diffprism 0.28.0 → 0.31.0

package/dist/bin.js

@@ -6,7 +6,7 @@ import {
   startGlobalServer,
   startReview,
   startWatch
-} from "./chunk-VPIL4KYB.js";
+} from "./chunk-OJ723D6Z.js";
 
 // cli/src/index.ts
 import { Command } from "commander";
@@ -140,10 +140,46 @@ Use this pattern:
 
 You can also check for feedback without blocking by calling \`get_review_result\` without \`wait\` at natural breakpoints (between tasks, before committing, etc.).
 
+## Self-Review: Headless Analysis Tools
+
+DiffPrism provides two headless tools that return analysis data as JSON without opening a browser. Use these to check your own work before requesting human review.
+
+### Available Headless Tools
+
+- **\`mcp__diffprism__get_diff\`** \u2014 Returns a structured \`DiffSet\` (files, hunks, additions/deletions) for a given diff ref. Use this to inspect exactly what changed.
+- **\`mcp__diffprism__analyze_diff\`** \u2014 Returns a \`ReviewBriefing\` with summary, file triage, impact detection, complexity scores, test coverage gaps, and pattern flags (security issues, TODOs, console.logs left in, etc.).
+
+Both accept a \`diff_ref\` parameter: \`"staged"\`, \`"unstaged"\`, \`"working-copy"\`, or a git range like \`"HEAD~3..HEAD"\`.
+
+### Self-Review Loop
+
+When you've finished writing code and before requesting human review, use this pattern:
+
+1. **Analyze your changes:** Call \`mcp__diffprism__analyze_diff\` with \`diff_ref: "working-copy"\`
+2. **Check the briefing for issues:**
+   - \`patterns\` \u2014 Look for console.logs, TODOs, security flags, disabled tests
+   - \`testCoverage\` \u2014 Check if changed source files have corresponding test changes
+   - \`complexity\` \u2014 Review high-complexity scores
+   - \`impact.newDependencies\` \u2014 Verify any new deps are intentional
+   - \`impact.breakingChanges\` \u2014 Confirm breaking changes are expected
+3. **Fix any issues found** \u2014 Remove debug statements, add missing tests, address security flags
+4. **Re-analyze** \u2014 Run \`analyze_diff\` again to confirm the issues are resolved
+5. **Open for human review** \u2014 Once clean, use \`/review\` or \`open_review\` for final human sign-off
+
+This loop catches common issues (leftover console.logs, missing tests, security anti-patterns) before the human reviewer sees them, making reviews faster and more focused.
+
+### When to Use Headless Tools
+
+- **After completing a coding task** \u2014 Self-check before requesting review
+- **During implementation** \u2014 Periodically check for patterns and issues as you work
+- **Before committing** \u2014 Quick sanity check on what's about to be committed
+- **Do NOT use these as a replacement for human review** \u2014 They complement, not replace, \`/review\`
+
 ## Behavior Rules
 
 - **IMPORTANT: Do NOT open reviews automatically.** Only open a review when the user explicitly invokes \`/review\` or directly asks for a review.
 - Do NOT open reviews before commits, after code changes, or at any other time unless the user requests it.
+- Headless tools (\`get_diff\`, \`analyze_diff\`) can be used proactively during development without explicit user request \u2014 they don't open a browser or interrupt the user.
 - Power users can create \`diffprism.config.json\` manually to customize defaults (diff scope, reasoning).
 `;
 
@@ -203,7 +239,12 @@ function setupClaudeSettings(baseDir, force) {
   const toolNames = [
     "mcp__diffprism__open_review",
     "mcp__diffprism__update_review_context",
-    "mcp__diffprism__get_review_result"
+    "mcp__diffprism__get_review_result",
+    "mcp__diffprism__get_diff",
+    "mcp__diffprism__analyze_diff",
+    "mcp__diffprism__add_annotation",
+    "mcp__diffprism__get_review_state",
+    "mcp__diffprism__flag_for_attention"
   ];
   const allPresent = toolNames.every((t) => allow.includes(t));
   if (allPresent && !force) {
@@ -433,7 +474,12 @@ function isGlobalSetupDone() {
   const toolNames = [
     "mcp__diffprism__open_review",
     "mcp__diffprism__update_review_context",
-    "mcp__diffprism__get_review_result"
+    "mcp__diffprism__get_review_result",
+    "mcp__diffprism__get_diff",
+    "mcp__diffprism__analyze_diff",
+    "mcp__diffprism__add_annotation",
+    "mcp__diffprism__get_review_state",
+    "mcp__diffprism__flag_for_attention"
   ];
   return toolNames.every((t) => allow.includes(t));
 }
@@ -476,7 +522,12 @@ function teardownClaudePermissions(baseDir) {
   const toolNames = [
     "mcp__diffprism__open_review",
     "mcp__diffprism__update_review_context",
-    "mcp__diffprism__get_review_result"
+    "mcp__diffprism__get_review_result",
+    "mcp__diffprism__get_diff",
+    "mcp__diffprism__analyze_diff",
+    "mcp__diffprism__add_annotation",
+    "mcp__diffprism__get_review_state",
+    "mcp__diffprism__flag_for_attention"
   ];
   const filtered = allow.filter((t) => !toolNames.includes(t));
   if (filtered.length === allow.length) {
@@ -836,7 +887,7 @@ async function serverStop() {
 
