@kodrunhq/opencode-autopilot 0.1.0

package/src/review/memory.ts

@@ -0,0 +1,114 @@
+/**
+ * Per-project review memory persistence.
+ *
+ * Stores recent findings and false positives at
+ * {projectRoot}/.opencode-autopilot/review-memory.json
+ *
+ * Memory is pruned on load to cap storage and remove stale entries.
+ * All writes are atomic (tmp file + rename) to prevent corruption.
+ */
+
+import { readFile, rename, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { ensureDir, isEnoentError } from "../utils/fs-helpers";
+import { reviewMemorySchema } from "./schemas";
+import type { ReviewMemory } from "./types";
+
+export type { ReviewMemory };
+
+const MEMORY_FILE = "review-memory.json";
+const MAX_FINDINGS = 100;
+const MAX_FALSE_POSITIVES = 50;
+const THIRTY_DAYS_MS = 30 * 24 * 60 * 60 * 1000;
+
+/**
+ * Create a valid empty memory object.
+ */
+export function createEmptyMemory(): ReviewMemory {
+	return reviewMemorySchema.parse({
+		schemaVersion: 1,
+		projectProfile: { stacks: [], lastDetectedAt: "" },
+		recentFindings: [],
+		falsePositives: [],
+		lastReviewedAt: null,
+	});
+}
+
+/**
+ * Load review memory from disk.
+ * Returns null if file doesn't exist (first run).
+ * Returns null on malformed JSON (SyntaxError) or invalid schema (ZodError)
+ * to allow recovery rather than crashing the pipeline.
+ * Prunes on load to cap storage.
+ */
+export async function loadReviewMemory(projectRoot: string): Promise<ReviewMemory | null> {
+	const memoryPath = join(projectRoot, ".opencode-autopilot", MEMORY_FILE);
+	try {
+		const raw = await readFile(memoryPath, "utf-8");
+		const parsed = JSON.parse(raw);
+		const validated = reviewMemorySchema.parse(parsed);
+		return pruneMemory(validated);
+	} catch (error: unknown) {
+		if (isEnoentError(error)) {
+			return null;
+		}
+		// Recover from malformed JSON or schema violations instead of crashing
+		if (
+			error instanceof SyntaxError ||
+			(error !== null && typeof error === "object" && "issues" in error)
+		) {
+			return null;
+		}
+		throw error;
+	}
+}
+
+/**
+ * Save review memory to disk with atomic write.
+ * Validates through schema before writing (bidirectional validation).
+ * Uses tmp file + rename to prevent corruption.
+ */
+export async function saveReviewMemory(memory: ReviewMemory, projectRoot: string): Promise<void> {
+	const validated = reviewMemorySchema.parse(memory);
+	const dir = join(projectRoot, ".opencode-autopilot");
+	await ensureDir(dir);
+	const memoryPath = join(dir, MEMORY_FILE);
+	const tmpPath = `${memoryPath}.tmp.${Date.now()}`;
+	await writeFile(tmpPath, JSON.stringify(validated, null, 2), "utf-8");
+	await rename(tmpPath, memoryPath);
+}
+
+/**
+ * Prune memory to cap storage and remove stale entries.
+ * Pure function -- returns new frozen object, never mutates.
+ *
+ * - recentFindings: cap at 100 (keep newest -- later entries are newer)
+ * - falsePositives: cap at 50 (keep newest by markedAt date)
+ * - falsePositives: remove entries older than 30 days
+ */
+export function pruneMemory(memory: ReviewMemory): ReviewMemory {
+	const now = Date.now();
+
+	// Prune false positives older than 30 days first, then cap
+	const freshFalsePositives = memory.falsePositives.filter(
+		(fp) => now - new Date(fp.markedAt).getTime() < THIRTY_DAYS_MS,
+	);
+
+	// Sort by markedAt descending (newest first) then take the first MAX
+	const sortedFP = [...freshFalsePositives].sort(
+		(a, b) => new Date(b.markedAt).getTime() - new Date(a.markedAt).getTime(),
+	);
+	const cappedFP = sortedFP.slice(0, MAX_FALSE_POSITIVES);
+
+	// Cap recentFindings (later entries are newer, keep the tail)
+	const cappedFindings =
+		memory.recentFindings.length > MAX_FINDINGS
+			? memory.recentFindings.slice(memory.recentFindings.length - MAX_FINDINGS)
+			: [...memory.recentFindings];
+
+	return Object.freeze({
+		...memory,
+		recentFindings: [...cappedFindings],
+		falsePositives: [...cappedFP],
+	});
+}

