npm - ai-commit-reviewer - Versions diffs - 1.0.1 - Mend

ai-commit-reviewer 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,350 @@
+<div align="center">
+# 🔍 AI Senior Dev Reviewer
+**The AI code reviewer that thinks like a senior React Native & Next.js engineer.**
+Runs on every `git commit`. Catches crashes, ANRs, hydration errors, security holes, and bad patterns before they hit production. Gets smarter with every commit by learning your team's specific blind spots.
+[![npm version](https://img.shields.io/npm/v/ai-senior-dev-reviewer.svg)](https://www.npmjs.com/package/ai-senior-dev-reviewer)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D16.0.0-brightgreen)](https://nodejs.org)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](CONTRIBUTING.md)
+[Installation](#installation) · [What it catches](#what-it-catches) · [Self-improving memory](#self-improving-memory) · [Commands](#commands) · [Config](#configuration) · [vs other tools](#why-not-just-use-copilot)
+</div>
+---
+## The problem
+You write code. You commit. You push. A senior dev reviews your PR two days later and finds a null dereference crash, a hardcoded API key, and a component that already exists in the codebase.
+**That feedback loop is too slow and too late.**
+AI Senior Dev Reviewer runs at `git commit` — before the code ever leaves your machine. It blocks the commit if it finds something serious, and explains exactly how to fix it.
+```
+git commit -m "payment success revamp"
+  ╔══════════════════════════════════════════╗
+  ║       AI Senior Dev Reviewer             ║
+  ╚══════════════════════════════════════════╝
+  Files staged:     1
+  Reviews done:     24
+  Known blind spots: missing useCallback on handlers · AsyncStorage for tokens
+  Building codebase snapshot...
+  Sending to AI...
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+PASS 1 — SECURITY
+🔴 BLOCK [SECURITY] containers/Payment/index.tsx:42
+Problem: Auth token stored in AsyncStorage — unencrypted plaintext on disk
+Risk: Device theft or backup extraction exposes the token permanently
+Fix:
+  // Before
+  await AsyncStorage.setItem('token', userToken)
+  // After
+  import * as Keychain from 'react-native-keychain'
+  await Keychain.setGenericPassword('token', userToken)
+PASS 2 — CRASHES
+🔴 BLOCK [CRASH] containers/Payment/index.tsx:87
+Problem: route.params.orderId accessed without existence check
+Risk: Navigating to this screen without params crashes the app instantly
+Fix:
+  // Before
+  const { orderId } = route.params
+  // After
+  const { orderId } = route.params ?? {}
+  if (!orderId) return <ErrorScreen />
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  ✗  Commit BLOCKED — fix the 🔴 BLOCK issues above first
+     Most critical: Auth token stored unencrypted in AsyncStorage
+     To skip (use sparingly): git commit --no-verify
+```
+---
+## What it catches
+### 9 review passes on every commit
+| Pass | Category | Examples |
+|------|----------|---------|
+| 1 | **Security** | Hardcoded secrets, unencrypted token storage, missing API auth, XSS, SQL injection |
+| 2 | **Crashes** | Null deref, unhandled rejections, infinite loops, FlatList-in-ScrollView, missing cleanup |
+| 3 | **ANRs & Perf** | JS thread blocking, missing memo, O(n²) loops, no debounce, ScrollView for large lists |
+| 4 | **Hydration** | Server/client mismatch, window in SSR, useLayoutEffect, invalid HTML nesting, dynamic() missing |
+| 5 | **Next.js** | Missing auth on API routes, Server/Client component misuse, redirect() in try/catch, missing Suspense |
+| 6 | **Better code** | 40-line functions, nested ternaries, no early returns, sequential awaits |
+| 7 | **Duplicates** | Component already exists, util already in utils/, hook already extracted |
+| 8 | **Non-fatals** | Race conditions, double form submit, stale closures, network errors swallowed |
+| 9 | **Style** | Vague names, magic numbers, dead code, missing boolean predicates |
+### Framework-aware
+Automatically detects which framework you're using and applies the right checks:
+**React Native** — ANR risks, JS bridge overload, `useNativeDriver`, `FlatList` vs `ScrollView`, `Platform.OS` guards, permission checks, `react-native-keychain`, `react-native-fast-image`
+**Next.js** — Hydration mismatches, Server vs Client component misuse, `redirect()` gotchas, `useSearchParams` without Suspense, missing `loading.tsx` / `error.tsx`, ISR revalidation, `next/image`, `next/font`
+**React web** — Bundle splitting, virtualisation, error boundaries, SSR guards, `dangerouslySetInnerHTML`
+---
+## Self-improving memory
+This is what makes it different from every other tool.
