pierre-review 0.1.17 → 0.1.18

package/dist/api/plugins/auth.js

@@ -1,6 +1,6 @@
 import { createHash } from 'node:crypto';
 import { config } from '../../config.js';
-import { getAccountById, getLocalAccountCached, LOCAL_ACCOUNT_ID, } from '../../auth/account.js';
+import { getAccountById, getLocalAccountCached, stampAccountActive, LOCAL_ACCOUNT_ID, } from '../../auth/account.js';
 // Attaches `request.account` to every request. Registered once on the root app
 // (so it covers all routes, including static/health which simply ignore it).
 //
@@ -14,6 +14,12 @@ export function registerAccountContext(app) {
         if (config.isCloud) {
             const accountId = readSessionAccountId(req);
             req.account = accountId != null ? await getAccountById(accountId) : null;
+            // A request from a signed-in account on a real data route means that tenant
+            // has a loaded frontend — stamp activity (throttled) so the scheduler keeps
+            // syncing their repos. Skips static/landing assets and the health/auth probes.
+            if (req.account && req.url.startsWith('/api/')) {
+                stampAccountActive(req.account.id);
+            }
         }
         else {
             req.account =

package/dist/api/routes/claude-review.js

@@ -4,11 +4,12 @@ import { markFindingPosted, markReviewPosted, updateFinding, updateReviewDraft,
 import { getReviewStatus, listActiveReviews, requestReviewCancel, startReview, } from '../../review/review-manager.js';
 import { detectClaudeAuth } from '../../review/auth.js';
 import { hasUserAnthropicKey, setUserAnthropicKey, } from '../../review/local-settings.js';
-import { buildReview, fetchCurrentHeadSha, fetchPrDiff, findingCommentBody, stripNoiseFromDiff, submitGithubComment, submitGithubReview, } from '../../review/post-review.js';
+import { buildAnchorIndex, buildReview, fallbackAnchor, fetchCurrentHeadSha, fetchPrDiff, findingCommentBody, stripNoiseFromDiff, submitGithubComment, submitGithubReview, } from '../../review/post-review.js';
 import { isNoiseFile } from '../../review/prompt.js';
 import { accountIdOf } from '../plugins/auth.js';
 const MODELS = ['claude-opus-4-8', 'claude-sonnet-4-6'];
 const VERDICTS = ['COMMENT', 'REQUEST_CHANGES', 'APPROVE'];
+const REVIEW_MODES = ['auto', 'diff_only', 'worktree'];
 const idParam = {
     params: {
         type: 'object',
@@ -36,7 +37,11 @@ const generateSchema = {
         type: 'object',
         required: ['model'],
         additionalProperties: false,
-        properties: { model: { type: 'string', enum: MODELS } },
+        properties: {
+            model: { type: 'string', enum: MODELS },
+            // Review depth. Omitted defaults to 'auto' (the router decides).
+            mode: { type: 'string', enum: REVIEW_MODES },
+        },
     },
 };
 const updateReviewSchema = {
@@ -121,7 +126,7 @@ export async function claudeReviewRoutes(app) {
     // Kick off a run. 404 disabled/unknown PR, 400 no auth / no head, 409 busy.
     app.post('/api/prs/:id/claude-review', { schema: generateSchema }, async (req, reply) => {
         const { id } = req.params;
-        const { model } = req.body;
+        const { model, mode } = req.body;
         if (!config.claudeReviewEnabled)
             return featureOff(reply);
         const auth = detectClaudeAuth();
@@ -129,7 +134,7 @@ export async function claudeReviewRoutes(app) {
             reply.status(400);
             return { error: 'NoClaudeAuth', message: auth.message };
         }
-        const result = await startReview(id, model, app.log);
+        const result = await startReview(id, model, mode ?? 'auto', app.log);
         if (!result.ok) {
             if (result.reason === 'not_found') {
                 reply.status(404);
@@ -240,13 +245,6 @@ export async function claudeReviewRoutes(app) {
             return { error: 'NotFound', message: `Finding ${findingId} not found` };
         }
         const f = ctx.finding;
-        if (f.line == null || !f.anchored) {
-            reply.status(400);
-            return {
-                error: 'NotAnchored',
-                message: "This finding isn't anchored to a diff line, so it can't post inline.",
-            };
-        }
         try {
             const currentHead = await fetchCurrentHeadSha(ctx.owner, ctx.name, ctx.prNumber);
             if (currentHead !== ctx.reviewHeadSha) {
@@ -256,19 +254,41 @@ export async function claudeReviewRoutes(app) {
                     message: 'The PR head has moved since this review. Re-review before posting.',
                 };
             }
+            // Anchor: the finding's own line if addable, else the file's first change
+            // (added preferred). A finding whose file isn't in the diff can't inline.
+            let line;
+            let side = f.side;
+            let onFallback = false;
+            if (f.line != null && f.anchored) {
+                line = f.line;
+            }
+            else {
+                const { diff } = stripNoiseFromDiff(await fetchPrDiff(ctx.owner, ctx.name, ctx.prNumber), isNoiseFile);
+                const fb = fallbackAnchor(buildAnchorIndex(diff), f.path);
+                if (!fb) {
+                    reply.status(400);
+                    return {
+                        error: 'NotAnchored',
+                        message: "This finding's file has no changes in the PR diff, so it can't post inline.",
+                    };
+                }
+                line = fb.line;
+                side = fb.side;
+                onFallback = true;
+            }
             const { commentId } = await submitGithubComment({
                 owner: ctx.owner,
                 name: ctx.name,
                 prNumber: ctx.prNumber,
                 commitId: ctx.reviewHeadSha,
                 path: f.path,
-                line: f.line,
-                side: f.side,
+                line,
+                side,
                 body: findingCommentBody({
                     body: f.body,
                     editedBody: f.editedBody,
                     suggestion: f.suggestion,
-                }),
+                }, onFallback ? { fallbackNote: true } : undefined),
             });
             await markFindingPosted(findingId, commentId);
             const result = {

