@in-the-loop-labs/pair-review 2.3.3 → 2.4.0

package/public/pr.html

@@ -10,8 +10,16 @@
         // Fetch chat availability early so PanelGroup sees the correct state
         fetch('/api/config').then(r => r.ok ? r.json() : null).then(config => {
             if (!config) return;
+            const chatProviders = config.chat_providers || [];
             let state = 'disabled';
-            if (config.enable_chat) state = config.pi_available ? 'available' : 'unavailable';
+            if (config.enable_chat) {
+                const anyAvailable = chatProviders.some(p => p.available);
+                state = anyAvailable ? 'available' : 'unavailable';
+            }
+            window.__pairReview = window.__pairReview || {};
+            window.__pairReview.chatProvider = config.chat_provider || 'pi';
+            window.__pairReview.chatProviders = chatProviders;
+            window.__pairReview.share = config.share || null;
             document.documentElement.setAttribute('data-chat', state);
             const shortcutsState = config.chat_enable_shortcuts === false ? 'disabled' : 'enabled';
             document.documentElement.setAttribute('data-chat-shortcuts', shortcutsState);
@@ -85,7 +93,14 @@
                 </div>
             </div>
             <div class="header-center">
-                <h1 class="pr-title" id="pr-title-text">Loading...</h1>
+                <div class="pr-title-wrapper">
+                    <h1 class="pr-title" id="pr-title-text">Loading...</h1>
+                    <button class="btn btn-icon pr-description-toggle" id="pr-description-toggle" title="View PR description" style="display: none;" aria-expanded="false" aria-haspopup="true">
+                        <svg viewBox="0 0 16 16" width="14" height="14" fill="currentColor">
+                            <path d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8Zm8-6.5a6.5 6.5 0 1 0 0 13 6.5 6.5 0 0 0 0-13ZM6.5 7.75A.75.75 0 0 1 7.25 7h1a.75.75 0 0 1 .75.75v2.75h.25a.75.75 0 0 1 0 1.5h-2a.75.75 0 0 1 0-1.5h.25v-2h-.25a.75.75 0 0 1-.75-.75ZM8 6a1 1 0 1 1 0-2 1 1 0 0 1 0 2Z"/>
+                        </svg>
+                    </button>
+                </div>
             </div>
             <div class="header-right">
                 <div class="header-icon-group">

package/src/ai/codex-provider.js

@@ -61,7 +61,8 @@ class CodexProvider extends AIProvider {
    * @param {string} model - Model identifier
    * @param {Object} configOverrides - Config overrides from providers config
    * @param {string} configOverrides.command - Custom CLI command
-   * @param {string[]} configOverrides.extra_args - Additional CLI arguments
+   * @param {string[]} configOverrides.args - Replace default shell env args (default: login shell + env policy)
+   * @param {string[]} configOverrides.extra_args - Additional CLI arguments (appended)
    * @param {Object} configOverrides.env - Additional environment variables
    * @param {Object[]} configOverrides.models - Custom model definitions
    */
@@ -96,6 +97,12 @@ class CodexProvider extends AIProvider {
     // --full-auto: Non-interactive mode that auto-approves within sandbox bounds.
     // Combined with workspace-write sandbox, this limits damage to the worktree only.
     // Note: The -a flag is for interactive mode only; exec subcommand uses --full-auto.
+    //
+    // Shell environment config:
+    // - allow_login_shell=false: Prevents zsh from using -l flag, which would
+    //   reconstruct PATH from scratch and lose our BIN_DIR modification.
+    // - shell_environment_policy.include_only: Whitelist PATH, HOME, USER to be
+    //   inherited from the parent process, ensuring git-diff-lines is findable.
 
