@juspay/yama 2.0.0 → 2.1.0

package/dist/v2/prompts/LangfusePromptManager.js

@@ -0,0 +1,144 @@
+/**
+ * Langfuse Prompt Manager
+ * Fetches prompts from Langfuse Prompt Management with local fallbacks
+ *
+ * Prompt Names in Langfuse:
+ * - yama-review: Review system prompt
+ * - yama-enhancement: Enhancement system prompt
+ */
+import { Langfuse } from "langfuse";
+import { REVIEW_SYSTEM_PROMPT } from "./ReviewSystemPrompt.js";
+import { ENHANCEMENT_SYSTEM_PROMPT } from "./EnhancementSystemPrompt.js";
+import { LEARNING_EXTRACTION_PROMPT, LEARNING_SUMMARIZATION_PROMPT, } from "./LearningSystemPrompt.js";
+export class LangfusePromptManager {
+    client = null;
+    initialized = false;
+    constructor() {
+        this.initializeClient();
+    }
+    /**
+     * Initialize Langfuse client if credentials are available
+     */
+    initializeClient() {
+        const publicKey = process.env.LANGFUSE_PUBLIC_KEY;
+        const secretKey = process.env.LANGFUSE_SECRET_KEY;
+        const baseUrl = process.env.LANGFUSE_BASE_URL;
+        if (publicKey && secretKey) {
+            try {
+                this.client = new Langfuse({
+                    publicKey,
+                    secretKey,
+                    baseUrl: baseUrl || "https://cloud.langfuse.com",
+                });
+                this.initialized = true;
+                console.log("   📝 Langfuse prompt management enabled");
+            }
+            catch (error) {
+                console.warn("   ⚠️ Failed to initialize Langfuse client:", error instanceof Error ? error.message : String(error));
+                this.client = null;
+                this.initialized = false;
+            }
+        }
+    }
+    /**
+     * Get the review system prompt
+     * Fetches from Langfuse if available, otherwise returns local fallback
+     */
+    async getReviewPrompt() {
+        if (!this.client) {
+            return REVIEW_SYSTEM_PROMPT;
+        }
+        try {
+            const prompt = await this.client.getPrompt("yama-review", undefined, {
+                type: "text",
+                fallback: REVIEW_SYSTEM_PROMPT,
+            });
+            console.log("   ✅ Fetched review prompt from Langfuse");
+            return prompt.prompt;
+        }
+        catch (error) {
+            console.warn("   ⚠️ Failed to fetch review prompt from Langfuse, using fallback:", error instanceof Error ? error.message : String(error));
+            return REVIEW_SYSTEM_PROMPT;
+        }
+    }
+    /**
+     * Get the enhancement system prompt
+     * Fetches from Langfuse if available, otherwise returns local fallback
+     */
+    async getEnhancementPrompt() {
+        if (!this.client) {
+            return ENHANCEMENT_SYSTEM_PROMPT;
+        }
+        try {
+            const prompt = await this.client.getPrompt("yama-enhancement", undefined, {
+                type: "text",
+                fallback: ENHANCEMENT_SYSTEM_PROMPT,
+            });
+            console.log("   ✅ Fetched enhancement prompt from Langfuse");
+            return prompt.prompt;
+        }
+        catch (error) {
+            console.warn("   ⚠️ Failed to fetch enhancement prompt from Langfuse, using fallback:", error instanceof Error ? error.message : String(error));
+            return ENHANCEMENT_SYSTEM_PROMPT;
+        }
+    }
+    /**
+     * Get the learning extraction prompt
+     * Fetches from Langfuse if available, otherwise returns local fallback
+     * Langfuse prompt name: "yama-learning"
+     */
+    async getLearningPrompt() {
+        if (!this.client) {
+            return LEARNING_EXTRACTION_PROMPT;
+        }
+        try {
+            const prompt = await this.client.getPrompt("yama-learning", undefined, {
+                type: "text",
+                fallback: LEARNING_EXTRACTION_PROMPT,
+            });
+            console.log("   ✅ Fetched learning prompt from Langfuse");
+            return prompt.prompt;
+        }
+        catch (error) {
+            console.warn("   ⚠️ Failed to fetch learning prompt from Langfuse, using fallback:", error instanceof Error ? error.message : String(error));
+            return LEARNING_EXTRACTION_PROMPT;
+        }
+    }
+    /**
+     * Get the summarization prompt
+     * Fetches from Langfuse if available, otherwise returns local fallback
+     * Langfuse prompt name: "yama-summarization"
+     */
+    async getSummarizationPrompt() {
+        if (!this.client) {
+            return LEARNING_SUMMARIZATION_PROMPT;
+        }
+        try {
+            const prompt = await this.client.getPrompt("yama-summarization", undefined, {
+                type: "text",
+                fallback: LEARNING_SUMMARIZATION_PROMPT,
+            });
+            console.log("   ✅ Fetched summarization prompt from Langfuse");
+            return prompt.prompt;
+        }
+        catch (error) {
+            console.warn("   ⚠️ Failed to fetch summarization prompt from Langfuse, using fallback:", error instanceof Error ? error.message : String(error));
+            return LEARNING_SUMMARIZATION_PROMPT;
+        }
+    }
+    /**
+     * Check if Langfuse is enabled
+     */
+    isEnabled() {
+        return this.initialized;
+    }
+    /**
+     * Shutdown Langfuse client gracefully
+     */
+    async shutdown() {
+        if (this.client) {
+            await this.client.shutdownAsync();
+        }
+    }
+}
+//# sourceMappingURL=LangfusePromptManager.js.map

