pika-review 2.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Pika Review Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,76 @@
+# Pika Review 🦊
+### Enterprise-grade AI Architectural Sentinel
+
+Pika Review is a high-performance CLI tool designed to perform surgical code reviews using Cloudflare Workers AI. It focuses on deep architectural debt, security vulnerabilities, and UI/UX anomalies that traditional linters miss.
+
+---
+
+## 🚀 Key Features
+- **Provider Agnostic**: Seamlessly works with Cloudflare Workers AI, OpenAI, Grok, or local LLMs via OpenAI-compatible endpoints.
+- **Mixture of Experts (MoE) Reasoning**: Leverages advanced LLMs for deep structural analysis.
+- **Polyglot Heuristics**: Idiom-aware reviews across Python, JS/TS, Go, Rust, and React.
+- **Interactive UI**: Claude-inspired terminal experience with real-time progress and multi-select discovery.
+- **Enterprise-Ready**: Built-in token safety, JSON self-healing, and CI/CD integration.
+
+---
+
+## 📦 Installation
+```bash
+# Via Bun (Recommended)
+bun add -g pika-review
+
+# Via NPM
+npm install -g pika-review
+```
+
+## 🛠️ Setup
+1. Initialize your configuration:
+   ```bash
+   pika-review init
+   ```
+2. Open `~/.pika-review.yaml` and add your Cloudflare credentials:
+   ```yaml
+   ai:
+     accountId: "your-account-id"
+     apiKey: "your-scoped-api-token"
+   ```
+
+### 🌍 Custom AI Providers (OpenAI, Grok, etc.)
+Pika Review works with any OpenAI-compatible API. To use a different provider, simply override the `baseURL` and `model` in your config:
+
+```yaml
+ai:
+  apiKey: "your-openai-key"
+  model: "gpt-4o"
+  baseURL: "https://api.openai.com/v1"
+```
+
+## 🔍 Usage
+Scan staged git changes:
+```bash
+pika-review scan
+```
+
+Scan specific files:
+```bash
+pika-review scan src/index.ts src/utils/token.ts
+```
+
+Scan unstaged changes:
+```bash
+pika-review scan --unstaged
+```
+
+### CI/CD Mode
+Use the `--ci` flag in GitHub Actions or other pipelines to fail if Critical or High severity issues are found:
+```bash
+pika-review scan --ci
+```
+
+---
+
+## 🛡️ Privacy & Security
+Pika Review uses your local git diffs and sends them directly to your Cloudflare Workers AI instance. No code is stored by Pika Review.
+
+## 📄 License
+MIT © Pika Review Contributors

package/dist/cmd/init.js

@@ -0,0 +1,8 @@
+import { initConfig } from "../utils/config.js";
+/**
+ * CLI Command: init
+ * Initializes the global configuration file.
+ */
+export async function initAction() {
+    initConfig();
+}

package/dist/cmd/scan.js

@@ -0,0 +1,64 @@
+import prompts from "prompts";
+import chalk from "chalk";
+import { runScan, getDiffFiles, listProjectFiles } from "../core/scanner.js";
+import { logger } from "../utils/logger.js";
+/**
+ * CLI Command: scan
+ * Executes the scanning logic and handles user interaction for reports.
+ */
+export async function scanAction(files, options) {
+    const target = options.unstaged ? "unstaged" : "staged";
+    const isCI = !!options.ci;
+    let targets = files.length > 0 ? files : undefined;
+    // Interactive Discovery: If no files provided and no git changes, ask the user
+    if (!targets && !isCI) {
+        const gitChanges = getDiffFiles(target);
+        if (gitChanges.length === 0) {
+            logger.info("No git changes detected. Entering interactive selection mode...");
+            const allFiles = listProjectFiles();
+            if (allFiles.length > 0) {
+                const selection = await prompts({
+                    type: "multiselect",
+                    name: "files",
+                    message: "Select files to analyze (Space to select, Enter to confirm):",
+                    choices: allFiles.map(f => ({ title: f, value: f })),
+                    hint: "- Space to select. Return to submit"
+                });
+                if (selection.files && selection.files.length > 0) {
+                    targets = selection.files;
+                }
+            }
+        }
+    }
+    let reports = await runScan(target, isCI, targets);
+    if (!reports || reports.length === 0) {
+        if (!isCI) {
+            logger.success("Scan complete. No critical architectural anomalies detected.");
+            logger.dim("Try scanning with '--unstaged' if you have uncommitted changes.");
+        }
+        return;
+    }
+    if (!isCI) {
+        console.log(chalk.bold(`\n${"=".repeat(50)}`));
+        logger.warn(`ANALYTICAL REPORT READY`);
+        logger.dim(`${reports.length} file(s) require your immediate attention.\n`);
+        const response = await prompts({
+            type: "select",
+            name: "action",
+            message: "What is your next step?",
+            choices: [
+                { title: "📂 Open generated Markdown reports", value: "view" },
+                { title: "🛑 Exit and start refactoring", value: "exit" },
+            ],
+            initial: 0,
+        });
+        if (response.action === "view") {
+            logger.info("\nGenerated Artifacts:");
+            reports.forEach((r) => {
+                const fileName = r.split("/").pop();
+                console.log(` ${chalk.cyan("→")} ${chalk.bold(fileName)} ${chalk.dim(`(${r})`)}`);
+            });
+            console.log(chalk.dim("\nTip: Use 'cat' or a Markdown viewer to read the findings."));
+        }
+    }
+}

