ghagga-core 2.5.0 → 2.6.0

package/dist/utils/path-protection.js

@@ -0,0 +1,136 @@
+/**
+ * Three-tier path protection for sensitive files.
+ *
+ * Provides a non-overridable security layer that filters sensitive files
+ * BEFORE user-configurable ignorePatterns are applied. This ensures that
+ * secrets, credentials, and private keys are never sent to the LLM for review.
+ *
+ * Tiers:
+ *   1. ZERO_ACCESS  — hardcoded, content never sent to LLM, non-overridable
+ *   2. REDACT       — content replaced with redaction notice, path still visible
+ *   3. User ignore  — existing configurable ignorePatterns (handled in diff.ts)
+ */
+import { minimatch } from 'minimatch';
+// ─── Constants ──────────────────────────────────────────────────
+/** Redaction notice used to replace content of REDACT-tier files. */
+export const REDACTED_CONTENT = '[REDACTED — sensitive file detected by GHAGGA path protection]';
+/**
+ * Tier 1 — ZERO_ACCESS patterns.
+ *
+ * Files matching these patterns are completely blocked from the review
+ * pipeline. Their content is never sent to the LLM. These patterns are
+ * hardcoded and cannot be overridden by user configuration.
+ */
+export const ZERO_ACCESS_PATTERNS = [
+    // Environment files
+    '.env',
+    '.env.*',
+    // Private keys and certificates
+    '*.pem',
+    '*.key',
+    '*.p12',
+    '*.pfx',
+    '*.jks',
+    '*.keystore',
+    // SSH keys
+    'id_rsa',
+    'id_ed25519',
+    'id_ecdsa',
+    '*.pub',
+    // Cloud credentials
+    'credentials.json',
+    'service-account*.json',
+    'gcloud*.json',
+    // Package manager credentials
+    '.npmrc',
+    '.pypirc',
+    '.gem/credentials',
+    // Container and cluster configs
+    '.docker/config.json',
+    'kubeconfig',
+    'kube/config',
+    // Directory-level patterns
+    '**/.aws/*',
+    '**/.ssh/*',
+    '**/.gnupg/*',
+    // Generic secrets
+    '*.secret',
+    '*.secrets',
+    'secrets.yml',
+    'secrets.yaml',
+    'vault.yml',
+];
+/**
+ * Tier 2 — REDACT patterns.
+ *
+ * Files matching these patterns have their content replaced with a
+ * redaction notice. The file path is still visible in the review so
+ * reviewers know the file was changed, but the actual content is not
+ * sent to the LLM.
+ */
+export const REDACT_PATTERNS = [
+    // Environment templates (may leak structure)
+    '.env.example',
+    '.env.sample',
+    '.env.template',
+    // Docker Compose (may contain credentials in environment blocks)
+    'docker-compose*.yml',
+    // Terraform state and variables (may contain secrets)
+    '**/terraform.tfvars',
+    '**/terraform.tfstate*',
+];
+// ─── Matching Options ───────────────────────────────────────────
+/** Minimatch options used for all path protection matching. */
+const MATCH_OPTIONS = { dot: true, matchBase: true };
+/**
+ * Apply three-tier path protection to a set of diff files.
+ *
+ * This function is pure and deterministic. It processes files in the
+ * following order:
+ *   1. Check against REDACT patterns first — these are specific exceptions
+ *      (e.g., `.env.example`) that would otherwise be caught by broader
+ *      ZERO_ACCESS globs (e.g., `.env.*`). Content is replaced.
+ *   2. Check against ZERO_ACCESS patterns — block entirely
+ *   3. Everything else passes through untouched
+ *
+ * @param files - Array of DiffFile objects from the parsed diff
+ * @returns Object with allowed, redacted, and blocked files
+ */
+export function applyPathProtection(files) {
+    const allowed = [];
+    const redacted = [];
+    const blocked = [];
+    for (const file of files) {
+        if (matchesAnyPattern(file.path, REDACT_PATTERNS)) {
+            // Tier 2: REDACT — checked first because REDACT patterns are more
+            // specific exceptions (e.g. .env.example) that would otherwise be
+            // caught by broader ZERO_ACCESS globs (e.g. .env.*)
+            redacted.push({
+                path: file.path,
+                additions: file.additions,
+                deletions: file.deletions,
+                content: REDACTED_CONTENT,
+            });
+        }
+        else if (matchesAnyPattern(file.path, ZERO_ACCESS_PATTERNS)) {
+            // Tier 1: ZERO_ACCESS — broad security patterns
+            blocked.push(file.path);
+        }
+        else {
+            allowed.push(file);
+        }
+    }
+    return { allowed, redacted, blocked };
+}
+// ─── Internal Helpers ───────────────────────────────────────────
+/**
+ * Check if a file path matches any of the given glob patterns.
