@vortex-ai/cli 0.1.50 → 0.1.55

package/dist/index.js

@@ -211002,19 +211002,16 @@ var require_dist3 = __commonJS({
     module2.exports = __toCommonJS(index_exports);
     var Prompts = {
       // ── Engine / Intelligence Agent Prompts ──
-      extractSearchQueries: (diff) => `
-You are an expert code analyzer. 
-Analyze the following git diff and extract exactly 3 short search queries.
-These queries should be the names of the most important functions, classes, or architectural concepts that are modified or referenced in this PR.
-Your goal is to extract queries that can be used in a vector search engine to find the relevant codebase context.
+      extractSearchQueries: (diff) => `You must return ONLY a valid JSON array of exactly 3 strings. Example: ["auth flow", "DatabaseService", "user login"]
 
-Return ONLY a valid JSON array of 3 strings. No markdown formatting, no explanation.
+You are an expert code analyzer. 
+Analyze the following git diff and extract 3 short search queries.
+These queries should be the names of the most important functions, classes, or architectural concepts modified or referenced in this PR.
 
 Diff:
 \`\`\`diff
 ${diff}
-\`\`\`
-  `,
+\`\`\``,
       ragReview: (diff, contextStr) => `
 You are an expert Principal Software Engineer reviewing a pull request.
 You have been provided with the git diff of the pull request, AND some relevant code chunks from the existing codebase for context.
@@ -211075,34 +211072,33 @@ Your answer must follow these strict guidelines:
 4. **Professional Tone**: Sound like a highly experienced senior engineer mentoring a junior. Use emojis sparingly but effectively (e.g., \u{1F4A1} for tips, \u26A0\uFE0F for warnings).
 5. If the provided chunks do not contain enough information to answer fully, explicitly state what is missing.
 `,
-      executionPlan: (task, contextStr) => `You are an autonomous coding agent.
-
-# Task
-${task}
-
-# Relevant Codebase Context
-${contextStr}
-
-Analyze the task and available codebase context.
+      executionPlan: (task, contextStr) => `You must return ONLY a structured JSON object matching this schema:
+{
+  "summary": "A deep, 3-4 sentence explanation of the architectural approach.",
+  "filesToRead": ["src/index.ts", "package.json"],
+  "steps": [
+    {
+      "action": "create" | "modify" | "delete" | "test",
+      "file": "src/App.js",
+      "description": "A very detailed, multi-sentence explanation of exactly what code needs to be written or changed, including specific variables, functions, or UI elements to touch."
+    }
+  ]
+}
 
-Output ONLY a structured JSON execution plan containing the steps and the files that need to be read before the agent starts.
+You are a Principal AI Software Architect. Analyze the task and the extensive codebase context provided below to create a highly detailed execution plan. 
 
 Rules:
-* Maximum 7-10 steps.
-* Each step must be one sentence.
-* Focus only on actions required to complete the task.
-* Do not explain reasoning.
-* Do not describe implementation details.
-* Do not list speculative edge cases.
-* Do not create documentation-style plans and DO NOT commit anything.
-* Prefer concrete actions such as inspect, modify, implement, test, validate.
+- Make the plan EXTREMELY detailed. Do not skip steps.
+- Explain the 'why' and the 'how' for each step.
+- Include precise implementation details, such as variable names, function signatures, and logic flows.
+- Make sure to identify all related files that need to be read or modified.
+- Output ONLY valid JSON.
 
-Schema:
-{
-  "steps": ["Step 1", "Step 2"],
-  "filesToRead": ["src/index.ts", "package.json"]
-}
-`,
+# Task
+${task}
+
+# Extensive Codebase Context
+${contextStr}`,
       // ── Multi-Agent PR Review Prompts ──
       securitySystemPrompt: `You are a world-class Application Security Engineer conducting a security-focused code review.
 Your ONLY job is to find GENUINE, HIGH-IMPACT security vulnerabilities in the PR diff. You do NOT care about code style, architecture, performance, or nit-picks.
@@ -211164,6 +211160,53 @@ Severity Guide:
 
 If the PR does not contain any breaking or major structural issues, return an empty findings array with consistencyScore "excellent".
 Return ONLY the JSON object. No markdown. No explanation outside the JSON.`,
+      combinedReviewSystemPrompt: `You must return your findings as a valid JSON object matching this EXACT schema:
+{
+  "securityFindings": [
+    {
+      "title": "Short title",
+      "severity": "critical" | "high" | "medium" | "low" | "info",
+      "description": "Detailed explanation",
+      "file": "filename or N/A",
+      "lineHint": "approximate line",
+      "recommendation": "How to fix"
+    }
+  ],
+  "securitySummary": "1-2 sentence overall security assessment",
+  "securityRiskLevel": "safe" | "low_risk" | "medium_risk" | "high_risk" | "critical_risk",
+  "architectureFindings": [
+    {
+      "title": "Short title",
+      "severity": "breaking" | "major" | "minor" | "suggestion",
+      "description": "Detailed explanation",
+      "affectedPattern": "Which existing pattern is affected",
+      "recommendation": "How to align with existing architecture"
+    }
+  ],
+  "architectureSummary": "1-2 sentence overall architecture assessment",
+  "architectureConsistencyScore": "excellent" | "good" | "fair" | "poor"
+}
+
+You are a Principal Software Architect and Security Engineer conducting a unified code review.
+Your ONLY job is to analyze the PR diff for BOTH Security Vulnerabilities and Architectural Consistency.
+
+RULES:
+- ONLY use the provided PR Diff and Codebase Context. Do not invent code.
+- Ignore code style, nit-picks, and low severity issues.
+- Do NOT flag "Prompt Injection" or "Data Exfiltration" in local CLI code.
+- Do NOT flag imports from \`@vortex/shared\`.
+
+Example valid output:
+{
+  "securityFindings": [],
+  "securitySummary": "No high-risk vulnerabilities found.",
+  "securityRiskLevel": "safe",
+  "architectureFindings": [],
+  "architectureSummary": "Architecture remains highly cohesive.",
+  "architectureConsistencyScore": "excellent"
+}
+
+Return ONLY valid JSON. No markdown fences.`,
       synthesizerSystemPrompt: `You are a Staff Engineer writing the FINAL code review report for a pull request.