package/dist/core/ai.js

@@ -0,0 +1,146 @@
+import OpenAI from "openai";
+import { ReviewSchema } from "../utils/schema.js";
+import { getConfig } from "../utils/config.js";
+import { logger } from "../utils/logger.js";
+/**
+ * Structural Extractor: Isolate the JSON object from AI chatter.
+ * MoE (Mixture of Experts) models often add preamble or postscript;
+ * this ensures we only parse the valid payload even if wrapped in markdown.
+ */
+export function extractJSON(raw) {
+    // Strip common AI "chatter" markers and control characters that break JSON.parse
+    let cleaned = raw
+        .replace(/```json/g, "")
+        .replace(/```/g, "")
+        .replace(/[\u0000-\u001F\u007F-\u009F]/g, (match) => {
+        // Keep only safe whitespace: \n, \r, \t
+        return ["\n", "\r", "\t"].includes(match) ? match : "";
+    });
+    // Find the outermost JSON structure
+    const firstBrace = cleaned.indexOf("{");
+    const firstBracket = cleaned.indexOf("[");
+    // If it's a raw array (starts with [ before {), wrap it
+    if (firstBracket !== -1 && (firstBrace === -1 || firstBracket < firstBrace)) {
+        const lastBracket = cleaned.lastIndexOf("]");
+        if (lastBracket !== -1) {
+            return `{"reviews": ${cleaned.substring(firstBracket, lastBracket + 1)}}`;
+        }
+    }
+    const start = firstBrace;
+    const end = cleaned.lastIndexOf("}");
+    if (start === -1 || end === -1) {
+        return '{"reviews": []}';
+    }
+    let snippet = cleaned.substring(start, end + 1);
+    // Heuristic: MoE models sometimes miss commas between objects in an array
+    snippet = snippet.replace(/\}\s*\{/g, "},{");
+    // Heuristic Structural Recovery for Truncated Responses
+    const openBraces = (snippet.match(/\{/g) || []).length;
+    const closeBraces = (snippet.match(/\}/g) || []).length;
+    const openBrackets = (snippet.match(/\[/g) || []).length;
+    const closeBrackets = (snippet.match(/\]/g) || []).length;
+    // Close in reverse order of nesting (assumes standard structure)
+    if (openBrackets > closeBrackets) {
+        snippet += "]".repeat(openBrackets - closeBrackets);
+    }
+    if (openBraces > closeBraces) {
+        snippet += "}".repeat(openBraces - closeBraces);
+    }
+    return snippet;
+}
+/**
+ * Deep Analysis Engine: Communicates with Cloudflare Workers AI.
+ * Uses XML-structured prompts for better instruction following in smaller LLMs.
+ */
+export async function analyzeDiff(diff) {
+    const config = getConfig();
+    if (!config.ai.apiKey || !config.ai.accountId) {
+        throw new Error("Missing Cloudflare credentials in ~/.pika-review.yaml");
+    }
+    // Neuron Safety: Truncate input to protect the 10,000 daily free limit.
+    // 30,000 chars is roughly 7,500 tokens, leaving room for a detailed response.
+    const MAX_CHARS = 30000;
+    const safeDiff = diff.length > MAX_CHARS
+        ? diff.substring(0, MAX_CHARS) + "\n... [Content truncated for token safety]"
+        : diff;
+    const baseURL = (config.ai.baseURL && config.ai.baseURL.trim())
+        ? config.ai.baseURL