     // Build args: base args + provider extra_args + model extra_args
     // In yolo mode, bypass all sandbox restrictions and approval prompts
@@ -103,7 +110,12 @@ class CodexProvider extends AIProvider {
     const sandboxArgs = configOverrides.yolo
       ? ['--dangerously-bypass-approvals-and-sandbox']
       : ['--sandbox', 'workspace-write', '--full-auto'];
-    const baseArgs = ['exec', '-m', model, '--json', ...sandboxArgs, '-'];
+    // Shell env args prevent login shell from reconstructing PATH (orthogonal to
+    // sandbox permissions). Overridable via configOverrides.args following the
+    // same two-tier pattern as chat-providers.js: args replaces, extra_args appends.
+    const defaultShellEnvArgs = ['-c', 'allow_login_shell=false', '-c', 'shell_environment_policy.include_only=["PATH","HOME","USER"]'];
+    const configArgs = configOverrides.args || defaultShellEnvArgs;
+    const baseArgs = ['exec', '-m', model, '--json', ...sandboxArgs, ...configArgs, '-'];
     const providerArgs = configOverrides.extra_args || [];
     const modelConfig = configOverrides.models?.find(m => m.id === model);
     const modelArgs = modelConfig?.extra_args || [];

package/src/ai/copilot-provider.js

@@ -22,7 +22,7 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
  * GitHub Copilot CLI supports multiple AI models including OpenAI,
  * Anthropic, and Google models via the --model flag.
  * Available models (as of Feb 2026): claude-haiku-4.5, claude-sonnet-4.6,
- * claude-sonnet-4.5, gemini-3-pro-preview, gpt-5.2-codex, gpt-5.3-codex,
+ * claude-sonnet-4.5, gpt-5.2-codex, gpt-5.3-codex,
  * claude-opus-4.5, claude-opus-4.6, claude-opus-4.6-fast.
  * Default is claude-sonnet-4.6.
  */
@@ -55,15 +55,6 @@ const COPILOT_MODELS = [
     badge: 'Previous Gen',
     badgeClass: 'badge-balanced'
   },
-  {
-    id: 'gemini-3-pro-preview',
-    name: 'Gemini 3 Pro',
-    tier: 'balanced',
-    tagline: 'Strong Alternative',
-    description: "Google's most capable model—strong reasoning for cross-file analysis",
-    badge: 'Balanced',
-    badgeClass: 'badge-balanced'
-  },
   {
     id: 'gpt-5.2-codex',
     name: 'GPT-5.2 Codex',

package/src/ai/cursor-agent-provider.js

@@ -31,7 +31,7 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
  * Tier structure:
  * - free (auto): Cursor's default auto-routing model
  * - fast (composer-1, gpt-5.3-codex-fast, gemini-3-flash): Quick analysis
- * - balanced (composer-1.5, sonnet-4.6-thinking, sonnet-4.5-thinking, gemini-3-pro, gemini-3.1-pro): Recommended for most reviews
+ * - balanced (composer-1.5, sonnet-4.6-thinking, sonnet-4.5-thinking, gemini-3.1-pro): Recommended for most reviews
  * - thorough (gpt-5.3-codex-high, gpt-5.3-codex-xhigh, opus-4.5-thinking, opus-4.6-thinking): Deep analysis for complex code
  */
 const CURSOR_AGENT_MODELS = [
@@ -99,15 +99,6 @@ const CURSOR_AGENT_MODELS = [
     badge: 'Previous Gen',
     badgeClass: 'badge-balanced'
   },
-  {
-    id: 'gemini-3-pro',
-    name: 'Gemini 3 Pro',
-    tier: 'balanced',
-    tagline: 'Strong Alternative',
-    description: "Google's flagship model for code review—strong agentic and vibe coding capabilities",
-    badge: 'Balanced',
-    badgeClass: 'badge-balanced'
-  },
   {
     id: 'gemini-3.1-pro',
     name: 'Gemini 3.1 Pro',

