7 +467,9 @@ class CursorAgentProvider extends AIProvider {
         return extracted;
       }
 
-      return { success: false, error: 'No valid JSON found in assistant or result text' };
+      // Include textContent so the caller can pass it to LLM extraction fallback
+      const textContent = assistantText || resultText || null;
+      return { success: false, error: 'No valid JSON found in assistant or result text', textContent };
 
     } catch (parseError) {
       // stdout might not be valid JSONL at all, try extracting JSON from it

package/src/ai/gemini-provider.js

@@ -320,24 +320,25 @@ class GeminiProvider extends AIProvider {
         } else {
           // Regex extraction failed, try LLM-based extraction as fallback
           logger.warn(`${levelPrefix} Regex extraction failed: ${parsed.error}`);
-          logger.info(`${levelPrefix} Raw response length: ${stdout.length} characters`);
+          const llmFallbackInput = parsed.textContent || stdout;
+          logger.info(`${levelPrefix} LLM fallback input length: ${llmFallbackInput.length} characters (${parsed.textContent ? 'text content' : 'raw stdout'})`);
           logger.info(`${levelPrefix} Attempting LLM-based JSON extraction fallback...`);
 
           // Use async IIFE to handle the async LLM extraction
           (async () => {
             try {
-              const llmExtracted = await this.extractJSONWithLLM(stdout, { level, analysisId, registerProcess });
+              const llmExtracted = await this.extractJSONWithLLM(llmFallbackInput, { level, analysisId, registerProcess });
               if (llmExtracted.success) {
                 logger.success(`${levelPrefix} LLM extraction fallback succeeded`);
                 settle(resolve, llmExtracted.data);
               } else {
                 logger.warn(`${levelPrefix} LLM extraction fallback also failed: ${llmExtracted.error}`);
-                logger.info(`${levelPrefix} Raw response preview: ${stdout.substring(0, 500)}...`);
-                settle(resolve, { raw: stdout, parsed: false });
+                logger.info(`${levelPrefix} Raw response preview: ${llmFallbackInput.substring(0, 500)}...`);
+                settle(resolve, { raw: llmFallbackInput, parsed: false });
               }
             } catch (llmError) {
               logger.warn(`${levelPrefix} LLM extraction fallback error: ${llmError.message}`);
-              settle(resolve, { raw: stdout, parsed: false });
+              settle(resolve, { raw: llmFallbackInput, parsed: false });
             }
           })();
         }
@@ -354,6 +355,11 @@ class GeminiProvider extends AIProvider {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      gemini.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin
       gemini.stdin.write(prompt, (err) => {
         if (err) {
@@ -419,9 +425,10 @@ class GeminiProvider extends AIProvider {
           return extracted;
         }
 
-        // If no JSON found, return the raw message
+        // If no JSON found, return with textContent so the caller can
+        // pass it (not raw JSONL stdout) to the LLM extraction fallback
         logger.warn(`${levelPrefix} Assistant message is not JSON, treating as raw text`);
-        return { success: false, error: 'Assistant message is not valid JSON' };
+        return { success: false, error: 'Assistant message is not valid JSON', textContent: assistantText };
       }
 
       // No assistant message found, try extracting JSON directly from stdout

package/src/ai/opencode-provider.js

@@ -255,24 +255,25 @@ class OpenCodeProvider extends AIProvider {
         } else {
           // Regex extraction failed, try LLM-based extraction as fallback
           logger.warn(`${levelPrefix} Regex extraction failed: ${parsed.error}`);
-          logger.info(`${levelPrefix} Raw response length: ${stdout.length} characters`);
+          const llmFallbackInput = parsed.textContent || stdout;
+          logger.info(`${levelPrefix} LLM fallback input length: ${llmFallbackInput.length} characters (${parsed.textContent ? 'text content' : 'raw stdout'})`);
           logger.info(`${levelPrefix} Attempting LLM-based JSON extraction fallback...`);
 
