@sickr/cli 0.9.15 → 0.9.18

package/dist/cli.js

@@ -12,8 +12,9 @@ import { AUTH_ENDPOINT, readCredentials, writeCredentials, clearCredentials, sta
 import { ui, card, kv } from './ui.js';
 import { AGENT_API_URL, clearAgentCredentials, disconnectAgent, fetchAgentStatus, pollAgentConnect, readAgentCredentials, rotateAgentKey, startAgentConnect, writeAgentCredentials, } from './agentAuth.js';
 import { PROVIDERS, recordCommandFor } from './providers.js';
+import { parseReviewArgs, reviewResultSummary, reviewerSettingsExample, runLocalReviewer } from './reviewer.js';
 const REPLAY_ENDPOINT = process.env.SICKR_REPLAY_ENDPOINT ?? 'https://sickr.ai/api/replay';
-const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'agent', 'live', 'run', 'replay', 'prime', 'workflow', 'start', 'status', 'help'];
+const COMMANDS = ['init', 'record', 'open', 'list', 'share', 'stop', 'clear', 'login', 'logout', 'whoami', 'agent', 'live', 'run', 'review', 'replay', 'prime', 'workflow', 'start', 'status', 'help'];
 export function parseCommand(argv) {
     const c = argv[0];
     return c && COMMANDS.includes(c) ? c : null;
@@ -59,6 +60,7 @@ export function runtimeConfigSummary(config) {
         replay: 'Replay',
         live: 'Live',
         run: 'Run',
+        review: 'Review',
         prime_workflow: 'Prime Workflow',
     };
     const provider = PROVIDERS[config.provider];
@@ -117,6 +119,15 @@ RUN ($12) - remote control from the browser.
                         sickr run <bin>
                       Flags: --mode auto (default) | --mode interactive
 
+LOCAL REVIEWER - local model with constrained reviewer tools.
+  review              Run an Ollama/Qwen reviewer in this workspace. The model
+                      can read files, run configured readonly/test commands,
+                      apply patches locally, and publish PR review feedback
+                      only when --publish is passed.
+                        sickr review --pr 42 --model qwen2.5-coder:7b
+                        sickr review --pr 42 --publish
+                      Config: .sickr/settings.json reviewer block.
+
 PRIME WORKFLOW - governed ticket execution.
   prime connect --agent-id <id>      Approve this machine for a configured
                                      Prime Workflow agent.
@@ -697,12 +708,21 @@ function providerFromValue(value) {
     return null;
 }
 function productModeFromValue(value) {
-    if (value === 'prime_workflow' || value === 'run' || value === 'live' || value === 'replay')
+    if (value === 'prime_workflow' || value === 'review' || value === 'run' || value === 'live' || value === 'replay')
         return value;
     if (value === 'workflow' || value === 'prime')
         return 'prime_workflow';
     return null;
 }
+function reviewerDefaultMode(agent, runtime) {
+    const role = runtime.role ?? agent.role ?? runtime.agent_role ?? agent.agent_role;
+    if (role === 'reviewer')
+        return 'review';
+    const agentId = typeof agent.agent_id === 'string' ? agent.agent_id.toLowerCase() : '';
+    if (agentId.includes('reviewer') || agentId.endsWith('-review') || agentId.startsWith('review-'))
+        return 'review';
+    return null;
+}
 export function configuredRunInvocationFromStatus(status) {
     const root = isRecord(status) ? status : {};
     const agent = isRecord(root.agent) ? root.agent : {};
@@ -711,7 +731,7 @@ export function configuredRunInvocationFromStatus(status) {
             : isRecord(root.runtime_config) ? root.runtime_config
                 : {};
     const provider = providerFromValue(runtime.provider) ?? providerFromValue(agent.provider) ?? 'claude';
-    const productMode = productModeFromValue(runtime.product_mode) ?? productModeFromValue(runtime.mode) ?? productModeFromValue(agent.product_mode) ?? productModeFromValue(agent.mode) ?? 'run';