 You have received analysis from two specialist agents:
 1. **SecurityAgent** \u2014 found security vulnerabilities
@@ -211504,17 +211547,20 @@ var require_dist4 = __commonJS({
           parent
         } = params;
         const actualContentNode = contentNode ?? node;
-        const content = actualContentNode.getText(
-          sourceFile
-        );
-        const startLine = getLine(
-          actualContentNode.getStart(
-            sourceFile
-          )
-        );
-        const endLine = getLine(
-          actualContentNode.getEnd()
-        );
+        let content = actualContentNode.getText(sourceFile);
+        const startLine = getLine(actualContentNode.getStart(sourceFile));
+        const endLine = getLine(actualContentNode.getEnd());
+        if (startLine > 1) {
+          const allLines = source.split("\n");
+          const startIdx = Math.max(0, startLine - 1 - 30);
+          const prepended = allLines.slice(startIdx, startLine - 1).join("\n");
+          if (prepended.trim().length > 0) {
+            content = `// Context Overlap:
+${prepended}
+// End Overlap
+${content}`;
+          }
+        }
         const kind = getChunkKind(node);
         const symbolPath = parent ? `${parent}.${name}` : name;
         const hash = getHash(content);
@@ -224913,6 +224959,7 @@ var require_dist5 = __commonJS({
       ArchitectureSeverity: () => ArchitectureSeverity,
       AutonomousAgent: () => AutonomousAgent2,
       BaseAgent: () => BaseAgent,
+      CombinedReviewOutputSchema: () => CombinedReviewOutputSchema,
       FileEditTool: () => FileEditTool2,
       FileReadTool: () => FileReadTool4,
       FileWriteTool: () => FileWriteTool2,
@@ -224939,11 +224986,11 @@ var require_dist5 = __commonJS({
     module2.exports = __toCommonJS(index_exports);
     var import_git4 = require_dist();
     var import_retrieval5 = require_dist4();
-    var import_shared8 = require_dist3();
+    var import_shared9 = require_dist3();
     var path42 = __toESM2(require("path"));
     var fs4 = __toESM2(require("fs"));
     var import_db3 = require_dist2();
-    var import_genai3 = require("@google/genai");
+    var import_genai4 = require("@google/genai");
     var import_retrieval3 = require_dist4();
     var import_genai2 = require("@google/genai");
     var import_genai = require("@google/genai");
@@ -224952,6 +224999,7 @@ var require_dist5 = __commonJS({
     var import_db4 = require_dist2();
     var crypto2 = __toESM2(require("crypto"));
     var LLMCacheManager2 = class {
+      static sessionCache = /* @__PURE__ */ new Map();
       /**
        * Generates a deterministic SHA-256 cache key.
        */
@@ -224964,7 +225012,6 @@ var require_dist5 = __commonJS({
             model: params.model,
             promptHash,
             contextHash,
-            commitHash: params.commitHash || null,
             temperature: params.temperature || 0
           })
         ).digest("hex");
@@ -224975,11 +225022,15 @@ var require_dist5 = __commonJS({
        * Updates lastAccessedAt and hitCount on cache hit.
        */
       static async getCache(key) {
+        if (this.sessionCache.has(key)) {
+          return this.sessionCache.get(key) || null;
+        }
         try {
           const entry = await import_db4.prisma.lLMCache.findUnique({
             where: { key }
           });
           if (!entry) return null;
+          this.sessionCache.set(key, Promise.resolve(entry.response));
           import_db4.prisma.lLMCache.update({
             where: { key },
             data: {
@@ -225013,6 +225064,7 @@ var require_dist5 = __commonJS({
               lastAccessedAt: /* @__PURE__ */ new Date()
             }
           });
+          this.sessionCache.set(data.key, Promise.resolve(data.response));
           this.cleanupOldCache().catch(() => {
           });
         } catch (err) {
@@ -225023,6 +225075,7 @@ var require_dist5 = __commonJS({
        * Clears all entries from the cache.
        */
       static async clearCache() {
+        this.sessionCache.clear();
         await import_db4.prisma.lLMCache.deleteMany();
       }
       /**
@@ -225105,21 +225158,24 @@ var require_dist5 = __commonJS({
       }
     };
     var DEFAULT_MODEL_PRIORITY = [
+      // Gemini
+      "gemini-2.5-flash",
+      "gemini-3.1-flash-lite",
+      "gemini-2.5-flash-lite",
+      // Groq
+      "llama-3.3-70b-versatile",
+      "llama-3.1-8b-instant",
+      "allam-2-7b",
+      // OpenRouter
       "nvidia/nemotron-3-ultra-550b-a55b:free",
       "nex-agi/nex-n2-pro:free",
       "openrouter/owl-alpha",
       "nvidia/nemotron-3-super-120b-a12b:free",
       "openai/gpt-oss-20b:free",
       "openai/gpt-oss-120b:free",
-      "gemini-2.5-flash",
       "openai/gpt-oss-120b",
-      "llama-3.3-70b-versatile",
       "qwen/qwen3.6-27b",
-      "qwen/qwen3-32b",
-      "gemini-3.1-flash-lite",
-      "gemini-2.5-flash-lite",
-      "llama-3.1-8b-instant",
-      "allam-2-7b"
+      "qwen/qwen3-32b"
     ];
     var getApiKeys = (prefix) => {
       const keys = [];
@@ -225483,20 +225539,42 @@ OBSERVATIONS (${toolCalls.length} results):${toolResultsPrompts}`;
       extractToolCalls(response) {
         const cleanResponse = response.replace(/<think>[\s\S]*?<\/think>/g, "").replace(/<state_update>[\s\S]*?<\/state_update>/ig, "").trim();
         const calls = [];
-        const xmlRegex = /<([a-zA-Z0-9_]+_)?tool_call>\s*([a-zA-Z0-9_]+)[\s\S]*?<\/\1tool_call>/g;
+        const xmlRegex = /<([a-zA-Z0-9_]+_)?tool_call>([\s\S]*?)<\/\1tool_call>/g;
         let xmlMatch;
         while ((xmlMatch = xmlRegex.exec(cleanResponse)) !== null) {
           const prefix = xmlMatch[1] || "";
-          const name = (xmlMatch[2] || "").trim();
+          const blockContent = xmlMatch[2] || "";
+          let name = "";
