ira-review 3.1.0 → 3.1.2

package/README.github.md

@@ -135,6 +135,12 @@ IRA fetches the linked JIRA ticket, extracts the acceptance criteria, and uses t
 
 This is the feature that catches "does this actually match the ticket?" before a human has to ask.
 
+When a JIRA ticket has **no acceptance criteria at all**, IRA generates suggested ACs from the diff and (by default) posts them as a comment on the JIRA ticket for the Product Owner to review and refine. If your CI environment cannot or should not write back to JIRA — for example, the JIRA service account is read-only, or org policy forbids automated JIRA writes — pass `--no-post-acs-to-jira` (or set `IRA_POST_ACS_TO_JIRA=false`). The suggestions still render in the PR summary under **📝 Suggested Acceptance Criteria**, so reviewers see them either way; only the JIRA write is suppressed.
+
+### "All Clear" PR Summary
+
+When IRA finishes a review with **zero issues** found and **JIRA acceptance criteria are 100% covered** (or the ticket needs no ACs), the PR summary leads with a celebratory ✅ banner: a confident, specific signal that automated review passed, alongside an explicit reminder that **human reviewer approval is still required before merge**. The banner is suppressed when an AC gap exists so the summary never reads "safe to approve" while a requirements gap is still visible — IRA augments your code review process, it doesn't replace it.
+
 ### Inline AI Comments
 
 Each issue is posted as an inline comment on the exact line in the PR, containing:
@@ -436,6 +442,15 @@ Tips for Jenkins / corporate networks:
 - **Comment style** — use `--comment-style compact` (default) for terse,
   severity-first inline comments. `--comment-style detailed` keeps the legacy
   Explanation / Impact / Suggested Fix block.
+- **Don't write to JIRA** — pass `--no-post-acs-to-jira` (or set
+  `IRA_POST_ACS_TO_JIRA=false`) when the JIRA token is read-only or org policy
+  forbids automated comments on tickets. AI-generated AC suggestions still
+  appear in the PR summary; only the JIRA write is suppressed.
+- **PowerShell stability on Windows agents** — wrap the `ira-review` invocation
+  with `2>&1 | ForEach-Object { Write-Host $_ }` and check `$LASTEXITCODE`
+  explicitly. PowerShell's default `$ErrorActionPreference = 'Stop'` treats any
+  native-command stderr as a terminating `NativeCommandError`; merging stderr
+  into stdout prevents harmless deprecation notices from aborting the pipeline.
 
 ---
 

package/README.md

@@ -42,6 +42,7 @@ Each issue is posted as an inline comment on the exact PR line with explanation,
 - Two-pass critical review (`--ai-model-critical`) — bulk pass uses your everyday model; only `CRITICAL`/`BLOCKER` findings are re-run against a stronger model, keeping premium-request cost low while preserving deep analysis on what matters
 - JIRA acceptance criteria validation with per-criterion pass/fail and edge case detection
 - JIRA AC auto-detection — finds AC from custom field or description automatically
+- "All Clear" PR summary block — celebratory ✅ banner when zero issues are found and JIRA AC coverage is 100%, with a clear "human reviewer approval is still required before merge" reminder. Suppressed automatically if any AC gap exists, so the summary never claims "safe to approve" while requirements are unmet.
 - Custom team review rules via `.ira-rules.json` (see below)
 - Test case generation from JIRA tickets (Jest, Vitest, Playwright, etc.)
 - Comment deduplication across re-runs
@@ -151,6 +152,7 @@ All optional. IRA works with just an SCM token and an AI key.
 | OpenAI-compatible gateway | `--ai-base-url https://your-llm-proxy/v1` (GitHub Models, LiteLLM, internal proxy…) |
 | Rules from URL (no checkout) | `--rules-url https://bitbucket.example.com/.../.ira-rules.json` |
 | Compact / detailed comments | `--comment-style compact` (default) or `--comment-style detailed` |
+| Don't post AI-generated ACs to JIRA | `--no-post-acs-to-jira` (env: `IRA_POST_ACS_TO_JIRA=false`) — suggestions still render in the PR summary; only the JIRA write is skipped |
 