           // Use async IIFE to handle the async LLM extraction
           (async () => {
             try {
-              const llmExtracted = await this.extractJSONWithLLM(stdout, { level, analysisId, registerProcess });
+              const llmExtracted = await this.extractJSONWithLLM(llmFallbackInput, { level, analysisId, registerProcess });
               if (llmExtracted.success) {
                 logger.success(`${levelPrefix} LLM extraction fallback succeeded`);
                 settle(resolve, llmExtracted.data);
               } else {
                 logger.warn(`${levelPrefix} LLM extraction fallback also failed: ${llmExtracted.error}`);
-                logger.info(`${levelPrefix} Raw response preview: ${stdout.substring(0, 500)}...`);
-                settle(resolve, { raw: stdout, parsed: false });
+                logger.info(`${levelPrefix} Raw response preview: ${llmFallbackInput.substring(0, 500)}...`);
+                settle(resolve, { raw: llmFallbackInput, parsed: false });
               }
             } catch (llmError) {
               logger.warn(`${levelPrefix} LLM extraction fallback error: ${llmError.message}`);
-              settle(resolve, { raw: stdout, parsed: false });
+              settle(resolve, { raw: llmFallbackInput, parsed: false });
             }
           })();
         }
@@ -289,6 +290,11 @@ class OpenCodeProvider extends AIProvider {
         }
       });
 
+      // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+      opencode.stdin.on('error', (err) => {
+        logger.error(`${levelPrefix} stdin error: ${err.message}`);
+      });
+
       // Send the prompt to stdin (OpenCode reads from stdin when no positional args)
       // Note on error handling: When stdin.write fails, we kill the process which
       // triggers the 'close' event handler. The `settled` guard (line 142) prevents
@@ -490,9 +496,10 @@ class OpenCodeProvider extends AIProvider {
           return extracted;
         }
 
-        // If no JSON found, return the raw text
+        // If no JSON found, return with textContent so the caller can
+        // pass it (not raw JSONL stdout) to the LLM extraction fallback
         logger.warn(`${levelPrefix} Text content is not JSON, treating as raw text`);
-        return { success: false, error: 'Text content is not valid JSON' };
+        return { success: false, error: 'Text content is not valid JSON', textContent };
       }
 
       // No text content found, try extracting JSON directly from stdout

package/src/ai/provider.js

@@ -192,7 +192,7 @@ class AIProvider {
       };
     }
 
-    const { command, args, useShell, promptViaStdin } = config;
+    const { command, args, useShell, promptViaStdin, env: configEnv } = config;
     const prompt = `Extract the JSON object from the following text. Return ONLY the valid JSON, nothing else. Do not include any explanation, markdown formatting, or code blocks - just the raw JSON.
 
 === BEGIN INPUT TEXT ===
@@ -209,6 +209,7 @@ ${rawResponse}
         cwd: process.cwd(),
         env: {
           ...process.env,
+          ...(configEnv || {}),
           PATH: `${BIN_DIR}:${process.env.PATH}`
         },
         shell: useShell
@@ -279,6 +280,11 @@ ${rawResponse}
 
       // Send prompt via stdin if configured
       if (promptViaStdin) {
+        // Handle stdin errors (e.g., EPIPE if process exits before write completes)
+        proc.stdin.on('error', (err) => {
+          logger.warn(`${levelPrefix} extraction stdin error: ${err.message}`);
+        });
+
         proc.stdin.write(prompt, (err) => {
           if (err) {
             logger.warn(`${levelPrefix} Failed to write extraction prompt: ${err}`);

package/src/config.js

@@ -14,7 +14,7 @@ const DEFAULT_CONFIG = {
   port: 7247,
   theme: "light",
   default_provider: "claude",  // AI provider: 'claude', 'gemini', 'codex', 'copilot', 'opencode'
-  default_model: "sonnet",     // Model within the provider (e.g., 'sonnet' for Claude, 'gemini-2.5-pro' for Gemini)
+  default_model: "opus",       // Model within the provider (e.g., 'opus' for Claude, 'gemini-2.5-pro' for Gemini)
   worktree_retention_days: 7,
   dev_mode: false,  // When true, disables static file caching for development
   debug_stream: false,  // When true, logs AI provider streaming events (equivalent to --debug-stream CLI flag)