package/src/review/pipeline.ts

@@ -0,0 +1,258 @@
+/**
+ * Review pipeline state machine.
+ *
+ * 4-stage flow:
+ *   Stage 1: Dispatch specialist agents with diff
+ *   Stage 2: Cross-verification (agents review each other's findings)
+ *   Stage 3: Red-team + product-thinker with all accumulated findings
+ *   Stage 4: Final report (or fix cycle if CRITICAL findings with actionable fixes)
+ *
+ * The pipeline returns dispatch instructions -- it does NOT dispatch agents itself.
+ * The orchestrator is responsible for sending prompts to agents and collecting results.
+ */
+
+import { ALL_REVIEW_AGENTS, STAGE3_AGENTS } from "./agents/index";
+import { buildCrossVerificationPrompts, condenseFinding } from "./cross-verification";
+
+/** Derived set of stage-3 agent names — avoids hardcoding names in pipeline logic. */
+const STAGE3_NAMES: ReadonlySet<string> = new Set(STAGE3_AGENTS.map((a) => a.name));
+
+import { buildFixInstructions, determineFixableFindings } from "./fix-cycle";
+import { buildReport } from "./report";
+import { reviewFindingSchema } from "./schemas";
+import type { ReviewFinding, ReviewReport, ReviewState } from "./types";
+
+export type { ReviewState };
+
+import { sanitizeTemplateContent } from "./sanitize";
+
+/** Result of a pipeline step -- either dispatch more agents or return the final report. */
+export interface ReviewStageResult {
+	readonly action: "dispatch" | "complete" | "error";
+	readonly stage?: number;
+	readonly agents?: readonly { readonly name: string; readonly prompt: string }[];
+	readonly report?: ReviewReport;
+	readonly message?: string;
+	readonly state?: ReviewState;
+}
+
+/**
+ * Parse findings from raw LLM output (which may contain markdown, prose, code blocks).
+ *
+ * Handles:
+ * - {"findings": [...]} wrapper
+ * - Raw array [{...}, ...]
+ * - JSON embedded in markdown code blocks
+ * - Prose with embedded JSON
+ *
+ * Sets agent field to agentName if missing from individual findings.
+ * Validates each finding through reviewFindingSchema, discards invalid ones.
+ */
+export function parseAgentFindings(raw: string, agentName: string): readonly ReviewFinding[] {
+	const findings: ReviewFinding[] = [];
+
+	// Try to extract JSON from the raw text
+	const jsonStr = extractJson(raw);
+	if (jsonStr === null) return Object.freeze(findings);
+
+	try {
+		const parsed = JSON.parse(jsonStr);
+		const items = Array.isArray(parsed) ? parsed : parsed?.findings;
+
+		if (!Array.isArray(items)) return Object.freeze(findings);
+
+		for (const item of items) {
+			// Set agent field if missing
+			const withAgent = item.agent ? item : { ...item, agent: agentName };
+			const result = reviewFindingSchema.safeParse(withAgent);
+			if (result.success) {
+				findings.push(result.data);
+			}
+		}
+	} catch {
+		// JSON parse failed -- return empty
+	}
+
+	return Object.freeze(findings);
+}
+
+/**
+ * Extract the first JSON object or array from raw text.
+ * Looks for:
+ * 1. JSON inside markdown code blocks
+ * 2. {"findings": ...} pattern
+ * 3. Raw array [{...}]
+ */
+function extractJson(raw: string): string | null {
+	// Try markdown code block extraction first
+	const codeBlockMatch = raw.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
+	if (codeBlockMatch) {
+		return codeBlockMatch[1].trim();
+	}
+
+	// Try to find {"findings": ...} or [{...}]
+	const objectStart = raw.indexOf("{");
+	const arrayStart = raw.indexOf("[");
+
+	if (objectStart === -1 && arrayStart === -1) return null;
+
+	// Pick whichever comes first
+	const start =
+		objectStart === -1
+			? arrayStart
+			: arrayStart === -1
+				? objectStart
+				: Math.min(objectStart, arrayStart);
+
+	// Find matching close bracket (string-literal-aware depth tracking)
+	let depth = 0;
+	let inString = false;
+	let escaped = false;
+	for (let i = start; i < raw.length; i++) {
+		const ch = raw[i];
+		if (escaped) {
+			escaped = false;
+			continue;
+		}
+		if (ch === "\\" && inString) {
+			escaped = true;
+			continue;
+		}
+		if (ch === '"') {
+			inString = !inString;
+			continue;
+		}
+		if (inString) continue;
+		if (ch === "{" || ch === "[") depth++;
+		if (ch === "}" || ch === "]") depth--;
+		if (depth === 0) {
