@klitchevo/code-council 0.2.3 → 0.2.5

package/dist/{chunk-ZDBY7AGR.js → chunk-H4YGXQ7Q.js}

@@ -911,30 +911,56 @@ var SEVERITY_DESCRIPTIONS = {
   low: "Nice to fix - minor improvements, style issues, small optimizations",
   info: "Informational - suggestions, best practices, educational notes"
 };
-var EXTRACTION_SYSTEM_PROMPT = `You are a precise extraction system. Your task is to parse a code review and extract individual findings into a structured JSON format.
+var EXTRACTION_SYSTEM_PROMPT = `You are a precise extraction system. Your task is to parse a code review and extract individual findings into a structured YAML format.
 
 ## Output Format
 
-You MUST respond with valid JSON matching this schema:
-{
-  "findings": [
-    {
-      "category": "security" | "performance" | "bug" | "maintainability" | "accessibility" | "architecture" | "style" | "documentation" | "testing" | "other",
-      "severity": "critical" | "high" | "medium" | "low" | "info",
-      "title": "Short, descriptive title",
-      "description": "Detailed explanation of the issue",
-      "location": {
-        "file": "path/to/file.ts",
-        "line": 42,
-        "endLine": 45
-      },
-      "suggestion": "How to fix or improve",
-      "suggestedCode": "The actual corrected code that should replace the problematic code (if applicable)",
-      "rawExcerpt": "The original text from the review that describes this finding",
-      "confidence": 0.95
-    }
-  ]
-}
+You MUST respond with valid YAML matching this schema. Use block scalars (|) for multi-line text:
+
+\`\`\`yaml
+findings:
+  - category: security
+    severity: high
+    title: |
+      Short, descriptive title
+    description: |
+      Detailed explanation of the issue.
+    location:
+      file: path/to/file.ts
+      line: 42
+      endLine: 45
+    suggestion: |
+      How to fix (text explanation)
+    suggestedCode: |
+      // The actual fixed code that should replace the buggy code
+      const sanitized = escapeHtml(userInput);
+      return sanitized;
+    confidence: 0.95
+\`\`\`
+
+## CRITICAL: suggestedCode Field
+
+The \`suggestedCode\` field is ESSENTIAL for GitHub's "Apply suggestion" feature. When the review mentions a code fix:
+
+1. **Extract the actual code** that should replace the buggy code
+2. Put it in \`suggestedCode\` as a block scalar (|)
+3. This becomes a clickable "Apply suggestion" button on GitHub
+
+Example - if reviewer says "change \`exec(userInput)\` to \`execFile('ls', [userInput])\`":
+\`\`\`yaml
+suggestedCode: |
+  execFile('ls', [userInput], (error, stdout) => {
+    console.log(stdout);
+  });
+\`\`\`
+
+If no specific code fix is mentioned, omit \`suggestedCode\` entirely.
+
+## Available Values
+
+**Categories**: security, performance, bug, maintainability, accessibility, architecture, style, documentation, testing, other
+
+**Severities**: critical, high, medium, low, info
 
 ## Category Definitions
 
@@ -947,8 +973,8 @@ ${Object.entries(SEVERITY_DESCRIPTIONS).map(([sev, desc]) => `- **${sev}**: ${de
 ## Extraction Rules
 
 1. **Be thorough**: Extract ALL distinct issues mentioned in the review
-2. **Be precise**: Use exact quotes for rawExcerpt when possible
-3. **Infer location**: If file paths or line numbers are mentioned, include them
+2. **Infer location**: If file paths or line numbers are mentioned, include them
+3. **Extract code fixes**: If the reviewer suggests specific code changes, put them in \`suggestedCode\`
 4. **Normalize severity**: Map vague language to specific severity levels:
    - "critical", "severe", "urgent", "must fix" \u2192 critical
    - "important", "significant", "should fix" \u2192 high
@@ -956,15 +982,17 @@ ${Object.entries(SEVERITY_DESCRIPTIONS).map(([sev, desc]) => `- **${sev}**: ${de
    - "minor", "nitpick", "suggestion" \u2192 low/info
 5. **Set confidence**: Higher (0.8-1.0) for clear, explicit issues; lower (0.5-0.7) for inferred or ambiguous ones
 6. **Don't duplicate**: Each distinct issue should appear once
-7. **Handle empty reviews**: If no issues found, return {"findings": []}
-8. **Include code fixes**: When a fix involves specific code changes, provide the actual corrected code in the suggestedCode field (not explanation, just the code)
+7. **Handle empty reviews**: If no issues found, return \`findings: []\`
 
 ## Important
 
 - DO NOT add findings not present in the review
 - DO NOT interpret or expand on the reviewer's points
-- If the review is empty or only contains praise, return an empty findings array
-- Always respond with valid JSON - no markdown code blocks, no explanatory text`;
+- If the review is empty or only contains praise, return empty findings array
+- Always respond with valid YAML
+- Use block scalars (|) for any text that might contain special characters
+- The location.line field is important - always include it when mentioned in the review
+- The suggestedCode field enables GitHub's "Apply suggestion" button - ALWAYS include it when a code fix is provided`;
 function buildExtractionUserMessage(reviewText, modelName) {
   return `Extract all findings from this code review by ${modelName}:
 
@@ -972,7 +1000,7 @@ function buildExtractionUserMessage(reviewText, modelName) {
 ${reviewText}
 ---
 
-Respond with ONLY valid JSON. Do not include markdown code blocks or any other text.`;
+Respond with ONLY valid YAML. Use block scalars (|) for multi-line text. No markdown code blocks or explanatory text.`;
 }
 