package/src/main.js

@@ -110,6 +110,7 @@ OPTIONS:
                             The web UI also starts for the human reviewer.
     --model <name>          Override the AI model. Claude Code is the default provider.
                             Available models: opus, sonnet, haiku (Claude Code);
+                            also: opus-4.5, opus-4.6-low, opus-4.6-medium, opus-4.6-1m
                             or use provider-specific models with Gemini/Codex
     --use-checkout          Use current directory instead of creating worktree
                             (automatic in GitHub Actions)
@@ -129,7 +130,7 @@ ENVIRONMENT VARIABLES:
     PAIR_REVIEW_CLAUDE_CMD  Custom command to invoke Claude CLI (default: claude)
     PAIR_REVIEW_GEMINI_CMD  Custom command to invoke Gemini CLI (default: gemini)
     PAIR_REVIEW_CODEX_CMD   Custom command to invoke Codex CLI (default: codex)
-    PAIR_REVIEW_MODEL       Override the AI model (same as --model flag)
+    PAIR_REVIEW_MODEL       Override the AI model (same as --model flag, default: opus)
 
 CONFIGURATION:
     Config file: ~/.pair-review/config.json
@@ -852,7 +853,7 @@ async function performHeadlessReview(args, config, db, flags, options) {
 
     // Run AI analysis
     console.log('Running AI analysis (all 3 levels)...');
-    const model = flags.model || process.env.PAIR_REVIEW_MODEL || 'sonnet';
+    const model = flags.model || process.env.PAIR_REVIEW_MODEL || 'opus';
     const analyzer = new Analyzer(db, model);
 
     let analysisSummary = null;

package/src/routes/mcp.js

@@ -527,7 +527,7 @@ function createMCPServer(db, options = {}) {
           // Resolve provider and model
           const repoSettings = repository ? await repoSettingsRepo.getRepoSettings(repository) : null;
           const provider = process.env.PAIR_REVIEW_PROVIDER || repoSettings?.default_provider || config.default_provider || config.provider || 'claude';
-          const model = process.env.PAIR_REVIEW_MODEL || repoSettings?.default_model || config.default_model || config.model || 'sonnet';
+          const model = process.env.PAIR_REVIEW_MODEL || repoSettings?.default_model || config.default_model || config.model || 'opus';
 
           // Create unified run/analysis ID and DB record immediately
           const runId = uuidv4();
@@ -676,7 +676,7 @@ function createMCPServer(db, options = {}) {
           // Resolve provider and model
           const repoSettings = await repoSettingsRepo.getRepoSettings(repository);
           const provider = process.env.PAIR_REVIEW_PROVIDER || repoSettings?.default_provider || config.default_provider || config.provider || 'claude';
-          const model = process.env.PAIR_REVIEW_MODEL || repoSettings?.default_model || config.default_model || config.model || 'sonnet';
+          const model = process.env.PAIR_REVIEW_MODEL || repoSettings?.default_model || config.default_model || config.model || 'opus';
 
           // Create unified run/analysis ID and DB record immediately
           const runId = uuidv4();

package/src/routes/shared.js

@@ -70,7 +70,7 @@ function getLocalReviewKey(reviewId) {
 
 /**
  * Get the model to use for AI analysis
- * Priority: CLI flag (PAIR_REVIEW_MODEL env var) > config.default_model > 'sonnet' default
+ * Priority: CLI flag (PAIR_REVIEW_MODEL env var) > config.default_model > 'opus' default
  * @param {Object} req - Express request object
  * @returns {string} Model name to use
  */
@@ -93,7 +93,7 @@ function getModel(req) {
   }
 
