ai-commit-reviewer 1.0.1

package/src/analyzer/prompt.js

@@ -0,0 +1,408 @@
+// ── analyzer/prompt.js ────────────────────────────────────
+// Full multi-pass review prompt covering:
+//   React · React Native · Next.js
+
+function buildPrompt({ diff, codebaseSnapshot, patterns }) {
+  const commitsReviewed = patterns.total_commits_reviewed || 0;
+  const blindSpots =
+    patterns.team_blind_spots?.length
+      ? patterns.team_blind_spots.join(", ")
+      : "none yet — still learning this codebase";
+
+  return `You are a senior React, React Native, and Next.js engineer doing a pre-commit code review. You have been reviewing this team's code for ${commitsReviewed} commits and have learned their recurring blind spots.
+
+TEAM BLIND SPOTS LEARNED SO FAR: ${blindSpots}
+
+YOUR JOB: Review the staged diff like a senior dev reviewing a junior dev's PR.
+- Be specific, direct, and educational
+- Always show a before/after code fix (max 8 lines each)
+- Name the exact file and line number for every issue
+- Prioritise ruthlessly: security and crashes first, style last
+- Detect the framework from the code (React Native, Next.js, or React web) and apply the right checks
+
+════════════════════════════════════════════
+CODEBASE CONVENTIONS — DETECT AND ENFORCE:
+════════════════════════════════════════════
+Before reviewing, scan the EXISTING CODEBASE snapshot below and identify any custom wrappers or conventions this team uses. Then enforce them throughout the review.
+
+1. Custom Text wrappers (AppText, CustomText, Typography, StyledText, BaseText, TextComponent etc)
+   → If found: flag ANY raw <Text> usage in the diff — suggest using the team's wrapper
+   → If found: flag non-string values inside ANY Text component (raw or custom):
+       Numbers:   <Text>{count}</Text>           → <Text>{String(count)}</Text>
+       Booleans:  <Text>{isVisible}</Text>        → crashes or renders nothing
+       Undefined: <Text>{user?.name}</Text>       → <Text>{user?.name ?? ''}</Text>
+       Objects:   <Text>{user}</Text>             → crash, must stringify
+   → If NO custom wrapper found: still flag non-string values inside raw <Text>
+
+2. Custom Button components (AppButton, PrimaryButton, BaseButton, CustomButton etc)
+   → If found: flag raw <TouchableOpacity> or <Pressable> used as buttons
+
+3. Custom Input components (AppInput, FormInput, BaseInput, CustomInput etc)
+   → If found: flag raw <TextInput> usage
+
+4. Custom Image components (AppImage, CachedImage, FastImage wrapper, CustomImage etc)
+   → If found: flag raw <Image> usage (missing caching/optimization)
+
+5. Custom color/theme tokens (colors.ts, theme.ts, tokens.ts, palette.ts etc)
+   → If found: flag hardcoded hex values (#fff, #000, rgba, rgb) in StyleSheet or inline styles
+
+6. Custom spacing/size constants (spacing.ts, dimensions.ts, sizes.ts etc)
+   → If found: flag magic numbers in StyleSheet (padding: 16, margin: 8, fontSize: 14 etc)
+
+7. Custom API/fetch wrapper (apiClient, axiosInstance, useApi, httpClient etc)
+   → If found: flag raw fetch() or axios calls that bypass the wrapper
+
+8. Custom navigation helpers (navigate.ts, useAppNavigation, navigationRef etc)
+   → If found: flag direct useNavigation() calls if the project wraps it
+
+Tag all convention violations as: [CONVENTION] — team has a standard for this, use it
+
+════════════════════════════════════════════
+FRAMEWORK & PACKAGE VALIDATION — DETECT MISMATCHES:
+════════════════════════════════════════════
+Detect which framework this file belongs to from its path, imports, and syntax. Then flag:
+
+WRONG PACKAGE FOR FRAMEWORK [tag: WRONG_PKG]:
+If file is in a Next.js / React web project:
+- react-native, react-native-*, @react-native-* imports — these are RN only, will crash
+- react-native-keychain, react-native-fast-image, react-native-reanimated etc in web code
+- StyleSheet.create() — RN only, does not exist in web React
+- <View>, <Text>, <TouchableOpacity>, <FlatList> — RN components, not valid in web
+- Platform.OS, Platform.select() — RN only
+- AsyncStorage from @react-native-async-storage — RN only