 // src/schemas/consensus.ts
@@ -1024,12 +1052,15 @@ var OUTPUT_FORMATS = [
 var DEFAULT_CONSENSUS_CONFIG = {
   enabled: false,
   modelWeights: {},
-  highConfidenceThreshold: 0.8,
-  moderateConfidenceThreshold: 0.5,
+  highConfidenceThreshold: 0.7,
+  // 4+ models for high (was 0.8)
+  moderateConfidenceThreshold: 0.33,
+  // 2+ models for moderate (was 0.5)
   extractionModel: "anthropic/claude-3-haiku",
   fallbackOnError: true,
   lineProximity: 5,
-  similarityThreshold: 0.7,
+  similarityThreshold: 0.5,
+  // Allow more clustering (was 0.7)
   hostExtraction: true
   // Recommended: let MCP host model do extraction
 };
@@ -1049,25 +1080,41 @@ var FindingSchema = z2.object({
   description: z2.string().min(1, "Description cannot be empty"),
   location: CodeLocationSchema.optional(),
   suggestion: z2.string().optional(),
-  rawExcerpt: z2.string(),
+  rawExcerpt: z2.string().optional(),
+  // Made optional - not all extractions include this
   extractedAt: z2.string().datetime(),
   confidence: z2.number().min(0).max(1).optional()
 });
+var severitySchema = z2.string().transform((val) => val.toLowerCase()).pipe(z2.enum(FINDING_SEVERITIES));
+var categorySchema = z2.string().transform((val) => val.toLowerCase()).transform((val) => {
+  if (!FINDING_CATEGORIES.includes(val)) {
+    return "other";
+  }
+  return val;
+}).pipe(z2.enum(FINDING_CATEGORIES));
+var lineNumberSchema = z2.union([z2.number(), z2.string()]).transform((val) => {
+  if (typeof val === "string") {
+    const parsed = Number.parseInt(val, 10);
+    return Number.isNaN(parsed) ? void 0 : parsed;
+  }
+  return val;
+}).pipe(z2.number().int().nonnegative().optional()).nullish();
 var ExtractionResponseSchema = z2.object({
   findings: z2.array(
     z2.object({
-      category: z2.enum(FINDING_CATEGORIES),
-      severity: z2.enum(FINDING_SEVERITIES),
+      category: categorySchema,
+      severity: severitySchema,
       title: z2.string(),
       description: z2.string(),
       location: z2.object({
-        file: z2.string(),
-        line: z2.number().nullish(),
-        endLine: z2.number().nullish()
+        file: z2.string().nullish(),
+        // Allow null - some models return null for general findings
+        line: lineNumberSchema,
+        endLine: lineNumberSchema
       }).nullish(),
       suggestion: z2.string().nullish(),
       suggestedCode: z2.string().nullish(),
-      rawExcerpt: z2.string(),
+      rawExcerpt: z2.string().nullish(),
       confidence: z2.number().min(0).max(1).nullish()
     })
   )
@@ -1145,7 +1192,270 @@ var ConsensusOptionsSchema = z2.object({
   outputFormat: z2.enum(OUTPUT_FORMATS).optional()
 });
 