+        : `https://api.cloudflare.com/client/v4/accounts/${config.ai.accountId}/ai/v1`;
+    const openai = new OpenAI({
+        apiKey: config.ai.apiKey,
+        baseURL,
+    });
+    const defaultPrompt = `
+<role>
+  You are an Elite Senior Full-Stack Architect and Security Researcher.
+  Your task is to perform a surgical review of the provided code.
+</role>
+
+<task>
+  Identify high-impact issues related to:
+  1. SYSTEM COMPROMISE: Security vulnerabilities, insecure data handling.
+  2. COMPUTATIONAL INEFFICIENCY: Algorithmic bottlenecks, memory leaks.
+  3. ARCHITECTURAL DEBT: Logic flaws, redundant complexity.
+  4. UI/UX ANOMALIES: Layout shifts, accessibility (a11y) violations, and CSS performance issues.
+</task>
+
+<instructions>
+  - Be language-agnostic but idiom-aware (Polyglot reasoning).
+  - Only report issues with clear, tangible impact.
+  - Line numbers must be accurate relative to the provided snippet.
+  - Return ONLY a JSON object matching the requested schema.
+  - ENSURE the JSON is syntactically correct: check all commas, braces, and double-quotes.
+  - DO NOT include trailing commas in arrays or objects.
+  - BE SUBSTANTIVE: Explain each finding and its impact briefly (2-3 sentences); avoid vague one-liners.
+</instructions>
+
+<output_format>
+  {
+    "reviews": [
+      {
+        "line": number,
+        "severity": "Critical" | "High" | "Medium" | "Low",
+        "finding": "A brief explanation of the anomaly and why it is problematic.",
+        "impact": "The specific technical or business consequence if left unaddressed.",
+        "recommendation": "The specific code correction or refactor."
+      }
+    ]
+  }
+</output_format>
+
+<code_to_analyze>
+${safeDiff}
+</code_to_analyze>
+`;
+    const finalPrompt = (config.ai.prompt && config.ai.prompt.trim())
+        ? config.ai.prompt.replace("{{code}}", safeDiff)
+        : defaultPrompt;
+    try {
+        const response = await openai.chat.completions.create({
+            model: config.ai.model,
+            messages: [{ role: "user", content: finalPrompt }],
+            temperature: 0.1, // Low temperature for analytical consistency
+            max_tokens: 1500, // Sufficient for multiple architectural findings
+        });
+        const rawContent = response.choices[0]?.message?.content || "{}";
+        const cleanedContent = extractJSON(rawContent);
+        try {
+            const parsedData = JSON.parse(cleanedContent);
+            return ReviewSchema.parse(parsedData);
+        }
+        catch (e) {
+            logger.error(`Structural recovery failed. AI returned malformed payload.`);
+            logger.dim(`Snippet: ${cleanedContent.substring(0, 100)}...`);
+            return { reviews: [] };
+        }
+    }
+    catch (error) {
+        if (error.status === 429 || error.status === 4006) {
+            const e = new Error("RATE_LIMIT");
+            e.status = 429;
+            throw e;
+        }
+        logger.error(`AI analysis failed: ${error.message}`);
+        return { reviews: [] };
+    }
+}