+			return raw.slice(start, i + 1);
+		}
+	}
+
+	return null;
+}
+
+/**
+ * Advance the pipeline from the current stage to the next.
+ *
+ * @param findingsJson - Raw JSON string of findings from the current stage's agents
+ * @param currentState - Current pipeline state
+ * @returns Next stage's dispatch instructions or final report
+ */
+export function advancePipeline(
+	findingsJson: string,
+	currentState: ReviewState,
+	agentName = "unknown",
+): ReviewStageResult {
+	// Parse new findings
+	const newFindings = parseAgentFindings(findingsJson, agentName);
+	const accumulated = [...currentState.accumulatedFindings, ...newFindings];
+
+	const nextStage = currentState.stage + 1;
+
+	switch (currentState.stage) {
+		case 1: {
+			// Stage 1 -> 2: Build cross-verification prompts from all selected agents (excluding stage 3)
+			const agents = ALL_REVIEW_AGENTS.filter(
+				(a) => currentState.selectedAgentNames.includes(a.name) && !STAGE3_NAMES.has(a.name),
+			);
+			const findingsByAgent = groupFindingsByAgent(accumulated);
+			const sanitizedScope = sanitizeTemplateContent(currentState.scope);
+			const prompts = buildCrossVerificationPrompts(agents, findingsByAgent, sanitizedScope);
+			const newState: ReviewState = {
+				...currentState,
+				stage: nextStage,
+				accumulatedFindings: accumulated,
+			};
+			return Object.freeze({
+				action: "dispatch" as const,
+				stage: nextStage,
+				agents: prompts,
+				state: newState,
+			});
+		}
+
+		case 2: {
+			// Stage 2 -> 3: Build red-team + product-thinker prompts
+			const condensed = sanitizeTemplateContent(accumulated.map(condenseFinding).join("\n"));
+			const sanitizedScope2 = sanitizeTemplateContent(currentState.scope);
+			const stage3Prompts = STAGE3_AGENTS.map((agent) => ({
+				name: agent.name,
+				prompt: agent.prompt
+					.replace("{{DIFF}}", sanitizedScope2)
+					.replace("{{PRIOR_FINDINGS}}", condensed)
+					.replace("{{MEMORY}}", ""),
+			}));
+			const newState: ReviewState = {
+				...currentState,
+				stage: nextStage,
+				accumulatedFindings: accumulated,
+			};
+			return Object.freeze({
+				action: "dispatch" as const,
+				stage: nextStage,
+				agents: Object.freeze(stage3Prompts.map((p) => Object.freeze(p))),
+				state: newState,
+			});
+		}
+
+		case 3: {
+			// Stage 3 -> 4 or complete: Check for actionable CRITICAL fixes
+			const fixResult = determineFixableFindings(accumulated);
+			if (fixResult.fixable.length > 0) {
+				// Build fix-cycle prompts for agents whose findings are fixable
+				const allAgents = ALL_REVIEW_AGENTS.filter(
+					(a) => currentState.selectedAgentNames.includes(a.name) || STAGE3_NAMES.has(a.name),
+				);
+				const sanitizedScope3 = sanitizeTemplateContent(currentState.scope);
+				const fixAgents = buildFixInstructions(fixResult.fixable, allAgents, sanitizedScope3);
+				const newState: ReviewState = {
+					...currentState,
+					stage: nextStage,
+					accumulatedFindings: accumulated,
+				};
+				return Object.freeze({
+					action: "dispatch" as const,
+					stage: nextStage,
+					message: "Fix cycle: CRITICAL findings with actionable suggestions detected.",
+					agents: Object.freeze(fixAgents),
+					state: newState,
+				});
+			}
+			// No fix cycle needed -- complete
+			const report = buildReport(accumulated, currentState.scope, currentState.selectedAgentNames);
+			return Object.freeze({ action: "complete" as const, report });
+		}
+
+		case 4: {
+			// Stage 4 -> complete: Build final report with all findings
+			const report = buildReport(accumulated, currentState.scope, currentState.selectedAgentNames);
+			return Object.freeze({ action: "complete" as const, report });
+		}
+
+		default:
+			return Object.freeze({
+				action: "error" as const,
+				message: `Unknown stage: ${currentState.stage}`,
+			});
+	}
+}
+
+/**
+ * Group findings by agent name.
+ */
+function groupFindingsByAgent(
+	findings: readonly ReviewFinding[],
+): ReadonlyMap<string, readonly ReviewFinding[]> {
+	const grouped = new Map<string, ReviewFinding[]>();
+	for (const f of findings) {
+		const group = grouped.get(f.agent);
+		if (group) {
+			group.push(f);
+		} else {
+			grouped.set(f.agent, [f]);
+		}
+	}
+	return grouped;
+}