+    const productMode = productModeFromValue(runtime.product_mode) ?? productModeFromValue(runtime.mode) ?? productModeFromValue(agent.product_mode) ?? productModeFromValue(agent.mode) ?? reviewerDefaultMode(agent, runtime) ?? 'run';
     const command = typeof runtime.command === 'string' ? runtime.command
         : typeof agent.command === 'string' ? agent.command
             : PROVIDERS[provider].defaultCommand;
@@ -719,11 +739,40 @@ export function configuredRunInvocationFromStatus(status) {
     const model = typeof runtime.model === 'string' ? runtime.model
         : typeof agent.model === 'string' ? agent.model
             : null;
+    const workspace = typeof runtime.workspace === 'string' ? runtime.workspace
+        : typeof runtime.workspace_path === 'string' ? runtime.workspace_path
+            : typeof agent.workspace === 'string' ? agent.workspace
+                : typeof agent.workspace_path === 'string' ? agent.workspace_path
+                    : undefined;
+    const pr = typeof runtime.pr === 'string' ? runtime.pr
+        : typeof runtime.pull_request === 'string' ? runtime.pull_request
+            : typeof agent.pr === 'string' ? agent.pr
+                : typeof agent.pull_request === 'string' ? agent.pull_request
+                    : undefined;
+    const repo = typeof runtime.repo === 'string' ? runtime.repo
+        : typeof agent.repo === 'string' ? agent.repo
+            : undefined;
+    const testCommands = stringArray(runtime.test_commands) ?? stringArray(agent.test_commands) ?? undefined;
+    const readonlyCommands = stringArray(runtime.readonly_commands) ?? stringArray(agent.readonly_commands) ?? undefined;
     const agentArgs = (provider === 'ollama' || provider === 'local') && model && configuredArgs.length === 0
         ? ['--model', model]
         : configuredArgs;
     const mode = runtime.pty_mode === 'interactive' || runtime.run_mode === 'interactive' || runtime.mode === 'interactive' || agent.pty_mode === 'interactive' ? 'interactive' : 'auto';
-    return { agent: command, agentArgs, mode, productMode };
+    return {
+        agent: command,
+        agentArgs,
+        mode,
+        productMode,
+        review: productMode === 'review' ? {
+            workspace,
+            model: model ?? undefined,
+            pr,
+            repo,
+            publish: typeof runtime.publish === 'boolean' ? runtime.publish : typeof agent.publish === 'boolean' ? agent.publish : undefined,
+            testCommands,
+            readonlyCommands,
+        } : undefined,
+    };
 }
 export async function resolveConfiguredRun(agentId, credentials = readAgentCredentials()) {
     if (!credentials) {
@@ -1082,6 +1131,24 @@ async function handleStart(rest) {
         await handleReplay([]);
         return;
     }
+    if (configured.productMode === 'review') {
+        if (!(await requireReplayPro('sickr start'))) {
+            process.exit(3);
+            return;
+        }
+        try {
+            const result = await runLocalReviewer({
+                ...(configured.review ?? {}),
+                ...parseReviewArgs(rest),
+            });
+            process.stdout.write(`${reviewResultSummary(result)}\n`);
+        }
+        catch (e) {
+            process.stderr.write(`sickr: reviewer failed (${e.message}).\n`);
+            process.exit(5);
+        }
+        return;
+    }
     if (!(await requireReplayPro('sickr start'))) {
         process.exit(3);
         return;
@@ -1252,6 +1319,25 @@ async function main() {
             await startLive(opts);
             return;
         }
+        case 'review': {
+            if (rest.includes('--example-settings')) {
+                process.stdout.write(`${reviewerSettingsExample()}\n`);
+                return;
+            }
+            if (!(await requireReplayPro('sickr review'))) {
+                process.exit(3);
+                return;
+            }
+            try {
+                const result = await runLocalReviewer(parseReviewArgs(rest));