 // cli/src/index.ts
 var program = new Command();
-program.name("diffprism").description("Local-first code review tool for agent-generated changes").version(true ? "0.28.0" : "0.0.0-dev");
+program.name("diffprism").description("Local-first code review tool for agent-generated changes").version(true ? "0.31.0" : "0.0.0-dev");
 program.command("review [ref]").description("Open a browser-based diff review").option("--staged", "Review staged changes").option("--unstaged", "Review unstaged changes").option("-t, --title <title>", "Review title").option("--dev", "Use Vite dev server with HMR instead of static files").action(review);
 program.command("start [ref]").description("Set up DiffPrism and start watching for changes").option("--staged", "Watch staged changes").option("--unstaged", "Watch unstaged changes").option("-t, --title <title>", "Review title").option("--interval <ms>", "Poll interval in milliseconds (default: 1000)").option("--dev", "Use Vite dev server with HMR instead of static files").option("--global", "Install skill globally (~/.claude/skills/)").option("--force", "Overwrite existing configuration files").action(start);
 program.command("watch [ref]").description("Start a persistent diff watcher with live-updating browser UI").option("--staged", "Watch staged changes").option("--unstaged", "Watch unstaged changes").option("-t, --title <title>", "Review title").option("--interval <ms>", "Poll interval in milliseconds (default: 1000)").option("--dev", "Use Vite dev server with HMR instead of static files").action(watch);

package/dist/{chunk-VPIL4KYB.js → chunk-OJ723D6Z.js}

@@ -116,6 +116,46 @@ function listCommits(options) {
     return [];
   }
 }
+function detectWorktree(options) {
+  const cwd = options?.cwd ?? process.cwd();
+  try {
+    const gitDir = execSync("git rev-parse --git-dir", {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    const gitCommonDir = execSync("git rev-parse --git-common-dir", {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    const resolvedGitDir = path.resolve(cwd, gitDir);
+    const resolvedCommonDir = path.resolve(cwd, gitCommonDir);
+    const isWorktree = resolvedGitDir !== resolvedCommonDir;
+    if (!isWorktree) {
+      return { isWorktree: false };
+    }
+    const worktreePath = execSync("git rev-parse --show-toplevel", {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    const mainWorktreePath = path.dirname(resolvedCommonDir);
+    const branch = execSync("git rev-parse --abbrev-ref HEAD", {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    return {
+      isWorktree: true,
+      worktreePath,
+      mainWorktreePath,
+      branch: branch === "HEAD" ? void 0 : branch
+    };
+  } catch {
+    return { isWorktree: false };
+  }
+}
 function getUntrackedDiffs(cwd) {
   let untrackedList;
   try {
@@ -398,17 +438,138 @@ function getWorkingCopyDiff(options) {
 }
 
