qai-cli 3.0.0 → 3.1.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "qai-cli",
-  "version": "3.0.0",
+  "version": "3.1.0",
   "description": "AI-powered QA engineer. Code review, testing, and bug detection from your terminal.",
   "main": "src/analyze.js",
   "types": "src/types.d.ts",

package/src/generate.js

@@ -0,0 +1,495 @@
+/**
+ * Test Generation Engine
+ *
+ * Two modes:
+ * 1. URL crawl: Navigate a site, record interactions, generate Playwright E2E specs
+ * 2. Code analysis: Read source files, generate unit/integration tests
+ *
+ * Usage:
+ *   qai generate https://mysite.com          # E2E tests from URL
+ *   qai generate src/billing.ts              # Unit tests from source
+ *   qai generate src/ --pattern "*.service*" # Batch generate
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { getProvider } = require('./providers');
+
+/**
+ * Generate tests from a URL (E2E) or source file (unit)
+ *
+ * @param {Object} options
+ * @param {string} options.target - URL or file/directory path
+ * @param {string} [options.outDir] - Output directory for generated tests (default: ./tests/generated)
+ * @param {string} [options.framework] - Test framework (playwright, jest, vitest)
+ * @param {string} [options.pattern] - Glob pattern for batch file mode
+ * @param {string} [options.baseUrl] - Base URL for generated E2E tests
+ * @param {boolean} [options.dryRun] - Print tests to stdout instead of writing files
+ * @returns {Promise<GenerateResult>}
+ */
+async function generateTests(options = {}) {
+  const {
+    target,
+    outDir = './tests/generated',
+    framework = 'playwright',
+    dryRun = false,
+  } = options;
+
+  if (!target) {
+    throw new Error('Target is required (URL or file path)');
+  }
+
+  // Determine mode: URL or file
+  const isUrl = target.startsWith('http://') || target.startsWith('https://');
+
+  if (isUrl) {
+    return generateE2ETests({ ...options, url: target, outDir, framework, dryRun });
+  } else {
+    return generateUnitTests({ ...options, filePath: target, outDir, framework, dryRun });
+  }
+}
+
+/**
+ * Generate E2E tests by crawling a URL
+ */
+async function generateE2ETests(options) {
+  const { url, outDir, framework, dryRun } = options;
+
+  console.log('[1/3] Crawling site...');
+  const siteData = await crawlSite(url);
+
+  console.log(
+    `  Found ${siteData.pages.length} pages, ${siteData.interactions.length} interactive elements`,
+  );
+
+  console.log('[2/3] Generating tests with AI...');
+  const provider = getProvider();
+  const prompt = buildE2EPrompt(siteData, framework);
+  const result = await provider.generateTests(prompt);
+
+  console.log('[3/3] Writing test files...');
+  const files = parseGeneratedFiles(result);
+
+  if (dryRun) {
+    for (const file of files) {
+      console.log(`\n--- ${file.name} ---`);
+      console.log(file.content);
+    }
+  } else {
+    writeTestFiles(files, outDir);
+  }
+
+  return {
+    mode: 'e2e',
+    url,
+    pagesFound: siteData.pages.length,
+    testsGenerated: files.length,
+    files: files.map((f) => f.name),
+    outDir,
+  };
+}
+
+/**
+ * Generate unit tests from source file(s)
+ */
+async function generateUnitTests(options) {
+  const { filePath, outDir, framework, dryRun, pattern } = options;
+
+  console.log('[1/3] Reading source files...');
+  const sources = readSourceFiles(filePath, pattern);
+  console.log(`  Found ${sources.length} source files`);
+
+  if (sources.length === 0) {
+    throw new Error(`No source files found at: ${filePath}`);
+  }
+
+  const allFiles = [];
+
+  for (const source of sources) {
+    console.log(`[2/3] Generating tests for ${source.relativePath}...`);
+    const provider = getProvider();
+    const prompt = buildUnitTestPrompt(source, framework);
+    const result = await provider.generateTests(prompt);
+    const files = parseGeneratedFiles(result);
+
+    allFiles.push(...files);
+  }
+
+  console.log('[3/3] Writing test files...');
+  if (dryRun) {
+    for (const file of allFiles) {
+      console.log(`\n--- ${file.name} ---`);
+      console.log(file.content);
+    }
+  } else {
+    writeTestFiles(allFiles, outDir);
+  }
+
+  return {
+    mode: 'unit',
+    sourcesAnalyzed: sources.length,
+    testsGenerated: allFiles.length,
+    files: allFiles.map((f) => f.name),
+    outDir,
+  };
+}
+
+/**
+ * Crawl a site and gather page data using Playwright
+ */
+async function crawlSite(url) {
+  let playwright;
+  try {
+    playwright = require('playwright');
+  } catch {
+    throw new Error(
+      'Playwright is required for E2E test generation. Install it: npm install playwright',
+    );
+  }
+
+  const browser = await playwright.chromium.launch({ headless: true });
+  const context = await browser.newContext();
+  const page = await context.newPage();
+
+  const pages = [];
+  const interactions = [];
+  const visited = new Set();
+  const baseUrl = new URL(url);
+  const toVisit = [url];
+
+  // Crawl up to 10 pages
+  while (toVisit.length > 0 && visited.size < 10) {