+// src/consensus/yaml-parser.ts
+init_esm_shims();
+import yaml from "js-yaml";
+function stripMarkdownCodeBlocks(text) {
+  let result = text.trim();
+  if (result.startsWith("```yaml")) {
+    result = result.slice(7);
+  } else if (result.startsWith("```json")) {
+    result = result.slice(7);
+  } else if (result.startsWith("```")) {
+    result = result.slice(3);
+  }
+  if (result.endsWith("```")) {
+    result = result.slice(0, -3);
+  }
+  return result.trim();
+}
+function addBlockScalarIndicators(text) {
+  return text.replace(
+    /^(\s*)(\w+):\s*"([^"]*\\[^"]*)"$/gm,
+    (_, indent, key, value) => {
+      const unescaped = value.replace(/\\n/g, "\n").replace(/\\t/g, "	").replace(/\\"/g, '"').replace(/\\\\/g, "\\");
+      return `${indent}${key}: |
+${indent}  ${unescaped.replace(/\n/g, `
+${indent}  `)}`;
+    }
+  );
+}
+function fixBlockScalarIndent(text) {
+  return text.replace(/\|(?!\d)/g, "|2");
+}
+function extractYamlFromMarkers(text, firstKey, lastKey) {
+  const firstKeyIndex = text.indexOf(`${firstKey}:`);
+  if (firstKeyIndex === -1) return null;
+  let endIndex = text.length;
+  if (lastKey) {
+    const lastKeyIndex = text.lastIndexOf(`${lastKey}:`);
+    if (lastKeyIndex !== -1) {
+      const afterLastKey = text.slice(lastKeyIndex);
+      const nextKeyMatch = afterLastKey.match(/\n[a-zA-Z_]/);
+      if (nextKeyMatch?.index) {
+        endIndex = lastKeyIndex + nextKeyMatch.index;
+      }
+    }
+  }
+  return text.slice(firstKeyIndex, endIndex).trim();
+}
+function removeCurlyBrackets(text) {
+  let result = text.trim();
+  if (result.startsWith("{") && result.endsWith("}")) {
+    result = result.slice(1, -1).trim();
+  }
+  return result;
+}
+function removeLeadingPlusSymbols(text) {
+  return text.replace(/^\+\s*/gm, "");
+}
+function extractFromFindingsKeyword(text) {
+  const stripped = stripMarkdownCodeBlocks(text);
+  const findingsIndex = stripped.indexOf("findings:");
+  if (findingsIndex === -1) {
+    return stripped;
+  }
+  return stripped.slice(findingsIndex).trim();
+}
+function removeDuplicateKeys(text) {
+  const lines = text.split("\n");
+  const result = [];
+  const seenKeys = /* @__PURE__ */ new Map();
+  for (const line of lines) {
+    const match = line.match(/^(\s*)(\w+):/);
+    if (match) {
+      const indent = match[1]?.length ?? 0;
+      const key = match[2] ?? "";
+      for (const [level] of seenKeys) {
+        if (level > indent) {
+          seenKeys.delete(level);
+        }
+      }
+      const keysAtLevel = seenKeys.get(indent) ?? /* @__PURE__ */ new Set();
+      if (keysAtLevel.has(key)) {
+        continue;
+      }
+      keysAtLevel.add(key);
+      seenKeys.set(indent, keysAtLevel);
+    }
+    result.push(line);
+  }
+  return result.join("\n");
+}
+function replaceTabsWithSpaces(text) {
+  return text.replace(/\t/g, "  ");
+}
+function tryFixYamlIssues(text) {
+  let result = text;
+  result = result.replace(
+    /^(\s*)(\w+):\s+([^|\n]*:[^\n]*)$/gm,
+    (_, indent, key, value) => {
+      const trimmedValue = value.trim();
+      if (trimmedValue.startsWith('"') || trimmedValue.startsWith("'") || trimmedValue.startsWith("|") || trimmedValue.startsWith(">") || trimmedValue.startsWith("-") || trimmedValue.startsWith("[") || trimmedValue.startsWith("{")) {
+        return `${indent}${key}: ${value}`;
+      }
+      return `${indent}${key}: "${trimmedValue.replace(/"/g, '\\"')}"`;
+    }
+  );
+  return result;
+}
+function attemptParse(text, strategyName) {
+  try {
+    const data = yaml.load(text);
+    if (data !== null && data !== void 0) {
+      return { success: true, data, strategy: strategyName };
+    }
+    return { success: false, error: "Parsed to null/undefined" };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return { success: false, error: message };
+  }
+}
+function attemptJsonParse(text) {
+  try {
+    const data = JSON.parse(text);
+    return { success: true, data, strategy: "json-fallback" };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return { success: false, error: message };
+  }
+}
+function parseYamlWithFallbacks(text, firstKey, lastKey) {
+  const strategies = [
+    // Try simple approaches first (least likely to break valid YAML)
+    { name: "raw", transform: (t) => t },
+    { name: "strip-markdown", transform: stripMarkdownCodeBlocks },
+    {
+      name: "extract-findings-keyword",
+      transform: extractFromFindingsKeyword
+    },
+    {
+      name: "strip-markdown+tabs",
+      transform: (t) => replaceTabsWithSpaces(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "remove-duplicate-keys",
+      transform: (t) => removeDuplicateKeys(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "extract-findings+dedup",
+      transform: (t) => removeDuplicateKeys(extractFromFindingsKeyword(t))
+    },
+    {
+      name: "extract-findings+dedup+tabs",
+      transform: (t) => replaceTabsWithSpaces(
+        removeDuplicateKeys(extractFromFindingsKeyword(t))
+      )
+    },
+    // Then try more aggressive fixes
+    {
+      name: "strip-markdown+fix-issues",
+      transform: (t) => tryFixYamlIssues(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "block-scalars",
+      transform: (t) => addBlockScalarIndicators(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "fix-indent",
+      transform: (t) => fixBlockScalarIndent(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "remove-curly",
+      transform: (t) => removeCurlyBrackets(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "remove-plus",
+      transform: (t) => removeLeadingPlusSymbols(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "tabs-to-spaces",
+      transform: (t) => replaceTabsWithSpaces(stripMarkdownCodeBlocks(t))
+    },
+    {
+      name: "combined-fixes",
+      transform: (t) => tryFixYamlIssues(
+        replaceTabsWithSpaces(
+          removeLeadingPlusSymbols(
+            removeCurlyBrackets(stripMarkdownCodeBlocks(t))
+          )
+        )
+      )
+    },
+    {
+      name: "extract-findings-keyword+fixes",
+      transform: (t) => tryFixYamlIssues(
+        replaceTabsWithSpaces(extractFromFindingsKeyword(t))
+      )
+    },
+    {
+      name: "remove-duplicate-keys+all-fixes",
+      transform: (t) => tryFixYamlIssues(
+        replaceTabsWithSpaces(
+          removeDuplicateKeys(extractFromFindingsKeyword(t))
+        )
+      )
+    }
+  ];
+  if (firstKey) {
+    strategies.push({
