ira-review 3.1.5 → 3.1.7

package/README.github.md

@@ -137,10 +137,6 @@ This is the feature that catches "does this actually match the ticket?" before a
 
 When a JIRA ticket has **no acceptance criteria at all**, IRA generates suggested ACs from the diff and (by default) posts them as a comment on the JIRA ticket for the Product Owner to review and refine. If your CI environment cannot or should not write back to JIRA — for example, the JIRA service account is read-only, or org policy forbids automated JIRA writes — pass `--no-post-acs-to-jira` (or set `IRA_POST_ACS_TO_JIRA=false`). The suggestions still render in the PR summary under **📝 Suggested Acceptance Criteria**, so reviewers see them either way; only the JIRA write is suppressed.
 
-### "All Clear" PR Summary
-
-When IRA finishes a review with **zero issues** found and **JIRA acceptance criteria are 100% covered** (or the ticket needs no ACs), the PR summary leads with a celebratory ✅ banner: a confident, specific signal that automated review passed, alongside an explicit reminder that **human reviewer approval is still required before merge**. The banner is suppressed when an AC gap exists so the summary never reads "safe to approve" while a requirements gap is still visible — IRA augments your code review process, it doesn't replace it.
-
 ### Inline AI Comments
 
 Each issue is posted as an inline comment on the exact line in the PR, containing:

package/README.md

@@ -42,7 +42,6 @@ Each issue is posted as an inline comment on the exact PR line with explanation,
 - Two-pass critical review (`--ai-model-critical`) — bulk pass uses your everyday model; only `CRITICAL`/`BLOCKER` findings are re-run against a stronger model, keeping premium-request cost low while preserving deep analysis on what matters
 - JIRA acceptance criteria validation with per-criterion pass/fail and edge case detection
 - JIRA AC auto-detection — finds AC from custom field or description automatically
-- "All Clear" PR summary block — celebratory ✅ banner when zero issues are found and JIRA AC coverage is 100%, with a clear "human reviewer approval is still required before merge" reminder. Suppressed automatically if any AC gap exists, so the summary never claims "safe to approve" while requirements are unmet.
 - Custom team review rules via `.ira-rules.json` (see below)
 - Test case generation from JIRA tickets (Jest, Vitest, Playwright, etc.)
 - Comment deduplication across re-runs

package/README.npm.md

@@ -42,7 +42,6 @@ Each issue is posted as an inline comment on the exact PR line with explanation,
 - Two-pass critical review (`--ai-model-critical`) — bulk pass uses your everyday model; only `CRITICAL`/`BLOCKER` findings are re-run against a stronger model, keeping premium-request cost low while preserving deep analysis on what matters
 - JIRA acceptance criteria validation with per-criterion pass/fail and edge case detection
 - JIRA AC auto-detection — finds AC from custom field or description automatically
-- "All Clear" PR summary block — celebratory ✅ banner when zero issues are found and JIRA AC coverage is 100%, with a clear "human reviewer approval is still required before merge" reminder. Suppressed automatically if any AC gap exists, so the summary never claims "safe to approve" while requirements are unmet.
 - Custom team review rules via `.ira-rules.json` (see below)
 - Test case generation from JIRA tickets (Jest, Vitest, Playwright, etc.)
 - Comment deduplication across re-runs

package/dist/{bitbucket-TXGRB3VV.js → bitbucket-H2QDXN2J.js}

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import {
   BitbucketClient
-} from "./chunk-ZKADAXVW.js";
-import "./chunk-AFLVYFZ2.js";
+} from "./chunk-KMETPSAC.js";
+import "./chunk-C43CWCJF.js";
 export {
   BitbucketClient
 };