package/dist/v2/prompts/LearningSystemPrompt.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Learning System Prompt
+ * Local fallback prompt for knowledge extraction from PR feedback
+ * Primary source: Langfuse (yama-learning)
+ */
+export declare const LEARNING_EXTRACTION_PROMPT = "\n<yama-learning-system>\n  <role>Knowledge Extraction Analyst</role>\n  <task>Extract project-level learnings from developer feedback on AI code reviews</task>\n\n  <critical-principle>\n    Your goal is to extract GENERIC, PROJECT-LEVEL knowledge.\n    Remove PR-specific details. Create actionable guidelines.\n    Ask: \"What should AI know for ALL future reviews of this project?\"\n  </critical-principle>\n\n  <instructions>\n    For each AI comment + developer response pair provided:\n    1. Understand what the developer is teaching\n    2. Abstract into a project-level guideline\n    3. Categorize appropriately\n    4. Identify file patterns where this applies (if relevant)\n    5. Do NOT include PR-specific references (PR numbers, dates, developer names)\n  </instructions>\n\n  <categories>\n    <category name=\"false_positive\">\n      Things AI incorrectly flagged that should NOT be flagged.\n      Use when developer says: \"this is intentional\", \"not an issue\", \"by design\", \"we prefer this\"\n      Example: \"Promise.all() for parallel async is acceptable when awaited\"\n    </category>\n\n    <category name=\"missed_issue\">\n      Things developer pointed out that AI should have caught.\n      Use when developer says: \"you missed\", \"also check\", \"what about\"\n      Example: \"Always validate JWT audience in multi-tenant endpoints\"\n    </category>\n\n    <category name=\"style_preference\">\n      Team conventions that differ from general best practices.\n      Use when developer says: \"we prefer\", \"our convention\", \"team decision\"\n      Example: \"Use type over interface for all type definitions\"\n    </category>\n\n    <category name=\"domain_context\">\n      Project-specific architecture or context AI needs.\n      Use when developer explains project structure, dependencies, or patterns.\n      Example: \"src/services/ contains business logic, handlers are thin wrappers\"\n    </category>\n\n    <category name=\"enhancement_guideline\">\n      How AI should approach suggestions for this project.\n      Use when developer guides on comment style, severity, or scope.\n      Example: \"Don't suggest JSDoc for internal functions\"\n    </category>\n  </categories>\n\n  <output-format>\n    Return a JSON array of learnings. Each learning should be:\n    - Actionable and specific\n    - Generic (applicable to future reviews)\n    - Free of PR-specific details\n\n    Format:\n    [\n      {\n        \"category\": \"false_positive\",\n        \"subcategory\": \"Async Patterns\",\n        \"learning\": \"Clear, actionable guideline for future reviews...\",\n        \"filePatterns\": [\"**/services/**/*.ts\"],\n        \"reasoning\": \"Brief explanation of why this matters\"\n      }\n    ]\n\n    Return an EMPTY array [] if no actionable learnings can be extracted.\n  </output-format>\n\n  <examples>\n    <example>\n      <ai-comment>\n        \uD83D\uDD12 SECURITY: This Promise.all() could cause memory issues if the array is large.\n        Consider using batching.\n      </ai-comment>\n      <developer-reply>\n        This is intentional - we want parallel execution here for performance.\n        The array is always small (< 10 items) from our API pagination.