npm - @jigyasudham/veto - Versions diffs - 1.2.1 → 1.2.5 - Mend

@jigyasudham/veto 1.2.1 → 1.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (320) hide show

package/README.md +29 -6
package/dist/adapters/index.d.ts +46 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +47 -8
package/dist/adapters/index.js.map +1 -0
package/dist/agents/development/api.d.ts +3 -0
package/dist/agents/development/api.d.ts.map +1 -0
package/dist/agents/development/api.js.map +1 -0
package/dist/agents/development/backend.d.ts +3 -0
package/dist/agents/development/backend.d.ts.map +1 -0
package/dist/agents/development/backend.js.map +1 -0
package/dist/agents/development/coder.d.ts +3 -0
package/dist/agents/development/coder.d.ts.map +1 -0
package/dist/agents/development/coder.js.map +1 -0
package/dist/agents/development/database.d.ts +3 -0
package/dist/agents/development/database.d.ts.map +1 -0
package/dist/agents/development/database.js +175 -52
package/dist/agents/development/database.js.map +1 -0
package/dist/agents/development/debugger.d.ts +3 -0
package/dist/agents/development/debugger.d.ts.map +1 -0
package/dist/agents/development/debugger.js.map +1 -0
package/dist/agents/development/devops.d.ts +3 -0
package/dist/agents/development/devops.d.ts.map +1 -0
package/dist/agents/development/devops.js +190 -55
package/dist/agents/development/devops.js.map +1 -0
package/dist/agents/development/frontend.d.ts +3 -0
package/dist/agents/development/frontend.d.ts.map +1 -0
package/dist/agents/development/frontend.js.map +1 -0
package/dist/agents/development/migration.d.ts +3 -0
package/dist/agents/development/migration.d.ts.map +1 -0
package/dist/agents/development/migration.js.map +1 -0
package/dist/agents/development/performance.d.ts +3 -0
package/dist/agents/development/performance.d.ts.map +1 -0
package/dist/agents/development/performance.js.map +1 -0
package/dist/agents/development/refactor.d.ts +3 -0
package/dist/agents/development/refactor.d.ts.map +1 -0
package/dist/agents/development/refactor.js.map +1 -0
package/dist/agents/development/reviewer.d.ts +4 -0
package/dist/agents/development/reviewer.d.ts.map +1 -0
package/dist/agents/development/reviewer.js +34 -17
package/dist/agents/development/reviewer.js.map +1 -0
package/dist/agents/development/tester.d.ts +3 -0
package/dist/agents/development/tester.d.ts.map +1 -0
package/dist/agents/development/tester.js.map +1 -0
package/dist/agents/executor.d.ts +4 -0
package/dist/agents/executor.d.ts.map +1 -0
package/dist/agents/executor.js +10 -1
package/dist/agents/executor.js.map +1 -0
package/dist/agents/memory/context-manager.d.ts +3 -0
package/dist/agents/memory/context-manager.d.ts.map +1 -0
package/dist/agents/memory/context-manager.js.map +1 -0
package/dist/agents/memory/decision-logger.d.ts +3 -0
package/dist/agents/memory/decision-logger.d.ts.map +1 -0
package/dist/agents/memory/decision-logger.js.map +1 -0
package/dist/agents/memory/knowledge-base.d.ts +3 -0
package/dist/agents/memory/knowledge-base.d.ts.map +1 -0
package/dist/agents/memory/knowledge-base.js.map +1 -0
package/dist/agents/memory/pattern-learner.d.ts +3 -0
package/dist/agents/memory/pattern-learner.d.ts.map +1 -0
package/dist/agents/memory/pattern-learner.js.map +1 -0
package/dist/agents/memory/project-mapper.d.ts +3 -0
package/dist/agents/memory/project-mapper.d.ts.map +1 -0
package/dist/agents/memory/project-mapper.js.map +1 -0
package/dist/agents/quality/accessibility.d.ts +4 -0
package/dist/agents/quality/accessibility.d.ts.map +1 -0
package/dist/agents/quality/accessibility.js.map +1 -0
package/dist/agents/quality/code-quality.d.ts +4 -0
package/dist/agents/quality/code-quality.d.ts.map +1 -0
package/dist/agents/quality/code-quality.js.map +1 -0
package/dist/agents/quality/compatibility.d.ts +3 -0
package/dist/agents/quality/compatibility.d.ts.map +1 -0
package/dist/agents/quality/compatibility.js.map +1 -0
package/dist/agents/quality/documentation.d.ts +4 -0
package/dist/agents/quality/documentation.d.ts.map +1 -0
package/dist/agents/quality/documentation.js.map +1 -0
package/dist/agents/quality/error-handling.d.ts +4 -0
package/dist/agents/quality/error-handling.d.ts.map +1 -0
package/dist/agents/quality/error-handling.js.map +1 -0
package/dist/agents/research/competitor-analyzer.d.ts +3 -0
package/dist/agents/research/competitor-analyzer.d.ts.map +1 -0
package/dist/agents/research/competitor-analyzer.js.map +1 -0
package/dist/agents/research/cost-analyzer.d.ts +3 -0
package/dist/agents/research/cost-analyzer.d.ts.map +1 -0
package/dist/agents/research/cost-analyzer.js.map +1 -0
package/dist/agents/research/estimator.d.ts +3 -0
package/dist/agents/research/estimator.d.ts.map +1 -0
package/dist/agents/research/estimator.js.map +1 -0
package/dist/agents/research/ethics-bias.d.ts +3 -0
package/dist/agents/research/ethics-bias.d.ts.map +1 -0
package/dist/agents/research/ethics-bias.js.map +1 -0
package/dist/agents/research/researcher.d.ts +3 -0
package/dist/agents/research/researcher.d.ts.map +1 -0
package/dist/agents/research/researcher.js.map +1 -0
package/dist/agents/research/risk-assessor.d.ts +3 -0
package/dist/agents/research/risk-assessor.d.ts.map +1 -0
package/dist/agents/research/risk-assessor.js.map +1 -0
package/dist/agents/research/tech-advisor.d.ts +3 -0
package/dist/agents/research/tech-advisor.d.ts.map +1 -0
package/dist/agents/research/tech-advisor.js.map +1 -0
package/dist/agents/security/auth.d.ts +3 -0
package/dist/agents/security/auth.d.ts.map +1 -0
package/dist/agents/security/auth.js.map +1 -0
package/dist/agents/security/dependency-audit.d.ts +19 -0
package/dist/agents/security/dependency-audit.d.ts.map +1 -0
package/dist/agents/security/dependency-audit.js.map +1 -0
package/dist/agents/security/penetration.d.ts +3 -0
package/dist/agents/security/penetration.d.ts.map +1 -0
package/dist/agents/security/penetration.js.map +1 -0
package/dist/agents/security/privacy.d.ts +3 -0
package/dist/agents/security/privacy.d.ts.map +1 -0
package/dist/agents/security/privacy.js.map +1 -0
package/dist/agents/security/scanner.d.ts +4 -0
package/dist/agents/security/scanner.d.ts.map +1 -0
package/dist/agents/security/scanner.js.map +1 -0
package/dist/agents/security/secrets.d.ts +12 -0
package/dist/agents/security/secrets.d.ts.map +1 -0
package/dist/agents/security/secrets.js.map +1 -0
package/dist/agents/types.d.ts +62 -0
package/dist/agents/types.d.ts.map +1 -0
package/dist/agents/types.js.map +1 -0
package/dist/agents/workflow/automation.d.ts +3 -0
package/dist/agents/workflow/automation.d.ts.map +1 -0
package/dist/agents/workflow/automation.js.map +1 -0