+After every review, it writes to `.ai-reviewer/patterns.json` in your project:
+```json
+{
+  "total_commits_reviewed": 47,
+  "team_blind_spots": [
+    "missing useCallback on handlers passed to memoized children",
+    "AsyncStorage used for auth tokens instead of Keychain",
+    "no optional chaining on navigation route.params",
+    "inline style objects created in JSX instead of StyleSheet"
+  ]
+}
+```
+Every future review starts with: *"this team has historically gotten these things wrong — pay extra attention."*
+After 10 commits it knows your codebase. After 50 it knows your team.
+**Commit `patterns.json` to git** — the whole team shares the learned memory.
+---
+## Why not just use Copilot?
+| | GitHub Copilot | CodeRabbit | ESLint | **This tool** |
+|--|:-:|:-:|:-:|:-:|
+| Blocks bad commits | ✗ | ✗ | ✗ | ✓ |
+| React Native crash detection | ✗ | ✗ | ✗ | ✓ |
+| ANR detection | ✗ | ✗ | ✗ | ✓ |
+| Hydration error detection | ✗ | ✗ | ✗ | ✓ |
+| Self-improving memory | ✗ | ✗ | ✗ | ✓ |
+| Duplicate component detection | ✗ | partial | ✗ | ✓ |
+| Works at commit time | ✗ | ✗ (PR only) | ✓ | ✓ |
+| Before/after code fixes | ✗ | partial | ✗ | ✓ |
+| Zero infrastructure | ✓ | ✗ | ✓ | ✓ |
+| Cost | $19/dev/mo | $19/dev/mo | free | ~$5 total |
+**Copilot** helps you write code faster. This tool stops bad code reaching the repo.
+**CodeRabbit** reviews PRs after bad code is already in the branch. This tool catches it before it's committed.
+**ESLint** catches syntax and rule violations. This tool catches intent, logic bugs, and production failure patterns.
+---
+## Installation
+### Requirements
+- Node.js 16+
+- Git
+- An API key (OpenAI, Anthropic, or Google Gemini)
+### Global install (works across all your projects)
+```bash
+# Clone somewhere permanent
+git clone https://github.com/your-username/ai-senior-dev-reviewer.git ~/tools/ai-reviewer
+cd ~/tools/ai-reviewer
+npm link
+```
+Or install from npm:
+```bash
+npm install -g ai-senior-dev-reviewer
+```
+### Per-project setup
+```bash
+# Go to your project
+cd your-project
+# Create .env with your API key (never commit this)
+echo 'OPENAI_API_KEY=sk-proj-...' > .env
+echo '.env' >> .gitignore
+# Install the git hook
+ai-reviewer install
+# Verify everything is set up
+ai-reviewer status
+```
+Done. The reviewer fires automatically on every `git commit`.
+### Monorepo setup
+Works perfectly in monorepos — each sub-project gets its own scoped hook and its own memory:
+```bash
+cd myrepo/nextjs  && ai-reviewer install
+cd myrepo/mobile  && ai-reviewer install
+cd myrepo/pos     && ai-reviewer install
+```
+---
+## API keys
+The tool supports three providers. Add one to your project's `.env`:
+```bash
+# Option 1 — OpenAI (most reliable)
+OPENAI_API_KEY=sk-proj-...
+AI_REVIEWER_MODEL=gpt-4o-mini    # ~$0.003/review
+# Option 2 — Anthropic ($5 free credits)
+ANTHROPIC_API_KEY=sk-ant-...
+# uses claude-3-5-haiku by default
+# Option 3 — Google Gemini (free tier available)
+GEMINI_API_KEY=AIza...
+# uses gemini-1.5-flash by default
+```
+Priority: **Anthropic → Gemini → OpenAI** (whichever key is present).