+          const nameMatch = blockContent.match(/^\s*([a-zA-Z0-9_]+)/);
+          const tagMatch = blockContent.match(/<([a-zA-Z0-9_]*_)?(tool_)?name>\s*([a-zA-Z0-9_]+)\s*<\/\1\2name>/);
+          if (tagMatch && tagMatch[3]) {
+            name = tagMatch[3].trim();
+          } else if (nameMatch && nameMatch[1]) {
+            name = nameMatch[1].trim();
+          }
           const args = {};
           const argRegex = new RegExp(`<(${prefix})?arg_key>\\s*([^<]+)\\s*<\\/\\1?arg_key>\\s*<(${prefix})?arg_value>\\s*([\\s\\S]*?)\\s*<\\/\\3?arg_value>`, "g");
           let match;
-          while ((match = argRegex.exec(xmlMatch[0])) !== null) {
+          while ((match = argRegex.exec(blockContent)) !== null) {
             if (match[2] && match[4]) {
               args[match[2].trim()] = match[4].trim();
             }
           }
-          calls.push({ name, args, isXml: true, prefix });
+          if (Object.keys(args).length === 0 || name === "write_file" && (!args.path || !args.content) || name === "replace_in_file" && (!args.path || !args.target && !args.replacement)) {
+            const directTagRegex = /<([a-zA-Z0-9_]+)>\s*([\s\S]*?)\s*<\/\1>/g;
+            let directMatch;
+            while ((directMatch = directTagRegex.exec(blockContent)) !== null) {
+              if (directMatch[1] && directMatch[2]) {
+                const key = directMatch[1].trim();
+                if (key !== "tool_call" && key !== "tool_name" && key !== "name" && key !== "arg_key" && key !== "arg_value") {
+                  args[key] = directMatch[2].trim();
+                }
+              }
+            }
+          }
+          if (name) {
+            calls.push({ name, args, isXml: true, prefix });
+          }
         }
         if (calls.length > 0) return calls;
         const jsonBlockMatch = cleanResponse.match(/```(?:json)?\s*\n?([\s\S]*?)\n?\s*```/);
@@ -225653,6 +225731,14 @@ OBSERVATIONS (${toolCalls.length} results):${toolResultsPrompts}`;
       summary: import_zod.z.string().describe("1-2 sentence overall architecture assessment"),
       consistencyScore: import_zod.z.enum(["excellent", "good", "fair", "poor"])
     });
+    var CombinedReviewOutputSchema = import_zod.z.object({
+      securityFindings: import_zod.z.array(SecurityFindingSchema),
+      securitySummary: import_zod.z.string().describe("1-2 sentence overall security assessment"),
+      securityRiskLevel: import_zod.z.enum(["safe", "low_risk", "medium_risk", "high_risk", "critical_risk"]),
+      architectureFindings: import_zod.z.array(ArchitectureFindingSchema),
+      architectureSummary: import_zod.z.string().describe("1-2 sentence overall architecture assessment"),
+      architectureConsistencyScore: import_zod.z.enum(["excellent", "good", "fair", "poor"])
+    });
     var ReviewVerdictSchema = import_zod.z.enum(["SAFE_TO_MERGE", "REQUIRES_CHANGES", "NEEDS_DISCUSSION"]);
     var SynthesisOutputSchema = import_zod.z.object({
       verdict: ReviewVerdictSchema,
@@ -225662,128 +225748,9 @@ OBSERVATIONS (${toolCalls.length} results):${toolResultsPrompts}`;
       markdownReport: import_zod.z.string().describe("Full beautifully formatted markdown review report")
     });
     var import_shared2 = require_dist3();
-    var SecurityAgent = class extends BaseAgent {
-      name = "SecurityAgent";
-      systemPrompt = import_shared2.Prompts.securitySystemPrompt;
-      buildPrompt(input) {
-        let prompt = `## PR Diff to Review
-\`\`\`diff
-${input.diff}
-\`\`\`
-`;
-        if (input.contextChunks.length > 0) {
-          prompt += `
-## Existing Codebase Context
-Use this to understand what security patterns the codebase already uses:
-`;
-          input.contextChunks.forEach((chunk, i) => {
-            prompt += `
-### Context ${i + 1}: ${chunk.file} \u2192 ${chunk.symbolPath}
-\`\`\`${chunk.kind}
-${chunk.content}
-\`\`\`
-`;
-          });
-        }
-        if (input.memories && input.memories.length > 0) {
-          prompt += `
-## Historical Security Context
-These are relevant findings from past reviews:
-`;
-          input.memories.forEach((mem, i) => {
-            prompt += `- Memory ${i + 1}: ${mem}
-`;
-          });
-        }
-        return prompt;
-      }
-      parseOutput(rawResponse) {
-        const parsed = this.extractJSON(rawResponse);
-        if (parsed) {
-          const validated = SecurityOutputSchema.safeParse(parsed);
-          if (validated.success) {
-            return {
-              agentName: this.name,
-              findings: validated.data.findings,
-              summary: validated.data.summary,
-              riskLevel: validated.data.riskLevel
-            };
-          }
-        }
-        return {
-          agentName: this.name,
-          findings: [],
-          summary: rawResponse.slice(0, 500),
-          riskLevel: "low_risk"
-        };
-      }
-    };
-    var import_shared3 = require_dist3();
-    var ArchitectureAgent = class extends BaseAgent {
-      name = "ArchitectureAgent";
-      systemPrompt = import_shared3.Prompts.architectureSystemPrompt;
-      buildPrompt(input) {
-        let prompt = `## PR Diff to Review
-\`\`\`diff
-${input.diff}
-\`\`\`
-`;
-        if (input.contextChunks.length > 0) {
-          prompt += `
-## Existing Codebase Architecture (Retrieved Context)
-These are the most relevant code chunks from the existing codebase. Compare the PR diff against these patterns:
-`;
-          input.contextChunks.forEach((chunk, i) => {
-            prompt += `
-### Context ${i + 1}: ${chunk.file} \u2192 ${chunk.symbolPath} (${chunk.kind})
-\`\`\`
-${chunk.content}
-\`\`\`
-`;
-          });
-        } else {
-          prompt += `
-## Note
-No existing codebase context was retrieved. Evaluate the PR diff on its own merits, focusing on internal consistency and general best practices.