 ---
 

package/README.npm.md

@@ -42,6 +42,7 @@ Each issue is posted as an inline comment on the exact PR line with explanation,
 - Two-pass critical review (`--ai-model-critical`) — bulk pass uses your everyday model; only `CRITICAL`/`BLOCKER` findings are re-run against a stronger model, keeping premium-request cost low while preserving deep analysis on what matters
 - JIRA acceptance criteria validation with per-criterion pass/fail and edge case detection
 - JIRA AC auto-detection — finds AC from custom field or description automatically
+- "All Clear" PR summary block — celebratory ✅ banner when zero issues are found and JIRA AC coverage is 100%, with a clear "human reviewer approval is still required before merge" reminder. Suppressed automatically if any AC gap exists, so the summary never claims "safe to approve" while requirements are unmet.
 - Custom team review rules via `.ira-rules.json` (see below)
 - Test case generation from JIRA tickets (Jest, Vitest, Playwright, etc.)
 - Comment deduplication across re-runs
@@ -151,6 +152,7 @@ All optional. IRA works with just an SCM token and an AI key.
 | OpenAI-compatible gateway | `--ai-base-url https://your-llm-proxy/v1` (GitHub Models, LiteLLM, internal proxy…) |
 | Rules from URL (no checkout) | `--rules-url https://bitbucket.example.com/.../.ira-rules.json` |
 | Compact / detailed comments | `--comment-style compact` (default) or `--comment-style detailed` |
+| Don't post AI-generated ACs to JIRA | `--no-post-acs-to-jira` (env: `IRA_POST_ACS_TO_JIRA=false`) — suggestions still render in the PR summary; only the JIRA write is skipped |
 