package/src/ai/gemini-provider.js

@@ -21,8 +21,8 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
  */
 const GEMINI_MODELS = [
   {
-    id: 'gemini-3-flash',
-    aliases: ['gemini-3-flash-preview'],
+    id: 'gemini-3-flash-preview',
+    aliases: ['gemini-3-flash'],
     name: '3.0 Flash',
     tier: 'fast',
     tagline: 'Rapid Sanity Check',
@@ -41,22 +41,13 @@ const GEMINI_MODELS = [
     default: true
   },
   {
-    id: 'gemini-3-pro',
-    aliases: ['gemini-3-pro-preview'],
-    name: '3.0 Pro',
-    tier: 'thorough',
-    tagline: 'Architectural Audit',
-    description: 'Most intelligent Gemini model—advanced reasoning for deep architectural analysis',
-    badge: 'Deep Dive',
-    badgeClass: 'badge-power'
-  },
-  {
-    id: 'gemini-3.1-pro',
+    id: 'gemini-3.1-pro-preview',
+    aliases: ['gemini-3.1-pro'],
     name: '3.1 Pro',
     tier: 'thorough',
     tagline: 'Latest & Greatest',
     description: 'Newest Gemini model—cutting-edge reasoning for complex architectural reviews',
-    badge: 'Latest',
+    badge: 'Deep Dive',
     badgeClass: 'badge-power'
   }
 ];
@@ -124,9 +115,9 @@ class GeminiProvider extends AIProvider {
     // Use --output-format stream-json for JSONL streaming output (better debugging visibility)
     let baseArgs;
     if (configOverrides.yolo) {
-      // In yolo mode, use Gemini's --yolo flag to auto-approve all tools
-      // (including write operations and destructive shell commands)
-      baseArgs = ['-m', model, '-o', 'stream-json', '--yolo'];
+      // In yolo mode, auto-approve all tools (including write operations and destructive shell commands)
+      // Note: --yolo is deprecated in favor of --approval-mode=yolo
+      baseArgs = ['-m', model, '-o', 'stream-json', '--approval-mode', 'yolo'];
     } else {
       const readOnlyTools = [
         // File system tools (read-only)

