@nomad-e/bluma-cli 0.1.75 → 0.1.76

package/dist/main.js

@@ -299,21 +299,22 @@ function assessCommandSafety(command, policy = getSandboxPolicy()) {
       return { allowed: false, risk: "blocked", reason: entry.reason };
     }
   }
+  const skipConfirmation = ruleDecision === "allow";
   if (HIGH_RISK_COMMAND_PATTERNS.some((pattern) => pattern.test(trimmed))) {
     return {
       allowed: true,
       risk: policy.isSandbox ? "high" : "high",
-      reason: policy.isSandbox ? "High-risk command allowed inside the workspace sandbox." : "High-risk command requires explicit approval outside sandbox mode."
+      reason: skipConfirmation ? "Command allowed by permission rules engine." : policy.isSandbox ? "High-risk command allowed inside the workspace sandbox." : "High-risk command requires explicit approval outside sandbox mode."
     };
   }
   if (MODERATE_RISK_COMMAND_PATTERNS.some((pattern) => pattern.test(trimmed))) {
     return {
       allowed: true,
       risk: "moderate",
-      reason: policy.isSandbox ? "Workspace mutation command allowed inside the sandbox." : "Workspace mutation command requires confirmation outside sandbox mode."
+      reason: skipConfirmation ? "Command allowed by permission rules engine." : policy.isSandbox ? "Workspace mutation command allowed inside the sandbox." : "Workspace mutation command requires confirmation outside sandbox mode."
     };
   }
-  if (ruleDecision === "allow") {
+  if (skipConfirmation) {
     return { allowed: true, risk: "safe", reason: "Command allowed by permission rules engine." };
   }
   return { allowed: true, risk: "safe" };
@@ -327,7 +328,7 @@ var init_sandbox_policy = __esm({
     BLOCKED_COMMAND_PATTERNS = [
       { pattern: /\bsudo\b/, reason: "Privilege escalation is not allowed." },
       { pattern: /\bsu\b\s/, reason: "User switching is not allowed." },
-      { pattern: /rm\s+-rf\s+\/\s*$/, reason: "Deleting root filesystem is blocked." },
+      { pattern: /\brm\s+-rf\s+\/(?:\s*(?:$|[;&|]))/, reason: "Deleting root filesystem is blocked." },
       { pattern: /\bcurl\b.*\|\s*(bash|sh|zsh)/i, reason: "Pipe-to-shell execution is blocked." },
       { pattern: /\bwget\b.*\|\s*(bash|sh|zsh)/i, reason: "Pipe-to-shell execution is blocked." },
       { pattern: /\beval\b\s*\(/, reason: "Eval execution is blocked." },
@@ -2367,7 +2368,7 @@ var getSlashCommands = () => [
   },
   {
     name: "/review",
-    description: "review coordinator \u2014 spawn specialized QA reviewers in parallel (security, logic, perf, quality, tests, architecture)",
+    description: "review changes directly or use /review mason for parallel specialist reviewers (slower, deeper)",
     category: "agent"
   },
   {
@@ -4770,8 +4771,12 @@ var renderAskUserQuestion = ({ args }) => {
   const parsed = parseArgs(args);
   const qs = Array.isArray(parsed.questions) ? parsed.questions : [];
   const q0 = qs[0];
-  const qtext = typeof q0?.question === "string" ? truncate2(q0.question, 100) : "(question)";
-  return /* @__PURE__ */ jsx8(Box8, { flexDirection: "column", children: /* @__PURE__ */ jsx8(Text8, { dimColor: true, wrap: "wrap", children: qtext }) });
+  const options = Array.isArray(q0?.options) ? q0.options.length : 0;
+  return /* @__PURE__ */ jsx8(Box8, { flexDirection: "column", children: /* @__PURE__ */ jsxs8(Text8, { dimColor: true, wrap: "wrap", children: [
+    "Awaiting user answer",
+    qs.length > 0 ? ` \xB7 ${qs.length} question${qs.length === 1 ? "" : "s"}` : "",
+    options > 0 ? ` \xB7 ${options} option${options === 1 ? "" : "s"}` : ""
+  ] }) });
 };
 var renderPlanMode = ({ args }) => {
   const parsed = parseArgs(args);
@@ -14739,6 +14744,46 @@ Next steps: ${anchor.nextSteps}`;
 }
 