 ---
 

package/dist/cli.js

@@ -1295,10 +1295,17 @@ var BitbucketServerClient = class {
     });
   }
   async getIssueComments(pullRequestId) {
+    const collect = (node, sink) => {
+      if (!node) return;
+      if (typeof node.text === "string" && node.text.length > 0) sink.push(node.text);
+      if (Array.isArray(node.comments)) {
+        for (const child of node.comments) collect(child, sink);
+      }
+    };
     const bodies = [];
     let start = 0;
     while (true) {
-      const url = this.prUrl(pullRequestId, `/comments?start=${start}&limit=100`);
+      const url = this.prUrl(pullRequestId, `/activities?start=${start}&limit=100`);
       const data = await withRetry(async () => {
         const response = await fetchWithTimeout(url, { headers: this.headers });
         if (!response.ok) {
@@ -1310,7 +1317,9 @@ var BitbucketServerClient = class {
         }
         return await response.json();
       });
-      for (const c of data.values) bodies.push(c.text);
+      for (const activity of data.values) {
+        if (activity.action === "COMMENTED") collect(activity.comment, bodies);
+      }
       if (data.isLastPage) break;
       start = data.nextPageStart ?? start + 100;
     }
@@ -2615,6 +2624,29 @@ function buildSummary2(result) {
       lines.push("");
     }
   }
+  const acGapExists = result.requirementCompletion && result.requirementCompletion.completionPercentage < 100 || result.acceptanceValidation && !result.acceptanceValidation.overallPass;
+  if (result.comments.length === 0 && !acGapExists) {
+    const fw = result.framework ?? "your stack";
+    const acLine = result.requirementCompletion ? `Acceptance criteria for **${result.requirementCompletion.jiraKey}**: **${result.requirementCompletion.completionPercentage}% covered** (${result.requirementCompletion.metCriteria}/${result.requirementCompletion.totalCriteria}).` : result.acceptanceValidation ? `Acceptance criteria for **${result.acceptanceValidation.jiraKey}**: ${result.acceptanceValidation.overallPass ? "**all met** \u2705" : "**partially met** \u2014 see the JIRA section above"}.` : result.acGeneration && result.acGeneration.criteria.length > 0 ? result.acGeneration.postedToJira ? `\u{1F4DD} No acceptance criteria found on **${result.acGeneration.jiraKey}** \u2014 IRA generated **${result.acGeneration.totalCriteria} suggested AC${result.acGeneration.totalCriteria === 1 ? "" : "s"}** and posted them as a comment on the JIRA ticket for the Product Owner / requirement author to review and refine.` : `\u{1F4DD} No acceptance criteria found on **${result.acGeneration.jiraKey}** \u2014 IRA generated **${result.acGeneration.totalCriteria} suggested AC${result.acGeneration.totalCriteria === 1 ? "" : "s"}** (see the Suggested Acceptance Criteria section below).` : null;
+    lines.push("## \u2705 All Clear \u2014 No Issues Found");
+    lines.push("");
+    lines.push(`> \u{1F389} **Nice work on PR #${result.pullRequestId}!**`);
+    lines.push(`>`);
+    lines.push(`> IRA scanned every changed file across **${fw}** and didn't surface a single concern.`);
+    if (acLine) {
+      lines.push(`>`);
+      lines.push(`> ${acLine}`);
+    }
+    if (result.risk) {
+      lines.push(`>`);
+      lines.push(`> Risk score: **${result.risk.score}/${result.risk.maxScore}** (${result.risk.level}).`);
+    }
+    lines.push(`>`);
+    lines.push(`> \u2705 **Safe to approve from an automated-review standpoint.**`);
+    lines.push(`>`);
+    lines.push(`> \u{1F465} **Human reviewer approval is still required before merge.** IRA augments your code review process \u2014 it doesn't replace it. Please ensure your team's review and approval requirements have been met before merging.`);
+    lines.push("");
+  }
   lines.push("## Overview");
   lines.push("");
   lines.push(`| Metric | Value |`);
@@ -2862,7 +2894,10 @@ var Notifier = class {
