loki-mode 6.20.0 → 6.22.0

package/autonomy/loki

@@ -436,7 +436,9 @@ show_help() {
     echo "  remote [PRD]     Start remote session (connect from phone/browser, Claude Pro/Max)"
   echo "  trigger          Event-driven autonomous execution (schedules, webhooks)"
     echo "  failover [cmd]   Cross-provider auto-failover (status|--enable|--test|--chain)"
+    echo "  onboard [path]   Analyze a repo and generate CLAUDE.md (structure, conventions, commands)"
     echo "  plan <PRD>       Dry-run PRD analysis: complexity, cost, and execution plan"
+    echo "  ci [opts]        CI/CD quality gate integration (--pr, --report, --github-comment)"
     echo "  version          Show version"
     echo "  help             Show this help"
     echo ""
@@ -9189,6 +9191,12 @@ main() {
         failover)
             cmd_failover "$@"
             ;;
+        onboard)
+            cmd_onboard "$@"
+            ;;
+        ci)
+            cmd_ci "$@"
+            ;;
         version|--version|-v)
             cmd_version
             ;;
@@ -13827,4 +13835,1495 @@ $diff"
     esac
 }
 
+# Project onboarding - analyze repo and generate CLAUDE.md (v6.21.0)
+cmd_onboard() {
+    local target_path="."
+    local depth=2
+    local format="markdown"
+    local output_path=""
+    local use_stdout=false
+    local update_mode=false
+
+    # Parse arguments
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --depth)
+                depth="${2:-2}"
+                shift 2
+                ;;
+            --format)
+                format="${2:-markdown}"
+                shift 2
+                ;;
+            --output)
+                output_path="${2:-}"
+                shift 2
+                ;;
+            --stdout)
+                use_stdout=true
+                shift
+                ;;
+            --update)
+                update_mode=true
+                shift
+                ;;
+            --help|-h)
+                echo -e "${BOLD}loki onboard${NC} - Analyze a project and generate CLAUDE.md"
+                echo ""
+                echo "Usage: loki onboard [path] [options]"
+                echo ""
+                echo "Arguments:"
+                echo "  path              Path to repository (default: current directory)"
+                echo ""
+                echo "Options:"
+                echo "  --depth N         Analysis depth: 1=surface, 2=moderate, 3=deep (default: 2)"
+                echo "  --format FORMAT   Output format: markdown, json, yaml (default: markdown)"
+                echo "  --output PATH     Custom output file path"
+                echo "  --stdout          Print to stdout instead of writing file"
+                echo "  --update          Update existing CLAUDE.md with new findings"
+                echo "  --help            Show this help"
+                echo ""
+                echo "Examples:"
+                echo "  loki onboard                    # Analyze current directory"
+                echo "  loki onboard ~/projects/myapp   # Analyze specific repo"
+                echo "  loki onboard --depth 3          # Deep analysis with dependency mapping"
+                echo "  loki onboard --format json      # JSON output"
+                echo "  loki onboard --stdout            # Print to terminal"
+                return 0
+                ;;
+            -*)
+                log_error "Unknown option: $1"
+                echo "Run 'loki onboard --help' for usage."
+                return 1
+                ;;
+            *)
+                target_path="$1"
+                shift
+                ;;
+        esac
+    done
+
+    # Validate target path
+    if [ ! -d "$target_path" ]; then
+        log_error "Directory not found: $target_path"
+        return 1
+    fi
+
+    # Resolve to absolute path
+    target_path="$(cd "$target_path" && pwd)"
+
+    # When --stdout, send log messages to stderr to keep stdout clean
+    if [ "$use_stdout" = true ]; then
+        log_info "Analyzing project at: $target_path" >&2
+        log_info "Depth: $depth | Format: $format" >&2
+    else
+        log_info "Analyzing project at: $target_path"
+        log_info "Depth: $depth | Format: $format"
+    fi
+
+    # --- Detect project metadata ---
+    local project_name
+    project_name="$(basename "$target_path")"
+
+    local languages=""
+    local frameworks=""
+    local build_system=""
+    local test_framework=""
+    local entry_points=""
+    local package_manager=""
+    local project_description=""
+    local project_version=""
+
+    # Detect languages and config files
+    local config_files=""
+
+    if [ -f "$target_path/package.json" ]; then
+        config_files="$config_files package.json"
+        languages="$languages JavaScript/TypeScript"
+        package_manager="npm"
+        if [ -f "$target_path/yarn.lock" ]; then
+            package_manager="yarn"
+        elif [ -f "$target_path/pnpm-lock.yaml" ]; then
+            package_manager="pnpm"
+        elif [ -f "$target_path/bun.lockb" ]; then
+            package_manager="bun"
+        fi
+        # Extract metadata from package.json
+        if command -v python3 &>/dev/null; then
+            local pkg_name
+            pkg_name=$(python3 -c "
+import json, sys
+try:
+    d = json.load(open('$target_path/package.json'))
+    print(d.get('name', ''))
+except: pass
+" 2>/dev/null || true)
+            if [ -n "$pkg_name" ]; then
+                project_name="$pkg_name"
+            fi
+            project_description=$(python3 -c "
+import json, sys
+try:
+    d = json.load(open('$target_path/package.json'))
+    print(d.get('description', ''))
+except: pass
+" 2>/dev/null || true)
+            project_version=$(python3 -c "
+import json, sys
+try:
+    d = json.load(open('$target_path/package.json'))
+    print(d.get('version', ''))
+except: pass
+" 2>/dev/null || true)
+            entry_points=$(python3 -c "
+import json, sys
+try:
+    d = json.load(open('$target_path/package.json'))
+    main = d.get('main', '')
+    if main: print(main)
+    scripts = d.get('scripts', {})
+    if 'start' in scripts: print('scripts.start: ' + scripts['start'])
+except: pass
+" 2>/dev/null || true)
+        fi
+        # Detect frameworks from dependencies
+        if grep -q '"react"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks React"
+        fi
+        if grep -q '"next"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks Next.js"
+        fi
+        if grep -q '"vue"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks Vue"
+        fi
+        if grep -q '"express"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks Express"
+        fi
+        if grep -q '"fastify"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks Fastify"
+        fi
+        if grep -q '"svelte"' "$target_path/package.json" 2>/dev/null; then
+            frameworks="$frameworks Svelte"
+        fi
+        # Detect test framework
+        if grep -q '"jest"' "$target_path/package.json" 2>/dev/null; then
+            test_framework="$test_framework jest"
+        fi
+        if grep -q '"vitest"' "$target_path/package.json" 2>/dev/null; then
+            test_framework="$test_framework vitest"
+        fi
+        if grep -q '"mocha"' "$target_path/package.json" 2>/dev/null; then
+            test_framework="$test_framework mocha"
+        fi
+        if grep -q '"playwright"' "$target_path/package.json" 2>/dev/null; then