\n      </developer-reply>\n      <extracted-learning>\n        {\n          \"category\": \"false_positive\",\n          \"subcategory\": \"Async Patterns\",\n          \"learning\": \"Promise.all() for parallel async operations is acceptable when the collection size is bounded and known to be small\",\n          \"filePatterns\": null,\n          \"reasoning\": \"Team uses Promise.all() intentionally for performance with small, bounded collections\"\n        }\n      </extracted-learning>\n    </example>\n\n    <example>\n      <ai-comment>\n        \u26A0\uFE0F MAJOR: Consider adding input validation for this API endpoint.\n      </ai-comment>\n      <developer-reply>\n        Good point, but you missed that we also need to sanitize the input\n        before logging - we had a PII exposure issue before.\n      </developer-reply>\n      <extracted-learning>\n        {\n          \"category\": \"missed_issue\",\n          \"subcategory\": \"Security\",\n          \"learning\": \"Sanitize user input before logging to prevent PII exposure\",\n          \"filePatterns\": [\"**/api/**\", \"**/handlers/**\"],\n          \"reasoning\": \"Historical PII exposure issue - logging must use sanitized values\"\n        }\n      </extracted-learning>\n    </example>\n\n    <example>\n      <ai-comment>\n        \uD83D\uDCA1 MINOR: Consider using 'interface' instead of 'type' for object shapes.\n      </ai-comment>\n      <developer-reply>\n        We prefer 'type' for everything in this project - team decision.\n      </developer-reply>\n      <extracted-learning>\n        {\n          \"category\": \"style_preference\",\n          \"subcategory\": \"TypeScript\",\n          \"learning\": \"Use 'type' over 'interface' for all type definitions\",\n          \"filePatterns\": [\"**/*.ts\", \"**/*.tsx\"],\n          \"reasoning\": \"Team convention to use type aliases consistently\"\n        }\n      </extracted-learning>\n    </example>\n  </examples>\n</yama-learning-system>\n";
+/**
+ * Summarization prompt for consolidating knowledge base entries
+ */
+export declare const LEARNING_SUMMARIZATION_PROMPT = "\n<yama-summarization-task>\n  <goal>Consolidate knowledge base learnings into concise, actionable guidelines</goal>\n\n  <instructions>\n    You will receive the current knowledge base content.\n    For each category section:\n    1. Identify duplicate or highly similar learnings\n    2. Merge related learnings into single statements\n    3. Keep the most general, actionable form\n    4. Preserve file patterns where applicable\n    5. Ensure no information is lost, just condensed\n  </instructions>\n\n  <rules>\n    - Combine learnings that say the same thing differently\n    - Keep specific technical details (don't over-generalize)\n    - Preserve all unique learnings\n    - Maintain subcategory organization\n    - Update the total count accurately\n  </rules>\n\n  <example>\n    Before:\n    - Don't flag Promise.all() in services\n    - Promise.all() is acceptable in async handlers\n    - Parallel Promise execution is intentional\n\n    After:\n    - Promise.all() for parallel async operations is acceptable across the codebase\n  </example>\n\n  <output-format>\n    Return the complete, updated knowledge base in markdown format.\n    Preserve the exact structure (headers, sections, metadata).\n    Update the metadata with new total count and summarization timestamp.\n  </output-format>\n</yama-summarization-task>\n";
+//# sourceMappingURL=LearningSystemPrompt.d.ts.map