package/dist/core/reporter.js

@@ -0,0 +1,48 @@
+import fs from "fs";
+import path from "path";
+/**
+ * Report Orchestrator: Handles persistence of AI findings.
+ */
+export function setupReportDir() {
+    const reportDir = path.join(process.cwd(), ".pika-reports");
+    if (!fs.existsSync(reportDir))
+        fs.mkdirSync(reportDir);
+    const gitignorePath = path.join(process.cwd(), ".gitignore");
+    if (fs.existsSync(gitignorePath)) {
+        const gitignore = fs.readFileSync(gitignorePath, "utf-8");
+        if (!gitignore.includes(".pika-reports")) {
+            fs.appendFileSync(gitignorePath, "\n.pika-reports/\n");
+        }
+    }
+    return reportDir;
+}
+/**
+ * Generates a professional Markdown report.
+ */
+export function writeMarkdownReport(fileName, reviews, reportDir) {
+    const safeName = fileName.replace(/[^a-z0-9]/gi, "_").toLowerCase();
+    const reportPath = path.join(reportDir, `${safeName}_review.md`);
+    const timestamp = new Date().toLocaleString();
+    let mdContent = `# 🔍 Pika Review: \`${fileName}\`\n\n`;
+    mdContent += `> **Generated on:** ${timestamp}\n`;
+    mdContent += `> **Total Issues Found:** ${reviews.length}\n\n`;
+    reviews.forEach((issue) => {
+        const iconMap = {
+            Critical: "🚨",
+            High: "🔥",
+            Medium: "⚠️",
+            Low: "📝",
+        };
+        const icon = iconMap[issue.severity] || "⚠️";
+        mdContent += `## ${icon} [${issue.severity}] Line ${issue.line || "N/A"}\n\n`;
+        mdContent += `### 💡 Finding\n${issue.finding}\n\n`;
+        mdContent += `### 💥 Impact\n${issue.impact}\n\n`;
+        mdContent += `### 🛠️ Recommendation\n`;
+        // Attempt to detect language for syntax highlighting
+        const ext = path.extname(fileName).slice(1) || "typescript";
+        mdContent += `\`\`\`${ext}\n${issue.recommendation}\n\`\`\`\n\n`;
+        mdContent += `---\n\n`;
+    });
+    fs.writeFileSync(reportPath, mdContent);
+    return reportPath;
+}