+            test_framework="$test_framework playwright"
+        fi
+    fi
+
+    if [ -f "$target_path/pyproject.toml" ]; then
+        config_files="$config_files pyproject.toml"
+        languages="$languages Python"
+        package_manager="pip/poetry"
+        if grep -q "django" "$target_path/pyproject.toml" 2>/dev/null; then
+            frameworks="$frameworks Django"
+        fi
+        if grep -q "flask" "$target_path/pyproject.toml" 2>/dev/null; then
+            frameworks="$frameworks Flask"
+        fi
+        if grep -q "fastapi" "$target_path/pyproject.toml" 2>/dev/null; then
+            frameworks="$frameworks FastAPI"
+        fi
+        if grep -q "pytest" "$target_path/pyproject.toml" 2>/dev/null; then
+            test_framework="$test_framework pytest"
+        fi
+    fi
+
+    if [ -f "$target_path/setup.py" ] || [ -f "$target_path/setup.cfg" ]; then
+        config_files="$config_files setup.py"
+        languages="$languages Python"
+        [ -z "$package_manager" ] && package_manager="pip"
+    fi
+
+    if [ -f "$target_path/requirements.txt" ]; then
+        config_files="$config_files requirements.txt"
+        languages="$languages Python"
+        [ -z "$package_manager" ] && package_manager="pip"
+    fi
+
+    if [ -f "$target_path/Cargo.toml" ]; then
+        config_files="$config_files Cargo.toml"
+        languages="$languages Rust"
+        package_manager="cargo"
+        build_system="cargo"
+        test_framework="$test_framework cargo-test"
+    fi
+
+    if [ -f "$target_path/go.mod" ]; then
+        config_files="$config_files go.mod"
+        languages="$languages Go"
+        package_manager="go-modules"
+        build_system="go"
+        test_framework="$test_framework go-test"
+    fi
+
+    if [ -f "$target_path/Gemfile" ]; then
+        config_files="$config_files Gemfile"
+        languages="$languages Ruby"
+        package_manager="bundler"
+        if grep -q "rails" "$target_path/Gemfile" 2>/dev/null; then
+            frameworks="$frameworks Rails"
+        fi
+        if grep -q "rspec" "$target_path/Gemfile" 2>/dev/null; then
+            test_framework="$test_framework rspec"
+        fi
+    fi
+
+    if [ -f "$target_path/pom.xml" ]; then
+        config_files="$config_files pom.xml"
+        languages="$languages Java"
+        build_system="maven"
+        package_manager="maven"
+    fi
+
+    if [ -f "$target_path/build.gradle" ] || [ -f "$target_path/build.gradle.kts" ]; then
+        config_files="$config_files build.gradle"
+        languages="$languages Java/Kotlin"
+        build_system="gradle"
+        package_manager="gradle"
+    fi
+
+    if [ -f "$target_path/Makefile" ]; then
+        config_files="$config_files Makefile"
+        [ -z "$build_system" ] && build_system="make"
+    fi
+
+    if [ -f "$target_path/CMakeLists.txt" ]; then
+        config_files="$config_files CMakeLists.txt"
+        languages="$languages C/C++"
+        build_system="cmake"
+    fi
+
+    # Detect shell scripts
+    local shell_count=0
+    shell_count=$(find "$target_path" -maxdepth 2 -name "*.sh" -type f 2>/dev/null | wc -l | tr -d ' ')
+    if [ "$shell_count" -gt 0 ]; then
+        languages="$languages Bash"
+    fi
+
+    # Deduplicate languages
+    languages=$(echo "$languages" | tr ' ' '\n' | sort -u | tr '\n' ' ' | sed 's/^ *//;s/ *$//')
+    frameworks=$(echo "$frameworks" | tr ' ' '\n' | sort -u | tr '\n' ' ' | sed 's/^ *//;s/ *$//')
+    test_framework=$(echo "$test_framework" | tr ' ' '\n' | sort -u | tr '\n' ' ' | sed 's/^ *//;s/ *$//')
+
+    # --- Detect CI/CD ---
+    local ci_system=""
+    if [ -d "$target_path/.github/workflows" ]; then
+        ci_system="GitHub Actions"
+    fi
+    if [ -f "$target_path/.gitlab-ci.yml" ]; then
+        ci_system="$ci_system GitLab CI"
+    fi
+    if [ -f "$target_path/Jenkinsfile" ]; then
+        ci_system="$ci_system Jenkins"
+    fi
+    if [ -f "$target_path/.circleci/config.yml" ]; then
+        ci_system="$ci_system CircleCI"
+    fi
+    if [ -f "$target_path/.travis.yml" ]; then
+        ci_system="$ci_system Travis CI"
+    fi
+
+    # --- Read README ---
+    local readme_content=""
+    local readme_file=""
+    for f in README.md readme.md README.rst README README.txt; do
+        if [ -f "$target_path/$f" ]; then
+            readme_file="$f"
+            readme_content=$(head -50 "$target_path/$f" 2>/dev/null || true)
+            break
+        fi
+    done
+
+    # Extract first meaningful line from README as description fallback
+    if [ -z "$project_description" ] && [ -n "$readme_content" ]; then
+        project_description=$(echo "$readme_content" | grep -v '^#' | grep -v '^$' | grep -v '^\[' | grep -v '^!' | head -1 | sed 's/^ *//')
+    fi
+
+    # --- Build directory tree ---
+    local tree_output=""
+    if command -v git &>/dev/null && [ -d "$target_path/.git" ]; then
+        # Use git ls-files for accurate tree (respects .gitignore)
+        tree_output=$(cd "$target_path" && git ls-files 2>/dev/null | head -200 || true)
+    else
+        # Fallback: find with common excludions
+        tree_output=$(find "$target_path" -maxdepth 4 -type f \
+            -not -path '*/node_modules/*' \
+            -not -path '*/.git/*' \
+            -not -path '*/vendor/*' \
+            -not -path '*/__pycache__/*' \
+            -not -path '*/dist/*' \
+            -not -path '*/build/*' \
+            -not -path '*/.next/*' \
+            -not -path '*/target/*' \
+            2>/dev/null | sed "s|$target_path/||" | sort | head -200)
+    fi
+
+    # Categorize files
+    local src_files=""
+    local test_files=""
+    local doc_files=""
+    local config_file_list=""
+    local ci_files=""
+    local other_files=""
+
+    while IFS= read -r file; do
+        [ -z "$file" ] && continue
+        case "$file" in
+            *.test.*|*.spec.*|*_test.*|*_spec.*|tests/*|test/*|__tests__/*|spec/*)
+                test_files="$test_files $file"
+                ;;
+            *.md|*.rst|*.txt|docs/*|doc/*|wiki/*)
+                doc_files="$doc_files $file"
+                ;;
+            .github/*|.gitlab-ci*|.circleci/*|Jenkinsfile|.travis*)
+                ci_files="$ci_files $file"
+                ;;
+            package.json|pyproject.toml|Cargo.toml|go.mod|Gemfile|pom.xml|build.gradle*|Makefile|CMakeLists.txt|*.toml|*.cfg|*.ini|*.yml|*.yaml|Dockerfile*|docker-compose*|.env*|.eslint*|.prettier*|tsconfig*|jest.config*|vitest.config*)
+                config_file_list="$config_file_list $file"
+                ;;
+            *.js|*.ts|*.tsx|*.jsx|*.py|*.rs|*.go|*.rb|*.java|*.kt|*.c|*.cpp|*.h|*.hpp|*.sh|*.swift|*.cs|*.php|*.lua|*.zig|*.el|*.clj)
+                src_files="$src_files $file"
+                ;;
+            *)
+                other_files="$other_files $file"
+                ;;
+        esac
+    done <<< "$tree_output"
+
+    local src_count=$(echo "$src_files" | wc -w | tr -d ' ')
+    local test_count=$(echo "$test_files" | wc -w | tr -d ' ')
+    local doc_count=$(echo "$doc_files" | wc -w | tr -d ' ')
+
+    # --- Depth 2+: Analyze source files ---
+    local key_exports=""
+    local key_functions=""
+    local key_classes=""
+
+    if [ "$depth" -ge 2 ]; then
+        if [ "$use_stdout" = true ]; then
+            log_info "Depth 2: Scanning source files for exports, functions, classes..." >&2
+        else
+            log_info "Depth 2: Scanning source files for exports, functions, classes..."
