agent-security-scanner-mcp 3.20.0 → 4.0.0

package/code-review-agent/dist/src/llm/openai.js

@@ -0,0 +1,78 @@
+import OpenAI from 'openai';
+import { encoding_for_model } from 'tiktoken';
+import { SchemaValidationError } from './provider.js';
+import { zodToOpenAIResponseFormat } from './schemas.js';
+const MAX_RETRIES = 3;
+export class OpenAIProvider {
+    client;
+    encoder = null;
+    modelId;
+    providerName = 'openai';
+    constructor(apiKey, model) {
+        this.client = new OpenAI({ apiKey });
+        this.modelId = model ?? 'gpt-4o';
+    }
+    async chat(messages) {
+        const response = await this.client.chat.completions.create({
+            model: this.modelId,
+            messages: messages.map((m) => ({ role: m.role, content: m.content })),
+            max_tokens: 4096,
+        });
+        return response.choices[0]?.message?.content ?? '';
+    }
+    async chatStructured(messages, schema, schemaName) {
+        const responseFormat = zodToOpenAIResponseFormat(schema, schemaName);
+        let lastError = null;
+        const conversationMessages = messages.map((m) => ({
+            role: m.role,
+            content: m.content,
+        }));
+        for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
+            const response = await this.client.chat.completions.create({
+                model: this.modelId,
+                messages: conversationMessages,
+                max_tokens: 8192,
+                response_format: responseFormat,
+            });
+            const content = response.choices[0]?.message?.content;
+            if (!content) {
+                lastError = new Error('Empty response from OpenAI');
+                continue;
+            }
+            let parsed;
+            try {
+                parsed = JSON.parse(content);
+            }
+            catch (e) {
+                lastError = e instanceof Error ? e : new Error(String(e));
+                continue;
+            }
+            const result = schema.safeParse(parsed);
+            if (result.success) {
+                return result.data;
+            }
+            lastError = new Error(result.error.message);
+            conversationMessages.push({
+                role: 'assistant',
+                content,
+            });
+            conversationMessages.push({
+                role: 'user',
+                content: `Schema validation error: ${result.error.message}. Please fix and respond again.`,
+            });
+        }
+        throw new SchemaValidationError(MAX_RETRIES, lastError);
+    }
+    countTokens(text) {
+        try {
+            if (!this.encoder) {
+                this.encoder = encoding_for_model(this.modelId);
+            }
+            return this.encoder.encode(text).length;
+        }
+        catch {
+            return Math.ceil(text.length / 4);
+        }
+    }
+}
+//# sourceMappingURL=openai.js.map

package/code-review-agent/dist/src/llm/openai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.js","sourceRoot":"","sources":["../../../src/llm/openai.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAiB,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAE7D,OAAO,EAAsC,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAC;AAEzD,MAAM,WAAW,GAAG,CAAC,CAAC;AAEtB,MAAM,OAAO,cAAc;IACjB,MAAM,CAAS;IACf,OAAO,GAAoB,IAAI,CAAC;IAC/B,OAAO,CAAS;IAChB,YAAY,GAAG,QAAQ,CAAC;IAEjC,YAAY,MAAc,EAAE,KAAc;QACxC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO,GAAG,KAAK,IAAI,QAAQ,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,QAAuB;QAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;YACzD,KAAK,EAAE,IAAI,CAAC,OAAO;YACnB,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACrE,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,QAAuB,EACvB,MAAoB,EACpB,UAAkB;QAElB,MAAM,cAAc,GAAG,yBAAyB,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QAErE,IAAI,SAAS,GAAiB,IAAI,CAAC;QACnC,MAAM,oBAAoB,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChD,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB,CAAC,CAAC,CAAC;QAEJ,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBACzD,KAAK,EAAE,IAAI,CAAC,OAAO;gBACnB,QAAQ,EAAE,oBAAoB;gBAC9B,UAAU,EAAE,IAAI;gBAChB,eAAe,EAAE,cAAc;aAChC,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC;YACtD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,SAAS,GAAG,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBACpD,SAAS;YACX,CAAC;YAED,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,SAAS,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1D,SAAS;YACX,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;YAED,SAAS,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE5C,oBAAoB,CAAC,IAAI,CAAC;gBACxB,IAAI,EAAE,WAAoB;gBAC1B,OAAO;aACR,CAAC,CAAC;YACH,oBAAoB,CAAC,IAAI,CAAC;gBACxB,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE,4BAA4B,MAAM,CAAC,KAAK,CAAC,OAAO,iCAAiC;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,MAAM,IAAI,qBAAqB,CAAC,WAAW,EAAE,SAAU,CAAC,CAAC;IAC3D,CAAC;IAED,WAAW,CAAC,IAAY;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,CAAC,OAAO,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAmD,CAAC,CAAC;YAC9F,CAAC;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;CACF"}