package/src/review/report.ts

@@ -0,0 +1,141 @@
+/**
+ * Report builder for the review engine.
+ *
+ * Aggregates findings into a structured, deduplicated, severity-sorted report.
+ * Groups findings by file, sorts by severity within each group, and computes
+ * summary counts and verdict.
+ */
+
+import { reviewReportSchema } from "./schemas";
+import { compareSeverity } from "./severity";
+import type { ReviewFinding, ReviewReport, Severity, Verdict } from "./types";
+
+export const SEVERITY_ORDER = Object.freeze({
+	CRITICAL: 0,
+	HIGH: 1,
+	MEDIUM: 2,
+	LOW: 3,
+} as const);
+
+/**
+ * Deduplicate findings by agent:file:line key.
+ * On collision (same agent, file, line), keeps the higher severity version.
+ * Returns a new array (no mutation).
+ */
+export function deduplicateFindings(findings: readonly ReviewFinding[]): readonly ReviewFinding[] {
+	const deduped = new Map<string, ReviewFinding>();
+
+	for (const finding of findings) {
+		const key = `${finding.agent}:${finding.file}:${finding.line ?? 0}`;
+		const existing = deduped.get(key);
+
+		if (existing === undefined) {
+			deduped.set(key, finding);
+		} else {
+			// compareSeverity returns negative if first arg is higher severity
+			if (compareSeverity(finding.severity, existing.severity) < 0) {
+				deduped.set(key, finding);
+			}
+		}
+	}
+
+	return [...deduped.values()];
+}
+
+/**
+ * Determine the verdict based on findings.
+ */
+function determineVerdict(findings: readonly ReviewFinding[]): Verdict {
+	if (findings.length === 0) return "CLEAN";
+
+	const hasCritical = findings.some((f) => f.severity === "CRITICAL");
+	if (hasCritical) return "BLOCKED";
+
+	const hasHigh = findings.some((f) => f.severity === "HIGH");
+	if (hasHigh) return "CONCERNS";
+
+	const hasMedium = findings.some((f) => f.severity === "MEDIUM");
+	if (hasMedium) return "CONCERNS";
+
+	return "APPROVED";
+}
+
+/**
+ * Build a summary string with severity counts.
+ */
+function buildSummary(findings: readonly ReviewFinding[]): string {
+	const counts: Record<Severity, number> = { CRITICAL: 0, HIGH: 0, MEDIUM: 0, LOW: 0 };
+	for (const f of findings) {
+		counts[f.severity] += 1;
+	}
+
+	const total = findings.length;
+	if (total === 0) return "No findings. Code looks clean.";
+
+	const parts: string[] = [];
+	if (counts.CRITICAL > 0) parts.push(`${counts.CRITICAL} CRITICAL`);
+	if (counts.HIGH > 0) parts.push(`${counts.HIGH} HIGH`);
+	if (counts.MEDIUM > 0) parts.push(`${counts.MEDIUM} MEDIUM`);
+	if (counts.LOW > 0) parts.push(`${counts.LOW} LOW`);
+
+	return `${total} findings: ${parts.join(", ")}.`;
+}
+
+/**
+ * Build a structured review report from findings.
+ *
+ * 1. Deduplicates findings
+ * 2. Groups by file, sorts by severity within each file (CRITICAL first)
+ * 3. Computes summary counts and verdict
+ * 4. Validates through reviewReportSchema
+ * 5. Returns frozen report
+ */
+export function buildReport(
+	findings: readonly ReviewFinding[],
+	scope: string,
+	agentsRan: readonly string[],
+): ReviewReport {
+	// 1. Deduplicate
+	const deduped = deduplicateFindings(findings);
+
+	// 2. Group by file, sort by severity within each file
+	const byFile = new Map<string, ReviewFinding[]>();
+	for (const f of deduped) {
+		const group = byFile.get(f.file);
+		if (group) {
+			group.push(f);
+		} else {
+			byFile.set(f.file, [f]);
+		}
+	}
+
+	// Sort within each file group, then flatten
+	const sorted: ReviewFinding[] = [];
+	const sortedFileKeys = [...byFile.keys()].sort();
+	for (const file of sortedFileKeys) {
+		const group = byFile.get(file);
+		if (group) {
+			group.sort((a, b) => compareSeverity(a.severity, b.severity));
+			sorted.push(...group);
+		}
+	}
+
+	// 3. Compute verdict and summary
+	const verdict = determineVerdict(sorted);
+	const summary = buildSummary(sorted);
+
+	// 4. Validate through schema
+	const report = reviewReportSchema.parse({
+		verdict,
+		findings: sorted,
+		agentResults: [],
+		scope,
+		agentsRan: [...agentsRan],
+		totalDurationMs: 0,
+		completedAt: new Date().toISOString(),
+		summary,
+	});
+
+	// 5. Return frozen
+	return Object.freeze(report);
+}