package/dist/auth/account.js

@@ -110,6 +110,9 @@ export async function upsertCloudAccount(input) {
         accessTokenEnc: input.accessTokenEnc,
         isLocal: false,
         lastLoginAt: now,
+        // Seed activity at sign-in so the user's repos are eligible on the very next
+        // scheduled sync tick (don't wait for the first heartbeat).
+        lastActiveAt: now,
     })
         .onConflictDoUpdate({
         target: accounts.githubUserId,
@@ -118,12 +121,42 @@ export async function upsertCloudAccount(input) {
             avatarUrl: input.avatarUrl,
             accessTokenEnc: input.accessTokenEnc,
             lastLoginAt: now,
+            lastActiveAt: now,
         },
     })
         .returning()
         .execute();
     return rowToAccount(rows[0]);
 }
+// In-memory throttle for the activity stamp below: accountId → last-stamp epoch ms.
+// A loaded SPA is chatty (timeline, polls, heartbeat), so we only touch the DB at
+// most once per window per account.
+const lastActiveStampMs = new Map();
+const ACTIVE_STAMP_THROTTLE_MS = 60_000;
+/**
+ * Record that a loaded frontend for this account just talked to the backend
+ * (drives the scheduler's "only sync accounts with an open tab" gate). Throttled
+ * in-memory and fire-and-forget — a dropped stamp only means a slightly staler
+ * signal, and the next request re-stamps. Cloud-only in practice (the caller gates
+ * on isCloud; local has a single always-synced account).
+ */
+export function stampAccountActive(accountId) {
+    const now = Date.now();
+    const last = lastActiveStampMs.get(accountId) ?? 0;
+    if (now - last < ACTIVE_STAMP_THROTTLE_MS)
+        return;
+    lastActiveStampMs.set(accountId, now);
+    const { accounts } = schema;
+    void db
+        .update(accounts)
+        .set({ lastActiveAt: new Date() })
+        .where(eq(accounts.id, accountId))
+        .execute()
+        .catch(() => {
+        // Best-effort: roll back the throttle so the next request retries the stamp.
+        lastActiveStampMs.delete(accountId);
+    });
+}
 /** Load an account by id. */
 export async function getAccountById(id) {
     const { accounts } = schema;

