@juspay/yama 2.2.0 → 2.2.2

package/dist/v2/core/LocalDiffSource.js

@@ -0,0 +1,129 @@
+/**
+ * Local diff source for SDK mode.
+ * Extracts git diffs from a local repository without requiring MCP tools.
+ */
+import { existsSync } from "fs";
+import { resolve } from "path";
+import { spawnSync } from "child_process";
+export class LocalDiffSource {
+    getDiffContext(request) {
+        const repoPath = resolve(request.repoPath || process.cwd());
+        if (!existsSync(repoPath)) {
+            throw new Error(`Repository path does not exist: ${repoPath}`);
+        }
+        this.ensureGitRepo(repoPath);
+        const diffSource = request.diffSource || "uncommitted";
+        const includePaths = request.includePaths || [];
+        const maxDiffChars = request.maxDiffChars || 120_000;
+        const contextLines = 3;
+        const diffArgs = this.buildDiffArgs(diffSource, request.baseRef, request.headRef, contextLines, includePaths);
+        const nameOnlyArgs = this.buildNameOnlyArgs(diffSource, request.baseRef, request.headRef, includePaths);
+        const numStatArgs = this.buildNumStatArgs(diffSource, request.baseRef, request.headRef, includePaths);
+        const diffOutput = this.runGit(repoPath, diffArgs);
+        const changedFilesOutput = this.runGit(repoPath, nameOnlyArgs);
+        const numStatOutput = this.runGit(repoPath, numStatArgs);
+        const changedFiles = changedFilesOutput
+            .split("\n")
+            .map((line) => line.trim())
+            .filter(Boolean);
+        const { additions, deletions } = this.parseNumStat(numStatOutput);
+        const truncated = diffOutput.length > maxDiffChars;
+        const diff = truncated ? diffOutput.slice(0, maxDiffChars) : diffOutput;
+        return {
+            repoPath,
+            diffSource,
+            baseRef: diffSource === "range" ? request.baseRef : undefined,
+            headRef: diffSource === "range" ? request.headRef || "HEAD" : undefined,
+            changedFiles,
+            additions,
+            deletions,
+            diff,
+            truncated,
+        };
+    }
+    ensureGitRepo(repoPath) {
+        const probe = spawnSync("git", ["rev-parse", "--is-inside-work-tree"], {
+            cwd: repoPath,
+            encoding: "utf-8",
+        });
+        if (probe.status !== 0 || probe.stdout.trim() !== "true") {
+            throw new Error(`Path is not a git repository: ${repoPath}`);
+        }
+    }
+    runGit(repoPath, args) {
+        const result = spawnSync("git", args, {
+            cwd: repoPath,
+            encoding: "utf-8",
+            maxBuffer: 10 * 1024 * 1024,
+        });
+        if (result.status !== 0) {
+            throw new Error(`git ${args.join(" ")} failed: ${(result.stderr || result.stdout || "").trim()}`);
+        }
+        return result.stdout || "";
+    }
+    buildDiffArgs(diffSource, baseRef, headRef, contextLines, includePaths) {
+        const args = ["diff", "--no-color", `--unified=${contextLines}`];
+        if (diffSource === "staged") {
+            args.push("--staged");
+        }
+        else if (diffSource === "range") {
+            if (!baseRef) {
+                throw new Error("baseRef is required when diffSource is 'range'");
+            }
+            args.push(`${baseRef}..${headRef || "HEAD"}`);
+        }
+        if (includePaths.length > 0) {
+            args.push("--", ...includePaths);
+        }
+        return args;
+    }
+    buildNameOnlyArgs(diffSource, baseRef, headRef, includePaths) {
+        const args = ["diff", "--name-only"];
+        if (diffSource === "staged") {
+            args.push("--staged");
+        }
+        else if (diffSource === "range") {
+            if (!baseRef) {
+                throw new Error("baseRef is required when diffSource is 'range'");
+            }
+            args.push(`${baseRef}..${headRef || "HEAD"}`);
+        }
+        if (includePaths.length > 0) {
+            args.push("--", ...includePaths);
+        }
+        return args;
+    }
+    buildNumStatArgs(diffSource, baseRef, headRef, includePaths) {
+        const args = ["diff", "--numstat"];
+        if (diffSource === "staged") {
+            args.push("--staged");
+        }
+        else if (diffSource === "range") {
+            if (!baseRef) {
+                throw new Error("baseRef is required when diffSource is 'range'");
+            }
+            args.push(`${baseRef}..${headRef || "HEAD"}`);
+        }
+        if (includePaths.length > 0) {
+            args.push("--", ...includePaths);
+        }
+        return args;
+    }
+    parseNumStat(numStat) {
+        let additions = 0;
+        let deletions = 0;
+        const lines = numStat
+            .split("\n")
+            .map((line) => line.trim())
+            .filter(Boolean);
+        for (const line of lines) {
+            const [addRaw, delRaw] = line.split("\t");
+            const addCount = addRaw === "-" ? 0 : parseInt(addRaw, 10);
+            const delCount = delRaw === "-" ? 0 : parseInt(delRaw, 10);
+            additions += Number.isNaN(addCount) ? 0 : addCount;
+            deletions += Number.isNaN(delCount) ? 0 : delCount;
+        }
+        return { additions, deletions };
+    }
+}
+//# sourceMappingURL=LocalDiffSource.js.map