 // packages/analysis/src/deterministic.ts
+var MECHANICAL_CONFIG_PATTERNS = [
+  /\.config\./,
+  /\.eslintrc/,
+  /\.prettierrc/,
+  /tsconfig.*\.json$/,
+  /\.gitignore$/,
+  /\.lock$/
+];
+var API_SURFACE_PATTERNS = [
+  /\/api\//,
+  /\/routes\//
+];
+function isFormattingOnly(file) {
+  if (file.hunks.length === 0) return false;
+  for (const hunk of file.hunks) {
+    const adds = hunk.changes.filter((c) => c.type === "add").map((c) => c.content.replace(/\s/g, ""));
+    const deletes = hunk.changes.filter((c) => c.type === "delete").map((c) => c.content.replace(/\s/g, ""));
+    if (adds.length === 0 || deletes.length === 0) return false;
+    const deleteBag = [...deletes];
+    for (const add of adds) {
+      const idx = deleteBag.indexOf(add);
+      if (idx === -1) return false;
+      deleteBag.splice(idx, 1);
+    }
+    if (deleteBag.length > 0) return false;
+  }
+  return true;
+}
+function isImportOnly(file) {
+  if (file.hunks.length === 0) return false;
+  const importPattern = /^\s*(import\s|export\s.*from\s|const\s+\w+\s*=\s*require\(|require\()/;
+  for (const hunk of file.hunks) {
+    for (const change of hunk.changes) {
+      if (change.type === "context") continue;
+      const trimmed = change.content.trim();
+      if (trimmed === "") continue;
+      if (!importPattern.test(trimmed)) return false;
+    }
+  }
+  return true;
+}
+function isMechanicalConfigFile(path7) {
+  return MECHANICAL_CONFIG_PATTERNS.some((re) => re.test(path7));
+}
+function isApiSurface(file) {
+  if (API_SURFACE_PATTERNS.some((re) => re.test(file.path))) return true;
+  const basename = file.path.slice(file.path.lastIndexOf("/") + 1);
+  if ((basename === "index.ts" || basename === "index.js") && file.additions >= 10) {
+    return true;
+  }
+  return false;
+}
 function categorizeFiles(files) {
-  const notable = files.map((f) => ({
-    file: f.path,
-    description: `${f.status} (${f.language || "unknown"}) +${f.additions} -${f.deletions}`,
-    reason: "Uncategorized in M0 \u2014 placed in notable by default"
-  }));
-  return {
-    critical: [],
-    notable,
-    mechanical: []
-  };
+  const critical = [];
+  const notable = [];
+  const mechanical = [];
+  const securityFlags = detectSecurityPatterns(files);
+  const complexityScores = computeComplexityScores(files);
+  const securityByFile = /* @__PURE__ */ new Map();
+  for (const flag of securityFlags) {
+    const existing = securityByFile.get(flag.file) || [];
+    existing.push(flag);
+    securityByFile.set(flag.file, existing);
+  }
+  const complexityByFile = /* @__PURE__ */ new Map();
+  for (const score of complexityScores) {
+    complexityByFile.set(score.path, score);
+  }
+  for (const file of files) {
+    const description = `${file.status} (${file.language || "unknown"}) +${file.additions} -${file.deletions}`;
+    const fileSecurityFlags = securityByFile.get(file.path);
+    const fileComplexity = complexityByFile.get(file.path);
+    const criticalReasons = [];
+    if (fileSecurityFlags && fileSecurityFlags.length > 0) {
+      const patterns = fileSecurityFlags.map((f) => f.pattern);
+      const unique = [...new Set(patterns)];
+      criticalReasons.push(`security patterns detected: ${unique.join(", ")}`);
+    }
+    if (fileComplexity && fileComplexity.score >= 8) {
+      criticalReasons.push(`high complexity score (${fileComplexity.score}/10)`);
+    }
+    if (isApiSurface(file)) {
+      criticalReasons.push("modifies public API surface");
+    }
+    if (criticalReasons.length > 0) {
+      critical.push({
+        file: file.path,
+        description,
+        reason: `Critical: ${criticalReasons.join("; ")}`
+      });
+      continue;
+    }
+    const isPureRename = file.status === "renamed" && file.additions === 0 && file.deletions === 0;
+    if (isPureRename) {
+      mechanical.push({
+        file: file.path,
+        description,
+        reason: "Mechanical: pure rename with no content changes"
+      });
+      continue;
+    }
+    if (isFormattingOnly(file)) {
+      mechanical.push({
+        file: file.path,
+        description,
+        reason: "Mechanical: formatting/whitespace-only changes"
+      });
+      continue;
+    }
+    if (isMechanicalConfigFile(file.path)) {
+      mechanical.push({
+        file: file.path,
+        description,
+        reason: "Mechanical: config file change"
+      });
+      continue;
+    }
+    if (file.hunks.length > 0 && isImportOnly(file)) {
+      mechanical.push({
+        file: file.path,
+        description,
+        reason: "Mechanical: import/require-only changes"
+      });
+      continue;
+    }
+    notable.push({
+      file: file.path,
+      description,
+      reason: "Notable: requires review"
+    });
+  }
+  return { critical, notable, mechanical };
 }
 function computeFileStats(files) {
   return files.map((f) => ({