-`;
-        }
-        if (input.memories && input.memories.length > 0) {
-          prompt += `
-## Historical Architecture Context
-These are relevant findings from past reviews:
-`;
-          input.memories.forEach((mem, i) => {
-            prompt += `- Memory ${i + 1}: ${mem}
-`;
-          });
-        }
-        return prompt;
-      }
-      parseOutput(rawResponse) {
-        const parsed = this.extractJSON(rawResponse);
-        if (parsed) {
-          const validated = ArchitectureOutputSchema.safeParse(parsed);
-          if (validated.success) {
-            return {
-              agentName: this.name,
-              findings: validated.data.findings,
-              summary: validated.data.summary,
-              consistencyScore: validated.data.consistencyScore
-            };
-          }
-        }
-        return {
-          agentName: this.name,
-          findings: [],
-          summary: rawResponse.slice(0, 500),
-          consistencyScore: "good"
-        };
-      }
-    };
-    var import_shared4 = require_dist3();
     var SynthesizerAgent = class extends BaseAgent {
       name = "SynthesizerAgent";
-      systemPrompt = import_shared4.Prompts.synthesizerSystemPrompt;
+      systemPrompt = import_shared2.Prompts.synthesizerSystemPrompt;
       buildPrompt(input) {
         const securityOutput = input.previousOutputs?.security;
         const architectureOutput = input.previousOutputs?.architecture;
@@ -225888,57 +225855,127 @@ ${JSON.stringify(parsed, null, 2)}
         };
       }
     };
+    async function generateStructured(client, prompt, schema, options) {
+      const maxRetries = options?.maxValidationRetries ?? 3;
+      let currentPrompt = prompt;
+      for (let attempt = 1; attempt <= maxRetries; attempt++) {
+        const responseText = await generateWithRetry(client, currentPrompt, options);
+        try {
+          let cleanText = responseText.trim();
+          if (cleanText.startsWith("```json")) {
+            cleanText = cleanText.replace(/^```json/, "").replace(/```$/, "").trim();
+          } else if (cleanText.startsWith("```")) {
+            cleanText = cleanText.replace(/^```/, "").replace(/```$/, "").trim();
+          }
+          const parsedJson = JSON.parse(cleanText);
+          const result = schema.safeParse(parsedJson);
+          if (result.success) {
+            return result.data;
+          }
+          const errorMsg = result.error.errors.map((e) => `${e.path.join(".")}: ${e.message}`).join("\n");
+          if (process.env.DEBUG) {
+            console.warn(`[Structured LLM] Validation failed (Attempt ${attempt}/${maxRetries}):
+${errorMsg}`);
+          }
+          if (attempt === maxRetries) {
+            throw new Error(`Failed to generate valid structured output after ${maxRetries} attempts. Last error: ${errorMsg}`);
+          }
+          currentPrompt += `
+
+Your previous JSON response was invalid. Please fix the following errors and try again:
+${errorMsg}
+Make sure to output ONLY valid JSON matching the exact schema requested.`;
+        } catch (e) {
+          if (process.env.DEBUG) {
+            console.warn(`[Structured LLM] JSON Parsing failed (Attempt ${attempt}/${maxRetries}):
+${e.message}`);
+          }
+          if (attempt === maxRetries) {
+            throw new Error(`Failed to parse JSON after ${maxRetries} attempts. Last response: ${responseText.slice(0, 200)}...`);
+          }
+          currentPrompt += `
+
+Your previous response was not valid JSON. Error: ${e.message}
+Please output ONLY valid JSON.`;
+        }
+      }
+      throw new Error("Unreachable");
+    }
+    var import_genai3 = require("@google/genai");
+    var import_shared3 = require_dist3();
     var ReviewOrchestrator = class {
-      securityAgent;
-      architectureAgent;
       synthesizerAgent;
+      client;
       constructor(apiKey) {
-        this.securityAgent = new SecurityAgent(apiKey);
-        this.architectureAgent = new ArchitectureAgent(apiKey);
+        const key = apiKey || process.env.GEMINI_API_KEY;
+        if (!key) {
+          throw new Error("GEMINI_API_KEY is not set.");
+        }
+        this.client = new import_genai3.GoogleGenAI({ apiKey: key });
         this.synthesizerAgent = new SynthesizerAgent(apiKey);
       }
       /**
        * Register tools across all agents that support self-verification.
        */
       registerTools(tools) {
-        this.securityAgent.registerTools(tools);
-        this.architectureAgent.registerTools(tools);
+        this.synthesizerAgent.registerTools(tools);
       }
       /**
        * Runs the full multi-agent review pipeline.
