ghagga-core 2.8.1 → 2.9.0

package/dist/adversarial-qa.js

@@ -0,0 +1,85 @@
+/**
+ * Adversarial QA loop — a critic agent finds issues, a fixer agent
+ * resolves them, they iterate until the review score exceeds a
+ * threshold or max rounds are reached.
+ *
+ * The critic produces a quality score (0-100) and a list of issues.
+ * The fixer attempts to resolve each issue. The loop continues until
+ * the critic is satisfied or the round limit is hit.
+ */
+// ── Defaults ──
+export const DEFAULT_QA_CONFIG = {
+    maxRounds: 3,
+    passThreshold: 80,
+    stopOnNoProgress: true,
+};
+// ── Loop ──
+export async function runQALoop(initialContent, critic, fixer, config = DEFAULT_QA_CONFIG) {
+    const rounds = [];
+    let content = initialContent;
+    let totalFound = 0;
+    let totalResolved = 0;
+    for (let round = 1; round <= config.maxRounds; round++) {
+        // Critic pass
+        const previousIssues = rounds.length > 0 ? rounds[rounds.length - 1]?.criticResult.issues : undefined;
+        const criticResult = await critic(content, previousIssues);
+        totalFound += criticResult.issues.length;
+        // Check if we pass
+        if (criticResult.score >= config.passThreshold) {
+            rounds.push({ round, criticResult, fixerResult: null });
+            return {
+                rounds,
+                finalScore: criticResult.score,
+                passed: true,
+                totalIssuesFound: totalFound,
+                totalIssuesResolved: totalResolved,
+            };
+        }
+        // Last round — no more fixing
+        if (round === config.maxRounds) {
+            rounds.push({ round, criticResult, fixerResult: null });
+            break;
+        }
+        // Fixer pass
+        const unresolvedIssues = criticResult.issues.filter((i) => !i.resolved);
+        const { content: fixedContent, result: fixerResult } = await fixer(content, unresolvedIssues);
+        content = fixedContent;
+        totalResolved += fixerResult.issuesResolved;
+        rounds.push({ round, criticResult, fixerResult });
+        // Stop if no progress
+        if (config.stopOnNoProgress && fixerResult.issuesResolved === 0) {
+            break;
+        }
+    }
+    const finalScore = rounds[rounds.length - 1]?.criticResult.score ?? 0;
+    return {
+        rounds,
+        finalScore,
+        passed: finalScore >= config.passThreshold,
+        totalIssuesFound: totalFound,
+        totalIssuesResolved: totalResolved,
+    };
+}
+// ── Formatting ──
+export function formatQAResult(result) {
+    const lines = [];
+    const status = result.passed ? '✅ PASSED' : '❌ FAILED';
+    lines.push(`## Adversarial QA: ${status} (score: ${result.finalScore}/100)\n`);
+    lines.push(`**Rounds**: ${result.rounds.length} | **Issues found**: ${result.totalIssuesFound} | **Resolved**: ${result.totalIssuesResolved}\n`);
+    for (const round of result.rounds) {
+        lines.push(`### Round ${round.round}`);
+        lines.push(`Critic score: ${round.criticResult.score}/100 — ${round.criticResult.summary}`);
+        if (round.criticResult.issues.length > 0) {
+            for (const issue of round.criticResult.issues) {
+                const icon = issue.resolved ? '✓' : '✗';
+                lines.push(`  ${icon} [${issue.severity}] ${issue.description}${issue.file ? ` (${issue.file}${issue.line ? `:${issue.line}` : ''})` : ''}`);
+            }
+        }
+        if (round.fixerResult) {
+            lines.push(`Fixer: ${round.fixerResult.issuesResolved}/${round.fixerResult.issuesAttempted} resolved`);
+        }
+        lines.push('');
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=adversarial-qa.js.map

package/dist/adversarial-qa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adversarial-qa.js","sourceRoot":"","sources":["../src/adversarial-qa.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA8CH,iBAAiB;AAEjB,MAAM,CAAC,MAAM,iBAAiB,GAAiB;IAC7C,SAAS,EAAE,CAAC;IACZ,aAAa,EAAE,EAAE;IACjB,gBAAgB,EAAE,IAAI;CACvB,CAAC;AAcF,aAAa;AAEb,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,cAAsB,EACtB,MAAgB,EAChB,KAAc,EACd,SAAuB,iBAAiB;IAExC,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,IAAI,OAAO,GAAG,cAAc,CAAC;IAC7B,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,IAAI,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,cAAc;QACd,MAAM,cAAc,GAClB,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC3D,UAAU,IAAI,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC;QAEzC,mBAAmB;QACnB,IAAI,YAAY,CAAC,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,OAAO;gBACL,MAAM;gBACN,UAAU,EAAE,YAAY,CAAC,KAAK;gBAC9B,MAAM,EAAE,IAAI;gBACZ,gBAAgB,EAAE,UAAU;gBAC5B,mBAAmB,EAAE,aAAa;aACnC,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,KAAK,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM;QACR,CAAC;QAED,aAAa;QACb,MAAM,gBAAgB,GAAG,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACxE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;QAC9F,OAAO,GAAG,YAAY,CAAC;QACvB,aAAa,IAAI,WAAW,CAAC,cAAc,CAAC;QAE5C,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;QAElD,sBAAsB;QACtB,IAAI,MAAM,CAAC,gBAAgB,IAAI,WAAW,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;YAChE,MAAM;QACR,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,IAAI,CAAC,CAAC;IAEtE,OAAO;QACL,MAAM;QACN,UAAU;QACV,MAAM,EAAE,UAAU,IAAI,MAAM,CAAC,aAAa;QAC1C,gBAAgB,EAAE,UAAU;QAC5B,mBAAmB,EAAE,aAAa;KACnC,CAAC;AACJ,CAAC;AAED,mBAAmB;AAEnB,MAAM,UAAU,cAAc,CAAC,MAAoB;IACjD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC;IACvD,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,YAAY,MAAM,CAAC,UAAU,SAAS,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CACR,eAAe,MAAM,CAAC,MAAM,CAAC,MAAM,wBAAwB,MAAM,CAAC,gBAAgB,oBAAoB,MAAM,CAAC,mBAAmB,IAAI,CACrI,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QACvC,KAAK,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,YAAY,CAAC,KAAK,UAAU,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC;QAE5F,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC9C,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBACxC,KAAK,CAAC,IAAI,CACR,KAAK,IAAI,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YACtB,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,WAAW,CAAC,cAAc,IAAI,KAAK,CAAC,WAAW,CAAC,eAAe,WAAW,CAC3F,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/agents/audit.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Audit agent.
+ *
+ * Runs a single LLM call over pre-collected static analysis findings
+ * to produce an executive security and code-quality report.
+ */
+import type { AuditInput, AuditResult } from '../types.js';
+/**
+ * Run a full-project audit using static analysis findings as input.
+ *
+ * Sends the pre-formatted staticContext to the LLM auditor and returns
+ * a structured AuditResult with an executive report.
+ *
+ * @param input - Audit input with repo path, static context, and provider config
+ * @returns Parsed AuditResult
+ */
+export declare function runAuditReport(input: AuditInput): Promise<AuditResult>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/agents/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/agents/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAwB,MAAM,aAAa,CAAC;AAgBjF;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,CA4D5E"}