package/dist/agents/workflow/file-manager.d.ts +3 -0
package/dist/agents/workflow/file-manager.d.ts.map +1 -0
package/dist/agents/workflow/file-manager.js.map +1 -0
package/dist/agents/workflow/git-agent.d.ts +3 -0
package/dist/agents/workflow/git-agent.d.ts.map +1 -0
package/dist/agents/workflow/git-agent.js.map +1 -0
package/dist/agents/workflow/reporter.d.ts +3 -0
package/dist/agents/workflow/reporter.d.ts.map +1 -0
package/dist/agents/workflow/reporter.js.map +1 -0
package/dist/agents/workflow/search-agent.d.ts +3 -0
package/dist/agents/workflow/search-agent.d.ts.map +1 -0
package/dist/agents/workflow/search-agent.js.map +1 -0
package/dist/agents/workflow/task-coordinator.d.ts +3 -0
package/dist/agents/workflow/task-coordinator.d.ts.map +1 -0
package/dist/agents/workflow/task-coordinator.js.map +1 -0
package/dist/agents/workflow/task-planner.d.ts +3 -0
package/dist/agents/workflow/task-planner.d.ts.map +1 -0
package/dist/agents/workflow/task-planner.js.map +1 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +65 -4
package/dist/cli.js.map +1 -0
package/dist/context/reader.d.ts +12 -0
package/dist/context/reader.d.ts.map +1 -0
package/dist/context/reader.js.map +1 -0
package/dist/council/decision-engine.d.ts +11 -0
package/dist/council/decision-engine.d.ts.map +1 -0
package/dist/council/decision-engine.js.map +1 -0
package/dist/council/devil-advocate.d.ts +3 -0
package/dist/council/devil-advocate.d.ts.map +1 -0
package/dist/council/devil-advocate.js +46 -0
package/dist/council/devil-advocate.js.map +1 -0
package/dist/council/index.d.ts +4 -0
package/dist/council/index.d.ts.map +1 -0
package/dist/council/index.js +9 -11
package/dist/council/index.js.map +1 -0
package/dist/council/lead-developer.d.ts +3 -0
package/dist/council/lead-developer.d.ts.map +1 -0
package/dist/council/lead-developer.js +65 -1
package/dist/council/lead-developer.js.map +1 -0
package/dist/council/legal-compliance.d.ts +3 -0
package/dist/council/legal-compliance.d.ts.map +1 -0
package/dist/council/legal-compliance.js +43 -0
package/dist/council/legal-compliance.js.map +1 -0
package/dist/council/product-manager.d.ts +3 -0
package/dist/council/product-manager.d.ts.map +1 -0
package/dist/council/product-manager.js +47 -0
package/dist/council/product-manager.js.map +1 -0
package/dist/council/security.d.ts +3 -0
package/dist/council/security.d.ts.map +1 -0
package/dist/council/security.js +48 -0
package/dist/council/security.js.map +1 -0
package/dist/council/system-architect.d.ts +3 -0
package/dist/council/system-architect.d.ts.map +1 -0
package/dist/council/system-architect.js +53 -1
package/dist/council/system-architect.js.map +1 -0
package/dist/council/types.d.ts +32 -0
package/dist/council/types.d.ts.map +1 -0
package/dist/council/types.js.map +1 -0
package/dist/council/ux-designer.d.ts +3 -0
package/dist/council/ux-designer.d.ts.map +1 -0
package/dist/council/ux-designer.js +44 -1
package/dist/council/ux-designer.js.map +1 -0
package/dist/github/pr-fetcher.d.ts +25 -0
package/dist/github/pr-fetcher.d.ts.map +1 -0
package/dist/github/pr-fetcher.js +60 -0
package/dist/github/pr-fetcher.js.map +1 -0
package/dist/memory/local.d.ts +144 -0
package/dist/memory/local.d.ts.map +1 -0
package/dist/memory/local.js +34 -24
package/dist/memory/local.js.map +1 -0
package/dist/memory/schema.d.ts +81 -0
package/dist/memory/schema.d.ts.map +1 -0
package/dist/memory/schema.js +2 -1
package/dist/memory/schema.js.map +1 -0
package/dist/memory/sync.d.ts +24 -0
package/dist/memory/sync.d.ts.map +1 -0
package/dist/memory/sync.js.map +1 -0
package/dist/plugins/loader.d.ts +13 -0
package/dist/plugins/loader.d.ts.map +1 -0
package/dist/plugins/loader.js.map +1 -0
package/dist/router/complexity-scorer.d.ts +18 -0
package/dist/router/complexity-scorer.d.ts.map +1 -0
package/dist/router/complexity-scorer.js.map +1 -0
package/dist/router/context-compressor.d.ts +11 -0
package/dist/router/context-compressor.d.ts.map +1 -0
package/dist/router/context-compressor.js.map +1 -0
package/dist/router/index.d.ts +27 -0
package/dist/router/index.d.ts.map +1 -0
package/dist/router/index.js.map +1 -0
package/dist/router/learning-updater.d.ts +61 -0
package/dist/router/learning-updater.d.ts.map +1 -0
package/dist/router/learning-updater.js.map +1 -0
package/dist/router/model-selector.d.ts +14 -0
package/dist/router/model-selector.d.ts.map +1 -0
package/dist/router/model-selector.js.map +1 -0
package/dist/router/rate-monitor.d.ts +19 -0
package/dist/router/rate-monitor.d.ts.map +1 -0
package/dist/router/rate-monitor.js.map +1 -0
package/dist/server.d.ts +3 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +297 -73
package/dist/server.js.map +1 -0
package/dist/skills/development/skill-api-design.d.ts +15 -0
package/dist/skills/development/skill-api-design.d.ts.map +1 -0
package/dist/skills/development/skill-api-design.js.map +1 -0
package/dist/skills/development/skill-auth.d.ts +15 -0
package/dist/skills/development/skill-auth.d.ts.map +1 -0
package/dist/skills/development/skill-auth.js.map +1 -0
package/dist/skills/development/skill-ci-cd.d.ts +2 -0
package/dist/skills/development/skill-ci-cd.d.ts.map +1 -0
package/dist/skills/development/skill-ci-cd.js.map +1 -0
package/dist/skills/development/skill-crud.d.ts +15 -0
package/dist/skills/development/skill-crud.d.ts.map +1 -0
package/dist/skills/development/skill-crud.js.map +1 -0
package/dist/skills/development/skill-db-schema.d.ts +2 -0
package/dist/skills/development/skill-db-schema.d.ts.map +1 -0
package/dist/skills/development/skill-db-schema.js.map +1 -0
package/dist/skills/development/skill-docker.d.ts +2 -0
package/dist/skills/development/skill-docker.d.ts.map +1 -0
package/dist/skills/development/skill-docker.js.map +1 -0
package/dist/skills/development/skill-env-setup.d.ts +2 -0
package/dist/skills/development/skill-env-setup.d.ts.map +1 -0
package/dist/skills/development/skill-env-setup.js.map +1 -0
package/dist/skills/development/skill-scaffold.d.ts +15 -0
package/dist/skills/development/skill-scaffold.d.ts.map +1 -0
package/dist/skills/development/skill-scaffold.js.map +1 -0
package/dist/skills/intelligence/skill-complexity-score.d.ts +15 -0
package/dist/skills/intelligence/skill-complexity-score.d.ts.map +1 -0
package/dist/skills/intelligence/skill-complexity-score.js.map +1 -0
package/dist/skills/intelligence/skill-cost-track.d.ts +14 -0
package/dist/skills/intelligence/skill-cost-track.d.ts.map +1 -0
package/dist/skills/intelligence/skill-cost-track.js.map +1 -0
package/dist/skills/intelligence/skill-learning-loop.d.ts +15 -0
package/dist/skills/intelligence/skill-learning-loop.d.ts.map +1 -0