package/src/chat/acp-bridge.js

@@ -0,0 +1,442 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+/**
+ * ACP (Agent Client Protocol) Bridge
+ *
+ * Manages a long-lived agent process using the ACP protocol for interactive
+ * chat sessions. Communicates over stdin/stdout using newline-delimited JSON-RPC.
+ * Mirrors the PiBridge EventEmitter interface so both can be used interchangeably.
+ *
+ * Emits high-level events: delta, complete, error, tool_use, status, ready, close, session.
+ */
+
+const { EventEmitter } = require('events');
+const { spawn } = require('child_process');
+const { Writable, Readable } = require('stream');
+const logger = require('../utils/logger');
+const { version: pkgVersion } = require('../../package.json');
+
+// Default dependencies (overridable for testing)
+const defaults = {
+  spawn,
+  acp: require('@agentclientprotocol/sdk'),
+  Writable,
+  Readable,
+};
+
+class AcpBridge extends EventEmitter {
+  /**
+   * @param {Object} options
+   * @param {string} [options.model] - Model ID
+   * @param {string} [options.cwd] - Working directory for agent process
+   * @param {string} [options.systemPrompt] - System prompt text
+   * @param {string} [options.acpCommand] - Agent binary (default: 'copilot')
+   * @param {string[]} [options.acpArgs] - Extra CLI args (default: ['--acp', '--stdio'])
+   * @param {Object} [options.env] - Extra env vars for subprocess
+   * @param {boolean} [options.useShell] - Use shell mode for multi-word commands
+   * @param {string} [options.resumeSessionId] - ACP session ID to resume via loadSession
+   * @param {Object} [options._deps] - Dependency injection for testing
+   */
+  constructor(options = {}) {
+    super();
+    this.model = options.model || null;
+    this.cwd = options.cwd || process.cwd();
+    this.systemPrompt = options.systemPrompt || null;
+    this.acpCommand = options.acpCommand || 'copilot';
+    this.acpArgs = options.acpArgs || ['--acp', '--stdio'];
+    this.env = options.env || {};
+    this.useShell = options.useShell || false;
+    this.resumeSessionId = options.resumeSessionId || null;
+
+    this._deps = { ...defaults, ...options._deps };
+    this._process = null;
+    this._connection = null;
+    this._sessionId = null;
+    this._ready = false;
+    this._closing = false;
+    this._accumulatedText = '';
+    this._inMessage = false;
+    this._firstMessage = !options.resumeSessionId;
+  }
+
+  /**
+   * Spawn the agent subprocess, perform ACP handshake, and create a session.
+   * Resolves once the session is established and the bridge is ready.
+   * @returns {Promise<void>}
+   */
+  async start() {
+    if (this._process) {
+      throw new Error('AcpBridge already started');
+    }
+
+    const deps = this._deps;
+    const command = this.acpCommand;
+    const args = [...this.acpArgs];
+    const useShell = this.useShell;
+
+    // For multi-word commands (e.g. "devx gemini"), use shell mode
+    const spawnCmd = useShell ? `${command} ${args.join(' ')}` : command;
+    const spawnArgs = useShell ? [] : args;
+
+    logger.info(`[AcpBridge] Starting ACP agent: ${command} ${args.join(' ')}`);
+
+    return new Promise((resolve, reject) => {
+      const proc = deps.spawn(spawnCmd, spawnArgs, {
+        cwd: this.cwd,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: { ...process.env, ...this.env },
+        shell: useShell,
+      });
+
+      this._process = proc;
+
+      // Handle spawn error (e.g., ENOENT)
+      proc.on('error', (err) => {
+        if (!this._ready) {
+          this._ready = false;
+          reject(new Error(`Failed to start ACP agent: ${err.message}`));
+        } else {
+          logger.error(`[AcpBridge] Process error: ${err.message}`);
+          this.emit('error', { error: err });
+        }
+      });
+
+      // Handle process exit
+      proc.on('close', (code, signal) => {
+        const wasReady = this._ready;
+        this._ready = false;
+        this._process = null;
+
+        if (!wasReady && !this._closing) {
+          reject(new Error(`ACP agent exited before ready (code=${code}, signal=${signal})`));
+        }
+
+        if (!this._closing) {
+          logger.warn(`[AcpBridge] Process exited unexpectedly (code=${code}, signal=${signal})`);
+          this.emit('error', { error: new Error(`ACP agent exited (code=${code}, signal=${signal})`) });
+        } else {
+          logger.info(`[AcpBridge] Process exited (code=${code}, signal=${signal})`);
+        }
+
+        this.emit('close');
+      });
+
+      // Collect stderr for diagnostics
+      proc.stderr.on('data', (data) => {
+        const text = data.toString().trim();
+        if (text) {