package/dist/agents/audit.js

@@ -0,0 +1,78 @@
+/**
+ * Audit agent.
+ *
+ * Runs a single LLM call over pre-collected static analysis findings
+ * to produce an executive security and code-quality report.
+ */
+import { AUDIT_SYSTEM } from './prompts.js';
+// ─── Helpers ────────────────────────────────────────────────────
+/**
+ * Build an empty StaticAnalysisResult for use when none is available.
+ * Mirrors the skipped-tool pattern used throughout the codebase.
+ */
+function emptyStaticAnalysis() {
+    const skipped = { status: 'skipped', findings: [], executionTimeMs: 0 };
+    return { semgrep: skipped, trivy: skipped, cpd: skipped };
+}
+// ─── Main Function ──────────────────────────────────────────────
+/**
+ * Run a full-project audit using static analysis findings as input.
+ *
+ * Sends the pre-formatted staticContext to the LLM auditor and returns
+ * a structured AuditResult with an executive report.
+ *
+ * @param input - Audit input with repo path, static context, and provider config
+ * @returns Parsed AuditResult
+ */
+export async function runAuditReport(input) {
+    const { staticContext, provider, model, apiKey } = input;
+    const emit = input.onProgress ?? (() => { });
+    const timestamp = new Date().toISOString();
+    // Short-circuit: nothing to audit
+    if (!staticContext || staticContext.trim().length === 0) {
+        return {
+            status: 'no-findings',
+            report: 'No static analysis findings to report.',
+            findings: emptyStaticAnalysis(),
+            timestamp,
+        };
+    }
+    // Resolve the generation function (required — must be injected by caller)
+    if (!input.generateFn) {
+        throw new Error('runAuditReport requires generateFn to be provided in AuditInput. ' +
+            'The caller must resolve the backend and pass a GenerateTextFn instance.');
+    }
+    const generateFn = input.generateFn;
+    emit({
+        step: 'audit-call',
+        message: `Calling ${provider}/${model} for audit report...`,
+    });
+    try {
+        const result = await generateFn(AUDIT_SYSTEM, staticContext);
+        emit({
+            step: 'audit-done',
+            message: `Audit complete — ${result.tokensUsed} tokens`,
+        });
+        return {
+            status: 'completed',
+            report: result.text,
+            findings: emptyStaticAnalysis(),
+            timestamp,
+        };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        emit({
+            step: 'audit-done',
+            message: `Audit LLM call failed: ${message}`,
+        });
+        return {
+            status: 'error',
+            report: '',
+            findings: emptyStaticAnalysis(),
+            timestamp,
+            error: message,
+        };
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/agents/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/agents/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,mEAAmE;AAEnE;;;GAGG;AACH,SAAS,mBAAmB;IAC1B,MAAM,OAAO,GAAG,EAAE,MAAM,EAAE,SAAkB,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;IACjF,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;AAC5D,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAiB;IACpD,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IACzD,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,kCAAkC;IAClC,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxD,OAAO;YACL,MAAM,EAAE,aAAa;YACrB,MAAM,EAAE,wCAAwC;YAChD,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,SAAS;SACV,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CACb,mEAAmE;YACjE,yEAAyE,CAC5E,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAmB,KAAK,CAAC,UAAU,CAAC;IAEpD,IAAI,CAAC;QACH,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,WAAW,QAAQ,IAAI,KAAK,sBAAsB;KAC5D,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;QAE7D,IAAI,CAAC;YACH,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,oBAAoB,MAAM,CAAC,UAAU,SAAS;SACxD,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,MAAM,CAAC,IAAI;YACnB,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,SAAS;SACV,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,0BAA0B,OAAO,EAAE;SAC7C,CAAC,CAAC;QAEH,OAAO;YACL,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,SAAS;YACT,KAAK,EAAE,OAAO;SACf,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/agents/consensus.d.ts

@@ -11,7 +11,7 @@
  *   - 30% minimum confidence gap between approve and reject
  *   - If thresholds not met → NEEDS_HUMAN_REVIEW
  */
-import { type GenerateTextFn } from '../providers/generate-fn.js';
+import type { GenerateTextFn } from '../providers/generate-fn.js';
 import type { ConsensusStance, ConsensusVote, LLMProvider, ProgressCallback, ReviewLevel, ReviewResult, ReviewStatus } from '../types.js';
 export interface ConsensusModelConfig {
     provider: LLMProvider;

package/dist/agents/consensus.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"consensus.d.ts","sourceRoot":"","sources":["../../src/agents/consensus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAyB,KAAK,cAAc,EAAE,MAAM,6BAA6B,CAAC;AACzF,OAAO,KAAK,EACV,eAAe,EACf,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,YAAY,EACb,MAAM,aAAa,CAAC;AAerB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAE/B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAmBD;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,WAAW,EACrB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,eAAe,GACtB,aAAa,CAef;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG;IAC1D,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB,CAuDA;AAID;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAC,YAAY,CAAC,CAuI3F"}
+{"version":3,"file":"consensus.d.ts","sourceRoot":"","sources":["../../src/agents/consensus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EACV,eAAe,EACf,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EACZ,YAAY,EACb,MAAM,aAAa,CAAC;AAiBrB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,eAAe,CAAC;CACzB;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAE/B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAmBD;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,WAAW,EACrB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,eAAe,GACtB,aAAa,CAef;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,EAAE,GAAG;IAC1D,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB,CAuDA;AAID;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAAC,YAAY,CAAC,CA2I3F"}