+      name: "extract-by-markers",
+      transform: (t) => {
+        const extracted = extractYamlFromMarkers(
+          stripMarkdownCodeBlocks(t),
+          firstKey,
+          lastKey
+        );
+        return extracted ?? t;
+      }
+    });
+    strategies.push({
+      name: "extract-by-markers+dedup",
+      transform: (t) => {
+        const extracted = extractYamlFromMarkers(
+          stripMarkdownCodeBlocks(t),
+          firstKey,
+          lastKey
+        );
+        return removeDuplicateKeys(extracted ?? t);
+      }
+    });
+  }
+  const errors = [];
+  for (const strategy of strategies) {
+    const transformed = strategy.transform(text);
+    const result = attemptParse(transformed, strategy.name);
+    if (result.success) {
+      logger.debug("YAML parsed successfully", { strategy: strategy.name });
+      return result.data;
+    }
+    errors.push(`${strategy.name}: ${result.error}`);
+  }
+  const strippedText = stripMarkdownCodeBlocks(text);
+  const jsonResult = attemptJsonParse(strippedText);
+  if (jsonResult.success) {
+    logger.debug("Fell back to JSON parsing");
+    return jsonResult.data;
+  }
+  errors.push(`json-fallback: ${jsonResult.error}`);
+  const errorSummary = errors.slice(-3).join("; ");
+  const truncatedInput = text.length > 200 ? `${text.slice(0, 200)}...` : text;
+  logger.error("YAML/JSON parsing failed", {
+    inputLength: text.length,
+    inputPreview: truncatedInput,
+    strategiesTried: strategies.length + 1,
+    lastErrors: errors.slice(-3)
+  });
+  throw new Error(
+    `Failed to parse YAML/JSON after ${strategies.length + 1} attempts. Last errors: ${errorSummary}`
+  );
+}
+function parseExtractionYaml(text) {
+  return parseYamlWithFallbacks(text, "findings");
+}
+
 // src/consensus/extractor.ts
+var MIN_CONFIDENCE_THRESHOLD = 0.3;
 function generateFindingId() {
   const timestamp = Date.now().toString(36);
   const random = Math.random().toString(36).substring(2, 8);
@@ -1153,25 +1463,40 @@ function generateFindingId() {
 }
 function repairJson(jsonStr) {
   let repaired = jsonStr;
-  repaired = repaired.replace(/,(\s*[}\]])/g, "$1");
-  repaired = repaired.replace(/"([^"]*(?:\\"[^"]*)*)"/g, (match) => {
-    return match.replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/\t/g, "\\t");
+  repaired = repaired.replace(/\\'/g, "'");
+  repaired = repaired.replace(/\\`/g, "`");
+  repaired = repaired.replace(/"([^"]*?)"/g, (_, content) => {
+    const fixed = content.replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/\t/g, "\\t");
+    return `"${fixed}"`;
   });
+  repaired = repaired.replace(/,(\s*[}\]])/g, "$1");
   return repaired;
 }
 function parseExtractionResponse(responseText, sourceModel) {
-  let jsonStr = responseText.trim();
-  if (jsonStr.startsWith("```json")) {
-    jsonStr = jsonStr.slice(7);
-  } else if (jsonStr.startsWith("```")) {
-    jsonStr = jsonStr.slice(3);
-  }
-  if (jsonStr.endsWith("```")) {
-    jsonStr = jsonStr.slice(0, -3);
-  }
-  jsonStr = jsonStr.trim();
-  jsonStr = repairJson(jsonStr);
-  const raw = JSON.parse(jsonStr);
+  let raw;
+  try {
+    raw = parseExtractionYaml(responseText);
+    logger.debug("Parsed extraction response via YAML parser", { sourceModel });
+  } catch (yamlError) {
+    logger.debug("YAML parsing failed, trying JSON repair", {
+      sourceModel,
+      error: yamlError instanceof Error ? yamlError.message : "Unknown"
+    });
+    let jsonStr = responseText.trim();
+    if (jsonStr.startsWith("```json")) {
+      jsonStr = jsonStr.slice(7);
+    } else if (jsonStr.startsWith("```yaml")) {
+      jsonStr = jsonStr.slice(7);
+    } else if (jsonStr.startsWith("```")) {
+      jsonStr = jsonStr.slice(3);
+    }
+    if (jsonStr.endsWith("```")) {
+      jsonStr = jsonStr.slice(0, -3);
+    }
+    jsonStr = jsonStr.trim();
+    jsonStr = repairJson(jsonStr);
+    raw = JSON.parse(jsonStr);
+  }
   const parsed = ExtractionResponseSchema.parse(raw);
   const now = (/* @__PURE__ */ new Date()).toISOString();
   return parsed.findings.map(
@@ -1182,14 +1507,14 @@ function parseExtractionResponse(responseText, sourceModel) {
       severity: f.severity,
       title: f.title,
       description: f.description,
-      location: f.location ? {
+      location: f.location?.file ? {
         file: f.location.file,
         line: f.location.line ?? void 0,
         endLine: f.location.endLine ?? void 0
       } : void 0,
       suggestion: f.suggestion ?? void 0,
       suggestedCode: f.suggestedCode ?? void 0,
-      rawExcerpt: f.rawExcerpt,
+      rawExcerpt: f.rawExcerpt ?? void 0,
       extractedAt: now,
       confidence: f.confidence ?? void 0
     })
@@ -1219,7 +1544,21 @@ async function extractFindings(reviewText, sourceModel, chatFn) {
       EXTRACTION_SYSTEM_PROMPT,
       userMessage
     );
-    const findings = parseExtractionResponse(response, sourceModel);
+    const allFindings = parseExtractionResponse(response, sourceModel);
+    const findings = allFindings.filter((f) => {
+      if (f.confidence === void 0) {
+        return true;
+      }
+      return f.confidence >= MIN_CONFIDENCE_THRESHOLD;
+    });
+    const filteredCount = allFindings.length - findings.length;
+    if (filteredCount > 0) {
+      logger.debug("Filtered low-confidence findings", {
+        sourceModel,
+        filtered: filteredCount,
+        threshold: MIN_CONFIDENCE_THRESHOLD
+      });
+    }
     logger.debug("Extracted findings", {
       sourceModel,
       count: findings.length
@@ -1400,11 +1739,11 @@ function normalizeLocation(location) {
   const file = normalizeFilePath(location.file);
   let line = location.line;
   let endLine = location.endLine;
-  if (line !== void 0 && line < 1) {
+  if (line !== void 0 && line < 0) {
     line = void 0;
   }
   if (endLine !== void 0) {
-    if (endLine < 1) {
+    if (endLine < 0) {
       endLine = void 0;
     } else if (line !== void 0 && endLine < line) {
       [line, endLine] = [endLine, line];
@@ -1427,7 +1766,7 @@ function normalizeFinding(finding) {
     description: finding.description.trim(),
     location: normalizeLocation(finding.location),
     suggestion: finding.suggestion?.trim(),
-    rawExcerpt: finding.rawExcerpt.trim(),
+    rawExcerpt: finding.rawExcerpt?.trim(),
     confidence: finding.confidence !== void 0 ? Math.max(0, Math.min(1, finding.confidence)) : void 0
   };
 }
@@ -1580,8 +1919,10 @@ init_esm_shims();