package/dist/core/scanner.js

@@ -0,0 +1,169 @@
+import { execFileSync } from "child_process";
+import fs from "fs";
+import cliProgress from "cli-progress";
+import pLimit from "p-limit";
+import { analyzeDiff } from "./ai.js";
+import { setupReportDir, writeMarkdownReport } from "./reporter.js";
+import { getIgnoredFiles } from "../utils/config.js";
+import { logger } from "../utils/logger.js";
+import path from "path";
+import { validateTokenLimit } from "../utils/token.js";
+/**
+ * Project Discovery: List all relevant files for interactive selection.
+ */
+export function listProjectFiles(dir = ".", depth = 0) {
+    if (depth > 5)
+        return []; // Limit depth for performance
+    const ignores = getIgnoredFiles();
+    const files = [];
+    try {
+        const items = fs.readdirSync(dir, { withFileTypes: true });
+        for (const item of items) {
+            const fullPath = path.join(dir, item.name);
+            const isIgnored = ignores.some(ignore => item.name.includes(ignore.replace("*", "")));
+            if (isIgnored || item.name.startsWith("."))
+                continue;
+            if (item.isDirectory()) {
+                files.push(...listProjectFiles(fullPath, depth + 1));
+            }
+            else {
+                files.push(fullPath);
+            }
+        }
+    }
+    catch (e) {
+        // Silent fail for inaccessible dirs
+    }
+    return files;
+}
+/**
+ * Git Utilities: Extract file lists from the repository.
+ */
+export function getDiffFiles(type) {
+    try {
+        const args = type === "staged"
+            ? ["diff", "--cached", "--name-only", "--diff-filter=ACMR"] // Only Added, Copied, Modified, Renamed
+            : ["diff", "--name-only", "--diff-filter=ACMR"];
+        const output = execFileSync("git", args, {
+            encoding: "utf-8",
+            stdio: ["ignore", "pipe", "ignore"]
+        });
+        const ignores = getIgnoredFiles();
+        return output.trim().split("\n").filter((file) => {
+            const trimmedFile = file.trim();
+            if (!trimmedFile)
+                return false;
+            // Filter out ignored patterns and ensure file exists
+            const isIgnored = ignores.some(ignore => trimmedFile.includes(ignore.replace("*", "")));
+            return !isIgnored && fs.existsSync(trimmedFile);
+        });
+    }
+    catch (e) {
+        logger.error("Git operation failed. Ensure you are in a git repository.");
+        return [];
+    }
+}
+/**
+ * Scan Orchestrator: Manages the review lifecycle.
+ * Concurrency is limited to 3 to stay within the Cloudflare Workers AI free tier constraints.
+ */
+export async function runScan(target, isCI, specificFiles) {
+    let files = [];
+    if (specificFiles && specificFiles.length > 0) {
+        specificFiles.forEach(file => {
+            if (!fs.existsSync(file)) {
+                logger.error(`File not found: ${file}`);
+                process.exit(1);
+            }
+        });
+        files = specificFiles;
+    }
+    else {
+        files = getDiffFiles(target);
+    }
+    if (files.length === 0) {
+        if (!isCI)
+            logger.success("No changes detected. Codebase is clean.");
+        return [];
+    }
+    const reportDir = setupReportDir();
+    if (!isCI)
+        logger.info(`Initializing Pika Review on ${files.length} file(s)...`);
+    const bar = isCI ? null : new cliProgress.SingleBar({
+        format: ' {bar} {percentage}% | ETA: {eta}s | Scanning: {file}',
+        barCompleteChar: '\u2588',
+        barIncompleteChar: '\u2591',
+        hideCursor: true,
+    });
+    if (bar)
+        bar.start(files.length, 0, { file: "Starting..." });
+    const generatedReports = [];
+    let criticalIssuesFound = false;
+    const limit = pLimit(3);
+    let completed = 0;
+    const tasks = files.map((file) => limit(async () => {
+        let contentToScan = "";
+        try {
+            if (specificFiles) {
+                // Safety: Check file size before reading to prevent memory exhaustion
+                const stats = fs.statSync(file);
+                if (stats.size > 1024 * 1024) { // 1MB limit for safety
+                    logger.warn(`Skipping ${file}: File too large (>1MB).`);
+                    return;
+                }
+                contentToScan = fs.readFileSync(file, "utf-8");
+            }
+            else {
+                try {
+                    contentToScan = execFileSync("git", ["diff", target === "staged" ? "--cached" : "", "--", file], {
+                        encoding: "utf-8",
+                        stdio: ["ignore", "pipe", "ignore"] // Suppress stderr
+                    });
+                }
+                catch (gitError) {
+                    logger.error(`Git diff failed for ${file}. Skipping.`);
+                    return;
+                }
+            }
+            if (!contentToScan || !contentToScan.trim())
+                return;
+            // Binary Detection Heuristic: Check for null bytes or control characters in the first 1KB
+            if (/[\x00-\x08\x0E-\x1F]/.test(contentToScan.substring(0, 1024))) {
+                logger.dim(`Skipping ${file}: Binary file detected.`);
+                return;
+            }
+            // Token Estimator Check
+            validateTokenLimit(contentToScan);
+            const result = await analyzeDiff(contentToScan);
+            if (result.reviews.length > 0) {
+                const hasCritical = result.reviews.some(r => r.severity === "Critical" || r.severity === "High");
+                if (hasCritical)
+                    criticalIssuesFound = true;
+                const reportPath = writeMarkdownReport(file, result.reviews, reportDir);
+                generatedReports.push(reportPath);
+            }
+        }
+        catch (e) {
+            if (e.message === "RATE_LIMIT") {
+                if (bar)
+                    bar.stop();
+                logger.critical("DAILY NEURON LIMIT REACHED (10,000). Scanning aborted.");
+                process.exit(1);
+            }
+            logger.error(`Error scanning ${file}: ${e.message}`);
+        }
+        finally {
+            completed++;
+            if (bar)
+                bar.update(completed, { file });
+        }
+    }));
+    await Promise.all(tasks);
+    if (bar)
+        bar.stop();
+    if (isCI && criticalIssuesFound) {
+        logger.critical("CI Pipeline Failed: Critical issues detected.");
+        process.exit(1);
+    }
+    return generatedReports;
+}