package/dist/skills/intelligence/skill-learning-loop.js.map +1 -0
package/dist/skills/intelligence/skill-pattern-detect.d.ts +14 -0
package/dist/skills/intelligence/skill-pattern-detect.d.ts.map +1 -0
package/dist/skills/intelligence/skill-pattern-detect.js.map +1 -0
package/dist/skills/intelligence/skill-rate-watch.d.ts +15 -0
package/dist/skills/intelligence/skill-rate-watch.d.ts.map +1 -0
package/dist/skills/intelligence/skill-rate-watch.js.map +1 -0
package/dist/skills/memory/skill-context-compress.d.ts +15 -0
package/dist/skills/memory/skill-context-compress.d.ts.map +1 -0
package/dist/skills/memory/skill-context-compress.js.map +1 -0
package/dist/skills/memory/skill-cross-sync.d.ts +15 -0
package/dist/skills/memory/skill-cross-sync.d.ts.map +1 -0
package/dist/skills/memory/skill-cross-sync.js.map +1 -0
package/dist/skills/memory/skill-decision-log.d.ts +15 -0
package/dist/skills/memory/skill-decision-log.d.ts.map +1 -0
package/dist/skills/memory/skill-decision-log.js.map +1 -0
package/dist/skills/memory/skill-session-restore.d.ts +15 -0
package/dist/skills/memory/skill-session-restore.d.ts.map +1 -0
package/dist/skills/memory/skill-session-restore.js.map +1 -0
package/dist/skills/memory/skill-session-save.d.ts +15 -0
package/dist/skills/memory/skill-session-save.d.ts.map +1 -0
package/dist/skills/memory/skill-session-save.js.map +1 -0
package/dist/skills/quality/skill-accessibility.d.ts +2 -0
package/dist/skills/quality/skill-accessibility.d.ts.map +1 -0
package/dist/skills/quality/skill-accessibility.js.map +1 -0
package/dist/skills/quality/skill-code-review.d.ts +15 -0
package/dist/skills/quality/skill-code-review.d.ts.map +1 -0
package/dist/skills/quality/skill-code-review.js.map +1 -0
package/dist/skills/quality/skill-docs-gen.d.ts +2 -0
package/dist/skills/quality/skill-docs-gen.d.ts.map +1 -0
package/dist/skills/quality/skill-docs-gen.js.map +1 -0
package/dist/skills/quality/skill-perf-audit.d.ts +2 -0
package/dist/skills/quality/skill-perf-audit.d.ts.map +1 -0
package/dist/skills/quality/skill-perf-audit.js.map +1 -0
package/dist/skills/quality/skill-security-scan.d.ts +15 -0
package/dist/skills/quality/skill-security-scan.d.ts.map +1 -0
package/dist/skills/quality/skill-security-scan.js.map +1 -0
package/dist/skills/quality/skill-test-suite.d.ts +15 -0
package/dist/skills/quality/skill-test-suite.d.ts.map +1 -0
package/dist/skills/quality/skill-test-suite.js.map +1 -0
package/dist/skills/workflow/skill-deploy.d.ts +2 -0
package/dist/skills/workflow/skill-deploy.d.ts.map +1 -0
package/dist/skills/workflow/skill-deploy.js.map +1 -0
package/dist/skills/workflow/skill-git-workflow.d.ts +2 -0
package/dist/skills/workflow/skill-git-workflow.d.ts.map +1 -0
package/dist/skills/workflow/skill-git-workflow.js.map +1 -0
package/dist/skills/workflow/skill-rollback.d.ts +2 -0
package/dist/skills/workflow/skill-rollback.d.ts.map +1 -0
package/dist/skills/workflow/skill-rollback.js.map +1 -0
package/dist/skills/workflow/skill-task-breakdown.d.ts +2 -0
package/dist/skills/workflow/skill-task-breakdown.d.ts.map +1 -0
package/dist/skills/workflow/skill-task-breakdown.js.map +1 -0
package/dist/watcher/index.d.ts +23 -0
package/dist/watcher/index.d.ts.map +1 -0
package/dist/watcher/index.js.map +1 -0
package/dist/workflow/pipeline.d.ts +35 -0
package/dist/workflow/pipeline.d.ts.map +1 -0
package/dist/workflow/pipeline.js.map +1 -0
package/package.json +8 -4
package/dist/adapters/claude.js +0 -57
package/dist/adapters/codex.js +0 -58
package/dist/adapters/gemini.js +0 -58

package/dist/server.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":""}

package/dist/server.js CHANGED Viewed

@@ -1,25 +1,28 @@
 #!/usr/bin/env node
-// Veto MCP Server — Phase 1 skeleton
-// Exposes: veto_status, veto_session_save, veto_session_restore, veto_sessions_list
+// Veto MCP Server — 41 tools, 15 phases, self-learning router
 // Suppress node:sqlite experimental warning — it would corrupt the MCP stdio protocol
 process.removeAllListeners('warning');
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, ListPromptsRequestSchema, GetPromptRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
 import { buildContextString } from './context/reader.js';
-import { saveSession, restoreSession, listSessions, getDbPath, saveCouncilOutcome, storeKnowledge, searchKnowledge, deleteKnowledge, updateProjectMap, getProjectMap, upsertPattern, getPatterns, getContextStatus, fetchAndCacheDocs, saveTaskPlan, getUsageStatus, getAuditLog, getHealthStats, CONTEXT_WINDOWS, } from './memory/local.js';
+import { saveSession, restoreSession, listSessions, closeSession, getDbPath, saveCouncilOutcome, storeKnowledge, searchKnowledge, deleteKnowledge, updateProjectMap, getProjectMap, upsertPattern, getPatterns, getContextStatus, fetchAndCacheDocs, saveTaskPlan, getUsageStatus, getAuditLog, getHealthStats, CONTEXT_WINDOWS, } from './memory/local.js';
 import { exportMemory, importMemory } from './memory/sync.js';
 import { runDebate } from './council/index.js';
-import { routeTask, getRateStatus, recordOutcome, getLearningStats, applyLearnedThresholds, getAgentPerformanceStats, getTaskTypeBreakdown, getCouncilInsights, getRecommendedAgent } from './router/index.js';
+import { routeTask, getRateStatus, recordOutcome, getLearningStats, getLearnedThresholds, applyLearnedThresholds, getAgentPerformanceStats, getTaskTypeBreakdown, getCouncilInsights, getRecommendedAgent } from './router/index.js';
 import { executeParallel, executeOne } from './agents/executor.js';
 import { handoff, continueSession, getPlatformSetup } from './adapters/index.js';
 import { startWatch, pollWatch, stopWatch } from './watcher/index.js';
 import { runPipeline } from './workflow/pipeline.js';
 import { loadPlugins, listPlugins } from './plugins/loader.js';
+import { fetchPrDiff } from './github/pr-fetcher.js';
 import { readFileSync, statSync } from 'node:fs';
-import { extname, basename } from 'node:path';
+import { extname, basename, join, dirname } from 'node:path';
 import { createHash } from 'node:crypto';
-const VERSION = '1.2.0';
+import { fileURLToPath } from 'node:url';
+import { execSync as execSyncTop } from 'node:child_process';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const { version: VERSION } = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf8'));
 // Tracks the project_dir of the most recently active session in this process.
 // Used as a fallback when memory_store/memory_search are called without an explicit project_dir,
 // so memories are automatically scoped to the current project.
@@ -28,6 +31,30 @@ let activeProjectDir = null;