   // Default fallback
-  return 'sonnet';
+  return 'opus';
 }
 
 /**

package/src/utils/json-extractor.js

@@ -2,9 +2,18 @@
 const logger = require('./logger');
 
 /**
- * Extract JSON from text responses using multiple strategies
- * This is a shared utility to ensure consistent JSON extraction across the application
- * @param {string} response - Raw response text
+ * Extract JSON from text responses using multiple strategies.
+ * This is a shared utility to ensure consistent JSON extraction across the application.
+ *
+ * Strategies are tried in order:
+ *   1. Markdown code blocks (```json ... ```)
+ *   2. Direct JSON.parse of the trimmed response
+ *   3. First { to last } substring
+ *   4. Known JSON key anchors (e.g. {"level", {"suggestions")
+ *   5. Forward scan: try JSON.parse from every top-level { in the text
+ *   6. Bracket-matched substring from the first {
+ *
+ * @param {string} response - Raw response text (may include preamble/postamble prose)
  * @param {string|number} level - Level identifier for logging (e.g., 1, 2, 3, 'orchestration', 'unknown')
  * @returns {Object} Extraction result with success flag and data/error
  */
@@ -35,51 +44,132 @@ function extractJSON(response, level = 'unknown') {
       }
       throw new Error('No JSON code block found');
     },
-    
-    // Strategy 2: Look for JSON between first { and last }
+
+    // Strategy 2: Try the entire response as JSON (fast path for clean responses)
+    () => {
+      return JSON.parse(response.trim());
+    },
+
+    // Strategy 3: Look for JSON between first { and last }
+    // Works when the response is just JSON or has minimal wrapping
     () => {
       const firstBrace = response.indexOf('{');
       const lastBrace = response.lastIndexOf('}');
-      if (firstBrace !== -1 && lastBrace !== -1 && lastBrace >= firstBrace) {
+      if (firstBrace !== -1 && lastBrace !== -1 && lastBrace > firstBrace) {
         return JSON.parse(response.substring(firstBrace, lastBrace + 1));
       }
       throw new Error('No valid JSON braces found');
     },
-    
-    // Strategy 3: Try to find JSON-like structure with bracket matching
+
+    // Strategy 4: Anchor-based extraction — look for known JSON key patterns
+    // that mark the start of our expected response structures.
+    // This handles the common case where preamble text contains { characters
+    // (e.g. LLM discussing code: "the function handleEvent(event) { ... }")
+    // which would cause Strategy 3 to grab the wrong first brace.
     () => {
-      const jsonMatch = response.match(/\{[\s\S]*\}/);
-      if (jsonMatch) {
-        // Try to find the complete JSON by matching brackets
-        const jsonStr = jsonMatch[0];
-        let braceCount = 0;
-        let endIndex = -1;
-        const maxIterations = Math.min(jsonStr.length, 100000); // Prevent infinite loops
-        
-        for (let i = 0; i < maxIterations; i++) {
-          if (jsonStr[i] === '{') braceCount++;
-          else if (jsonStr[i] === '}') {
-            braceCount--;
-            if (braceCount === 0) {
-              endIndex = i;
-              break;
+      // Look for patterns that start our expected JSON structures
+      const anchors = [
+        /\{"level"\s*:/,
+        /\{"suggestions"\s*:/,
+        /\{"fileLevelSuggestions"\s*:/,
+        /\{"summary"\s*:/,
+        /\{"overview"\s*:/,
+      ];
+
+      for (const anchor of anchors) {
+        const match = response.match(anchor);
+        if (match) {
+          const startIdx = match.index;
+          // Find the matching closing brace from the end
+          const lastBrace = response.lastIndexOf('}');
+          if (lastBrace > startIdx) {
+            const candidate = response.substring(startIdx, lastBrace + 1);
+            return JSON.parse(candidate);
+          }
+        }
+      }
+      throw new Error('No known JSON anchor found');
+    },
+
+    // Strategy 5: Forward scan — try JSON.parse starting from each { in the text.