+        fi
+
+        for src_file in $src_files; do
+            [ ! -f "$target_path/$src_file" ] && continue
+            local file_lines
+            file_lines=$(wc -l < "$target_path/$src_file" 2>/dev/null | tr -d ' ')
+
+            # Only scan files under 2000 lines for performance
+            [ "$file_lines" -gt 2000 ] && continue
+
+            local file_ext="${src_file##*.}"
+            case "$file_ext" in
+                js|ts|tsx|jsx)
+                    # Find exported functions/classes
+                    local exports
+                    exports=$(grep -n "^export " "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$exports" ]; then
+                        key_exports="$key_exports
+$src_file:
+$exports"
+                    fi
+                    ;;
+                py)
+                    # Find class and function definitions
+                    local classes
+                    classes=$(grep -n "^class " "$target_path/$src_file" 2>/dev/null | head -5 || true)
+                    local funcs
+                    funcs=$(grep -n "^def \|^async def " "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$classes" ]; then
+                        key_classes="$key_classes
+$src_file:
+$classes"
+                    fi
+                    if [ -n "$funcs" ]; then
+                        key_functions="$key_functions
+$src_file:
+$funcs"
+                    fi
+                    ;;
+                go)
+                    local funcs
+                    funcs=$(grep -n "^func " "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$funcs" ]; then
+                        key_functions="$key_functions
+$src_file:
+$funcs"
+                    fi
+                    ;;
+                rs)
+                    local funcs
+                    funcs=$(grep -n "^pub fn \|^pub async fn " "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$funcs" ]; then
+                        key_functions="$key_functions
+$src_file:
+$funcs"
+                    fi
+                    ;;
+                sh)
+                    local funcs
+                    funcs=$(grep -n "^[a-zA-Z_][a-zA-Z_0-9]*() {" "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$funcs" ]; then
+                        key_functions="$key_functions
+$src_file:
+$funcs"
+                    fi
+                    ;;
+                rb)
+                    local classes
+                    classes=$(grep -n "^class " "$target_path/$src_file" 2>/dev/null | head -5 || true)
+                    local funcs
+                    funcs=$(grep -n "^  def " "$target_path/$src_file" 2>/dev/null | head -10 || true)
+                    if [ -n "$classes" ]; then
+                        key_classes="$key_classes
+$src_file:
+$classes"
+                    fi
+                    if [ -n "$funcs" ]; then
+                        key_functions="$key_functions
+$src_file:
+$funcs"
+                    fi
+                    ;;
+                java|kt)
+                    local classes
+                    classes=$(grep -n "^public class \|^class \|^data class " "$target_path/$src_file" 2>/dev/null | head -5 || true)
+                    if [ -n "$classes" ]; then
+                        key_classes="$key_classes
+$src_file:
+$classes"
+                    fi
+                    ;;
+            esac
+        done
+    fi
+
+    # --- Depth 3: Dependency analysis ---
+    local dep_graph=""
+
+    if [ "$depth" -ge 3 ]; then
+        if [ "$use_stdout" = true ]; then
+            log_info "Depth 3: Analyzing imports and dependencies..." >&2
+        else
+            log_info "Depth 3: Analyzing imports and dependencies..."
+        fi
+
+        for src_file in $src_files; do
+            [ ! -f "$target_path/$src_file" ] && continue
+            local file_lines
+            file_lines=$(wc -l < "$target_path/$src_file" 2>/dev/null | tr -d ' ')
+            [ "$file_lines" -gt 2000 ] && continue
+
+            local imports=""
+            local file_ext="${src_file##*.}"
+            case "$file_ext" in
+                js|ts|tsx|jsx)
+                    imports=$(grep "^import " "$target_path/$src_file" 2>/dev/null | grep -v "node_modules" | head -15 || true)
+                    ;;
+                py)
+                    imports=$(grep "^import \|^from " "$target_path/$src_file" 2>/dev/null | head -15 || true)
+                    ;;
+                go)
+                    imports=$(sed -n '/^import (/,/^)/p' "$target_path/$src_file" 2>/dev/null | grep -v '^import\|^)' | head -15 || true)
+                    ;;
+                rs)
+                    imports=$(grep "^use " "$target_path/$src_file" 2>/dev/null | head -15 || true)
+                    ;;
+            esac
+
+            if [ -n "$imports" ]; then
+                dep_graph="$dep_graph
+$src_file:
+$imports"
+            fi
+        done
+    fi
+
+    # --- Detect build/run/test commands ---
+    local build_cmd=""
+    local run_cmd=""
+    local test_cmd=""
+
+    if [ -f "$target_path/package.json" ]; then
+        if command -v python3 &>/dev/null; then
+            local scripts_json
+            scripts_json=$(python3 -c "
+import json
+try:
+    d = json.load(open('$target_path/package.json'))
+    s = d.get('scripts', {})
+    for k in ['build', 'dev', 'start', 'test', 'lint', 'format', 'check', 'typecheck']:
+        if k in s:
+            print(f'{k}: {s[k]}')
+except: pass
+" 2>/dev/null || true)
+            if echo "$scripts_json" | grep -q "^build:"; then
+                build_cmd="${package_manager:-npm} run build"
+            fi
+            if echo "$scripts_json" | grep -q "^dev:"; then
+                run_cmd="${package_manager:-npm} run dev"
+            elif echo "$scripts_json" | grep -q "^start:"; then
+                run_cmd="${package_manager:-npm} start"
+            fi
+            if echo "$scripts_json" | grep -q "^test:"; then
+                test_cmd="${package_manager:-npm} test"
+            fi
+        fi
+    fi
+
+    if [ -f "$target_path/Makefile" ]; then
+        [ -z "$build_cmd" ] && build_cmd="make"
+        if grep -q "^test:" "$target_path/Makefile" 2>/dev/null; then
+            [ -z "$test_cmd" ] && test_cmd="make test"
+        fi
+        if grep -q "^run:" "$target_path/Makefile" 2>/dev/null; then
+            [ -z "$run_cmd" ] && run_cmd="make run"
+        fi
+    fi
+
+    if [ -f "$target_path/Cargo.toml" ]; then
+        build_cmd="cargo build"
+        run_cmd="cargo run"
+        test_cmd="cargo test"
+    fi
+
+    if [ -f "$target_path/go.mod" ]; then
+        build_cmd="go build ./..."
+        run_cmd="go run ."
+        test_cmd="go test ./..."