package/code-review-agent/dist/src/llm/provider.d.ts

@@ -0,0 +1,18 @@
+import type { z } from 'zod';
+export interface ChatMessage {
+    role: 'system' | 'user' | 'assistant';
+    content: string;
+}
+export interface LLMProvider {
+    readonly modelId: string;
+    readonly providerName: string;
+    chat(messages: ChatMessage[]): Promise<string>;
+    chatStructured<T>(messages: ChatMessage[], schema: z.ZodType<T>, schemaName: string): Promise<T>;
+    countTokens(text: string): number;
+}
+export declare class SchemaValidationError extends Error {
+    readonly attempts: number;
+    readonly lastError: Error;
+    constructor(attempts: number, lastError: Error);
+}
+//# sourceMappingURL=provider.d.ts.map

package/code-review-agent/dist/src/llm/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/llm/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAE7B,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,WAAW,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE/C,cAAc,CAAC,CAAC,EACd,QAAQ,EAAE,WAAW,EAAE,EACvB,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,CAAC,CAAC,CAAC;IAEd,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;CACnC;AAED,qBAAa,qBAAsB,SAAQ,KAAK;aAE5B,QAAQ,EAAE,MAAM;aAChB,SAAS,EAAE,KAAK;gBADhB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,KAAK;CAOnC"}

package/code-review-agent/dist/src/llm/provider.js

@@ -0,0 +1,11 @@
+export class SchemaValidationError extends Error {
+    attempts;
+    lastError;
+    constructor(attempts, lastError) {
+        super(`Schema validation failed after ${attempts} attempts: ${lastError.message}`);
+        this.attempts = attempts;
+        this.lastError = lastError;
+        this.name = 'SchemaValidationError';
+    }
+}
+//# sourceMappingURL=provider.js.map

package/code-review-agent/dist/src/llm/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../../../src/llm/provider.ts"],"names":[],"mappings":"AAsBA,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAE5B;IACA;IAFlB,YACkB,QAAgB,EAChB,SAAgB;QAEhC,KAAK,CACH,kCAAkC,QAAQ,cAAc,SAAS,CAAC,OAAO,EAAE,CAC5E,CAAC;QALc,aAAQ,GAAR,QAAQ,CAAQ;QAChB,cAAS,GAAT,SAAS,CAAO;QAKhC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF"}

package/code-review-agent/dist/src/llm/router.d.ts

@@ -0,0 +1,14 @@
+import type { AnalysisOptions } from '../types/config.js';
+import type { LLMProvider } from './provider.js';
+export declare class ModelRouter {
+    private triageProvider;
+    private analysisProvider;
+    private options;
+    constructor(options: AnalysisOptions);
+    getTriageProvider(): LLMProvider;
+    getAnalysisProvider(): LLMProvider;
+    estimateCost(tokens: number, model?: string): number;
+    private createProvider;
+    private getApiKey;
+}
+//# sourceMappingURL=router.d.ts.map