+    // Handles arbitrary preamble text with braces by trying every { as a potential
+    // JSON start. Stops at the first successful parse.
+    () => {
+      let searchFrom = 0;
+      // Limit attempts to avoid excessive parsing on very large non-JSON text
+      const maxAttempts = 20;
+      let attempts = 0;
+      const lastBrace = response.lastIndexOf('}');
+
+      while (searchFrom < response.length && attempts < maxAttempts) {
+        const braceIdx = response.indexOf('{', searchFrom);
+        if (braceIdx === -1) break;
+
+        attempts++;
+        try {
+          // Try parsing from this brace to the end of the response.
+          // JSON.parse is lenient about trailing content only if we trim to the
+          // right boundary, so use lastIndexOf('}') from the end.
+          if (lastBrace > braceIdx) {
+            const candidate = response.substring(braceIdx, lastBrace + 1);
+            const parsed = JSON.parse(candidate);
+            if (parsed && typeof parsed === 'object') {
+              return parsed;
             }
           }
+        } catch {
+          // This { wasn't the start of valid JSON, try the next one
         }
-        
-        if (endIndex > -1) {
-          return JSON.parse(jsonStr.substring(0, endIndex + 1));
+        searchFrom = braceIdx + 1;
+      }
+      throw new Error('Forward scan found no valid JSON');
+    },
+
+    // Strategy 6: Bracket-matched substring from the first {.
+    // Counts balanced braces (ignoring those inside JSON strings) to find
+    // the end of the first top-level object. No iteration cap — the loop
+    // runs for the full length of the matched region.
+    () => {
+      const firstBrace = response.indexOf('{');
+      if (firstBrace === -1) throw new Error('No opening brace found');
+
+      let braceCount = 0;
+      let inString = false;
+      let escaped = false;
+
+      for (let i = firstBrace; i < response.length; i++) {
+        const ch = response[i];
+
+        if (escaped) {
+          escaped = false;
+          continue;
+        }
+
+        if (ch === '\\' && inString) {
+          escaped = true;
+          continue;
+        }
+
+        if (ch === '"') {
+          inString = !inString;
+          continue;
+        }
+
+        if (inString) continue;
+
+        if (ch === '{') braceCount++;
+        else if (ch === '}') {
+          braceCount--;
+          if (braceCount === 0) {
+            return JSON.parse(response.substring(firstBrace, i + 1));
+          }
         }
       }
       throw new Error('No balanced JSON structure found');
     },
-    
-    // Strategy 4: Try the entire response as JSON (for simple cases)
-    () => {
-      return JSON.parse(response.trim());
-    }
   ];
 
+  const strategyErrors = [];
   for (let i = 0; i < strategies.length; i++) {
     try {
       const data = strategies[i]();
@@ -88,17 +178,17 @@ function extractJSON(response, level = 'unknown') {
         return { success: true, data };
       }
     } catch (error) {
-      // Continue to next strategy
-      if (i === strategies.length - 1) {
-        // Last strategy failed, log the error
-        logger.warn(`${levelPrefix} All JSON extraction strategies failed`);
-        logger.warn(`${levelPrefix} Response preview: ${response.substring(0, 200)}...`);
-      }
+      strategyErrors.push(`S${i + 1}: ${error.message}`);
     }
   }
 
-  return { 
-    success: false, 
+  // All strategies failed — log details for debugging
+  logger.warn(`${levelPrefix} All JSON extraction strategies failed`);
+  logger.warn(`${levelPrefix} Strategy errors: ${strategyErrors.join('; ')}`);
+  logger.warn(`${levelPrefix} Response length: ${response.length} chars, preview: ${response.substring(0, 200)}...`);
+
+  return {
+    success: false,
     error: 'Failed to extract JSON from response',
     response: response.substring(0, 500) // Include preview for debugging
   };