 // src/app/agent/core/context-api/context_manager.ts
+function isValidJsonArguments(value) {
+  if (typeof value !== "string") return false;
+  try {
+    JSON.parse(value);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function sanitizeConversationForProvider(conversationHistory) {
+  const cleaned = [];
+  const issues = [];
+  let droppingCorruptTurn = false;
+  for (let index = 0; index < conversationHistory.length; index += 1) {
+    const msg = conversationHistory[index];
+    if (droppingCorruptTurn) {
+      if (msg?.role === "assistant") {
+        continue;
+      }
+      droppingCorruptTurn = false;
+    }
+    const toolCalls = Array.isArray(msg?.tool_calls) ? msg.tool_calls : null;
+    if (msg?.role === "assistant" && toolCalls && toolCalls.length > 0) {
+      const invalidCalls = toolCalls.filter(
+        (call) => !isValidJsonArguments(call?.function?.arguments)
+      );
+      if (invalidCalls.length > 0) {
+        issues.push({
+          index,
+          reason: "assistant tool_calls had invalid JSON arguments",
+          toolNames: invalidCalls.map((call) => String(call?.function?.name ?? "unknown"))
+        });
+        droppingCorruptTurn = true;
+        continue;
+      }
+    }
+    cleaned.push(conversationHistory[index]);
+  }
+  return { messages: cleaned, issues };
+}
 function partitionConversationIntoTurnSlices(conversationHistory) {
   const turns = [];
   let current = [];
@@ -14774,13 +14819,15 @@ async function createApiContextWindow(fullHistory, currentAnchor, compressedTurn
   const tokenBudget = options?.tokenBudget ?? CONTEXT_TOKEN_BUDGET;
   const compressThreshold = options?.compressThreshold ?? COMPRESS_THRESHOLD;
   const keepRecentTurns = options?.keepRecentTurns ?? KEEP_RECENT_TURNS;
+  const sanitized = sanitizeConversationForProvider(fullHistory);
+  const safeHistory = sanitized.messages;
   const systemMessages = [];
   let historyStartIndex = 0;
-  while (historyStartIndex < fullHistory.length && fullHistory[historyStartIndex].role === "system") {
-    systemMessages.push(fullHistory[historyStartIndex]);
+  while (historyStartIndex < safeHistory.length && safeHistory[historyStartIndex].role === "system") {
+    systemMessages.push(safeHistory[historyStartIndex]);
     historyStartIndex++;
   }
-  const conversationHistory = fullHistory.slice(historyStartIndex);
+  const conversationHistory = safeHistory.slice(historyStartIndex);
   const turnSlices = partitionConversationIntoTurnSlices(conversationHistory);
   const n = turnSlices.length;
   const recentStart = Math.max(0, n - keepRecentTurns);
@@ -15094,8 +15141,9 @@ function formatLlmUiError(error) {
   }
   return {
     message: message2,
-    details: rawMessage,
-    hint
+    details: "See server logs for technical details.",
+    hint,
+    rawMessage
   };
 }
 
@@ -15254,7 +15302,15 @@ var ToolCallNormalizer = class {
    * Valida se um tool call normalizado é válido
    */
   static isValidToolCall(call) {
-    return !!(call.id && call.type === "function" && call.function?.name && typeof call.function.arguments === "string");
+    if (!(call.id && call.type === "function" && call.function?.name && typeof call.function.arguments === "string")) {
+      return false;
+    }
+    try {
+      JSON.parse(call.function.arguments);
+      return true;
+    } catch {
+      return false;
+    }
   }
 };
 
