tlc-claude-code 1.6.4 → 1.8.0

package/server/lib/code-gate/hooks-generator.test.js

@@ -0,0 +1,142 @@
+/**
+ * Hooks Generator Tests
+ *
+ * Generates and installs git hooks that run the code gate.
+ */
+import { describe, it, expect, vi } from 'vitest';
+
+const {
+  generatePreCommitHook,
+  generatePrePushHook,
+  installHooks,
+  isHookInstalled,
+} = require('./hooks-generator.js');
+
+describe('Hooks Generator', () => {
+  describe('generatePreCommitHook', () => {
+    it('generates a valid shell script', () => {
+      const script = generatePreCommitHook();
+      expect(script).toContain('#!/bin/sh');
+    });
+
+    it('includes gate check command', () => {
+      const script = generatePreCommitHook();
+      expect(script).toContain('tlc-gate');
+    });
+
+    it('exits non-zero on gate failure', () => {
+      const script = generatePreCommitHook();
+      expect(script).toContain('exit 1');
+    });
+
+    it('is portable sh, not bash-specific', () => {
+      const script = generatePreCommitHook();
+      expect(script).not.toContain('#!/bin/bash');
+      expect(script).not.toContain('[[');  // bash-specific test syntax
+    });
+
+    it('includes bypass detection', () => {
+      const script = generatePreCommitHook();
+      // The hook should detect if it was bypassed (for audit logging)
+      expect(script).toContain('pre-commit');
+    });
+  });
+
+  describe('generatePrePushHook', () => {
+    it('generates a valid shell script', () => {
+      const script = generatePrePushHook();
+      expect(script).toContain('#!/bin/sh');
+    });
+
+    it('includes both static and LLM review', () => {
+      const script = generatePrePushHook();
+      expect(script).toContain('tlc-gate');
+    });
+
+    it('exits non-zero on gate failure', () => {
+      const script = generatePrePushHook();
+      expect(script).toContain('exit 1');
+    });
+  });
+
+  describe('installHooks', () => {
+    it('writes pre-commit hook to .git/hooks/', async () => {
+      let writtenPath = null;
+      let writtenContent = null;
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        writeFileSync: vi.fn((path, content) => {
+          writtenPath = path;
+          writtenContent = content;
+        }),
+        chmodSync: vi.fn(),
+      };
+
+      await installHooks('/project', { fs: mockFs, hooks: ['pre-commit'] });
+      expect(writtenPath).toContain('.git/hooks/pre-commit');
+      expect(writtenContent).toContain('#!/bin/sh');
+    });
+
+    it('makes hook executable', async () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        writeFileSync: vi.fn(),
+        chmodSync: vi.fn(),
+      };
+
+      await installHooks('/project', { fs: mockFs, hooks: ['pre-commit'] });
+      expect(mockFs.chmodSync).toHaveBeenCalledWith(
+        expect.stringContaining('pre-commit'),
+        '755'
+      );
+    });
+
+    it('installs both hooks by default', async () => {
+      const written = [];
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        writeFileSync: vi.fn((path) => written.push(path)),
+        chmodSync: vi.fn(),
+      };
+
+      await installHooks('/project', { fs: mockFs });
+      expect(written).toHaveLength(2);
+      expect(written.some(p => p.includes('pre-commit'))).toBe(true);
+      expect(written.some(p => p.includes('pre-push'))).toBe(true);
+    });
+
+    it('throws when .git directory missing', async () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(false),
+      };
+
+      await expect(installHooks('/project', { fs: mockFs }))
+        .rejects.toThrow('Not a git repository');
+    });
+  });
+
+  describe('isHookInstalled', () => {
+    it('returns true when TLC hook exists', () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        readFileSync: vi.fn().mockReturnValue('#!/bin/sh\n# TLC Code Gate\ntlc-gate check'),
+      };
+      expect(isHookInstalled('/project', 'pre-commit', { fs: mockFs })).toBe(true);
+    });
+
+    it('returns false when no hook file', () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(false),
+      };
+      expect(isHookInstalled('/project', 'pre-commit', { fs: mockFs })).toBe(false);
+    });
+
+    it('returns false when hook is not from TLC', () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        readFileSync: vi.fn().mockReturnValue('#!/bin/sh\nhusky run'),
+      };
+      expect(isHookInstalled('/project', 'pre-commit', { fs: mockFs })).toBe(false);
+    });
+  });
+});

package/server/lib/code-gate/llm-reviewer.js

@@ -0,0 +1,176 @@
+/**
+ * LLM Reviewer
+ *
+ * Mandatory LLM-powered code review before every push.