package/code-review-agent/dist/src/llm/router.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../../src/llm/router.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAI1D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAsBjD,qBAAa,WAAW;IACtB,OAAO,CAAC,cAAc,CAA4B;IAClD,OAAO,CAAC,gBAAgB,CAA4B;IACpD,OAAO,CAAC,OAAO,CAAkB;gBAErB,OAAO,EAAE,eAAe;IAIpC,iBAAiB,IAAI,WAAW;IAShC,mBAAmB,IAAI,WAAW;IASlC,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM;IAOpD,OAAO,CAAC,cAAc;IActB,OAAO,CAAC,SAAS;CAWlB"}

package/code-review-agent/dist/src/llm/router.js

@@ -0,0 +1,67 @@
+import { AnthropicProvider } from './anthropic.js';
+import { ClaudeCliProvider } from './claude-cli.js';
+import { OpenAIProvider } from './openai.js';
+const TRIAGE_MODELS = {
+    anthropic: 'claude-haiku-4-5-20251001',
+    openai: 'gpt-4o-mini',
+    'claude-cli': 'haiku',
+};
+const ANALYSIS_MODELS = {
+    anthropic: 'claude-sonnet-4-20250514',
+    openai: 'gpt-4o',
+    'claude-cli': 'sonnet',
+};
+// Approximate USD per million tokens (input + output averaged)
+const COST_PER_MILLION = {
+    'claude-sonnet-4-20250514': 9,
+    'claude-haiku-4-5-20251001': 1.25,
+    'gpt-4o': 7.5,
+    'gpt-4o-mini': 0.3,
+};
+export class ModelRouter {
+    triageProvider = null;
+    analysisProvider = null;
+    options;
+    constructor(options) {
+        this.options = options;
+    }
+    getTriageProvider() {
+        if (!this.triageProvider) {
+            const model = this.options.triageModel ?? TRIAGE_MODELS[this.options.provider];
+            this.triageProvider = this.createProvider(model);
+        }
+        return this.triageProvider;
+    }
+    getAnalysisProvider() {
+        if (!this.analysisProvider) {
+            const model = this.options.model ?? ANALYSIS_MODELS[this.options.provider];
+            this.analysisProvider = this.createProvider(model);
+        }
+        return this.analysisProvider;
+    }
+    estimateCost(tokens, model) {
+        const modelId = model ?? this.options.model ?? ANALYSIS_MODELS[this.options.provider];
+        const rate = COST_PER_MILLION[modelId] ?? 5;
+        return (tokens / 1_000_000) * rate;
+    }
+    createProvider(model) {
+        const provider = this.options.provider;
+        if (provider === 'claude-cli') {
+            return new ClaudeCliProvider(model);
+        }
+        const apiKey = this.getApiKey(provider);
+        if (provider === 'anthropic') {
+            return new AnthropicProvider(apiKey, model);
+        }
+        return new OpenAIProvider(apiKey, model);
+    }
+    getApiKey(provider) {
+        const envVar = provider === 'anthropic' ? 'ANTHROPIC_API_KEY' : 'OPENAI_API_KEY';
+        const key = process.env[envVar];
+        if (!key) {
+            throw new Error(`Missing API key. Set ${envVar} environment variable or pass it in options.`);
+        }
+        return key;
+    }
+}
+//# sourceMappingURL=router.js.map

