@nk070281sjv/cli 2.3.23 → 2.3.25

package/dist/index.js

@@ -30775,7 +30775,7 @@ ${hint}
 }
 
 // src/lib/version.ts
-var CLI_VERSION = true ? "2.3.23" : createRequire(import.meta.url)("../../package.json").version;
+var CLI_VERSION = true ? "2.3.25" : createRequire(import.meta.url)("../../package.json").version;
 
 // src/lib/deps.ts
 init_src();
@@ -38039,14 +38039,15 @@ async function reviewerPrompt(context, reviewer, promptPath, reviewPath, sharedP
     "- Use the review brief as the source of truth for changed files and scope.",
     "- Inspect surrounding source code only when needed to validate a finding.",
     "- Rank by concrete risk: data loss, wrong persisted state, broken public contract, security, production performance, then testability.",
+    "- Persona focus areas are for detecting issues only; this output contract overrides any persona request to propose fixes or broad guidance.",
     "",
     "Output contract:",
     `- Return review markdown through stdout for ${reviewPath}.`,
     "- Return only one fenced ```ocr-json block and no prose outside it.",
-    "- Include maximum 10 findings, sorted by severity and production impact.",
+    "- Include maximum 5 findings, sorted by severity and production impact.",
     "- No introductions, no progress narration, no endpoint tables, no code snippets, no broad summaries.",
     "- Include critical, high, and medium findings. Include low only when it has concrete runtime/user impact. Exclude info/style/theoretical-only items.",
-    "- Do not include fix instructions; aggregation and synthesis will produce fix direction after deduplication and validation.",
+    "- Do not write fix instructions, suggested patches, implementation recipes, or remediation plans.",
     "- Exclude any item that does not have concrete `files` and `evidence`.",
     "- Do not write files directly.",
     "- Do not claim skipped agents ran.",
@@ -38072,7 +38073,8 @@ async function reviewerPrompt(context, reviewer, promptPath, reviewPath, sharedP
     "",
     '- `sev` must be one of: "critical", "high", "medium", "low".',
     '- `confidence` must be one of: "high", "medium", "low".',
-    "- Keep every string under roughly 240 characters.",
+    "- Keep title/claim/impact under roughly 180 characters each.",
+    "- Keep evidence under roughly 260 characters and cite only the strongest code signal.",
     "",
     "Forbidden behavior:",
     `- Do not modify ${promptPath} or ${reviewPath}.`,
@@ -38480,10 +38482,62 @@ async function runReviewerPhase(input) {
     `${reviewer.type}-${reviewer.instance}`,
     reviewer
   ]));
+  const reviewerArtifacts = /* @__PURE__ */ new Map();
   for (const result of sortResults(results, requests)) {
     const reviewer = byId.get(result.id);
     if (!reviewer) continue;
-    await writeRoundArtifact(input.context.roundDir, reviewer.reviewPath, processOutput(result));
+    const validated = normalizeReviewerArtifact(processOutput(result));
+    if (!validated.ok) {
+      const failedResult = { ...result, exitCode: 1 };
+      await writeRoundArtifact(
+        input.context.roundDir,
+        "failure-summary.json",
+        JSON.stringify(
+          {
+            schema_version: 1,
+            phase: "reviews",
+            failed_id: result.id,
+            exit_code: 1,
+            model: requests.find((request) => request.id === result.id)?.model,
+            prompt_path: requests.find((request) => request.id === result.id)?.promptPath,
+            cwd: requests.find((request) => request.id === result.id)?.cwd,
+            diagnostic: {
+              summary: "Reviewer output did not contain a valid compact ocr-json artifact. OCR refused to pass prose, plan-mode text, or malformed JSON into aggregation.",
+              hint: "Inspect the saved reviewer prompt and process log. The reviewer must return exactly one fenced ```ocr-json block with structured findings.",
+              stdout_excerpt: excerpt(processOutput(result))
