truss-code-review-mcp 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 TRUSS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,60 @@
+# TRUSS Code Review MCP Server
+
+AI-powered code review tools for Claude Code. Automated complexity analysis, anti-pattern detection, security review, and optimization — directly in your editor.
+
+## Quick Start
+
+```json
+{
+  "mcpServers": {
+    "code-review": {
+      "command": "npx",
+      "args": ["-y", "truss-code-review-mcp"]
+    }
+  }
+}
+```
+
+## Tools
+
+### Free Tier (no key needed)
+
+| Tool | Description |
+|------|-------------|
+| `review_diff` | Analyze a git diff for common issues (debug statements, TODOs, secrets, commented-out code) |
+| `check_complexity` | Calculate cyclomatic complexity of functions (JS/TS, Python, Go) |
+| `detect_antipatterns` | Detect language-specific anti-patterns with fix suggestions |
+
+### Pro Tier ($25/mo)
+
+Requires `TRUSS_LICENSE_KEY` + your own `ANTHROPIC_API_KEY` or `OPENAI_API_KEY`.
+
+| Tool | Description |
+|------|-------------|
+| `deep_review` | AI-powered comprehensive code review with scored findings |
+| `suggest_tests` | Generate complete, runnable test files |
+| `explain_code` | Generate documentation, docstrings, and data flow analysis |
+| `security_review` | OWASP-based security analysis with CWE references |
+| `optimize_code` | Performance optimization with before/after code |
+
+## Configuration
+
+```bash
+# Free tier — just install, no config needed
+
+# Pro tier
+export TRUSS_LICENSE_KEY="truss_..."
+export ANTHROPIC_API_KEY="sk-ant-..."  # or OPENAI_API_KEY
+```
+
+## Anti-Pattern Coverage
+
+**JavaScript/TypeScript:** `var` usage, loose equality (`==`), `any` type, `eval()`, `innerHTML`, sync I/O, `@ts-ignore`, console statements, callback hell, magic numbers
+
+**Python:** bare `except`, mutable default args, wildcard imports, `global` statement, string concatenation in loops, hardcoded credentials, `type()` comparison, debug prints
+
+**Go:** ignored errors, goroutine leaks, mutex without defer, `string([]byte)` in loops, `panic()` in library code, `init()` functions, naked returns, error wrapping with `%s`
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+// Free tier tools
+import { registerReviewDiff } from './tools/review-diff.js';
+import { registerCheckComplexity } from './tools/check-complexity.js';
+import { registerDetectAntipatterns } from './tools/detect-antipatterns.js';
+// Pro tier tools
+import { registerDeepReview } from './tools/deep-review.js';
+import { registerSuggestTests } from './tools/suggest-tests.js';
+import { registerExplainCode } from './tools/explain-code.js';
+import { registerSecurityReview } from './tools/security-review.js';
+import { registerOptimizeCode } from './tools/optimize-code.js';
+// Helpers
+import { getLicenseStatus, hasAiKey } from './lib/license.js';
+const server = new McpServer({
+    name: '@truss-dev/code-review-mcp',
+    version: '1.0.0',
+});
+// ── Status Tool ─────────────────────────────────────────────────────
+server.tool('check_review_status', 'Check license tier and AI key configuration for code review tools.', {}, async () => {
+    const license = await getLicenseStatus();
+    const aiKeyPresent = hasAiKey();
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify({
+                    license: {
+                        tier: license.tier,
+                        valid: license.valid,
+                        expires_at: license.expiresAt,
+                    },
+                    ai_key_configured: aiKeyPresent,
+                    free_tools: [
+                        'review_diff — Rule-based diff analysis',
+                        'check_complexity — Cyclomatic complexity calculator',
+                        'detect_antipatterns — Language-specific anti-pattern detection',
+                    ],
+                    pro_tools: [
+                        'deep_review — AI-powered comprehensive review',
+                        'suggest_tests — Generate test cases',
+                        'explain_code — Generate documentation',
+                        'security_review — OWASP security analysis',
+                        'optimize_code — Performance optimization',
+                    ],
+                    ...(license.tier === 'free'
+                        ? {
+                            upgrade_info: {
+                                url: 'https://truss.dev/pricing',
+                                price: '$25/mo',
+                                note: 'Set TRUSS_LICENSE_KEY + your own ANTHROPIC_API_KEY or OPENAI_API_KEY',
+                            },
+                        }
+                        : {}),
+                    ...(!aiKeyPresent && license.tier === 'pro'
+                        ? {
+                            warning: 'Pro license active but no AI key configured. Set ANTHROPIC_API_KEY or OPENAI_API_KEY to use AI-powered tools.',
+                        }
+                        : {}),
+                }, null, 2),
+            },
+        ],
+    };
+});
+// ── Register All Tools ──────────────────────────────────────────────
+// Free tier
+registerReviewDiff(server);
+registerCheckComplexity(server);