 const SERVER_START_TIME = Date.now();
 let serverErrorCount = 0;
 let lastServerError = null;
+const autoSave = {
+    threshold_pct: 70,
+    cooldown_ms: 5 * 60 * 1000, // 5 min between auto-saves
+    last_save_at: null,
+    last_session_id: null,
+    cached: null,
+};
+function maybeAutoSave(token_count, platform) {
+    if (!autoSave.cached)
+        return { triggered: false };
+    const window_size = CONTEXT_WINDOWS[platform] ?? 200_000;
+    const usage_pct = Math.round((token_count / window_size) * 100);
+    if (usage_pct < autoSave.threshold_pct)
+        return { triggered: false };
+    if (autoSave.last_save_at) {
+        const elapsed = Date.now() - new Date(autoSave.last_save_at).getTime();
+        if (elapsed < autoSave.cooldown_ms)
+            return { triggered: false };
+    }
+    const result = saveSession({ ...autoSave.cached, token_count, platform });
+    autoSave.last_save_at = result.saved_at;
+    autoSave.last_session_id = result.session_id;
+    return { triggered: true, session_id: result.session_id, usage_pct };
+}
 const server = new Server({ name: 'veto', version: VERSION }, {
     capabilities: {
         tools: {},
@@ -40,7 +67,26 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
     tools: [
         {
             name: 'veto_status',
-            description: 'Returns Veto server status, version, and database info.',
+            description: 'Returns Veto server status, version, and database info. Pass token_count to trigger auto-save if context usage crosses 70%.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    token_count: {
+                        type: 'number',
+                        description: 'Current session token count. If provided and context usage ≥ 70%, Veto auto-saves the last known session context in the background.',
+                    },
+                    platform: {
+                        type: 'string',
+                        description: 'AI platform (claude, gemini, codex). Used to select the correct context window for threshold calculation. Defaults to "claude".',
+                        enum: ['claude', 'gemini', 'codex'],
+                    },
+                },
+                required: [],
+            },
+        },
+        {
+            name: 'veto_autosave_status',
+            description: 'Returns the current auto-save state: whether a context is cached, the threshold, the last auto-save time, and the session ID.',
             inputSchema: {
                 type: 'object',
                 properties: {},
@@ -675,13 +721,44 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
                 required: ['project_dir'],
             },
         },
+        {
+            name: 'veto_pr_review',
+            description: 'Fetches a GitHub PR diff and runs the full Veto triple-scan (code review + security + secrets). Returns a structured verdict and ready-to-post GitHub review comments. Set GITHUB_TOKEN env var for private repos.',
+            inputSchema: {
+                type: 'object',
+                properties: {
+                    pr_url: { type: 'string', description: 'Full GitHub PR URL. e.g. https://github.com/owner/repo/pull/123' },
+                    context: { type: 'string', description: 'Optional: PR description or ticket number for extra context.' },
+                    fail_on: { type: 'string', enum: ['warn', 'fail'], description: 'Whether WARN counts as a failure. Default: "fail".' },
+                },
+                required: ['pr_url'],
+            },
+        },
     ],
 }));
+// ─── Shared Scan Utility ──────────────────────────────────────────────────────
+async function runTripleScan(diff, context) {
+    const [reviewResult, secResult, secretsResult] = await Promise.all([
+        executeOne({ id: 'scan-review', agent: 'reviewer', task: 'Review this git diff for code quality issues', code: diff, context }),
+        executeOne({ id: 'scan-sec', agent: 'security-scanner', task: 'Scan this git diff for security vulnerabilities', code: diff, context }),
+        executeOne({ id: 'scan-secrets', agent: 'secrets', task: 'Scan this git diff for exposed secrets or credentials', code: diff }),
+    ]);
+    const hasBlocking = (reviewResult.analysis?.critical_count ?? 0) > 0
+        || (secResult.analysis?.critical_count ?? 0) > 0
+        || (secretsResult.analysis?.critical_count ?? 0) > 0;
+    const hasWarnings = (reviewResult.analysis?.high_count ?? 0) > 0
+        || (secResult.analysis?.high_count ?? 0) > 0;
+    const verdict = hasBlocking ? 'fail' : hasWarnings ? 'warn' : 'pass';
+    return { reviewResult, secResult, secretsResult, verdict };
+}
 // ─── Tool Handlers ────────────────────────────────────────────────────────────
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     switch (name) {
         case 'veto_status': {
+            const statusTokenCount = typeof args?.token_count === 'number' ? args.token_count : null;
+            const statusPlatform = args?.platform ? String(args.platform) : 'claude';
+            const autoSaveResult = statusTokenCount !== null ? maybeAutoSave(statusTokenCount, statusPlatform) : null;
             return {
                 content: [
                     {
@@ -690,29 +767,70 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                             status: 'running',
                             version: VERSION,
                             server: 'veto',
-                            phase: 8,
-                            capabilities: ['session_save', 'session_restore', 'router', 'rate_monitor', 'council_debate', 'agent_plan', 'code_review', 'security_scan', 'secrets_scan', 'parallel_exec', 'memory_store', 'memory_search', 'project_map', 'pattern_store', 'memory_export', 'memory_import', 'learning_stats', 'learning_apply', 'record_outcome', 'handoff', 'continue', 'platform_setup'],
+                            phase: 16,
+                            capabilities: [
+                                'session_save', 'session_restore', 'sessions_list',
+                                'router', 'rate_monitor',
+                                'council_debate',
+                                'agent_plan', 'parallel_exec',
+                                'code_review', 'diff_review', 'security_scan', 'secrets_scan', 'ci_gate',
+                                'workflow', 'watch',
+                                'explain',
+                                'memory_store', 'memory_search', 'memory_delete', 'memory_export', 'memory_import',
