grepmax 0.17.15 → 0.17.16

package/dist/commands/mcp.js

@@ -535,6 +535,20 @@ const TOOLS = [
             required: [],
         },
     },
+    {
+        name: "review_risk",
+        description: "Deterministic risk ranking of the symbols a commit's diff touches, ordered by blast radius (inbound callers) × test presence × file churn. No LLM required — fast, graph + git only. Use to triage what a change endangers before a deep review.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                commit: {
+                    type: "string",
+                    description: "Git ref to analyze (default: HEAD)",
+                },
+            },
+            required: [],
+        },
+    },
 ];
 // ---------------------------------------------------------------------------
 // Helpers
@@ -2442,6 +2456,28 @@ exports.mcp = new commander_1.Command("mcp")
                 }
                 break;
             }
+            case "review_risk": {
+                ensureWatcher();
+                const commitRef = String(toolArgs.commit || "HEAD");
+                try {
+                    const db = getVectorDb();
+                    const builder = new graph_builder_1.GraphBuilder(db, projectRoot);
+                    const { gatherRiskInputs, computeRiskTable, formatRiskTable } = yield Promise.resolve().then(() => __importStar(require("../lib/review/risk")));
+                    const inputs = yield gatherRiskInputs(commitRef, projectRoot, {
+                        vectorDb: db,
+                        graphBuilder: builder,
+                    });
+                    const rows = computeRiskTable(inputs);
+                    result =
+                        rows.length === 0
+                            ? ok("(no changed symbols in this diff)")
+                            : ok(formatRiskTable(rows, { agent: true }));
+                }
+                catch (e) {
+                    result = err(`Risk ranking failed: ${e instanceof Error ? e.message : String(e)}`);
+                }
+                break;
+            }
             case "review_report": {
                 try {
                     const { readReport, formatReportText } = yield Promise.resolve().then(() => __importStar(require("../lib/llm/report")));

package/dist/commands/review.js

@@ -55,11 +55,15 @@ exports.review = new commander_1.Command("review")
     .option("--commit <ref>", "Commit to review", "HEAD")
     .option("--root <dir>", "Project root directory")
     .option("--background", "Run review asynchronously via daemon", false)
+    .option("--risk", "Deterministic risk ranking of changed symbols (no LLM)", false)
+    .option("--agent", "Ultra-compact output for AI agents", false)
     .option("-v, --verbose", "Print progress to stderr", false)
     .addHelpText("after", `
 Examples:
   gmax review                           Review HEAD
   gmax review --commit abc1234          Review specific commit
+  gmax review --risk                    Rank changed symbols by risk (no LLM)
+  gmax review --risk --agent            Risk ranking, compact for agents
   gmax review --background              Run async via daemon
 
 Subcommands:
@@ -75,6 +79,31 @@ Subcommands:
             return;
         const projectRoot = (_a = (0, project_root_1.findProjectRoot)(root)) !== null && _a !== void 0 ? _a : root;
         const commitRef = opts.commit;
+        // Deterministic risk ranking — no LLM, no daemon LLM-start. Pure graph +
+        // git over the diff (Phase 8).
+        if (opts.risk) {
+            const { VectorDB } = yield Promise.resolve().then(() => __importStar(require("../lib/store/vector-db")));
+            const { GraphBuilder } = yield Promise.resolve().then(() => __importStar(require("../lib/graph/graph-builder")));
+            const { ensureProjectPaths } = yield Promise.resolve().then(() => __importStar(require("../lib/utils/project-root")));
+            const { gatherRiskInputs, computeRiskTable, formatRiskTable, } = yield Promise.resolve().then(() => __importStar(require("../lib/review/risk")));
+            const paths = ensureProjectPaths(projectRoot);
+            const vectorDb = new VectorDB(paths.lancedbDir);
+            try {
+                const graphBuilder = new GraphBuilder(vectorDb, projectRoot);
+                const inputs = yield gatherRiskInputs(commitRef, projectRoot, {
+                    vectorDb,
+                    graphBuilder,
+                });
+                const rows = computeRiskTable(inputs);
+                console.log(formatRiskTable(rows, { agent: !!opts.agent }));
+                if (rows.length === 0)
+                    process.exitCode = 1;
+            }
+            finally {
+                yield vectorDb.close();
+            }
+            return;
+        }
         if (opts.background) {
             // Fire-and-forget via daemon
             const { ensureDaemonRunning, sendDaemonCommand } = yield Promise.resolve().then(() => __importStar(require("../lib/utils/daemon-client")));