package/code-review-agent/dist/src/llm/router.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.js","sourceRoot":"","sources":["../../../src/llm/router.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,MAAM,aAAa,GAA2B;IAC5C,SAAS,EAAE,2BAA2B;IACtC,MAAM,EAAE,aAAa;IACrB,YAAY,EAAE,OAAO;CACtB,CAAC;AAEF,MAAM,eAAe,GAA2B;IAC9C,SAAS,EAAE,0BAA0B;IACrC,MAAM,EAAE,QAAQ;IAChB,YAAY,EAAE,QAAQ;CACvB,CAAC;AAEF,+DAA+D;AAC/D,MAAM,gBAAgB,GAA2B;IAC/C,0BAA0B,EAAE,CAAC;IAC7B,2BAA2B,EAAE,IAAI;IACjC,QAAQ,EAAE,GAAG;IACb,aAAa,EAAE,GAAG;CACnB,CAAC;AAEF,MAAM,OAAO,WAAW;IACd,cAAc,GAAuB,IAAI,CAAC;IAC1C,gBAAgB,GAAuB,IAAI,CAAC;IAC5C,OAAO,CAAkB;IAEjC,YAAY,OAAwB;QAClC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,iBAAiB;QACf,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,MAAM,KAAK,GACT,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnE,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,mBAAmB;QACjB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC3B,MAAM,KAAK,GACT,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC/D,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,YAAY,CAAC,MAAc,EAAE,KAAc;QACzC,MAAM,OAAO,GACX,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC;IACrC,CAAC;IAEO,cAAc,CAAC,KAAa;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;QAEvC,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;YAC9B,OAAO,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC7B,OAAO,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC3C,CAAC;IAEO,SAAS,CAAC,QAAgB;QAChC,MAAM,MAAM,GACV,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACpE,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CACb,wBAAwB,MAAM,8CAA8C,CAC7E,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;CACF"}

package/code-review-agent/dist/src/llm/schemas.d.ts

@@ -0,0 +1,18 @@
+import { z } from 'zod';
+type JsonSchema = Record<string, unknown>;
+export declare function zodToJsonSchema(schema: z.ZodTypeAny): JsonSchema;
+export declare function zodToAnthropicTool(schema: z.ZodTypeAny, name: string, description: string): {
+    name: string;
+    description: string;
+    input_schema: JsonSchema;
+};
+export declare function zodToOpenAIResponseFormat(schema: z.ZodTypeAny, name: string): {
+    type: 'json_schema';
+    json_schema: {
+        name: string;
+        strict: boolean;
+        schema: JsonSchema;
+    };
+};
+export {};
+//# sourceMappingURL=schemas.d.ts.map

package/code-review-agent/dist/src/llm/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../../src/llm/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,KAAK,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE1C,wBAAgB,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,GAAG,UAAU,CAEhE;AAuFD,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,CAAC,CAAC,UAAU,EACpB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB;IACD,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,UAAU,CAAC;CAC1B,CAMA;AAED,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,CAAC,CAAC,UAAU,EACpB,IAAI,EAAE,MAAM,GACX;IACD,IAAI,EAAE,aAAa,CAAC;IACpB,WAAW,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC;CACpE,CASA"}