+                                'project_map', 'pattern_store',
+                                'learning_stats', 'learning_apply', 'record_outcome',
+                                'handoff', 'continue', 'platform_setup',
+                                'plugins',
+                                'docs_fetch', 'context_status', 'task_parse',
+                                'usage_status', 'audit_log', 'health',
+                                'auto_save',
+                            ],
                             db_path: getDbPath(),
                             uptime_ms: process.uptime() * 1000,
                             timestamp: new Date().toISOString(),
+                            ...(autoSaveResult?.triggered ? { auto_save: { triggered: true, session_id: autoSaveResult.session_id, usage_pct: autoSaveResult.usage_pct } } : {}),
                         }, null, 2),
                     },
                 ],
             };
         }
+        case 'veto_autosave_status': {
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            threshold_pct: autoSave.threshold_pct,
+                            cooldown_ms: autoSave.cooldown_ms,
+                            context_cached: autoSave.cached !== null,
+                            cached_summary: autoSave.cached?.summary ?? null,
+                            last_save_at: autoSave.last_save_at,
+                            last_session_id: autoSave.last_session_id,
+                            note: 'Auto-save fires when veto_status is called with token_count ≥ threshold_pct% of context window.',
+                        }, null, 2),
+                    }],
+            };
+        }
         case 'veto_session_save': {
             const sessionProjectDir = args?.project_dir ? String(args.project_dir) : undefined;
             if (sessionProjectDir)
                 activeProjectDir = sessionProjectDir;
+            const savePlatform = args?.platform ? String(args.platform) : 'claude';
+            const saveSummary = String(args?.summary ?? '');
+            const saveContext = String(args?.context ?? '');
+            const saveTaskState = args?.task_state ? String(args.task_state) : undefined;
             const result = saveSession({
-                summary: String(args?.summary ?? ''),
-                context: String(args?.context ?? ''),
-                task_state: args?.task_state ? String(args.task_state) : undefined,
-                platform: args?.platform ? String(args.platform) : 'claude',
+                summary: saveSummary,
+                context: saveContext,
+                task_state: saveTaskState,
+                platform: savePlatform,
                 connection_type: args?.connection_type ? String(args.connection_type) : 'subscription',
                 project_dir: sessionProjectDir,
                 token_count: typeof args?.token_count === 'number' ? args.token_count : 0,
             });
+            // Cache for auto-save: future veto_status calls with high token_count will re-save this context
+            autoSave.cached = { summary: saveSummary, context: saveContext, task_state: saveTaskState, platform: savePlatform, project_dir: sessionProjectDir };
+            autoSave.last_save_at = result.saved_at;
+            autoSave.last_session_id = result.session_id;
             const responseObj = {
                 success: true,
                 message: result.context_warning
@@ -826,11 +944,13 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                     isError: true,
                 };
             }
-            const result = await runDebate({
+            const debateStart = Date.now();
+            const result = runDebate({
                 task,
                 context: args?.context ? String(args.context) : undefined,
                 project_dir: args?.project_dir ? String(args.project_dir) : undefined,
             });
+            const debateDuration = Date.now() - debateStart;
             const outcomeId = saveCouncilOutcome({
                 session_id: args?.session_id ? String(args.session_id) : undefined,
                 task,
@@ -843,6 +963,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 legal: JSON.stringify(result.votes.legal),
                 security: JSON.stringify(result.votes.security),
                 recommended: result.recommended,
+                duration_ms: debateDuration,
             });
             return {
                 content: [
@@ -904,13 +1025,12 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             // Resolve diff — use provided or read from git
             let diff = args?.diff ? String(args.diff).trim() : '';
             if (!diff && projectDir) {
-                const { execSync: execSyncDiff } = await import('node:child_process');
                 try {
-                    diff = execSyncDiff('git diff HEAD --no-color', {
+                    diff = execSyncTop('git diff HEAD --no-color', {
                         cwd: projectDir, timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
                     }).toString().trim();
                     if (!diff) {
-                        diff = execSyncDiff('git diff --cached --no-color', {
+                        diff = execSyncTop('git diff --cached --no-color', {
                             cwd: projectDir, timeout: 5000, stdio: ['pipe', 'pipe', 'pipe'],
                         }).toString().trim();
                     }
@@ -923,20 +1043,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             // Parse changed files from diff header lines
             const changedFiles = [...diff.matchAll(/^diff --git a\/.+ b\/(.+)$/gm)].map(m => m[1]);
             const diffChunks = diff.split(/^diff --git /m).filter(Boolean);
-            // Run code-review, security-scan, secrets-scan in parallel across the full diff
             const context = buildContextString(projectDir, userContext);
-            const [reviewResult, secResult, secretsResult] = await Promise.all([
-                executeOne({ id: 'diff-review', agent: 'reviewer', task: 'Review this git diff for code quality issues', code: diff, context }),
-                executeOne({ id: 'diff-sec', agent: 'security-scanner', task: 'Scan this git diff for security vulnerabilities', code: diff, context }),
-                executeOne({ id: 'diff-secrets', agent: 'secrets', task: 'Scan this git diff for exposed secrets or credentials', code: diff }),
-            ]);
-            // Derive overall verdict
-            const hasBlocking = (reviewResult.analysis?.critical_count ?? 0) > 0