 // src/consensus/clustering.ts
 init_esm_shims();
 var DEFAULT_CLUSTERING_CONFIG = {
-  lineProximity: 5,
-  similarityThreshold: 0.7
+  lineProximity: 15,
+  // More lenient - models often point to different lines for same issue
+  similarityThreshold: 0.55
+  // Lower threshold - models describe same issues differently
 };
 function generateClusterId() {
   const timestamp = Date.now().toString(36);
@@ -1625,9 +1966,54 @@ function createClusterTitle(findings) {
   }
   return titles[0] ?? "Unnamed finding";
 }
+var ISSUE_KEYWORDS = {
+  sql_injection: ["sql", "injection", "sqli", "cwe-89", "query"],
+  xss: ["xss", "cross-site", "scripting", "cwe-79", "sanitiz"],
+  command_injection: ["command", "injection", "exec", "shell", "cwe-78", "rce"],
+  hardcoded_secrets: [
+    "hardcoded",
+    "secret",
+    "credential",
+    "password",
+    "api key",
+    "cwe-798"
+  ],
+  auth_bypass: ["auth", "bypass", "backdoor", "authentication"],
+  weak_crypto: ["crypto", "random", "math.random", "weak", "cwe-338"],
+  info_disclosure: ["disclosure", "exposure", "logging", "cwe-532"],
+  race_condition: ["race", "condition", "toctou", "concurrent"],
+  memory_leak: ["memory", "leak", "unbounded", "cache"],
+  missing_validation: ["validation", "sanitiz", "escape", "input"]
+};
+function extractIssueTypes(text) {
+  const lower = text.toLowerCase();
+  const types = /* @__PURE__ */ new Set();
+  for (const [issueType, keywords] of Object.entries(ISSUE_KEYWORDS)) {
+    for (const keyword of keywords) {
+      if (lower.includes(keyword)) {
+        types.add(issueType);
+        break;
+      }
+    }
+  }
+  return types;
+}
 function textSimilarity(text1, text2) {
   const t1 = text1 ?? "";
   const t2 = text2 ?? "";
+  const types1 = extractIssueTypes(t1);
+  const types2 = extractIssueTypes(t2);
+  if (types1.size > 0 && types2.size > 0) {
+    let typeOverlap = 0;
+    for (const type of types1) {
+      if (types2.has(type)) {
+        typeOverlap++;
+      }
+    }
+    if (typeOverlap > 0) {
+      return Math.min(1, 0.8 + typeOverlap * 0.05);
+    }
+  }
   const words1 = new Set(
     t1.toLowerCase().split(/\s+/).filter((w) => w.length > 2)
   );
@@ -1658,20 +2044,41 @@ function findingSimilarity(finding1, finding2, config = DEFAULT_CLUSTERING_CONFI
     finding2.location,
     config.lineProximity
   );
+  const sameFile = finding1.location?.file && finding2.location?.file && finding1.location.file === finding2.location.file;
+  const types1 = extractIssueTypes(`${finding1.title} ${finding1.description}`);
+  const types2 = extractIssueTypes(`${finding2.title} ${finding2.description}`);
+  let sharedIssueType = false;
+  for (const type of types1) {
+    if (types2.has(type)) {
+      sharedIssueType = true;
+      break;
+    }
+  }
   const titleSim = textSimilarity(finding1.title, finding2.title);
   const descSim = textSimilarity(finding1.description, finding2.description);
+  if (sharedIssueType && sameFile) {
+    return Math.min(1, 0.75 + titleSim * 0.15 + descSim * 0.1);
+  }
+  if (finding1.category === "security" && sameFile) {
+    return Math.min(1, 0.6 + titleSim * 0.2 + descSim * 0.1);
+  }
+  if (sharedIssueType) {
+    return Math.min(1, 0.5 + titleSim * 0.25 + descSim * 0.15);
+  }
   let score = 0;
-  score += 0.2;
-  if (locationMatch) {
-    if (finding1.location?.line && finding2.location?.line) {
-      score += 0.4;
-    } else if (finding1.location?.file && finding2.location?.file) {
-      score += 0.2;
+  score += 0.25;
+  if (sameFile) {
+    if (locationMatch) {
+      score += 0.35;
+    } else {
+      score += 0.25;
     }
+  } else if (locationMatch) {
+    score += 0.15;
   }
   score += titleSim * 0.25;
   score += descSim * 0.15;
-  return Math.min(1, score);
+  return Math.min(1, Math.max(0, score));
 }
 function shouldJoinCluster(finding, cluster, config) {
   for (const existing of cluster) {
@@ -1682,20 +2089,40 @@ function shouldJoinCluster(finding, cluster, config) {
   }
   return false;
 }
+function getClusterKey(finding) {
+  const file = finding.location?.file ?? "no-file";
+  const category = finding.category;
+  return `${file}::${category}`;
+}
 function initialClustering(findings, config) {
-  const clusters = [];
+  const preGroups = /* @__PURE__ */ new Map();
   for (const finding of findings) {
-    let joined = false;
-    for (const cluster of clusters) {
-      if (shouldJoinCluster(finding, cluster, config)) {
-        cluster.push(finding);
-        joined = true;
-        break;
-      }
+    const key = getClusterKey(finding);
+    const group = preGroups.get(key) ?? [];
+    group.push(finding);
+    preGroups.set(key, group);
+  }
+  const clusters = [];
+  for (const group of preGroups.values()) {
+    if (group.length === 1) {
+      clusters.push(group);
+      continue;
     }
-    if (!joined) {
-      clusters.push([finding]);
+    const subClusters = [];
+    for (const finding of group) {
+      let joined = false;
+      for (const subCluster of subClusters) {
+        if (shouldJoinCluster(finding, subCluster, config)) {
+          subCluster.push(finding);
+          joined = true;
+          break;
+        }
+      }
+      if (!joined) {
+        subClusters.push([finding]);
+      }
     }
+    clusters.push(...subClusters);
   }
   return clusters;
 }
@@ -1712,16 +2139,20 @@ function mergeSimilarClusters(clusters, config) {
         const cluster1 = merged[i];
         const cluster2 = merged[j];
         if (!cluster1 || !cluster2) continue;
+        let maxSim = 0;
         let totalSim = 0;
         let pairs = 0;
         for (const f1 of cluster1) {
           for (const f2 of cluster2) {
-            totalSim += findingSimilarity(f1, f2, config);
+            const sim = findingSimilarity(f1, f2, config);
+            maxSim = Math.max(maxSim, sim);
+            totalSim += sim;
             pairs++;
           }
         }
         const avgSim = pairs > 0 ? totalSim / pairs : 0;
-        if (avgSim >= config.similarityThreshold) {
+        const shouldMerge = maxSim >= 0.75 || avgSim >= config.similarityThreshold;
+        if (shouldMerge) {
           merged[i] = [...cluster1, ...cluster2];
           merged.splice(j, 1);
           changed = true;
@@ -2230,4 +2661,4 @@ export {
   gitReviewSchema,
   handleGitReview
 };
-//# sourceMappingURL=chunk-ZDBY7AGR.js.map
+//# sourceMappingURL=chunk-H4YGXQ7Q.js.map