+    const currentUrl = toVisit.shift();
+    if (visited.has(currentUrl)) continue;
+    visited.add(currentUrl);
+
+    try {
+      await page.goto(currentUrl, { waitUntil: 'networkidle', timeout: 15000 });
+      await page.waitForTimeout(1000);
+
+      const title = await page.title();
+      const pageUrl = page.url();
+
+      // Gather interactive elements
+      /* eslint-disable no-undef */
+      const elements = await page.evaluate(() => {
+        const result = [];
+
+        // Buttons
+        document.querySelectorAll('button, [role="button"]').forEach((el) => {
+          result.push({
+            type: 'button',
+            text: el.textContent.trim().slice(0, 100),
+            selector: getSelector(el),
+          });
+        });
+
+        // Links
+        document.querySelectorAll('a[href]').forEach((el) => {
+          result.push({
+            type: 'link',
+            text: el.textContent.trim().slice(0, 100),
+            href: el.href,
+            selector: getSelector(el),
+          });
+        });
+
+        // Forms
+        document.querySelectorAll('form').forEach((form) => {
+          const inputs = [];
+          form.querySelectorAll('input, textarea, select').forEach((input) => {
+            inputs.push({
+              type: input.type || input.tagName.toLowerCase(),
+              name: input.name,
+              placeholder: input.placeholder,
+              required: input.required,
+              selector: getSelector(input),
+            });
+          });
+          result.push({
+            type: 'form',
+            action: form.action,
+            method: form.method,
+            inputs,
+            selector: getSelector(form),
+          });
+        });
+
+        // Navigation elements
+        document.querySelectorAll('nav a, [role="navigation"] a').forEach((el) => {
+          result.push({
+            type: 'nav-link',
+            text: el.textContent.trim().slice(0, 100),
+            href: el.href,
+            selector: getSelector(el),
+          });
+        });
+
+        function getSelector(el) {
+          if (el.id) return `#${el.id}`;
+          if (el.getAttribute('data-testid')) {
+            return `[data-testid="${el.getAttribute('data-testid')}"]`;
+          }
+          if (el.getAttribute('aria-label')) {
+            return `[aria-label="${el.getAttribute('aria-label')}"]`;
+          }
+          const text = el.textContent.trim().slice(0, 30);
+          if (text && el.tagName) {
+            return `${el.tagName.toLowerCase()}:has-text("${text}")`;
+          }
+          return null;
+        }
+
+        return result;
+      });
+      /* eslint-enable no-undef */
+
+      pages.push({ url: pageUrl, title, elementCount: elements.length });
+      interactions.push(...elements.map((e) => ({ ...e, page: pageUrl })));
+
+      // Find same-origin links to crawl
+      const links = elements
+        .filter((e) => e.type === 'link' || e.type === 'nav-link')
+        .filter((e) => {
+          try {
+            const linkUrl = new URL(e.href);
+            return linkUrl.origin === baseUrl.origin;
+          } catch {
+            return false;
+          }
+        })
+        .map((e) => e.href);
+
+      for (const link of links) {
+        if (!visited.has(link)) {
+          toVisit.push(link);
+        }
+      }
+    } catch {
+      // Skip pages that fail to load
+    }
+  }
+
+  await browser.close();
+
+  return { url, pages, interactions };
+}
+
+/**
+ * Read source file(s) for unit test generation
+ */
+function readSourceFiles(filePath, pattern) {
+  const sources = [];
+  const absPath = path.resolve(filePath);
+
+  if (fs.existsSync(absPath) && fs.statSync(absPath).isFile()) {
+    // Single file
+    sources.push({
+      relativePath: filePath,
+      content: fs.readFileSync(absPath, 'utf-8'),
+      ext: path.extname(filePath),
+    });
+  } else if (fs.existsSync(absPath) && fs.statSync(absPath).isDirectory()) {
+    // Directory - find source files
+    const exts = ['.js', '.ts', '.jsx', '.tsx', '.mjs'];
+    const skipDirs = ['node_modules', '.next', 'dist', '.git', '__tests__', 'test', 'tests'];
+
+    const walk = (dir) => {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory()) {
+          if (!skipDirs.includes(entry.name)) walk(fullPath);
+        } else if (entry.isFile()) {
+          const ext = path.extname(entry.name);
+          if (!exts.includes(ext)) continue;
+          // Skip test files
+          if (entry.name.includes('.test.') || entry.name.includes('.spec.')) continue;
+          // Apply pattern filter if specified
+          if (pattern && !entry.name.match(new RegExp(pattern.replace(/\*/g, '.*')))) continue;
+
+          const content = fs.readFileSync(fullPath, 'utf-8');
+          // Skip very large or very small files
+          if (content.length > 30000 || content.length < 50) continue;
+
+          sources.push({
+            relativePath: path.relative(process.cwd(), fullPath),
+            content,