package/dist/lib/llm/diff.js

@@ -4,6 +4,7 @@ exports.SYMBOL_MAX = exports.DIFF_MAX_LINES = void 0;
 exports.extractDiff = extractDiff;
 exports.readCommitInfo = readCommitInfo;
 exports.extractChangedFiles = extractChangedFiles;
+exports.fileChurn = fileChurn;
 exports.extractSymbols = extractSymbols;
 exports.detectLanguages = detectLanguages;
 const node_child_process_1 = require("node:child_process");
@@ -84,6 +85,27 @@ function extractChangedFiles(ref, root) {
         return [];
     }
 }
+/**
+ * Churn: number of commits that have touched a file across history. A simple,
+ * deterministic instability proxy for the risk preamble (Phase 8) — frequently
+ * rewritten files are historically more bug-prone. `file` may be absolute or
+ * root-relative; git resolves it against `root`. Returns 0 on any error.
+ */
+function fileChurn(file, root) {
+    if (!file)
+        return 0;
+    try {
+        const rel = file.startsWith(root)
+            ? file.slice(root.endsWith("/") ? root.length : root.length + 1)
+            : file;
+        const raw = git(["rev-list", "--count", "HEAD", "--", rel], root).trim();
+        const n = Number.parseInt(raw, 10);
+        return Number.isFinite(n) ? n : 0;
+    }
+    catch (_a) {
+        return 0;
+    }
+}
 /**
  * Extract symbol names from a unified diff.
  * Pass 1: hunk headers (git auto-detects enclosing function/class).

package/dist/lib/llm/review.js

@@ -56,6 +56,7 @@ const config_1 = require("./config");
 const diff_1 = require("./diff");
 const report_1 = require("./report");
 const tools_1 = require("./tools");
+const risk_1 = require("../review/risk");
 function reviewCommit(opts) {
     return __awaiter(this, void 0, void 0, function* () {
         var _a, _b, _c, _d;
@@ -81,13 +82,25 @@ function reviewCommit(opts) {
         }
         // 4. Gather context via gmax internal APIs
         let contextStr = "";
+        let riskStr = "";
         const paths = (0, project_root_1.ensureProjectPaths)(projectRoot);
         const vectorDb = new vector_db_1.VectorDB(paths.lancedbDir);
         try {
             const searcher = new searcher_1.Searcher(vectorDb);
             const graphBuilder = new graph_builder_1.GraphBuilder(vectorDb, projectRoot);
             const ctx = { vectorDb, searcher, graphBuilder, projectRoot };
-            contextStr = yield gatherContext(symbols, changedFiles, ctx, verbose);
+            // Deterministic risk ranking (Phase 8) — gives the LLM an explicit
+            // blast-radius × tests × churn ordering to anchor its judgement, rather
+            // than inferring importance from prose alone.
+            const [context, riskInputs] = yield Promise.all([
+                gatherContext(symbols, changedFiles, ctx, verbose),
+                (0, risk_1.gatherRiskInputs)(commitRef, projectRoot, { vectorDb, graphBuilder }).catch(() => []),
+            ]);
+            contextStr = context;
+            const riskRows = (0, risk_1.computeRiskTable)(riskInputs);
+            if (riskRows.length > 0) {
+                riskStr = (0, risk_1.formatRiskTable)(riskRows, { agent: false });
+            }
         }
         catch (err) {
             if (verbose) {
@@ -99,7 +112,7 @@ function reviewCommit(opts) {
         }
         // 5. Build prompts
         const systemPrompt = buildSystemPrompt(languages);
-        const userPrompt = buildUserPrompt(info, diff, symbols, contextStr);
+        const userPrompt = buildUserPrompt(info, diff, symbols, contextStr, riskStr);
         // 6. Call LLM (single shot)
         const config = (0, config_1.getLlmConfig)();
         const modelName = path.basename(config.model, path.extname(config.model));
@@ -318,7 +331,7 @@ Severity guide:
 Be concise. One sentence per message. Evidence from the codebase context, not speculation.`;
     return prompt;
 }
-function buildUserPrompt(info, diff, symbols, context) {
+function buildUserPrompt(info, diff, symbols, context, risk) {
     let prompt = `## Commit
 ${info.short} — ${info.message}
 
