npm - tlc-claude-code - Versions diffs - 1.6.4 → 1.8.0 - Mend

tlc-claude-code 1.6.4 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (105) hide show

package/dashboard/dist/components/ContainerSecurityPane.d.ts +45 -0
package/dashboard/dist/components/ContainerSecurityPane.js +44 -0
package/dashboard/dist/components/ContainerSecurityPane.test.d.ts +1 -0
package/dashboard/dist/components/ContainerSecurityPane.test.js +153 -0
package/package.json +1 -1
package/server/lib/access-control.test.js +1 -1
package/server/lib/agents-cancel-command.test.js +1 -1
package/server/lib/agents-get-command.test.js +1 -1
package/server/lib/agents-list-command.test.js +1 -1
package/server/lib/agents-logs-command.test.js +1 -1
package/server/lib/agents-retry-command.test.js +1 -1
package/server/lib/budget-limits.test.js +2 -2
package/server/lib/code-gate/bypass-logger.js +129 -0
package/server/lib/code-gate/bypass-logger.test.js +142 -0
package/server/lib/code-gate/first-commit-audit.js +138 -0
package/server/lib/code-gate/first-commit-audit.test.js +203 -0
package/server/lib/code-gate/gate-command.js +114 -0
package/server/lib/code-gate/gate-command.test.js +111 -0
package/server/lib/code-gate/gate-config.js +163 -0
package/server/lib/code-gate/gate-config.test.js +181 -0
package/server/lib/code-gate/gate-engine.js +193 -0
package/server/lib/code-gate/gate-engine.test.js +258 -0
package/server/lib/code-gate/gate-reporter.js +123 -0
package/server/lib/code-gate/gate-reporter.test.js +159 -0
package/server/lib/code-gate/hooks-generator.js +149 -0
package/server/lib/code-gate/hooks-generator.test.js +142 -0
package/server/lib/code-gate/llm-reviewer.js +176 -0
package/server/lib/code-gate/llm-reviewer.test.js +161 -0
package/server/lib/code-gate/multi-model-reviewer.js +172 -0
package/server/lib/code-gate/multi-model-reviewer.test.js +217 -0
package/server/lib/code-gate/push-gate.js +133 -0
package/server/lib/code-gate/push-gate.test.js +190 -0
package/server/lib/code-gate/rules/architecture-rules.js +228 -0
package/server/lib/code-gate/rules/architecture-rules.test.js +155 -0
package/server/lib/code-gate/rules/client-rules.js +120 -0
package/server/lib/code-gate/rules/client-rules.test.js +121 -0
package/server/lib/code-gate/rules/config-rules.js +140 -0
package/server/lib/code-gate/rules/config-rules.test.js +103 -0
package/server/lib/code-gate/rules/database-rules.js +158 -0
package/server/lib/code-gate/rules/database-rules.test.js +119 -0
package/server/lib/code-gate/rules/docker-rules.js +201 -0
package/server/lib/code-gate/rules/docker-rules.test.js +104 -0
package/server/lib/code-gate/rules/quality-rules.js +304 -0
package/server/lib/code-gate/rules/quality-rules.test.js +199 -0
package/server/lib/code-gate/rules/security-rules.js +228 -0
package/server/lib/code-gate/rules/security-rules.test.js +131 -0
package/server/lib/code-gate/rules/structure-rules.js +155 -0
package/server/lib/code-gate/rules/structure-rules.test.js +107 -0
package/server/lib/code-gate/rules/test-rules.js +93 -0
package/server/lib/code-gate/rules/test-rules.test.js +97 -0
package/server/lib/code-gate/typescript-gate.js +128 -0
package/server/lib/code-gate/typescript-gate.test.js +131 -0
package/server/lib/code-generator.test.js +1 -1
package/server/lib/cost-command.test.js +1 -1
package/server/lib/cost-optimizer.test.js +1 -1
package/server/lib/cost-projections.test.js +1 -1
package/server/lib/cost-reports.test.js +1 -1
package/server/lib/cost-tracker.test.js +1 -1
package/server/lib/crypto-patterns.test.js +1 -1
package/server/lib/design-command.test.js +1 -1
package/server/lib/design-parser.test.js +1 -1
package/server/lib/gemini-vision.test.js +1 -1
package/server/lib/infra/infra-generator.js +331 -0
package/server/lib/infra/infra-generator.test.js +146 -0
package/server/lib/input-validator.test.js +1 -1
package/server/lib/litellm-client.test.js +1 -1
package/server/lib/litellm-command.test.js +1 -1
package/server/lib/litellm-config.test.js +1 -1
package/server/lib/llm/adapters/api-adapter.js +95 -0
package/server/lib/llm/adapters/api-adapter.test.js +81 -0
package/server/lib/llm/adapters/codex-adapter.js +85 -0
package/server/lib/llm/adapters/codex-adapter.test.js +54 -0
package/server/lib/llm/adapters/gemini-adapter.js +100 -0
package/server/lib/llm/adapters/gemini-adapter.test.js +54 -0
package/server/lib/llm/index.js +109 -0
package/server/lib/llm/index.test.js +147 -0
package/server/lib/llm/provider-executor.js +168 -0
package/server/lib/llm/provider-executor.test.js +244 -0
package/server/lib/llm/provider-registry.js +104 -0
package/server/lib/llm/provider-registry.test.js +157 -0
package/server/lib/llm/review-service.js +222 -0
package/server/lib/llm/review-service.test.js +220 -0
package/server/lib/model-pricing.test.js +1 -1
package/server/lib/models-command.test.js +1 -1
package/server/lib/optimize-command.test.js +1 -1
package/server/lib/orchestration-integration.test.js +1 -1
package/server/lib/output-encoder.test.js +1 -1
package/server/lib/quality-evaluator.test.js +1 -1
package/server/lib/quality-gate-command.test.js +1 -1
package/server/lib/quality-gate-scorer.test.js +1 -1
package/server/lib/quality-history.test.js +1 -1
package/server/lib/quality-presets.test.js +1 -1
package/server/lib/quality-retry.test.js +1 -1
package/server/lib/quality-thresholds.test.js +1 -1
package/server/lib/secure-auth.test.js +1 -1
package/server/lib/secure-code-command.test.js +1 -1
package/server/lib/secure-errors.test.js +1 -1
package/server/lib/security/auth-security.test.js +4 -3
package/server/lib/shame/shame-registry.js +224 -0
package/server/lib/shame/shame-registry.test.js +202 -0
package/server/lib/standards/cleanup-dry-run.js +254 -0
package/server/lib/standards/cleanup-dry-run.test.js +220 -0
package/server/lib/vision-command.test.js +1 -1
package/server/lib/visual-command.test.js +1 -1
package/server/lib/visual-testing.test.js +1 -1

package/server/lib/llm/index.js ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * LLM Service - Unified API
+ *
+ * createLLMService(config) → { review(diff), execute(prompt), health() }
+ *
+ * @module llm
+ */
+const { createExecutor } = require('./provider-executor.js');
+const { createRegistry } = require('./provider-registry.js');
+const { createReviewService } = require('./review-service.js');
+/**
+ * Create the unified LLM service
+ * @param {Object} config - Service configuration
+ * @param {Object} config.providers - Provider configs { name: { type, command, capabilities } }
+ * @param {boolean} config.multiModel - Enable multi-model review
+ * @param {number} config.timeout - Default timeout
+ * @param {Object} deps - Injectable dependencies
+ * @param {Function} deps.healthCheck - Health check function
+ * @param {Function} deps.spawn - Process spawn function
+ * @param {Function} deps.fetch - HTTP fetch function
+ * @returns {Object} Service with review, execute, health methods
+ */
+function createLLMService(config = {}, deps = {}) {
+  const { providers = {}, multiModel = false, timeout } = config;
+  // Build health check from deps
+  const healthCheck = deps.healthCheck || (() => Promise.resolve({ available: false }));
+  // Create registry and load providers
+  const registry = createRegistry({ healthCheck, cacheTTL: config.cacheTTL });
+  registry.loadFromConfig({ providers });
+  // Create executor with real spawn/fetch
+  const executor = createExecutor({
+    spawn: deps.spawn,
+    fetch: deps.fetch,
+  });
+  // Create review service
+  const reviewService = createReviewService({
+    registry,
+    executor,
+    multiModel,
+    timeout,
+    standards: config.standards || '',
+  });
+  return {
+    /**
+     * Review a diff using configured providers
+     * @param {string} diff - Git diff content
+     * @param {Object} options - Review options
+     * @returns {Promise<Object>} { findings, summary, provider, latency }
+     */
+    review: (diff, options) => reviewService.review(diff, options),
+    /**
+     * Execute a generic prompt against best available provider
+     * @param {string} prompt - Prompt text
+     * @param {Object} options - Execution options
+     * @returns {Promise<Object>} { response, model, latency }
+     */
+    execute: async (prompt, options = {}) => {
+      const capability = options.capability || 'code-gen';
+      const provider = await registry.getBestProvider(capability);
+      if (!provider) {
+        // Fall back to first available provider
+        const allProviders = registry.list();
+        if (allProviders.length === 0) {
+          return { response: '', error: 'No providers configured' };
+        }
+        try {
+          return await executor.execute(prompt, { ...allProviders[0], timeout });
+        } catch (err) {
+          return { response: '', error: err.message };
+        }
+      }
+      try {
+        return await executor.execute(prompt, { ...provider, timeout });
+      } catch (err) {
+        return { response: '', error: err.message };
+      }
+    },
+    /**
+     * Get health status of all providers
+     * @returns {Promise<Object>} { providers: { name: status } }
+     */
+    health: async () => {
+      const allProviders = registry.list();
+      const statuses = {};
+      for (const provider of allProviders) {
+        statuses[provider.name] = await registry.checkHealth(provider.name);
+      }
+      return { providers: statuses };
+    },
+  };
+}
+module.exports = {
+  createLLMService,
+};

package/server/lib/llm/index.test.js ADDED Viewed

@@ -0,0 +1,147 @@
+/**
+ * LLM Service Integration Tests
+ *
+ * Unified API: createLLMService(config) → { review, execute, health }
+ */
+import { describe, it, expect, vi } from 'vitest';
+const {
+  createLLMService,
+} = require('./index.js');
+describe('LLM Service', () => {
+  const mockDeps = {
+    healthCheck: vi.fn().mockResolvedValue({ available: true }),
+    spawn: vi.fn().mockReturnValue({
+      stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('{"findings": [], "summary": "Clean"}')); }) },
+      stderr: { on: vi.fn() },
+      stdin: { write: vi.fn(), end: vi.fn() },
+      on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+    }),
+  };
+  describe('createLLMService', () => {
+    it('creates service with config', () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+        },
+      }, mockDeps);
+      expect(service).toBeDefined();
+      expect(service.review).toBeDefined();
+      expect(service.execute).toBeDefined();
+      expect(service.health).toBeDefined();
+    });
+    it('creates service with zero config (auto-detect)', () => {
+      const service = createLLMService({}, mockDeps);
+      expect(service).toBeDefined();
+    });
+    it('review() returns structured findings', async () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+        },
+      }, mockDeps);
+      const result = await service.review('diff content');
+      expect(result).toMatchObject({
+        findings: expect.any(Array),
+        summary: expect.any(String),
+      });
+    });
+    it('execute() returns raw response', async () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['code-gen'] },
+        },
+      }, mockDeps);
+      const result = await service.execute('Write a function');
+      expect(result).toMatchObject({
+        response: expect.any(String),
+      });
+    });
+    it('health() returns provider statuses', async () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+        },
+      }, mockDeps);
+      const status = await service.health();
+      expect(status.providers).toBeDefined();
+    });
+    it('falls back through providers on failure', async () => {
+      const failThenSucceed = vi.fn()
+        .mockReturnValueOnce({
+          stdout: { on: vi.fn() },
+          stderr: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('err')); }) },
+          stdin: { write: vi.fn(), end: vi.fn() },
+          on: vi.fn((ev, cb) => { if (ev === 'close') cb(1); }),
+        })
+        .mockReturnValueOnce({
+          stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('{"findings": [], "summary": "OK"}')); }) },
+          stderr: { on: vi.fn() },
+          stdin: { write: vi.fn(), end: vi.fn() },
+          on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+        });
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+          gemini: { type: 'cli', command: 'gemini', capabilities: ['review'] },
+        },
+      }, { ...mockDeps, spawn: failThenSucceed });
+      const result = await service.review('diff');
+      expect(result.findings).toBeDefined();
+    });
+    it('respects multi-model config', () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+          gemini: { type: 'cli', command: 'gemini', capabilities: ['review'] },
+        },
+        multiModel: true,
+      }, mockDeps);
+      expect(service).toBeDefined();
+    });
+    it('works with single provider', () => {
+      const service = createLLMService({
+        providers: {
+          codex: { type: 'cli', command: 'codex', capabilities: ['review'] },
+        },
+      }, mockDeps);
+      expect(service).toBeDefined();
+    });
+    it('exports clean public API', () => {
+      const service = createLLMService({}, mockDeps);
+      const keys = Object.keys(service);
+      expect(keys).toContain('review');
+      expect(keys).toContain('execute');
+      expect(keys).toContain('health');
+    });
+    it('config validation catches bad provider references', () => {
+      // Should not throw, just log warning or skip bad providers
+      const service = createLLMService({
+        providers: {
+          invalid: { type: 'unknown', capabilities: ['review'] },
+        },
+      }, mockDeps);
+      expect(service).toBeDefined();
+    });
+  });
+});

package/server/lib/llm/provider-executor.js ADDED Viewed

@@ -0,0 +1,168 @@
+/**
+ * Provider Executor
+ *
+ * Actually execute LLM requests through any provider.
+ * The bridge between "provider detected" and "review completed."
+ * Supports CLI (spawn) and API (HTTP) providers.
+ *
+ * @module llm/provider-executor
+ */
+/** Strip ANSI escape codes from output */
+function stripAnsi(str) {
+  return str.replace(/\x1b\[[0-9;]*[a-zA-Z]/g, '');
+}
+/**
+ * Execute a CLI provider by spawning the process
+ * @param {string} prompt - The prompt to send
+ * @param {Object} options - Execution options
+ * @param {string} options.command - CLI command to run
+ * @param {string[]} options.args - CLI arguments
+ * @param {Function} options.spawn - Spawn function (injectable)
+ * @param {number} options.timeout - Timeout in ms
+ * @returns {Promise<{response: string}>}
+ */
+function executeCliProvider(prompt, options = {}) {
+  const { command, args = [], spawn, timeout } = options;
+  return new Promise((resolve, reject) => {
+    const proc = spawn(command, args);
+    let stdout = '';
+    let stderr = '';
+    let settled = false;
+    let timer;
+    proc.stdout.on('data', (data) => {
+      stdout += data.toString();
+    });
+    proc.stderr.on('data', (data) => {
+      stderr += data.toString();
+    });
+    proc.on('close', (code) => {
+      if (settled) return;
+      settled = true;
+      if (timer) clearTimeout(timer);
+      if (code !== 0) {
+        reject(new Error('Provider exited with exit code ' + code + ': ' + stderr));
+        return;
+      }
+      resolve({ response: stripAnsi(stdout) });
+    });
+    // Write prompt to stdin
+    proc.stdin.write(prompt);
+    proc.stdin.end();
+    // Timeout handling
+    if (timeout) {
+      timer = setTimeout(() => {
+        if (settled) return;
+        settled = true;
+        if (proc.kill) proc.kill();
+        reject(new Error('CLI provider timeout after ' + timeout + 'ms'));
+      }, timeout);
+    }
+  });
+}
+/**
+ * Execute an API provider via HTTP POST
+ * @param {string} prompt - The prompt to send
+ * @param {Object} options - Execution options
+ * @param {string} options.url - API endpoint URL
+ * @param {string} options.model - Model name
+ * @param {string} options.apiKey - API key
+ * @param {Function} options.fetch - Fetch function (injectable)
+ * @param {number} options.timeout - Timeout in ms
+ * @returns {Promise<{response: string, model: string, tokens: number}>}
+ */
+async function executeApiProvider(prompt, options = {}) {
+  const { url, model, apiKey, timeout } = options;
+  const fetchFn = options.fetch || globalThis.fetch;
+  const body = {
+    model,
+    messages: [{ role: 'user', content: prompt }],
+  };
+  const headers = { 'Content-Type': 'application/json' };
+  if (apiKey) {
+    headers['Authorization'] = 'Bearer ' + apiKey;
+  }
+  let fetchPromise = fetchFn(url, {
+    method: 'POST',
+    headers,
+    body: JSON.stringify(body),
+  });
+  if (timeout) {
+    fetchPromise = Promise.race([
+      fetchPromise,
+      new Promise((_, reject) =>
+        setTimeout(() => reject(new Error('API provider timeout after ' + timeout + 'ms')), timeout)
+      ),
+    ]);
+  }
+  const resp = await fetchPromise;
+  if (!resp.ok) {
+    throw new Error('API returned status ' + resp.status);
+  }
+  const data = await resp.json();
+  const content = data.choices?.[0]?.message?.content || '';
+  return {
+    response: content,
+    model: data.model || model,
+    tokens: data.usage?.total_tokens || 0,
+  };
+}
+/**
+ * Create a unified executor with injectable dependencies
+ * @param {Object} deps - Dependencies
+ * @param {Function} deps.spawn - Spawn function
+ * @param {Function} deps.fetch - Fetch function
+ * @returns {Object} Executor with execute method
+ */
+function createExecutor(deps = {}) {
+  return {
+    execute: async (prompt, provider) => {
+      const start = Date.now();
+      let result;
+      if (provider.type === 'api') {
+        result = await executeApiProvider(prompt, {
+          ...provider,
+          fetch: deps.fetch,
+        });
+      } else {
+        result = await executeCliProvider(prompt, {
+          ...provider,
+          spawn: deps.spawn,
+        });
+      }
+      return {
+        response: result.response,
+        model: provider.model || provider.command || 'unknown',
+        latency: Date.now() - start,
+        tokens: result.tokens || 0,
+      };
+    },
+  };
+}
+module.exports = {
+  executeCliProvider,
+  executeApiProvider,
+  createExecutor,
+};

package/server/lib/llm/provider-executor.test.js ADDED Viewed

@@ -0,0 +1,244 @@
+/**
+ * Provider Executor Tests
+ *
+ * Actually execute LLM requests through any provider.
+ * The bridge between "provider detected" and "review completed."
+ */
+import { describe, it, expect, vi } from 'vitest';
+const {
+  executeCliProvider,
+  executeApiProvider,
+  createExecutor,
+} = require('./provider-executor.js');
+describe('Provider Executor', () => {
+  describe('executeCliProvider', () => {
+    it('executes CLI provider via spawn', async () => {
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('review result')); }) },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      const result = await executeCliProvider('Review this code', {
+        command: 'codex',
+        args: [],
+        spawn: mockSpawn,
+      });
+      expect(mockSpawn).toHaveBeenCalled();
+      expect(result.response).toContain('review result');
+    });
+    it('passes prompt as stdin to CLI', async () => {
+      let writtenData = '';
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('ok')); }) },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn((d) => { writtenData = d; }), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      await executeCliProvider('my prompt text', {
+        command: 'codex',
+        args: [],
+        spawn: mockSpawn,
+      });
+      expect(writtenData).toContain('my prompt text');
+    });
+    it('captures stdout as response', async () => {
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn((ev, cb) => {
+          if (ev === 'data') {
+            cb(Buffer.from('chunk1'));
+            cb(Buffer.from('chunk2'));
+          }
+        }) },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      const result = await executeCliProvider('prompt', {
+        command: 'codex',
+        args: [],
+        spawn: mockSpawn,
+      });
+      expect(result.response).toBe('chunk1chunk2');
+    });
+    it('handles CLI timeout (kills process)', async () => {
+      const killFn = vi.fn();
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn() },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn(), // never calls close
+        kill: killFn,
+      });
+      await expect(
+        executeCliProvider('prompt', {
+          command: 'codex',
+          args: [],
+          spawn: mockSpawn,
+          timeout: 50,
+        })
+      ).rejects.toThrow(/timeout/i);
+    });
+    it('handles provider exit code != 0', async () => {
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn() },