+    fi
+
+    if [ -f "$target_path/pyproject.toml" ]; then
+        if grep -q '\[tool.pytest' "$target_path/pyproject.toml" 2>/dev/null; then
+            test_cmd="pytest"
+        fi
+        if grep -q '\[tool.poetry' "$target_path/pyproject.toml" 2>/dev/null; then
+            build_cmd="poetry build"
+            run_cmd="poetry run python -m ${project_name}"
+        fi
+    fi
+
+    # --- Generate output ---
+    local output=""
+
+    if [ "$format" = "json" ]; then
+        # JSON output
+        output=$(cat <<ENDJSON
+{
+  "project": {
+    "name": "$project_name",
+    "description": $(python3 -c "import json; print(json.dumps('$project_description'))" 2>/dev/null || echo "\"$project_description\""),
+    "version": "$project_version",
+    "path": "$target_path"
+  },
+  "languages": "$(echo $languages | sed 's/  */ /g')",
+  "frameworks": "$(echo $frameworks | sed 's/  */ /g')",
+  "build_system": "$build_system",
+  "package_manager": "$package_manager",
+  "test_framework": "$(echo $test_framework | sed 's/  */ /g')",
+  "ci": "$(echo $ci_system | sed 's/  */ /g')",
+  "files": {
+    "source": $src_count,
+    "test": $test_count,
+    "docs": $doc_count
+  },
+  "commands": {
+    "build": "$build_cmd",
+    "run": "$run_cmd",
+    "test": "$test_cmd"
+  },
+  "depth": $depth
+}
+ENDJSON
+)
+    elif [ "$format" = "yaml" ]; then
+        # YAML output
+        output=$(cat <<ENDYAML
+project:
+  name: $project_name
+  description: "$project_description"
+  version: "$project_version"
+  path: $target_path
+languages: $languages
+frameworks: $frameworks
+build_system: $build_system
+package_manager: $package_manager
+test_framework: $(echo $test_framework | sed 's/  */ /g')
+ci: $(echo $ci_system | sed 's/  */ /g')
+files:
+  source: $src_count
+  test: $test_count
+  docs: $doc_count
+commands:
+  build: "$build_cmd"
+  run: "$run_cmd"
+  test: "$test_cmd"
+depth: $depth
+ENDYAML
+)
+    else
+        # Markdown output (CLAUDE.md format)
+        output="# $project_name"
+        [ -n "$project_description" ] && output="$output
+
+$project_description"
+        [ -n "$project_version" ] && output="$output
+
+Version: $project_version"
+
+        output="$output
+
+## Overview
+
+| Property | Value |
+|----------|-------|
+| Languages | ${languages:-N/A} |
+| Frameworks | ${frameworks:-N/A} |
+| Build System | ${build_system:-N/A} |
+| Package Manager | ${package_manager:-N/A} |
+| Test Framework | ${test_framework:-N/A} |
+| CI/CD | ${ci_system:-N/A} |"
+
+        # Commands section
+        if [ -n "$build_cmd" ] || [ -n "$run_cmd" ] || [ -n "$test_cmd" ]; then
+            output="$output
+
+## Commands
+
+\`\`\`bash"
+            [ -n "$build_cmd" ] && output="$output
+# Build
+$build_cmd"
+            [ -n "$run_cmd" ] && output="$output
+
+# Run
+$run_cmd"
+            [ -n "$test_cmd" ] && output="$output
+
+# Test
+$test_cmd"
+            output="$output
+\`\`\`"
+        fi
+
+        # Project structure
+        output="$output
+
+## Project Structure
+
+Files: $src_count source, $test_count test, $doc_count docs"
+
+        # Show directory structure (top-level)
+        local top_dirs
+        top_dirs=$(echo "$tree_output" | sed 's|/.*||' | sort -u | head -30)
+        if [ -n "$top_dirs" ]; then
+            output="$output
+
+\`\`\`"
+            while IFS= read -r dir; do
+                [ -z "$dir" ] && continue
+                if [ -d "$target_path/$dir" ]; then
+                    # Count files in directory
+                    local dir_count
+                    dir_count=$(echo "$tree_output" | grep "^${dir}/" | wc -l | tr -d ' ')
+                    output="$output
+$dir/    ($dir_count files)"
+                else
+                    output="$output
+$dir"
+                fi
+            done <<< "$top_dirs"
+            output="$output
+\`\`\`"
+        fi
+
+        # Key files
+        if [ -n "$config_file_list" ]; then
+            output="$output
+
+## Key Files
+"
+            for cf in $config_file_list; do
+                output="$output
+- \`$cf\`"
+            done
+        fi
+
+        if [ -n "$entry_points" ]; then
+            output="$output
+
+## Entry Points
+
+\`\`\`
+$entry_points
+\`\`\`"
+        fi
+
+        # Depth 2+: exports, functions, classes
+        if [ "$depth" -ge 2 ]; then
+            if [ -n "$key_classes" ]; then
+                output="$output
+
+## Key Classes
+\`\`\`
+$key_classes
+\`\`\`"
+            fi
+
+            if [ -n "$key_functions" ]; then
+                output="$output
+
+## Key Functions
+\`\`\`
+$key_functions
+\`\`\`"
+            fi
+
+            if [ -n "$key_exports" ]; then
+                output="$output
+
+## Exports
+\`\`\`
+$key_exports
+\`\`\`"
+            fi
+        fi
+
+        # Depth 3: dependency graph
+        if [ "$depth" -ge 3 ] && [ -n "$dep_graph" ]; then
+            output="$output
+
+## Dependency Graph (Imports)
+\`\`\`
+$dep_graph
+\`\`\`"
+        fi
+
+        # CI/CD section
+        if [ -n "$ci_system" ] && [ -n "$ci_files" ]; then
+            output="$output
+
+## CI/CD ($ci_system)
+"
+            for cf in $ci_files; do
+                output="$output
+- \`$cf\`"
+            done
+        fi
+
+        # Architecture notes from README
+        if [ -n "$readme_file" ]; then
+            output="$output
+
+## Documentation
+
+See \`$readme_file\` for project documentation."
+        fi
+
+        output="$output
+
+---
+Generated by loki onboard (depth $depth) on $(date +%Y-%m-%d)"
+    fi
+
+    # --- Output ---
+    if [ "$use_stdout" = true ]; then
+        echo "$output"
+        return 0
+    fi
+
+    # Determine output path
+    if [ -z "$output_path" ]; then
+        output_path="$target_path/.claude/CLAUDE.md"
+    fi
+
+    # Handle update mode
+    if [ "$update_mode" = true ] && [ -f "$output_path" ]; then
+        local timestamp
+        timestamp=$(date +%Y-%m-%d)
+        local update_marker="## Updated: $timestamp"
+        # Append new findings after a separator
+        {
+            cat "$output_path"
+            echo ""
+            echo "---"
+            echo ""
+            echo "$update_marker"
+            echo ""
+            echo "$output"
+        } > "${output_path}.tmp"
+        mv "${output_path}.tmp" "$output_path"
+        log_info "Updated: $output_path"
+        return 0
+    fi
+
+    # Create directory and write
+    local output_dir
+    output_dir=$(dirname "$output_path")
+    mkdir -p "$output_dir"
+
+    echo "$output" > "$output_path"
+    log_info "Generated: $output_path"
+    log_info "Project: $project_name | $src_count source files | $test_count tests | $doc_count docs"
+
+    if [ -n "$languages" ]; then
+        log_info "Languages: $languages"
+    fi
+    if [ -n "$frameworks" ]; then
+        log_info "Frameworks: $frameworks"
+    fi
+}
+
+# CI/CD quality gate integration (v6.22.0)
+cmd_ci() {
+    local ci_pr=false
+    local ci_test_suggest=false
+    local ci_report=false
+    local ci_github_comment=false
+    local ci_fail_on=""
+    local ci_format="markdown"
+
+    while [[ $# -gt 0 ]]; do
+        case "$1" in
+            --help|-h)
+                echo -e "${BOLD}loki ci${NC} - CI/CD quality gate integration"
+                echo ""
+                echo "Usage: loki ci [options]"
+                echo ""
+                echo "Runs Loki Mode quality gates as a CI step. Works with GitHub Actions,"
+                echo "GitLab CI, Jenkins, CircleCI, and other CI systems."