@@ -330,6 +343,9 @@ ${diff}
     if (symbols.length > 0) {
         prompt += `### Changed Symbols\n${symbols.join("\n")}\n\n`;
     }
+    if (risk) {
+        prompt += `### ${risk}\n\n`;
+    }
     if (context) {
         prompt += context;
     }

package/dist/lib/review/risk.js

@@ -0,0 +1,93 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeRiskTable = computeRiskTable;
+exports.formatRiskTable = formatRiskTable;
+exports.gatherRiskInputs = gatherRiskInputs;
+const impact_1 = require("../graph/impact");
+const diff_1 = require("../llm/diff");
+// No test safety net → treat the change as twice as risky. A single, named
+// constant keeps the score explainable rather than a tuned black box.
+const UNTESTED_MULTIPLIER = 2;
+/**
+ * Score and rank changed symbols, riskiest first. Pure — no I/O — so the
+ * ranking logic is unit-tested without a graph or git. Score is
+ * `(callers + 1) × testFactor × churnFactor`: blast radius dominates, the
+ * untested penalty doubles it, and churn contributes on a log scale so a
+ * very churny file nudges rather than swamps the ranking.
+ */
+function computeRiskTable(inputs) {
+    const rows = inputs.map((r) => {
+        const blast = r.callerCount + 1; // +1 so a zero-caller symbol still scores
+        const testFactor = r.hasTests ? 1 : UNTESTED_MULTIPLIER;
+        const churnFactor = 1 + Math.log2(r.churn + 1);
+        const score = Math.round(blast * testFactor * churnFactor * 100) / 100;
+        return Object.assign(Object.assign({}, r), { score });
+    });
+    rows.sort((a, b) => b.score - a.score ||
+        b.callerCount - a.callerCount ||
+        a.symbol.localeCompare(b.symbol));
+    return rows;
+}
+/** Render the ranking — TSV-ish for agents, an aligned table for humans. */
+function formatRiskTable(rows, opts) {
+    if (rows.length === 0) {
+        return opts.agent
+            ? "(no changed symbols)"
+            : "No changed symbols to rank.";
+    }
+    if (opts.agent) {
+        return rows
+            .map((r) => `risk\t${r.score}\t${r.symbol}\t${r.file}:${r.line}\tcallers=${r.callerCount}\ttests=${r.hasTests ? "y" : "n"}\tchurn=${r.churn}`)
+            .join("\n");
+    }
+    const lines = rows.map((r) => {
+        const flag = !r.hasTests && r.callerCount > 0 ? "  ⚠ untested" : "";
+        return `  ${String(r.score).padStart(7)}  ${r.symbol}  (${r.callerCount} callers, ${r.hasTests ? "tested" : "no tests"}, churn ${r.churn})  ${r.file}:${r.line}${flag}`;
+    });
+    return `Risk ranking — blast radius × tests × churn (riskiest first):\n${lines.join("\n")}`;
+}
+/**
+ * Gather risk inputs for the symbols a ref's diff touches. Impure: reads git
+ * (diff + churn) and the graph (callers + defining location + tests). Each
+ * symbol is independent, so failures degrade that row rather than the whole
+ * table.
+ */
+function gatherRiskInputs(ref, projectRoot, deps) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const diff = (0, diff_1.extractDiff)(ref, projectRoot);
+        if (!diff)
+            return [];
+        const symbols = (0, diff_1.extractSymbols)(diff);
+        if (symbols.length === 0)
+            return [];
+        const root = projectRoot.endsWith("/") ? projectRoot : `${projectRoot}/`;
+        const relativize = (f) => (f.startsWith(root) ? f.slice(root.length) : f);
+        const inputs = yield Promise.all(symbols.map((symbol) => __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
+            const [callers, loc, tests] = yield Promise.all([
+                deps.graphBuilder.callersOf(symbol).catch(() => []),
+                deps.graphBuilder.resolveLocation(symbol).catch(() => null),
+                (0, impact_1.findTests)([symbol], deps.vectorDb, projectRoot).catch(() => []),
+            ]);
+            const file = (_a = loc === null || loc === void 0 ? void 0 : loc.file) !== null && _a !== void 0 ? _a : "";
+            return {
+                symbol,
+                file: file ? relativize(file) : "(unindexed)",
+                line: (_b = loc === null || loc === void 0 ? void 0 : loc.line) !== null && _b !== void 0 ? _b : 0,
+                callerCount: callers.length,
+                hasTests: tests.length > 0,
+                churn: (0, diff_1.fileChurn)(file, projectRoot),
+            };
+        })));
+        return inputs;
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "grepmax",
-  "version": "0.17.15",
+  "version": "0.17.16",
   "author": "Robert Owens <78518764+reowens@users.noreply.github.com>",
   "homepage": "https://github.com/reowens/grepmax",
   "bugs": {

package/plugins/grepmax/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "grepmax",
-  "version": "0.17.15",
+  "version": "0.17.16",
   "description": "Semantic code search for Claude Code. Automatically indexes your project and provides intelligent search capabilities.",
   "author": {
     "name": "Robert Owens",