+          logger.debug(`[AcpBridge] stderr: ${text}`);
+        }
+      });
+
+      // Handle stdin errors (e.g., EPIPE if process dies)
+      proc.stdin.on('error', (err) => {
+        logger.error(`[AcpBridge] stdin error: ${err.message}`);
+      });
+
+      // Set up ACP connection
+      this._initializeConnection(proc, deps)
+        .then(() => {
+          this._ready = true;
+          logger.info(`[AcpBridge] Ready (PID ${proc.pid})`);
+          this.emit('ready');
+          resolve();
+        })
+        .catch((err) => {
+          if (!this._closing) {
+            reject(new Error(`ACP initialization failed: ${err.message}`));
+          }
+        });
+    });
+  }
+
+  /**
+   * Initialize the ACP connection, perform handshake, and create session.
+   * @param {ChildProcess} proc - The spawned agent process
+   * @param {Object} deps - Dependencies
+   * @returns {Promise<void>}
+   */
+  async _initializeConnection(proc, deps) {
+    const stream = deps.acp.ndJsonStream(
+      deps.Writable.toWeb(proc.stdin),
+      deps.Readable.toWeb(proc.stdout)
+    );
+
+    const bridge = this;
+    const clientHandler = {
+      sessionUpdate(params) {
+        bridge._handleSessionUpdate(params);
+      },
+      requestPermission(params) {
+        return bridge._handlePermission(params);
+      },
+    };
+
+    this._connection = new deps.acp.ClientSideConnection(
+      (_agent) => clientHandler,
+      stream
+    );
+
+    await this._connection.initialize({
+      protocolVersion: deps.acp.PROTOCOL_VERSION,
+      clientCapabilities: {},
+      clientInfo: { name: 'pair-review', version: pkgVersion },
+    });
+
+    if (this.resumeSessionId) {
+      // Resume a previous session — agent restores conversation history
+      await this._connection.loadSession({
+        sessionId: this.resumeSessionId,
+        cwd: this.cwd,
+        mcpServers: [],
+      });
+      this._sessionId = this.resumeSessionId;
+      logger.info(`[AcpBridge] Session resumed: ${this.resumeSessionId}`);
+    } else {
+      const { sessionId } = await this._connection.newSession({
+        cwd: this.cwd,
+        mcpServers: [],
+      });
+      this._sessionId = sessionId;
+      logger.info(`[AcpBridge] Session created: ${sessionId}`);
+    }
+
+    // Set model via ACP protocol if configured (unstable API)
+    if (this.model && this._connection.unstable_setSessionModel) {
+      try {
+        await this._connection.unstable_setSessionModel({
+          sessionId: this._sessionId,
+          modelId: this.model,
+        });
+        logger.info(`[AcpBridge] Model set: ${this.model}`);
+      } catch (err) {
+        logger.warn(`[AcpBridge] Failed to set model (agent may not support it): ${err.message}`);
+      }
+    }
+
+    // Emit session info once so session-manager can store the agent_session_id
+    this.emit('session', { sessionId: this._sessionId });
+  }
+
+  /**
+   * Send a user message to the ACP agent.
+   * Fire-and-forget: returns immediately, emits events as the agent responds.
+   * @param {string} content - The message text
+   */
+  async sendMessage(content) {
+    if (!this.isReady()) {
+      throw new Error('AcpBridge is not ready');
+    }
+
+    // Reset accumulated text for this new turn
+    this._accumulatedText = '';
+    this._inMessage = true;
+
+    let messageContent = content;
+    if (this.systemPrompt && this._firstMessage) {
+      messageContent = this.systemPrompt + '\n\n' + content;
+      this._firstMessage = false;
+    }
+
+    logger.debug(`[AcpBridge] Sending prompt (${messageContent.length} chars): ${messageContent.substring(0, 100)}${messageContent.length > 100 ? '...' : ''}`);
+
+    this._connection.prompt({
+      sessionId: this._sessionId,
+      prompt: [{ type: 'text', text: messageContent }],
+    })
+      .then(() => {
+        const fullText = this._accumulatedText;
+        this._accumulatedText = '';
+        this._inMessage = false;
+        logger.debug(`[AcpBridge] Prompt completed, accumulated ${fullText.length} chars`);
+        this.emit('complete', { fullText });
+      })
+      .catch((err) => {
+        this._inMessage = false;
+        logger.error(`[AcpBridge] Prompt error: ${err.message}`);
+        this.emit('error', { error: err });
+      });
+
+  }
+
+  /**
+   * Abort the current operation.
+   */
+  abort() {
+    if (!this.isReady() || !this._sessionId) return;
+    logger.debug('[AcpBridge] Sending cancel');
+    this._connection.cancel({ sessionId: this._sessionId }).catch((err) => {
+      logger.error(`[AcpBridge] Cancel error: ${err.message}`);
+    });
+  }
+
+  /**
+   * Gracefully shut down the ACP agent process.
+   * @returns {Promise<void>}