+                echo ""
+                echo "Modes:"
+                echo "  --pr                 Review the current PR diff with all quality gates"
+                echo "  --test-suggest       Generate test suggestions for changed files"
+                echo "  --report             Generate a quality report"
+                echo ""
+                echo "Options:"
+                echo "  --github-comment     Post review results as PR comment (needs GITHUB_TOKEN)"
+                echo "  --fail-on <levels>   Set exit code 1 on severity: critical,high,medium,low"
+                echo "  --format <fmt>       Output format: json, markdown, github (default: markdown)"
+                echo "  --help, -h           Show this help"
+                echo ""
+                echo "Exit codes:"
+                echo "  0  All checks passed (or below --fail-on threshold)"
+                echo "  1  Findings exceed --fail-on threshold"
+                echo "  2  Error (missing tools, invalid arguments)"
+                echo ""
+                echo "Environment variables (auto-detected):"
+                echo "  GITHUB_ACTIONS       Detected when running in GitHub Actions"
+                echo "  GITLAB_CI            Detected when running in GitLab CI"
+                echo "  JENKINS_URL          Detected when running in Jenkins"
+                echo "  CIRCLECI             Detected when running in CircleCI"
+                echo "  GITHUB_TOKEN         Required for --github-comment"
+                echo "  GITHUB_EVENT_PATH    Auto-set in GitHub Actions for PR context"
+                echo ""
+                echo "Examples:"
+                echo "  loki ci --pr --format json              # Review PR diff as JSON"
+                echo "  loki ci --pr --fail-on critical,high    # Fail CI on critical/high findings"
+                echo "  loki ci --pr --github-comment           # Post results as PR comment"
+                echo "  loki ci --report --format markdown      # Generate quality report"
+                echo "  loki ci --test-suggest                  # Suggest tests for changed files"
+                echo ""
+                echo "GitHub Actions example:"
+                echo "  - uses: asklokesh/loki-mode-action@v1"
+                echo "    with:"
+                echo "      command: loki ci --pr --github-comment --fail-on critical"
+                return 0
+                ;;
+            --pr) ci_pr=true; shift ;;
+            --test-suggest) ci_test_suggest=true; shift ;;
+            --report) ci_report=true; shift ;;
+            --github-comment) ci_github_comment=true; shift ;;
+            --fail-on)
+                shift
+                ci_fail_on="${1:-}"
+                if [ -z "$ci_fail_on" ]; then
+                    echo -e "${RED}Error: --fail-on requires severity levels (e.g., critical,high)${NC}"
+                    return 2
+                fi
+                ci_fail_on="$(echo "$ci_fail_on" | tr '[:upper:]' '[:lower:]')"
+                shift
+                ;;
+            --format)
+                shift
+                ci_format="${1:-markdown}"
+                ci_format="$(echo "$ci_format" | tr '[:upper:]' '[:lower:]')"
+                if [[ "$ci_format" != "json" && "$ci_format" != "markdown" && "$ci_format" != "github" ]]; then
+                    echo -e "${RED}Error: --format must be json, markdown, or github${NC}"
+                    return 2
+                fi
+                shift
+                ;;
+            -*) echo -e "${RED}Unknown option: $1${NC}"; return 2 ;;
+            *) echo -e "${RED}Unknown argument: $1${NC}"; return 2 ;;
+        esac
+    done
+
+    # If no mode specified, default to --pr --report
+    if [ "$ci_pr" = false ] && [ "$ci_test_suggest" = false ] && [ "$ci_report" = false ]; then
+        ci_pr=true
+        ci_report=true
+    fi
+
+    # --- Detect CI environment ---
+    local ci_env="local"
+    local ci_pr_number=""
+    local ci_base_branch="main"
+    local ci_repo=""
+
+    if [ -n "${GITHUB_ACTIONS:-}" ]; then
+        ci_env="github"
+        ci_repo="${GITHUB_REPOSITORY:-}"
+        ci_base_branch="${GITHUB_BASE_REF:-main}"
+        # Extract PR number from GITHUB_EVENT_PATH
+        if [ -n "${GITHUB_EVENT_PATH:-}" ] && [ -f "${GITHUB_EVENT_PATH:-}" ]; then
+            ci_pr_number=$(python3 -c "
+import json, sys
+try:
+    with open('${GITHUB_EVENT_PATH}') as f:
+        event = json.load(f)
+    pr = event.get('pull_request', event.get('number', ''))
+    if isinstance(pr, dict):
+        print(pr.get('number', ''))
+    else:
+        print(pr)
+except Exception:
+    print('')
+" 2>/dev/null || echo "")
+        fi
+        # Fallback: GITHUB_REF_NAME for PR refs like refs/pull/123/merge
+        if [ -z "$ci_pr_number" ] && [[ "${GITHUB_REF:-}" == refs/pull/*/merge ]]; then
+            ci_pr_number=$(echo "${GITHUB_REF}" | sed 's|refs/pull/\([0-9]*\)/merge|\1|')
+        fi
+    elif [ -n "${GITLAB_CI:-}" ]; then
+        ci_env="gitlab"
+        ci_pr_number="${CI_MERGE_REQUEST_IID:-}"
+        ci_base_branch="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-main}"
+        ci_repo="${CI_PROJECT_PATH:-}"
+    elif [ -n "${JENKINS_URL:-}" ]; then
+        ci_env="jenkins"
+        ci_pr_number="${CHANGE_ID:-}"
+        ci_base_branch="${CHANGE_TARGET:-main}"
+    elif [ -n "${CIRCLECI:-}" ]; then
+        ci_env="circleci"
+        ci_pr_number="${CIRCLE_PULL_REQUEST##*/}"
+        ci_repo="${CIRCLE_PROJECT_USERNAME:-}/${CIRCLE_PROJECT_REPONAME:-}"
+    fi
+
+    # --- Gather diff ---
+    local diff_content=""
+    local changed_files=""
+
+    if [ "$ci_pr" = true ] || [ "$ci_test_suggest" = true ] || [ "$ci_report" = true ]; then
+        if [ -n "$ci_pr_number" ] && command -v gh &>/dev/null && [ "$ci_env" = "github" ]; then
+            diff_content=$(gh pr diff "$ci_pr_number" 2>/dev/null || echo "")
+            changed_files=$(gh pr diff "$ci_pr_number" --name-only 2>/dev/null || echo "")
+        fi
+
+        # Fallback: git diff against base branch
+        if [ -z "$diff_content" ]; then
+            # Fetch base branch if in CI
+            if [ "$ci_env" != "local" ]; then
+                git fetch origin "$ci_base_branch" --depth=1 2>/dev/null || true
+            fi
+            diff_content=$(git diff "origin/${ci_base_branch}...HEAD" 2>/dev/null || git diff HEAD~1 2>/dev/null || git diff HEAD 2>/dev/null || echo "")
+            changed_files=$(git diff --name-only "origin/${ci_base_branch}...HEAD" 2>/dev/null || git diff --name-only HEAD~1 2>/dev/null || git diff --name-only HEAD 2>/dev/null || echo "")
+        fi
+
+        if [ -z "$diff_content" ]; then
+            if [ "$ci_format" = "json" ]; then
+                echo '{"status":"skip","message":"No changes to review","ci_environment":"'"$ci_env"'","pr_number":"'"$ci_pr_number"'","findings":[],"summary":{"critical":0,"high":0,"medium":0,"low":0,"info":0,"total":0},"exit_code":0}'
+            else
+                echo -e "${GREEN}No changes to review.${NC}"
+            fi
+            return 0
+        fi
+    fi
+
+    # --- Severity helpers ---
+    _ci_sev_level() {
+        case "$1" in
+            CRITICAL) echo 5 ;;
+            HIGH) echo 4 ;;