package/src/review/sanitize.ts

@@ -0,0 +1,8 @@
+/**
+ * Strip {{PLACEHOLDER}} tokens from untrusted content before template substitution.
+ * Prevents template injection where diff content or prior findings could contain
+ * {{PRIOR_FINDINGS}} or similar tokens that get substituted in a subsequent .replace() call.
+ */
+export function sanitizeTemplateContent(content: string): string {
+	return content.replace(/\{\{[A-Z_]+\}\}/g, "[REDACTED]");
+}

package/src/review/schemas.ts

@@ -0,0 +1,75 @@
+import { z } from "zod";
+
+export const SEVERITIES = Object.freeze(["CRITICAL", "HIGH", "MEDIUM", "LOW"] as const);
+
+export const VERDICTS = Object.freeze(["CLEAN", "APPROVED", "CONCERNS", "BLOCKED"] as const);
+
+export const severitySchema = z.enum(SEVERITIES);
+
+export const verdictSchema = z.enum(VERDICTS);
+
+export const reviewFindingSchema = z.object({
+	severity: severitySchema,
+	domain: z.string().max(128),
+	title: z.string().max(512),
+	file: z.string().max(512),
+	line: z.number().int().positive().optional(),
+	agent: z.string().max(128),
+	source: z.enum(["phase1", "cross-verification", "product-review", "red-team"]),
+	evidence: z.string().max(4096),
+	problem: z.string().max(2048),
+	fix: z.string().max(2048),
+});
+
+export const agentResultSchema = z.object({
+	agent: z.string().max(128),
+	category: z.enum(["core", "parallel", "sequenced"]),
+	findings: z.array(reviewFindingSchema).max(500).default([]),
+	durationMs: z.number(),
+	completedAt: z.string().max(128),
+});
+
+export const reviewReportSchema = z.object({
+	verdict: verdictSchema,
+	findings: z.array(reviewFindingSchema).max(500),
+	agentResults: z.array(agentResultSchema).max(500),
+	scope: z.string().max(128).default("unknown"),
+	agentsRan: z.array(z.string().max(128)).max(32).default([]),
+	totalDurationMs: z.number(),
+	completedAt: z.string().max(128),
+	summary: z.string().max(4096),
+});
+
+export const falsePositiveSchema = z.object({
+	finding: reviewFindingSchema,
+	reason: z.string().max(1024),
+	markedAt: z.string().max(128),
+});
+
+export const reviewMemorySchema = z.object({
+	schemaVersion: z.literal(1),
+	projectProfile: z.object({
+		stacks: z.array(z.string().max(128)).max(32),
+		lastDetectedAt: z.string().max(128),
+	}),
+	recentFindings: z.array(reviewFindingSchema).max(100),
+	falsePositives: z.array(falsePositiveSchema).max(50),
+	lastReviewedAt: z.string().max(128).nullable(),
+});
+
+export const reviewStateSchema = z.object({
+	stage: z.number().int().min(1).max(5),
+	selectedAgentNames: z.array(z.string().max(128)).max(32),
+	accumulatedFindings: z.array(reviewFindingSchema).max(500),
+	scope: z.string().max(4096),
+	startedAt: z.string().max(128),
+});
+
+export const reviewConfigSchema = z.object({
+	parallel: z.boolean().default(true),
+	maxFixAttempts: z.number().int().min(0).max(10).default(3),
+	severityThreshold: severitySchema.default("MEDIUM"),
+	enableCrossVerification: z.boolean().default(true),
+	enableRedTeam: z.boolean().default(true),
+	enableProductReview: z.boolean().default(true),
+});