@@ -15538,7 +15594,8 @@ function buildTurnStartBackendMessage(params) {
 }
 
 // src/app/agent/bluma/core/bluma.ts
-var BluMaAgent = class {
+var BluMaAgent = class _BluMaAgent {
+  static MAX_INVALID_TOOL_CALL_RETRIES = 3;
   llm;
   sessionId;
   sessionFile = "";
@@ -15557,6 +15614,8 @@ var BluMaAgent = class {
   factorRouterTurnClosed = false;
   /** Passos seguidos sem tool_calls nem texto visível (só raciocínio) — evita loop lento no mesmo turno. */
   emptyAssistantReplySteps = 0;
+  /** Reintentos consecutivos por tool call inválido. */
+  invalidToolCallRetrySteps = 0;
   /** Deduplicação de reasoning chunks no streaming — evita repetição. */
   lastReasoningChunkRef = "";
   constructor(sessionId, eventBus, llm, mcpClient, feedbackSystem) {
@@ -15601,6 +15660,33 @@ var BluMaAgent = class {
     if (!this.sessionFile) return;
     void saveSessionHistory(this.sessionFile, this.history, this.getMemorySnapshot());
   }
+  async handleInvalidToolCallRetry(message2) {
+    this.invalidToolCallRetrySteps += 1;
+    if (this.history[this.history.length - 1] === message2) {
+      this.history.pop();
+    }
+    if (this.invalidToolCallRetrySteps >= _BluMaAgent.MAX_INVALID_TOOL_CALL_RETRIES) {
+      this.eventBus.emit("backend_message", {
+        type: "error",
+        message: "The model kept returning invalid tool calls. Closing the turn to avoid a retry loop."
+      });
+      this.eventBus.emit("backend_message", {
+        type: "log",
+        message: "Invalid tool call retry limit reached",
+        payload: String(this.invalidToolCallRetrySteps)
+      });
+      await this.notifyFactorTurnEndIfNeeded("invalid_tool_calls_exhausted");
+      this.eventBus.emit("backend_message", { type: "done", status: "failed" });
+      this.invalidToolCallRetrySteps = 0;
+      return;
+    }
+    this.history.push({
+      role: "system",
+      content: "Previous assistant tool_calls were invalid. Retry with valid JSON arguments only, or answer without tools."
+    });
+    this.persistSession();
+    await this._continueConversation();
+  }
   async initialize() {
     await this.mcpClient.nativeToolInvoker.initialize();
     await this.mcpClient.initialize();
@@ -15709,6 +15795,7 @@ var BluMaAgent = class {
     const userContent = buildUserMessageContent(inputText, process.cwd());
     this.history.push({ role: "user", content: userContent });
     this.emptyAssistantReplySteps = 0;
+    this.invalidToolCallRetrySteps = 0;
     this.eventBus.emit(
       "backend_message",
       buildTurnStartBackendMessage({
@@ -16145,6 +16232,11 @@ ${editData.error.display}`;
           message: `Received follow-up from coordinator (priority: ${mailboxUpdate.followUp.priority})`
         });
       }
+      const sanitized = sanitizeConversationForProvider(this.history);
+      if (sanitized.issues.length > 0) {
+        this.history = sanitized.messages;
+        this.persistSession();
+      }
       const { messages: contextWindow, newAnchor, newCompressedTurnSliceCount } = await createApiContextWindow(
         this.history,
         this.sessionAnchor,
@@ -16172,7 +16264,7 @@ ${editData.error.display}`;
       this.eventBus.emit("backend_message", {
         type: "log",
         message: "LLM request failed",
-        payload: uiError.details
+        payload: uiError.rawMessage
       });
       await this.notifyFactorTurnEndIfNeeded("llm_error");
       this.eventBus.emit("backend_message", { type: "done", status: "failed" });
@@ -16285,15 +16377,12 @@ ${editData.error.display}`;
     this.history.push(normalizedMessage);
     if (normalizedMessage.tool_calls && normalizedMessage.tool_calls.length > 0) {
       this.emptyAssistantReplySteps = 0;
+      this.invalidToolCallRetrySteps = 0;
       const validToolCalls = normalizedMessage.tool_calls.filter(
         (call) => ToolCallNormalizer.isValidToolCall(call)
       );
       if (validToolCalls.length === 0) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: "Model returned invalid tool calls. Retrying..."
-        });
-        await this._continueConversation();
+        await this.handleInvalidToolCallRetry(normalizedMessage);
         return;
       }
       const needsConfirmation = validToolCalls.some(
@@ -16325,9 +16414,6 @@ ${editData.error.display}`;
     } else if (trimmedText) {
       this.emptyAssistantReplySteps = 0;
       this.eventBus.emit("backend_message", { type: "assistant_message", content: accumulatedContent });
-      this.eventBus.emit("info", {