+            MEDIUM) echo 3 ;;
+            LOW) echo 2 ;;
+            INFO) echo 1 ;;
+            *) echo 0 ;;
+        esac
+    }
+
+    # Parse --fail-on into a minimum severity threshold
+    local fail_threshold=99  # Default: never fail
+    if [ -n "$ci_fail_on" ]; then
+        # Take the lowest severity from the comma-separated list
+        IFS=',' read -ra fail_levels <<< "$ci_fail_on"
+        for level in "${fail_levels[@]}"; do
+            level=$(echo "$level" | tr -d ' ' | tr '[:lower:]' '[:upper:]')
+            local level_num
+            level_num=$(_ci_sev_level "$level")
+            if [ "$level_num" -gt 0 ] && [ "$level_num" -lt "$fail_threshold" ]; then
+                fail_threshold=$level_num
+            fi
+        done
+    fi
+
+    # --- Run quality gates (reuses cmd_review logic) ---
+    local findings=()
+    local has_critical=false
+    local has_high=false
+
+    _ci_add_finding() {
+        local file="$1" line="$2" sev="$3" cat="$4" finding="$5" suggestion="$6"
+        findings+=("${file}|${line}|${sev}|${cat}|${finding}|${suggestion}")
+        [ "$sev" = "CRITICAL" ] && has_critical=true || true
+        [ "$sev" = "HIGH" ] && has_high=true || true
+    }
+
+    # Gate 1: Static Analysis - shellcheck
+    if command -v shellcheck &>/dev/null; then
+        local shell_files_ci
+        shell_files_ci=$(echo "$changed_files" | grep -E '\.(sh|bash)$' || true)
+        if [ -n "$shell_files_ci" ]; then
+            while IFS= read -r sf; do
+                [ -z "$sf" ] && continue
+                [ ! -f "$sf" ] && continue
+                local sc_out
+                sc_out=$(shellcheck -f gcc "$sf" 2>/dev/null || true)
+                while IFS= read -r sc_line; do
+                    [ -z "$sc_line" ] && continue
+                    local sc_file sc_lineno sc_sev sc_msg
+                    sc_file=$(echo "$sc_line" | cut -d: -f1)
+                    sc_lineno=$(echo "$sc_line" | cut -d: -f2)
+                    sc_sev=$(echo "$sc_line" | sed -n 's/.*: \(warning\|error\|note\|info\):.*/\1/p')
+                    sc_msg=$(echo "$sc_line" | sed 's/.*: \(warning\|error\|note\|info\): //')
+                    local mapped_sev="LOW"
+                    case "$sc_sev" in
+                        error) mapped_sev="HIGH" ;;
+                        warning) mapped_sev="MEDIUM" ;;
+                        *) mapped_sev="LOW" ;;
+                    esac
+                    _ci_add_finding "$sc_file" "$sc_lineno" "$mapped_sev" "static-analysis" "$sc_msg" "Fix shellcheck finding"
+                done <<< "$sc_out"
+            done <<< "$shell_files_ci"
+        fi
+    fi
+
+    # Gate 1b: Static Analysis - eslint
+    if command -v npx &>/dev/null; then
+        local js_files_ci
+        js_files_ci=$(echo "$changed_files" | grep -E '\.(js|ts|jsx|tsx)$' || true)
+        if [ -n "$js_files_ci" ]; then
+            while IFS= read -r jsf; do
+                [ -z "$jsf" ] && continue
+                [ ! -f "$jsf" ] && continue
+                if [ -f ".eslintrc.js" ] || [ -f ".eslintrc.json" ] || [ -f "eslint.config.js" ] || [ -f "eslint.config.mjs" ]; then
+                    local eslint_out
+                    eslint_out=$(npx eslint --format compact "$jsf" 2>/dev/null || true)
+                    while IFS= read -r el; do
+                        [ -z "$el" ] && continue
+                        [[ "$el" == *"problem"* ]] && continue
+                        local el_file el_line el_msg
+                        el_file=$(echo "$el" | cut -d: -f1)
+                        el_line=$(echo "$el" | cut -d: -f2)
+                        el_msg=$(echo "$el" | sed 's/^[^)]*) //')
+                        local el_sev="LOW"
+                        [[ "$el" == *"Error"* ]] && el_sev="MEDIUM"
+                        _ci_add_finding "$el_file" "$el_line" "$el_sev" "static-analysis" "$el_msg" "Fix eslint finding"
+                    done <<< "$eslint_out"
+                fi
+            done <<< "$js_files_ci"
+        fi
+    fi
+
+    # Gate 2: Security Scan
+    _ci_scan() {
+        local pattern="$1" sev="$2" cat="$3" finding="$4" suggestion="$5"
+        while IFS= read -r match; do
+            [ -z "$match" ] && continue
+            local ml
+            ml=$(echo "$match" | cut -d: -f1)
+            _ci_add_finding "diff" "$ml" "$sev" "$cat" "$finding" "$suggestion"
+        done < <(echo "$diff_content" | grep -nE "$pattern" 2>/dev/null || true)
+    }
+
+    # Hardcoded secrets
+    local ci_secret_patterns=(
+        'API_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'SECRET_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'PASSWORD\s*[=:]\s*["\x27][^\x27"]{4,}'
+        'PRIVATE_KEY\s*[=:]\s*["\x27][A-Za-z0-9+/=_-]{8,}'
+        'AWS_ACCESS_KEY_ID\s*[=:]\s*["\x27]AK[A-Z0-9]{18}'
+        'ghp_[A-Za-z0-9]{36}'
+        'sk-[A-Za-z0-9]{32,}'
+        'Bearer\s+[A-Za-z0-9._-]{20,}'
+    )
+    for pattern in "${ci_secret_patterns[@]}"; do
+        _ci_scan "$pattern" "CRITICAL" "security" \
+            "Potential hardcoded secret detected" \
+            "Use environment variables or a secrets manager"
+    done
+
+    # SQL injection
+    _ci_scan '(SELECT|INSERT|UPDATE|DELETE|DROP)\s.*\+\s*(req\.|request\.|params\.|user)' \
+        "HIGH" "security" \
+        "Potential SQL injection: string concatenation in query" \
+        "Use parameterized queries or prepared statements"
+
+    # eval/exec
+    _ci_scan '(^|\s)(eval|exec)\s*\(' \
+        "HIGH" "security" \
+        "Dangerous eval/exec usage detected" \
+        "Avoid eval/exec with dynamic input"
+
+    # Unsafe deserialization
+    _ci_scan '(pickle\.loads?|yaml\.load\s*\()' \
+        "HIGH" "security" \
+        "Unsafe deserialization detected" \
+        "Use yaml.safe_load or avoid pickle with untrusted data"
+
+    # Disabled SSL
+    _ci_scan '(verify\s*=\s*False|VERIFY_SSL\s*=\s*False|NODE_TLS_REJECT_UNAUTHORIZED.*0|rejectUnauthorized.*false)' \
+        "HIGH" "security" \
+        "SSL verification disabled" \
+        "Enable SSL verification in production"
+
+    # Gate 3: Anti-patterns
+    _ci_scan 'console\.(log|debug)\(' "LOW" "anti-pattern" \
+        "console.log/debug statement found" \
+        "Remove debug logging or use a proper logger"
+
+    _ci_scan 'except\s*:' "MEDIUM" "anti-pattern" \
+        "Bare except clause" \
+        "Catch specific exceptions"
+
+    # Gate 4: TODO/FIXME markers in new code
+    _ci_scan '^\+.*\b(TODO|FIXME|HACK|XXX):' "INFO" "style" \
+        "TODO/FIXME marker in new code" \
+        "Track in issue tracker"
+
+    # --- Test suggestions ---
+    local test_suggestions=""
+    if [ "$ci_test_suggest" = true ] && [ -n "$changed_files" ]; then
+        test_suggestions=$(python3 << 'TEST_SUGGEST_PY'
+import sys, os
+
+changed = os.environ.get("LOKI_CI_CHANGED_FILES", "").strip().split("\n")
+suggestions = []
+
+for f in changed:
+    f = f.strip()
+    if not f:
+        continue
+
+    base = os.path.basename(f)
+    name, ext = os.path.splitext(base)
+    dirpath = os.path.dirname(f)
+
+    # Skip test files themselves
+    if "test" in name.lower() or "spec" in name.lower():
+        continue
+    # Skip non-code files