+   */
+  async close() {
+    if (!this._process) return;
+
+    this._closing = true;
+
+    // Cancel any in-flight prompt before tearing down
+    if (this._connection && this._sessionId) {
+      try { await this._connection.cancel({ sessionId: this._sessionId }); } catch { /* already dead */ }
+    }
+
+    this.removeAllListeners();
+
+    return new Promise((resolve) => {
+      const proc = this._process;
+      if (!proc) {
+        resolve();
+        return;
+      }
+
+      // Give the process a moment to exit gracefully, then force kill
+      const killTimeout = setTimeout(() => {
+        if (this._process) {
+          logger.warn('[AcpBridge] Force killing process');
+          this._process.kill('SIGKILL');
+        }
+      }, 3000);
+
+      const onClose = () => {
+        clearTimeout(killTimeout);
+        resolve();
+      };
+
+      proc.once('close', onClose);
+
+      // Send SIGTERM
+      proc.kill('SIGTERM');
+    });
+  }
+
+  /**
+   * Check if the ACP agent process is alive and ready.
+   * @returns {boolean}
+   */
+  isReady() {
+    return this._ready && this._process !== null && !this._closing;
+  }
+
+  /**
+   * Check if the bridge is currently processing a message.
+   * @returns {boolean}
+   */
+  isBusy() {
+    return this._inMessage;
+  }
+
+  // ---------------------------------------------------------------------------
+  // Private methods
+  // ---------------------------------------------------------------------------
+
+  /**
+   * Handle a sessionUpdate notification from the ACP agent.
+   * @param {Object} params - { sessionId, update }
+   */
+  _handleSessionUpdate(params) {
+    const update = params.update;
+    if (!update) return;
+
+    const type = update.sessionUpdate;
+
+    switch (type) {
+      case 'agent_message_chunk':
+        this._handleMessageChunk(update);
+        break;
+
+      case 'tool_call':
+        this.emit('tool_use', {
+          toolCallId: update.toolCallId,
+          toolName: update.title,
+          status: 'start',
+          kind: update.kind,
+        });
+        break;
+
+      case 'tool_call_update':
+        this._handleToolCallUpdate(update);
+        break;
+
+      case 'plan':
+        this.emit('status', { status: 'working' });
+        break;
+
+      default:
+        logger.debug(`[AcpBridge] Unhandled sessionUpdate type: ${type}`);
+    }
+  }
+
+  /**
+   * Handle an agent_message_chunk update containing streaming content.
+   * @param {Object} update - The agent_message_chunk update
+   */
+  _handleMessageChunk(update) {
+    const content = update.content;
+    if (!content) return;
+
+    if (content.type === 'text' && content.text) {
+      // ACP sends chunks as fragments of a continuous stream,
+      // so accumulate directly without paragraph separation.
+      this._accumulatedText += content.text;
+      this.emit('delta', { text: content.text });
+    }
+  }
+
+  /**
+   * Handle a tool_call_update, mapping ACP status to bridge status.
+   * @param {Object} update - The tool_call_update
+   */
+  _handleToolCallUpdate(update) {
+    let status;
+    switch (update.status) {
+      case 'completed':
+        status = 'end';
+        break;
+      case 'in_progress':
+        status = 'update';
+        break;
+      case 'failed':
+        status = 'end';
+        break;
+      default:
+        status = 'update';
+    }
+
+    this.emit('tool_use', {
+      toolCallId: update.toolCallId,
+      toolName: update.title,
+      status,
+    });
+  }
+
+  /**
+   * Handle a permission request from the ACP agent.
+   * Auto-approves by selecting the allow_once or allow_always option.
+   * @param {Object} params - { sessionId, toolCall, options }
+   * @returns {Object} - Permission outcome
+   */
+  _handlePermission(params) {
+    const options = params.options || [];
+
+    // Prefer allow_once, fall back to allow_always
+    const allowOnce = options.find((o) => o.kind === 'allow_once');
+    if (allowOnce) {
+      logger.debug(`[AcpBridge] Auto-approving permission (allow_once): ${allowOnce.name || allowOnce.optionId}`);
+      return { outcome: { outcome: 'selected', optionId: allowOnce.optionId } };
+    }
+
+    const allowAlways = options.find((o) => o.kind === 'allow_always');
+    if (allowAlways) {
+      logger.debug(`[AcpBridge] Auto-approving permission (allow_always): ${allowAlways.name || allowAlways.optionId}`);
+      return { outcome: { outcome: 'selected', optionId: allowAlways.optionId } };
+    }
+
+    logger.warn('[AcpBridge] No allow option found, cancelling permission request');
+    return { outcome: { outcome: 'cancelled' } };
+  }
+}
+
+module.exports = AcpBridge;