+ *
+ * Uses minimatch with `{ dot: true, matchBase: true }` to ensure:
+ *   - Dotfiles are matched (e.g., `.env`)
+ *   - Basename matching works (e.g., `.env` matches `src/.env`)
+ */
+function matchesAnyPattern(filePath, patterns) {
+    return patterns.some((pattern) => minimatch(filePath, pattern, MATCH_OPTIONS));
+}
+//# sourceMappingURL=path-protection.js.map

package/dist/utils/path-protection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-protection.js","sourceRoot":"","sources":["../../src/utils/path-protection.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,mEAAmE;AAEnE,qEAAqE;AACrE,MAAM,CAAC,MAAM,gBAAgB,GAAG,gEAAgE,CAAC;AAEjG;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAsB;IACrD,oBAAoB;IACpB,MAAM;IACN,QAAQ;IAER,gCAAgC;IAChC,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,YAAY;IAEZ,WAAW;IACX,QAAQ;IACR,YAAY;IACZ,UAAU;IACV,OAAO;IAEP,oBAAoB;IACpB,kBAAkB;IAClB,uBAAuB;IACvB,cAAc;IAEd,8BAA8B;IAC9B,QAAQ;IACR,SAAS;IACT,kBAAkB;IAElB,gCAAgC;IAChC,qBAAqB;IACrB,YAAY;IACZ,aAAa;IAEb,2BAA2B;IAC3B,WAAW;IACX,WAAW;IACX,aAAa;IAEb,kBAAkB;IAClB,UAAU;IACV,WAAW;IACX,aAAa;IACb,cAAc;IACd,WAAW;CACH,CAAC;AAEX;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,6CAA6C;IAC7C,cAAc;IACd,aAAa;IACb,eAAe;IAEf,iEAAiE;IACjE,qBAAqB;IAErB,sDAAsD;IACtD,qBAAqB;IACrB,uBAAuB;CACf,CAAC;AAEX,mEAAmE;AAEnE,+DAA+D;AAC/D,MAAM,aAAa,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAW,CAAC;AAkB9D;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAiB;IACnD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAe,EAAE,CAAC;IAChC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,EAAE,CAAC;YAClD,kEAAkE;YAClE,kEAAkE;YAClE,oDAAoD;YACpD,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,gBAAgB;aAC1B,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,EAAE,CAAC;YAC9D,gDAAgD;YAChD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACxC,CAAC;AAED,mEAAmE;AAEnE;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,QAA2B;IACtE,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AACjF,CAAC"}

package/dist/utils/token-budget.d.ts

@@ -5,11 +5,20 @@
  * provides utilities to calculate how much of the token budget should
  * be allocated to the diff vs. surrounding context (system prompt,
  * static analysis, memory, stack hints).
+ *
+ * For providers with low TPM (Tokens Per Minute) limits on free tiers
+ * (e.g., Groq, Cerebras), the effective context window is capped to
+ * ensure individual requests don't exceed the TPM limit.
  */
 /**
  * Get the context window size for a given model.
  *
- * @param model - Model identifier (e.g., "claude-sonnet-4-20250514", "gpt-4o")
+ * Handles model name normalization:
+ * - Strips common prefixes (e.g., "openai/gpt-oss-120b" → lookup "openai/gpt-oss-120b" first,
+ *   then try "gpt-oss-120b")
+ * - Falls back to DEFAULT_CONTEXT_WINDOW for truly unknown models
+ *
+ * @param model - Model identifier (e.g., "claude-sonnet-4-20250514", "openai/gpt-oss-120b")
  * @returns Context window size in tokens
  */
 export declare function getContextWindow(model: string): number;
@@ -21,6 +30,10 @@ export declare function getContextWindow(model: string): number;
  * This ensures the diff always has enough room while leaving space
  * for enrichment.
  *
+ * For very constrained models (e.g., Groq free tier with 6K effective window),
+ * the budgets are still split 70/30 but the absolute numbers are much smaller,
+ * ensuring the diff is aggressively truncated to fit.