+    if ext not in (".py", ".js", ".ts", ".jsx", ".tsx", ".sh", ".bash", ".go", ".rs", ".rb"):
+        continue
+
+    # Suggest test file paths based on language conventions
+    if ext == ".py":
+        test_path = os.path.join(dirpath, f"test_{name}.py")
+        alt_path = os.path.join("tests", f"test_{name}.py")
+        suggestions.append({"file": f, "test_file": test_path, "alt_test_file": alt_path,
+                          "framework": "pytest", "hint": f"Add unit tests for {name} module"})
+    elif ext in (".js", ".ts", ".jsx", ".tsx"):
+        test_ext = ext.replace(".ts", ".test.ts").replace(".js", ".test.js").replace(".tsx", ".test.tsx").replace(".jsx", ".test.jsx")
+        if test_ext == ext:
+            test_ext = f".test{ext}"
+        test_path = os.path.join(dirpath, f"{name}{test_ext}")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "jest/vitest", "hint": f"Add tests for {name} component/module"})
+    elif ext in (".sh", ".bash"):
+        test_path = os.path.join("tests", f"test-{name}.sh")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "bash", "hint": f"Add shell tests for {name}"})
+    elif ext == ".go":
+        test_path = os.path.join(dirpath, f"{name}_test.go")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "go test", "hint": f"Add Go tests for {name}"})
+    elif ext == ".rs":
+        suggestions.append({"file": f, "test_file": f"{f} (mod tests)",
+                          "framework": "cargo test", "hint": f"Add #[cfg(test)] mod tests in {name}"})
+    elif ext == ".rb":
+        test_path = os.path.join("spec", f"{name}_spec.rb")
+        suggestions.append({"file": f, "test_file": test_path,
+                          "framework": "rspec", "hint": f"Add RSpec tests for {name}"})
+
+import json
+print(json.dumps(suggestions))
+TEST_SUGGEST_PY
+        )
+    fi
+
+    # --- Tally findings ---
+    local count_critical=0 count_high=0 count_medium=0 count_low=0 count_info=0
+    for f in "${findings[@]}"; do
+        local sev
+        sev=$(echo "$f" | cut -d'|' -f3)
+        case "$sev" in
+            CRITICAL) count_critical=$((count_critical + 1)) ;;
+            HIGH) count_high=$((count_high + 1)) ;;
+            MEDIUM) count_medium=$((count_medium + 1)) ;;
+            LOW) count_low=$((count_low + 1)) ;;
+            INFO) count_info=$((count_info + 1)) ;;
+        esac
+    done
+    local count_total=${#findings[@]}
+
+    # Determine exit code based on --fail-on threshold
+    local exit_code=0
+    if [ "$fail_threshold" -lt 99 ]; then
+        for f in "${findings[@]}"; do
+            local sev sev_num
+            sev=$(echo "$f" | cut -d'|' -f3)
+            sev_num=$(_ci_sev_level "$sev")
+            if [ "$sev_num" -ge "$fail_threshold" ]; then
+                exit_code=1
+                break
+            fi
+        done
+    fi
+
+    # --- Build output ---
+    local report_timestamp
+    report_timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)
+    local file_count
+    file_count=$(echo "$changed_files" | grep -c '.' 2>/dev/null || echo 0)
+
+    if [ "$ci_format" = "json" ]; then
+        # JSON output via python for proper escaping
+        export LOKI_CI_JSON_FINDINGS=""
+        for f in "${findings[@]}"; do
+            LOKI_CI_JSON_FINDINGS+="${f}"$'\n'
+        done
+        export LOKI_CI_JSON_META="ci_env=${ci_env}|pr=${ci_pr_number}|ts=${report_timestamp}|files=${file_count}|exit=${exit_code}"
+        export LOKI_CI_JSON_COUNTS="critical=${count_critical}|high=${count_high}|medium=${count_medium}|low=${count_low}|info=${count_info}|total=${count_total}"
+        export LOKI_CI_JSON_TESTS="${test_suggestions:-[]}"
+
+        python3 << 'CI_JSON_OUT'
+import json, os
+
+findings_raw = os.environ.get("LOKI_CI_JSON_FINDINGS", "").strip().split("\n")
+meta_raw = os.environ.get("LOKI_CI_JSON_META", "")
+counts_raw = os.environ.get("LOKI_CI_JSON_COUNTS", "")
+tests_raw = os.environ.get("LOKI_CI_JSON_TESTS", "[]")
+
+meta = dict(item.split("=", 1) for item in meta_raw.split("|") if "=" in item)
+counts = dict(item.split("=", 1) for item in counts_raw.split("|") if "=" in item)
+
+findings = []
+for line in findings_raw:
+    if not line or "|" not in line:
+        continue
+    parts = line.split("|", 5)
+    if len(parts) >= 6:
+        findings.append({
+            "file": parts[0],
+            "line": int(parts[1]) if parts[1].isdigit() else 0,
+            "severity": parts[2],
+            "category": parts[3],
+            "finding": parts[4],
+            "suggestion": parts[5]
+        })
+
+try:
+    tests = json.loads(tests_raw)
+except Exception:
+    tests = []
+
+report = {
+    "status": "fail" if int(meta.get("exit", "0")) > 0 else "pass",
+    "ci_environment": meta.get("ci_env", "local"),
+    "pr_number": meta.get("pr", ""),
+    "timestamp": meta.get("ts", ""),
+    "files_changed": int(meta.get("files", "0")),
+    "findings": findings,
+    "summary": {
+        "critical": int(counts.get("critical", "0")),
+        "high": int(counts.get("high", "0")),
+        "medium": int(counts.get("medium", "0")),
+        "low": int(counts.get("low", "0")),
+        "info": int(counts.get("info", "0")),
+        "total": int(counts.get("total", "0"))
+    },
+    "exit_code": int(meta.get("exit", "0"))
+}
+if tests:
+    report["test_suggestions"] = tests
+
+print(json.dumps(report, indent=2))
+CI_JSON_OUT
+        unset LOKI_CI_JSON_FINDINGS LOKI_CI_JSON_META LOKI_CI_JSON_COUNTS LOKI_CI_JSON_TESTS
+
+    elif [ "$ci_format" = "github" ]; then
+        # GitHub-flavored markdown for PR comments
+        echo "## Loki CI Quality Report"
+        echo ""
+        echo "| Metric | Count |"
+        echo "|--------|-------|"
+        echo "| Files changed | $file_count |"
+        echo "| Critical | $count_critical |"
+        echo "| High | $count_high |"
+        echo "| Medium | $count_medium |"
+        echo "| Low | $count_low |"
+        echo "| Info | $count_info |"
+        echo "| **Total** | **$count_total** |"
+        echo ""
+
+        if [ "$count_total" -gt 0 ]; then
+            echo "### Findings"
+            echo ""
+            for sev_name in CRITICAL HIGH MEDIUM LOW INFO; do
+                local has_sev=false
+                for f in "${findings[@]}"; do
+                    local f_sev
+                    f_sev=$(echo "$f" | cut -d'|' -f3)
+                    [ "$f_sev" != "$sev_name" ] && continue
+                    if [ "$has_sev" = false ]; then
+                        echo "#### $sev_name"
+                        echo ""
+                        has_sev=true
+                    fi
+                    local f_file f_line f_cat f_finding f_suggestion
+                    f_file=$(echo "$f" | cut -d'|' -f1)
+                    f_line=$(echo "$f" | cut -d'|' -f2)
+                    f_cat=$(echo "$f" | cut -d'|' -f4)
+                    f_finding=$(echo "$f" | cut -d'|' -f5)
+                    f_suggestion=$(echo "$f" | cut -d'|' -f6)
+                    echo "- **\`$f_file:$f_line\`** [$f_cat] $f_finding"
+                    echo "  - Suggestion: $f_suggestion"
+                done
+                [ "$has_sev" = true ] && echo ""
+            done
+        else
+            echo "No findings. All quality gates passed."