package/dist/v2/prompts/LearningSystemPrompt.js

@@ -0,0 +1,180 @@
+/**
+ * Learning System Prompt
+ * Local fallback prompt for knowledge extraction from PR feedback
+ * Primary source: Langfuse (yama-learning)
+ */
+export const LEARNING_EXTRACTION_PROMPT = `
+<yama-learning-system>
+  <role>Knowledge Extraction Analyst</role>
+  <task>Extract project-level learnings from developer feedback on AI code reviews</task>
+
+  <critical-principle>
+    Your goal is to extract GENERIC, PROJECT-LEVEL knowledge.
+    Remove PR-specific details. Create actionable guidelines.
+    Ask: "What should AI know for ALL future reviews of this project?"
+  </critical-principle>
+
+  <instructions>
+    For each AI comment + developer response pair provided:
+    1. Understand what the developer is teaching
+    2. Abstract into a project-level guideline
+    3. Categorize appropriately
+    4. Identify file patterns where this applies (if relevant)
+    5. Do NOT include PR-specific references (PR numbers, dates, developer names)
+  </instructions>
+
+  <categories>
+    <category name="false_positive">
+      Things AI incorrectly flagged that should NOT be flagged.
+      Use when developer says: "this is intentional", "not an issue", "by design", "we prefer this"
+      Example: "Promise.all() for parallel async is acceptable when awaited"
+    </category>
+
+    <category name="missed_issue">
+      Things developer pointed out that AI should have caught.
+      Use when developer says: "you missed", "also check", "what about"
+      Example: "Always validate JWT audience in multi-tenant endpoints"
+    </category>
+
+    <category name="style_preference">
+      Team conventions that differ from general best practices.
+      Use when developer says: "we prefer", "our convention", "team decision"
+      Example: "Use type over interface for all type definitions"
+    </category>
+
+    <category name="domain_context">
+      Project-specific architecture or context AI needs.
+      Use when developer explains project structure, dependencies, or patterns.
+      Example: "src/services/ contains business logic, handlers are thin wrappers"
+    </category>
+
+    <category name="enhancement_guideline">
+      How AI should approach suggestions for this project.
+      Use when developer guides on comment style, severity, or scope.
+      Example: "Don't suggest JSDoc for internal functions"
+    </category>
+  </categories>
+
+  <output-format>
+    Return a JSON array of learnings. Each learning should be:
+    - Actionable and specific
+    - Generic (applicable to future reviews)
+    - Free of PR-specific details
+
+    Format:
+    [
+      {
+        "category": "false_positive",
+        "subcategory": "Async Patterns",
+        "learning": "Clear, actionable guideline for future reviews...",
+        "filePatterns": ["**/services/**/*.ts"],
+        "reasoning": "Brief explanation of why this matters"
+      }
+    ]
+
+    Return an EMPTY array [] if no actionable learnings can be extracted.
+  </output-format>
+
+  <examples>
+    <example>
+      <ai-comment>
+        🔒 SECURITY: This Promise.all() could cause memory issues if the array is large.
+        Consider using batching.
+      </ai-comment>
+      <developer-reply>
+        This is intentional - we want parallel execution here for performance.
+        The array is always small (< 10 items) from our API pagination.
+      </developer-reply>
+      <extracted-learning>
+        {
+          "category": "false_positive",
+          "subcategory": "Async Patterns",
+          "learning": "Promise.all() for parallel async operations is acceptable when the collection size is bounded and known to be small",
+          "filePatterns": null,
+          "reasoning": "Team uses Promise.all() intentionally for performance with small, bounded collections"
+        }
+      </extracted-learning>
+    </example>
+
+    <example>
+      <ai-comment>
+        ⚠️ MAJOR: Consider adding input validation for this API endpoint.
+      </ai-comment>
+      <developer-reply>
+        Good point, but you missed that we also need to sanitize the input
+        before logging - we had a PII exposure issue before.
+      </developer-reply>
+      <extracted-learning>
+        {
+          "category": "missed_issue",
+          "subcategory": "Security",
+          "learning": "Sanitize user input before logging to prevent PII exposure",
+          "filePatterns": ["**/api/**", "**/handlers/**"],
+          "reasoning": "Historical PII exposure issue - logging must use sanitized values"
+        }
+      </extracted-learning>
+    </example>
+
+    <example>
+      <ai-comment>
+        💡 MINOR: Consider using 'interface' instead of 'type' for object shapes.
+      </ai-comment>
+      <developer-reply>
+        We prefer 'type' for everything in this project - team decision.
+      </developer-reply>
+      <extracted-learning>
+        {
+          "category": "style_preference",
+          "subcategory": "TypeScript",
+          "learning": "Use 'type' over 'interface' for all type definitions",
+          "filePatterns": ["**/*.ts", "**/*.tsx"],
+          "reasoning": "Team convention to use type aliases consistently"
+        }
+      </extracted-learning>
+    </example>
+  </examples>
+</yama-learning-system>
+`;
+/**
+ * Summarization prompt for consolidating knowledge base entries
+ */
+export const LEARNING_SUMMARIZATION_PROMPT = `
+<yama-summarization-task>
+  <goal>Consolidate knowledge base learnings into concise, actionable guidelines</goal>
+
+  <instructions>
+    You will receive the current knowledge base content.
+    For each category section:
+    1. Identify duplicate or highly similar learnings
+    2. Merge related learnings into single statements
+    3. Keep the most general, actionable form
+    4. Preserve file patterns where applicable
+    5. Ensure no information is lost, just condensed
+  </instructions>
+
+  <rules>
+    - Combine learnings that say the same thing differently
+    - Keep specific technical details (don't over-generalize)
+    - Preserve all unique learnings
+    - Maintain subcategory organization
+    - Update the total count accurately
+  </rules>
+
+  <example>
+    Before:
+    - Don't flag Promise.all() in services
+    - Promise.all() is acceptable in async handlers
+    - Parallel Promise execution is intentional
+
+    After:
+    - Promise.all() for parallel async operations is acceptable across the codebase
+  </example>
+
+  <output-format>
+    Return the complete, updated knowledge base in markdown format.
+    Preserve the exact structure (headers, sections, metadata).
+    Update the metadata with new total count and summarization timestamp.
+  </output-format>
+</yama-summarization-task>
+`;
+//# sourceMappingURL=LearningSystemPrompt.js.map