package/dist/chunk-C43CWCJF.js

@@ -0,0 +1,343 @@
+#!/usr/bin/env node
+
+// src/utils/retry.ts
+var DEFAULT_OPTIONS = {
+  maxAttempts: 3,
+  baseDelayMs: 1e3,
+  maxDelayMs: 1e4
+};
+var RetryableError = class extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "RetryableError";
+  }
+  statusCode;
+};
+var TimeoutError = class extends RetryableError {
+  constructor(message = "Request timed out") {
+    super(message, 408);
+    this.name = "TimeoutError";
+  }
+};
+function isRetryable(error) {
+  if (error instanceof TimeoutError) return true;
+  if (error instanceof Error && error.name === "AbortError") return false;
+  if (error instanceof TypeError) return true;
+  const status = getStatusCode(error);
+  if (status !== void 0) {
+    return status === 429 || status >= 500;
+  }
+  return false;
+}
+function getStatusCode(error) {
+  if (error instanceof Error && "statusCode" in error && typeof error.statusCode === "number") {
+    return error.statusCode;
+  }
+  return void 0;
+}
+async function withRetry(fn, options = {}) {
+  const { maxAttempts, baseDelayMs, maxDelayMs } = {
+    ...DEFAULT_OPTIONS,
+    ...options
+  };
+  let lastError;
+  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    try {
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      if (attempt === maxAttempts || !isRetryable(error)) break;
+      const delay = Math.min(baseDelayMs * 2 ** (attempt - 1), maxDelayMs);
+      const jitter = delay * (0.5 + Math.random() * 0.5);
+      await sleep(jitter);
+    }
+  }
+  throw lastError;
+}
+async function fetchWithTimeout(url, init = {}, timeoutMs = 3e4) {
+  const controller = new AbortController();
+  let timedOut = false;
+  const timer = setTimeout(() => {
+    timedOut = true;
+    controller.abort();
+  }, timeoutMs);
+  const callerSignal = init.signal;
+  if (callerSignal) {
+    if (callerSignal.aborted) {
+      clearTimeout(timer);
+      controller.abort(callerSignal.reason);
+    } else {
+      const onCallerAbort = () => controller.abort(callerSignal.reason);
+      callerSignal.addEventListener("abort", onCallerAbort, { once: true });
+      controller.signal.addEventListener(
+        "abort",
+        () => callerSignal.removeEventListener("abort", onCallerAbort),
+        { once: true }
+      );
+    }
+  }
+  try {
+    return await fetch(url, { ...init, signal: controller.signal });
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError" && timedOut) {
+      throw new TimeoutError(`Request timed out after ${timeoutMs}ms`);
+    }
+    throw error;
+  } finally {
+    clearTimeout(timer);
+  }
+}
+function parseApiError(status, body, provider) {
+  const statusMessages = {
+    400: "Bad request",
+    401: "Authentication failed \u2014 check your token or credentials",
+    403: "Access denied \u2014 you may not have permission for this resource",
+    404: "Not found \u2014 check the URL, project key, or PR number",
+    408: "Request timed out \u2014 try again in a moment",
+    409: "Conflict \u2014 the resource may have been modified",
+    422: "Invalid request \u2014 the server couldn't process it",
+    429: "Rate limited \u2014 too many requests, try again shortly",
+    500: "Server error \u2014 the service is having issues",
+    502: "Bad gateway \u2014 the service is temporarily unavailable",
+    503: "Service unavailable \u2014 try again in a moment",
+    504: "Gateway timeout \u2014 the service took too long to respond"
+  };
+  const friendlyStatus = statusMessages[status] ?? `HTTP ${status}`;
+  const trimmed = body.trim();
+  if (trimmed.startsWith("{") || trimmed.startsWith("[")) {
+    try {
+      const json = JSON.parse(trimmed);
+      const msg = json.message ?? json.error?.message ?? json.error ?? json.errors?.[0]?.message ?? json.detail;
+      if (typeof msg === "string" && msg.length > 0 && msg.length < 200) {
+        return `${provider} (${status}): ${msg}`;
+      }
+    } catch {
+    }
+  }
+  if (trimmed.startsWith("<!") || trimmed.startsWith("<html") || trimmed.includes("<body")) {
+    return `${provider} (${status}): ${friendlyStatus}`;
+  }
+  if (trimmed.length > 0 && trimmed.length < 150) {
+    return `${provider} (${status}): ${trimmed}`;
+  }