package/dist/v2/core/MCPServerManager.d.ts

@@ -1,6 +1,6 @@
 /**
  * MCP Server Manager for Yama V2
- * Manages lifecycle and health of Bitbucket and Jira MCP servers
+ * Manages lifecycle and health of PR/local MCP servers
  */
 import { MCPServersConfig } from "../types/config.types.js";
 export declare class MCPServerManager {
@@ -10,6 +10,14 @@ export declare class MCPServerManager {
      * Bitbucket is always enabled, Jira is optional based on config
      */
     setupMCPServers(neurolink: any, config: MCPServersConfig): Promise<void>;
+    /**
+     * Setup local git MCP server for SDK/local mode.
+     * Mandatory in local mode.
+     */
+    setupLocalGitMCPServer(neurolink: any): Promise<void>;
+    private buildLocalGitServerConfig;
+    private getLocalGitToolNames;
+    private isMutatingGitTool;
     /**
      * Setup Bitbucket MCP server (hardcoded, always enabled)
      */
@@ -18,5 +26,9 @@ export declare class MCPServerManager {
      * Setup Jira MCP server (hardcoded, optionally enabled)
      */
     private setupJiraMCP;
+    /**
+     * MCP preflight diagnostics after registration.
+     */
+    private logDiagnostics;
 }
 //# sourceMappingURL=MCPServerManager.d.ts.map