package/code-review-agent/dist/src/llm/schemas.js

@@ -0,0 +1,91 @@
+export function zodToJsonSchema(schema) {
+    return convertType(schema);
+}
+function convertType(schema) {
+    const def = schema._def;
+    const typeName = def.typeName;
+    switch (typeName) {
+        case 'ZodString':
+            return { type: 'string' };
+        case 'ZodNumber': {
+            const result = { type: 'number' };
+            for (const check of def.checks ?? []) {
+                if (check.kind === 'min')
+                    result.minimum = check.value;
+                if (check.kind === 'max')
+                    result.maximum = check.value;
+            }
+            return result;
+        }
+        case 'ZodBoolean':
+            return { type: 'boolean' };
+        case 'ZodLiteral':
+            return { type: typeof def.value, const: def.value };
+        case 'ZodEnum':
+            return { type: 'string', enum: def.values };
+        case 'ZodArray':
+            return { type: 'array', items: convertType(def.type) };
+        case 'ZodObject': {
+            const shape = def.shape();
+            const properties = {};
+            const required = [];
+            for (const [key, value] of Object.entries(shape)) {
+                const fieldSchema = value;
+                const isOptional = fieldSchema.isOptional();
+                properties[key] = convertType(fieldSchema);
+                if (!isOptional) {
+                    required.push(key);
+                }
+            }
+            const result = {
+                type: 'object',
+                properties,
+                additionalProperties: false,
+            };
+            if (required.length > 0) {
+                result.required = required;
+            }
+            return result;
+        }
+        case 'ZodOptional':
+            return convertType(def.innerType);
+        case 'ZodNullable': {
+            const inner = convertType(def.innerType);
+            return { anyOf: [inner, { type: 'null' }] };
+        }
+        case 'ZodDefault':
+            return convertType(def.innerType);
+        case 'ZodEffects':
+            return convertType(def.schema);
+        case 'ZodUnion': {
+            const options = def.options.map(convertType);
+            return { anyOf: options };
+        }
+        case 'ZodRecord':
+            return {
+                type: 'object',
+                additionalProperties: convertType(def.valueType),
+            };
+        default:
+            // Fail loud instead of silently producing invalid schema
+            throw new Error(`zodToJsonSchema: unsupported Zod type "${typeName}". Add explicit handling for this type.`);
+    }
+}
+export function zodToAnthropicTool(schema, name, description) {
+    return {
+        name,
+        description,
+        input_schema: zodToJsonSchema(schema),
+    };
+}
+export function zodToOpenAIResponseFormat(schema, name) {
+    return {
+        type: 'json_schema',
+        json_schema: {
+            name,
+            strict: true,
+            schema: zodToJsonSchema(schema),
+        },
+    };
+}
+//# sourceMappingURL=schemas.js.map

package/code-review-agent/dist/src/llm/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../../src/llm/schemas.ts"],"names":[],"mappings":"AAIA,MAAM,UAAU,eAAe,CAAC,MAAoB;IAClD,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,MAAoB;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC;IACxB,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAkB,CAAC;IAExC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,WAAW;YACd,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAE5B,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,MAAM,GAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC9C,KAAK,MAAM,KAAK,IAAI,GAAG,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACrC,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;oBAAE,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC;gBACvD,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;oBAAE,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC;YACzD,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,KAAK,YAAY;YACf,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAE7B,KAAK,YAAY;YACf,OAAO,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;QAEtD,KAAK,SAAS;YACZ,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC;QAE9C,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAEzD,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC;YAC1B,MAAM,UAAU,GAA+B,EAAE,CAAC;YAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACjD,MAAM,WAAW,GAAG,KAAqB,CAAC;gBAC1C,MAAM,UAAU,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC;gBAC5C,UAAU,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;gBAC3C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;YAED,MAAM,MAAM,GAAe;gBACzB,IAAI,EAAE,QAAQ;gBACd,UAAU;gBACV,oBAAoB,EAAE,KAAK;aAC5B,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC7B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,KAAK,aAAa;YAChB,OAAO,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEpC,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzC,OAAO,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAC9C,CAAC;QAED,KAAK,YAAY;YACf,OAAO,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEpC,KAAK,YAAY;YACf,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAEjC,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,OAAO,GAAI,GAAG,CAAC,OAA0B,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACjE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QAC5B,CAAC;QAED,KAAK,WAAW;YACd,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,oBAAoB,EAAE,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC;aACjD,CAAC;QAEJ;YACE,yDAAyD;YACzD,MAAM,IAAI,KAAK,CAAC,0CAA0C,QAAQ,yCAAyC,CAAC,CAAC;IACjH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,MAAoB,EACpB,IAAY,EACZ,WAAmB;IAMnB,OAAO;QACL,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,eAAe,CAAC,MAAM,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,MAAoB,EACpB,IAAY;IAKZ,OAAO;QACL,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE;YACX,IAAI;YACJ,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,eAAe,CAAC,MAAM,CAAC;SAChC;KACF,CAAC;AACJ,CAAC"}