+                process.stdout.write(`${reviewResultSummary(result)}\n`);
+            }
+            catch (e) {
+                process.stderr.write(`sickr: reviewer failed (${e.message}).\n`);
+                process.exit(5);
+            }
+            return;
+        }
         case 'run': {
             // sickr run <agent> [--mode auto|interactive] [...agent-args] [--verbose]
             // Wraps the agent in a PTY the CLI owns. Browser steers go

package/dist/providers.js

@@ -84,5 +84,5 @@ export function recordCommandFor(provider) {
     return `npx @sickr/cli record${p.recordFlag ? ` ${p.recordFlag}` : ''}`;
 }
 export function modeRank(mode) {
-    return { replay: 0, live: 1, run: 2, prime_workflow: 3 }[mode];
+    return { replay: 0, live: 1, run: 2, review: 2, prime_workflow: 3 }[mode];
 }

package/dist/reviewer.js

@@ -0,0 +1,405 @@
+import { existsSync, mkdtempSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { basename, isAbsolute, join, relative, resolve } from 'node:path';
+import { execFileSync, spawnSync } from 'node:child_process';
+import { redact } from './redact.js';
+export const DEFAULT_READONLY_COMMANDS = [
+    'pwd',
+    'ls',
+    'dir',
+    'find',
+    'rg',
+    'cat',
+    'type',
+    'sed',
+    'git status',
+    'git diff',
+    'git log',
+    'git show',
+    'git branch',
+    'npm ls',
+    'npm outdated',
+    'pnpm ls',
+    'yarn list',
+    'pip freeze',
+    'python -m pip show',
+    'go list',
+    'cargo tree',
+];
+export const DEFAULT_TEST_COMMANDS = ['npm test', 'pnpm test', 'yarn test', 'pytest', 'python -m pytest', 'go test ./...', 'cargo test'];
+export function settingsPath(workspace) {
+    return join(workspace, '.sickr', 'settings.json');
+}
+function stringArray(value) {
+    return Array.isArray(value) && value.every((item) => typeof item === 'string') ? value : null;
+}
+function record(value) {
+    return typeof value === 'object' && value !== null && !Array.isArray(value) ? value : {};
+}
+export function readReviewerSettings(workspace = process.cwd()) {
+    const path = settingsPath(workspace);
+    if (!existsSync(path))
+        return {};
+    const root = record(JSON.parse(readFileSync(path, 'utf8')));
+    const reviewer = record(root.reviewer);
+    return {
+        provider: reviewer.provider === 'local' ? 'local' : reviewer.provider === 'ollama' ? 'ollama' : undefined,
+        model: typeof reviewer.model === 'string' ? reviewer.model : undefined,
+        workspace: typeof reviewer.workspace === 'string' ? reviewer.workspace : undefined,
+        repo: typeof reviewer.repo === 'string' ? reviewer.repo : undefined,
+        pr: typeof reviewer.pr === 'string' ? reviewer.pr : undefined,
+        publish: typeof reviewer.publish === 'boolean' ? reviewer.publish : undefined,
+        maxToolRounds: typeof reviewer.max_tool_rounds === 'number' ? reviewer.max_tool_rounds : undefined,
+        readonlyCommands: stringArray(reviewer.readonly_commands) ?? undefined,
+        testCommands: stringArray(reviewer.test_commands) ?? undefined,
+    };
+}
+export function resolveReviewerSettings(options = {}, baseWorkspace = process.cwd()) {
+    const fromFile = readReviewerSettings(baseWorkspace);
+    const workspace = resolve(options.workspace ?? fromFile.workspace ?? baseWorkspace);
+    return {
+        provider: fromFile.provider ?? 'ollama',
+        model: options.model ?? fromFile.model ?? process.env.SICKR_OLLAMA_MODEL ?? 'smollm2:135m',
+        workspace,
+        repo: options.repo ?? fromFile.repo,
+        pr: options.pr ?? fromFile.pr,
+        publish: options.publish ?? fromFile.publish ?? false,
+        maxToolRounds: options.maxToolRounds ?? fromFile.maxToolRounds ?? 8,
+        readonlyCommands: options.readonlyCommands ?? fromFile.readonlyCommands ?? DEFAULT_READONLY_COMMANDS,