package/dist/agents/consensus.js

@@ -11,10 +11,9 @@
  *   - 30% minimum confidence gap between approve and reject
  *   - If thresholds not met → NEEDS_HUMAN_REVIEW
  */
-import { createAISDKGenerateFn } from '../providers/generate-fn.js';
 import { runWithConcurrency } from '../utils/concurrency.js';
 import { calculateRateSchedule } from '../utils/token-budget.js';
-import { buildMemoryContext, buildReviewLevelInstruction, COMPACT_CALIBRATION, CONSENSUS_AGAINST_SYSTEM, CONSENSUS_FOR_SYSTEM, CONSENSUS_NEUTRAL_SYSTEM, REVIEW_CALIBRATION, } from './prompts.js';
+import { buildMemoryContext, buildReviewLevelInstruction, COMPACT_CALIBRATION, CONSENSUS_AGAINST_SYSTEM, CONSENSUS_FOR_SYSTEM, CONSENSUS_NEUTRAL_SYSTEM, REVIEW_CALIBRATION, UNTRUSTED_CONTENT_POLICY, wrapUntrustedDiff, } from './prompts.js';
 // ─── Constants ──────────────────────────────────────────────────
 /** Minimum percentage of weighted votes to decide approve/reject */
 const DECISION_THRESHOLD = 0.6;
@@ -129,10 +128,12 @@ export async function runConsensusReview(input) {
     const { diff, models, staticContext, memoryContext, stackHints, reviewLevel } = input;
     const emit = input.onProgress ?? (() => { });
     // ── Resolve GenerateTextFn array ──────────────────────────
-    // When generateFns is provided, use them directly.
-    // Otherwise, build them from models config (backward compat).
-    const resolvedGenerateFns = input.generateFns ??
-        models.map((config) => createAISDKGenerateFn(config.provider, config.model, config.apiKey));
+    // generateFns must be provided by the pipeline (required).
+    if (!input.generateFns || input.generateFns.length === 0) {
+        throw new Error('runConsensusReview requires generateFns to be provided. ' +
+            'The pipeline must resolve the backend and pass GenerateTextFn instances.');
+    }
+    const resolvedGenerateFns = input.generateFns;
     // Auto-calculate scheduling from primary model's TPM.
     // For CLI bridge/gateway (single generateFn), force concurrency=1.
     const primaryModel = models[0]?.model ?? 'gpt-4o-mini';
@@ -142,8 +143,8 @@ export async function runConsensusReview(input) {
         : (input.concurrency ?? rateSchedule.concurrency);
     const delayMs = input.delayMs ?? rateSchedule.delayMs;
     const startTime = Date.now();
-    // Build the user prompt (same for all models)
-    const userPrompt = `Review the following code changes:\n\n\`\`\`diff\n${diff}\n\`\`\``;
+    // Build the user prompt (same for all models, wrapped in untrusted-content delimiters)
+    const userPrompt = `Review the following code changes:\n\n${wrapUntrustedDiff(diff)}`;
     emit({
         step: 'consensus-start',
         message: `Launching ${models.length} model votes (concurrency: ${concurrency}, delay: ${Math.round(delayMs / 1000)}s)`,
@@ -159,6 +160,7 @@ export async function runConsensusReview(input) {
             const isFirst = index === 0;
             const system = [
                 STANCE_PROMPTS[config.stance],
+                UNTRUSTED_CONTENT_POLICY,
                 isFirst ? staticContext : '',
                 isFirst ? buildMemoryContext(memoryContext) : '',
                 isFirst ? stackHints : '',