+            ext,
+          });
+        }
+      }
+    };
+
+    walk(absPath);
+    // Cap at 10 files
+    sources.splice(10);
+  }
+
+  return sources;
+}
+
+/**
+ * Build prompt for E2E test generation
+ */
+function buildE2EPrompt(siteData, framework) {
+  const frameworkGuide = E2E_FRAMEWORKS[framework] || E2E_FRAMEWORKS.playwright;
+
+  return `You are a senior QA automation engineer. Generate comprehensive E2E tests for this website.
+
+## Site Information
+- URL: ${siteData.url}
+- Pages found: ${siteData.pages.length}
+
+## Pages
+${siteData.pages.map((p) => `- ${p.url} (${p.title}) - ${p.elementCount} elements`).join('\n')}
+
+## Interactive Elements
+${JSON.stringify(siteData.interactions.slice(0, 100), null, 2)}
+
+## Framework
+${frameworkGuide}
+
+## Instructions
+Generate test files that cover:
+1. Page navigation (all discovered pages load correctly)
+2. Interactive elements (buttons click, forms submit)
+3. Navigation flow (links work, nav elements route correctly)
+4. Form validation (required fields, error states)
+5. Responsive behavior (test at mobile and desktop viewports)
+
+Output format - return ONLY a JSON array of files:
+[
+  {
+    "name": "homepage.spec.ts",
+    "content": "// full test file content here"
+  }
+]
+
+Write real, runnable tests. Use descriptive test names. Add meaningful assertions.
+Do NOT generate placeholder or skeleton tests.
+Respond with ONLY the JSON array, no markdown code blocks.`;
+}
+
+/**
+ * Build prompt for unit test generation
+ */
+function buildUnitTestPrompt(source, framework) {
+  const frameworkGuide = UNIT_FRAMEWORKS[framework] || UNIT_FRAMEWORKS.jest;
+
+  return `You are a senior QA automation engineer. Generate comprehensive unit tests for this source file.
+
+## Source File: ${source.relativePath}
+\`\`\`${source.ext.replace('.', '')}
+${source.content}
+\`\`\`
+
+## Framework
+${frameworkGuide}
+
+## Instructions
+Generate thorough unit tests that cover:
+1. All exported functions/classes
+2. Happy path for each function
+3. Edge cases (null, undefined, empty, boundary values)
+4. Error cases (invalid input, thrown errors)
+5. Any async behavior (resolved/rejected promises)
+
+Output format - return ONLY a JSON array of files:
+[
+  {
+    "name": "${getTestFileName(source.relativePath, framework)}",
+    "content": "// full test file content here"
+  }
+]
+
+Write real, runnable tests with meaningful assertions.
+Mock external dependencies where appropriate.
+Do NOT generate placeholder or skeleton tests.
+Respond with ONLY the JSON array, no markdown code blocks.`;
+}
+
+/**
+ * Parse LLM response into file objects
+ */
+function parseGeneratedFiles(response) {
+  try {
+    let text = typeof response === 'string' ? response : response.raw || '';
+
+    // Remove markdown code blocks
+    if (text.startsWith('```')) {
+      text = text.replace(/```json?\n?/g, '').replace(/```\n?$/g, '');
+    }
+
+    const parsed = JSON.parse(text);
+    if (Array.isArray(parsed)) return parsed;
+    if (parsed.files) return parsed.files;
+    return [parsed];
+  } catch {
+    // If we can't parse JSON, treat entire response as a single test file
+    const text = typeof response === 'string' ? response : response.raw || '';
+    return [{ name: 'generated.spec.ts', content: text }];
+  }
+}
+
+/**
+ * Write test files to disk
+ */
+function writeTestFiles(files, outDir) {
+  const absOutDir = path.resolve(outDir);
+  if (!fs.existsSync(absOutDir)) {
+    fs.mkdirSync(absOutDir, { recursive: true });
+  }
+
+  for (const file of files) {
+    const filePath = path.join(absOutDir, file.name);
+    fs.writeFileSync(filePath, file.content);
+    console.log(`  Written: ${filePath}`);
+  }
+}
+
+/**
+ * Get test file name from source file path
+ */
+function getTestFileName(sourcePath, _framework) {
+  const ext = path.extname(sourcePath);
+  const base = path.basename(sourcePath, ext);
+  const testExt = ext === '.ts' || ext === '.tsx' ? '.test.ts' : '.test.js';
+  return `${base}${testExt}`;
+}
+
+const E2E_FRAMEWORKS = {
+  playwright: `Use @playwright/test:
+- import { test, expect } from '@playwright/test'
+- Use page.goto(), page.click(), page.fill(), page.locator()
+- Use expect(page).toHaveTitle(), expect(locator).toBeVisible()
+- Use test.describe() for grouping
+- Use page.setViewportSize() for responsive tests`,
+};
+
+const UNIT_FRAMEWORKS = {
+  jest: `Use Jest:
+- describe/it/expect syntax
+- jest.fn() for mocks
+- beforeEach/afterEach for setup
+- Use .toEqual, .toBe, .toThrow, .toBeNull etc.`,
+  vitest: `Use Vitest:
+- import { describe, it, expect, vi } from 'vitest'
+- vi.fn() for mocks
+- Same assertion API as Jest`,
+  playwright: `Use @playwright/test:
+- import { test, expect } from '@playwright/test'
+- Same assertion API but for component/integration tests`,
+};
+
+module.exports = {
+  generateTests,
+  generateE2ETests,
+  generateUnitTests,
+  crawlSite,
+  readSourceFiles,
+  buildE2EPrompt,
+  buildUnitTestPrompt,
+  parseGeneratedFiles,
+  writeTestFiles,
+};

package/src/index.js

@@ -3,6 +3,153 @@
 const fs = require('fs').promises;
 const { capturePage } = require('./capture');
 const { getProvider } = require('./providers');
+const { reviewPR, formatReviewMarkdown } = require('./review');
+const { generateTests } = require('./generate');
+
+// Route to the right command
+const command = process.argv[2];
+
+if (command === 'review') {
+  runReview().catch((err) => {
+    console.error('\nError:', err.message);
+    process.exit(1);
+  });
+} else if (command === 'generate') {
+  runGenerate().catch((err) => {
+    console.error('\nError:', err.message);
+    process.exit(1);
+  });
+} else {
+  main();
+}
+
+/**
+ * Run PR review command
+ * Usage: qai review [PR_NUMBER] [--base main] [--focus security] [--json]
+ */
+async function runReview() {
+  const args = process.argv.slice(3);
+  const options = {};
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--base' && args[i + 1]) {
+      options.base = args[++i];
+    } else if (args[i] === '--focus' && args[i + 1]) {
+      options.focus = args[++i];
+    } else if (args[i] === '--json') {
+      options.json = true;
+    } else if (/^\d+$/.test(args[i])) {
+      options.pr = parseInt(args[i], 10);
+    }
+  }
+
+  console.log('='.repeat(60));
+  console.log('qai review');
+  console.log('='.repeat(60));
+  if (options.pr) {
+    console.log(`PR: #${options.pr}`);
+  } else {
+    console.log(`Comparing: HEAD vs ${options.base || 'main'}`);
+  }
+  console.log(`Focus: ${options.focus || 'all'}`);
+  console.log('='.repeat(60));
+
+  const startTime = Date.now();
+  const report = await reviewPR(options);
+  const duration = ((Date.now() - startTime) / 1000).toFixed(1);
+
+  if (options.json) {
+    console.log(JSON.stringify(report, null, 2));
+  } else {
+    const markdown = formatReviewMarkdown(report);
+    await fs.writeFile('review-report.md', markdown);
+    console.log('\nSaved: review-report.md');
+
+    // Print summary
+    console.log('\n' + '='.repeat(60));
+    console.log('Review Summary');
+    console.log('='.repeat(60));
+    console.log(`Score: ${report.score !== null ? report.score + '/100' : 'N/A'}`);
+    console.log(`Issues: ${report.issues?.length || 0}`);
+    if (report.issues?.length > 0) {
+      const critical = report.issues.filter((i) => i.severity === 'critical').length;
+      const high = report.issues.filter((i) => i.severity === 'high').length;
+      const medium = report.issues.filter((i) => i.severity === 'medium').length;
+      const low = report.issues.filter((i) => i.severity === 'low').length;
+      if (critical) console.log(`  Critical: ${critical}`);
+      if (high) console.log(`  High: ${high}`);
+      if (medium) console.log(`  Medium: ${medium}`);
+      if (low) console.log(`  Low: ${low}`);
+    }
+    console.log(`Duration: ${duration}s`);
+    console.log('='.repeat(60));
+  }
+
+  // Exit with error if critical issues found
+  const criticals = report.issues?.filter((i) => i.severity === 'critical').length || 0;
+  if (criticals > 0) {
+    process.exit(1);
+  }
+}
+
+/**
+ * Run test generation command
+ * Usage: qai generate <url|file> [--out dir] [--framework playwright|jest|vitest] [--dry-run]
+ */
+async function runGenerate() {
+  const args = process.argv.slice(3);
+  const options = {};
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--out' && args[i + 1]) {
+      options.outDir = args[++i];
+    } else if (args[i] === '--framework' && args[i + 1]) {
+      options.framework = args[++i];
+    } else if (args[i] === '--pattern' && args[i + 1]) {
+      options.pattern = args[++i];
+    } else if (args[i] === '--dry-run') {
+      options.dryRun = true;
+    } else if (args[i] === '--json') {
+      options.json = true;
+    } else if (!args[i].startsWith('--')) {
+      options.target = args[i];
+    }
+  }
+
+  if (!options.target) {
+    console.error(
+      'Usage: qai generate <url|file> [--out dir] [--framework playwright|jest|vitest] [--dry-run]',
+    );
+    process.exit(1);
+  }
+
+  console.log('='.repeat(60));
+  console.log('qai generate');
+  console.log('='.repeat(60));
+  console.log(`Target: ${options.target}`);
+  console.log(`Framework: ${options.framework || 'auto'}`);
+  console.log(
+    `Output: ${options.dryRun ? 'stdout (dry run)' : options.outDir || './tests/generated'}`,
+  );
+  console.log('='.repeat(60));
+
+  const startTime = Date.now();
+  const result = await generateTests(options);
+  const duration = ((Date.now() - startTime) / 1000).toFixed(1);
+
+  if (options.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log('\n' + '='.repeat(60));
+    console.log('Generation Summary');
+    console.log('='.repeat(60));
+    console.log(`Mode: ${result.mode}`);
+    console.log(`Tests generated: ${result.testsGenerated}`);
+    console.log(`Files: ${result.files.join(', ')}`);
+    console.log(`Duration: ${duration}s`);
+    console.log('='.repeat(60));
+  }
+}
 
 async function main() {
   const startTime = Date.now();
@@ -200,5 +347,3 @@ function generateMarkdownReport(report) {
 
   return lines.join('\n');
 }
-
-main();

package/src/providers/anthropic.js

@@ -54,6 +54,41 @@ class AnthropicProvider extends BaseProvider {
 
     return this.parseResponse(responseText);
   }
+
+  async generateTests(prompt) {
+    const response = await this.client.messages.create({
+      model: this.model,
+      max_tokens: 8192,
+      messages: [{ role: 'user', content: prompt }],
+    });
+
+    return response.content
+      .filter((block) => block.type === 'text')
+      .map((block) => block.text)
+      .join('\n');
+  }
+
+  async reviewCode(diff, context, options = {}) {
+    const prompt = this.buildReviewPrompt(diff, context, options);
+
+    const response = await this.client.messages.create({
+      model: this.model,
+      max_tokens: 8192,
+      messages: [
+        {
+          role: 'user',
+          content: prompt,
+        },
+      ],
+    });
+
+    const responseText = response.content
+      .filter((block) => block.type === 'text')
+      .map((block) => block.text)
+      .join('\n');
+
+    return this.parseResponse(responseText);
+  }
 }
 
 module.exports = AnthropicProvider;

package/src/providers/base.js

@@ -18,6 +18,28 @@ class BaseProvider {
     throw new Error('analyze() must be implemented by subclass');
   }
 
+  /**
+   * Review code changes (PR diff + context)
+   * @param {string} diff - Unified diff
+   * @param {Object} context - Codebase context (files, deps, dependents)
+   * @param {Object} options - Review options
+   * @returns {Promise<Object>} Review report
+   */
+  // eslint-disable-next-line no-unused-vars
+  async reviewCode(diff, context, options = {}) {
+    throw new Error('reviewCode() must be implemented by subclass');
+  }
+
+  /**
+   * Generate tests from a prompt
+   * @param {string} prompt - The generation prompt
+   * @returns {Promise<string>} Raw LLM response (JSON array of files)
+   */
+  // eslint-disable-next-line no-unused-vars
+  async generateTests(prompt) {
+    throw new Error('generateTests() must be implemented by subclass');
+  }
+
   /**
    * Build the analysis prompt with focus-specific guidance
    */
@@ -55,6 +77,8 @@ ${
 ## Screenshots Provided
 ${captureData.screenshots.map((s) => `- ${s.viewport}: ${s.width}x${s.height}`).join('\n')}
 
+${ariaSection}${domSection}
+
 ## Focus Area: ${focus}
 ${focusGuidance}
 
@@ -103,8 +127,112 @@ Respond with ONLY the JSON, no markdown code blocks.`;
       };
     }
   }
+
+  /**
+   * Build the code review prompt
+   */
+  buildReviewPrompt(diff, context, options = {}) {
+    const { focus = 'all' } = options;
+
+    const focusGuidance = REVIEW_FOCUS[focus] || REVIEW_FOCUS.all;
+
+    // Build context section
+    let contextSection = '';
+    if (context.summary) {
+      contextSection += `\n## Change Summary\n${context.summary}\n`;
+    }
+
+    // Include dependency info
+    if (Object.keys(context.dependencies).length > 0) {
+      contextSection += '\n## Dependencies\n';
+      for (const [file, deps] of Object.entries(context.dependencies)) {
+        contextSection += `- \`${file}\` imports: ${deps.map((d) => `\`${d}\``).join(', ')}\n`;
+      }
+    }
+
+    if (Object.keys(context.dependents).length > 0) {
+      contextSection += '\n## Dependents (files affected by these changes)\n';
+      for (const [file, deps] of Object.entries(context.dependents)) {
+        contextSection += `- \`${file}\` is used by: ${deps
+          .slice(0, 5)
+          .map((d) => `\`${d}\``)
+          .join(', ')}${deps.length > 5 ? ` (+${deps.length - 5} more)` : ''}\n`;
+      }
+    }
+
+    if (Object.keys(context.tests).length > 0) {
+      contextSection += '\n## Related Tests\n';
+      for (const [file, test] of Object.entries(context.tests)) {
+        contextSection += `- \`${file}\` has test: \`${test}\`\n`;
+      }
+    }
+
+    // Include relevant file contents (trimmed)
+    let fileContents = '';
+    const contextFiles = Object.entries(context.files || {});
+    if (contextFiles.length > 0) {
+      fileContents = '\n## Full File Contents (for context)\n';
+      for (const [filePath, content] of contextFiles) {
+        fileContents += `\n### \`${filePath}\`\n\`\`\`\n${content}\n\`\`\`\n`;
+      }
+    }
+
+    return `You are a senior software engineer doing a thorough code review. You have deep expertise in finding real bugs, security issues, and breaking changes. You are NOT a linter. Skip style nits.
+
+## Focus: ${focus}
+${focusGuidance}
+
+${contextSection}
+${fileContents}
+
+## Diff to Review
+\`\`\`diff
+${diff}
+\`\`\`
+
+## Instructions
+- Focus on **real bugs**, security holes, breaking changes, edge cases, and logic errors
+- Reference specific files and line numbers
+- Skip style/formatting issues (that's what linters are for)
+- If code looks good, say so. Don't invent problems.
+- Be direct and specific. No filler.
+
+Respond with ONLY this JSON (no code blocks):
+{
+  "summary": "2-3 sentence overview of the changes and their quality",
+  "issues": [
+    {
+      "severity": "critical|high|medium|low",
+      "category": "bug|security|breaking-change|performance|error-handling|logic|race-condition|type-safety",
+      "title": "Short description",
+      "description": "What's wrong and why it matters",
+      "file": "path/to/file.js",
+      "line": 42,
+      "suggestion": "Code or explanation of how to fix"
+    }
+  ],
+  "score": 0-100,
+  "recommendations": ["General suggestions for improvement"]
+}`;
+  }
 }
 
+/**
+ * Review focus areas
+ */
+const REVIEW_FOCUS = {
+  all: 'Review for bugs, security issues, breaking changes, performance problems, error handling gaps, and logic errors.',
+  security:
+    'Focus on security vulnerabilities: injection, auth bypass, data exposure, SSRF, path traversal, ' +
+    'insecure crypto, missing input validation, secrets in code.',
+  performance:
+    'Focus on performance: N+1 queries, unnecessary re-renders, missing memoization, ' +
+    'blocking operations, memory leaks, large bundle impact.',
+  bugs:
+    'Focus on correctness: logic errors, off-by-one, null/undefined access, race conditions, ' +
+    'unhandled promise rejections, incorrect error handling.',
+};
+
 /**
  * Focus-specific prompt guidance
  */

package/src/providers/gemini.js

@@ -35,6 +35,23 @@ class GeminiProvider extends BaseProvider {
     const response = await result.response;
     const responseText = response.text();
 
+    return this.parseResponse(responseText);
+  }
+  async generateTests(prompt) {
+    const model = this.genAI.getGenerativeModel({ model: this.model });
+    const result = await model.generateContent([{ text: prompt }]);
+    const response = await result.response;
+    return response.text();
+  }
+
+  async reviewCode(diff, context, options = {}) {
+    const prompt = this.buildReviewPrompt(diff, context, options);
+    const model = this.genAI.getGenerativeModel({ model: this.model });
+
+    const result = await model.generateContent([{ text: prompt }]);
+    const response = await result.response;
+    const responseText = response.text();
+
     return this.parseResponse(responseText);
   }
 }

package/src/providers/ollama.js

@@ -41,6 +41,51 @@ class OllamaProvider extends BaseProvider {
       throw new Error(`Ollama request failed: ${response.status} ${response.statusText}`);
     }
 
+    const data = await response.json();
+    return this.parseResponse(data.response || '');
+  }
+  async generateTests(prompt) {
+    const response = await fetch(`${this.baseUrl}/api/generate`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        model: this.model,
+        prompt,
+        stream: false,
+        options: { temperature: 0.1 },
+      }),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Ollama request failed: ${response.status} ${response.statusText}`);
+    }
+
+    const data = await response.json();
+    return data.response || '';
+  }
+
+  async reviewCode(diff, context, options = {}) {
+    const prompt = this.buildReviewPrompt(diff, context, options);
+
+    const response = await fetch(`${this.baseUrl}/api/generate`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        model: this.model,
+        prompt,
+        stream: false,
+        options: {
+          temperature: 0.1,
+        },
+      }),
+    });
+
+    if (!response.ok) {
+      throw new Error(`Ollama request failed: ${response.status} ${response.statusText}`);
+    }
+
     const data = await response.json();
     return this.parseResponse(data.response || '');
   }

package/src/providers/openai.js

@@ -46,6 +46,33 @@ class OpenAIProvider extends BaseProvider {
       ],
     });
 
+    const responseText = response.choices[0]?.message?.content || '';
+    return this.parseResponse(responseText);
+  }
+  async generateTests(prompt) {
+    const response = await this.client.chat.completions.create({
+      model: this.model,
+      max_tokens: 8192,
+      messages: [{ role: 'user', content: prompt }],
+    });
+
+    return response.choices[0]?.message?.content || '';
+  }
+
+  async reviewCode(diff, context, options = {}) {
+    const prompt = this.buildReviewPrompt(diff, context, options);
+
+    const response = await this.client.chat.completions.create({
+      model: this.model,
+      max_tokens: 8192,
+      messages: [
+        {
+          role: 'user',
+          content: prompt,
+        },
+      ],
+    });
+
     const responseText = response.choices[0]?.message?.content || '';
     return this.parseResponse(responseText);
   }

package/src/review.js

@@ -0,0 +1,370 @@
+/**
+ * PR Code Review Engine
+ *
+ * Fetches PR diffs, gathers codebase context, and sends to LLM for deep review.
+ *
+ * Usage:
+ *   const { reviewPR } = require('./review');
+ *   const report = await reviewPR({ pr: 42, base: 'main' });
+ */
+
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const { getProvider } = require('./providers');
+
+/**
+ * Review a PR or branch diff
+ *
+ * @param {Object} options
+ * @param {number} [options.pr] - PR number to review
+ * @param {string} [options.base] - Base branch for diff (default: main)
+ * @param {string} [options.cwd] - Working directory (default: process.cwd())
+ * @param {string} [options.focus] - Focus area (security, performance, bugs, all)
+ * @param {boolean} [options.json] - Output JSON instead of markdown
+ * @returns {Promise<ReviewReport>}
+ */
+async function reviewPR(options = {}) {
+  const { pr, base = 'main', cwd = process.cwd(), focus = 'all' } = options;
+
+  // Step 1: Get the diff
+  console.log('[1/4] Fetching diff...');
+  const diff = getDiff({ pr, base, cwd });
+
+  if (!diff.trim()) {
+    return {
+      summary: 'No changes found.',
+      issues: [],
+      score: 100,
+      recommendations: [],
+    };
+  }
+
+  // Step 2: Parse changed files
+  console.log('[2/4] Analyzing changed files...');
+  const changedFiles = parseChangedFiles(diff);
+  console.log(`  ${changedFiles.length} files changed`);
+
+  // Step 3: Gather context for each changed file
+  console.log('[3/4] Gathering codebase context...');
+  const context = gatherContext(changedFiles, cwd);
+
+  // Step 4: Send to LLM for review
+  console.log('[4/4] Reviewing with AI...');
+  const provider = getProvider();
+  const report = await provider.reviewCode(diff, context, { focus });
+
+  return report;
+}
+
+/**
+ * Get diff from PR number or branch comparison
+ */
+function getDiff({ pr, base, cwd }) {
+  try {
+    if (pr) {
+      // Fetch PR diff via gh CLI
+      return execSync(`gh pr diff ${pr} --color=never`, {
+        cwd,
+        encoding: 'utf-8',
+        maxBuffer: 10 * 1024 * 1024,
+      });
+    } else {
+      // Diff current branch against base
+      return execSync(`git diff ${base}...HEAD`, {
+        cwd,
+        encoding: 'utf-8',
+        maxBuffer: 10 * 1024 * 1024,
+      });
+    }
+  } catch (error) {
+    throw new Error(`Failed to get diff: ${error.message}`);
+  }
+}
+
+/**
+ * Parse a unified diff into structured file changes
+ */
+function parseChangedFiles(diff) {
+  const files = [];
+  const fileDiffs = diff.split(/^diff --git /m).filter(Boolean);
+
+  for (const fileDiff of fileDiffs) {
+    const headerMatch = fileDiff.match(/a\/(.+?) b\/(.+)/);
+    if (!headerMatch) continue;
+
+    const filePath = headerMatch[2];
+    const isNew = fileDiff.includes('new file mode');
+    const isDeleted = fileDiff.includes('deleted file mode');
+
+    // Extract hunks
+    const hunks = [];
+    const hunkRegex = /^@@ -(\d+)(?:,\d+)? \+(\d+)(?:,\d+)? @@(.*)/gm;
+    let match;
+    while ((match = hunkRegex.exec(fileDiff)) !== null) {
+      hunks.push({
+        oldStart: parseInt(match[1], 10),
+        newStart: parseInt(match[2], 10),
+        header: match[3].trim(),
+      });
+    }
+
+    // Count additions and deletions
+    const lines = fileDiff.split('\n');
+    const additions = lines.filter((l) => l.startsWith('+') && !l.startsWith('+++')).length;
+    const deletions = lines.filter((l) => l.startsWith('-') && !l.startsWith('---')).length;
+
+    files.push({
+      path: filePath,
+      isNew,
+      isDeleted,
+      hunks,
+      additions,
+      deletions,
+      diff: fileDiff,
+    });
+  }
+
+  return files;
+}
+
+/**
+ * Gather relevant context for changed files
+ *
+ * For each changed file, we collect:
+ * - The full current file content (for understanding structure)
+ * - Import/require dependencies
+ * - Files that import/require the changed file
+ * - Related test files
+ */
+function gatherContext(changedFiles, cwd) {
+  const context = {
+    files: {},
+    dependencies: {},
+    dependents: {},
+    tests: {},
+    summary: '',
+  };
+
+  const MAX_CONTEXT_CHARS = 200000; // ~50K tokens
+  let totalChars = 0;
+
+  for (const file of changedFiles) {
+    if (file.isDeleted) continue;
+    if (totalChars > MAX_CONTEXT_CHARS) break;
+
+    const fullPath = path.join(cwd, file.path);
+
+    // Read full file content
+    try {
+      const content = fs.readFileSync(fullPath, 'utf-8');
+      // Skip huge files
+      if (content.length > 50000) {
+        context.files[file.path] =
+          `[File too large: ${content.length} chars, showing first 5000]\n${content.slice(0, 5000)}`;
+      } else {
+        context.files[file.path] = content;
+      }
+      totalChars += Math.min(content.length, 50000);
+    } catch {
+      // File might not exist locally (renamed, etc.)
+    }
+
+    // Find imports in this file
+    const deps = findImports(fullPath, cwd);
+    if (deps.length > 0) {
+      context.dependencies[file.path] = deps;
+    }
+
+    // Find files that depend on this file
+    const dependents = findDependents(file.path, cwd);
+    if (dependents.length > 0) {
+      context.dependents[file.path] = dependents;
+      // Include first few dependent file contents for context
+      for (const dep of dependents.slice(0, 3)) {
+        if (totalChars > MAX_CONTEXT_CHARS) break;
+        try {
+          const depPath = path.join(cwd, dep);
+          const depContent = fs.readFileSync(depPath, 'utf-8');
+          if (!context.files[dep] && depContent.length < 20000) {
+            context.files[dep] = depContent;
+            totalChars += depContent.length;
+          }
+        } catch {
+          // Skip unreadable files
+        }
+      }
+    }
+
+    // Find related test files
+    const testFile = findTestFile(file.path, cwd);
+    if (testFile) {
+      context.tests[file.path] = testFile;
+    }
+  }
+
+  // Build summary
+  const fileList = changedFiles.map((f) => {
+    const status = f.isNew ? '(new)' : f.isDeleted ? '(deleted)' : '';
+    return `  ${f.path} ${status} +${f.additions} -${f.deletions}`;
+  });
+  context.summary = `${changedFiles.length} files changed:\n${fileList.join('\n')}`;
+
+  return context;
+}
+
+/**
+ * Find imports/requires in a file
+ */
+function findImports(filePath, _cwd) {
+  try {
+    const content = fs.readFileSync(filePath, 'utf-8');
+    const imports = [];
+
+    // ES imports
+    const esImportRegex = /import\s+.*?\s+from\s+['"](.+?)['"]/g;
+    let match;
+    while ((match = esImportRegex.exec(content)) !== null) {
+      imports.push(match[1]);
+    }
+
+    // CommonJS requires
+    const cjsRegex = /require\(['"](.+?)['"]\)/g;
+    while ((match = cjsRegex.exec(content)) !== null) {
+      imports.push(match[1]);
+    }
+
+    // Filter to local imports only (starting with . or /)
+    return imports.filter((i) => i.startsWith('.') || i.startsWith('/'));
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Find files that import/require a given file
+ */
+function findDependents(filePath, cwd) {
+  const basename = path.basename(filePath, path.extname(filePath));
+
+  try {
+    // Use grep to find files that reference this module
+    const result = execSync(
+      'grep -rl --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" ' +
+        '--exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.git --exclude-dir=dist ' +
+        `"${basename}" . 2>/dev/null | head -20`,
+      { cwd, encoding: 'utf-8', timeout: 10000 },
+    );
+
+    return result
+      .trim()
+      .split('\n')
+      .filter(Boolean)
+      .map((f) => f.replace(/^\.\//, ''))
+      .filter((f) => f !== filePath); // Exclude self
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Find the test file for a given source file
+ */
+function findTestFile(filePath, cwd) {
+  const ext = path.extname(filePath);
+  const base = path.basename(filePath, ext);
+  const dir = path.dirname(filePath);
+
+  // Common test file patterns
+  const patterns = [
+    path.join(dir, `${base}.test${ext}`),
+    path.join(dir, `${base}.spec${ext}`),
+    path.join(dir, '__tests__', `${base}${ext}`),
+    path.join(dir, '__tests__', `${base}.test${ext}`),
+    path.join('test', `${base}.test${ext}`),
+    path.join('tests', `${base}.test${ext}`),
+    path.join('test', `${base}.spec${ext}`),
+    path.join('tests', `${base}.spec${ext}`),
+  ];
+
+  for (const pattern of patterns) {
+    const fullPath = path.join(cwd, pattern);
+    if (fs.existsSync(fullPath)) {
+      return pattern;
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Format review report as markdown
+ */
+function formatReviewMarkdown(report) {
+  const lines = [];
+
+  lines.push('# Code Review Report');
+  lines.push('');
+  lines.push(`**Score:** ${report.score}/100`);
+  lines.push('');
+  lines.push('## Summary');
+  lines.push('');
+  lines.push(report.summary || 'No summary provided.');
+  lines.push('');
+
+  if (report.issues && report.issues.length > 0) {
+    lines.push('## Issues');
+    lines.push('');
+
+    for (const issue of report.issues) {
+      const emoji =
+        { critical: '\u{1F534}', high: '\u{1F7E0}', medium: '\u{1F7E1}', low: '\u{1F7E2}' }[
+          issue.severity
+        ] || '\u26AA';
+
+      lines.push(`### ${emoji} ${issue.title}`);
+      lines.push('');
+      lines.push(
+        `**Severity:** ${issue.severity} | **File:** \`${issue.file || 'N/A'}\`${issue.line ? ` | **Line:** ${issue.line}` : ''}`,
+      );
+      lines.push('');
+      lines.push(issue.description);
+      lines.push('');
+      if (issue.suggestion) {
+        lines.push('**Suggestion:**');
+        lines.push(issue.suggestion);
+        lines.push('');
+      }
+    }
+  } else {
+    lines.push('## Issues');
+    lines.push('');
+    lines.push('No issues found. Code looks good!');
+    lines.push('');
+  }
+
+  if (report.recommendations && report.recommendations.length > 0) {
+    lines.push('## Recommendations');
+    lines.push('');
+    for (const rec of report.recommendations) {
+      lines.push(`- ${rec}`);
+    }
+    lines.push('');
+  }
+
+  lines.push('---');
+  lines.push('*Generated by [qai](https://github.com/tyler-james-bridges/qaie)*');
+
+  return lines.join('\n');
+}
+
+module.exports = {
+  reviewPR,
+  getDiff,
+  parseChangedFiles,
+  gatherContext,
+  findImports,
+  findDependents,
+  findTestFile,
+  formatReviewMarkdown,
+};