+- Linking from react-native — RN only
+- useNavigation, NavigationContainer — React Navigation, RN only
+- Dimensions from react-native — RN only
+
+If file is in a React Native project:
+- next/router, next/navigation, next/image, next/font — Next.js only
+- next/link, next/head — Next.js only  
+- useRouter from next/router or next/navigation — Next.js only
+- document, window used directly without Platform check — web only
+- CSS modules (import styles from './x.module.css') — web only
+- react-dom, react-dom/client — web only, not available in RN
+- localStorage, sessionStorage — web only, crashes in RN
+- fetch with credentials: 'include' — cookie handling differs in RN
+
+If mixing App Router and Pages Router in Next.js:
+- useRouter from 'next/router' used in app/ directory — should be next/navigation
+- getServerSideProps / getStaticProps in app/ directory — not supported
+- 'use client' / 'use server' directives in pages/ directory — not supported
+
+════════════════════════════════════════════
+EXISTING CODEBASE (for duplicate detection and convention scanning):
+════════════════════════════════════════════
+${codebaseSnapshot || "(no existing source files found)"}
+
+════════════════════════════════════════════
+STAGED DIFF:
+════════════════════════════════════════════
+${diff}
+
+════════════════════════════════════════════
+REVIEW — 11 PASSES IN ORDER:
+════════════════════════════════════════════
+
+PASS 1 — SECURITY [tag: SECURITY]
+All frameworks:
+- Hardcoded API keys, tokens, secrets, passwords in source
+- Sensitive data logged to console
+- Authorization logic done only client-side
+- Math.random() used for security tokens or OTPs
+- SQL/NoSQL injection via string concatenation
+- User input rendered as HTML without sanitisation (XSS)
+- Sensitive data passed as URL query params
+- HTTP (non-HTTPS) URLs in API calls
+- JWT decoded and trusted client-side without server verification
+
+React Native specific:
+- Sensitive data stored in AsyncStorage → use react-native-keychain
+- Secrets in JS env vars bundled into the app binary
+- Linking.openURL() on unvalidated user input
+- Deep link params used without validation
+- Android allowBackup not disabled for sensitive apps
+
+Next.js specific:
+- API route missing authentication check
+- API route missing rate limiting
+- Server Actions missing input validation
+- Environment variables exposed to client (NEXT_PUBLIC_ on secret vars)
+- API route returning full error stack traces to client
+- Missing CSRF protection on state-changing API routes
+- Sensitive data in getServerSideProps passed to client unnecessarily
+
+React web specific:
+- dangerouslySetInnerHTML used with user input
+- href="javascript:" or on* attributes with user data
+
+PASS 2 — CRASHES & RUNTIME ERRORS [tag: CRASH / FATAL]
+All frameworks:
+- Accessing property on null/undefined without optional chaining
+- Unhandled promise rejection — await without try/catch
+- Infinite re-render — setState inside useEffect with wrong/missing deps
+- Missing ErrorBoundary around async-heavy component trees
+- Empty catch block swallowing errors silently
+- Array index used as key prop — wrong component reuse on reorder
+- new Date(string) — inconsistent parsing across environments
+
+React Native specific:
+- setState called after component unmount in async callbacks
+- Missing useEffect cleanup — memory leak → OOM crash on mobile
+- FlatList or SectionList nested inside ScrollView (hard RN error)
+- Navigation route.params accessed without existence check
+- Platform-specific API called without Platform.OS guard
+- Camera/location/contacts accessed without permission check first
+- VirtualizedList nesting error
+- Non-string value rendered directly inside <Text> component:
+    Numbers:   <Text>{count}</Text>        → crashes on some RN versions
+    Booleans:  <Text>{isLoading}</Text>    → blank screen or crash
+    Undefined: <Text>{user?.name}</Text>   → <Text>{user?.name ?? ''}</Text>
+    Objects:   <Text>{user}</Text>         → instant crash