+        testCommands: options.testCommands ?? fromFile.testCommands ?? DEFAULT_TEST_COMMANDS,
+    };
+}
+export function assertInsideWorkspace(workspace, requestedPath) {
+    const root = resolve(workspace);
+    const target = resolve(root, requestedPath);
+    const rel = relative(root, target);
+    if (rel.startsWith('..') || isAbsolute(rel))
+        throw new Error(`path escapes workspace: ${requestedPath}`);
+    return target;
+}
+export function isReadonlyCommand(command, allowedPrefixes = DEFAULT_READONLY_COMMANDS) {
+    const normalized = command.trim().replace(/\s+/g, ' ');
+    if (!normalized)
+        return false;
+    if (/[|;&><`$]/.test(normalized))
+        return false;
+    if (/\b(env|printenv|set|export|curl|wget|rm|del|move|mv|cp|copy|npm install|pnpm add|yarn add|pip install|git push|git merge|git rebase)\b/i.test(normalized))
+        return false;
+    return allowedPrefixes.some((prefix) => normalized === prefix || normalized.startsWith(`${prefix} `));
+}
+export function isAllowedTestCommand(command, allowed = DEFAULT_TEST_COMMANDS) {
+    const normalized = command.trim().replace(/\s+/g, ' ');
+    return allowed.some((candidate) => normalized === candidate.trim().replace(/\s+/g, ' '));
+}
+const shellRunner = {
+    run(command, cwd) {
+        const result = spawnSync(command, {
+            cwd,
+            shell: true,
+            encoding: 'utf8',
+            timeout: 120_000,
+            maxBuffer: 1024 * 1024,
+        });
+        const output = redact(`${result.stdout ?? ''}${result.stderr ? `\n${result.stderr}` : ''}`).trim();
+        return {
+            tool: 'command',
+            status: result.status === 0 ? 'ok' : 'error',
+            detail: `exit=${result.status ?? 'signal'}\n${output}`.slice(0, 12_000),
+        };
+    },
+};
+function git(args, cwd) {
+    return execFileSync('git', args, { cwd, stdio: ['ignore', 'pipe', 'pipe'] }).toString();
+}
+function safeGh(args, cwd) {
+    return execFileSync('gh', args, { cwd, stdio: ['ignore', 'pipe', 'pipe'] }).toString();
+}
+export function prepareReviewWorkspace(settings) {
+    if (!existsSync(settings.workspace))
+        throw new Error(`workspace does not exist: ${settings.workspace}`);
+    git(['rev-parse', '--show-toplevel'], settings.workspace);
+    const dirty = git(['status', '--porcelain'], settings.workspace).trim();
+    if (dirty) {
+        throw new Error('review workspace is dirty. Commit/stash manual changes or use a dedicated SICKR reviewer workspace.');
+    }
+    if (settings.pr) {
+        safeGh(['pr', 'checkout', settings.pr], settings.workspace);
+    }
+}
+export function changedFiles(workspace) {
+    const candidates = [
+        ['diff', '--name-only', 'origin/main...HEAD'],
+        ['diff', '--name-only', 'HEAD~1...HEAD'],
+        ['diff', '--name-only'],
+    ];
+    for (const args of candidates) {
+        try {
+            const files = git(args, workspace).split(/\r?\n/).map((line) => line.trim()).filter(Boolean);
+            if (files.length > 0)
+                return Array.from(new Set(files));
+        }
+        catch { /* try next strategy */ }
+    }
+    return [];
+}
+export function executeToolRequest(req, settings, runner = shellRunner) {
+    try {
+        if (req.tool === 'list_changed_files') {
+            return { tool: req.tool, status: 'ok', detail: changedFiles(settings.workspace).join('\n') || '(no changed files)' };
+        }
+        if (req.tool === 'read_file') {
+            if (!req.path)
+                return { tool: req.tool, status: 'denied', detail: 'path is required' };
+            const target = assertInsideWorkspace(settings.workspace, req.path);
+            if (!existsSync(target))
+                return { tool: req.tool, status: 'error', detail: `file not found: ${req.path}` };
+            return { tool: req.tool, status: 'ok', detail: redact(readFileSync(target, 'utf8')).slice(0, 20_000) };
+        }