package/dist/v2/core/MCPServerManager.js

@@ -1,7 +1,8 @@
 /**
  * MCP Server Manager for Yama V2
- * Manages lifecycle and health of Bitbucket and Jira MCP servers
+ * Manages lifecycle and health of PR/local MCP servers
  */
+import { join } from "path";
 import { MCPServerError } from "../types/v2.types.js";
 export class MCPServerManager {
     // MCP servers are managed entirely by NeuroLink
@@ -12,6 +13,9 @@ export class MCPServerManager {
      * Bitbucket is always enabled, Jira is optional based on config
      */
     async setupMCPServers(neurolink, config) {
+        if (this.initialized) {
+            return;
+        }
         console.log("🔌 Setting up MCP servers...");
         // Setup Bitbucket MCP (always enabled)
         await this.setupBitbucketMCP(neurolink, config.bitbucket?.blockedTools);
@@ -23,8 +27,79 @@ export class MCPServerManager {
             console.log("   ⏭️  Jira MCP disabled in config");
         }
         this.initialized = true;
+        await this.logDiagnostics(neurolink);
         console.log("✅ MCP servers configured\n");
     }
+    /**
+     * Setup local git MCP server for SDK/local mode.
+     * Mandatory in local mode.
+     */
+    async setupLocalGitMCPServer(neurolink) {
+        try {
+            console.log("🔌 Setting up local Git MCP server...");
+            await neurolink.addExternalMCPServer("local-git", this.buildLocalGitServerConfig([]));
+            const discoveredToolNames = this.getLocalGitToolNames(neurolink);
+            // Fail closed: if tool discovery returns nothing we cannot verify read-only
+            // safety, so refuse to proceed rather than silently exposing write operations.
+            if (discoveredToolNames.length === 0) {
+                await neurolink
+                    .removeExternalMCPServer("local-git")
+                    .catch(() => undefined);
+                throw new MCPServerError("local-git MCP server returned no tools — cannot verify read-only filtering. Aborting local mode setup.");
+            }
+            const mutatingTools = discoveredToolNames.filter((name) => this.isMutatingGitTool(name));
+            // Enforce hard safety at MCP layer: mutating tools are removed from registry.
+            if (mutatingTools.length > 0) {
+                await neurolink.removeExternalMCPServer("local-git");
+                await neurolink.addExternalMCPServer("local-git", this.buildLocalGitServerConfig(mutatingTools));
+                // Verify the re-registration actually removed all mutating tools.
+                const remainingMutating = this.getLocalGitToolNames(neurolink).filter((name) => this.isMutatingGitTool(name));
+                if (remainingMutating.length > 0) {
+                    await neurolink
+                        .removeExternalMCPServer("local-git")
+                        .catch(() => undefined);
+                    throw new MCPServerError(`Read-only enforcement failed — mutating tools still present after blocking: ${remainingMutating.join(", ")}`);
+                }
+            }
+            console.log("   ✅ Local Git MCP server registered");
+            console.log("   🔒 Local mode enforces regex-derived read-only blocking at MCP layer");
+            if (mutatingTools.length > 0) {
+                console.log(`   🚫 Blocked local-git tools: ${mutatingTools.join(", ")}`);
+            }
+            try {
+                const toolNames = this.getLocalGitToolNames(neurolink);
+                if (toolNames.length > 0) {
+                    console.log(`   🧰 local-git tools (available): ${toolNames.join(", ")}`);
+                }
+            }
+            catch {
+                // Optional introspection only
+            }
+            await this.logDiagnostics(neurolink);
+        }
+        catch (error) {
+            throw new MCPServerError(`Failed to setup local Git MCP server: ${error.message}`);
+        }
+    }
+    buildLocalGitServerConfig(blockedTools) {
+        return {
+            // Launch via package script: tries uvx first, falls back to npx package.
+            command: "npm",
+            args: ["run", "-s", "mcp:git:server"],
+            transport: "stdio",
+            blockedTools,
+        };
+    }