package/dist/v2/prompts/PromptBuilder.d.ts

@@ -8,6 +8,8 @@
 import { YamaV2Config } from "../types/config.types.js";
 import { ReviewRequest } from "../types/v2.types.js";
 export declare class PromptBuilder {
+    private langfuseManager;
+    constructor();
     /**
      * Build complete review instructions for AI
      * Combines generic base prompt + project-specific config
@@ -26,6 +28,11 @@ export declare class PromptBuilder {
      * Load project-specific standards from repository
      */
     private loadProjectStandards;
+    /**
+     * Load knowledge base for AI prompt injection
+     * Contains learned patterns from previous PR feedback
+     */
+    private loadKnowledgeBase;
     /**
      * Build description enhancement prompt separately (for description-only operations)
      */

package/dist/v2/prompts/PromptBuilder.js

@@ -8,20 +8,26 @@
 import { readFile } from "fs/promises";
 import { existsSync } from "fs";
 import { join } from "path";
-import { REVIEW_SYSTEM_PROMPT } from "./ReviewSystemPrompt.js";
-import { ENHANCEMENT_SYSTEM_PROMPT } from "./EnhancementSystemPrompt.js";
+import { LangfusePromptManager } from "./LangfusePromptManager.js";
+import { KnowledgeBaseManager } from "../learning/KnowledgeBaseManager.js";
 export class PromptBuilder {
+    langfuseManager;
+    constructor() {
+        this.langfuseManager = new LangfusePromptManager();
+    }
     /**
      * Build complete review instructions for AI
      * Combines generic base prompt + project-specific config
      */
     async buildReviewInstructions(request, config) {
-        // Base system prompt (generic, project-agnostic)
-        const basePrompt = REVIEW_SYSTEM_PROMPT;
+        // Base system prompt - fetched from Langfuse or local fallback
+        const basePrompt = await this.langfuseManager.getReviewPrompt();
         // Project-specific configuration in XML format
         const projectConfig = this.buildProjectConfigXML(config, request);
         // Project-specific standards (if available)
         const projectStandards = await this.loadProjectStandards(config);
+        // Knowledge base learnings (reinforcement learning)
+        const knowledgeBase = await this.loadKnowledgeBase(config);
         // Combine all parts
         return `
 ${basePrompt}
@@ -32,6 +38,8 @@ ${projectConfig}
 
 ${projectStandards ? `<project-standards>\n${projectStandards}\n</project-standards>` : ""}
 