+            },
+            stderr: result.stderr,
+            stdout_excerpt: excerpt(result.stdout),
+            validation_errors: validated.errors,
+            results: sortResults(
+              results.map((item) => item.id === result.id ? failedResult : item),
+              requests
+            ).map((item) => ({
+              id: item.id,
+              exit_code: item.exitCode
+            }))
+          },
+          null,
+          2
+        )
+      );
+      return {
+        ok: false,
+        failedId: result.id,
+        errors: [
+          `Reviewer ${result.id} produced invalid ocr-json output.`,
+          ...validated.errors
+        ],
+        results: sortResults(
+          results.map((item) => item.id === result.id ? failedResult : item),
+          requests
+        )
+      };
+    }
+    reviewerArtifacts.set(reviewer.reviewPath, validated.artifact);
+  }
+  for (const [reviewPath, artifact] of reviewerArtifacts) {
+    await writeRoundArtifact(input.context.roundDir, reviewPath, artifact);
   }
   return { ok: true, results: sortResults(results, requests) };
 }
@@ -38954,6 +39008,55 @@ function readStartedAt(path2) {
 function processOutput(result) {
   return result.outputText ?? result.stdout;
 }
+function normalizeReviewerArtifact(markdown) {
+  const extracted = extractOcrJsonBlock(markdown);
+  if (!extracted.ok) return extracted;
+  const validationErrors = validateReviewerJson(extracted.value);
+  if (validationErrors.length > 0) return { ok: false, errors: validationErrors };
+  const fence = extractOcrJsonFence(markdown);
+  if (!fence) return { ok: false, errors: ["Expected exactly one fenced ```ocr-json block."] };
+  return { ok: true, artifact: `${fence}
+` };
+}
+function validateReviewerJson(value) {
+  const errors = [];
+  if (!isRecord2(value)) {
+    return ["Reviewer ocr-json must be an object."];
+  }
+  if (!Array.isArray(value.findings)) {
+    errors.push("Reviewer ocr-json findings must be an array.");
+    return errors;
+  }
+  if (value.findings.length > 5) {
+    errors.push("Reviewer ocr-json findings must contain at most 5 items.");
+  }
+  value.findings.forEach((finding, index) => {
+    if (!isRecord2(finding)) {
+      errors.push(`findings[${index}] must be an object.`);
+      return;
+    }
+    for (const field of ["sev", "title", "claim", "evidence", "impact", "confidence"]) {
+      if (typeof finding[field] !== "string" || !finding[field].trim()) {
+        errors.push(`findings[${index}].${field} must be a non-empty string.`);
+      }
+    }
+    if (!["critical", "high", "medium", "low"].includes(String(finding.sev))) {
+      errors.push(`findings[${index}].sev must be one of critical, high, medium, low.`);
+    }
+    if (!["high", "medium", "low"].includes(String(finding.confidence))) {
+      errors.push(`findings[${index}].confidence must be one of high, medium, low.`);
+    }
+    if (!Array.isArray(finding.files) || finding.files.length === 0) {
+      errors.push(`findings[${index}].files must be a non-empty array.`);
+    } else if (finding.files.some((file) => typeof file !== "string" || !file.trim())) {
+      errors.push(`findings[${index}].files must contain only non-empty strings.`);
+    }
+    if ("fix" in finding) {
+      errors.push(`findings[${index}].fix is not allowed in reviewer output.`);
+    }
+  });
+  return errors;
+}
 function normalizeProcessResult(result) {
   if (!hasOpenCodeLengthFinish(result.ndjsonEvents)) return result;
   return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nk070281sjv/cli",
-  "version": "2.3.23",
+  "version": "2.3.25",
   "description": "CLI for Open Code Review - Multi-environment setup and progress tracking",
   "type": "module",
   "bin": {
@@ -37,7 +37,7 @@
   },
   "dependencies": {
     "@inquirer/prompts": "^7.2.0",
-    "@nk070281sjv/agents": "2.3.23",
+    "@nk070281sjv/agents": "2.3.25",
     "chalk": "^5.4.1",
     "chokidar": "^4.0.3",
     "commander": "^13.0.0",