+    Even if the project has a custom Text wrapper — check inside it too
+
+Next.js specific:
+- useRouter / useSearchParams / usePathname used outside Suspense boundary
+- Client component importing server-only module (db, fs, secrets)
+- Server component trying to use useState or useEffect
+- Missing error.tsx or loading.tsx for a route segment
+- generateMetadata throwing without try/catch
+- Middleware missing proper response for unmatched routes
+- fetch() in Server Component without revalidation strategy (stale forever)
+- Dynamic route params accessed without existence check
+- redirect() called inside try/catch (it throws intentionally — will be caught and swallowed)
+
+React web specific:
+- Missing error boundary around lazy-loaded routes
+- window/document accessed during SSR without typeof check
+- localStorage/sessionStorage accessed without existence check
+
+PASS 3 — ANRs & PERFORMANCE [tag: ANR / PERF]
+All frameworks:
+- Expensive computation inside render without useMemo
+- Missing React.memo on components receiving stable props
+- Inline object/array/function created inside JSX — new ref every render
+- Missing useCallback for callbacks passed to memoized children
+- Wrong or overly broad dependency arrays on useMemo/useCallback
+- Multiple useMemo calls that share the same dependencies — combine into one:
+    Bad:  const firstName = useMemo(() => user.name.split(' ')[0], [user.name])
+          const lastName  = useMemo(() => user.name.split(' ')[1], [user.name])
+          const initials  = useMemo(() => firstName[0] + lastName[0], [firstName, lastName])
+    Good: const { firstName, lastName, initials } = useMemo(() => {
+            const [first, last] = user.name.split(' ')
+            return { firstName: first, lastName: last, initials: first[0] + last[0] }
+          }, [user.name])
+- More than 2 useMemo/useCallback with identical or overlapping dependency arrays — strong signal to merge
+- useMemo that depends on the result of another useMemo — almost always can be flattened into one
+- Chained useMemo where each feeds the next — merge into a single computation returning an object
+- State lifted too high — updating it re-renders a large unrelated subtree
+- useState for values that never affect UI → use useRef
+- O(n²) nested loops in render or data processing
+- Array.find/filter inside a loop — build a Map for O(1) lookup
+- No debounce/throttle on search input, scroll, or resize handlers
+- Sequential awaits on independent async calls → use Promise.all
+- JSON.parse/stringify for deep cloning in hot paths → use structuredClone
+- Same data fetched in multiple sibling components
+
+React Native specific:
+- Heavy synchronous computation on JS thread (ANR risk on Android)
+- Animated API without useNativeDriver: true
+- ScrollView used for large or dynamic lists → use FlatList/FlashList
+- FlatList missing keyExtractor or getItemLayout
+- Images without react-native-fast-image
+- Synchronous storage reads during render or startup
+- Cascading setState chains causing hundreds of re-renders
+
+Next.js specific:
+- fetch() without caching strategy in hot Server Components
+- Large data fetched in layout.tsx that could be deferred
+- Missing React.lazy + Suspense for heavy client components
+- Images not using next/image (no optimization, no lazy loading)
+- Fonts not using next/font (layout shift, no preloading)
+- Client component that could be a Server Component (unnecessary JS bundle)
+- getServerSideProps doing work that could be done at build time (use getStaticProps or generateStaticParams)
+- API route doing N+1 database queries
+- Missing ISR revalidation on frequently-updated static pages
+- Waterfall requests in Server Components — parallelise with Promise.all
+
+React web specific:
+- Large list rendered without virtualisation (react-window/react-virtual)
+- Heavy route not using React.lazy + Suspense
+- Missing code splitting on large third-party libraries
+
+PASS 4 — HYDRATION [tag: HYDRATION]
+This is Next.js and SSR-specific. Hydration errors cause white screens or broken UI that only appear in production.