package/dist/config.js

@@ -81,6 +81,12 @@ export const config = {
     commitFileConcurrency: intFromEnv('COMMIT_FILE_CONCURRENCY', 10),
     syncCron: process.env.SYNC_CRON ?? '*/5 * * * *',
     syncOverlapMinutes: intFromEnv('SYNC_OVERLAP_MINUTES', 20),
+    // CLOUD ONLY: the scheduled sync skips any account whose loaded frontend hasn't
+    // been seen within this many minutes (accounts.lastActiveAt), so a tenant with no
+    // open tab is not re-synced every 5 min. Comfortably exceeds the cron period so a
+    // user active a few minutes ago isn't dropped between ticks. Local mode ignores
+    // this entirely (one always-on account). SYNC_ACTIVE_WINDOW_MINUTES overrides.
+    syncActiveWindowMinutes: intFromEnv('SYNC_ACTIVE_WINDOW_MINUTES', 15),
     stallThresholdDays: intFromEnv('STALL_THRESHOLD_DAYS', 3),
     // Disable the periodic scheduler (used by scripts/tests).
     disableScheduler: process.env.DISABLE_SCHEDULER === 'true',
@@ -117,8 +123,31 @@ export const config = {
     // reviews need far fewer turns than the old default; 30 is still generous.
     reviewMaxTurns: intFromEnv('REVIEW_MAX_TURNS', 30),
     reviewBudgetUsd: floatFromEnv('REVIEW_BUDGET_USD', 1.0),
+    // Turn cap for a diff-only run. These are TOOL-LESS (only submit_review), so they
+    // should finish in ~2 turns; a tight cap is a cheap runaway guard.
+    reviewDiffOnlyMaxTurns: intFromEnv('REVIEW_DIFF_ONLY_MAX_TURNS', 6),
     // At most one review per PR; this caps concurrent reviews across all PRs.
     reviewConcurrency: intFromEnv('REVIEW_CONCURRENCY', 1),
+    // ---- Claude Review routing (diff-only vs worktree) — THE THRESHOLDS ----
+    // The deterministic pre-check (review/routing.ts) decides, BEFORE the agent runs,
+    // whether a PR can be reviewed from its diff alone (fast, tool-less, no worktree)
+    // or needs the full cloned worktree as explorable context. A change stays
+    // 'diff_only' only if it is within EVERY ceiling below AND touches no exported/
+    // public API; otherwise it routes to 'worktree'. The numbers are deliberately
+    // CONSERVATIVE — any tie routes to worktree, since over-reviewing is safe but
+    // under-reviewing a risky change is not. Every decision input is logged on the
+    // run (claude_reviews.route_reason) so these can be tuned against the agent's own
+    // scopeUsed self-report. This is the single place to review/adjust the thresholds.
+    reviewRouting: {
+        // Max (non-noise) files changed for a diff-only review.
+        maxFiles: intFromEnv('REVIEW_ROUTE_MAX_FILES', 5),
+        // Max added + deleted lines (non-noise files) for a diff-only review.
+        maxLines: intFromEnv('REVIEW_ROUTE_MAX_LINES', 150),
+        // Max distinct directories touched for a diff-only review.
+        maxDirs: intFromEnv('REVIEW_ROUTE_MAX_DIRS', 2),
+        // Max distinct top-level subsystems (first path segment) for a diff-only review.
+        maxSubsystems: intFromEnv('REVIEW_ROUTE_MAX_SUBSYSTEMS', 1),
+    },
 };
 // Fail loud at startup if a required cloud var is missing — mirrors the
 // gh-auth loud failure. Called from index.ts only when deploymentMode==='cloud'.

package/dist/db/migrations/0013_review_routing.sql

@@ -0,0 +1,9 @@
+-- Claude Review routing (additive). Records the deterministic skip/diff_only/
+-- worktree decision (review_mode) and its decision inputs (route_reason JSON) made
+-- BEFORE the agent runs — so the diff-only fast path can be enforced and the
+-- thresholds calibrated against the agent's own scopeUsed self-report. Both columns
+-- are nullable; existing rows stay NULL until re-reviewed. SQLite-only: Claude
+-- Review is force-disabled in cloud, so the Postgres claude_reviews table is never
+-- populated (its baseline is regenerated separately via db:generate:pg).
+ALTER TABLE `claude_reviews` ADD `review_mode` text;--> statement-breakpoint
+ALTER TABLE `claude_reviews` ADD `route_reason` text;

package/dist/db/migrations/0014_account_last_active.sql

@@ -0,0 +1,6 @@
+-- Activity gating for the scheduler (additive). `last_active_at` records the last
+-- time a loaded frontend for this account talked to the backend; the periodic sync
+-- skips accounts not active within config.syncActiveWindowMinutes so a tenant with no
+-- open tab stops being re-synced. Nullable; existing rows stay NULL (eligible only
+-- once they next show activity). Cloud-relevant; local has one always-on account.
+ALTER TABLE `accounts` ADD `last_active_at` integer;

package/dist/db/migrations/meta/_journal.json

@@ -92,6 +92,20 @@
       "when": 1780800000003,
       "tag": "0012_findings_included_default",
       "breakpoints": true
+    },
+    {
+      "idx": 13,
+      "version": "6",
+      "when": 1780800000004,
+      "tag": "0013_review_routing",
+      "breakpoints": true
+    },
+    {
+      "idx": 14,
+      "version": "6",
+      "when": 1780800000005,
+      "tag": "0014_account_last_active",
+      "breakpoints": true
     }
   ]
 }

package/dist/db/migrations-pg/0003_melted_secret_warriors.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "claude_reviews" ADD COLUMN "review_mode" text;--> statement-breakpoint
+ALTER TABLE "claude_reviews" ADD COLUMN "route_reason" jsonb;

package/dist/db/migrations-pg/0004_numerous_triton.sql

@@ -0,0 +1 @@
+ALTER TABLE "accounts" ADD COLUMN "last_active_at" timestamp with time zone;