package/code-review-agent/dist/src/types/analysis.d.ts

@@ -0,0 +1,56 @@
+import type { Finding, IntentProfile, TriageDecision } from './findings.js';
+export interface AnalysisResult {
+    findings: Finding[];
+    intentProfile: IntentProfile | null;
+    fileResults: FileAnalysisResult[];
+    stats: AnalysisStats;
+}
+export interface FileAnalysisResult {
+    file: string;
+    findings: Finding[];
+    triageDecision: TriageDecision | null;
+    tokensUsed: number;
+    skipped: boolean;
+    truncated: boolean;
+}
+export interface AnalysisStats {
+    filesAnalyzed: number;
+    filesSkipped: number;
+    totalFindings: number;
+    findingsBySeverity: Record<string, number>;
+    totalTokensUsed: number;
+    estimatedCost: number;
+    durationMs: number;
+}
+export interface ProjectContext {
+    readme: string;
+    packageMeta: Record<string, unknown> | null;
+    directoryTree: string;
+    envVars: string[];
+    hasDockerfile: boolean;
+    hasCI: boolean;
+    language: string;
+    framework: string;
+}
+export interface FileContext {
+    filePath: string;
+    content: string;
+    language: string;
+    lineCount: number;
+    imports: string[];
+    importedBy: string[];
+    siblingFiles: string[];
+    isTestFile: boolean;
+    isConfigFile: boolean;
+    isGenerated: boolean;
+}
+export interface DependencyNode {
+    file: string;
+    imports: string[];
+    importedBy: string[];
+}
+export interface DependencyGraph {
+    nodes: Map<string, DependencyNode>;
+    entryPoints: string[];
+}
+//# sourceMappingURL=analysis.d.ts.map

package/code-review-agent/dist/src/types/analysis.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysis.d.ts","sourceRoot":"","sources":["../../../src/types/analysis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE5E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IACpC,WAAW,EAAE,kBAAkB,EAAE,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC;CACtB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,aAAa,EAAE,OAAO,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACnC,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB"}

package/code-review-agent/dist/src/types/analysis.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=analysis.js.map

package/code-review-agent/dist/src/types/analysis.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysis.js","sourceRoot":"","sources":["../../../src/types/analysis.ts"],"names":[],"mappings":""}

package/code-review-agent/dist/src/types/config.d.ts

@@ -0,0 +1,24 @@
+export interface AnalysisOptions {
+    provider: 'anthropic' | 'openai' | 'claude-cli';
+    model?: string;
+    triageModel?: string;
+    confidenceThreshold: number;
+    format: 'text' | 'json' | 'sarif';
+    verbose: boolean;
+    projectRoot: string;
+    exclude: string[];
+    concurrencyLimit: number;
+    maxFileSize: number;
+}
+export interface CRAgentConfig {
+    provider?: 'anthropic' | 'openai' | 'claude-cli';
+    model?: string;
+    triageModel?: string;
+    confidenceThreshold?: number;
+    exclude?: string[];
+    concurrencyLimit?: number;
+    maxFileSize?: number;
+}
+export declare function loadConfig(projectRoot: string): CRAgentConfig | null;
+export declare function resolveOptions(cliFlags: Partial<AnalysisOptions>, config: CRAgentConfig | null, env?: Record<string, string | undefined>): AnalysisOptions;
+//# sourceMappingURL=config.d.ts.map

package/code-review-agent/dist/src/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,EAAE,WAAW,GAAG,QAAQ,GAAG,YAAY,CAAC;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD,wBAAgB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAQpE;AAED,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,OAAO,CAAC,eAAe,CAAC,EAClC,MAAM,EAAE,aAAa,GAAG,IAAI,EAC5B,GAAG,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAe,GACpD,eAAe,CAoBjB"}