 import { execSync as execSync2 } from "child_process";
 function resolveGitRoot() {
   try {
-    return execSync2("git rev-parse --show-toplevel", { encoding: "utf-8" }).trim();
+    return execSync2("git rev-parse --show-toplevel", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
   } catch {
     return process.cwd();
   }
@@ -3403,7 +3438,11 @@ Cause: ${warnings[warnings.length - 1]}` : "";
             let commitMessages = [];
             try {
               const { execSync: execSync6 } = await import("child_process");
-              const gitLog = execSync6("git log --oneline -20 --no-decorate", { cwd: repoPath, encoding: "utf-8" });
+              const gitLog = execSync6("git log --oneline -20 --no-decorate", {
+                cwd: repoPath,
+                encoding: "utf-8",
+                stdio: ["pipe", "pipe", "pipe"]
+              });
               commitMessages = gitLog.trim().split("\n").filter(Boolean);
             } catch {
             }
@@ -3422,15 +3461,23 @@ Cause: ${warnings[warnings.length - 1]}` : "";
             if (acGeneration.parseWarning) {
               warnings.push(acGeneration.parseWarning);
             }
-            if (acGeneration.criteria.length > 0 && !this.config.dryRun) {
+            const postingDisabled = this.config.postAcsToJira === false;
+            if (acGeneration.criteria.length > 0 && !this.config.dryRun && !postingDisabled) {
               try {
                 const commentBody = formatACsForJiraComment(acGeneration, pullRequestId);
                 await jiraClient.addComment(this.config.jiraTicket, commentBody);
                 console.log(`  Posted ${acGeneration.totalCriteria} suggested ACs to ${this.config.jiraTicket}`);
+                acGeneration.postedToJira = true;
               } catch (error) {
                 const msg = error instanceof Error ? error.message : "Unknown error";
                 warnings.push(`Failed to post AC suggestions to JIRA: ${msg}`);
+                acGeneration.postedToJira = false;
               }
+            } else if (postingDisabled && acGeneration.criteria.length > 0) {
+              console.log(`  Skipped posting ${acGeneration.totalCriteria} suggested ACs to ${this.config.jiraTicket} (--no-post-acs-to-jira). See PR summary.`);
+              acGeneration.postedToJira = false;
+            } else {
+              acGeneration.postedToJira = false;
             }
           }
         }
@@ -3644,6 +3691,8 @@ function resolveConfigFromEnv(overrides = {}) {
   }
   const jiraAcSource = overrides.jiraAcSource ?? optionalEnv("IRA_JIRA_AC_SOURCE");
   const jiraTicket = overrides.jiraTicket ?? optionalEnv("IRA_JIRA_TICKET");
+  const postAcsToJiraEnv = optionalEnv("IRA_POST_ACS_TO_JIRA");
+  const postAcsToJira = overrides.postAcsToJira === false ? false : postAcsToJiraEnv && /^(false|0|no|off)$/i.test(postAcsToJiraEnv) ? false : void 0;
   const commentStyleRaw = overrides.commentStyle ?? optionalEnv("IRA_COMMENT_STYLE");
   if (commentStyleRaw && commentStyleRaw !== "compact" && commentStyleRaw !== "detailed") {
     throw new Error(`Invalid comment-style: "${commentStyleRaw}". Must be "compact" or "detailed".`);
@@ -3677,6 +3726,7 @@ function resolveConfigFromEnv(overrides = {}) {
     ...overrides.generateTests && { generateTests: overrides.generateTests },
     ...overrides.testFramework && { testFramework: overrides.testFramework },
     ...jiraAcSource && { jiraAcSource },
+    ...postAcsToJira === false && { postAcsToJira: false },
     ...commentStyle && { commentStyle },
     ...rulesUrl && { rulesUrl }
   };
@@ -4030,7 +4080,7 @@ function logEnvironmentInfo(config) {
 }
 var program = new Command();
 program.name("ira-review").description("AI-powered PR review tool with SonarQube + GitHub/Bitbucket integration").version("3.1.0");