+        if (req.tool === 'run_readonly_command') {
+            const command = req.command ?? '';
+            if (!isReadonlyCommand(command, settings.readonlyCommands))
+                return { tool: req.tool, status: 'denied', detail: `command is not readonly-allowed: ${command}` };
+            return { ...runner.run(command, settings.workspace), tool: req.tool };
+        }
+        if (req.tool === 'run_test') {
+            const command = req.command ?? '';
+            if (!isAllowedTestCommand(command, settings.testCommands))
+                return { tool: req.tool, status: 'denied', detail: `test command is not configured: ${command}` };
+            return { ...runner.run(command, settings.workspace), tool: req.tool };
+        }
+        if (req.tool === 'apply_patch') {
+            if (!req.patch?.trim())
+                return { tool: req.tool, status: 'denied', detail: 'patch is required' };
+            const tmp = join(mkdtempSync(join(tmpdir(), 'sickr-review-patch-')), 'change.patch');
+            try {
+                writeFileSync(tmp, req.patch);
+                execFileSync('git', ['apply', '--check', tmp], { cwd: settings.workspace, stdio: ['ignore', 'pipe', 'pipe'] });
+                execFileSync('git', ['apply', tmp], { cwd: settings.workspace, stdio: ['ignore', 'pipe', 'pipe'] });
+                return { tool: req.tool, status: 'ok', detail: 'patch applied locally in reviewer workspace' };
+            }
+            finally {
+                rmSync(resolve(tmp, '..'), { recursive: true, force: true });
+            }
+        }
+        return { tool: 'unknown', status: 'denied', detail: `unknown tool: ${req.tool}` };
+    }
+    catch (e) {
+        return { tool: req.tool, status: 'error', detail: redact(e.message) };
+    }
+}
+export function buildReviewerPrompt(settings, priorResults) {
+    const files = changedFiles(settings.workspace);
+    let diff = '';
+    try {
+        diff = git(['diff', '--stat'], settings.workspace);
+    }
+    catch {
+        diff = '';
+    }
+    return [
+        'You are a SICKR reviewer agent. Review the PR like a senior code reviewer.',
+        'You may inspect files, run readonly commands, apply candidate patches locally, and run configured tests.',
+        'You must not request push, merge, arbitrary network access, or secret dumping.',
+        'Return exactly one JSON object. Do not wrap it in markdown.',
+        'Schema:',
+        '{"tool_requests":[{"tool":"list_changed_files|read_file|run_readonly_command|run_test|apply_patch","path":"src/file.ts","command":"npm test","patch":"unified diff","reason":"why"}],"decision":"approve|request_changes|comment|blocked","summary":"short","findings":[{"severity":"blocker|major|minor","file":"path","line":1,"body":"finding"}],"suggestions":[{"file":"path","body":"suggested change"}]}',
+        'If you need more information, return tool_requests and omit decision.',
+        'Only approve when no blocker/major findings remain and configured tests have passed or are not relevant.',
+        `Model: ${settings.model}`,
+        `Workspace: ${settings.workspace}`,
+        settings.pr ? `PR: ${settings.pr}` : 'PR: current branch',
+        `Changed files:\n${files.join('\n') || '(unknown)'}`,
+        `Diff stat:\n${diff || '(unavailable)'}`,
+        `Configured readonly commands: ${settings.readonlyCommands.join(', ')}`,
+        `Configured test commands: ${settings.testCommands.join(', ')}`,
+        `Tool results so far:\n${priorResults.map((r, i) => `#${i + 1} ${r.tool} ${r.status}\n${r.detail}`).join('\n\n') || '(none)'}`,
+    ].join('\n\n');
+}
+export function parseModelReviewResponse(text) {
+    const trimmed = text.trim();
+    const start = trimmed.indexOf('{');
+    const end = trimmed.lastIndexOf('}');
+    if (start < 0 || end < start)
+        throw new Error('model did not return a JSON object');