+  return `${provider} (${status}): ${friendlyStatus}`;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/core/summaryBuilder.ts
+var IRA_SUMMARY_TAG = "<!-- ira:summary -->";
+function buildSummary(result, meta = {}) {
+  const lines = [];
+  const dot = computeStatusDot(result);
+  const riskLevel = result.risk?.level ?? "LOW";
+  const riskScore = result.risk?.score ?? 0;
+  const riskMax = result.risk?.maxScore ?? 100;
+  lines.push(IRA_SUMMARY_TAG);
+  lines.push(`### ${dot} IRA Review \xB7 ${riskLevel} risk (${riskScore}/${riskMax})`);
+  lines.push("");
+  const metrics = [];
+  if (typeof result.filesReviewed === "number") {
+    metrics.push(`${result.filesReviewed} file${result.filesReviewed === 1 ? "" : "s"} reviewed`);
+  }
+  metrics.push(`${result.comments.length} finding${result.comments.length === 1 ? "" : "s"}`);
+  const acMetric = formatAcMetric(result);
+  if (acMetric) metrics.push(acMetric);
+  lines.push(metrics.join(" \xB7 "));
+  lines.push("");
+  if (result.comments.length > 0) {
+    lines.push("## Findings");
+    lines.push("");
+    lines.push("| File | Line | Rule | Severity |");
+    lines.push("|---|---|---|---|");
+    for (const c of result.comments) {
+      lines.push(`| ${c.filePath} | ${c.line} | \`${c.rule}\` | ${c.severity} |`);
+    }
+    lines.push("");
+  }
+  if (result.requirementCompletion) {
+    const rc = result.requirementCompletion;
+    lines.push(`## Acceptance Criteria \u2014 ${rc.jiraKey} (${rc.completionPercentage}% covered, ${rc.metCriteria}/${rc.totalCriteria})`);
+    lines.push("");
+    for (const r of rc.requirements) {
+      const icon = r.coverage === "full" ? "\u2705" : r.coverage === "partial" ? "\u{1F7E1}" : "\u274C";
+      lines.push(`- ${icon} ${r.description}`);
+      if (r.coverage !== "full") {
+        lines.push(`  > ${r.evidence}`);
+      }
+    }
+    if (rc.edgeCases.length > 0) {
+      lines.push("");
+      lines.push("### Edge cases not covered");
+      for (const e of rc.edgeCases) {
+        lines.push(`- ${e}`);
+      }
+    }
+    if (rc.parseWarning) {
+      lines.push("");
+      lines.push(`> \u26A0\uFE0F ${rc.parseWarning}`);
+    }
+    lines.push("");
+  } else if (result.acceptanceValidation) {
+    const av = result.acceptanceValidation;
+    const status = av.overallPass ? "all met" : "gaps found";
+    lines.push(`## Acceptance Criteria \u2014 ${av.jiraKey} (${status})`);
+    lines.push("");
+    lines.push(`_${av.summary}_`);
+    lines.push("");
+    for (const c of av.criteria) {
+      lines.push(`- ${c.met ? "\u2705" : "\u274C"} ${c.description}`);
+    }
+    lines.push("");
+  }
+  if (result.risk && result.reviewMode === "sonar" && result.risk.factors.length > 0) {
+    lines.push("## Risk Factors");
+    lines.push("");
+    lines.push("| Factor | Score | Detail |");
+    lines.push("|---|---|---|");
+    for (const f of result.risk.factors) {
+      lines.push(`| ${f.name} | ${f.score}/${f.maxScore} | ${f.detail} |`);
+    }
+    lines.push("");
+  }
+  if (result.complexity && result.complexity.hotspots.length > 0) {
+    lines.push("## Complexity Hotspots");
+    lines.push("");
+    lines.push("| File | Complexity | Cognitive |");
+    lines.push("|---|---|---|");
+    for (const h of result.complexity.hotspots.slice(0, 5)) {
+      lines.push(`| ${h.filePath} | ${h.complexity} | ${h.cognitiveComplexity} |`);
+    }
+    lines.push("");
+  }
+  if (result.acGeneration && result.acGeneration.criteria.length > 0) {
+    const ag = result.acGeneration;
+    lines.push(`## Suggested Acceptance Criteria \u2014 ${ag.jiraKey} (${ag.totalCriteria} generated)`);
+    lines.push("");
+    const postedNote = ag.postedToJira ? `Posted to JIRA as a comment for the Product Owner to review.` : `Not posted to JIRA (suggestions stay in this summary only).`;
+    lines.push(`> No acceptance criteria found on **${ag.jiraKey}**. IRA inferred the following from: ${ag.sources.join(", ")}. ${postedNote}`);
+    lines.push("");
+    for (const ac of ag.criteria) {
+      lines.push(`**${ac.id}**`);
+      lines.push(`- **Given** ${ac.given}`);
+      lines.push(`- **When** ${ac.when}`);
+      lines.push(`- **Then** ${ac.then}`);
+      lines.push("");