+${knowledgeBase ? `<learned-knowledge>\n${knowledgeBase}\n</learned-knowledge>` : ""}
+
 <review-task>
   <workspace>${this.escapeXML(request.workspace)}</workspace>
   <repository>${this.escapeXML(request.repository)}</repository>
@@ -67,7 +75,7 @@ ${projectStandards ? `<project-standards>\n${projectStandards}\n</project-standa
       <description>${this.escapeXML(area.description)}</description>
     </focus-area>`)
             .join("\n");
-        const blockingCriteriaXML = config.review.blockingCriteria
+        const blockingCriteriaXML = (config.review.blockingCriteria || [])
             .map((criteria) => `
     <criterion>
       <condition>${this.escapeXML(criteria.condition)}</condition>
@@ -157,12 +165,33 @@ Follow these in addition to the general focus areas:
 ${loadedStandards.join("\n\n---\n\n")}
     `.trim();
     }
+    /**
+     * Load knowledge base for AI prompt injection
+     * Contains learned patterns from previous PR feedback
+     */
+    async loadKnowledgeBase(config) {
+        if (!config.knowledgeBase?.enabled) {
+            return null;
+        }
+        try {
+            const kbManager = new KnowledgeBaseManager(config.knowledgeBase);
+            const content = await kbManager.getForPrompt();
+            if (content) {
+                console.log("   📚 Knowledge base loaded for AI context");
+            }
+            return content;
+        }
+        catch (error) {
+            // Silently fail - knowledge base is optional enhancement
+            return null;
+        }
+    }
     /**
      * Build description enhancement prompt separately (for description-only operations)
      */
     async buildDescriptionEnhancementInstructions(request, config) {
-        // Base enhancement prompt (generic, project-agnostic)
-        const basePrompt = ENHANCEMENT_SYSTEM_PROMPT;
+        // Base enhancement prompt - fetched from Langfuse or local fallback
+        const basePrompt = await this.langfuseManager.getEnhancementPrompt();
         // Project-specific enhancement configuration
         const enhancementConfigXML = this.buildEnhancementConfigXML(config);
         return `

package/dist/v2/types/config.types.d.ts

@@ -11,6 +11,7 @@ export interface YamaV2Config {
     review: ReviewConfig;
     descriptionEnhancement: DescriptionEnhancementConfig;
     memoryBank: MemoryBankConfig;
+    knowledgeBase: KnowledgeBaseConfig;
     projectStandards?: ProjectStandardsConfig;
     monitoring: MonitoringConfig;
     performance: PerformanceConfig;
@@ -48,15 +49,21 @@ export interface RedisConfig {
     ttl?: number;
 }
 export interface MCPServersConfig {
+    bitbucket?: {
+        /** List of tool names to block from Bitbucket MCP server */
+        blockedTools?: string[];
+    };
     jira: {
         enabled: boolean;
+        /** List of tool names to block from Jira MCP server */
+        blockedTools?: string[];
     };
 }
 export interface ReviewConfig {
     enabled: boolean;
     workflowInstructions: string;
     focusAreas: FocusArea[];
-    blockingCriteria: BlockingCriteria[];
+    blockingCriteria?: BlockingCriteria[];
     excludePatterns: string[];
     contextLines: number;
     maxFilesPerReview: number;
@@ -90,6 +97,20 @@ export interface MemoryBankConfig {
     fallbackPaths: string[];
     standardFiles?: string[];
 }
+export interface KnowledgeBaseConfig {
+    /** Enable knowledge base feature */
+    enabled: boolean;
+    /** Path to knowledge base file (relative to project root) */
+    path: string;
+    /** Patterns to identify AI comment authors (case-insensitive) */
+    aiAuthorPatterns: string[];
+    /** Number of learnings before auto-summarization triggers */
+    maxEntriesBeforeSummarization: number;
+    /** Number of entries to retain after summarization */
+    summaryRetentionCount: number;
+    /** Auto-commit knowledge base changes (default for --commit flag) */
+    autoCommit: boolean;
+}
 export interface ProjectStandardsConfig {
     customPromptsPath: string;
     additionalFocusAreas: FocusArea[];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/yama",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Enterprise-grade Pull Request automation toolkit with AI-powered code review and description enhancement",
   "keywords": [
     "pr",
@@ -83,7 +83,8 @@
     "check:all": "npm run lint && npm run format --check && npm run validate && npm run validate:commit"
   },
   "dependencies": {
-    "@juspay/neurolink": "^8.1.0",
+    "@juspay/neurolink": "^8.23.1",
+    "langfuse": "^3.35.0",
     "@nexus2520/bitbucket-mcp-server": "^1.1.2",
     "@nexus2520/jira-mcp-server": "^1.0.1",
     "chalk": "^4.1.2",
@@ -150,7 +151,10 @@
   "pnpm": {
     "onlyBuiltDependencies": [
       "esbuild"
-    ]
+    ],
+    "overrides": {
+      "@semantic-release/npm": "^13.1.2"
+    }
   },
   "lint-staged": {
     "*.{ts,tsx,js,jsx}": [