-        message: "Assistant returned plain text without tool_calls. Closing the turn to avoid protocol drift."
-      });
       await this.notifyFactorTurnEndIfNeeded("assistant_text_without_tool_call");
       this.emitTurnCompleted();
       return;
@@ -16360,15 +16446,12 @@ ${editData.error.display}`;
     this.history.push(message2);
     if (message2.tool_calls && message2.tool_calls.length > 0) {
       this.emptyAssistantReplySteps = 0;
+      this.invalidToolCallRetrySteps = 0;
       const validToolCalls = message2.tool_calls.filter(
         (call) => ToolCallNormalizer.isValidToolCall(call)
       );
       if (validToolCalls.length === 0) {
-        this.eventBus.emit("backend_message", {
-          type: "error",
-          message: "Model returned invalid tool calls. Retrying..."
-        });
-        await this._continueConversation();
+        await this.handleInvalidToolCallRetry(message2);
         return;
       }
       const needsConfirmation = validToolCalls.some(
@@ -16399,10 +16482,8 @@ ${editData.error.display}`;
       }
     } else if (typeof message2.content === "string" && message2.content.trim()) {
       this.emptyAssistantReplySteps = 0;
+      this.invalidToolCallRetrySteps = 0;
       this.eventBus.emit("backend_message", { type: "assistant_message", content: message2.content });
-      this.eventBus.emit("info", {
-        message: "Assistant returned plain text without tool_calls. Closing the turn to avoid protocol drift."
-      });
       await this.notifyFactorTurnEndIfNeeded("assistant_text_without_tool_call");
       this.emitTurnCompleted();
       return;
@@ -18780,23 +18861,12 @@ var ToolResultDisplayComponent = ({
   if (toolName.includes("ask_user_question")) {
     const success = parsed?.success === true;
     const selectedLabel = typeof parsed?.selected_label === "string" ? parsed.selected_label : "";
-    const selectedIndex = typeof parsed?.selected_index === "number" ? parsed.selected_index : null;
-    const questionIndex = typeof parsed?.question_index === "number" ? parsed.question_index : 0;
-    const qs = Array.isArray(args?.questions) ? args.questions : [];
-    const q = qs[questionIndex];
-    const questionText = typeof q?.question === "string" ? q.question : "";
     if (success && selectedLabel) {
-      return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsxs13(Box13, { flexDirection: "column", children: [
-        /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
-          /* @__PURE__ */ jsx13(Text13, { bold: true, children: "Response" }),
-          " \xB7 ",
-          selectedLabel
-        ] }),
-        questionText ? /* @__PURE__ */ jsxs13(Text13, { dimColor: true, wrap: "wrap", children: [
-          truncate3(questionText, 140),
-          selectedIndex !== null ? ` \xB7 option ${selectedIndex + 1}` : ""
-        ] }) : null
-      ] }) });
+      return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsx13(Box13, { flexDirection: "column", children: /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
+        /* @__PURE__ */ jsx13(Text13, { bold: true, children: "Response" }),
+        " \xB7 ",
+        selectedLabel
+      ] }) }) });
     }
     if (parsed?.cancelled === true) {
       return /* @__PURE__ */ jsx13(ResultGutter, { children: /* @__PURE__ */ jsxs13(Text13, { dimColor: true, children: [
@@ -20963,183 +21033,137 @@ Report the release version, tag, changelog summary, and verification results whe
       );
     }
     if (cmd === "review") {
-      const target = args.join(" ") || "";
+      const normalizedArgs = args.map((a) => a.toLowerCase());
+      const hasMasonPrefix = normalizedArgs[0] === "mason" || normalizedArgs[0] === "with" && normalizedArgs[1] === "mason";
+      const reviewMode = hasMasonPrefix ? "mason" : "direct";
+      const targetArgs = hasMasonPrefix ? normalizedArgs[0] === "mason" ? args.slice(1) : args.slice(2) : args;
+      const target = targetArgs.join(" ") || "";
       const isPR = target && /^\d+$/.test(target);
       (async () => {
         try {
           const reviewTarget = isPR ? `PR #${target}` : target === "local" || target === "local changes" ? "current local changes (git diff HEAD)" : target ? `the file/module: ${target}` : "current local changes (git diff HEAD)";
-          await agentRef.current?.processTurn({
-            content: `## REVIEW COORDINATOR MODE \u2014 Lead a Team of Senior QA Reviewers
+          const reviewPrompt = reviewMode === "mason" ? `## REVIEW COORDINATOR MODE \u2014 Mason Specialists
 