+ *
  * @param model - Model identifier
  * @returns Object with diffBudget and contextBudget in tokens
  */
@@ -28,4 +41,24 @@ export declare function calculateTokenBudget(model: string): {
     diffBudget: number;
     contextBudget: number;
 };
+/**
+ * Calculate concurrency and delay for workflow/consensus specialists
+ * based on the model's effective token budget (TPM for free tiers).
+ *
+ * For free-tier models with low TPM:
+ *   - concurrency=1, delay=60s → one specialist per minute
+ *
+ * For mid-range models:
+ *   - concurrency=2, delay=30s → two at a time with gaps
+ *
+ * For high-capacity models:
+ *   - concurrency=5, delay=0 → full parallel, no delays
+ *
+ * @param model - Model identifier
+ * @returns { concurrency, delayMs } for runWithConcurrency
+ */
+export declare function calculateRateSchedule(model: string): {
+    concurrency: number;
+    delayMs: number;
+};
 //# sourceMappingURL=token-budget.d.ts.map

package/dist/utils/token-budget.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-budget.d.ts","sourceRoot":"","sources":["../../src/utils/token-budget.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAyCH;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB,CAOA"}
+{"version":3,"file":"token-budget.d.ts","sourceRoot":"","sources":["../../src/utils/token-budget.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAoFH;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAgBtD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG;IACnD,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB,CAOA;AAiBD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAiBA"}

package/dist/utils/token-budget.js

@@ -5,6 +5,10 @@
  * provides utilities to calculate how much of the token budget should
  * be allocated to the diff vs. surrounding context (system prompt,
  * static analysis, memory, stack hints).
+ *
+ * For providers with low TPM (Tokens Per Minute) limits on free tiers
+ * (e.g., Groq, Cerebras), the effective context window is capped to
+ * ensure individual requests don't exceed the TPM limit.
  */
 // ─── Context Window Sizes ───────────────────────────────────────
 /**
@@ -14,12 +18,15 @@
 const MODEL_CONTEXT_WINDOWS = {
     // Anthropic
     'claude-sonnet-4-20250514': 200_000,
+    'claude-opus-4-20250514': 200_000,
+    'claude-haiku-4-20250414': 200_000,
     'claude-3-5-sonnet-20241022': 200_000,
     'claude-3-5-haiku-20241022': 200_000,
     // OpenAI
     'gpt-4o': 128_000,
     'gpt-4o-mini': 128_000,
     'gpt-4-turbo': 128_000,
+    'o3-mini': 128_000,
     // Google
     'gemini-2.5-flash': 1_048_576,
     'gemini-2.5-flash-lite': 1_048_576,
@@ -29,9 +36,43 @@ const MODEL_CONTEXT_WINDOWS = {
     'gemini-2.0-flash-lite': 1_048_576,
     'gemini-1.5-pro': 2_097_152,
     'gemini-1.5-flash': 1_048_576,
+    // Groq — context windows are large but FREE-TIER TPM limits are very low.
+    // We cap to TPM limit since Groq rejects any single request exceeding TPM.
+    // Free tier TPM: gpt-oss-120b=8K, llama-3.3-70b=12K, llama-3.1-8b=6K
+    'openai/gpt-oss-120b': 6_000,
+    'llama-3.3-70b-versatile': 8_000,
+    'llama-3.1-70b-versatile': 8_000,
+    'llama-3.1-8b-instant': 4_000,
+    'gemma2-9b-it': 6_000,
+    'mixtral-8x7b-32768': 12_000,
+    'qwen-qwq-32b': 8_000,
+    // Cerebras — very fast inference, generous limits
+    'llama3.1-8b': 128_000,
+    'qwen-3-235b-a22b-instruct-2507': 128_000,
+    'zai-glm-4.7': 128_000,
+    // DeepSeek
+    'deepseek-chat': 64_000,
+    'deepseek-reasoner': 64_000,
+    // GitHub Models
+    'Phi-4': 16_000,
+    'Mistral-Large-2411': 128_000,
+    'DeepSeek-R1': 64_000,
+    // Qwen
+    'qwen-coder-plus': 128_000,
+    'qwen-plus': 128_000,
+    'qwen-max': 32_000,
+    'qwen-turbo': 128_000,
+    'qwen-coder-turbo': 128_000,
+    'qwen-long': 1_000_000,
 };
 /** Default context window when the model is not in our lookup table. */
 const DEFAULT_CONTEXT_WINDOW = 128_000;
+/**
+ * Minimum effective context window.