-       *
-       * @param diff - The raw PR diff text
-       * @param contextChunks - Relevant codebase chunks from hybrid retrieval
-       * @param memories - Optional relevant memories from past reviews
-       * @returns Comprehensive OrchestratedReview with all agent outputs
        */
       async runReview(diff, contextChunks, memories) {
         const startTime = Date.now();
-        const baseInput = {
-          diff,
-          contextChunks,
-          memories
-        };
-        if (process.env.DEBUG) console.log("\nRunning Security and Architecture agents in parallel...");
-        const [securityResult, architectureResult] = await Promise.all([
-          this.runAgentSafe(
-            "SecurityAgent",
-            () => this.securityAgent.run(baseInput)
-          ),
-          this.runAgentSafe(
-            "ArchitectureAgent",
-            () => this.architectureAgent.run(baseInput)
-          )
-        ]);
+        if (process.env.DEBUG) console.log("\nRunning Batched Security + Architecture Review...");
+        let combinedPrompt = `## PR Diff to Review
+\`\`\`diff
+${diff}
+\`\`\`
+`;
+        if (contextChunks.length > 0) {
+          combinedPrompt += `
+## Existing Codebase Context
+Use this to understand what patterns the codebase already uses:
+`;
+          contextChunks.forEach((chunk, i) => {
+            combinedPrompt += `
+### Context ${i + 1}: ${chunk.file} \u2192 ${chunk.symbolPath}
+\`\`\`${chunk.kind}
+${chunk.content}
+\`\`\`
+`;
+          });
+        }
+        if (memories && memories.length > 0) {
+          combinedPrompt += `
+## Historical Context
+These are relevant findings from past reviews:
+`;
+          memories.forEach((mem, i) => {
+            combinedPrompt += `- Memory ${i + 1}: ${mem}
+`;
+          });
+        }
+        combinedPrompt = import_shared3.Prompts.combinedReviewSystemPrompt + "\n\n" + combinedPrompt;
+        let combinedResult = null;
+        try {
+          combinedResult = await generateStructured(
+            this.client,
+            combinedPrompt,
+            CombinedReviewOutputSchema,
+            { label: "ReviewOrchestrator (Batched)", maxValidationRetries: 3 }
+          );
+        } catch (err) {
+          console.error("\nBatched Review failed:", err);
+        }
         const securityOutput = {
-          findings: securityResult.findings ?? [],
-          summary: securityResult.summary,
-          riskLevel: securityResult.riskLevel ?? "low_risk"
+          findings: combinedResult?.securityFindings ?? [],
+          summary: combinedResult?.securitySummary ?? "Security analysis encountered an error.",
+          riskLevel: combinedResult?.securityRiskLevel ?? "low_risk"
         };
         const architectureOutput = {
-          findings: architectureResult.findings ?? [],
-          summary: architectureResult.summary,
-          consistencyScore: architectureResult.consistencyScore ?? "good"
+          findings: combinedResult?.architectureFindings ?? [],
+          summary: combinedResult?.architectureSummary ?? "Architecture analysis encountered an error.",
+          consistencyScore: combinedResult?.architectureConsistencyScore ?? "good"
         };
         if (process.env.DEBUG) {
           console.log(`  Security: ${securityOutput.riskLevel} (${securityOutput.findings.length} findings)`);
@@ -226002,7 +226039,7 @@ ${agentName} failed:`, err);
     };
     var import_child_process2 = require("child_process");
     var crypto22 = __toESM2(require("crypto"));
-    var import_shared5 = require_dist3();
+    var import_shared4 = require_dist3();
     var IntelligenceAgent5 = class {
       client;
       embedder;
@@ -226013,7 +226050,7 @@ ${agentName} failed:`, err);
         if (!key) {
           throw new Error("GEMINI_API_KEY is not set.");
         }
-        this.client = new import_genai3.GoogleGenAI({ apiKey: key });
+        this.client = new import_genai4.GoogleGenAI({ apiKey: key });
         this.embedder = new import_retrieval3.LocalEmbedder();
         this.store = new import_retrieval3.VectorStore();
         this.orchestrator = new ReviewOrchestrator(key);
@@ -226031,8 +226068,8 @@ ${agentName} failed:`, err);
       }
       getCurrentCommitHash() {
         try {
-          const hash = (0, import_child_process2.execSync)("git rev-parse HEAD").toString().trim();
-          const isDirty = (0, import_child_process2.execSync)("git status --porcelain").toString().trim().length > 0;
+          const hash = (0, import_child_process2.execSync)("git rev-parse HEAD", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim();
+          const isDirty = (0, import_child_process2.execSync)("git status --porcelain", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim().length > 0;
           return isDirty ? `${hash}-dirty` : hash;
         } catch {
           return "unknown";
@@ -226046,7 +226083,7 @@ ${agentName} failed:`, err);
        * Extracts search queries (keywords, function names, classes) from a PR diff.
        */
       async extractSearchQueriesFromDiff(diff) {
-        const prompt = import_shared5.Prompts.extractSearchQueries(diff);
+        const prompt = import_shared4.Prompts.extractSearchQueries(diff);
         try {
           let result = await this.callLLM(prompt, { bypassCache: true });
           if (result.startsWith("```")) {
@@ -226062,6 +226099,29 @@ ${agentName} failed:`, err);
           return [];
         }
       }
+      /**
+       * Expands a single query into 3-5 variants for better retrieval recall.
+       */
+      async expandQuery(query) {
+        const prompt = `You are a search query expansion assistant. 
+Given the user query, generate 3-5 distinct, highly relevant search queries that capture different keywords or ways to express the intent.
+Return ONLY a valid JSON array of strings.
+Query: "${query}"`;
+        try {
+          let result = await this.callLLM(prompt, { bypassCache: false });
+          if (result.startsWith("```")) {
+            result = result.replace(/^\`\`\`[a-z]*\n/, "").replace(/\n\`\`\`$/, "");
+          }
+          const queries = JSON.parse(result);
+          if (Array.isArray(queries)) {
+            return Array.from(/* @__PURE__ */ new Set([query, ...queries])).slice(0, 5);
+          }
+          return [query];
+        } catch (err) {
+          console.warn("Failed to expand query:", err);
+          return [query];
+        }
+      }
       /**
        * Generates a context-aware RAG code review for a given PR diff.