package/dist/agents/consensus.js.map

@@ -1 +1 @@
-{"version":3,"file":"consensus.js","sourceRoot":"","sources":["../../src/agents/consensus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,qBAAqB,EAAuB,MAAM,6BAA6B,CAAC;AAUzF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,wBAAwB,EACxB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AA0CtB,mEAAmE;AAEnE,oEAAoE;AACpE,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,6EAA6E;AAC7E,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC,kCAAkC;AAClC,MAAM,cAAc,GAAoC;IACtD,GAAG,EAAE,oBAAoB;IACzB,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE,wBAAwB;CAClC,CAAC;AAEF,mEAAmE;AAEnE;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAqB,EACrB,KAAa,EACb,MAAuB;IAEvB,mBAAmB;IACnB,MAAM,aAAa,GAAG,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,SAAS,CAA8B,CAAC;IAE/F,qBAAqB;IACrB,MAAM,eAAe,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjF,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB;IAErE,kDAAkD;IAClD,MAAM,cAAc,GAAG,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,wBAAwB,CAAC;IAE1E,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACtE,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAsB;IAIvD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,aAAa,IAAI,IAAI,CAAC,UAAU,CAAC;YACjC,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC;QACjC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACtC,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC;YAChC,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC;QACjC,CAAC;QACD,wDAAwD;IAC1D,CAAC;IAED,2BAA2B;IAC3B,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,qDAAqD;SAC/D,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,GAAG,WAAW,CAAC;IACjD,MAAM,WAAW,GAAG,YAAY,GAAG,WAAW,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,WAAW,CAAC,CAAC;IAEjD,uBAAuB;IACvB,IAAI,GAAG,GAAG,wBAAwB,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,oCAAoC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,yCAAyC;SACjR,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;QACvC,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,4BAA4B,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC,KAAK,CAAC,MAAM,UAAU;SAC3H,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,IAAI,kBAAkB,EAAE,CAAC;QACtC,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,4BAA4B,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC,KAAK,CAAC,MAAM,UAAU;SAC1H,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,wCAAwC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC;KAC7J,CAAC;AACJ,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAA2B;IAClE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;IACtF,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5C,6DAA6D;IAC7D,mDAAmD;IACnD,8DAA8D;IAC9D,MAAM,mBAAmB,GACvB,KAAK,CAAC,WAAW;QACjB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9F,sDAAsD;IACtD,mEAAmE;IACnE,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,aAAa,CAAC;IACvD,MAAM,YAAY,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IACzD,MAAM,WAAW,GACf,mBAAmB,CAAC,MAAM,KAAK,CAAC;QAC9B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC;IAEtD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,8CAA8C;IAC9C,MAAM,UAAU,GAAG,qDAAqD,IAAI,UAAU,CAAC;IAEvF,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,aAAa,MAAM,CAAC,MAAM,8BAA8B,WAAW,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI;QACtH,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;KAC3F,CAAC,CAAC;IAEH,8DAA8D;IAC9D,EAAE;IACF,0EAA0E;IAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;QAC7C,OAAO,KAAK,IAAI,EAAE;YAChB,uCAAuC;YACvC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAmB,CAAC;YAE7F,MAAM,OAAO,GAAG,KAAK,KAAK,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG;gBACb,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7B,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;gBAC5B,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;gBAChD,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;gBACzB,KAAK,CAAC,gBAAgB,IAAI,EAAE;gBAC5B,2BAA2B,CAAC,WAAW,CAAC;gBACxC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,mBAAmB;aACnD;iBACE,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YAEpD,OAAO;gBACL,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAuB,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC;gBACzF,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9E,8DAA8D;IAC9D,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,SAAS;QAEjC,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9B,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YACvC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;YAC5B,IAAI,CAAC;gBACH,IAAI,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;gBAC7B,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;gBACzH,MAAM,EAAE,CAAC,CAAC,SAAS;aACpB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE,MAAM,CAAC,CAAC;YACzD,IAAI,CAAC;gBACH,IAAI,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;gBAC7B,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,eAAe,MAAM,EAAE;aACvF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC,CAAC;IAEjF,8DAA8D;IAC9D,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE/C,kEAAkE;IAClE,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,IAAI;QACT,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI;KACd,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;QAC5C,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,OAAO,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,aAAa,iBAAiB,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,SAAS,EAAE,CAAC;IACjJ,CAAC,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO;QACL,MAAM;QACN,OAAO,EAAE,GAAG,OAAO,6BAA6B,WAAW,EAAE;QAC7D,QAAQ,EAAE,EAAE,EAAE,yDAAyD;QACvE,cAAc,EAAE;YACd,OAAO,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;YAChE,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;YAC9D,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;SAC7D;QACD,aAAa;QACb,QAAQ,EAAE;YACR,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ;YACnD,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK;YAC1C,UAAU,EAAE,WAAW;YACvB,eAAe;YACf,QAAQ,EAAE,EAAE;YACZ,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;SACtE;KACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"consensus.js","sourceRoot":"","sources":["../../src/agents/consensus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAYH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,mBAAmB,EACnB,wBAAwB,EACxB,oBAAoB,EACpB,wBAAwB,EACxB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,cAAc,CAAC;AA0CtB,mEAAmE;AAEnE,oEAAoE;AACpE,MAAM,kBAAkB,GAAG,GAAG,CAAC;AAE/B,6EAA6E;AAC7E,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC,kCAAkC;AAClC,MAAM,cAAc,GAAoC;IACtD,GAAG,EAAE,oBAAoB;IACzB,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE,wBAAwB;CAClC,CAAC;AAEF,mEAAmE;AAEnE;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,IAAY,EACZ,QAAqB,EACrB,KAAa,EACb,MAAuB;IAEvB,mBAAmB;IACnB,MAAM,aAAa,GAAG,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzE,MAAM,QAAQ,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,SAAS,CAA8B,CAAC;IAE/F,qBAAqB;IACrB,MAAM,eAAe,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjF,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,kBAAkB;IAErE,kDAAkD;IAClD,MAAM,cAAc,GAAG,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,wBAAwB,CAAC;IAE1E,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACtE,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAsB;IAIvD,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,aAAa,IAAI,IAAI,CAAC,UAAU,CAAC;YACjC,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC;QACjC,CAAC;aAAM,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACtC,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC;YAChC,WAAW,IAAI,IAAI,CAAC,UAAU,CAAC;QACjC,CAAC;QACD,wDAAwD;IAC1D,CAAC;IAED,2BAA2B;IAC3B,IAAI,WAAW,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,qDAAqD;SAC/D,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,aAAa,GAAG,WAAW,CAAC;IACjD,MAAM,WAAW,GAAG,YAAY,GAAG,WAAW,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,WAAW,CAAC,CAAC;IAEjD,uBAAuB;IACvB,IAAI,GAAG,GAAG,wBAAwB,EAAE,CAAC;QACnC,OAAO;YACL,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,oCAAoC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,yCAAyC;SACjR,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;QACvC,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,4BAA4B,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC,KAAK,CAAC,MAAM,UAAU;SAC3H,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,IAAI,kBAAkB,EAAE,CAAC;QACtC,OAAO;YACL,MAAM,EAAE,QAAQ;YAChB,OAAO,EAAE,4BAA4B,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC,KAAK,CAAC,MAAM,UAAU;SAC1H,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM,EAAE,oBAAoB;QAC5B,OAAO,EAAE,wCAAwC,CAAC,YAAY,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,gCAAgC;KAC7J,CAAC;AACJ,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAA2B;IAClE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,KAAK,CAAC;IACtF,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5C,6DAA6D;IAC7D,2DAA2D;IAC3D,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CACb,0DAA0D;YACxD,0EAA0E,CAC7E,CAAC;IACJ,CAAC;IACD,MAAM,mBAAmB,GAAqB,KAAK,CAAC,WAAW,CAAC;IAEhE,sDAAsD;IACtD,mEAAmE;IACnE,MAAM,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,aAAa,CAAC;IACvD,MAAM,YAAY,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IACzD,MAAM,WAAW,GACf,mBAAmB,CAAC,MAAM,KAAK,CAAC;QAC9B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,IAAI,YAAY,CAAC,WAAW,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC;IAEtD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,uFAAuF;IACvF,MAAM,UAAU,GAAG,yCAAyC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;IAEtF,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,aAAa,MAAM,CAAC,MAAM,8BAA8B,WAAW,YAAY,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI;QACtH,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;KAC3F,CAAC,CAAC;IAEH,8DAA8D;IAC9D,EAAE;IACF,0EAA0E;IAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;QAC7C,OAAO,KAAK,IAAI,EAAE;YAChB,uCAAuC;YACvC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAmB,CAAC;YAE7F,MAAM,OAAO,GAAG,KAAK,KAAK,CAAC,CAAC;YAC5B,MAAM,MAAM,GAAG;gBACb,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7B,wBAAwB;gBACxB,OAAO,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE;gBAC5B,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE;gBAChD,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;gBACzB,KAAK,CAAC,gBAAgB,IAAI,EAAE;gBAC5B,2BAA2B,CAAC,WAAW,CAAC;gBACxC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,mBAAmB;aACnD;iBACE,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,IAAI,CAAC,CAAC;YAEd,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;YAEpD,OAAO;gBACL,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,QAAuB,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC;gBACzF,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC;QACJ,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9E,8DAA8D;IAC9D,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;YAAE,SAAS;QAEjC,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC9B,WAAW,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;YACvC,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;YAC5B,IAAI,CAAC;gBACH,IAAI,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;gBAC7B,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;gBACzH,MAAM,EAAE,CAAC,CAAC,SAAS;aACpB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC9F,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE,MAAM,CAAC,CAAC;YACzD,IAAI,CAAC;gBACH,IAAI,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;gBAC7B,OAAO,EAAE,KAAK,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,KAAK,eAAe,MAAM,EAAE;aACvF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC,CAAC;IAEjF,8DAA8D;IAC9D,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAEtD,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE/C,kEAAkE;IAClE,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,IAAI;QACT,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI;KACd,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK;SACtB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;QAC5C,MAAM,aAAa,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,OAAO,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,aAAa,iBAAiB,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,SAAS,EAAE,CAAC;IACjJ,CAAC,CAAC;SACD,IAAI,CAAC,MAAM,CAAC,CAAC;IAEhB,OAAO;QACL,MAAM;QACN,OAAO,EAAE,GAAG,OAAO,6BAA6B,WAAW,EAAE;QAC7D,QAAQ,EAAE,EAAE,EAAE,yDAAyD;QACvE,cAAc,EAAE;YACd,OAAO,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;YAChE,KAAK,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;YAC9D,GAAG,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,EAAE;SAC7D;QACD,aAAa;QACb,QAAQ,EAAE;YACR,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ;YACnD,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK;YAC1C,UAAU,EAAE,WAAW;YACvB,eAAe;YACf,QAAQ,EAAE,EAAE;YACZ,YAAY,EAAE,EAAE;YAChB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;SACtE;KACF,CAAC;AACJ,CAAC"}