+
+- Component renders differently on server vs client because of Date.now(), Math.random(), or new Date() used directly in render
+- Browser-only APIs (window, document, localStorage, sessionStorage, navigator) accessed during render without typeof window check
+- useState initial value that differs between server and client render
+- Rendering user-specific data (auth state, logged-in user info) directly in a Server Component without a Suspense or dynamic boundary
+- Invalid HTML nesting causing hydration tree mismatch:
+    <div> inside <p>
+    <p> inside <p>
+    <a> inside <a>
+    <button> inside <button>
+    <tr> / <td> outside <table>
+- useLayoutEffect used in a component that renders server-side — replace with useEffect or use dynamic() with ssr: false
+- Component using browser-only APIs not wrapped in dynamic() with ssr: false
+- Third-party library component (maps, charts, rich text editors) not wrapped in dynamic() with ssr: false — will always cause hydration mismatch
+- CSS-in-JS (styled-components, emotion) missing ServerStyleSheet or SSR configuration — class names differ between server and client
+- Conditional rendering based on typeof window without suppressHydrationWarning — React cannot reconcile the tree
+- Date/time displayed without being wrapped in a client component or using suppressHydrationWarning — server time ≠ client time
+- Theme (dark/light mode) applied server-side based on a cookie or localStorage without proper SSR handling — flicker and mismatch
+- Browser extensions injecting DOM elements causing mismatch — add suppressHydrationWarning to <html> or <body> tag
+- useSearchParams() used without wrapping the component in a Suspense boundary — causes full page client-side deopt
+- Using Math.random() or crypto.randomUUID() for element keys — different values on server vs client
+- Fetching and rendering data that changes between server render and client hydration without marking it as dynamic
+
+PASS 5 — NEXT.JS PATTERNS [tag: NEXTJS]
+- App Router: mixing use client and use server incorrectly
+- Pages Router: using App Router APIs (and vice versa)
+- useEffect used to fetch data that should be a Server Component fetch
+- Client component wrapping entire page when only a small part needs interactivity
+- Missing metadata export on page.tsx (SEO impact)
+- Hard-coded absolute URLs instead of relative or env-based
+- API routes not handling all HTTP methods explicitly
+- Missing loading.tsx causing no loading state on navigation
+- Missing not-found.tsx for dynamic routes
+- cookies() or headers() called in a cached Server Component
+- next/headers imported in a Client Component
+- Large third-party scripts not using next/script with correct strategy
+- Missing revalidatePath or revalidateTag after data mutations in Server Actions
+- Server Action not marked with "use server" directive
+- Client component doing a full page data fetch that should be split with Suspense
+- Route handler returning Response without correct Content-Type header
+- Missing generateStaticParams for dynamic routes that should be statically generated
+
+PASS 6 — CODEBASE CONVENTIONS [tag: CONVENTION]
+Using the custom wrappers and standards detected from the EXISTING CODEBASE above:
+- Raw <Text> used when team has a custom Text wrapper
+- Non-string value inside <Text> or custom Text wrapper
+- Raw <TouchableOpacity>/<Pressable> used when team has a custom Button
+- Raw <TextInput> used when team has a custom Input wrapper
+- Raw <Image> used when team has a custom Image/FastImage wrapper
+- Hardcoded hex colors when team has a color token system
+- Magic numbers in StyleSheet when team has spacing/size constants
+- Raw fetch()/axios when team has an API client wrapper
+- Direct useNavigation() when team has a navigation helper
+- Any other pattern where the codebase clearly established a standard and the new code ignores it
+
+PASS 7 — BETTER WAYS TO WRITE IT [tag: SUGGEST]
+- Function longer than ~40 lines doing multiple things — split it
+- Nested ternary in JSX (more than 1 level) — extract to function/component
+- No guard clauses / early returns — happy path buried in nested ifs
+- Imperative for loop where .map/.filter/.reduce is cleaner
+- Manual null checks where optional chaining (?.) suffices
+- Long switch/if-else mapping a value → object lookup table
+- Component with 4+ useState + useEffect → extract custom hook
+- Props not destructured — props.x.y.z repeated many times