package/code-review-agent/dist/src/types/config.js

@@ -0,0 +1,42 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+const DEFAULTS = {
+    provider: 'anthropic',
+    confidenceThreshold: 0.7,
+    format: 'text',
+    verbose: false,
+    projectRoot: process.cwd(),
+    exclude: ['node_modules', 'dist', 'build', '.git', 'vendor', '__pycache__', '.venv', 'venv', 'env', '.env', 'site-packages', '.tox', '.mypy_cache', '.pytest_cache', 'coverage', '.nyc_output', '.next', 'target'],
+    concurrencyLimit: 5,
+    maxFileSize: 512 * 1024,
+};
+export function loadConfig(projectRoot) {
+    const configPath = path.join(projectRoot, '.cr-agent.json');
+    try {
+        const raw = fs.readFileSync(configPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+export function resolveOptions(cliFlags, config, env = process.env) {
+    return {
+        provider: cliFlags.provider ??
+            config?.provider ??
+            env.CR_AGENT_PROVIDER ??
+            DEFAULTS.provider,
+        model: cliFlags.model ?? config?.model ?? env.CR_AGENT_MODEL ?? undefined,
+        triageModel: cliFlags.triageModel ?? config?.triageModel ?? undefined,
+        confidenceThreshold: cliFlags.confidenceThreshold ??
+            config?.confidenceThreshold ??
+            (env.CR_AGENT_CONFIDENCE ? parseFloat(env.CR_AGENT_CONFIDENCE) : DEFAULTS.confidenceThreshold),
+        format: cliFlags.format ?? DEFAULTS.format,
+        verbose: cliFlags.verbose ?? DEFAULTS.verbose,
+        projectRoot: cliFlags.projectRoot ?? DEFAULTS.projectRoot,
+        exclude: cliFlags.exclude ?? config?.exclude ?? DEFAULTS.exclude,
+        concurrencyLimit: Math.max(1, cliFlags.concurrencyLimit ?? config?.concurrencyLimit ?? DEFAULTS.concurrencyLimit),
+        maxFileSize: cliFlags.maxFileSize ?? config?.maxFileSize ?? DEFAULTS.maxFileSize,
+    };
+}
+//# sourceMappingURL=config.js.map

package/code-review-agent/dist/src/types/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/types/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAyBlC,MAAM,QAAQ,GAAoB;IAChC,QAAQ,EAAE,WAAW;IACrB,mBAAmB,EAAE,GAAG;IACxB,MAAM,EAAE,MAAM;IACd,OAAO,EAAE,KAAK;IACd,WAAW,EAAE,OAAO,CAAC,GAAG,EAAE;IAC1B,OAAO,EAAE,CAAC,cAAc,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,aAAa,EAAE,eAAe,EAAE,UAAU,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC;IAClN,gBAAgB,EAAE,CAAC;IACnB,WAAW,EAAE,GAAG,GAAG,IAAI;CACxB,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,WAAmB;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,QAAkC,EAClC,MAA4B,EAC5B,MAA0C,OAAO,CAAC,GAAG;IAErD,OAAO;QACL,QAAQ,EACN,QAAQ,CAAC,QAAQ;YACjB,MAAM,EAAE,QAAQ;YACf,GAAG,CAAC,iBAA6D;YAClE,QAAQ,CAAC,QAAQ;QACnB,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,MAAM,EAAE,KAAK,IAAI,GAAG,CAAC,cAAc,IAAI,SAAS;QACzE,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,MAAM,EAAE,WAAW,IAAI,SAAS;QACrE,mBAAmB,EACjB,QAAQ,CAAC,mBAAmB;YAC5B,MAAM,EAAE,mBAAmB;YAC3B,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC;QAChG,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM;QAC1C,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;QAC7C,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,QAAQ,CAAC,WAAW;QACzD,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,MAAM,EAAE,OAAO,IAAI,QAAQ,CAAC,OAAO;QAChE,gBAAgB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,gBAAgB,IAAI,MAAM,EAAE,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB,CAAC;QACjH,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,MAAM,EAAE,WAAW,IAAI,QAAQ,CAAC,WAAW;KACjF,CAAC;AACJ,CAAC"}