+ * Even for the most constrained models, we need at least this much
+ * to produce a meaningful review (system prompt + small diff).
+ */
+const MINIMUM_CONTEXT_WINDOW = 2_000;
 /** Fraction of total budget allocated to the diff content. */
 const DIFF_BUDGET_RATIO = 0.7;
 /** Fraction of total budget allocated to context (system, memory, static analysis). */
@@ -40,11 +81,28 @@ const CONTEXT_BUDGET_RATIO = 0.3;
 /**
  * Get the context window size for a given model.
  *
- * @param model - Model identifier (e.g., "claude-sonnet-4-20250514", "gpt-4o")
+ * Handles model name normalization:
+ * - Strips common prefixes (e.g., "openai/gpt-oss-120b" → lookup "openai/gpt-oss-120b" first,
+ *   then try "gpt-oss-120b")
+ * - Falls back to DEFAULT_CONTEXT_WINDOW for truly unknown models
+ *
+ * @param model - Model identifier (e.g., "claude-sonnet-4-20250514", "openai/gpt-oss-120b")
  * @returns Context window size in tokens
  */
 export function getContextWindow(model) {
-    return MODEL_CONTEXT_WINDOWS[model] ?? DEFAULT_CONTEXT_WINDOW;
+    // Direct lookup first
+    if (model in MODEL_CONTEXT_WINDOWS) {
+        return MODEL_CONTEXT_WINDOWS[model] ?? DEFAULT_CONTEXT_WINDOW;
+    }
+    // Try without provider prefix (e.g., "deepseek/deepseek-chat" → "deepseek-chat")
+    const slashIndex = model.indexOf('/');
+    if (slashIndex !== -1) {
+        const modelWithoutPrefix = model.slice(slashIndex + 1);
+        if (modelWithoutPrefix in MODEL_CONTEXT_WINDOWS) {
+            return MODEL_CONTEXT_WINDOWS[modelWithoutPrefix] ?? DEFAULT_CONTEXT_WINDOW;
+        }
+    }
+    return DEFAULT_CONTEXT_WINDOW;
 }
 /**
  * Calculate token budgets for diff and context.
@@ -54,14 +112,61 @@ export function getContextWindow(model) {
  * This ensures the diff always has enough room while leaving space
  * for enrichment.
  *
+ * For very constrained models (e.g., Groq free tier with 6K effective window),
+ * the budgets are still split 70/30 but the absolute numbers are much smaller,
+ * ensuring the diff is aggressively truncated to fit.
+ *
  * @param model - Model identifier
  * @returns Object with diffBudget and contextBudget in tokens
  */
 export function calculateTokenBudget(model) {
-    const total = getContextWindow(model);
+    const total = Math.max(getContextWindow(model), MINIMUM_CONTEXT_WINDOW);
     return {
         diffBudget: Math.floor(total * DIFF_BUDGET_RATIO),
         contextBudget: Math.floor(total * CONTEXT_BUDGET_RATIO),
     };
 }
+// ─── Rate-Aware Scheduling ─────────────────────────────────────
+/**
+ * Threshold below which a model is considered "TPM-constrained".
+ * Models with context windows below this are free-tier providers
+ * where we need to serialize requests to avoid rate limiting.
+ */
+const TPM_CONSTRAINED_THRESHOLD = 16_000;
+/**
+ * Estimate tokens per specialist call (system prompt + diff + response).
+ * Used to calculate how many specialists can run per TPM window.
+ */
+const ESTIMATED_TOKENS_PER_SPECIALIST = 7_000;
+/**
+ * Calculate concurrency and delay for workflow/consensus specialists
+ * based on the model's effective token budget (TPM for free tiers).