-                || (secResult.analysis?.critical_count ?? 0) > 0
-                || (secretsResult.analysis?.critical_count ?? 0) > 0;
-            const hasWarnings = (reviewResult.analysis?.high_count ?? 0) > 0
-                || (secResult.analysis?.high_count ?? 0) > 0;
-            const verdict = hasBlocking ? 'fail' : hasWarnings ? 'warn' : 'pass';
+            const { reviewResult, secResult, secretsResult, verdict } = await runTripleScan(diff, context);
             const verdictEmoji = verdict === 'pass' ? '✅ PASS' : verdict === 'warn' ? '⚠️  WARN' : '❌ FAIL';
             // Per-file finding counts (approximate from line refs)
             const fileFindings = {};
@@ -1166,15 +1274,28 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (!summary || !context) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'summary and context are required.' }) }], isError: true };
             }
+            const handoffPlatform = args?.from_platform ? String(args.from_platform) : 'claude';
+            const handoffTaskState = args?.task_state ? String(args.task_state) : undefined;
+            const handoffProjectDir = args?.project_dir ? String(args.project_dir) : undefined;
             const result = handoff({
                 summary,
                 context,
-                task_state: args?.task_state ? String(args.task_state) : undefined,
-                from_platform: args?.from_platform ? String(args.from_platform) : 'claude',
+                task_state: handoffTaskState,
+                from_platform: handoffPlatform,
                 to_platform: args?.to_platform ? String(args.to_platform) : undefined,
-                project_dir: args?.project_dir ? String(args.project_dir) : undefined,
+                project_dir: handoffProjectDir,
                 token_count: typeof args?.token_count === 'number' ? args.token_count : 0,
             });
+            // Cache for auto-save
+            autoSave.cached = { summary, context, task_state: handoffTaskState, platform: handoffPlatform, project_dir: handoffProjectDir };
+            autoSave.last_save_at = result.saved_at;
+            autoSave.last_session_id = result.session_id;
+            // Close the current session so ended_at is recorded
+            if (activeProjectDir) {
+                const sessions = listSessions(1);
+                if (sessions[0] && sessions[0].id !== result.session_id)
+                    closeSession(sessions[0].id);
+            }
             return { content: [{ type: 'text', text: result.instructions + '\n\n' + JSON.stringify({ session_id: result.session_id, to_platform: result.to_platform, saved_at: result.saved_at, reason: result.reason }, null, 2) }] };
         }
         case 'veto_continue': {
@@ -1229,10 +1350,19 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             const includeTaskTypes = args?.include_task_types === true;
             const includeCouncil = args?.include_council_insights === true;
             const stats = getLearningStats();
+            const learned = getLearnedThresholds();
             const result = {
                 total_outcomes: stats.total_tasks,
                 tier_breakdown: stats.tier_breakdown,
-                current_thresholds: { tier1_max: 30, tier2_max: 70, note: 'defaults — call veto_learning_apply to update from data' },
+                current_thresholds: {
+                    tier1_max: learned.tier1_max,
+                    tier2_max: learned.tier2_max,
+                    source: learned.source,
+                    data_points: learned.data_points,
+                    note: learned.source === 'learned'
+                        ? `Learned from ${learned.data_points} outcomes.`
+                        : 'Using defaults — call veto_learning_apply after 20+ outcomes to update from data.',
+                },
                 suggested_thresholds: stats.suggested_thresholds,
                 ready_to_apply: stats.total_tasks >= 20,
             };
@@ -1350,7 +1480,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (!package_name) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'package_name is required.' }) }], isError: true };
             }
-            const result = await fetchAndCacheDocs(package_name, ecosystem, version, max_chars);
+            const result = await fetchAndCacheDocs(package_name, ecosystem, version, max_chars, VERSION);
             if (!result) {
                 return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: `Could not fetch docs for ${package_name} (${ecosystem}). Source may be offline — try again.` }) }], isError: true };
             }
@@ -1378,15 +1508,54 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             const planResult = await executeOne({ id: 'task-parse-1', agent: 'task-planner', task: `Parse this project description into a structured task breakdown with dependencies and complexity scores (max ${max_tasks} tasks):\n\n${description}`, context: ctx || undefined, project_dir });
             // Build structured task DAG from planner output
             const steps = planResult.plan?.steps ?? [];
-            const tasks = steps.slice(0, max_tasks).map((step, i) => ({
-                id: `task-${i + 1}`,
-                title: step,
-                complexity: Math.min(10, Math.max(1, Math.round((i / steps.length) * 10) + 3)),
-                priority: i === 0 ? 'critical' : i < 3 ? 'high' : i < steps.length - 2 ? 'medium' : 'low',
-                depends_on: i > 0 ? [`task-${i}`] : [],
-                suggested_agent: 'coder',
-                estimated_hours: 2,
-            }));
+            // Agent keyword map — pick the most relevant agent based on step keywords
+            const agentKeywords = [
+                { keywords: /test|spec|coverage|assert|unit|integration/i, agent: 'tester' },
+                { keywords: /secur|auth|jwt|oauth|permission|role|encrypt|hash/i, agent: 'auth' },
+                { keywords: /database|schema|migrat|sql|query|index|table/i, agent: 'database' },
+                { keywords: /api|endpoint|rest|graphql|route|openapi/i, agent: 'api' },
+                { keywords: /ui|component|frontend|react|vue|svelte|html|css|style/i, agent: 'frontend' },
+                { keywords: /docker|deploy|ci|cd|pipeline|container|k8s|infra/i, agent: 'devops' },
+                { keywords: /refactor|clean|restructure|rename|extract/i, agent: 'refactor' },
+                { keywords: /review|audit|quality|lint|check/i, agent: 'reviewer' },
+                { keywords: /debug|fix|bug|error|crash|trace|diagnos/i, agent: 'debugger' },