-You are now the **Review Coordinator** \u2014 a Principal Engineer leading a team of senior, picky QA reviewers. Your job is to orchestrate a **thorough, line-by-line code review** where NOTHING slips through.
+You are now the **Review Coordinator** for a slower, deeper pass with Mason senior specialists.
 
-**NEVER be afraid to coordinate.** Spawning specialized reviewers is how you catch bugs that a single reviewer would miss.
+This mode is intentionally heavier:
+- You may coordinate specialized reviewers in parallel
+- Each reviewer should focus on one area of risk
+- This can take longer, but it should surface deeper issues
 
 **Review Target:** ${reviewTarget}
 
 ### COORDINATOR REVIEW WORKFLOW
 
-#### Step 1: Triage (you do this \u2014 quick, ~30s)
+#### Step 1: Triage
 1. Gather the diff/changes:
    ${isPR ? `- Run \`gh pr view ${target}\` for PR details` : ""}
    ${isPR ? `- Run \`gh pr diff ${target}\` for the full diff` : ""}
    ${!isPR && target !== "local" && target !== "local changes" ? `- Read the file: ${target}` : ""}
    ${target === "local" || target === "local changes" ? `- Run \`git diff HEAD\` for unstaged changes` : ""}
    ${target === "local" || target === "local changes" ? `- Run \`git diff --cached HEAD\` for staged changes` : ""}
-2. Understand the SCOPE: how many files changed, what areas are affected
+2. Identify the risk surface and decide which specialist areas are worth parallelizing
 
-#### Step 2: Spawn 3 Parallel Review Workers
-Launch exactly **3 workers in parallel** \u2014 one for each core area.
+#### Step 2: Parallel Specialists
+If the scope justifies it, spawn specialized reviewers in parallel:
+- Security
+- Logic & Correctness
+- Code Quality
 
-**IMPORTANT:** Each worker MUST read EVERY changed file line by line. Do NOT report until you have examined all files. List each file you reviewed in your report.
+If the scope is small, do not force parallelism. Use judgment.
 
-**Worker 1 \u2014 Security Reviewer:**
-\`\`\`
-spawn_agent({
-  task: "SECURITY REVIEW: Thoroughly review ${reviewTarget} for security vulnerabilities.
-
-You are a Senior Security Engineer. Read EVERY changed file line by line. Do NOT report until you have examined all files.
-
-Look for:
-- Injection vulnerabilities (SQL, XSS, command injection, template injection)
-- Authentication/authorization flaws (missing auth checks, privilege escalation)
-- Sensitive data exposure (secrets in logs, PII leaks, hardcoded credentials)
-- Insecure defaults (missing TLS, weak crypto, permissive CORS)
-- Input validation gaps (missing sanitization, type confusion)
-- Dependency vulnerabilities (outdated packages, known CVEs)
-- Path traversal, SSRF, CSRF, race conditions
-
-For EACH issue found:
-- Severity: CRITICAL / HIGH / MEDIUM / LOW
-- File:line number
-- Exact code snippet
-- Why it's vulnerable
-- How to exploit it (brief)
-- Recommended fix
-
-Be PICKY. If something looks suspicious, flag it.
-
-Do NOT modify files. Report only.
-
-At the end of your report, list ALL files you reviewed.",
-  title: "Security Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+#### Step 3: Synthesize
+Wait for all reviewers that you spawned, then synthesize the findings into a single review report.
 