+- Destructure with fallbacks at the top instead of scattering optional chaining everywhere:
+    Bad:  user?.profile?.name, user?.profile?.age, user?.profile?.avatar used throughout
+    Good: const { name = '', age = 0, avatar = null } = user?.profile ?? {}
+          then use name, age, avatar cleanly — no ?. needed anywhere below
+- Nested optional chaining repeated 3+ times on the same object — destructure it once at the top of the function/component
+- Function params not destructured with defaults:
+    Bad:  function Card(props) { const title = props.title ?? 'Untitled'; const size = props.size ?? 'md' }
+    Good: function Card({ title = 'Untitled', size = 'md', onPress }) {
+- API response or deeply nested object accessed in multiple places without destructuring:
+    Bad:  response.data.user.address.city, response.data.user.address.zip, response.data.user.address.state
+    Good: const { city, zip, state } = response.data.user.address ?? {}
+- Same fetch + loading + error pattern in 3+ components → custom hook
+- Utility function already exists somewhere → import it
+- Sequential awaits on independent promises → Promise.all
+- Functions with hidden side effects not obvious from name
+- Mixing abstraction levels in one function
+
+PASS 8 — DUPLICATE DETECTION [tag: DUPLICATE]
+Using the EXISTING CODEBASE above:
+- Component functionally identical to an existing one
+- 70%+ structural overlap — should be a prop/variant instead
+- Utility function already in utils/ or lib/
+- Hook logic already extracted elsewhere
+- Reinventing a component from the project's own UI library
+- API fetch logic duplicated — should be a shared service or hook
+
+PASS 9 — NON-FATALS & SILENT FAILURES [tag: NON-FATAL]
+All frameworks:
+- Race condition between concurrent async calls — no AbortController
+- Missing loading/null guard before accessing async data
+- Stale closure in useEffect or event handler
+- Network error not handled — component stuck loading forever
+- Empty catch swallowing errors the user should see
+- Form submission not disabled during loading — double submit possible
+- Missing optimistic update rollback on error
+
+Next.js specific:
+- revalidatePath called with wrong path after mutation — data stays stale
+- Server Action error not surfaced to the user
+- redirect() used in Server Action not imported from next/navigation
+- Cookie set without httpOnly/secure flags on sensitive values
+- fetch() response not checked for ok before parsing JSON
+
+PASS 10 — UNDECLARED & MISSING REFERENCES [tag: UNDECLARED]
+- Variable or constant used but never declared or imported in this file
+- Prop used inside component but not listed in the props interface or destructured params
+- Function called but never defined or imported
+- Hook used but not imported from react (useState, useEffect, useMemo etc)
+- Component rendered in JSX but never imported
+- Type or interface used but never declared or imported
+- Constant referenced but defined in a different scope or file without import
+- Destructured variable that doesn't exist on the object:
+    const { foo } = user  — but user has no foo property based on its type/usage
+- Default export used as named import or vice versa
+- Package imported but not installed — not in package.json dependencies
+- Import path that doesn't match actual file structure (wrong relative path)
+- Re-exported variable from a barrel file that doesn't actually export it
+
+PASS 11 — NAMING & STYLE [tag: STYLE]
+- Vague names: data, info, res, val, temp, handleStuff
+- Boolean not named as predicate: loading → isLoading, modal → isModalOpen
+- Comment explains WHAT instead of WHY
+- Magic number/string without a named constant
+- Dead code: unused imports, variables, commented-out blocks
+- File over ~200 lines — usually doing too much
+
+════════════════════════════════════════════
+OUTPUT FORMAT — FOLLOW EXACTLY:
+════════════════════════════════════════════
+
+For each issue:
+
+[SEVERITY] [TAG] path/to/file.tsx:lineNumber
+Problem: one sentence — what exactly is wrong
+Risk: what happens in production if not fixed
+Fix:
+\`\`\`
+// Before
+<bad code — max 8 lines>
+
+// After
+<fixed code — max 8 lines>
+\`\`\`
+
+Severity:
+  🔴 BLOCK      — security or crash risk. Commit rejected.
+  🟡 WARN       — performance regression or logic bug. Must fix.
+  🔵 SUGGEST    — better way to write it. Educational.
+  🟠 CONVENTION — team has a standard for this. Use it.