package/yama.config.example.yaml

@@ -39,9 +39,25 @@ ai:
 # ============================================================================
 # Bitbucket MCP is always enabled (hardcoded)
 # Jira MCP can be enabled/disabled here
+# Use blockedTools to prevent AI from using specific MCP tools
 mcpServers:
+  bitbucket:
+    # Optional: Block specific Bitbucket tools from AI access
+    # This prevents the AI from performing certain actions
+    blockedTools: []
+    # Example blocked tools (uncomment to use):
+    # - merge_pull_request      # Prevent AI from merging PRs
+    # - delete_branch           # Prevent AI from deleting branches
+    # - approve_pull_request    # Prevent AI from auto-approving PRs
+
   jira:
     enabled: true # Set to false to disable Jira integration
+    # Optional: Block specific Jira tools from AI access
+    blockedTools: []
+    # Example blocked tools (uncomment to use):
+    # - jira_create_issue       # Prevent AI from creating Jira issues
+    # - jira_delete_issue       # Prevent AI from deleting issues
+    # - jira_update_issue       # Prevent AI from modifying issues
 
 # ============================================================================
 # Review Configuration
@@ -89,19 +105,22 @@ review:
         - Poor naming conventions
         - Missing edge case handling
 
-  # Blocking criteria (AI uses these to decide whether to block PR)
-  blockingCriteria:
-    - condition: "ANY CRITICAL severity issue"
-      action: "BLOCK"
-      reason: "Security or data loss risk"
-
-    - condition: "3 or more MAJOR severity issues"
-      action: "BLOCK"
-      reason: "Too many significant bugs/performance issues"
-
-    - condition: "Jira requirement coverage < 70%"
-      action: "BLOCK"
-      reason: "Incomplete implementation of requirements"
+  # Blocking criteria (OPTIONAL - AI uses these to decide whether to block PR)
+  # If not provided or empty, AI will review and comment but NOT auto-block/approve PRs
+  # Uncomment and customize the examples below to enable auto-blocking:
+  blockingCriteria: []
+  # blockingCriteria:
+  #   - condition: "ANY CRITICAL severity issue"
+  #     action: "BLOCK"
+  #     reason: "Security or data loss risk"
+  #
+  #   - condition: "3 or more MAJOR severity issues"
+  #     action: "BLOCK"
+  #     reason: "Too many significant bugs/performance issues"
+  #
+  #   - condition: "Jira requirement coverage < 70%"
+  #     action: "BLOCK"
+  #     reason: "Incomplete implementation of requirements"
 
   # Files to exclude from analysis
   excludePatterns:
@@ -183,6 +202,32 @@ memoryBank:
     - "coding-standards.md"
     - "security-guidelines.md"
 
+# ============================================================================
+# Knowledge Base - Reinforcement Learning from PR Feedback
+# ============================================================================
+# Yama learns from developer feedback on AI comments across merged PRs.
+# Use 'yama learn -w <workspace> -r <repo> -p <pr-id>' to extract learnings.
+knowledgeBase:
+  enabled: true
+
+  # Path to knowledge base file (relative to repo root)
+  path: ".yama/knowledge-base.md"
+
+  # Patterns to identify AI-generated comments (author name matching)
+  aiAuthorPatterns:
+    - "Yama"
+    - "yama-bot"
+    - "yama-review"
+
+  # Automatically summarize knowledge base when entry count exceeds this
+  maxEntriesBeforeSummarization: 50
+
+  # How many consolidated entries to keep after summarization
+  summaryRetentionCount: 20
+
+  # Automatically commit knowledge base changes (with --commit flag)
+  autoCommit: false
+
 # ============================================================================
 # Project-Specific Standards (Override in your repository)
 # ============================================================================