+                { keywords: /document|readme|comment|jsdoc|wiki/i, agent: 'documentation' },
+                { keywords: /perform|optim|speed|cache|profil|latency/i, agent: 'performance' },
+                { keywords: /migrat|upgrade|version|port|convert/i, agent: 'migration' },
+            ];
+            function pickAgent(step) {
+                for (const { keywords, agent } of agentKeywords) {
+                    if (keywords.test(step))
+                        return agent;
+                }
+                return 'coder';
+            }
+            // Complexity scoring: longer, more-keyword-dense steps = higher complexity
+            function scoreStep(step) {
+                const words = step.split(/\s+/).length;
+                const hasComplexWords = /integrat|architect|design|implement|optim|migrat|refactor/i.test(step);
+                const base = Math.min(7, Math.max(2, Math.round(words / 3)));
+                return hasComplexWords ? Math.min(10, base + 2) : base;
+            }
+            // Dependency inference: look for explicit "after", "before", "requires", "depends" keywords
+            function inferDeps(step, allSteps, idx) {
+                const lower = step.toLowerCase();
+                if (/^(deploy|test|release|publish|document)/i.test(step.trim()) && idx > 0) {
+                    return [`task-${idx}`];
+                }
+                if (/after.{0,30}(setup|init|instal|creat|build)/i.test(lower) && idx > 0) {
+                    return [`task-${idx}`];
+                }
+                return idx > 0 && /integrat|connect|wire|link/i.test(lower) ? [`task-${idx}`] : [];
+            }
+            const tasks = steps.slice(0, max_tasks).map((step, i) => {
+                const complexity = scoreStep(step);
+                const agent = pickAgent(step);
+                const deps = inferDeps(step, steps, i);
+                const priority = i === 0 ? 'critical' : complexity >= 7 ? 'high' : complexity >= 5 ? 'medium' : 'low';
+                const estimated_hours = complexity <= 3 ? 1 : complexity <= 6 ? 2 : complexity <= 8 ? 4 : 8;
+                return { id: `task-${i + 1}`, title: step, complexity, priority, depends_on: deps, suggested_agent: agent, estimated_hours };
+            });
             const plan = {
                 summary: description.slice(0, 100),
                 total_tasks: tasks.length,
@@ -1456,9 +1625,8 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             // Read diff if not provided
             let diff = diff_input;
             if (!diff) {
-                const { execSync } = await import('node:child_process');
                 try {
-                    diff = execSync('git diff HEAD', { cwd: project_dir, encoding: 'utf8', timeout: 15000 });
+                    diff = execSyncTop('git diff HEAD', { cwd: project_dir, encoding: 'utf8', timeout: 15000 });
                 }
                 catch {
                     diff = '';
@@ -1467,7 +1635,6 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (!diff?.trim()) {
                 return { content: [{ type: 'text', text: JSON.stringify({ verdict: 'pass', exit_code: 0, message: 'No changes detected.', duration_ms: Date.now() - start }) }] };
             }
-            // Run all three checks in parallel
             const projectCtx = (() => { try {
                 return buildContextString(project_dir);
             }
@@ -1475,36 +1642,27 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 return '';
             } })();
             const fullContext = [context, projectCtx].filter(Boolean).join('\n\n');
-            const [codeResult, secResult, secretsResult] = await Promise.all([
-                executeOne({ id: 'ci-code', agent: 'reviewer', task: `CI code review of this diff:\n\n${diff}`, context: fullContext }),
-                executeOne({ id: 'ci-sec', agent: 'security-scanner', task: `CI security scan of this diff:\n\n${diff}`, context: fullContext }),
-                executeOne({ id: 'ci-secrets', agent: 'secrets', task: `CI secrets scan — check for exposed credentials in this diff:\n\n${diff}`, context: fullContext }),
-            ]);
-            const codeConf = codeResult.output?.confidence ?? 0.8;
-            const secConf = secResult.output?.confidence ?? 0.8;
-            const secretsConf = secretsResult.output?.confidence ?? 1.0;
-            // Determine verdict
-            const hasCritical = codeConf < 0.4 || secConf < 0.4 || secretsConf < 0.5;
-            const hasWarn = codeConf < 0.7 || secConf < 0.6;
-            const rawVerdict = hasCritical ? 'fail' : hasWarn ? 'warn' : 'pass';
-            const verdict = rawVerdict;
-            const exit_code = rawVerdict === 'fail' || (rawVerdict === 'warn' && fail_on === 'warn') ? 1 : 0;
+            const { reviewResult: codeResult, secResult, secretsResult, verdict } = await runTripleScan(diff, fullContext);
+            const exit_code = verdict === 'fail' || (verdict === 'warn' && fail_on === 'warn') ? 1 : 0;
+            const codeScore = codeResult.analysis?.score ?? Math.round((codeResult.output?.confidence ?? 0.8) * 100);
+            const secScore = secResult.analysis?.score ?? Math.round((secResult.output?.confidence ?? 0.8) * 100);
+            const secretsClean = (secretsResult.analysis?.findings?.length ?? 0) === 0;
             const blocking_issues = [];
-            if (codeConf < 0.7)
-                blocking_issues.push(`Code review: ${codeResult.output?.recommendation ?? 'issues found'}`);
-            if (secConf < 0.6)
-                blocking_issues.push(`Security: ${secResult.output?.recommendation ?? 'vulnerabilities detected'}`);
-            if (secretsConf < 0.5)
-                blocking_issues.push(`Secrets: ${secretsResult.output?.recommendation ?? 'potential secrets exposed'}`);
+            if ((codeResult.analysis?.critical_count ?? 0) > 0)
+                blocking_issues.push(`Code review: ${codeResult.analysis?.summary ?? 'critical issues found'}`);
+            if ((secResult.analysis?.critical_count ?? 0) > 0)
+                blocking_issues.push(`Security: ${secResult.analysis?.summary ?? 'vulnerabilities detected'}`);
+            if (!secretsClean)
+                blocking_issues.push(`Secrets: ${secretsResult.analysis?.summary ?? 'exposed credentials detected'}`);
             const icon = verdict === 'pass' ? '✅' : verdict === 'warn' ? '⚠️' : '❌';
             const ci_summary = [
                 `${icon} **Veto CI Gate: ${verdict.toUpperCase()}**`,