+    }
+    if (ag.reviewHints && ag.reviewHints.length > 0) {
+      lines.push(`### Questions for PO`);
+      lines.push(`> IRA could not determine the following from the code. Answering these will strengthen the ACs above.`);
+      lines.push("");
+      for (const hint of ag.reviewHints) {
+        lines.push(`- ${hint}`);
+      }
+      lines.push("");
+    }
+    if (ag.parseWarning) {
+      lines.push(`> \u26A0\uFE0F ${ag.parseWarning}`);
+      lines.push("");
+    }
+  }
+  if (result.testGeneration && result.testGeneration.testCases.length > 0) {
+    const tg = result.testGeneration;
+    const notTestableCount = tg.testCases.filter((tc) => tc.type === "not-testable").length;
+    const testableCount = tg.totalCases - notTestableCount;
+    const headerParts = [`${testableCount} test${testableCount !== 1 ? "s" : ""}`];
+    if (tg.edgeCases > 0) headerParts.push(`${tg.edgeCases} advanced cases`);
+    if (notTestableCount > 0) headerParts.push(`${notTestableCount} not-testable`);
+    lines.push(`## Generated Test Cases (${headerParts.join(", ")})`);
+    lines.push("");
+    const byCriterion = /* @__PURE__ */ new Map();
+    for (const tc of tg.testCases) {
+      const existing = byCriterion.get(tc.criterion) ?? [];
+      existing.push(tc);
+      byCriterion.set(tc.criterion, existing);
+    }
+    for (const [criterion, cases] of byCriterion) {
+      lines.push(`### ${criterion}`);
+      for (const tc of cases) {
+        const typeIcons = {
+          "happy-path": "\u2705",
+          "negative": "\u274C",
+          "boundary-value": "\u{1F532}",
+          "authorization": "\u{1F511}",
+          "integration": "\u{1F517}",
+          "state-workflow": "\u{1F504}",
+          "data-integrity": "\u{1F4CA}",
+          "error-recovery": "\u{1F6E1}\uFE0F",
+          "not-testable": "\u23ED\uFE0F"
+        };
+        const typeIcon = typeIcons[tc.type] ?? "\u2705";
+        lines.push(`- ${typeIcon} ${tc.description} *(${tc.type})*`);
+      }
+      lines.push("");
+    }
+  }
+  if (result.testGeneration?.parseWarning) {
+    lines.push(`> \u26A0\uFE0F ${result.testGeneration.parseWarning}`);
+    lines.push("");
+  }
+  lines.push("---");
+  lines.push(`_${formatFooter(meta)}_`);
+  lines.push("");
+  lines.push("_Human reviewer approval is still required before merge. IRA augments code review; it does not replace it._");
+  return lines.join("\n");
+}
+function computeStatusDot(result) {
+  const riskRank = riskRankFor(result.risk?.level ?? "LOW");
+  const acRank = acGapRank(result);
+  const blockerRank = result.comments.some((c) => c.severity === "BLOCKER") ? 3 : 0;
+  const worst = Math.max(riskRank, acRank, blockerRank);
+  return ["\u{1F7E2}", "\u{1F7E1}", "\u{1F7E0}", "\u{1F534}"][worst] ?? "\u{1F7E2}";
+}
+function riskRankFor(level) {
+  switch (level) {
+    case "CRITICAL":
+      return 3;
+    case "HIGH":
+      return 2;
+    case "MEDIUM":
+      return 1;
+    default:
+      return 0;
+  }
+}
+function acGapRank(result) {
+  if (result.requirementCompletion && result.requirementCompletion.completionPercentage < 100) return 1;
+  if (result.acceptanceValidation && !result.acceptanceValidation.overallPass) return 1;
+  return 0;
+}
+function formatAcMetric(result) {
+  if (result.requirementCompletion) {
+    const rc = result.requirementCompletion;
+    return `${rc.jiraKey}: ${rc.metCriteria}/${rc.totalCriteria} ACs met`;
+  }
+  if (result.acceptanceValidation) {
+    const av = result.acceptanceValidation;
+    return `${av.jiraKey}: ${av.overallPass ? "ACs met" : "AC gaps"}`;
+  }
+  if (result.acGeneration && result.acGeneration.criteria.length > 0) {
+    const ag = result.acGeneration;
+    return `${ag.jiraKey}: ${ag.totalCriteria} AC${ag.totalCriteria === 1 ? "" : "s"} suggested`;
+  }
+  return null;
+}
+function formatFooter(meta) {
+  const parts = [];
+  parts.push(`ira-review${meta.version ? ` ${meta.version}` : ""}`);
+  if (meta.aiProvider || meta.aiModel) {
+    parts.push([meta.aiProvider, meta.aiModel].filter(Boolean).join("/"));
+  }
+  return parts.join(" \xB7 ");
+}
+
+export {
+  RetryableError,
+  withRetry,
+  fetchWithTimeout,
+  parseApiError,
+  IRA_SUMMARY_TAG,
+  buildSummary
+};