+### Cost comparison
+| Provider | Model | Cost per review | $5 buys you |
+|----------|-------|----------------|-------------|
+| OpenAI | gpt-4o-mini | ~$0.003 | ~1,600 reviews |
+| OpenAI | gpt-4o | ~$0.04 | ~125 reviews |
+| Anthropic | claude-3-5-haiku | ~$0.001 | ~5,000 reviews |
+| Gemini | gemini-1.5-flash | free tier | free |
+---
+## Commands
+```bash
+ai-reviewer install      # install hook into current project
+ai-reviewer uninstall    # remove hook (restores backup if exists)
+ai-reviewer review       # run manually on staged files
+ai-reviewer dashboard    # open HTML review history in browser
+ai-reviewer status       # show hook status, API key, patterns learned
+ai-reviewer help         # show all commands
+# Skip review for one commit
+git commit --no-verify
+```
+---
+## Configuration
+All settings can be overridden via environment variables or by editing `src/config.js`:
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `OPENAI_API_KEY` | — | OpenAI API key |
+| `ANTHROPIC_API_KEY` | — | Anthropic API key |
+| `GEMINI_API_KEY` | — | Google Gemini API key |
+| `AI_REVIEWER_MODEL` | auto | Override the model (e.g. `gpt-4o`, `claude-3-5-sonnet-20241022`) |
+| `AI_REVIEWER_VERBOSE` | false | Show provider, model, env path info |
+---
+## Severity levels
+| | Level | Behaviour |
+|--|-------|-----------|
+| 🔴 | **BLOCK** | Security vulnerability or crash/ANR risk — commit is rejected |
+| 🟡 | **WARN** | Performance or logic bug — commit allowed, fix before merging |
+| 🔵 | **SUGGEST** | Better way to write it — educational, non-blocking |
+| ⚪ | **STYLE** | Naming, dead code, readability — non-blocking |
+---
+## Project structure
+```
+ai-senior-dev-reviewer/
+├── src/
+│   ├── index.js              — main orchestrator
+│   ├── config.js             — configuration + env loading
+│   ├── analyzer/
+│   │   ├── git.js            — staged files, diff, codebase snapshot
+│   │   ├── prompt.js         — 9-pass review prompt
+│   │   └── api.js            — multi-provider AI client (OpenAI/Anthropic/Gemini)
+│   ├── memory/
+│   │   └── index.js          — patterns.json, blind spots, audit log
+│   └── output/
+│       └── colors.js         — terminal colour output
+├── bin/
+│   ├── cli.js                — global CLI entry point
+│   ├── install.js            — scoped git hook installer
+│   ├── uninstall.js          — hook removal with backup restore
+│   └── dashboard.js          — HTML review history generator
+└── .ai-reviewer/             — auto-created per project
+    ├── patterns.json         — learned team patterns ← commit this
+    ├── codebase-context.json — component inventory  ← commit this
+    ├── review-log.jsonl      — audit log            ← gitignore this
+    └── dashboard.html        — generated report     ← gitignore this
+```
+---
+## .gitignore recommendation
+```gitignore
+# Never commit
+.env
+.ai-reviewer/review-log.jsonl
+.ai-reviewer/dashboard.html
+# DO commit — shared team memory
+# .ai-reviewer/patterns.json
+# .ai-reviewer/codebase-context.json
+```
+---
+## Contributing
+PRs welcome. Main areas to improve:
+- More framework-specific checks (Vue, Svelte, Expo Router)
+- VS Code extension to show issues inline
+- GitHub Actions integration for CI
+- Support for more AI providers (Mistral, Ollama for local models)
+- Configurable severity rules per project
+See [CONTRIBUTING.md](CONTRIBUTING.md) to get started.
+---
+## License
+MIT — use it, fork it, improve it.
+---
+<div align="center">
+Built by a developer who got tired of catching the same bugs in code review.
+**Star it if it saves you from a production crash. ⭐**
+</div>

package/bin/cli.js ADDED Viewed

@@ -0,0 +1,190 @@
+#!/usr/bin/env node
+// ── bin/cli.js ────────────────────────────────────────────
+const path = require("path");
+const fs = require("fs");
+const { execSync } = require("child_process");
+const C = {
+  red: "\x1b[31m",
+  yellow: "\x1b[33m",
+  blue: "\x1b[34m",
+  green: "\x1b[32m",
+  cyan: "\x1b[36m",
+  bold: "\x1b[1m",
+  dim: "\x1b[2m",
+  reset: "\x1b[0m",
+};
+const cmd = process.argv[2];
+function run(c) {
+  try {
+    return execSync(c, {
+      encoding: "utf8",
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+  } catch {
+    return "";
+  }
+}
+// ── Help ──────────────────────────────────────────────────
+function showHelp() {
+  console.log(`
+${C.bold}${C.cyan}  AI Senior Dev Reviewer${C.reset}
+  Self-improving code reviewer for React & React Native
+${C.bold}  Usage:${C.reset}
+    ${C.green}ai-reviewer install${C.reset}      Install hook scoped to current sub-project
+    ${C.green}ai-reviewer uninstall${C.reset}    Remove hook
+    ${C.green}ai-reviewer review${C.reset}       Run manually on staged files
+    ${C.green}ai-reviewer dashboard${C.reset}    Open review history dashboard
+    ${C.green}ai-reviewer status${C.reset}       Show project status
+    ${C.green}ai-reviewer help${C.reset}         Show this help
+${C.bold}  Monorepo example:${C.reset}
+    cd newmecode/nextjs  &&  ai-reviewer install
+    cd newmecode/mobile  &&  ai-reviewer install
+    cd newmecode/pos     &&  ai-reviewer install
+    Each sub-project gets its own scoped hook + its own memory.