        */
@@ -226071,7 +226131,7 @@ ${agentName} failed:`, err);
 Code:
 ${c.content}`;
         }).join("\n\n---\n\n");
-        const prompt = import_shared5.Prompts.ragReview(diff, contextStr);
+        const prompt = import_shared4.Prompts.ragReview(diff, contextStr);
         const result = await this.callLLM(prompt, {
           commitHash: this.getCurrentCommitHash(),
           retrievalContextHash: this.computeChunksHash(chunks)
@@ -226082,7 +226142,7 @@ ${c.content}`;
         const contextStr = relevantContext.map((c, i) => `--- Chunk ${i + 1} (${c.file} - ${c.symbolPath || "anonymous"}) ---
 ${c.content}`).join("\n\n");
         const commentsStr = comments.map((c, i) => `Comment ${i + 1} (@${c.user?.login}): ${c.body}`).join("\n");
-        const prompt = import_shared5.Prompts.issueAnalysis(issueTitle, issueBody, commentsStr, contextStr);
+        const prompt = import_shared4.Prompts.issueAnalysis(issueTitle, issueBody, commentsStr, contextStr);
         return this.callLLM(prompt, {
           commitHash: this.getCurrentCommitHash(),
           retrievalContextHash: this.computeChunksHash(relevantContext)
@@ -226094,7 +226154,7 @@ ${c.content}`).join("\n\n");
 Code:
 ${c.content}`;
         }).join("\n\n---\n\n");
-        const prompt = import_shared5.Prompts.answerQuery(query, contextStr);
+        const prompt = import_shared4.Prompts.answerQuery(query, contextStr);
         return await this.callLLM(prompt, {
           commitHash: this.getCurrentCommitHash(),
           retrievalContextHash: this.computeChunksHash(chunks)
@@ -226110,7 +226170,7 @@ ${c.content}`;
 Code:
 ${c.content}`;
         }).join("\n\n---\n\n");
-        const prompt = import_shared5.Prompts.executionPlan(task, contextStr);
+        const prompt = import_shared4.Prompts.executionPlan(task, contextStr);
         let result = await this.callLLM(prompt, {
           commitHash: this.getCurrentCommitHash(),
           retrievalContextHash: this.computeChunksHash(contextChunks)
@@ -226143,12 +226203,131 @@ ${c.content}`;
         return this.orchestrator.runReview(diff, contextChunks, memories);
       }
     };
+    var import_shared5 = require_dist3();
+    var SecurityAgent = class extends BaseAgent {
+      name = "SecurityAgent";
+      systemPrompt = import_shared5.Prompts.securitySystemPrompt;
+      buildPrompt(input) {
+        let prompt = `## PR Diff to Review
+\`\`\`diff
+${input.diff}
+\`\`\`
+`;
+        if (input.contextChunks.length > 0) {
+          prompt += `
+## Existing Codebase Context
+Use this to understand what security patterns the codebase already uses:
+`;
+          input.contextChunks.forEach((chunk, i) => {
+            prompt += `
+### Context ${i + 1}: ${chunk.file} \u2192 ${chunk.symbolPath}
+\`\`\`${chunk.kind}
+${chunk.content}
+\`\`\`
+`;
+          });
+        }
+        if (input.memories && input.memories.length > 0) {
+          prompt += `
+## Historical Security Context
+These are relevant findings from past reviews:
+`;
+          input.memories.forEach((mem, i) => {
+            prompt += `- Memory ${i + 1}: ${mem}
+`;
+          });
+        }
+        return prompt;
+      }
+      parseOutput(rawResponse) {
+        const parsed = this.extractJSON(rawResponse);
+        if (parsed) {
+          const validated = SecurityOutputSchema.safeParse(parsed);
+          if (validated.success) {
+            return {
+              agentName: this.name,
+              findings: validated.data.findings,
+              summary: validated.data.summary,
+              riskLevel: validated.data.riskLevel
+            };
+          }
+        }
+        return {
+          agentName: this.name,
+          findings: [],
+          summary: rawResponse.slice(0, 500),
+          riskLevel: "low_risk"
+        };
+      }
+    };
     var import_shared6 = require_dist3();
+    var ArchitectureAgent = class extends BaseAgent {
+      name = "ArchitectureAgent";
+      systemPrompt = import_shared6.Prompts.architectureSystemPrompt;
+      buildPrompt(input) {
+        let prompt = `## PR Diff to Review
+\`\`\`diff
+${input.diff}
+\`\`\`
+`;
+        if (input.contextChunks.length > 0) {
+          prompt += `
+## Existing Codebase Architecture (Retrieved Context)
+These are the most relevant code chunks from the existing codebase. Compare the PR diff against these patterns:
+`;
+          input.contextChunks.forEach((chunk, i) => {
+            prompt += `
+### Context ${i + 1}: ${chunk.file} \u2192 ${chunk.symbolPath} (${chunk.kind})
+\`\`\`
+${chunk.content}
+\`\`\`
+`;
+          });
+        } else {
+          prompt += `
+## Note
+No existing codebase context was retrieved. Evaluate the PR diff on its own merits, focusing on internal consistency and general best practices.
+`;
+        }
+        if (input.memories && input.memories.length > 0) {
+          prompt += `
+## Historical Architecture Context
+These are relevant findings from past reviews:
+`;
+          input.memories.forEach((mem, i) => {
+            prompt += `- Memory ${i + 1}: ${mem}
+`;
+          });
+        }
+        return prompt;
+      }
+      parseOutput(rawResponse) {
+        const parsed = this.extractJSON(rawResponse);
+        if (parsed) {
+          const validated = ArchitectureOutputSchema.safeParse(parsed);
+          if (validated.success) {
+            return {
+              agentName: this.name,
+              findings: validated.data.findings,
+              summary: validated.data.summary,
+              consistencyScore: validated.data.consistencyScore
+            };
+          }
+        }
+        return {
+          agentName: this.name,
+          findings: [],
+          summary: rawResponse.slice(0, 500),
+          consistencyScore: "good"
+        };
+      }
+    };
+    var import_shared7 = require_dist3();
     var AutonomousAgent2 = class extends BaseAgent {
       name = "Vortex";
       maxToolIterations = 30;
       // overridden by maxSteps if provided
-      systemPrompt = import_shared6.Prompts.autonomousSystemPrompt;
+      systemPrompt = import_shared7.Prompts.autonomousSystemPrompt;
       buildPrompt(input) {
         const { diff, contextChunks } = input;
         let prompt = `USER TASK:
@@ -226177,7 +226356,7 @@ ${chunk.content}
     };
     var import_db22 = require_dist2();
     var import_retrieval22 = require_dist4();
-    var import_shared7 = require_dist3();
+    var import_shared8 = require_dist3();
     var MemoryService3 = class {
       embedder;
       constructor() {
@@ -226206,7 +226385,7 @@ ${chunk.content}
         let embedding;
         try {
           const embeddings = await this.embedder.embedChunks([
-            (0, import_shared7.createQueryChunk)(memoryContent, "memory")
+            (0, import_shared8.createQueryChunk)(memoryContent, "memory")
           ]);
           if (embeddings[0]) {
             embedding = JSON.stringify(embeddings[0]);
@@ -226231,7 +226410,7 @@ ${chunk.content}
         let embedding;
         try {
           const embeddings = await this.embedder.embedChunks([
-            (0, import_shared7.createQueryChunk)(content, "memory")
+            (0, import_shared8.createQueryChunk)(content, "memory")
           ]);
           if (embeddings[0]) {
             embedding = JSON.stringify(embeddings[0]);
@@ -226253,7 +226432,7 @@ ${chunk.content}
         let queryEmbedding = null;
         try {
           const embeddings = await this.embedder.embedChunks([
-            (0, import_shared7.createQueryChunk)(query)
+            (0, import_shared8.createQueryChunk)(query)
           ]);
           queryEmbedding = embeddings[0] ?? null;
         } catch {
@@ -226273,7 +226452,7 @@ ${chunk.content}
             if (mem.embedding) {
               try {
                 const memEmbedding = JSON.parse(mem.embedding);
-                similarity = (0, import_shared7.cosineSimilarity)(queryEmbedding, memEmbedding);
+                similarity = (0, import_shared8.cosineSimilarity)(queryEmbedding, memEmbedding);
               } catch {
               }
             }
@@ -226793,33 +226972,50 @@ URL: ${r.url}
        * Builds both the vector store (for semantic search) and the BM25 index (for keyword search).