+  🟣 WRONG_PKG  — wrong package for this framework. Will crash or not work.
+  🔍 UNDECLARED — variable, prop, or import missing or never declared.
+  ⚪ STYLE      — naming, dead code, readability.
+
+Rules:
+- Group by PASS heading
+- Skip passes with no issues entirely
+- No padding, no encouragement, no generic commentary
+- If nothing found at all: LGTM — no issues found.
+
+After all findings output raw JSON (no markdown):
+REVIEW_METADATA_START
+{
+  "has_blockers": false,
+  "new_patterns_found": ["short description of any new recurring issue type"],
+  "categories_flagged": ["SECURITY","CRASH","HYDRATION","NEXTJS","CONVENTION","WRONG_PKG","UNDECLARED","PERF","SUGGEST","DUPLICATE","NON-FATAL","STYLE"],
+  "top_issue": "one sentence — the single most important thing to fix"
+}
+REVIEW_METADATA_END`;
+}
+
+module.exports = { buildPrompt };

package/src/config.js

@@ -0,0 +1,93 @@
+// ── config.js ─────────────────────────────────────────────
+// Finds .env relative to the git root of whichever sub-project
+// you're currently in. Works in monorepos:
+//
+//   newmecode/nextjs/   → loads newmecode/nextjs/.env
+//   newmecode/mobile/   → loads newmecode/mobile/.env
+//   newmecode/pos/      → loads newmecode/pos/.env
+
+const fs   = require("fs");
+const path = require("path");
+const { execSync } = require("child_process");
+
+// ── Find the nearest .env walking up from cwd ─────────────
+function findEnvFile() {
+  // First try: git root of the immediate repo/sub-project
+  try {
+    const gitRoot = execSync("git rev-parse --show-toplevel", {
+      encoding: "utf8",
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+
+    const envAtGitRoot = path.join(gitRoot, ".env");
+    if (fs.existsSync(envAtGitRoot)) return envAtGitRoot;
+  } catch {
+    // not a git repo — fall through to cwd walk
+  }
+
+  // Second try: walk up from cwd looking for .env
+  let dir = process.cwd();
+  for (let i = 0; i < 6; i++) {
+    const candidate = path.join(dir, ".env");
+    if (fs.existsSync(candidate)) return candidate;
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+
+  return null;
+}
+
+// ── Parse and load .env file ──────────────────────────────
+function loadEnv() {
+  const envPath = findEnvFile();
+  if (!envPath) return;
+
+  const lines = fs.readFileSync(envPath, "utf8").split("\n");
+
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+
+    const eqIndex = trimmed.indexOf("=");
+    if (eqIndex === -1) continue;
+
+    const key   = trimmed.slice(0, eqIndex).trim();
+    const value = trimmed.slice(eqIndex + 1).trim()
+      .replace(/^["']|["']$/g, "");
+
+    if (!process.env[key]) {
+      process.env[key] = value;
+    }
+  }
+
+  if (process.env.AI_REVIEWER_VERBOSE === "true") {
+    process.stderr.write(`  [ai-reviewer] loaded env: ${envPath}\n`);
+  }
+}
+
+loadEnv();
+
+module.exports = {
+ model: process.env.AI_REVIEWER_MODEL || "gemini-1.5-flash",
+apiKey: process.env.GEMINI_API_KEY || process.env.OPENAI_API_KEY || "",
+
+  reviewerDir:   ".ai-reviewer",
+  patternsFile:  ".ai-reviewer/patterns.json",
+  contextFile:   ".ai-reviewer/codebase-context.json",
+  logFile:       ".ai-reviewer/review-log.jsonl",
+  dashboardFile: ".ai-reviewer/dashboard.html",
+
+  maxContextLines:  60,
+  maxDiffChars:     14000,
+  maxSnapshotFiles: 80,
+
+  extensions:     [".tsx", ".jsx", ".ts", ".js"],