+    const obj = JSON.parse(trimmed.slice(start, end + 1));
+    return obj;
+}
+export function renderReviewBody(response, toolResults) {
+    const decision = response.decision ?? 'comment';
+    const lines = [`SICKR local reviewer: ${decision}`, '', response.summary ?? 'Review completed.', ''];
+    if (response.findings?.length) {
+        lines.push('Findings:');
+        for (const finding of response.findings) {
+            const loc = finding.file ? `${finding.file}${finding.line ? `:${finding.line}` : ''}` : 'general';
+            lines.push(`- [${finding.severity ?? 'minor'}] ${loc}: ${finding.body}`);
+        }
+        lines.push('');
+    }
+    if (response.suggestions?.length) {
+        lines.push('Suggested changes:');
+        for (const suggestion of response.suggestions)
+            lines.push(`- ${suggestion.file ?? 'general'}: ${suggestion.body}`);
+        lines.push('');
+    }
+    const failedTools = toolResults.filter((r) => r.status !== 'ok');
+    if (failedTools.length) {
+        lines.push('Runner notes:');
+        for (const result of failedTools)
+            lines.push(`- ${result.tool}: ${result.status} - ${result.detail.split('\n')[0]}`);
+    }
+    return redact(lines.join('\n').trim());
+}
+async function callOllama(model, prompt) {
+    const host = process.env.OLLAMA_HOST ?? 'http://127.0.0.1:11434';
+    const res = await fetch(`${host.replace(/\/$/, '')}/api/generate`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ model, prompt, stream: false, format: 'json' }),
+    });
+    if (!res.ok)
+        throw new Error(`ollama generate failed: ${res.status}`);
+    const json = await res.json();
+    if (!json.response)
+        throw new Error('ollama generate returned no response');
+    return json.response;
+}
+function publishReview(settings, result) {
+    if (!settings.pr)
+        throw new Error('--publish requires --pr <number|url>');
+    const tmp = join(mkdtempSync(join(tmpdir(), 'sickr-review-body-')), 'review.md');
+    try {
+        writeFileSync(tmp, result.body);
+        const args = ['pr', 'review', settings.pr, '--body-file', tmp];
+        if (result.decision === 'approve')
+            args.push('--approve');
+        else if (result.decision === 'request_changes')
+            args.push('--request-changes');
+        else
+            args.push('--comment');
+        safeGh(args, settings.workspace);
+    }
+    finally {
+        rmSync(resolve(tmp, '..'), { recursive: true, force: true });
+    }
+}
+export async function runLocalReviewer(options = {}) {
+    const settings = resolveReviewerSettings(options);
+    prepareReviewWorkspace(settings);
+    const toolResults = [];
+    let response = {};
+    for (let round = 0; round < settings.maxToolRounds; round += 1) {
+        const prompt = buildReviewerPrompt(settings, toolResults);
+        response = parseModelReviewResponse(await callOllama(settings.model, prompt));
+        const requests = response.tool_requests ?? [];
+        if (requests.length === 0)
+            break;
+        for (const req of requests.slice(0, 5))
+            toolResults.push(executeToolRequest(req, settings));
+    }
+    const decision = response.decision ?? (toolResults.some((r) => r.status === 'error') ? 'blocked' : 'comment');
+    const body = renderReviewBody({ ...response, decision }, toolResults);
+    const result = { decision, body, published: false, toolResults };
+    if (settings.publish) {
+        publishReview(settings, result);
+        result.published = true;
+    }
+    return result;
+}
+export function parseReviewArgs(rest) {
+    const options = {};
+    const testCommands = [];
+    const readonlyCommands = [];
+    for (let i = 0; i < rest.length; i += 1) {
+        const arg = rest[i];
+        const next = rest[i + 1];
+        if ((arg === '--pr' || arg === '--pull-request') && next) {
+            options.pr = next;