package/dist/index.js

@@ -0,0 +1,56 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import chalk from "chalk";
+import { initAction } from "./cmd/init.js";
+import { scanAction } from "./cmd/scan.js";
+/**
+ * Pika Review: The Enterprise-Grade AI Code Reviewer.
+ * Modular entry point for CLI operations.
+ */
+const program = new Command();
+// Branding Header
+const BRAND = `
+  ${chalk.bgCyan.black.bold(" PIKA REVIEW ")} ${chalk.dim("v2.0.0")}
+  ${chalk.italic.gray("Enterprise-grade AI Architectural Sentinel")}
+`;
+const HELPER_TEXT = `
+${chalk.bold.cyan("🚀 Quick Start:")}
+  $ pika-review scan           ${chalk.dim("# Scan staged git changes (default)")}
+  $ pika-review scan -u        ${chalk.dim("# Scan unstaged git changes")}
+  $ pika-review scan file.ts   ${chalk.dim("# Scan a specific file")}
+  $ pika-review scan f1 f2     ${chalk.dim("# Scan multiple specific files")}
+
+${chalk.bold.cyan("⌨️  Shortcuts & Tips:")}
+  - Use ${chalk.yellow("--ci")} in GitHub Actions to fail on Critical/High issues.
+  - Create a ${chalk.yellow(".pikaignore")} file to skip specific directories.
+  - Review artifacts are stored in ${chalk.yellow(".pika-reports/")} automatically.
+
+${chalk.bold.cyan("📊 Progress & Concurrency:")}
+  - Pika uses ${chalk.green("p-limit(3)")} to scan files in parallel without hitting rate limits.
+  - Real-time progress bars will show you the exact status of each analysis.
+`;
+program
+    .name("pika-review")
+    .description("Enterprise-grade AI Code Reviewer for Cloudflare Workers AI")
+    .version("2.0.0")
+    .addHelpText("before", BRAND)
+    .addHelpText("after", HELPER_TEXT);
+program
+    .command("init")
+    .description("Initialize global configuration (~/.pika-review.yaml)")
+    .action(async () => {
+    console.log(BRAND);
+    await initAction();
+});
+program
+    .command("scan [files...]", { isDefault: true }) // Set scan as the default command
+    .description("Scan git changes or specific files for architectural anomalies")
+    .option("-u, --unstaged", "Analyze unstaged changes instead of staged")
+    .option("--ci", "Headless CI/CD mode (fails on Critical/High issues, strips visuals)")
+    .action(async (files, options) => {
+    // Only show branding if not in CI mode and if files were explicitly passed or if it's the default
+    if (!options.ci)
+        console.log(BRAND);
+    await scanAction(files, options);
+});
+program.parse();

package/dist/utils/config.js

@@ -0,0 +1,63 @@
+import fs from "fs";
+import path from "path";
+import os from "os";
+import yaml from "yaml";
+import { logger } from "./logger.js";
+const CONFIG_PATH = path.join(os.homedir(), ".pika-review.yaml");
+const DEFAULT_CONFIG = {
+    ai: {
+        accountId: "", // Required for Cloudflare default
+        apiKey: "",
+        model: "@cf/meta/llama-3-8b-instruct",
+        prompt: "",
+        baseURL: "", // Leave empty for Cloudflare, or set for OpenAI/Grok/Local
+    },
+};
+/**
+ * Initialize global configuration with restrictive permissions.
+ * We use 0o600 because this file contains sensitive API keys.
+ */
+export function initConfig() {
+    if (!fs.existsSync(CONFIG_PATH)) {
+        fs.writeFileSync(CONFIG_PATH, yaml.stringify(DEFAULT_CONFIG), {
+            mode: 0o600,
+        });
+        logger.success(`Configuration initialized at ${CONFIG_PATH}`);
+        logger.info("Please edit this file and add your Cloudflare Account ID and API Token.");
+    }
+    else {
+        logger.warn(`Configuration already exists at ${CONFIG_PATH}`);
+    }
+}
+/**
+ * Retrieve configuration, failing fast if not found.
+ */
+export function getConfig() {
+    if (!fs.existsSync(CONFIG_PATH)) {
+        logger.error("Configuration not found. Run 'pika-review init' first.");
+        process.exit(1);
+    }
+    return yaml.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
+}
+/**
+ * Get files to ignore during scanning.
+ */
+export function getIgnoredFiles() {
+    const ignorePath = path.join(process.cwd(), ".pikaignore");
+    if (!fs.existsSync(ignorePath)) {
+        return [
+            ".svg", ".lock", "package-lock.json", ".png", ".jpg", ".jpeg", ".ico",
+            "node_modules", ".git", "dist", "build", "out", ".next", "public",
+            ".pika-reports", ".env", ".DS_Store", "bun.lockb", "pnpm-lock.yaml",
+            "venv", ".venv", "__pycache__", ".pytest_cache",
+            "target", ".gradle", ".idea", ".vscode", "vendor",
+            "coverage", ".turbo", "tests", "__tests__", "spec", "specs",
+            "cypress", "playwright-report", "test-results", ".nyc_output"
+        ];
+    }
+    const content = fs.readFileSync(ignorePath, "utf-8");
+    return content
+        .split("\n")
+        .map((line) => line.trim())
+        .filter(Boolean);
+}