@@ -584,15 +745,15 @@ var CONFIG_PATTERNS = [
   /vite\.config/,
   /vitest\.config/
 ];
-function isTestFile(path6) {
-  return TEST_PATTERNS.some((re) => re.test(path6));
+function isTestFile(path7) {
+  return TEST_PATTERNS.some((re) => re.test(path7));
 }
-function isNonCodeFile(path6) {
-  const ext = path6.slice(path6.lastIndexOf("."));
+function isNonCodeFile(path7) {
+  const ext = path7.slice(path7.lastIndexOf("."));
   return NON_CODE_EXTENSIONS.has(ext);
 }
-function isConfigFile(path6) {
-  return CONFIG_PATTERNS.some((re) => re.test(path6));
+function isConfigFile(path7) {
+  return CONFIG_PATTERNS.some((re) => re.test(path7));
 }
 function detectTestCoverageGaps(files) {
   const filePaths = new Set(files.map((f) => f.path));
@@ -1289,11 +1450,17 @@ async function startReview(options) {
   const briefing = analyze(diffSet);
   const session = createSession(options);
   updateSession(session.id, { status: "in_progress" });
+  const worktreeInfo = detectWorktree({ cwd });
   const metadata = {
     title,
     description,
     reasoning,
-    currentBranch
+    currentBranch,
+    worktree: worktreeInfo.isWorktree ? {
+      isWorktree: true,
+      worktreePath: worktreeInfo.worktreePath,
+      mainWorktreePath: worktreeInfo.mainWorktreePath
+    } : void 0
   };
   let poller = null;
   const [bridgePort, httpPort] = await Promise.all([
@@ -1901,6 +2068,7 @@ async function handleApiRequest(req, res) {
         existingSession.lastDiffHash = diffRef ? hashDiff(payload.rawDiff) : void 0;
         existingSession.lastDiffSet = diffRef ? payload.diffSet : void 0;
         existingSession.hasNewChanges = false;
+        existingSession.annotations = [];
         if (diffRef && hasConnectedClients()) {
           startSessionWatcher(sessionId);
         }
@@ -1929,7 +2097,8 @@ async function handleApiRequest(req, res) {
           diffRef,
           lastDiffHash: diffRef ? hashDiff(payload.rawDiff) : void 0,
           lastDiffSet: diffRef ? payload.diffSet : void 0,
-          hasNewChanges: false
+          hasNewChanges: false,
+          annotations: []
         };
         sessions2.set(sessionId, session);
         if (diffRef && hasConnectedClients()) {
@@ -2028,6 +2197,65 @@ async function handleApiRequest(req, res) {
     }
     return true;
   }
+  const postAnnotationParams = matchRoute(method, url, "POST", "/api/reviews/:id/annotations");
+  if (postAnnotationParams) {
+    const session = sessions2.get(postAnnotationParams.id);
+    if (!session) {
+      jsonResponse(res, 404, { error: "Session not found" });
+      return true;
+    }
+    try {
+      const body = await readBody(req);
+      const { file, line, body: annotationBody, type, confidence, category, source } = JSON.parse(body);
+      const annotation = {
+        id: randomUUID(),
+        sessionId: session.id,
+        file,
+        line,
+        body: annotationBody,
+        type,
+        confidence: confidence ?? 1,
+        category: category ?? "other",
+        source,
+        createdAt: Date.now()
+      };
+      session.annotations.push(annotation);
+      sendToSessionClients(session.id, {
+        type: "annotation:added",
+        payload: annotation
+      });
+      jsonResponse(res, 200, { annotationId: annotation.id });
+    } catch {
+      jsonResponse(res, 400, { error: "Invalid request body" });
+    }
+    return true;
+  }
+  const getAnnotationsParams = matchRoute(method, url, "GET", "/api/reviews/:id/annotations");
+  if (getAnnotationsParams) {
+    const session = sessions2.get(getAnnotationsParams.id);
+    if (!session) {
+      jsonResponse(res, 404, { error: "Session not found" });
+      return true;
+    }
+    jsonResponse(res, 200, { annotations: session.annotations });
+    return true;
+  }
+  const dismissAnnotationParams = matchRoute(method, url, "POST", "/api/reviews/:id/annotations/:annotationId/dismiss");
+  if (dismissAnnotationParams) {
+    const session = sessions2.get(dismissAnnotationParams.id);
+    if (!session) {
+      jsonResponse(res, 404, { error: "Session not found" });
+      return true;
+    }
+    const annotation = session.annotations.find((a) => a.id === dismissAnnotationParams.annotationId);
+    if (!annotation) {
+      jsonResponse(res, 404, { error: "Annotation not found" });
+      return true;
+    }
+    annotation.dismissed = true;
+    jsonResponse(res, 200, { ok: true });
+    return true;
+  }
   const deleteParams = matchRoute(method, url, "DELETE", "/api/reviews/:id");
   if (deleteParams) {
     stopSessionWatcher(deleteParams.id);
@@ -2340,8 +2568,14 @@ Waiting for reviews...
   return { httpPort, wsPort, stop };
 }
 
+// packages/core/src/review-history.ts
+import fs4 from "fs";
+import path6 from "path";
+import { randomUUID as randomUUID2 } from "crypto";
+
 export {
   getCurrentBranch,
+  detectWorktree,
   getDiff,
   analyze,
   readWatchFile,