package/dist/{chunk-ZKADAXVW.js → chunk-KMETPSAC.js}

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
 import {
+  IRA_SUMMARY_TAG,
   RetryableError,
   fetchWithTimeout,
   parseApiError,
   withRetry
-} from "./chunk-AFLVYFZ2.js";
+} from "./chunk-C43CWCJF.js";
 
 // src/scm/bitbucket.ts
 var BitbucketClient = class {
@@ -70,12 +71,28 @@ var BitbucketClient = class {
     });
   }
   async postSummary(summary, pullRequestId) {
-    const url = `${this.baseUrl}/repositories/${this.workspace}/${this.repoSlug}/pullrequests/${pullRequestId}/comments`;
-    const body = {
-      content: { raw: summary }
-    };
+    const existingId = await this.findExistingSummaryCommentId(pullRequestId);
+    const baseUrl = `${this.baseUrl}/repositories/${this.workspace}/${this.repoSlug}/pullrequests/${pullRequestId}/comments`;
+    const body = { content: { raw: summary } };
+    if (existingId !== null) {
+      await withRetry(async () => {
+        const response = await fetchWithTimeout(`${baseUrl}/${existingId}`, {
+          method: "PUT",
+          headers: this.headers,
+          body: JSON.stringify(body)
+        });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new RetryableError(
+            parseApiError(response.status, text, "Bitbucket"),
+            response.status
+          );
+        }
+      });
+      return;
+    }
     await withRetry(async () => {
-      const response = await fetchWithTimeout(url, {
+      const response = await fetchWithTimeout(baseUrl, {
         method: "POST",
         headers: this.headers,
         body: JSON.stringify(body)
@@ -89,6 +106,35 @@ var BitbucketClient = class {
       }
     });
   }
+  /**
+   * Find a previously-posted IRA summary on this PR by paging through
+   * /pullrequests/{id}/comments and matching the hidden `IRA_SUMMARY_TAG`.
+   * Returns the comment id or null. Bitbucket Cloud's PUT /comments/{id}
+   * does NOT require a version field (unlike Bitbucket Server).
+   */
+  async findExistingSummaryCommentId(pullRequestId) {
+    let url = `${this.baseUrl}/repositories/${this.workspace}/${this.repoSlug}/pullrequests/${pullRequestId}/comments?pagelen=100`;
+    while (url) {
+      const data = await withRetry(async () => {
+        const response = await fetchWithTimeout(url, { headers: this.headers });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new RetryableError(
+            parseApiError(response.status, text, "Bitbucket"),
+            response.status
+          );
+        }
+        return await response.json();
+      });
+      for (const c of data.values) {
+        if (c.content?.raw && c.content.raw.includes(IRA_SUMMARY_TAG)) {
+          return c.id;
+        }
+      }
+      url = data.next;
+    }
+    return null;
+  }
   async getIssueComments(pullRequestId) {
     const bodies = [];
     let url = `${this.baseUrl}/repositories/${this.workspace}/${this.repoSlug}/pullrequests/${pullRequestId}/comments?pagelen=100`;