-program.command("review").description("Run AI-powered review on a pull request").option("--sonar-url <url>", "SonarQube/SonarCloud base URL (or IRA_SONAR_URL)").option("--sonar-token <token>", "SonarQube API token (or IRA_SONAR_TOKEN)").option("--project-key <key>", "Sonar project key (or IRA_PROJECT_KEY)").option("--pr <id>", "Pull request ID (or IRA_PR)").option("--scm-provider <provider>", "SCM provider: bitbucket or github (or IRA_SCM_PROVIDER)").option("--bitbucket-token <token>", "Bitbucket API token (or IRA_BITBUCKET_TOKEN)").option("--repo <repo>", "Bitbucket workspace/repo-slug (Cloud) or PROJECT/repo-slug (Server) (or IRA_REPO)").option("--bitbucket-url <url>", "Bitbucket base URL (or IRA_BITBUCKET_URL)").option("--bitbucket-type <type>", "Bitbucket type: cloud or server (auto-detects from URL if omitted; or IRA_BITBUCKET_TYPE)").option("--github-token <token>", "GitHub API token (or IRA_GITHUB_TOKEN)").option("--github-repo <repo>", "GitHub owner/repo (or IRA_GITHUB_REPO)").option("--github-url <url>", "GitHub Enterprise URL (or IRA_GITHUB_URL)").option("--ai-provider <provider>", "AI provider").option("--ai-model <model>", "AI model to use").option("--dry-run", "Print comments to stdout instead of posting to SCM").option("--min-severity <level>", "Minimum severity to review (BLOCKER|CRITICAL|MAJOR|MINOR|INFO)").option("--jira-url <url>", "JIRA base URL (or IRA_JIRA_URL)").option("--jira-email <email>", "JIRA email (or IRA_JIRA_EMAIL)").option("--jira-token <token>", "JIRA API token (or IRA_JIRA_TOKEN)").option("--jira-type <type>", "JIRA type: cloud or server (auto-detects from URL if omitted)").option("--jira-ticket <key>", "JIRA ticket key (e.g. PROJ-123)").option("--jira-ac-field <field>", "Custom field ID for acceptance criteria").option("--jira-ac-source <source>", "Where to look for AC: customField, description, or both (default: customField)").option("--slack-webhook <url>", "Slack webhook URL for notifications").option("--teams-webhook <url>", "Teams webhook URL for notifications").option("--notify-min-risk <level>", "Only notify when risk is at or above this level: low, medium, high, critical").option("--notify-on-ac-fail", "Send notification when JIRA acceptance criteria validation fails").option("--ai-base-url <url>", "AI provider base URL (Azure endpoint, Ollama URL)").option("--ai-api-key <key>", "AI API key (or IRA_AI_API_KEY / OPENAI_API_KEY)").option("--ai-api-version <version>", "Azure OpenAI API version").option("--ai-deployment <name>", "Azure OpenAI deployment name").option("--ai-model-critical <model>", "Stronger AI model for BLOCKER/CRITICAL issues").option("--generate-tests", "Generate test cases from JIRA acceptance criteria").option("--test-framework <framework>", "Test framework: jest, vitest, mocha, playwright, cypress, gherkin, pytest, junit (default: jest)").option("--config <path>", "Path to config file (default: auto-detect .irarc.json / ira.config.json)").option("--no-config-file", "Disable auto-loading config file from repo").option("--rules-url <url>", "Fetch .ira-rules.json from URL (raw HTTP) \u2014 useful when CI has no full checkout (or IRA_RULES_URL)").option("--comment-style <style>", "Comment formatter style: compact (default) or detailed (or IRA_COMMENT_STYLE)").action(async (opts) => {
+program.command("review").description("Run AI-powered review on a pull request").option("--sonar-url <url>", "SonarQube/SonarCloud base URL (or IRA_SONAR_URL)").option("--sonar-token <token>", "SonarQube API token (or IRA_SONAR_TOKEN)").option("--project-key <key>", "Sonar project key (or IRA_PROJECT_KEY)").option("--pr <id>", "Pull request ID (or IRA_PR)").option("--scm-provider <provider>", "SCM provider: bitbucket or github (or IRA_SCM_PROVIDER)").option("--bitbucket-token <token>", "Bitbucket API token (or IRA_BITBUCKET_TOKEN)").option("--repo <repo>", "Bitbucket workspace/repo-slug (Cloud) or PROJECT/repo-slug (Server) (or IRA_REPO)").option("--bitbucket-url <url>", "Bitbucket base URL (or IRA_BITBUCKET_URL)").option("--bitbucket-type <type>", "Bitbucket type: cloud or server (auto-detects from URL if omitted; or IRA_BITBUCKET_TYPE)").option("--github-token <token>", "GitHub API token (or IRA_GITHUB_TOKEN)").option("--github-repo <repo>", "GitHub owner/repo (or IRA_GITHUB_REPO)").option("--github-url <url>", "GitHub Enterprise URL (or IRA_GITHUB_URL)").option("--ai-provider <provider>", "AI provider").option("--ai-model <model>", "AI model to use").option("--dry-run", "Print comments to stdout instead of posting to SCM").option("--min-severity <level>", "Minimum severity to review (BLOCKER|CRITICAL|MAJOR|MINOR|INFO)").option("--jira-url <url>", "JIRA base URL (or IRA_JIRA_URL)").option("--jira-email <email>", "JIRA email (or IRA_JIRA_EMAIL)").option("--jira-token <token>", "JIRA API token (or IRA_JIRA_TOKEN)").option("--jira-type <type>", "JIRA type: cloud or server (auto-detects from URL if omitted)").option("--jira-ticket <key>", "JIRA ticket key (e.g. PROJ-123)").option("--jira-ac-field <field>", "Custom field ID for acceptance criteria").option("--jira-ac-source <source>", "Where to look for AC: customField, description, or both (default: customField)").option("--no-post-acs-to-jira", "Don't post AI-generated acceptance criteria back to the JIRA ticket when none exist; keep them in the PR summary only (or IRA_POST_ACS_TO_JIRA=false)").option("--slack-webhook <url>", "Slack webhook URL for notifications").option("--teams-webhook <url>", "Teams webhook URL for notifications").option("--notify-min-risk <level>", "Only notify when risk is at or above this level: low, medium, high, critical").option("--notify-on-ac-fail", "Send notification when JIRA acceptance criteria validation fails").option("--ai-base-url <url>", "AI provider base URL (Azure endpoint, Ollama URL)").option("--ai-api-key <key>", "AI API key (or IRA_AI_API_KEY / OPENAI_API_KEY)").option("--ai-api-version <version>", "Azure OpenAI API version").option("--ai-deployment <name>", "Azure OpenAI deployment name").option("--ai-model-critical <model>", "Stronger AI model for BLOCKER/CRITICAL issues").option("--generate-tests", "Generate test cases from JIRA acceptance criteria").option("--test-framework <framework>", "Test framework: jest, vitest, mocha, playwright, cypress, gherkin, pytest, junit (default: jest)").option("--config <path>", "Path to config file (default: auto-detect .irarc.json / ira.config.json)").option("--no-config-file", "Disable auto-loading config file from repo").option("--rules-url <url>", "Fetch .ira-rules.json from URL (raw HTTP) \u2014 useful when CI has no full checkout (or IRA_RULES_URL)").option("--comment-style <style>", "Comment formatter style: compact (default) or detailed (or IRA_COMMENT_STYLE)").action(async (opts) => {
   try {
     console.log(`
 \u{1F50D} IRA \u2014 Scanning PR before your reviewers do
@@ -4065,6 +4115,11 @@ program.command("review").description("Run AI-powered review on a pull request")
       ...opts.jiraTicket && { jiraTicket: opts.jiraTicket.toUpperCase() },
       ...opts.jiraAcField && { jiraAcField: opts.jiraAcField },
       ...opts.jiraAcSource && { jiraAcSource: opts.jiraAcSource },
+      // commander's --no-X pattern → opts.postAcsToJira is `true` by default,
+      // `false` only when the user passed `--no-post-acs-to-jira`. Only push
+      // through the explicit-disable case; otherwise leave undefined so env
+      // var (or the engine's built-in default of "enabled") wins.
+      ...opts.postAcsToJira === false && { postAcsToJira: false },
       ...opts.slackWebhook && { slackWebhook: opts.slackWebhook },
       ...opts.teamsWebhook && { teamsWebhook: opts.teamsWebhook },
       ...opts.notifyMinRisk && { notifyMinRisk: opts.notifyMinRisk },