package/dist/{cli-PHU3RI5B.js → cli-ZOWF2WJK.js}

@@ -4,8 +4,9 @@ import {
   buildConsensusReport,
   formatForHostExtraction,
   handleGitReview,
-  initializeConfig
-} from "./chunk-ZDBY7AGR.js";
+  initializeConfig,
+  logger
+} from "./chunk-H4YGXQ7Q.js";
 import "./chunk-AEDZOTVA.js";
 import "./chunk-HVF7WG6A.js";
 import {
@@ -128,29 +129,77 @@ function normalizePath(path) {
 }
 
 // src/consensus/comment-mapper.ts
+var DEFAULT_LINE_TOLERANCE = 20;
+function findNearestChangedLine(changedLines, targetLine, tolerance = DEFAULT_LINE_TOLERANCE) {
+  if (changedLines.size === 0) {
+    return void 0;
+  }
+  if (changedLines.has(targetLine)) {
+    return targetLine;
+  }
+  let nearestLine;
+  let minDistance = tolerance + 1;
+  for (const line of changedLines) {
+    const distance = Math.abs(line - targetLine);
+    if (distance <= tolerance && distance < minDistance) {
+      minDistance = distance;
+      nearestLine = line;
+    }
+  }
+  return nearestLine;
+}
+function isWithinHunkBoundary(hunks, lineNumber) {
+  for (const hunk of hunks) {
+    const hunkEnd = hunk.newStart + hunk.newCount - 1;
+    if (lineNumber >= hunk.newStart && lineNumber <= hunkEnd) {
+      return true;
+    }
+  }
+  return false;
+}
+function getFirstChangedLine(changedLines) {
+  if (changedLines.size === 0) {
+    return 1;
+  }
+  let minLine = Number.POSITIVE_INFINITY;
+  for (const line of changedLines) {
+    if (line < minLine) {
+      minLine = line;
+    }
+  }
+  return minLine;
+}
 function findMatchingDiffFile(diff, filePath) {
   const normalizedTarget = normalizePath(filePath);
   for (const file of diff.files) {
     const normalizedNew = normalizePath(file.newPath);
     const normalizedOld = normalizePath(file.oldPath);
     if (normalizedNew === normalizedTarget || normalizedOld === normalizedTarget) {
-      return { path: file.newPath, changedLines: file.changedLines };
+      return {
+        path: file.newPath,
+        changedLines: file.changedLines,
+        hunks: file.hunks
+      };
     }
     const targetFilename = normalizedTarget.split("/").pop();
     const newFilename = normalizedNew.split("/").pop();
     if (targetFilename && newFilename && targetFilename === newFilename) {
       if (normalizedNew.endsWith(normalizedTarget) || normalizedTarget.endsWith(normalizedNew)) {
-        return { path: file.newPath, changedLines: file.changedLines };
+        return {
+          path: file.newPath,
+          changedLines: file.changedLines,
+          hunks: file.hunks
+        };
       }
     }
   }
   return void 0;
 }
-function mapClustersToComments(clusters, diff) {
+function mapClustersToComments(clusters, diff, lineTolerance = DEFAULT_LINE_TOLERANCE) {
   const comments = [];
   const unmapped = [];
   for (const cluster of clusters) {
-    if (!cluster.canonicalLocation?.file || !cluster.canonicalLocation?.line) {
+    if (!cluster.canonicalLocation?.file) {
       unmapped.push(cluster);
       continue;
     }
@@ -160,14 +209,52 @@ function mapClustersToComments(clusters, diff) {
       unmapped.push(cluster);
       continue;
     }
-    if (!matchingFile.changedLines.has(line)) {
-      unmapped.push(cluster);
-      continue;
+    let targetLine;
+    if (line !== void 0) {
+      if (matchingFile.changedLines.has(line)) {
+        targetLine = line;
+      } else {
+        const nearestLine = findNearestChangedLine(
+          matchingFile.changedLines,
+          line,
+          lineTolerance
+        );
+        if (nearestLine !== void 0) {
+          logger.debug("Using nearest changed line", {
+            file,
+            originalLine: line,
+            mappedLine: nearestLine
+          });
+          targetLine = nearestLine;
+        } else {
+          targetLine = getFirstChangedLine(matchingFile.changedLines);
+          logger.debug("Using first changed line as fallback", {
+            file,
+            originalLine: line,
+            mappedLine: targetLine
+          });
+        }
+      }
+    } else {
+      targetLine = getFirstChangedLine(matchingFile.changedLines);
+      logger.debug("No line specified, using first changed line", {
+        file,
+        mappedLine: targetLine
+      });
+    }
+    if (!isWithinHunkBoundary(matchingFile.hunks, targetLine)) {
+      logger.warn("Target line not within hunk boundary", {
+        file,
+        targetLine,
+        hunks: matchingFile.hunks.map(
+          (h) => `${h.newStart}-${h.newStart + h.newCount - 1}`
+        )
+      });
     }
     comments.push({
       cluster,
       path: matchingFile.path,
-      line
+      line: targetLine
     });
   }
   return { comments, unmapped };
@@ -178,8 +265,18 @@ init_esm_shims();
 var DEFAULT_OPTIONS = {
   maxComments: 30,
   includeLowSeverity: false,
-  showModelAgreement: true
+  showModelAgreement: true,
+  minConfidence: 0.2
+  // Show findings with 2+ models agreeing (was 0.5)
 };
+var GITHUB_MAX_COMMENT_LENGTH = 65e3;
+function truncateToLimit(text, limit = GITHUB_MAX_COMMENT_LENGTH) {
+  if (text.length <= limit) {
+    return text;
+  }
+  const truncationMarker = "\n\n... (truncated due to GitHub character limit)";
+  return text.slice(0, limit - truncationMarker.length) + truncationMarker;
+}
 function formatSeverity(severity) {
   const badges = {
     critical: "CRITICAL",
@@ -193,20 +290,27 @@ function formatSeverity(severity) {
 function formatCategory(category) {
   return category.split("_").map((word) => word.charAt(0).toUpperCase() + word.slice(1)).join(" ");
 }
-function formatModelAgreement(cluster) {
-  const total = cluster.agreeingModels.length + cluster.silentModels.length + cluster.disagreingModels.length;
+function formatModelName(fullName) {
+  const slashIndex = fullName.indexOf("/");
+  if (slashIndex !== -1) {
+    return fullName.slice(slashIndex + 1);
+  }
+  return fullName;
+}
+function formatModelAgreement(cluster, totalModels) {
   const agreeing = cluster.agreeingModels.length;
   const confidence = Math.round(cluster.confidence * 100);
-  return `${agreeing}/${total} models | Confidence: ${confidence}%`;
+  const modelNames = cluster.agreeingModels.map(formatModelName).join(", ");
+  return `Found by: ${modelNames} (${agreeing}/${totalModels}) | ${confidence}% confidence`;
 }
-function formatCommentBody(cluster, showModelAgreement) {
+function formatCommentBody(cluster, showModelAgreement, totalModels) {
   const lines = [];
   lines.push(
     `**[${formatSeverity(cluster.severity)}] ${cluster.title}** (${formatCategory(cluster.category)})`
   );
   lines.push("");
   if (showModelAgreement) {
-    lines.push(formatModelAgreement(cluster));
+    lines.push(formatModelAgreement(cluster, totalModels));
     lines.push("");
   }
   const firstFinding = cluster.findings[0];
@@ -251,7 +355,10 @@ function formatSummaryBody(report, mappingResult, inlineCommentCount) {
   lines.push("## Code Council Multi-Model Review");
   lines.push("");
   const totalFindings = report.highConfidence.length + report.moderateConfidence.length + report.lowConfidence.length;
-  lines.push(`**${report.participatingModels.length} models** participated`);
+  const modelNames = report.participatingModels.map(formatModelName).join(", ");
+  lines.push(
+    `**${report.participatingModels.length} models** participated: ${modelNames}`
+  );
   lines.push(`**${totalFindings} findings** total`);
   lines.push(`**${inlineCommentCount} inline comments** on changed lines`);
   lines.push(
@@ -301,8 +408,15 @@ function formatPrComments(report, mappingResult, options = {}) {
       (c) => c.cluster.severity !== "low" && c.cluster.severity !== "info"
     );
   }
+  if (opts.minConfidence > 0) {
+    commentsToInclude = commentsToInclude.filter(
+      (c) => c.cluster.confidence >= opts.minConfidence
+    );
+  }
   const severityOrder = ["critical", "high", "medium", "low", "info"];
   commentsToInclude.sort((a, b) => {
+    const confidenceDiff = b.cluster.confidence - a.cluster.confidence;
+    if (Math.abs(confidenceDiff) > 0.01) return confidenceDiff;
     const severityDiff = severityOrder.indexOf(a.cluster.severity) - severityOrder.indexOf(b.cluster.severity);
     if (severityDiff !== 0) return severityDiff;
     return a.line - b.line;
@@ -310,12 +424,21 @@ function formatPrComments(report, mappingResult, options = {}) {
   if (commentsToInclude.length > opts.maxComments) {
     commentsToInclude = commentsToInclude.slice(0, opts.maxComments);
   }
-  const comments = commentsToInclude.map((mapped) => ({
-    path: mapped.path,
-    line: mapped.line,
-    body: formatCommentBody(mapped.cluster, opts.showModelAgreement)
-  }));
-  const body = formatSummaryBody(report, mappingResult, comments.length);
+  const totalModels = report.participatingModels.length;
+  const comments = commentsToInclude.map((mapped) => {
+    const rawBody2 = formatCommentBody(
+      mapped.cluster,
+      opts.showModelAgreement,
+      totalModels
+    );
+    return {
+      path: mapped.path,
+      line: mapped.line,
+      body: truncateToLimit(rawBody2)
+    };
+  });
+  const rawBody = formatSummaryBody(report, mappingResult, comments.length);
+  const body = truncateToLimit(rawBody);
   return {
     body,
     event: "COMMENT",
@@ -582,7 +705,7 @@ async function handleCliCodeReview(client, models, format, context, filePath, op
   const fullContext = language ? `Language: ${language}${context ? `
 ${context}` : ""}` : context;
   const results = await client.reviewCode(inputResult, models, fullContext);
-  return formatReviewOutput(results, format);
+  return formatReviewOutput(results, format, client);
 }
 async function handleCliGitReview(client, models, format, context, options) {
   const reviewType = options["review-type"] || "staged";
@@ -602,7 +725,7 @@ async function handleCliGitReview(client, models, format, context, options) {
   if (format === "pr-comments") {
     return formatPrCommentsOutput(result.results, result.diffText, client);
   }
-  return formatReviewOutput(result.results, format);
+  return formatReviewOutput(result.results, format, client);
 }
 async function handleCliFrontendReview(client, models, format, context, filePath, options) {
   const inputResult = await getInput(filePath);
@@ -616,7 +739,7 @@ async function handleCliFrontendReview(client, models, format, context, filePath
     reviewType,
     context
   });
-  return formatReviewOutput(results, format);
+  return formatReviewOutput(results, format, client);
 }
 async function handleCliBackendReview(client, models, format, context, filePath, options) {
   const inputResult = await getInput(filePath);
@@ -630,7 +753,7 @@ async function handleCliBackendReview(client, models, format, context, filePath,
     reviewType,
     context
   });
-  return formatReviewOutput(results, format);
+  return formatReviewOutput(results, format, client);
 }
 async function handleCliPlanReview(client, models, format, context, filePath, options) {
   const inputResult = await getInput(filePath);
@@ -642,14 +765,25 @@ async function handleCliPlanReview(client, models, format, context, filePath, op
     reviewType,
     context
   });
-  return formatReviewOutput(results, format);
+  return formatReviewOutput(results, format, client);
 }
-function formatReviewOutput(results, format) {
-  const { formatted } = formatForHostExtraction(results, format);
-  return {
-    exitCode: ExitCode.SUCCESS,
-    stdout: formatted
-  };
+async function formatReviewOutput(results, format, reviewClient) {
+  const consensusClient = new ConsensusClient(reviewClient);
+  try {
+    const { formatted } = await buildConsensusReport(results, consensusClient, {
+      outputFormat: format
+    });
+    return {
+      exitCode: ExitCode.SUCCESS,
+      stdout: formatted
+    };
+  } catch (error) {
+    const { formatted } = formatForHostExtraction(results, format);
+    return {
+      exitCode: ExitCode.SUCCESS,
+      stdout: formatted
+    };
+  }
 }
 async function formatPrCommentsOutput(results, diffText, reviewClient) {
   const consensusClient = new ConsensusClient(reviewClient);
@@ -704,6 +838,9 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Fetch base branch
+        run: git fetch origin \${{ github.base_ref }}:\${{ github.base_ref }} || true
+
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
@@ -715,63 +852,101 @@ jobs:
           OPENROUTER_API_KEY: \${{ secrets.OPENROUTER_API_KEY }}
         run: |
           # Run review with pr-comments format for inline comments
-          npx @klitchevo/code-council review git \\
-            --review-type diff \\
-            --format pr-comments \\
-            > review.json 2>&1 || {
-              # If pr-comments fails, fall back to markdown format
-              echo "pr-comments format failed, falling back to markdown"
-              npx @klitchevo/code-council review git \\
-                --review-type diff \\
-                --format markdown \\
-                > review.md
-              echo "format=markdown" >> $GITHUB_OUTPUT
-              if [ -s review.md ]; then
-                echo "has_review=true" >> $GITHUB_OUTPUT
-              else
-                echo "has_review=false" >> $GITHUB_OUTPUT
-              fi
-              exit 0
-            }
-
-          # Check if review JSON has content
-          if [ -s review.json ] && [ "$(cat review.json | head -c 10)" != "Error" ]; then
-            echo "has_review=true" >> $GITHUB_OUTPUT
+          if npx @klitchevo/code-council review git \\
+              --review-type diff \\
+              --format pr-comments > review.json; then
             echo "format=pr-comments" >> $GITHUB_OUTPUT
+            echo "has_review=true" >> $GITHUB_OUTPUT
           else
-            echo "has_review=false" >> $GITHUB_OUTPUT
+            echo "pr-comments format failed, falling back to markdown"
+            if npx @klitchevo/code-council review git \\
+                --review-type diff \\
+                --format markdown > review.md; then
+              echo "format=markdown" >> $GITHUB_OUTPUT
+              echo "has_review=true" >> $GITHUB_OUTPUT
+            else
+              echo "has_review=false" >> $GITHUB_OUTPUT
+            fi
           fi
 
-      - name: Post Inline Review
+      - name: Clean Previous Code Council Reviews
         if: steps.review.outputs.has_review == 'true' && steps.review.outputs.format == 'pr-comments'
         env:
           GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Post PR review with inline comments
+          # Dismiss pending reviews to avoid "only one pending review" error
           gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
-            --method POST \\
-            --input review.json
+            --jq '.[] | select(.state == "PENDING") | .id' | \\
+          while read REVIEW_ID; do
+            gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews/$REVIEW_ID \\
+              --method DELETE 2>/dev/null || true
+          done
+
+          # Delete previous Code Council comments
+          gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/comments \\
+            --jq '.[] | select(.body | contains("[CRITICAL]") or contains("[HIGH]") or contains("[MEDIUM]")) | .id' | \\
+          while read COMMENT_ID; do
+            gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/comments/$COMMENT_ID \\
+              --method DELETE 2>/dev/null || true
+          done
+
+      - name: Post Inline Review
+        if: steps.review.outputs.has_review == 'true' && steps.review.outputs.format == 'pr-comments'
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # Validate JSON
+          if ! jq . review.json > /dev/null 2>&1; then
+            echo "Invalid JSON in review.json"
+            cat review.json
+            exit 1
+          fi
+
+          # Try batch review first
+          if gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
+              --method POST \\
+              --input review.json 2>/dev/null; then
+            echo "Review posted successfully"
+          else
+            echo "Batch review failed, falling back to individual comments"
+
+            # Post summary as standalone review
+            SUMMARY_BODY=$(jq -r '.body' review.json)
+            gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
+              --method POST \\
+              -f body="$SUMMARY_BODY" \\
+              -f event="COMMENT" || true
+
+            # Post individual inline comments
+            COMMENT_COUNT=$(jq '.comments | length' review.json)
+            for i in $(seq 0 $((COMMENT_COUNT - 1))); do
+              PATH_VAL=$(jq -r ".comments[$i].path" review.json)
+              LINE_VAL=$(jq -r ".comments[$i].line" review.json)
+              BODY_VAL=$(jq -r ".comments[$i].body" review.json)
+
+              gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/comments \\
+                --method POST \\
+                -f path="$PATH_VAL" \\
+                -F line="$LINE_VAL" \\
+                -f body="$BODY_VAL" \\
+                -f commit_id="\${{ github.event.pull_request.head.sha }}" 2>/dev/null || true
+            done
+          fi
 