package/dist/agents/diagnostic.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"diagnostic.d.ts","sourceRoot":"","sources":["../../src/agents/diagnostic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,UAAU,EAEV,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EACb,MAAM,aAAa,CAAC;AAYrB,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAOD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,CAqD1D;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,YAAY,CAAC,CAsF7F"}
+{"version":3,"file":"diagnostic.d.ts","sourceRoot":"","sources":["../../src/agents/diagnostic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,UAAU,EAEV,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EACb,MAAM,aAAa,CAAC;AAarB,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAOD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,EAAE,CAqD1D;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,mBAAmB,CAAC,KAAK,EAAE,qBAAqB,GAAG,OAAO,CAAC,YAAY,CAAC,CAoF7F"}

package/dist/agents/diagnostic.js

@@ -11,9 +11,8 @@
  *   - Each with conditions, verification steps, and confidence
  *   - Standard FINDINGS block for compatibility with parseReviewResponse()
  */
-import { createModel } from '../providers/index.js';
-import { generateTextWithTimeout } from '../utils/llm-timeout.js';
-import { buildMemoryContext, buildReviewLevelInstruction, DIAGNOSTIC_SYSTEM, REVIEW_CALIBRATION, } from './prompts.js';
+import { createOllamaGenerateFn } from '../providers/ollama.js';
+import { buildMemoryContext, buildReviewLevelInstruction, DIAGNOSTIC_SYSTEM, REVIEW_CALIBRATION, UNTRUSTED_CONTENT_POLICY, wrapUntrustedDiff, } from './prompts.js';
 import { parseReviewResponse } from './simple.js';
 // ─── Hypothesis Parsing ─────────────────────────────────────────
 /** Valid confidence values for type-safe parsing */
@@ -94,6 +93,7 @@ export async function runDiagnosticReview(input) {
     // Build the full system prompt with all context layers
     const system = [
         DIAGNOSTIC_SYSTEM,
+        UNTRUSTED_CONTENT_POLICY,
         staticContext,
         buildMemoryContext(memoryContext),
         stackHints,
@@ -103,42 +103,44 @@ export async function runDiagnosticReview(input) {
     ]
         .filter(Boolean)
         .join('\n');
-    // Build the user prompt with the diff
-    const prompt = `Please perform a diagnostic analysis of the following code changes. Generate testable hypotheses for any potential issues:\n\n\`\`\`diff\n${diff}\n\`\`\``;
-    const languageModel = createModel(provider, model, apiKey);
+    // Build the user prompt with the diff (wrapped in untrusted-content delimiters)
+    const prompt = `Please perform a diagnostic analysis of the following code changes. Generate testable hypotheses for any potential issues:\n\n${wrapUntrustedDiff(diff)}`;
+    // Only Ollama reaches diagnostic mode (gateway/cli-bridge are redirected to simple).
+    // Use createOllamaGenerateFn for the single AI SDK path still available.
+    const generateFn = createOllamaGenerateFn(model);
     emit({
         step: 'diagnostic-call',
         message: `Calling ${provider}/${model} for diagnostic hypothesis analysis...`,
     });
-    const result = await generateTextWithTimeout({
-        model: languageModel,
-        system,
-        prompt,
-        temperature: 0.3,
-    }, { provider, model });
-    const executionTimeMs = Date.now() - startTime;
-    // Timeout: fall back to empty AI result (static analysis still applies)
-    if (result === null) {
+    let responseText;
+    let tokensUsed;
+    try {
+        const callResult = await generateFn(system, prompt);
+        responseText = callResult.text;
+        tokensUsed = callResult.tokensUsed;
+    }
+    catch (_err) {
+        const executionTimeMs = Date.now() - startTime;
         emit({
             step: 'diagnostic-done',
-            message: `LLM timed out — falling back to static-analysis-only results`,
+            message: `LLM call failed — falling back to static-analysis-only results`,
         });
-        const reviewResult = parseReviewResponse('STATUS: NEEDS_HUMAN_REVIEW\nSUMMARY: LLM call timed out. Only static analysis results are available.\nFINDINGS:\n', provider, model, 0, executionTimeMs, memoryContext);
+        const reviewResult = parseReviewResponse('STATUS: NEEDS_HUMAN_REVIEW\nSUMMARY: LLM call failed. Only static analysis results are available.\nFINDINGS:\n', provider, model, 0, executionTimeMs, memoryContext);
         reviewResult.metadata.mode = 'diagnostic';
         reviewResult.hypotheses = [];
         return reviewResult;
     }
-    const tokensUsed = (result.usage?.inputTokens ?? 0) + (result.usage?.outputTokens ?? 0);
+    const executionTimeMs = Date.now() - startTime;
     emit({
         step: 'diagnostic-done',
         message: `Diagnostic analysis complete — ${tokensUsed} tokens, ${(executionTimeMs / 1000).toFixed(1)}s`,
     });
     // Parse the standard review response (STATUS, SUMMARY, FINDINGS)
-    const reviewResult = parseReviewResponse(result.text, provider, model, tokensUsed, executionTimeMs, memoryContext);
+    const reviewResult = parseReviewResponse(responseText, provider, model, tokensUsed, executionTimeMs, memoryContext);
     // Override mode in metadata
     reviewResult.metadata.mode = 'diagnostic';
     // Parse hypotheses from the response and attach to result
-    reviewResult.hypotheses = parseHypotheses(result.text);
+    reviewResult.hypotheses = parseHypotheses(responseText);
     return reviewResult;
 }
 //# sourceMappingURL=diagnostic.js.map