package/dist/utils/logger.js

@@ -0,0 +1,12 @@
+import chalk from "chalk";
+/**
+ * Senior Logger: Standardized output with clear visual hierarchy.
+ */
+export const logger = {
+    info: (msg) => console.log(chalk.cyan(msg)),
+    success: (msg) => console.log(chalk.green(`✅ ${msg}`)),
+    warn: (msg) => console.log(chalk.yellow(`⚠️  ${msg}`)),
+    error: (msg) => console.error(chalk.red(`❌ ${msg}`)),
+    critical: (msg) => console.error(chalk.bgRed.white.bold(` ⚡ ${msg} `)),
+    dim: (msg) => console.log(chalk.gray(msg)),
+};

package/dist/utils/schema.js

@@ -0,0 +1,14 @@
+import { z } from "zod";
+/**
+ * Enterprise Schema for AI Code Review Output.
+ * Ensures the AI returns structured, actionable data.
+ */
+export const ReviewSchema = z.object({
+    reviews: z.array(z.object({
+        line: z.number().optional(),
+        severity: z.enum(["Critical", "High", "Medium", "Low"]),
+        finding: z.string(),
+        impact: z.string(),
+        recommendation: z.string(),
+    })),
+});

package/dist/utils/token.js

@@ -0,0 +1,21 @@
+import { logger } from "./logger.js";
+/**
+ * Token Safety Estimator.
+ * Heuristic: 1 token is roughly 4 characters in English code.
+ * This helps users avoid exhausting their 10,000 free neuron daily limit.
+ */
+export function estimateTokens(text) {
+    return Math.ceil(text.length / 4);
+}
+/**
+ * Warn the user if the file is excessively large.
+ */
+export function validateTokenLimit(text, limit = 7500) {
+    const estimation = estimateTokens(text);
+    if (estimation > limit) {
+        logger.warn(`Heuristic Alert: This file is estimated at ${estimation} tokens.`);
+        logger.dim(`Submitting this to AI might consume ~${estimation} neurons of your 10,000 daily limit.`);
+        return false;
+    }
+    return true;
+}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "pika-review",
+  "version": "2.0.0",
+  "description": "Enterprise-grade AI Architectural Code Reviewer powered by Cloudflare Workers AI.",
+  "main": "./dist/index.js",
+  "type": "module",
+  "bin": {
+    "pika-review": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "bun run src/index.ts",
+    "start": "node dist/index.js",
+    "test": "bun test"
+  },
+  "keywords": [
+    "ai",
+    "code-review",
+    "cloudflare",
+    "workers-ai",
+    "architectural-analysis",
+    "cli"
+  ],
+  "author": "Pika Review Contributors",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.6.2",
+    "cli-progress": "^3.12.0",
+    "commander": "^14.0.3",
+    "openai": "^6.34.0",
+    "ora": "^9.4.0",
+    "p-limit": "^7.3.0",
+    "prompts": "^2.4.2",
+    "yaml": "^2.8.3",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/cli-progress": "^3.11.6",
+    "@types/node": "^25.6.0",
+    "@types/prompts": "^2.4.9",
+    "bun-types": "^1.3.13",
+    "tsx": "^4.21.0",
+    "typescript": "^6.0.3"
+  }
+}