                 ``,
                 `| Check | Score | Status |`,
                 `|---|---|---|`,
-                `| Code Review | ${Math.round(codeConf * 100)}% | ${codeConf >= 0.7 ? '✅' : '❌'} |`,
-                `| Security Scan | ${Math.round(secConf * 100)}% | ${secConf >= 0.6 ? '✅' : '❌'} |`,
-                `| Secrets Scan | ${Math.round(secretsConf * 100)}% | ${secretsConf >= 0.5 ? '✅' : '❌'} |`,
+                `| Code Review | ${codeScore}% | ${(codeResult.analysis?.critical_count ?? 0) === 0 ? '✅' : '❌'} |`,
+                `| Security Scan | ${secScore}% | ${(secResult.analysis?.critical_count ?? 0) === 0 ? '✅' : '❌'} |`,
+                `| Secrets Scan | — | ${secretsClean ? '✅ Clean' : '❌ Found'} |`,
                 blocking_issues.length > 0 ? `\n**Blocking issues:**\n${blocking_issues.map(i => `- ${i}`).join('\n')}` : '',
             ].filter(Boolean).join('\n');
             return {
@@ -1513,9 +1671,9 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                         text: JSON.stringify({
                             verdict, exit_code,
                             checks: {
-                                code_review: { score: Math.round(codeConf * 100) },
-                                security: { score: Math.round(secConf * 100) },
-                                secrets: { score: Math.round(secretsConf * 100) },
+                                code_review: { score: codeScore, critical: codeResult.analysis?.critical_count ?? 0, high: codeResult.analysis?.high_count ?? 0 },
+                                security: { score: secScore, critical: secResult.analysis?.critical_count ?? 0, high: secResult.analysis?.high_count ?? 0 },
+                                secrets: { clean: secretsClean, findings: secretsResult.analysis?.findings ?? [] },
                             },
                             blocking_issues,
                             ci_summary,
@@ -1524,6 +1682,72 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                     }],
             };
         }
+        case 'veto_pr_review': {
+            const pr_url = String(args?.pr_url ?? '').trim();
+            const context = args?.context ? String(args.context) : '';
+            const fail_on = args?.fail_on === 'warn' ? 'warn' : 'fail';
+            if (!pr_url) {
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: 'pr_url is required.' }) }], isError: true };
+            }
+            const start = Date.now();
+            const fetched = await fetchPrDiff(pr_url);
+            if (!fetched.ok) {
+                return { content: [{ type: 'text', text: JSON.stringify({ success: false, message: fetched.error }) }], isError: true };
+            }
+            const { diff, meta } = fetched;
+            const prContext = [
+                `PR: ${meta.title} (${meta.html_url})`,
+                `Author: ${meta.author} · ${meta.head_branch} → ${meta.base_branch}`,
+                `Changes: +${meta.additions} -${meta.deletions} across ${meta.changed_files} files`,
+                context,
+            ].filter(Boolean).join('\n');
+            const { reviewResult, secResult, secretsResult, verdict } = await runTripleScan(diff, prContext);
+            const exit_code = verdict === 'fail' || (verdict === 'warn' && fail_on === 'warn') ? 1 : 0;
+            const codeScore = reviewResult.analysis?.score ?? Math.round((reviewResult.output?.confidence ?? 0.8) * 100);
+            const secScore = secResult.analysis?.score ?? Math.round((secResult.output?.confidence ?? 0.8) * 100);
+            const secretsClean = (secretsResult.analysis?.findings?.length ?? 0) === 0;
+            const blocking_issues = [];
+            if ((reviewResult.analysis?.critical_count ?? 0) > 0)
+                blocking_issues.push(`Code review: ${reviewResult.analysis?.summary ?? 'critical issues found'}`);
+            if ((secResult.analysis?.critical_count ?? 0) > 0)
+                blocking_issues.push(`Security: ${secResult.analysis?.summary ?? 'vulnerabilities detected'}`);
+            if (!secretsClean)
+                blocking_issues.push(`Secrets: ${secretsResult.analysis?.summary ?? 'exposed credentials detected'}`);
+            // Build ready-to-post GitHub review comment (Markdown)
+            const icon = verdict === 'pass' ? '✅' : verdict === 'warn' ? '⚠️' : '❌';
+            const review_comment = [
+                `## ${icon} Veto Review — ${verdict.toUpperCase()}`,
+                ``,
+                `| Check | Score | Status |`,
+                `|---|---|---|`,
+                `| Code Review | ${codeScore}% | ${(reviewResult.analysis?.critical_count ?? 0) === 0 ? '✅' : '❌'} |`,
+                `| Security Scan | ${secScore}% | ${(secResult.analysis?.critical_count ?? 0) === 0 ? '✅' : '❌'} |`,
+                `| Secrets Scan | — | ${secretsClean ? '✅ Clean' : '❌ Found'} |`,
+                ``,
+                blocking_issues.length > 0
+                    ? `**Blocking issues:**\n${blocking_issues.map(i => `- ${i}`).join('\n')}`
+                    : `No blocking issues found.`,
+                ``,
+                `> Reviewed by [Veto](https://github.com/jigyasudham/veto) · ${meta.changed_files} files · +${meta.additions}/-${meta.deletions} · ${Date.now() - start}ms`,
+            ].join('\n');
+            return {
+                content: [{
+                        type: 'text',
+                        text: JSON.stringify({
+                            verdict, exit_code,
+                            pr: { title: meta.title, author: meta.author, url: meta.html_url, base: meta.base_branch, head: meta.head_branch, additions: meta.additions, deletions: meta.deletions, changed_files: meta.changed_files },
+                            checks: {
+                                code_review: { score: codeScore, critical: reviewResult.analysis?.critical_count ?? 0, high: reviewResult.analysis?.high_count ?? 0 },
+                                security: { score: secScore, critical: secResult.analysis?.critical_count ?? 0, high: secResult.analysis?.high_count ?? 0 },
+                                secrets: { clean: secretsClean, findings: secretsResult.analysis?.findings ?? [] },
+                            },
+                            blocking_issues,
+                            review_comment,
+                            duration_ms: Date.now() - start,
+                        }, null, 2),
+                    }],
+            };
+        }
         default:
             throw new Error(`Unknown tool: ${name}`);
     }