        */
       async indexRepository(cwd) {
-        if (!(0, import_git4.isGitRepo)(cwd)) {
-          throw new Error(`Directory ${cwd} is not a git repository.`);
+        let root = cwd;
+        if ((0, import_git4.isGitRepo)(cwd)) {
+          try {
+            root = (0, import_git4.getGitRoot)(cwd);
+          } catch {
+          }
         }
-        const root = (0, import_git4.getGitRoot)(cwd);
         await (0, import_db3.initDatabase)();
-        const files = (0, import_git4.listTrackedFiles)(root).filter((file) => {
-          const ext = path42.extname(file);
-          const supportedExts = [
-            ".ts",
-            ".tsx",
-            ".js",
-            ".jsx",
-            ".py",
-            ".go",
-            ".rs",
-            ".java",
-            ".cpp",
-            ".hpp",
-            ".c",
-            ".h",
-            ".rb",
-            ".php",
-            ".html",
-            ".css"
-          ];
-          return supportedExts.includes(ext) && !file.includes("node_modules");
-        });
+        let files = [];
+        if ((0, import_git4.isGitRepo)(cwd)) {
+          try {
+            const tracked = (0, import_git4.listTrackedFiles)(root).filter((file) => {
+              const ext = path42.extname(file);
+              const supportedExts = [
+                ".ts",
+                ".tsx",
+                ".js",
+                ".jsx",
+                ".py",
+                ".go",
+                ".rs",
+                ".java",
+                ".cpp",
+                ".hpp",
+                ".c",
+                ".h",
+                ".rb",
+                ".php",
+                ".html",
+                ".css"
+              ];
+              return supportedExts.includes(ext) && !file.includes("node_modules");
+            });
+            if (tracked.length > 0) {
+              files = tracked;
+            }
+          } catch (e) {
+          }
+        }
+        if (files.length === 0) {
+          for await (const file of (0, import_retrieval5.scanFiles)(root)) {
+            files.push(file);
+          }
+        }
         let totalChunks = 0;
         for (const file of files) {
           try {
@@ -226855,7 +227051,7 @@ URL: ${r.url}
         console.log(`Generating embedding for query: "${query}"...`);
         await (0, import_db3.initDatabase)();
         const queryEmbedding = await this.embedder.embedChunks([
-          (0, import_shared8.createQueryChunk)(query)
+          (0, import_shared9.createQueryChunk)(query)
         ]);
         if (queryEmbedding.length === 0) {
           return [];
@@ -227138,7 +227334,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "@vortex-ai/cli",
-      version: "0.1.45",
+      version: "0.1.50",
       description: "Vortex CLI - The main entry point",
       main: "./dist/index.js",
       bin: {
@@ -227255,17 +227451,25 @@ async function searchCommand(options) {
   const spinner = ora2(`Searching codebase for: "${options.query}"...`).start();
   const indexer = new import_engine2.Indexer();
   try {
-    spinner.text = "Running hybrid search (vector + BM25 + cross-encoder)...";
-    const results = await indexer.hybridSearch(options.query, parseInt(options.limit, 10));
-    if (results.length === 0) {
+    spinner.text = options.expandQuery ? "Expanding query and running parallel hybrid search..." : "Running hybrid search (vector + BM25 + cross-encoder)...";
+    let queriesToSearch = [options.query];
+    const agent = new import_engine2.IntelligenceAgent();
+    if (options.expandQuery) {
+      queriesToSearch = await agent.expandQuery(options.query);
+    }
+    const allResults = await Promise.all(
+      queriesToSearch.map((q) => indexer.hybridSearch(q, parseInt(options.limit, 10)))
+    );
+    const flatResults = allResults.flat();
+    const uniqueResults = Array.from(new Map(flatResults.map((c) => [c.id, c])).values()).sort((a, b) => b.score - a.score).slice(0, parseInt(options.limit, 10));
+    if (uniqueResults.length === 0) {
       spinner.fail("No relevant code found.");
       return;
     }
-    spinner.text = `Found ${results.length} relevant code chunks. Analyzing with AI engine...`;
+    spinner.text = `Found ${uniqueResults.length} relevant code chunks. Analyzing with AI engine...`;
     const memoryService = new import_engine2.MemoryService();
     const memories = await memoryService.recallRelevantMemories(options.query, 3);
-    const agent = new import_engine2.IntelligenceAgent();
-    const answer = await agent.answerQueryWithContext(options.query, results);
+    const answer = await agent.answerQueryWithContext(options.query, uniqueResults);
     spinner.succeed("Analysis complete!\n");
     const parsedAnswer = await marked.parse(answer);
     const formatted = boxen(parsedAnswer.trim(), {
@@ -227278,7 +227482,7 @@ async function searchCommand(options) {
     });
     console.log(formatted);
     console.log(chalk2.cyan.dim(" Reference Material (Hybrid Retrieval)"));
-    results.forEach((res, i) => {
+    uniqueResults.forEach((res, i) => {
       const sources = res.sources ? res.sources.join("+") : "vector";
       const scoreStr = res.score ? (res.score * 100).toFixed(1) + "%" : "N/A";
       console.log(chalk2.gray(`  \u2502 [${i + 1}] ${res.file.replace(process.cwd(), "")} \u2794 ${res.symbolPath || "(anonymous)"} (${scoreStr}) [${sources}]`));
@@ -227357,11 +227561,11 @@ async function reviewCommand(options) {
     const queries = await agent.extractSearchQueriesFromDiff(diff);
     const allChunks = [];
     if (queries.length > 0) {
-      spinner.text = `Hybrid searching for context...`;
-      for (const query of queries) {
-        const results = await indexer.hybridSearch(query, 3);
-        allChunks.push(...results);
-      }
+      spinner.text = `Hybrid searching for context (parallel)...`;
+      const allResults = await Promise.all(
+        queries.map((query) => indexer.hybridSearch(query, 3))
+      );
+      allChunks.push(...allResults.flat());
     }
     const uniqueChunks = Array.from(
       new Map(allChunks.map((c) => [c.id, c])).values()
@@ -227614,7 +227818,7 @@ Created new project folder: ${projectPath}`));
     if (!options.contextChunks || options.contextChunks.length === 0) {
       try {