+    getLocalGitToolNames(neurolink) {
+        return (neurolink.getExternalMCPServerTools?.("local-git") || [])
+            .map((tool) => tool?.name)
+            .filter((name) => typeof name === "string");
+    }
+    isMutatingGitTool(toolName) {
+        // Handles plain names (git_commit) and prefixed names (local-git.git_commit).
+        const normalized = toolName.split(/[.:/]/).pop() || toolName;
+        return /^git_(commit|push|add|checkout|create_branch|merge|rebase|cherry_pick|reset|revert|tag|rm|clean|stash|apply)\b/i.test(normalized);
+    }
     /**
      * Setup Bitbucket MCP server (hardcoded, always enabled)
      */
@@ -37,10 +112,13 @@ export class MCPServerManager {
                 !process.env.BITBUCKET_BASE_URL) {
                 throw new MCPServerError("Missing required environment variables: BITBUCKET_USERNAME, BITBUCKET_TOKEN, or BITBUCKET_BASE_URL");
             }
-            // Hardcoded Bitbucket MCP configuration
+            // Use the locally installed binary instead of `npx @latest`, which forces
+            // a registry check + possible download in CI and causes the 30s circuit-breaker
+            // to fire intermittently.
+            const bitbucketBin = join(process.cwd(), "node_modules/.bin/bitbucket-mcp-server");
             await neurolink.addExternalMCPServer("bitbucket", {
-                command: "npx",
-                args: ["-y", "@nexus2520/bitbucket-mcp-server"],
+                command: bitbucketBin,
+                args: [],
                 transport: "stdio",
                 env: {
                     BITBUCKET_USERNAME: process.env.BITBUCKET_USERNAME,
@@ -49,6 +127,15 @@ export class MCPServerManager {
                 },
                 blockedTools: blockedTools || [],
             });
+            // Verify the server actually connected — NeuroLink resolves the promise
+            // even on timeout, so we must check the status explicitly.
+            const servers = await neurolink.listMCPServers();
+            const bbServer = (servers || []).find((s) => s.name === "bitbucket");
+            if (!bbServer ||
+                bbServer.status !== "connected" ||
+                bbServer.tools?.length === 0) {
+                throw new MCPServerError(`Bitbucket MCP server registered but not connected (status: ${bbServer?.status ?? "unknown"}, tools: ${bbServer?.tools?.length ?? 0}). Possible startup timeout.`);
+            }
             console.log("   ✅ Bitbucket MCP server registered and tools available");
             if (blockedTools && blockedTools.length > 0) {
                 console.log(`   🚫 Blocked tools: ${blockedTools.join(", ")}`);
@@ -73,10 +160,11 @@ export class MCPServerManager {
                 console.warn("   Skipping Jira integration...");
                 return;
             }
-            // Hardcoded Jira MCP configuration
+            // Use the locally installed binary (same reason as Bitbucket above).
+            const jiraBin = join(process.cwd(), "node_modules/.bin/jira-mcp-server");
             await neurolink.addExternalMCPServer("jira", {
-                command: "npx",
-                args: ["-y", "@nexus2520/jira-mcp-server"],
+                command: jiraBin,
+                args: [],
                 transport: "stdio",
                 env: {
                     JIRA_EMAIL: process.env.JIRA_EMAIL,
@@ -96,5 +184,21 @@ export class MCPServerManager {
             console.warn("   Continuing without Jira integration...");
         }
     }
+    /**
+     * MCP preflight diagnostics after registration.
+     */
+    async logDiagnostics(neurolink) {
+        try {
+            const status = await neurolink.getMCPStatus();
+            const servers = await neurolink.listMCPServers();
+            console.log("   📊 MCP diagnostics:");
+            console.log(`      Servers: ${status.totalServers}`);
+            console.log(`      Tools: ${status.totalTools}`);
+            console.log(`      Connected: ${(servers || []).filter((server) => server?.status === "connected").length}`);
+        }
+        catch (error) {
+            console.warn(`   ⚠️  MCP diagnostics unavailable: ${error.message}`);
+        }
+    }
 }
 //# sourceMappingURL=MCPServerManager.js.map