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--pr=')) {
+            options.pr = arg.slice('--pr='.length);
+            continue;
+        }
+        if (arg === '--model' && next) {
+            options.model = next;
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--model=')) {
+            options.model = arg.slice('--model='.length);
+            continue;
+        }
+        if (arg === '--workspace' && next) {
+            options.workspace = next;
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--workspace=')) {
+            options.workspace = arg.slice('--workspace='.length);
+            continue;
+        }
+        if (arg === '--repo' && next) {
+            options.repo = next;
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--repo=')) {
+            options.repo = arg.slice('--repo='.length);
+            continue;
+        }
+        if (arg === '--publish') {
+            options.publish = true;
+            continue;
+        }
+        if (arg === '--dry-run') {
+            options.publish = false;
+            continue;
+        }
+        if (arg === '--test' && next) {
+            testCommands.push(next);
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--test=')) {
+            testCommands.push(arg.slice('--test='.length));
+            continue;
+        }
+        if (arg === '--readonly' && next) {
+            readonlyCommands.push(next);
+            i += 1;
+            continue;
+        }
+        if (arg.startsWith('--readonly=')) {
+            readonlyCommands.push(arg.slice('--readonly='.length));
+            continue;
+        }
+    }
+    if (testCommands.length)
+        options.testCommands = testCommands;
+    if (readonlyCommands.length)
+        options.readonlyCommands = [...DEFAULT_READONLY_COMMANDS, ...readonlyCommands];
+    return options;
+}
+export function reviewerSettingsExample(workspace = process.cwd()) {
+    return JSON.stringify({
+        reviewer: {
+            provider: 'ollama',
+            model: 'qwen2.5-coder:7b',
+            workspace,
+            publish: false,
+            readonly_commands: DEFAULT_READONLY_COMMANDS,
+            test_commands: ['npm test'],
+        },
+    }, null, 2);
+}
+export function reviewResultSummary(result) {
+    return [
+        `sickr: reviewer decision=${result.decision}${result.published ? ' published=true' : ' published=false'}`,
+        '',
+        result.body,
+    ].join('\n');
+}
+export function localReviewerCommandName() {
+    return `sickr-local-reviewer-${basename(process.cwd()) || 'workspace'}`;
+}

package/dist/run.js

@@ -137,6 +137,23 @@ export function normalizeRunEventForRunner(event, identity) {
         identity.sessions.add(event.session);
     return event;
 }
+export function buildRunSessionEndMessage(reason, exitCode) {
+    const msg = { kind: 'end', reason };
+    if (typeof exitCode === 'number')
+        msg.exitCode = exitCode;
+    return JSON.stringify(msg);
+}
+export function trySendRunSessionEnd(socket, reason, exitCode) {
+    if (!socket || socket.readyState !== 1)
+        return false;
+    try {
+        socket.send(buildRunSessionEndMessage(reason, exitCode));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 export function stripAnsi(input) {
     return input.replace(/\x1b\[[0-?]*[ -/]*[@-~]/g, '').replace(/\x1b\][^\x07]*(\x07|\x1b\\)/g, '');
 }
@@ -550,6 +567,7 @@ export async function startRun(opts) {
             }
             catch { /* ignore */ }
         hooklessSynth?.flushResponse();
+        trySendRunSessionEnd(ws, exitCode === 0 ? 'session_ended' : 'agent_exited', exitCode);
         try {
             ws?.close();
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sickr/cli",
-  "version": "0.9.15",
+  "version": "0.9.18",
   "type": "module",
   "description": "npx @sickr/cli - replay, live look, and workflow orchestration for AI coding agents.",
   "bin": {