         const indexer = new import_engine5.Indexer();
-        const relevantContext = await indexer.hybridSearch(prompt, 5);
+        const relevantContext = await indexer.hybridSearch(prompt, 15);
         options.contextChunks = relevantContext.map((c) => ({
           file: c.file,
           symbolPath: c.symbolPath || "anonymous",
@@ -227637,7 +227841,11 @@ Created new project folder: ${projectPath}`));
       const parsedPlan = JSON.parse(executionPlanStr);
       planSummary = parsedPlan.summary || planSummary;
       stepCount = parsedPlan.steps ? parsedPlan.steps.length : 0;
-      executionPlan = parsedPlan.steps ? parsedPlan.steps.map((s, i) => `${i + 1}. ${s}`).join("\n") : executionPlanStr;
+      executionPlan = parsedPlan.steps ? parsedPlan.steps.map((s, i) => {
+        if (typeof s === "string") return `${i + 1}. ${s}`;
+        return `${i + 1}. [${(s.action || "MODIFY").toUpperCase()}] ${s.file || "General"}
+   ${s.description}`;
+      }).join("\n\n") : executionPlanStr;
       filesToRead = parsedPlan.filesToRead || [];
     } catch {
       executionPlan = executionPlanStr;
@@ -227734,6 +227942,7 @@ Allow? (y/N) `;
       },
       {
         initialState,
+        verifyCommand: options.verify,
         onToolCall: (toolName, args) => {
           if (toolName === "write_file") {
             spinner.text = `Writing ${args.path}...`;
@@ -227869,7 +228078,8 @@ Please fix this issue in the codebase.`;
     await solveCommand(prompt, {
       autoApprove: options.autoApprove,
       maxSteps: options.maxSteps,
-      contextChunks
+      contextChunks,
+      verify: options.verify
     });
   } catch (err) {
     spinner.fail("Failed to setup solve-issue");
@@ -227886,9 +228096,9 @@ cacheCommand.command("stats").description("View LLM cache statistics").action(as
     const stats = await import_engine7.LLMCacheManager.getStats();
     console.log("\nLLM Cache Statistics\n");
     console.log(`Entries:    ${stats.entries.toLocaleString()}`);
-    console.log(`Hits:       ${stats.hits.toLocaleString()}`);
+    console.log(`Saved API Calls: ${stats.hits.toLocaleString()}`);
     const storageMB = (stats.storage / 1024 / 1024).toFixed(2);
-    console.log(`Storage:    ${storageMB} MB
+    console.log(`Storage Used:    ${storageMB} MB
 `);
   } catch (err) {
     console.error("Failed to retrieve cache stats:", err);
@@ -227953,12 +228163,12 @@ program.hook("preAction", async (thisCommand, actionCommand) => {
   }
 });
 program.command("init").description("Initialize repository intelligence, embeddings, and PR history").option("--reindex", "Rebuild repository embeddings while preserving historical PR intelligence").action(initCommand);
-program.command("search").description("Search the indexed codebase semantically and get an AI explanation").requiredOption("-q, --query <text>", "Search query").option("-l, --limit <number>", "Number of results to consider", "5").option("--no-cache", "Disable LLM response caching").action(searchCommand);
+program.command("search").description("Search the indexed codebase semantically and get an AI explanation").requiredOption("-q, --query <text>", "Search query").option("-l, --limit <number>", "Number of results to consider", "5").option("--expand-query", "Expand the search query using the LLM for better recall").option("--no-cache", "Disable LLM response caching").action(searchCommand);
 program.command("review").description("Review your changes using repository intelligence and historical PR patterns").option("--pr <number>", "Pull request number", Number).option("--deep", "Enable deep review analysis").option("--no-cache", "Disable LLM response caching").action(reviewCommand);
 program.command("issue").description("Analyze a GitHub issue, locate relevant codebase files, and propose a fix").requiredOption("--id <number>", "Issue number", Number).option("--no-cache", "Disable LLM response caching").action(issueCommand);
 program.command("graph").description("Generate a Mermaid JS dependency graph of the project or a specific file").option("--file <path>", "Filter graph to only include dependencies for a specific file").option("--detailed", "Include individual functions and classes in the graph instead of just files").action(graphCommand);
-program.command("solve").description("Autonomously solve a task by writing code and executing commands").argument("<prompt>", "The task you want the autonomous agent to solve").option("--auto-approve", "Skip interactive prompts for file writes and shell commands").option("--max-steps <number>", "Maximum number of agent loop iterations", Number, 30).option("--new-project <folder>", "Create a new project folder and initialize git before solving").action((prompt, options) => solveCommand(prompt, options));
-program.command("solve-issue").description("Autonomously solve a GitHub issue using local RAG context").requiredOption("--id <number>", "Issue number", Number).option("--auto-approve", "Skip interactive prompts for file writes and shell commands").option("--max-steps <number>", "Maximum number of agent loop iterations", Number, 30).action(solveIssueCommand);
+program.command("solve").description("Autonomously solve a task by writing code and executing commands").argument("<prompt>", "The task you want the autonomous agent to solve").option("--auto-approve", "Skip interactive prompts for file writes and shell commands").option("--max-steps <number>", "Maximum number of agent loop iterations", Number, 30).option("--new-project <folder>", "Create a new project folder and initialize git before solving").option("--verify [command]", "Run a verification command after completion (e.g., 'npm run check-types'). Agent will self-correct on failure.").action((prompt, options) => solveCommand(prompt, options));
+program.command("solve-issue").description("Autonomously solve a GitHub issue using local RAG context").requiredOption("--id <number>", "Issue number", Number).option("--auto-approve", "Skip interactive prompts for file writes and shell commands").option("--max-steps <number>", "Maximum number of agent loop iterations", Number, 30).option("--verify [command]", "Run a verification command after completion. Agent will self-correct on failure.").action(solveIssueCommand);
 program.addCommand(cacheCommand);
 program.parse();
 /*! Bundled license information: