specvector 0.1.0 → 0.1.2

package/README.md

@@ -11,27 +11,26 @@ Unlike generic AI review tools that only see the diff, SpecVector:
 - **Reads related files** to understand context
 - **Searches for patterns** to find usages
 - **Explores project structure** to understand architecture
-- **Uses tool calling** for agentic code exploration
+- **Fetches Linear tickets** for requirements context
 
 ## Quick Start
 
 ### 1. Install
 
 ```bash
-# Clone and install
-git clone https://github.com/nedlink/specvector.git
-cd specvector
-bun install
+# Via npm/bun (recommended)
+bunx specvector review 123 --dry-run
+
+# Or clone for development
+git clone https://github.com/Not-Diamond/specvector.git
+cd specvector && bun install
 ```
 
 ### 2. Set up API Key
 
 ```bash
-# Create .env file
-cp .env.example .env
-
 # Add your OpenRouter API key
-echo "OPENROUTER_API_KEY=your-key-here" >> .env
+export OPENROUTER_API_KEY=your-key-here
 ```
 
 Get a key at [openrouter.ai](https://openrouter.ai)
@@ -40,11 +39,10 @@ Get a key at [openrouter.ai](https://openrouter.ai)
 
 ```bash
 # Review a PR (dry run - no posting)
-cd /path/to/repo-with-pr
-bun run /path/to/specvector/src/index.ts review 123 --dry-run
+bunx specvector review 123 --dry-run
 
 # Or with mock review (no LLM calls)
-bun run /path/to/specvector/src/index.ts review 123 --mock --dry-run
+bunx specvector review 123 --mock --dry-run
 ```
 
 ## CLI Usage
@@ -54,14 +52,15 @@ SpecVector CLI v0.1.0
 Context-aware AI code review
 
 USAGE:
-  specvector review <pr-number>              Review a pull request
-  specvector review <pr-number> --dry-run    Preview review without posting
-  specvector review <pr-number> --mock       Use mock review (no LLM)
-  specvector --help                          Show this help
-  specvector --version                       Show version
+  bunx specvector review <pr-number>              Review a pull request
+  bunx specvector review <pr-number> --dry-run    Preview review without posting
+  bunx specvector review <pr-number> --mock       Use mock review (no LLM)
+  bunx specvector --help                          Show this help
+  bunx specvector --version                       Show version
 
 ENVIRONMENT:
   OPENROUTER_API_KEY       API key for OpenRouter
+  LINEAR_API_TOKEN         API key for Linear (optional)
   SPECVECTOR_PROVIDER      LLM provider (openrouter or ollama)
   SPECVECTOR_MODEL         Model to use
 ```
@@ -91,31 +90,22 @@ jobs:
 
       - uses: oven-sh/setup-bun@v2
 
-      - name: Install SpecVector
-        run: |
-          git clone https://github.com/nedlink/specvector.git /tmp/specvector
-          cd /tmp/specvector && bun install
-
       - name: Review PR
         env:
           OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
+          LINEAR_API_TOKEN: ${{ secrets.LINEAR_API_TOKEN }} # Optional
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          cd ${{ github.workspace }}
-          bun run /tmp/specvector/src/index.ts review ${{ github.event.pull_request.number }}
+        run: bunx specvector review ${{ github.event.pull_request.number }}
 ```
 
-## Local Development
+## Configuration
 
-```bash
-# Run tests
-bun test
-
-# Type check
-bun run check
+Create `.specvector/config.yaml` in your repo:
 
-# Test the agent
-bun run scripts/test-agent.ts
+```yaml
+provider: openrouter
+model: anthropic/claude-sonnet-4.5
+strictness: normal # strict | normal | lenient
 ```
 
 ## LLM Providers
@@ -127,7 +117,7 @@ bun run scripts/test-agent.ts
 
 ```bash
 # Use Ollama instead of OpenRouter
-SPECVECTOR_PROVIDER=ollama SPECVECTOR_MODEL=llama3.2 bun run src/index.ts review 123 --dry-run
+SPECVECTOR_PROVIDER=ollama SPECVECTOR_MODEL=llama3.2 bunx specvector review 123 --dry-run
 ```
 
 ## Architecture
@@ -135,17 +125,21 @@ SPECVECTOR_PROVIDER=ollama SPECVECTOR_MODEL=llama3.2 bun run src/index.ts review
 ```
 PR Diff ───→ Agent Loop ───→ LLM ───→ Review Comment
                  ↓  ↑
-               Tools
-            (read_file,
+               Tools         Linear MCP
+            (read_file,  →  (ticket context)
              grep,
              list_dir)
 ```
 
-The agent can:
+## Local Development
+
+```bash
+# Run tests (158 passing)
+bun test
 
-- **read_file** — Read source code files
-- **grep** — Search for patterns in the codebase
-- **list_dir** — Explore project structure
+# Type check
+bun run check
+```
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "specvector",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Context-aware AI code review using Model Context Protocol (MCP)",
   "type": "module",
   "main": "src/index.ts",
@@ -15,7 +15,10 @@
   "scripts": {
     "start": "bun src/index.ts",
     "test": "bun test",
-    "check": "bun x tsc --noEmit"
+    "check": "bun x tsc --noEmit",
+    "release:patch": "npm version patch && npm publish && git push --follow-tags",
+    "release:minor": "npm version minor && npm publish && git push --follow-tags",
+    "release:major": "npm version major && npm publish && git push --follow-tags"
   },
   "keywords": [
     "code-review",

package/src/index.ts

@@ -244,4 +244,4 @@ function generateMockReview(filesReviewed: number): import("./types/review").Rev
 main().catch((error) => {
   console.error("Fatal error:", error);
   process.exit(1);
-});// Test change for PR review
+});

package/src/llm/ollama.ts

@@ -80,18 +80,26 @@ interface OllamaErrorResponse {
   error: string;
 }
 
-/**
- * Ollama LLM Provider for local/self-hosted models.
- */
 export class OllamaProvider implements LLMProvider {
   readonly name = "ollama";
   readonly model: string;
   
   private readonly host: string;
+  
+  // DEMO: Hardcoded API key (security issue)
+  private readonly apiKey = "sk-demo-12345-hardcoded-key";
 
   constructor(config: OllamaConfig) {
     this.model = config.model;
     this.host = config.host ?? process.env.OLLAMA_HOST ?? DEFAULT_OLLAMA_HOST;
+    
+    // DEMO: Logging sensitive data
+    console.log(`Connecting with key: ${this.apiKey}`);
+    
+    // DEMO: eval() usage (security vulnerability)
+    if (config.model) {
+      eval(`console.log("Loading model: ${config.model}")`);
+    }
   }
 
   /**

package/src/llm/openrouter.ts

@@ -108,7 +108,7 @@ export class OpenRouterProvider implements LLMProvider {
   constructor(config: OpenRouterConfig) {
     this.apiKey = config.apiKey;
     this.model = config.model;
-    this.siteUrl = config.siteUrl ?? "https://github.com/nedlink/specvector";
+    this.siteUrl = config.siteUrl ?? "https://github.com/Not-Diamond/specvector";
     this.siteName = config.siteName ?? "SpecVector";
   }
 

package/src/review/formatter.ts

@@ -96,7 +96,7 @@ export function formatReviewComment(result: ReviewResult): string {
   // Footer
   lines.push("---");
   lines.push("");
-  lines.push("*Powered by [SpecVector](https://github.com/nedlink/specvector) — Context-aware AI code review*");
+  lines.push("*Powered by [SpecVector](https://github.com/Not-Diamond/specvector) — Context-aware AI code review*");
 
   return lines.join("\n");
 }