package/dist/agents/diagnostic.js.map

@@ -1 +1 @@
-{"version":3,"file":"diagnostic.js","sourceRoot":"","sources":["../../src/agents/diagnostic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AASpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAmBlD,mEAAmE;AAEnE,oDAAoD;AACpD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAiB,EAAE,CAAC;IAEpC,wFAAwF;IACxF,MAAM,iBAAiB,GACrB,0EAA0E,CAAC;IAE7E,IAAI,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAErC,8DAA8D;QAC9D,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,oBAAoB,CAAC;QAE9D,qBAAqB;QACrB,MAAM,eAAe,GACnB,sEAAsE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrF,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,0BAA0B,CAAC;QAE9E,uBAAuB;QACvB,MAAM,iBAAiB,GAAG,wDAAwD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/F,MAAM,YAAY,GAAG,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,kCAAkC,CAAC;QAE1F,qBAAqB;QACrB,MAAM,eAAe,GAAG,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAsC,CAAC;QAC9F,MAAM,UAAU,GACd,aAAa,IAAI,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEnF,gBAAgB;QAChB,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC;YAClC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;iBACV,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC;YACpB,CAAC,CAAC,EAAE,CAAC;QAEP,UAAU,CAAC,IAAI,CAAC;YACd,EAAE;YACF,KAAK;YACL,UAAU;YACV,YAAY;YACZ,UAAU;YACV,YAAY;SACb,CAAC,CAAC;QAEH,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAA4B;IACpE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,GAC5F,KAAK,CAAC;IACR,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,uDAAuD;IACvD,MAAM,MAAM,GAAG;QACb,iBAAiB;QACjB,aAAa;QACb,kBAAkB,CAAC,aAAa,CAAC;QACjC,UAAU;QACV,KAAK,CAAC,gBAAgB,IAAI,EAAE;QAC5B,2BAA2B,CAAC,WAAW,CAAC;QACxC,kBAAkB;KACnB;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,sCAAsC;IACtC,MAAM,MAAM,GAAG,6IAA6I,IAAI,UAAU,CAAC;IAE3K,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAE3D,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,WAAW,QAAQ,IAAI,KAAK,wCAAwC;KAC9E,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAC1C;QACE,KAAK,EAAE,aAAa;QACpB,MAAM;QACN,MAAM;QACN,WAAW,EAAE,GAAG;KACjB,EACD,EAAE,QAAQ,EAAE,KAAK,EAAE,CACpB,CAAC;IAEF,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE/C,wEAAwE;IACxE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,8DAA8D;SACxE,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,mBAAmB,CACtC,mHAAmH,EACnH,QAAQ,EACR,KAAK,EACL,CAAC,EACD,eAAe,EACf,aAAa,CACd,CAAC;QACF,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,YAAY,CAAC;QAC1C,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,IAAI,CAAC,CAAC,CAAC;IAExF,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kCAAkC,UAAU,YAAY,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;KACxG,CAAC,CAAC;IAEH,iEAAiE;IACjE,MAAM,YAAY,GAAG,mBAAmB,CACtC,MAAM,CAAC,IAAI,EACX,QAAQ,EACR,KAAK,EACL,UAAU,EACV,eAAe,EACf,aAAa,CACd,CAAC;IAEF,4BAA4B;IAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,YAAY,CAAC;IAE1C,0DAA0D;IAC1D,YAAY,CAAC,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAEvD,OAAO,YAAY,CAAC;AACtB,CAAC"}
+{"version":3,"file":"diagnostic.js","sourceRoot":"","sources":["../../src/agents/diagnostic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAShE,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,kBAAkB,EAClB,wBAAwB,EACxB,iBAAiB,GAClB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAmBlD,mEAAmE;AAEnE,oDAAoD;AACpD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAuB,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAEnF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAiB,EAAE,CAAC;IAEpC,wFAAwF;IACxF,MAAM,iBAAiB,GACrB,0EAA0E,CAAC;IAE7E,IAAI,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,KAAK,KAAK,IAAI,EAAE,CAAC;QACtB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;QACpC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QAErC,8DAA8D;QAC9D,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,oBAAoB,CAAC;QAE9D,qBAAqB;QACrB,MAAM,eAAe,GACnB,sEAAsE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrF,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,0BAA0B,CAAC;QAE9E,uBAAuB;QACvB,MAAM,iBAAiB,GAAG,wDAAwD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/F,MAAM,YAAY,GAAG,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,kCAAkC,CAAC;QAE1F,qBAAqB;QACrB,MAAM,eAAe,GAAG,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAG,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAsC,CAAC;QAC9F,MAAM,UAAU,GACd,aAAa,IAAI,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEnF,gBAAgB;QAChB,MAAM,UAAU,GAAG,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,YAAY,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC;YAClC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;iBACV,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,MAAM,CAAC,OAAO,CAAC;YACpB,CAAC,CAAC,EAAE,CAAC;QAEP,UAAU,CAAC,IAAI,CAAC;YACd,EAAE;YACF,KAAK;YACL,UAAU;YACV,YAAY;YACZ,UAAU;YACV,YAAY;SACb,CAAC,CAAC;QAEH,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAA4B;IACpE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,aAAa,EAAE,UAAU,EAAE,WAAW,EAAE,GAC5F,KAAK,CAAC;IACR,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,uDAAuD;IACvD,MAAM,MAAM,GAAG;QACb,iBAAiB;QACjB,wBAAwB;QACxB,aAAa;QACb,kBAAkB,CAAC,aAAa,CAAC;QACjC,UAAU;QACV,KAAK,CAAC,gBAAgB,IAAI,EAAE;QAC5B,2BAA2B,CAAC,WAAW,CAAC;QACxC,kBAAkB;KACnB;SACE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,gFAAgF;IAChF,MAAM,MAAM,GAAG,iIAAiI,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;IAE1K,qFAAqF;IACrF,yEAAyE;IACzE,MAAM,UAAU,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,WAAW,QAAQ,IAAI,KAAK,wCAAwC;KAC9E,CAAC,CAAC;IAEH,IAAI,YAAoB,CAAC;IACzB,IAAI,UAAkB,CAAC;IAEvB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACpD,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC;QAC/B,UAAU,GAAG,UAAU,CAAC,UAAU,CAAC;IACrC,CAAC;IAAC,OAAO,IAAI,EAAE,CAAC;QACd,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAC/C,IAAI,CAAC;YACH,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,gEAAgE;SAC1E,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,mBAAmB,CACtC,gHAAgH,EAChH,QAAQ,EACR,KAAK,EACL,CAAC,EACD,eAAe,EACf,aAAa,CACd,CAAC;QACF,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,YAAY,CAAC;QAC1C,YAAY,CAAC,UAAU,GAAG,EAAE,CAAC;QAC7B,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE/C,IAAI,CAAC;QACH,IAAI,EAAE,iBAAiB;QACvB,OAAO,EAAE,kCAAkC,UAAU,YAAY,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;KACxG,CAAC,CAAC;IAEH,iEAAiE;IACjE,MAAM,YAAY,GAAG,mBAAmB,CACtC,YAAY,EACZ,QAAQ,EACR,KAAK,EACL,UAAU,EACV,eAAe,EACf,aAAa,CACd,CAAC;IAEF,4BAA4B;IAC5B,YAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,YAAY,CAAC;IAE1C,0DAA0D;IAC1D,YAAY,CAAC,UAAU,GAAG,eAAe,CAAC,YAAY,CAAC,CAAC;IAExD,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/agents/fan-out-lenses.d.ts

@@ -28,6 +28,17 @@ export interface ReviewLens {
     /** Focused system prompt for this lens */
     system: string;
 }
+/**
+ * Result of validating and loading lenses from a directory.
+ * `valid` contains successfully loaded lenses; `errors` lists any files that failed validation.
+ */
+export interface LensValidationResult {
+    valid: ReviewLens[];
+    errors: Array<{
+        file: string;
+        reason: string;
+    }>;
+}
 export declare const LENS_SECURITY: ReviewLens;
 export declare const LENS_PERFORMANCE: ReviewLens;
 export declare const LENS_ERROR_HANDLING: ReviewLens;
@@ -43,6 +54,36 @@ export declare function getLens(name: string): ReviewLens | undefined;
 export declare function getAllLenses(): ReviewLens[];
 /** Reset custom registrations (for testing). */
 export declare function resetLensRegistry(): void;
+/**
+ * Validate raw data as a ReviewLens definition.
+ *
+ * Checks:
+ * - `name` is a non-empty string matching alphanumeric + hyphens pattern
+ * - `label` is a non-empty string
+ * - `system` is a non-empty string with max 4000 characters
+ *
+ * @param data - Unknown data to validate (typically parsed JSON)
+ * @returns The validated ReviewLens if valid, or null with reason string
+ */
+export declare function validateLens(data: unknown): {
+    lens: ReviewLens;
+    error: null;
+} | {
+    lens: null;
+    error: string;
+};
+/**
+ * Load and validate lens definitions from a directory.
+ *
+ * Reads all `*.json` files from the given directory, validates each as a ReviewLens,
+ * registers valid lenses via `registerLens()`, and collects errors for invalid files.
+ * Invalid files are skipped with a warning — they do not crash the pipeline.
+ *
+ * @param dirPath - Absolute path to the lens definitions directory
+ * @param onProgress - Optional progress callback for warnings
+ * @returns LensValidationResult with valid lenses and any errors
+ */
+export declare function loadLensesFromDir(dirPath: string, onProgress?: ProgressCallback): Promise<LensValidationResult>;
 export interface FanOutReviewInput {
     diff: string;
     provider: LLMProvider;

package/dist/agents/fan-out-lenses.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fan-out-lenses.d.ts","sourceRoot":"","sources":["../../src/agents/fan-out-lenses.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAEV,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EAEb,MAAM,aAAa,CAAC;AAYrB;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IAEb,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IAEd,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,eAAO,MAAM,aAAa,EAAE,UA6B3B,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,UA6B9B,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,UA6BjC,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,UA6BzB,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,UA+BhC,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,cAAc,EAAE,UAAU,EAMtC,CAAC;AAMF,kEAAkE;AAClE,wBAAgB,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,CAEnD;AAED,yDAAyD;AACzD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAE5D;AAED,yEAAyE;AACzE,wBAAgB,YAAY,IAAI,UAAU,EAAE,CAK3C;AAED,gDAAgD;AAChD,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAcD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,uFAAuF;IACvF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAE/B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAID;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,OAAO,aAAa,EAAE,aAAa,EAAE,GACjD,OAAO,aAAa,EAAE,aAAa,EAAE,CA6BvC;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAgMrF"}
+{"version":3,"file":"fan-out-lenses.d.ts","sourceRoot":"","sources":["../../src/agents/fan-out-lenses.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAEV,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,YAAY,EAEb,MAAM,aAAa,CAAC;AAcrB;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IAEb,oDAAoD;IACpD,KAAK,EAAE,MAAM,CAAC;IAEd,0CAA0C;IAC1C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjD;AAID,eAAO,MAAM,aAAa,EAAE,UA6B3B,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,UA6B9B,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,UA6BjC,CAAC;AAEF,eAAO,MAAM,WAAW,EAAE,UA6BzB,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,UA+BhC,CAAC;AAEF,qCAAqC;AACrC,eAAO,MAAM,cAAc,EAAE,UAAU,EAMtC,CAAC;AAMF,kEAAkE;AAClE,wBAAgB,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,CAEnD;AAED,yDAAyD;AACzD,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAE5D;AAED,yEAAyE;AACzE,wBAAgB,YAAY,IAAI,UAAU,EAAE,CAK3C;AAED,gDAAgD;AAChD,wBAAgB,iBAAiB,IAAI,IAAI,CAExC;AAUD;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAC1B,IAAI,EAAE,OAAO,GACZ;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAsCnE;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,UAAU,CAAC,EAAE,gBAAgB,GAC5B,OAAO,CAAC,oBAAoB,CAAC,CAuD/B;AAcD,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,WAAW,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAE9B,uFAAuF;IACvF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,cAAc,EAAE,CAAC;IAE/B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAID;;;;;;GAMG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,OAAO,aAAa,EAAE,aAAa,EAAE,GACjD,OAAO,aAAa,EAAE,aAAa,EAAE,CA6BvC;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,YAAY,CAAC,CAiMrF"}