package/dist/index.cjs

@@ -1796,10 +1796,17 @@ var BitbucketServerClient = class {
     });
   }
   async getIssueComments(pullRequestId) {
+    const collect = (node, sink) => {
+      if (!node) return;
+      if (typeof node.text === "string" && node.text.length > 0) sink.push(node.text);
+      if (Array.isArray(node.comments)) {
+        for (const child of node.comments) collect(child, sink);
+      }
+    };
     const bodies = [];
     let start = 0;
     while (true) {
-      const url = this.prUrl(pullRequestId, `/comments?start=${start}&limit=100`);
+      const url = this.prUrl(pullRequestId, `/activities?start=${start}&limit=100`);
       const data = await withRetry(async () => {
         const response = await fetchWithTimeout(url, { headers: this.headers });
         if (!response.ok) {
@@ -1811,7 +1818,9 @@ var BitbucketServerClient = class {
         }
         return await response.json();
       });
-      for (const c of data.values) bodies.push(c.text);
+      for (const activity of data.values) {
+        if (activity.action === "COMMENTED") collect(activity.comment, bodies);
+      }
       if (data.isLastPage) break;
       start = data.nextPageStart ?? start + 100;
     }
@@ -3411,6 +3420,29 @@ function buildSummary2(result) {
       lines.push("");
     }
   }
+  const acGapExists = result.requirementCompletion && result.requirementCompletion.completionPercentage < 100 || result.acceptanceValidation && !result.acceptanceValidation.overallPass;
+  if (result.comments.length === 0 && !acGapExists) {
+    const fw = result.framework ?? "your stack";
+    const acLine = result.requirementCompletion ? `Acceptance criteria for **${result.requirementCompletion.jiraKey}**: **${result.requirementCompletion.completionPercentage}% covered** (${result.requirementCompletion.metCriteria}/${result.requirementCompletion.totalCriteria}).` : result.acceptanceValidation ? `Acceptance criteria for **${result.acceptanceValidation.jiraKey}**: ${result.acceptanceValidation.overallPass ? "**all met** \u2705" : "**partially met** \u2014 see the JIRA section above"}.` : result.acGeneration && result.acGeneration.criteria.length > 0 ? result.acGeneration.postedToJira ? `\u{1F4DD} No acceptance criteria found on **${result.acGeneration.jiraKey}** \u2014 IRA generated **${result.acGeneration.totalCriteria} suggested AC${result.acGeneration.totalCriteria === 1 ? "" : "s"}** and posted them as a comment on the JIRA ticket for the Product Owner / requirement author to review and refine.` : `\u{1F4DD} No acceptance criteria found on **${result.acGeneration.jiraKey}** \u2014 IRA generated **${result.acGeneration.totalCriteria} suggested AC${result.acGeneration.totalCriteria === 1 ? "" : "s"}** (see the Suggested Acceptance Criteria section below).` : null;
+    lines.push("## \u2705 All Clear \u2014 No Issues Found");
+    lines.push("");
+    lines.push(`> \u{1F389} **Nice work on PR #${result.pullRequestId}!**`);
+    lines.push(`>`);
+    lines.push(`> IRA scanned every changed file across **${fw}** and didn't surface a single concern.`);
+    if (acLine) {
+      lines.push(`>`);
+      lines.push(`> ${acLine}`);
+    }
+    if (result.risk) {
+      lines.push(`>`);
+      lines.push(`> Risk score: **${result.risk.score}/${result.risk.maxScore}** (${result.risk.level}).`);
+    }
+    lines.push(`>`);
+    lines.push(`> \u2705 **Safe to approve from an automated-review standpoint.**`);
+    lines.push(`>`);
+    lines.push(`> \u{1F465} **Human reviewer approval is still required before merge.** IRA augments your code review process \u2014 it doesn't replace it. Please ensure your team's review and approval requirements have been met before merging.`);
+    lines.push("");
+  }
   lines.push("## Overview");
   lines.push("");
   lines.push(`| Metric | Value |`);
@@ -3658,7 +3690,10 @@ var Notifier = class {
 var import_node_child_process2 = require("child_process");
 function resolveGitRoot() {
   try {
-    return (0, import_node_child_process2.execSync)("git rev-parse --show-toplevel", { encoding: "utf-8" }).trim();
+    return (0, import_node_child_process2.execSync)("git rev-parse --show-toplevel", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
   } catch {
     return process.cwd();
   }
@@ -4217,7 +4252,11 @@ Cause: ${warnings[warnings.length - 1]}` : "";
             let commitMessages = [];
             try {
               const { execSync: execSync4 } = await import("child_process");
-              const gitLog = execSync4("git log --oneline -20 --no-decorate", { cwd: repoPath, encoding: "utf-8" });
+              const gitLog = execSync4("git log --oneline -20 --no-decorate", {
+                cwd: repoPath,
+                encoding: "utf-8",
+                stdio: ["pipe", "pipe", "pipe"]
+              });
               commitMessages = gitLog.trim().split("\n").filter(Boolean);
             } catch {
             }
@@ -4236,15 +4275,23 @@ Cause: ${warnings[warnings.length - 1]}` : "";
             if (acGeneration.parseWarning) {
               warnings.push(acGeneration.parseWarning);
             }
-            if (acGeneration.criteria.length > 0 && !this.config.dryRun) {
+            const postingDisabled = this.config.postAcsToJira === false;
+            if (acGeneration.criteria.length > 0 && !this.config.dryRun && !postingDisabled) {
               try {
                 const commentBody = formatACsForJiraComment(acGeneration, pullRequestId);
                 await jiraClient.addComment(this.config.jiraTicket, commentBody);
                 console.log(`  Posted ${acGeneration.totalCriteria} suggested ACs to ${this.config.jiraTicket}`);
+                acGeneration.postedToJira = true;
               } catch (error) {
                 const msg = error instanceof Error ? error.message : "Unknown error";
                 warnings.push(`Failed to post AC suggestions to JIRA: ${msg}`);
+                acGeneration.postedToJira = false;
               }
+            } else if (postingDisabled && acGeneration.criteria.length > 0) {
+              console.log(`  Skipped posting ${acGeneration.totalCriteria} suggested ACs to ${this.config.jiraTicket} (--no-post-acs-to-jira). See PR summary.`);
+              acGeneration.postedToJira = false;
+            } else {
+              acGeneration.postedToJira = false;
             }
           }
         }
@@ -4458,6 +4505,8 @@ function resolveConfigFromEnv(overrides = {}) {
   }
   const jiraAcSource = overrides.jiraAcSource ?? optionalEnv("IRA_JIRA_AC_SOURCE");
   const jiraTicket = overrides.jiraTicket ?? optionalEnv("IRA_JIRA_TICKET");
+  const postAcsToJiraEnv = optionalEnv("IRA_POST_ACS_TO_JIRA");
+  const postAcsToJira = overrides.postAcsToJira === false ? false : postAcsToJiraEnv && /^(false|0|no|off)$/i.test(postAcsToJiraEnv) ? false : void 0;
   const commentStyleRaw = overrides.commentStyle ?? optionalEnv("IRA_COMMENT_STYLE");
   if (commentStyleRaw && commentStyleRaw !== "compact" && commentStyleRaw !== "detailed") {
     throw new Error(`Invalid comment-style: "${commentStyleRaw}". Must be "compact" or "detailed".`);
@@ -4491,6 +4540,7 @@ function resolveConfigFromEnv(overrides = {}) {
     ...overrides.generateTests && { generateTests: overrides.generateTests },
     ...overrides.testFramework && { testFramework: overrides.testFramework },
     ...jiraAcSource && { jiraAcSource },
+    ...postAcsToJira === false && { postAcsToJira: false },
     ...commentStyle && { commentStyle },
     ...rulesUrl && { rulesUrl }
   };