package/dist/v2/core/SessionManager.d.ts

@@ -1,5 +1,5 @@
 /**
- * Session Manager for Yama V2
+ * Session Manager for Yama
  * Tracks review sessions, tool calls, and maintains state
  */
 import { ReviewSession, ReviewRequest, ReviewResult, SessionMetadata } from "../types/v2.types.js";

package/dist/v2/core/SessionManager.js

@@ -1,5 +1,5 @@
 /**
- * Session Manager for Yama V2
+ * Session Manager for Yama
  * Tracks review sessions, tool calls, and maintains state
  */
 import { randomBytes } from "crypto";
@@ -18,7 +18,7 @@ export class SessionManager {
             status: "running",
             toolCalls: [],
             metadata: {
-                yamaVersion: "2.0.0",
+                yamaVersion: "2.2.1",
                 aiProvider: "auto",
                 aiModel: "unknown",
                 totalTokens: 0,
@@ -122,7 +122,7 @@ export class SessionManager {
     generateSessionId() {
         const timestamp = Date.now().toString(36);
         const random = randomBytes(4).toString("hex");
-        return `yama-v2-${timestamp}-${random}`;
+        return `yama-${timestamp}-${random}`;
     }
     /**
      * Clean up old sessions (keep most recent 100)

package/dist/v2/core/YamaV2Orchestrator.d.ts

@@ -1,25 +1,38 @@
 /**
- * Yama V2 Orchestrator
+ * Yama Orchestrator
  * Main entry point for AI-native autonomous code review
  */
-import { ReviewRequest, ReviewResult, ReviewUpdate } from "../types/v2.types.js";
-export declare class YamaV2Orchestrator {
+import { LocalReviewRequest, LocalReviewResult, ReviewRequest, ReviewResult, ReviewMode, ReviewUpdate, UnifiedReviewRequest } from "../types/v2.types.js";
+import { YamaInitOptions } from "../types/config.types.js";
+export declare class YamaOrchestrator {
     private neurolink;
     private mcpManager;
     private configLoader;
     private promptBuilder;
     private sessionManager;
+    private localDiffSource;
     private config;
     private initialized;
-    constructor();
+    private mcpInitialized;
+    private localGitMcpInitialized;
+    private initOptions;
+    constructor(options?: YamaInitOptions);
     /**
-     * Initialize Yama V2 with configuration and MCP servers
+     * Initialize Yama with configuration and MCP servers
      */
-    initialize(configPath?: string): Promise<void>;
+    initialize(configPath?: string, mode?: ReviewMode): Promise<void>;
     /**
      * Start autonomous AI review
      */
     startReview(request: ReviewRequest): Promise<ReviewResult>;
+    /**
+     * Unified review entry for SDK consumers.
+     */
+    review(request: UnifiedReviewRequest): Promise<ReviewResult | LocalReviewResult>;
+    /**
+     * Local SDK mode review from git diff (no PR/MCP dependency).
+     */
+    reviewLocalDiff(request: LocalReviewRequest): Promise<LocalReviewResult>;
     /**
      * Stream review with real-time updates (for verbose mode)
      */
@@ -59,6 +72,18 @@ export declare class YamaV2Orchestrator {
      * Parse AI response into structured review result
      */
     private parseReviewResult;
+    private recordToolCallsFromResponse;
+    /**
+     * Parse local SDK mode response into strict LocalReviewResult.
+     */
+    private parseLocalReviewResult;
+    private sanitizeLocalSummary;
+    private removeDelimitedSections;
+    private extractJsonPayload;
+    private normalizeFindings;
+    private normalizeSeverity;
+    private countFindingsBySeverity;
+    private normalizeDecision;
     /**
      * Extract decision from AI response
      */
@@ -79,10 +104,23 @@ export declare class YamaV2Orchestrator {
      * Calculate cost estimate from token usage
      */
     private calculateCost;
+    private toSafeNumber;
     /**
      * Generate userId for NeuroLink context from repository and branch/PR
      */
     private generateUserId;
+    private isLocalReviewRequest;
+    /**
+     * Query-level tool filtering for PR mode.
+     * Conservative strategy: only exclude Jira tools when there is no Jira signal.
+     */
+    private getPRToolFilteringOptions;
+    /**
+     * Query-level read-only filtering for local-git MCP tools.
+     * Uses regex-based mutation detection instead of hardcoded tool-name lists.
+     */
+    private getLocalToolFilteringOptions;
+    private normalizeToolName;
     /**
      * Initialize NeuroLink with observability configuration
      */
@@ -92,7 +130,7 @@ export declare class YamaV2Orchestrator {
      */
     private ensureInitialized;
     /**
-     * Show Yama V2 banner
+     * Show Yama banner
      */
     private showBanner;
     /**
@@ -108,5 +146,7 @@ export declare class YamaV2Orchestrator {
      */
     private formatDecision;
 }
-export declare function createYamaV2(): YamaV2Orchestrator;
+export declare function createYamaV2(options?: YamaInitOptions): YamaOrchestrator;
+export declare function createYama(options?: YamaInitOptions): YamaOrchestrator;
+export { YamaOrchestrator as YamaV2Orchestrator };
 //# sourceMappingURL=YamaV2Orchestrator.d.ts.map