       - name: Post Markdown Review (Fallback)
         if: steps.review.outputs.has_review == 'true' && steps.review.outputs.format == 'markdown'
         env:
           GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
         run: |
-          # Read review content
           REVIEW_BODY=$(cat review.md)
-
-          # Add header and footer
-          FULL_REVIEW="## Code Council Multi-Model Review
+          gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
+            --method POST \\
+            -f body="## Code Council Multi-Model Review
 
           $REVIEW_BODY
 
           ---
-          *Reviewed by [Code Council](https://github.com/klitchevo/code-council) using multiple AI models*"
-
-          # Post as a PR review (not just a comment)
-          gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
-            --method POST \\
-            -f body="$FULL_REVIEW" \\
+          *Reviewed by [Code Council](https://github.com/klitchevo/code-council)*" \\
             -f event="COMMENT"
 `;
 var WORKFLOW_TEMPLATE_SIMPLE = `# Code Council PR Review
@@ -802,6 +977,9 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Fetch base branch
+        run: git fetch origin \${{ github.base_ref }}:\${{ github.base_ref }} || true
+
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
@@ -829,7 +1007,6 @@ jobs:
           GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
         run: |
           REVIEW_BODY=$(cat review.md)
-
           gh api repos/\${{ github.repository }}/pulls/\${{ github.event.pull_request.number }}/reviews \\
             --method POST \\
             -f body="## Code Council Review
@@ -1048,4 +1225,4 @@ export {
   processResult,
   runCli
 };
-//# sourceMappingURL=cli-PHU3RI5B.js.map
+//# sourceMappingURL=cli-ZOWF2WJK.js.map

package/dist/index.js

@@ -18,7 +18,7 @@ import {
   handleGitReview,
   initializeConfig,
   logger
-} from "./chunk-ZDBY7AGR.js";
+} from "./chunk-H4YGXQ7Q.js";
 import "./chunk-AEDZOTVA.js";
 import "./chunk-HVF7WG6A.js";
 import {
@@ -1905,7 +1905,7 @@ ${r.review}
 var args = process.argv.slice(2);
 var command = args[0];
 if (command === "review" || command === "setup") {
-  import("./cli-PHU3RI5B.js").then(async ({ processResult, runCli }) => {
+  import("./cli-ZOWF2WJK.js").then(async ({ processResult, runCli }) => {
     try {
       const result = await runCli(process.argv);
       if (result) {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@klitchevo/code-council",
-	"version": "0.2.3",
+	"version": "0.2.5",
 	"description": "Multi-model AI code review server using OpenRouter - get diverse perspectives from multiple LLMs in parallel",
 	"main": "dist/index.js",
 	"type": "module",
@@ -75,10 +75,12 @@
 		"@openrouter/sdk": "0.3.10",
 		"ignore": "^7.0.5",
 		"jiti": "^2.6.1",
+		"js-yaml": "^4.1.1",
 		"zod": "4.2.1"
 	},
 	"devDependencies": {
 		"@biomejs/biome": "2.3.10",
+		"@types/js-yaml": "^4.0.9",
 		"@types/node": "25.0.3",
 		"@vitest/coverage-v8": "4.0.16",
 		"lefthook": "2.0.12",