+        stderr: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('error occurred')); }) },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(1); }),
+      });
+      await expect(
+        executeCliProvider('prompt', {
+          command: 'codex',
+          args: [],
+          spawn: mockSpawn,
+        })
+      ).rejects.toThrow(/exit code 1/i);
+    });
+    it('handles empty response', async () => {
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn() },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      const result = await executeCliProvider('prompt', {
+        command: 'codex',
+        args: [],
+        spawn: mockSpawn,
+      });
+      expect(result.response).toBe('');
+    });
+    it('respects provider-specific args from config', async () => {
+      let spawnedArgs = [];
+      const mockSpawn = vi.fn().mockImplementation((cmd, args) => {
+        spawnedArgs = args;
+        return {
+          stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('ok')); }) },
+          stderr: { on: vi.fn() },
+          stdin: { write: vi.fn(), end: vi.fn() },
+          on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+        };
+      });
+      await executeCliProvider('prompt', {
+        command: 'codex',
+        args: ['--model', 'gpt-4o', '--quiet'],
+        spawn: mockSpawn,
+      });
+      expect(spawnedArgs).toContain('--model');
+      expect(spawnedArgs).toContain('gpt-4o');
+    });
+    it('strips ANSI codes from CLI output', async () => {
+      const ansiOutput = '\x1b[31mred text\x1b[0m normal';
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from(ansiOutput)); }) },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      const result = await executeCliProvider('prompt', {
+        command: 'codex',
+        args: [],
+        spawn: mockSpawn,
+      });
+      expect(result.response).not.toContain('\x1b[');
+      expect(result.response).toContain('red text');
+    });
+  });
+  describe('executeApiProvider', () => {
+    it('executes API provider via HTTP POST', async () => {
+      const mockFetch = vi.fn().mockResolvedValue({
+        ok: true,
+        json: () => Promise.resolve({
+          choices: [{ message: { content: 'review response' } }],
+        }),
+      });
+      const result = await executeApiProvider('prompt', {
+        url: 'http://localhost:4000/v1/chat/completions',
+        model: 'gpt-4o',
+        apiKey: 'test-key',
+        fetch: mockFetch,
+      });
+      expect(result.response).toBe('review response');
+      expect(mockFetch).toHaveBeenCalledWith(
+        expect.any(String),
+        expect.objectContaining({ method: 'POST' })
+      );
+    });
+    it('handles API timeout', async () => {
+      const mockFetch = vi.fn().mockImplementation(() =>
+        new Promise((resolve) => setTimeout(resolve, 10000))
+      );
+      await expect(
+        executeApiProvider('prompt', {
+          url: 'http://localhost:4000/v1/chat/completions',
+          model: 'gpt-4o',
+          fetch: mockFetch,
+          timeout: 50,
+        })
+      ).rejects.toThrow(/timeout/i);
+    });
+  });
+  describe('createExecutor', () => {
+    it('returns standardized { response, model, latency } format', async () => {
+      const mockSpawn = vi.fn().mockReturnValue({
+        stdout: { on: vi.fn((ev, cb) => { if (ev === 'data') cb(Buffer.from('result')); }) },
+        stderr: { on: vi.fn() },
+        stdin: { write: vi.fn(), end: vi.fn() },
+        on: vi.fn((ev, cb) => { if (ev === 'close') cb(0); }),
+      });
+      const executor = createExecutor({ spawn: mockSpawn });
+      const result = await executor.execute('prompt', {
+        type: 'cli',
+        command: 'codex',
+        args: [],
+        model: 'gpt-4o',
+      });
+      expect(result).toMatchObject({
+        response: expect.any(String),
+        model: 'gpt-4o',
+        latency: expect.any(Number),
+      });
+    });
+    it('works with injectable spawn/fetch for testing', () => {
+      const executor = createExecutor({
+        spawn: vi.fn(),
+        fetch: vi.fn(),
+      });
+      expect(executor).toBeDefined();
+      expect(executor.execute).toBeDefined();
+    });
+  });
+});