+        fi
+
+        if [ -n "${test_suggestions:-}" ] && [ "$test_suggestions" != "[]" ]; then
+            echo "### Test Suggestions"
+            echo ""
+            python3 -c "
+import json, os
+tests = json.loads(os.environ.get('LOKI_CI_TEST_SUGG', '[]'))
+for t in tests:
+    print(f\"- **{t['file']}**: {t['hint']} ({t['framework']})\")
+    print(f\"  - Suggested: \`{t['test_file']}\`\")
+" 2>/dev/null || true
+        fi
+
+        echo ""
+        if [ "$exit_code" -eq 0 ]; then
+            echo "**Result: PASSED**"
+        else
+            echo "**Result: FAILED** (findings exceed threshold)"
+        fi
+        echo ""
+        echo "_Generated by [Loki Mode](https://github.com/asklokesh/loki-mode) at $report_timestamp_"
+
+    else
+        # Default: markdown (terminal-friendly)
+        echo -e "${BOLD}Loki CI Quality Report${NC}"
+        echo -e "Environment: ${CYAN}$ci_env${NC}"
+        [ -n "$ci_pr_number" ] && echo -e "PR: ${CYAN}#$ci_pr_number${NC}"
+        echo -e "Files changed: ${CYAN}$file_count${NC}"
+        echo -e "Timestamp: ${DIM}$report_timestamp${NC}"
+        echo "---"
+
+        if [ "$count_total" -eq 0 ]; then
+            echo -e "${GREEN}All quality gates passed. No findings.${NC}"
+        else
+            for sev_name in CRITICAL HIGH MEDIUM LOW INFO; do
+                local printed_header=false
+                for f in "${findings[@]}"; do
+                    local f_sev
+                    f_sev=$(echo "$f" | cut -d'|' -f3)
+                    [ "$f_sev" != "$sev_name" ] && continue
+                    if [ "$printed_header" = false ]; then
+                        local sev_color="$NC"
+                        case "$sev_name" in
+                            CRITICAL) sev_color="$RED" ;;
+                            HIGH) sev_color="$RED" ;;
+                            MEDIUM) sev_color="$YELLOW" ;;
+                            LOW) sev_color="$CYAN" ;;
+                            INFO) sev_color="$DIM" ;;
+                        esac
+                        echo ""
+                        echo -e "${sev_color}${BOLD}[$sev_name]${NC}"
+                        printed_header=true
+                    fi
+                    local f_file f_line f_cat f_finding f_suggestion
+                    f_file=$(echo "$f" | cut -d'|' -f1)
+                    f_line=$(echo "$f" | cut -d'|' -f2)
+                    f_cat=$(echo "$f" | cut -d'|' -f4)
+                    f_finding=$(echo "$f" | cut -d'|' -f5)
+                    f_suggestion=$(echo "$f" | cut -d'|' -f6)
+                    echo -e "  ${DIM}$f_file:$f_line${NC} [$f_cat] $f_finding"
+                    echo -e "    -> $f_suggestion"
+                done
+            done
+        fi
+
+        echo ""
+        echo "---"
+        echo -e "Summary: ${RED}$count_critical critical${NC}, ${RED}$count_high high${NC}, ${YELLOW}$count_medium medium${NC}, ${CYAN}$count_low low${NC}, ${DIM}$count_info info${NC} ($count_total total)"
+
+        if [ "$ci_test_suggest" = true ] && [ -n "${test_suggestions:-}" ] && [ "$test_suggestions" != "[]" ]; then
+            echo ""
+            echo -e "${BOLD}Test Suggestions${NC}"
+            export LOKI_CI_TEST_SUGG="${test_suggestions}"
+            python3 -c "
+import json, os
+tests = json.loads(os.environ.get('LOKI_CI_TEST_SUGG', '[]'))
+for t in tests:
+    print(f\"  {t['file']} -> {t['test_file']} ({t['framework']})\")
+    print(f\"    {t['hint']}\")
+" 2>/dev/null || true
+            unset LOKI_CI_TEST_SUGG
+        fi
+
+        if [ "$exit_code" -eq 0 ]; then
+            echo -e "${GREEN}Result: PASSED${NC}"
+        else
+            echo -e "${RED}Result: FAILED (findings exceed threshold)${NC}"
+        fi
+    fi
+
+    # --- Post GitHub comment ---
+    if [ "$ci_github_comment" = true ]; then
+        if [ -z "${GITHUB_TOKEN:-}" ]; then
+            echo -e "${YELLOW}Warning: --github-comment requires GITHUB_TOKEN. Skipping comment.${NC}" >&2
+        elif [ -z "$ci_pr_number" ]; then
+            echo -e "${YELLOW}Warning: No PR number detected. Skipping comment.${NC}" >&2
+        elif command -v gh &>/dev/null; then
+            # Generate GitHub-format report for comment
+            local comment_body
+            comment_body=$("$0" ci --pr --format github 2>/dev/null || echo "Loki CI report generation failed.")
+            gh pr comment "$ci_pr_number" --body "$comment_body" 2>/dev/null && \
+                echo -e "${GREEN}Posted review comment to PR #$ci_pr_number${NC}" >&2 || \
+                echo -e "${YELLOW}Warning: Failed to post PR comment${NC}" >&2
+        else
+            echo -e "${YELLOW}Warning: gh CLI required for --github-comment. Install: https://cli.github.com${NC}" >&2
+        fi
+    fi
+
+    return "$exit_code"
+}
+
 main "$@"