-**Worker 2 \u2014 Logic & Correctness:**
-\`\`\`
-spawn_agent({
-  task: "LOGIC REVIEW: Thoroughly review ${reviewTarget} for bugs and logic errors.
-
-You are a Senior QA Engineer who finds bugs for a living. Read EVERY changed file line by line. Do NOT report until you have examined all files.
-
-Look for:
-- Logic errors (wrong conditions, off-by-one, inverted boolean, wrong operator)
-- Null/undefined handling (missing null checks, unsafe property access)
-- State management issues (stale state, missing initialization, race conditions)
-- Async bugs (unawaited promises, missing error handling, promise rejections)
-- Edge cases (empty arrays, zero values, negative numbers, boundary conditions)
-- Wrong assumptions (code assumes X but Y can happen)
-- Dead code (unreachable branches, unused variables, commented-out logic)
-- Error handling gaps (swallowed errors, missing catch blocks, generic catches)
-
-For EACH issue found:
-- Severity: BLOCKER / MAJOR / MINOR
-- File:line number
-- What the code does vs what it SHOULD do
-- How to trigger the bug
-- Recommended fix
-
-Be RELENTLESS. Question every assumption.
-
-Do NOT modify files. Report only.
-
-At the end of your report, list ALL files you reviewed.",
-  title: "Logic & Correctness Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+#### Step 4: Produce the Review Report
+Compile a comprehensive review report:
 
-**Worker 3 \u2014 Code Quality:**
-\`\`\`
-spawn_agent({
-  task: "CODE QUALITY REVIEW: Thoroughly review ${reviewTarget} for code quality and convention violations.
+**REVIEW REPORT for ${reviewTarget}**
 
-You are a Staff Engineer obsessed with clean code. Read EVERY changed file line by line. Do NOT report until you have examined all files.
+\u{1F534} CRITICAL / BLOCKER (must fix before merge):
+- [List critical findings]
 
-Look for:
-- Naming issues (misleading names, abbreviations, inconsistent casing)
-- Function length and complexity (too long, too many responsibilities, deep nesting)
-- DRY violations (duplicated logic that should be extracted)
-- SOLID violations (tight coupling, god classes, leaking abstractions)
-- Style inconsistencies (formatting, import order, naming conventions)
-- Missing or wrong comments (no docs for complex logic, outdated comments)
-- Type safety issues (any usage, missing type annotations, wrong types)
-- Error message quality (unhelpful messages, missing context)
-- API design (inconsistent interfaces, breaking changes, missing deprecation)
+\u{1F7E1} HIGH / MAJOR (should fix):
+- [List high findings]
 
-For EACH issue found:
-- File:line number
-- What's wrong
-- Suggested improvement with before/after code
+\u{1F7E2} MEDIUM / MINOR (nice to fix):
+- [List medium findings]
 
-Be PICKY about readability. Code is read 10x more than written.
+\u2139\uFE0F OBSERVATIONS (no action needed):
+- [List observations]
 
-Do NOT modify files. Report only.
+\u2705 POSITIVE FINDINGS:
+- [List strong points]
 
-At the end of your report, list ALL files you reviewed.",
-  title: "Code Quality Review",
-  agent_type: "reviewer"
-})
-\`\`\`
+**Review Summary:**
+- Total issues found: X critical, Y high, Z medium
+- Reviewers used: [list workers or "direct review"]
+- Recommendation: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES
+- Confidence level: HIGH / MEDIUM / LOW
 
-#### Step 3: Wait for Workers + Synthesize
-Wait for ALL 3 workers to complete. Use wait_agent with a large timeout (600000ms).
+### COORDINATOR RULES
+- Be selective: do not spawn workers unless the scope justifies it
+- If workers fail, finish the review yourself
+- Never rubber-stamp
+- Never fabricate results
 