+  srcDirs:        ["src", "app", "components", "screens", "hooks", "utils", "lib", "features", "pages","containers"],
+  ignorePatterns: ["__tests__", ".test.", ".spec.", "node_modules", ".min.", "dist/", "build/", ".d.ts"],
+
+  maxRecurringIssues: 50,
+  maxBlindSpots:      10,
+
+  verbose: process.env.AI_REVIEWER_VERBOSE === "true",
+};

package/src/index.js

@@ -0,0 +1,94 @@
+const config = require("./config");
+const { bootstrap, loadPatterns, updateMemory } = require("./memory");
+const { getStagedFiles, getStagedDiff, buildCodebaseSnapshot, getGitInfo } = require("./analyzer/git");
+const { buildPrompt } = require("./analyzer/prompt");
+const { callAI, parseMetadata } = require("./analyzer/api");
+const { printDivider, printHeader, printReview, printVerdict, C } = require("./output/colors");
+
+const isDryRun = process.argv.includes("--dry-run");
+
+async function main() {
+  const hasKey =
+    process.env.ANTHROPIC_API_KEY ||
+    process.env.GEMINI_API_KEY    ||
+    process.env.OPENAI_API_KEY;
+
+  if (!hasKey) {
+    process.stderr.write(
+      `${C.yellow}⚠  No API key found — add to .env:\n` +
+      `   ANTHROPIC_API_KEY=...  (recommended, $5 free)\n` +
+      `   GEMINI_API_KEY=...     (free tier)\n` +
+      `   OPENAI_API_KEY=...     (paid)${C.reset}\n`
+    );
+    process.exit(0);
+  }
+
+  bootstrap();
+
+  const stagedFiles = getStagedFiles();
+  if (!stagedFiles.length) {
+    if (config.verbose) process.stdout.write("No React/RN files staged — skipping.\n");
+    process.exit(0);
+  }
+
+  if (isDryRun) {
+    process.stdout.write(`${C.cyan}[dry-run] Would review: ${stagedFiles.join(", ")}${C.reset}\n`);
+    process.exit(0);
+  }
+
+  const diff = getStagedDiff(stagedFiles);
+  if (!diff) {
+    if (config.verbose) process.stdout.write("Empty diff — skipping.\n");
+    process.exit(0);
+  }
+
+  const patterns = loadPatterns();
+  const gitInfo  = getGitInfo();
+
+  printHeader(stagedFiles.length, patterns.total_commits_reviewed, patterns.team_blind_spots);
+
+  if (config.verbose) {
+    process.stdout.write(`  Branch: ${gitInfo.branch}  |  Author: ${gitInfo.author}\n\n`);
+  }
+
+  process.stdout.write(`  Building codebase snapshot...\n`);
+  const codebaseSnapshot = buildCodebaseSnapshot(stagedFiles);
+
+  const provider =
+    process.env.ANTHROPIC_API_KEY ? "Anthropic" :
+    process.env.GEMINI_API_KEY    ? "Gemini"    : "OpenAI";
+  process.stdout.write(`  Sending to ${provider}...\n\n`);
+
+  let review;
+  try {
+    const prompt = buildPrompt({ diff, codebaseSnapshot, patterns });
+    review = await callAI(prompt);
+  } catch (err) {
+    process.stderr.write(`${C.yellow}⚠  ${err.message} — skipping review${C.reset}\n`);
+    process.exit(0);
+  }
+
+  if (!review) {
+    process.stderr.write(`${C.yellow}⚠  Empty response — skipping review${C.reset}\n`);
+    process.exit(0);
+  }
+
+  printDivider();
+  if (review.includes("LGTM")) {
+    process.stdout.write(`${C.green}${C.bold}  ✓  LGTM — no issues found${C.reset}\n`);
+  } else {
+    printReview(review);
+  }
+  printDivider();
+
+  const metadata        = parseMetadata(review);
+  const updatedPatterns = updateMemory(metadata, stagedFiles);
+  printVerdict(metadata.has_blockers, metadata.top_issue, updatedPatterns);
+
+  process.exit(metadata.has_blockers ? 1 : 0);
+}
+
+main().catch((err) => {
+  process.stderr.write(`${C.red}AI reviewer error: ${err.message}${C.reset}\n`);
+  process.exit(0);
+});