package/dist/agents/fan-out-lenses.js

@@ -14,7 +14,7 @@
  *   - accessibility   — a11y attributes, ARIA, keyboard navigation
  */
 import { runWithConcurrency } from '../utils/concurrency.js';
-import { buildMemoryContext, buildReviewLevelInstruction, COMPACT_CALIBRATION, REVIEW_CALIBRATION, } from './prompts.js';
+import { buildMemoryContext, buildReviewLevelInstruction, COMPACT_CALIBRATION, REVIEW_CALIBRATION, UNTRUSTED_CONTENT_POLICY, wrapUntrustedDiff, } from './prompts.js';
 import { parseFindingsBlock } from './simple.js';
 // ─── Default Lenses ────────────────────────────────────────────
 export const LENS_SECURITY = {
@@ -200,6 +200,119 @@ export function getAllLenses() {
 export function resetLensRegistry() {
     lensMap.clear();
 }
+// ─── Lens Validation & Loading ────────────────────────────────
+/** Maximum allowed length for a lens system prompt. */
+const MAX_SYSTEM_LENGTH = 4000;
+/** Pattern for valid lens names: alphanumeric, hyphens, underscores. */
+const LENS_NAME_PATTERN = /^[a-z0-9][a-z0-9_-]*$/i;
+/**
+ * Validate raw data as a ReviewLens definition.
+ *
+ * Checks:
+ * - `name` is a non-empty string matching alphanumeric + hyphens pattern
+ * - `label` is a non-empty string
+ * - `system` is a non-empty string with max 4000 characters
+ *
+ * @param data - Unknown data to validate (typically parsed JSON)
+ * @returns The validated ReviewLens if valid, or null with reason string
+ */
+export function validateLens(data) {
+    if (data == null || typeof data !== 'object') {
+        return { lens: null, error: 'Lens definition must be a JSON object' };
+    }
+    const obj = data;
+    // Validate name
+    if (typeof obj.name !== 'string' || obj.name.trim().length === 0) {
+        return { lens: null, error: 'Missing or invalid "name" field (must be a non-empty string)' };
+    }
+    if (!LENS_NAME_PATTERN.test(obj.name)) {
+        return {
+            lens: null,
+            error: `Invalid "name" "${obj.name}" — must match ${LENS_NAME_PATTERN.source}`,
+        };
+    }
+    // Validate label
+    if (typeof obj.label !== 'string' || obj.label.trim().length === 0) {
+        return { lens: null, error: 'Missing or invalid "label" field (must be a non-empty string)' };
+    }
+    // Validate system
+    if (typeof obj.system !== 'string' || obj.system.trim().length === 0) {
+        return { lens: null, error: 'Missing or invalid "system" field (must be a non-empty string)' };
+    }
+    if (obj.system.length > MAX_SYSTEM_LENGTH) {
+        return {
+            lens: null,
+            error: `"system" prompt exceeds ${MAX_SYSTEM_LENGTH} characters (got ${obj.system.length})`,
+        };
+    }
+    return {
+        lens: { name: obj.name, label: obj.label, system: obj.system },
+        error: null,
+    };
+}
+/**
+ * Load and validate lens definitions from a directory.
+ *
+ * Reads all `*.json` files from the given directory, validates each as a ReviewLens,
+ * registers valid lenses via `registerLens()`, and collects errors for invalid files.
+ * Invalid files are skipped with a warning — they do not crash the pipeline.
+ *
+ * @param dirPath - Absolute path to the lens definitions directory
+ * @param onProgress - Optional progress callback for warnings
+ * @returns LensValidationResult with valid lenses and any errors
+ */
+export async function loadLensesFromDir(dirPath, onProgress) {
+    const { existsSync, readdirSync, readFileSync } = await import('node:fs');
+    const { join, basename } = await import('node:path');
+    const emit = onProgress ?? (() => { });
+    const result = { valid: [], errors: [] };
+    if (!existsSync(dirPath)) {
+        return result; // Directory doesn't exist — not an error, just no custom lenses
+    }
+    let files;
+    try {
+        files = readdirSync(dirPath).filter((f) => f.endsWith('.json'));
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        emit({ step: 'lens-loader', message: `Failed to read lens directory: ${msg}` });
+        return result;
+    }
+    for (const file of files) {
+        const filePath = join(dirPath, file);
+        try {
+            const raw = readFileSync(filePath, 'utf-8');
+            const parsed = JSON.parse(raw);
+            const validation = validateLens(parsed);
+            if (validation.lens) {
+                registerLens(validation.lens);
+                result.valid.push(validation.lens);
+            }
+            else {
+                result.errors.push({ file: basename(file), reason: validation.error });
+                emit({
+                    step: 'lens-loader',
+                    message: `Skipping invalid lens "${basename(file)}": ${validation.error}`,
+                });
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            result.errors.push({ file: basename(file), reason: `JSON parse error: ${msg}` });
+            emit({
+                step: 'lens-loader',
+                message: `Skipping invalid lens "${basename(file)}": JSON parse error`,
+            });
+        }
+    }
+    if (result.valid.length > 0) {
+        emit({
+            step: 'lens-loader',
+            message: `Loaded ${result.valid.length} custom lens(es): ${result.valid.map((l) => l.name).join(', ')}`,
+        });
+    }
+    return result;
+}
 // ─── Severity Ranking ──────────────────────────────────────────
 const SEVERITY_RANK = {
     critical: 5,
@@ -288,8 +401,8 @@ export async function runFanOutReview(input) {
         message: `Launching ${resolvedLenses.length} review lenses (concurrency: ${concurrency})`,
         detail: resolvedLenses.map((l) => `  → ${l.label}`).join('\n'),
     });
-    // Build the user prompt (same for all lenses)
-    const userPrompt = `Review the following code changes:\n\n\`\`\`diff\n${diff}\n\`\`\``;
+    // Build the user prompt (same for all lenses, wrapped in untrusted-content delimiters)
+    const userPrompt = `Review the following code changes:\n\n${wrapUntrustedDiff(diff)}`;
     // ── Step 1: Run lenses with bounded concurrency ─────────────
     const lensTasks = resolvedLenses.map((lens, index) => {
         return async () => {
@@ -303,6 +416,7 @@ export async function runFanOutReview(input) {
             const isFirst = index === 0;
             const system = [
                 lens.system,
+                UNTRUSTED_CONTENT_POLICY,
                 isFirst ? staticContext : '',
                 isFirst ? buildMemoryContext(memoryContext) : '',
                 isFirst ? stackHints : '',