package/src/review/selection.ts

@@ -0,0 +1,98 @@
+/**
+ * Two-pass deterministic agent selection for the review pipeline.
+ *
+ * Pass 1: Stack gate -- agents with empty relevantStacks always pass;
+ *         agents with non-empty relevantStacks require at least one match.
+ * Pass 2: Diff relevance scoring -- currently used for future ordering,
+ *         all stack-passing agents run regardless of score.
+ */
+
+/** Minimal agent shape needed for selection (compatible with ReviewAgent from agents/). */
+interface SelectableAgent {
+	readonly name: string;
+	readonly prompt: string;
+	readonly relevantStacks: readonly string[];
+	readonly [key: string]: unknown;
+}
+
+/** Analysis of changed files (simplified DiffAnalysis). */
+export interface DiffAnalysisInput {
+	readonly hasTests: boolean;
+	readonly hasAuth: boolean;
+	readonly hasConfig: boolean;
+	readonly fileCount: number;
+}
+
+export interface SelectionResult {
+	readonly selected: readonly SelectableAgent[];
+	readonly excluded: readonly { readonly agent: string; readonly reason: string }[];
+}
+
+/**
+ * Deterministic two-pass agent selection.
+ *
+ * @param detectedStacks - Stack tags detected in the project (e.g., ["node", "typescript"])
+ * @param diffAnalysis - Analysis of changed files
+ * @param agents - All candidate agents
+ * @returns Frozen SelectionResult with selected and excluded lists
+ */
+export function selectAgents(
+	detectedStacks: readonly string[],
+	diffAnalysis: DiffAnalysisInput,
+	agents: readonly SelectableAgent[],
+): SelectionResult {
+	const stackSet = new Set(detectedStacks);
+	const selected: SelectableAgent[] = [];
+	const excluded: { readonly agent: string; readonly reason: string }[] = [];
+
+	for (const agent of agents) {
+		// Pass 1: Stack gate
+		if (agent.relevantStacks.length === 0) {
+			// Universal agent -- always passes
+			selected.push(agent);
+		} else if (agent.relevantStacks.some((s) => stackSet.has(s))) {
+			// Gated agent with at least one matching stack
+			selected.push(agent);
+		} else {
+			// Gated agent with no matching stack
+			const stackList = detectedStacks.length > 0 ? detectedStacks.join(", ") : "none";
+			excluded.push(
+				Object.freeze({
+					agent: agent.name,
+					reason: `Stack gate: ${agent.relevantStacks.join(", ")} not in [${stackList}]`,
+				}),
+			);
+		}
+	}
+
+	// Pass 2: Compute relevance scores (stored for future ordering, no filtering)
+	// Scores are intentionally not used for filtering yet
+	for (const agent of selected) {
+		computeDiffRelevance(agent, diffAnalysis);
+	}
+
+	return Object.freeze({
+		selected: Object.freeze(selected),
+		excluded: Object.freeze(excluded),
+	});
+}
+
+/**
+ * Compute diff-based relevance score for an agent.
+ * Base score of 1.0 with bonuses for specific agent-analysis matches.
+ * Used for future prioritization/ordering, not for filtering.
+ */
+export function computeDiffRelevance(agent: SelectableAgent, analysis: DiffAnalysisInput): number {
+	let score = 1.0;
+
+	if (agent.name === "security-auditor") {
+		if (analysis.hasAuth) score += 0.5;
+		if (analysis.hasConfig) score += 0.3;
+	}
+
+	if (agent.name === "test-interrogator") {
+		if (!analysis.hasTests) score += 0.5;
+	}
+
+	return score;
+}