+ * Collects diff, sends to LLM via model router, parses structured result.
+ * Falls back to static-only review if no LLM is available.
+ *
+ * @module code-gate/llm-reviewer
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+/** Default timeout for LLM review in milliseconds */
+const DEFAULT_TIMEOUT = 60000;
+
+/** File extensions that are docs-only (skip LLM review) */
+const DOCS_EXTENSIONS = ['.md', '.txt', '.rst', '.adoc'];
+
+/**
+ * Severity mapping from LLM response levels to gate levels.
+ * LLM may use critical/high/medium/low; we normalize to block/warn/info.
+ */
+const SEVERITY_MAP = {
+  critical: 'block',
+  high: 'block',
+  medium: 'warn',
+  low: 'info',
+  block: 'block',
+  warn: 'warn',
+  info: 'info',
+};
+
+/**
+ * Create a reviewer instance with configurable options.
+ *
+ * @param {Object} [options]
+ * @param {number} [options.timeout] - LLM request timeout in ms
+ * @returns {{ options: Object }}
+ */
+function createReviewer(options = {}) {
+  return {
+    options: {
+      timeout: options.timeout || DEFAULT_TIMEOUT,
+    },
+  };
+}
+
+/**
+ * Build the review prompt to send to the LLM.
+ *
+ * @param {string} diff - Git diff content
+ * @param {string} standards - CODING-STANDARDS.md content
+ * @returns {string} Complete review prompt
+ */
+function buildReviewPrompt(diff, standards) {
+  return `You are a strict code reviewer. Review this diff against the project's coding standards.
+
+${standards ? `## Coding Standards\n${standards}\n\n` : ''}## Diff to Review
+\`\`\`
+${diff}
+\`\`\`
+
+## Instructions
+For each issue found, respond with a JSON object:
+\`\`\`json
+{
+  "findings": [
+    {
+      "severity": "critical|high|medium|low",
+      "file": "affected file path",
+      "line": 0,
+      "rule": "which standard is violated",
+      "message": "clear description",
+      "fix": "how to fix it"
+    }
+  ],
+  "summary": "brief overall assessment"
+}
+\`\`\`
+
+Be STRICT. Block on: security issues, missing tests, hardcoded secrets, major anti-patterns.
+If the code is clean, return an empty findings array.
+Respond ONLY with the JSON object.`;
+}
+
+/**
+ * Parse the LLM response into a structured review result.
+ * Handles raw JSON, markdown-wrapped JSON, and unparseable responses.
+ *
+ * @param {string} response - Raw LLM response text
+ * @returns {{ findings: Array, summary?: string }}
+ */
+function parseReviewResponse(response) {
+  // Try to extract JSON from markdown code block
+  const codeBlockMatch = response.match(/```(?:json)?\s*\n?([\s\S]*?)\n?```/);
+  const jsonStr = codeBlockMatch ? codeBlockMatch[1].trim() : response.trim();
+
+  try {
+    const parsed = JSON.parse(jsonStr);
+    const findings = (parsed.findings || []).map(f => ({
+      ...f,
+      severity: SEVERITY_MAP[f.severity] || 'warn',
+    }));
+    return { findings, summary: parsed.summary };
+  } catch {
+    return {
+      findings: [{
+        severity: 'warn',
+        rule: 'llm-parse-error',
+        file: 'unknown',
+        message: 'Could not parse LLM review response',
+        fix: 'Run review manually with /tlc:review',
+      }],
+      summary: 'Review response could not be parsed',
+    };
+  }
+}
+
+/**
+ * Collect the git diff for review.
+ *
+ * @param {Object} [options]
+ * @param {Function} [options.exec] - Command execution function
+ * @returns {Promise<string>} Diff content
+ */
+async function collectDiff(options = {}) {
+  const exec = options.exec;
+  if (!exec) return '';
+  return await exec('git diff origin/main..HEAD');
+}
+
+/**
+ * Check if the review should be skipped (docs-only changes).
+ *
+ * @param {string[]} files - Changed file paths
+ * @returns {boolean} True if all changes are docs-only
+ */
+function shouldSkipReview(files) {
+  if (files.length === 0) return true;
+  return files.every(f => {
+    const ext = path.extname(f).toLowerCase();
+    return DOCS_EXTENSIONS.includes(ext);
+  });
+}
+
+/**
+ * Store a review result to disk for audit trail.
+ *
+ * @param {string} commitHash - Commit hash as filename
+ * @param {Object} result - Review result to store
+ * @param {Object} [options]
+ * @param {Object} [options.fs] - File system module
+ * @param {string} [options.projectPath] - Project root
+ */
+function storeReviewResult(commitHash, result, options = {}) {
+  const fsModule = options.fs || fs;
+  const projectPath = options.projectPath || process.cwd();
+  const reviewsDir = path.join(projectPath, '.tlc', 'reviews');
+
+  if (!fsModule.existsSync(reviewsDir)) {
+    fsModule.mkdirSync(reviewsDir, { recursive: true });
+  }
+
+  const filePath = path.join(reviewsDir, `${commitHash}.json`);
+  fsModule.writeFileSync(filePath, JSON.stringify(result, null, 2));
+}
+
+module.exports = {
+  createReviewer,
+  buildReviewPrompt,
+  parseReviewResponse,
+  collectDiff,
+  shouldSkipReview,
+  storeReviewResult,
+};

package/server/lib/code-gate/llm-reviewer.test.js

@@ -0,0 +1,161 @@
+/**
+ * LLM Reviewer Tests
+ *
+ * Mandatory LLM code review before every push, using multi-model router.
+ * Collects diff, sends to LLM, parses structured review result.
+ */
+import { describe, it, expect, vi } from 'vitest';
+
+const {
+  createReviewer,
+  buildReviewPrompt,
+  parseReviewResponse,
+  collectDiff,
+  shouldSkipReview,
+  storeReviewResult,
+} = require('./llm-reviewer.js');
+
+describe('LLM Reviewer', () => {
+  describe('createReviewer', () => {
+    it('creates reviewer with default options', () => {
+      const reviewer = createReviewer();
+      expect(reviewer).toBeDefined();
+      expect(reviewer.options.timeout).toBeDefined();
+    });
+
+    it('accepts custom timeout', () => {
+      const reviewer = createReviewer({ timeout: 30000 });
+      expect(reviewer.options.timeout).toBe(30000);
+    });
+  });
+
+  describe('buildReviewPrompt', () => {
+    it('includes diff in prompt', () => {
+      const prompt = buildReviewPrompt('--- a/file.js\n+++ b/file.js\n+const x = 1;', '');
+      expect(prompt).toContain('file.js');
+      expect(prompt).toContain('const x = 1');
+    });
+
+    it('includes coding standards in prompt', () => {
+      const standards = '# Coding Standards\n- No hardcoded URLs';
+      const prompt = buildReviewPrompt('diff content', standards);
+      expect(prompt).toContain('No hardcoded URLs');
+    });
+
+    it('instructs strict review', () => {
+      const prompt = buildReviewPrompt('diff', '');
+      expect(prompt.toLowerCase()).toContain('strict');
+    });
+
+    it('requests structured JSON output', () => {
+      const prompt = buildReviewPrompt('diff', '');
+      expect(prompt).toContain('JSON');
+    });
+  });
+
+  describe('parseReviewResponse', () => {
+    it('parses valid JSON review', () => {
+      const response = JSON.stringify({
+        findings: [
+          { severity: 'high', file: 'src/app.js', line: 10, rule: 'security', message: 'XSS risk', fix: 'Sanitize' },
+        ],
+        summary: 'Found 1 issue',
+      });
+      const result = parseReviewResponse(response);
+      expect(result.findings).toHaveLength(1);
+      expect(result.findings[0].severity).toBe('block'); // high normalizes to block
+    });
+
+    it('handles response with JSON in markdown code block', () => {
+      const response = '```json\n{"findings": [], "summary": "All clear"}\n```';
+      const result = parseReviewResponse(response);
+      expect(result.findings).toEqual([]);
+    });
+
+    it('returns error finding on unparseable response', () => {
+      const result = parseReviewResponse('I could not review this code because...');
+      expect(result.findings).toHaveLength(1);
+      expect(result.findings[0].severity).toBe('warn');
+      expect(result.findings[0].rule).toBe('llm-parse-error');
+    });
+
+    it('normalizes severity levels', () => {
+      const response = JSON.stringify({
+        findings: [
+          { severity: 'critical', file: 'x.js', message: 'Bad', fix: 'Fix' },
+          { severity: 'low', file: 'y.js', message: 'Minor', fix: 'Maybe' },
+        ],
+      });
+      const result = parseReviewResponse(response);
+      // critical and high map to 'block', medium and low map to 'warn'
+      expect(result.findings[0].severity).toBe('block');
+      expect(result.findings[1].severity).toBe('info');
+    });
+  });
+
+  describe('collectDiff', () => {
+    it('returns diff from exec', async () => {
+      const mockExec = vi.fn().mockResolvedValue('diff --git a/file.js\n+line');
+      const diff = await collectDiff({ exec: mockExec });
+      expect(diff).toContain('file.js');
+      expect(mockExec).toHaveBeenCalled();
+    });
+
+    it('returns empty string when no changes', async () => {
+      const mockExec = vi.fn().mockResolvedValue('');
+      const diff = await collectDiff({ exec: mockExec });
+      expect(diff).toBe('');
+    });
+  });
+
+  describe('shouldSkipReview', () => {
+    it('skips docs-only changes', () => {
+      const files = ['README.md', 'docs/guide.md', 'CHANGELOG.md'];
+      expect(shouldSkipReview(files)).toBe(true);
+    });
+
+    it('does not skip code changes', () => {
+      const files = ['src/app.js', 'README.md'];
+      expect(shouldSkipReview(files)).toBe(false);
+    });
+
+    it('does not skip config changes', () => {
+      const files = ['package.json', '.env.example'];
+      expect(shouldSkipReview(files)).toBe(false);
+    });
+  });
+
+  describe('storeReviewResult', () => {
+    it('writes review to .tlc/reviews/{hash}.json', () => {
+      let writtenPath = '';
+      let writtenData = '';
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(true),
+        mkdirSync: vi.fn(),
+        writeFileSync: vi.fn((path, data) => {
+          writtenPath = path;
+          writtenData = data;
+        }),
+      };
+
+      const result = { findings: [], summary: 'Clean' };
+      storeReviewResult('abc123', result, { fs: mockFs });
+
+      expect(writtenPath).toContain('abc123.json');
+      expect(writtenPath).toContain('reviews');
+      const parsed = JSON.parse(writtenData);
+      expect(parsed.summary).toBe('Clean');
+    });
+
+    it('creates reviews directory if missing', () => {
+      const mockFs = {
+        existsSync: vi.fn().mockReturnValue(false),
+        mkdirSync: vi.fn(),
+        writeFileSync: vi.fn(),
+      };
+
+      storeReviewResult('xyz', { findings: [] }, { fs: mockFs });
+      expect(mockFs.mkdirSync).toHaveBeenCalled();
+    });
+  });
+});

package/server/lib/code-gate/multi-model-reviewer.js

@@ -0,0 +1,172 @@
+/**
+ * Multi-Model Reviewer
+ *
+ * Sends code reviews to 2+ LLM models and aggregates findings.
+ * Different models catch different bugs — consensus scoring
+ * highlights issues multiple models agree on.