-**If workers fail or sessions disappear:**
-- This can happen with fast-completing workers
-- Simply perform the review yourself by reading the changed files
-- Report: "Workers completed/unavailable \u2014 performing review directly"
-- Do NOT waste time retrying \u2014 just do the review
+Start coordinating now.` : `## REVIEW MODE \u2014 Direct Senior Review
 
-**NEVER write** "the review looks good" \u2014 that's lazy.
-**ALWAYS synthesize**: Group findings by severity, cross-reference between reviewers, identify patterns.
+You are a senior engineer performing a direct code review. Do the review yourself using the available tools and your own judgment.
 
-#### Step 4: Produce the Review Report
-Compile a comprehensive review report:
+**Do not spawn parallel reviewers by default.** Only use extra agents if the scope is genuinely large and you need them.
+
+**Review Target:** ${reviewTarget}
+
+### REVIEW WORKFLOW
+
+#### Step 1: Triage
+1. Gather the diff/changes:
+   ${isPR ? `- Run \`gh pr view ${target}\` for PR details` : ""}
+   ${isPR ? `- Run \`gh pr diff ${target}\` for the full diff` : ""}
+   ${!isPR && target !== "local" && target !== "local changes" ? `- Read the file: ${target}` : ""}
+   ${target === "local" || target === "local changes" ? `- Run \`git diff HEAD\` for unstaged changes` : ""}
+   ${target === "local" || target === "local changes" ? `- Run \`git diff --cached HEAD\` for staged changes` : ""}
+2. Understand the scope and the main risk areas
+
+#### Step 2: Review Directly
+Read the changed files carefully yourself. Focus on:
+- Correctness and regressions
+- Security and data handling
+- Tests and edge cases
+- Clarity and maintainability
+
+If the diff is large, you may use helpers, but keep the review centered on your own synthesis.
+
+#### Step 3: Produce the Review Report
+Compile a concise but rigorous review report:
 
 **REVIEW REPORT for ${reviewTarget}**
 
 \u{1F534} CRITICAL / BLOCKER (must fix before merge):
-- [List all critical findings]
+- [List critical findings]
 
 \u{1F7E1} HIGH / MAJOR (should fix):
-- [List all high findings]
+- [List high findings]
 
 \u{1F7E2} MEDIUM / MINOR (nice to fix):
-- [List all medium findings]
+- [List medium findings]
 
 \u2139\uFE0F OBSERVATIONS (no action needed):
-- [List observations, style notes]
+- [List observations]
 
-\u2705 POSITIVE FINDINGS (what's good):
-- [List well-written code, good patterns]
+\u2705 POSITIVE FINDINGS:
+- [List strong points]
 
 **Review Summary:**
 - Total issues found: X critical, Y high, Z medium
-- Reviewers used: [list workers or "direct review"]
+- Reviewers used: direct review
 - Recommendation: APPROVE / APPROVE WITH COMMENTS / REQUEST CHANGES
 - Confidence level: HIGH / MEDIUM / LOW
 
-### COORDINATOR RULES
-- **You are the brain, reviewers are the eyes** \u2014 synthesize, don't just copy-paste
-- **Spawn 3 workers in parallel** \u2014 Security, Logic, Code Quality
-- **If workers fail, do the review yourself** \u2014 no drama, just deliver
-- **NEVER rubber-stamp** \u2014 your job is to find issues
-- **NEVER fabricate results** \u2014 report truth
-
-Start coordinating now. Triage the changes, then spawn your 3 reviewers.`
+Start the review now.`;
+          await agentRef.current?.processTurn({
+            content: reviewPrompt
           });
         } catch (e) {
           setHistory((prev) => prev.concat({

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@nomad-e/bluma-cli",
-	"version": "0.1.75",
+	"version": "0.1.76",
 	"description": "BluMa independent agent for automation and advanced software engineering.",
 	"author": "Alex Fonseca",
 	"license": "Apache-2.0",