package/dist/{chunk-SC7RXB4Y.js → chunk-W6VFEXAT.js}

@@ -1,10 +1,11 @@
 #!/usr/bin/env node
 import {
+  IRA_SUMMARY_TAG,
   RetryableError,
   fetchWithTimeout,
   parseApiError,
   withRetry
-} from "./chunk-AFLVYFZ2.js";
+} from "./chunk-C43CWCJF.js";
 
 // src/scm/github.ts
 var GitHubClient = class {
@@ -39,6 +40,25 @@ var GitHubClient = class {
     await this.postIssueComment(comment, pullRequestId);
   }
   async postSummary(summary, pullRequestId) {
+    const existingId = await this.findExistingSummaryCommentId(pullRequestId);
+    if (existingId !== null) {
+      const editUrl = `${this.baseUrl}/repos/${this.owner}/${this.repo}/issues/comments/${existingId}`;
+      await withRetry(async () => {
+        const response = await fetchWithTimeout(editUrl, {
+          method: "PATCH",
+          headers: this.headers,
+          body: JSON.stringify({ body: summary })
+        });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new RetryableError(
+            parseApiError(response.status, text, "GitHub"),
+            response.status
+          );
+        }
+      });
+      return;
+    }
     const url = `${this.baseUrl}/repos/${this.owner}/${this.repo}/issues/${pullRequestId}/comments`;
     await withRetry(async () => {
       const response = await fetchWithTimeout(url, {
@@ -55,6 +75,37 @@ var GitHubClient = class {
       }
     });
   }
+  /**
+   * Find a previously-posted IRA summary on this PR by paging through
+   * /issues/{id}/comments (NOT /pulls/.../comments — that endpoint is for
+   * inline review comments only, summaries live as issue-comments). Matches
+   * the hidden `IRA_SUMMARY_TAG` and returns the comment id or null.
+   */
+  async findExistingSummaryCommentId(pullRequestId) {
+    let page = 1;
+    while (true) {
+      const url = `${this.baseUrl}/repos/${this.owner}/${this.repo}/issues/${pullRequestId}/comments?per_page=100&page=${page}`;
+      const comments = await withRetry(async () => {
+        const response = await fetchWithTimeout(url, { headers: this.headers });
+        if (!response.ok) {
+          const text = await response.text();
+          throw new RetryableError(
+            parseApiError(response.status, text, "GitHub"),
+            response.status
+          );
+        }
+        return await response.json();
+      });
+      for (const c of comments) {
+        if (typeof c.body === "string" && c.body.includes(IRA_SUMMARY_TAG)) {
+          return c.id;
+        }
+      }
+      if (comments.length < 100) break;
+      page++;
+    }
+    return null;
+  }
   async getIssueComments(pullRequestId) {
     const bodies = [];
     let page = 1;