+${C.bold}  Skip a review:${C.reset}
+    git commit --no-verify
+`);
+}
+// ── Status ────────────────────────────────────────────────
+function showStatus() {
+  const gitRoot = run("git rev-parse --show-toplevel");
+  const projectDir = process.cwd();
+  const projectName = path.basename(projectDir);
+  if (!gitRoot) {
+    console.log(`${C.red}✗  Not inside a git repository${C.reset}`);
+    return;
+  }
+  const hookPath = path.join(gitRoot, ".git", "hooks", "pre-commit");
+  const hookContent = fs.existsSync(hookPath)
+    ? fs.readFileSync(hookPath, "utf8")
+    : "";
+  // Check hook is scoped to THIS sub-project
+  const hookInstalled =
+    hookContent.includes("AI Senior Dev Reviewer") &&
+    hookContent.includes(projectDir);
+  const patternsPath = path.join(projectDir, ".ai-reviewer", "patterns.json");
+  let patterns = {};
+  try {
+    patterns = JSON.parse(fs.readFileSync(patternsPath, "utf8"));
+  } catch {}
+  // Load env to check API key
+  const envPath = path.join(projectDir, ".env");
+  let apiKeyInEnv = false;
+  if (fs.existsSync(envPath)) {
+    const envContent = fs.readFileSync(envPath, "utf8");
+    apiKeyInEnv =
+      envContent.includes("GEMINI_API_KEY") ||
+      envContent.includes("ANTHROPIC_API_KEY") ||
+      envContent.includes("OPENAI_API_KEY");
+  }
+  const apiKey = process.env.OPENAI_API_KEY || apiKeyInEnv;
+  const model = process.env.AI_REVIEWER_MODEL || "gpt-4o-mini";
+  console.log(`\n${C.bold}${C.cyan}  AI Reviewer — Project Status${C.reset}\n`);
+  console.log(`  Sub-project:   ${C.bold}${projectName}${C.reset}`);
+  console.log(`  Path:          ${C.dim}${projectDir}${C.reset}`);
+  console.log(`  Git root:      ${C.dim}${gitRoot}${C.reset}`);
+  console.log(
+    `  Hook:          ${
+      hookInstalled
+        ? `${C.green}✓ installed (scoped to ${projectName})${C.reset}`
+        : `${C.red}✗ not installed${C.reset} — run: ai-reviewer install`
+    }`,
+  );
+  console.log(
+    `  API key:       ${
+      apiKey
+        ? `${C.green}✓ set${C.reset}`
+        : `${C.red}✗ missing${C.reset} — add GEMINI_API_KEY / ANTHROPIC_API_KEY / OPENAI_API_KEY to ${projectName}/.env`
+    }`,
+  );
+  console.log(
+    `  .env:          ${
+      fs.existsSync(envPath)
+        ? `${C.green}✓ found${C.reset} (${envPath})`
+        : `${C.yellow}✗ no .env found${C.reset}`
+    }`,
+  );
+  console.log(`  Model:         ${C.cyan}${model}${C.reset}`);
+  console.log(
+    `  Reviews done:  ${C.bold}${patterns.total_commits_reviewed || 0}${C.reset}`,
+  );
+  console.log(
+    `  Patterns:      ${C.bold}${patterns.recurring_issues?.length || 0}${C.reset} learned`,
+  );
+  if (patterns.team_blind_spots?.length) {
+    console.log(
+      `\n  ${C.yellow}${C.bold}Team blind spots for ${projectName}:${C.reset}`,
+    );
+    patterns.team_blind_spots.forEach((s, i) => {
+      console.log(`  ${C.dim}${i + 1}.${C.reset} ${s}`);
+    });
+  }
+  console.log("");
+}
+// ── Open dashboard ────────────────────────────────────────
+function openDashboard() {
+  require("./dashboard.js");
+  const dashPath = path.join(process.cwd(), ".ai-reviewer", "dashboard.html");
+  setTimeout(() => {
+    if (fs.existsSync(dashPath)) {
+      const opener =
+        process.platform === "darwin"
+          ? "open"
+          : process.platform === "win32"
+            ? "start"
+            : "xdg-open";
+      try {
+        execSync(`${opener} "${dashPath}"`);
+      } catch {
+        console.log(`  Open manually: ${dashPath}`);
+      }
+    }
+  }, 300);
+}
+// ── Route ─────────────────────────────────────────────────
+switch (cmd) {
+  case "install":
+    require("./install.js");
+    break;
+  case "uninstall":
+    require("./uninstall.js");
+    break;
+  case "review":
+    require("../src/index.js");
+    break;
+  case "dashboard":
+    openDashboard();
+    break;
+  case "status":
+    showStatus();
+    break;
+  case "help":
+  case "--help":
+  case "-h":
+  case undefined:
+    showHelp();
+    break;
+  default:
+    console.log(`${C.red}Unknown command: ${cmd}${C.reset}`);
+    showHelp();
+    process.exit(1);
+}