+ *
+ * For free-tier models with low TPM:
+ *   - concurrency=1, delay=60s → one specialist per minute
+ *
+ * For mid-range models:
+ *   - concurrency=2, delay=30s → two at a time with gaps
+ *
+ * For high-capacity models:
+ *   - concurrency=5, delay=0 → full parallel, no delays
+ *
+ * @param model - Model identifier
+ * @returns { concurrency, delayMs } for runWithConcurrency
+ */
+export function calculateRateSchedule(model) {
+    const contextWindow = getContextWindow(model);
+    // High-capacity models (paid tiers, large context) → full parallel
+    if (contextWindow >= TPM_CONSTRAINED_THRESHOLD * 4) {
+        return { concurrency: 5, delayMs: 0 };
+    }
+    // Mid-range models (e.g., Cerebras 60K TPM) → some parallelism
+    if (contextWindow >= TPM_CONSTRAINED_THRESHOLD) {
+        const parallelCalls = Math.max(1, Math.floor(contextWindow / ESTIMATED_TOKENS_PER_SPECIALIST));
+        return { concurrency: Math.min(parallelCalls, 5), delayMs: 5_000 };
+    }
+    // TPM-constrained models (Groq free tier, 4K-12K) → serialize with 60s delay
+    // Groq resets TPM every 60 seconds, so we wait between each call
+    return { concurrency: 1, delayMs: 60_000 };
+}
 //# sourceMappingURL=token-budget.js.map

package/dist/utils/token-budget.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-budget.js","sourceRoot":"","sources":["../../src/utils/token-budget.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,mEAAmE;AAEnE;;;GAGG;AACH,MAAM,qBAAqB,GAA2B;IACpD,YAAY;IACZ,0BAA0B,EAAE,OAAO;IACnC,4BAA4B,EAAE,OAAO;IACrC,2BAA2B,EAAE,OAAO;IAEpC,SAAS;IACT,QAAQ,EAAE,OAAO;IACjB,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,OAAO;IAEtB,SAAS;IACT,kBAAkB,EAAE,SAAS;IAC7B,uBAAuB,EAAE,SAAS;IAClC,gBAAgB,EAAE,SAAS;IAC3B,gBAAgB,EAAE,SAAS;IAC3B,kBAAkB,EAAE,SAAS;IAC7B,uBAAuB,EAAE,SAAS;IAClC,gBAAgB,EAAE,SAAS;IAC3B,kBAAkB,EAAE,SAAS;CAC9B,CAAC;AAEF,wEAAwE;AACxE,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAEvC,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAE9B,uFAAuF;AACvF,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,mEAAmE;AAEnE;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,OAAO,qBAAqB,CAAC,KAAK,CAAC,IAAI,sBAAsB,CAAC;AAChE,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAIhD,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAEtC,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,iBAAiB,CAAC;QACjD,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,oBAAoB,CAAC;KACxD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"token-budget.js","sourceRoot":"","sources":["../../src/utils/token-budget.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,mEAAmE;AAEnE;;;GAGG;AACH,MAAM,qBAAqB,GAA2B;IACpD,YAAY;IACZ,0BAA0B,EAAE,OAAO;IACnC,wBAAwB,EAAE,OAAO;IACjC,yBAAyB,EAAE,OAAO;IAClC,4BAA4B,EAAE,OAAO;IACrC,2BAA2B,EAAE,OAAO;IAEpC,SAAS;IACT,QAAQ,EAAE,OAAO;IACjB,aAAa,EAAE,OAAO;IACtB,aAAa,EAAE,OAAO;IACtB,SAAS,EAAE,OAAO;IAElB,SAAS;IACT,kBAAkB,EAAE,SAAS;IAC7B,uBAAuB,EAAE,SAAS;IAClC,gBAAgB,EAAE,SAAS;IAC3B,gBAAgB,EAAE,SAAS;IAC3B,kBAAkB,EAAE,SAAS;IAC7B,uBAAuB,EAAE,SAAS;IAClC,gBAAgB,EAAE,SAAS;IAC3B,kBAAkB,EAAE,SAAS;IAE7B,0EAA0E;IAC1E,2EAA2E;IAC3E,qEAAqE;IACrE,qBAAqB,EAAE,KAAK;IAC5B,yBAAyB,EAAE,KAAK;IAChC,yBAAyB,EAAE,KAAK;IAChC,sBAAsB,EAAE,KAAK;IAC7B,cAAc,EAAE,KAAK;IACrB,oBAAoB,EAAE,MAAM;IAC5B,cAAc,EAAE,KAAK;IAErB,kDAAkD;IAClD,aAAa,EAAE,OAAO;IACtB,gCAAgC,EAAE,OAAO;IACzC,aAAa,EAAE,OAAO;IAEtB,WAAW;IACX,eAAe,EAAE,MAAM;IACvB,mBAAmB,EAAE,MAAM;IAE3B,gBAAgB;IAChB,OAAO,EAAE,MAAM;IACf,oBAAoB,EAAE,OAAO;IAC7B,aAAa,EAAE,MAAM;IAErB,OAAO;IACP,iBAAiB,EAAE,OAAO;IAC1B,WAAW,EAAE,OAAO;IACpB,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE,OAAO;IACrB,kBAAkB,EAAE,OAAO;IAC3B,WAAW,EAAE,SAAS;CACvB,CAAC;AAEF,wEAAwE;AACxE,MAAM,sBAAsB,GAAG,OAAO,CAAC;AAEvC;;;;GAIG;AACH,MAAM,sBAAsB,GAAG,KAAK,CAAC;AAErC,8DAA8D;AAC9D,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAE9B,uFAAuF;AACvF,MAAM,oBAAoB,GAAG,GAAG,CAAC;AAEjC,mEAAmE;AAEnE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,sBAAsB;IACtB,IAAI,KAAK,IAAI,qBAAqB,EAAE,CAAC;QACnC,OAAO,qBAAqB,CAAC,KAAK,CAAC,IAAI,sBAAsB,CAAC;IAChE,CAAC;IAED,iFAAiF;IACjF,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;QACtB,MAAM,kBAAkB,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;QACvD,IAAI,kBAAkB,IAAI,qBAAqB,EAAE,CAAC;YAChD,OAAO,qBAAqB,CAAC,kBAAkB,CAAC,IAAI,sBAAsB,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAIhD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,sBAAsB,CAAC,CAAC;IAExE,OAAO;QACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,iBAAiB,CAAC;QACjD,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,oBAAoB,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,kEAAkE;AAElE;;;;GAIG;AACH,MAAM,yBAAyB,GAAG,MAAM,CAAC;AAEzC;;;GAGG;AACH,MAAM,+BAA+B,GAAG,KAAK,CAAC;AAE9C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IAIjD,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAE9C,mEAAmE;IACnE,IAAI,aAAa,IAAI,yBAAyB,GAAG,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;IACxC,CAAC;IAED,+DAA+D;IAC/D,IAAI,aAAa,IAAI,yBAAyB,EAAE,CAAC;QAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,+BAA+B,CAAC,CAAC,CAAC;QAC/F,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACrE,CAAC;IAED,6EAA6E;IAC7E,iEAAiE;IACjE,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AAC7C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ghagga-core",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "private": false,
   "type": "module",
   "description": "Core review engine for GHAGGA — AI-powered multi-agent code reviewer",
@@ -39,22 +39,6 @@
     "dist",
     "README.md"
   ],
-  "dependencies": {
-    "@ai-sdk/anthropic": "^2.0.0",
-    "@ai-sdk/google": "^2.0.0",
-    "@ai-sdk/openai": "^2.0.0",
-    "ai": "^5.0.0",
-    "minimatch": "^10.0.1",
-    "fts5-sql-bundle": "^1.0.2",
-    "zod": "^4.1.8"
-  },
-  "devDependencies": {
-    "@stryker-mutator/core": "^9.6.0",
-    "@stryker-mutator/vitest-runner": "^9.6.0",
-    "@types/node": "^25.3.5",
-    "typescript": "^5.7.0",
-    "vitest": "^3.0.0"
-  },
   "scripts": {
     "build": "tsc",
     "dev": "tsc --watch",
@@ -63,6 +47,24 @@
     "test:coverage": "vitest run --coverage",
     "test:watch": "vitest",
     "test:mutate": "stryker run",
-    "clean": "rm -rf dist"
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@ai-sdk/anthropic": "^3.0.0",
+    "@ai-sdk/google": "^3.0.0",
+    "@ai-sdk/openai": "^3.0.0",
+    "@ai-sdk/openai-compatible": "^2.0.35",
+    "ai": "^6.0.0",
+    "fts5-sql-bundle": "^1.0.2",
+    "minimatch": "^10.2.0",
+    "zod": "^4.3.0"
+  },
+  "devDependencies": {
+    "@stryker-mutator/core": "^9.6.0",
+    "@stryker-mutator/vitest-runner": "^9.6.0",
+    "@types/node": "^25.3.5",
+    "typescript": "^5.9.0",
+    "vitest": "^4.0.0"
   }
-}
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2025 JNZader & Gentleman Programming Community
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.