+ *
+ * @module code-gate/multi-model-reviewer
+ */
+
+/** Severity priority for conflict resolution (higher wins) */
+const SEVERITY_PRIORITY = { block: 3, warn: 2, info: 1 };
+
+/**
+ * Send diff to multiple models in parallel
+ * @param {string} diff - Git diff content
+ * @param {string[]} models - List of model names
+ * @param {Object} options - Options
+ * @param {Function} options.reviewFn - Function(diff, model) => { findings, summary }
+ * @param {number} options.timeout - Per-model timeout in ms
+ * @returns {Promise<Array>} Results from successful models
+ */
+async function sendToModels(diff, models, options = {}) {
+  const { reviewFn, timeout } = options;
+  const results = [];
+
+  const promises = models.map(async (model) => {
+    try {
+      let reviewPromise = reviewFn(diff, model);
+
+      // Apply per-model timeout if specified
+      if (timeout) {
+        reviewPromise = Promise.race([
+          reviewPromise,
+          new Promise((_, reject) =>
+            setTimeout(() => reject(new Error(`Timeout for ${model}`)), timeout)
+          ),
+        ]);
+      }
+
+      const result = await reviewPromise;
+      return { model, ...result };
+    } catch {
+      return null; // Model failed, will be filtered out
+    }
+  });
+
+  const settled = await Promise.all(promises);
+  for (const result of settled) {
+    if (result) results.push(result);
+  }
+
+  return results;
+}
+
+/**
+ * Aggregate and deduplicate findings from multiple models
+ * @param {Array} modelResults - Results from sendToModels
+ * @returns {Object} Aggregated result with deduplicated findings
+ */
+function aggregateFindings(modelResults) {
+  // Collect all findings with model attribution
+  const allFindings = [];
+
+  for (const result of modelResults) {
+    for (const finding of (result.findings || [])) {
+      allFindings.push({
+        ...finding,
+        flaggedBy: [result.model],
+      });
+    }
+  }
+
+  // Deduplicate
+  const deduped = deduplicateFindings(allFindings);
+
+  return {
+    findings: deduped,
+    modelCount: modelResults.length,
+  };
+}
+
+/**
+ * Deduplicate findings by file+line+rule, merging flaggedBy lists
+ * @param {Array} findings - All findings with flaggedBy
+ * @returns {Array} Deduplicated findings
+ */
+function deduplicateFindings(findings) {
+  const map = new Map();
+
+  for (const finding of findings) {
+    const key = `${finding.file}:${finding.line}:${finding.rule}`;
+
+    if (map.has(key)) {
+      const existing = map.get(key);
+      // Merge flaggedBy
+      for (const model of finding.flaggedBy) {
+        if (!existing.flaggedBy.includes(model)) {
+          existing.flaggedBy.push(model);
+        }
+      }
+      // Higher severity wins
+      const existingPriority = SEVERITY_PRIORITY[existing.severity] || 0;
+      const newPriority = SEVERITY_PRIORITY[finding.severity] || 0;
+      if (newPriority > existingPriority) {
+        existing.severity = finding.severity;
+        existing.message = finding.message;
+      }
+    } else {
+      map.set(key, { ...finding });
+    }
+  }
+
+  return Array.from(map.values());
+}
+
+/**
+ * Calculate consensus percentage for a finding
+ * @param {Object} finding - Finding with flaggedBy array
+ * @param {number} totalModels - Total models queried
+ * @returns {number} Consensus percentage (0-100)
+ */
+function calculateConsensus(finding, totalModels) {
+  if (totalModels === 0) return 0;
+  return (finding.flaggedBy.length / totalModels) * 100;
+}
+
+/**
+ * Merge summaries from all model results
+ * @param {Array} modelResults - Results with model and summary fields
+ * @returns {string} Merged summary
+ */
+function mergeSummaries(modelResults) {
+  return modelResults
+    .filter(r => r.summary)
+    .map(r => `[${r.model}]: ${r.summary}`)
+    .join('\n');
+}
+
+/**
+ * Create a multi-model reviewer instance
+ * @param {Object} options - Configuration
+ * @param {string[]} options.models - Model names to use
+ * @param {Function} options.reviewFn - Review function
+ * @param {number} options.timeout - Per-model timeout
+ * @returns {Object} Reviewer instance
+ */
+function createMultiModelReviewer(options = {}) {
+  const { models = [], reviewFn, timeout } = options;
+
+  return {
+    models,
+    review: async (diff) => {
+      const results = await sendToModels(diff, models, { reviewFn, timeout });
+      if (results.length === 0) {
+        return { findings: [], summary: 'All models failed — static-only fallback', modelCount: 0 };
+      }
+      const aggregated = aggregateFindings(results);
+      const summary = mergeSummaries(results);
+      return { ...aggregated, summary };
+    },
+  };
+}
+
+module.exports = {
+  createMultiModelReviewer,
+  sendToModels,
+  aggregateFindings,
+  deduplicateFindings,
+  calculateConsensus,
+  mergeSummaries,
+};