+registerDetectAntipatterns(server);
+// Pro tier
+registerDeepReview(server);
+registerSuggestTests(server);
+registerExplainCode(server);
+registerSecurityReview(server);
+registerOptimizeCode(server);
+// ── Start Server ────────────────────────────────────────────────────
+async function main() {
+    const transport = new StdioServerTransport();
+    process.on('SIGINT', () => process.exit(0));
+    process.on('SIGTERM', () => process.exit(0));
+    await server.connect(transport);
+}
+main().catch((err) => {
+    console.error('Fatal error starting MCP server:', err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAGjF,kBAAkB;AAClB,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,iBAAiB;AACjB,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,UAAU;AACV,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE9D,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,4BAA4B;IAClC,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,uEAAuE;AAEvE,MAAM,CAAC,IAAI,CACT,qBAAqB,EACrB,oEAAoE,EACpE,EAAE,EACF,KAAK,IAAI,EAAE;IACT,MAAM,OAAO,GAAG,MAAM,gBAAgB,EAAE,CAAC;IACzC,MAAM,YAAY,GAAG,QAAQ,EAAE,CAAC;IAEhC,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO,EAAE;wBACP,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,UAAU,EAAE,OAAO,CAAC,SAAS;qBAC9B;oBACD,iBAAiB,EAAE,YAAY;oBAC/B,UAAU,EAAE;wBACV,wCAAwC;wBACxC,qDAAqD;wBACrD,gEAAgE;qBACjE;oBACD,SAAS,EAAE;wBACT,+CAA+C;wBAC/C,qCAAqC;wBACrC,uCAAuC;wBACvC,2CAA2C;wBAC3C,0CAA0C;qBAC3C;oBACD,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,MAAM;wBACzB,CAAC,CAAC;4BACE,YAAY,EAAE;gCACZ,GAAG,EAAE,2BAA2B;gCAChC,KAAK,EAAE,QAAQ;gCACf,IAAI,EAAE,sEAAsE;6BAC7E;yBACF;wBACH,CAAC,CAAC,EAAE,CAAC;oBACP,GAAG,CAAC,CAAC,YAAY,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK;wBACzC,CAAC,CAAC;4BACE,OAAO,EAAE,+GAA+G;yBACzH;wBACH,CAAC,CAAC,EAAE,CAAC;iBACR,EAAE,IAAI,EAAE,CAAC,CAAC;aACZ;SACF;KACF,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,uEAAuE;AAEvE,YAAY;AACZ,kBAAkB,CAAC,MAAM,CAAC,CAAC;AAC3B,uBAAuB,CAAC,MAAM,CAAC,CAAC;AAChC,0BAA0B,CAAC,MAAM,CAAC,CAAC;AAEnC,WAAW;AACX,kBAAkB,CAAC,MAAM,CAAC,CAAC;AAC3B,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAC7B,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC5B,sBAAsB,CAAC,MAAM,CAAC,CAAC;AAC/B,oBAAoB,CAAC,MAAM,CAAC,CAAC;AAE7B,uEAAuE;AAEvE,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAE7C,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/lib/ai-review.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AI integration for pro-tier tools.
+ * Supports Anthropic (Claude) and OpenAI (GPT) APIs.
+ * Uses the customer's own API key.
+ */
+export interface AiReviewResult {
+    content: string;
+    model: string;
+    provider: 'anthropic' | 'openai';
+    tokensUsed: {
+        input: number;
+        output: number;
+    };
+}
+export declare function aiReview(systemPrompt: string, userPrompt: string): Promise<AiReviewResult>;
+export declare const DEEP_REVIEW_SYSTEM = "You are an expert code reviewer. Provide a comprehensive code review covering:\n1. Architecture and design quality\n2. Security vulnerabilities\n3. Performance concerns\n4. Error handling completeness\n5. Code clarity and maintainability\n6. Edge cases and potential bugs\n\nFormat your response as JSON with this structure:\n{\n  \"summary\": \"Overall assessment (2-3 sentences)\",\n  \"score\": <1-10>,\n  \"findings\": [\n    {\n      \"category\": \"security|performance|architecture|maintainability|bug|error_handling\",\n      \"severity\": \"critical|high|medium|low|info\",\n      \"title\": \"Short title\",\n      \"description\": \"Detailed explanation\",\n      \"suggestion\": \"How to fix it\",\n      \"line_hint\": \"relevant code snippet or null\"\n    }\n  ],\n  \"positives\": [\"Things done well\"]\n}";
+export declare const SUGGEST_TESTS_SYSTEM = "You are a test engineering expert. Given source code, generate comprehensive test cases.\nWrite complete, runnable test code (not pseudocode) using the specified test framework.\nCover: happy paths, edge cases, error conditions, boundary values, and integration points.\nReturn ONLY the test file content, ready to save and run. Include all necessary imports.";
+export declare const EXPLAIN_CODE_SYSTEM = "You are a technical writer and code documentation expert.\nGiven source code, provide:\n1. A high-level explanation of what the code does and why\n2. Detailed inline documentation (docstrings/JSDoc for each function)\n3. A summary of the data flow and key algorithms\n4. Any non-obvious design decisions or trade-offs\n\nFormat your response as JSON:\n{\n  \"summary\": \"What this code does (2-3 sentences)\",\n  \"purpose\": \"Why this code exists\",\n  \"functions\": [\n    {\n      \"name\": \"function_name\",\n      \"docstring\": \"Complete docstring/JSDoc\",\n      \"explanation\": \"What it does and how\"\n    }\n  ],\n  \"data_flow\": \"How data moves through the code\",\n  \"design_notes\": [\"Important design decisions\"]\n}";
+export declare const SECURITY_REVIEW_SYSTEM = "You are a security engineer specializing in application security (OWASP Top 10, CWE).\nPerform a focused security review of the provided code.\n\nFor each finding, include:\n- CWE ID and name\n- OWASP category if applicable\n- Severity (critical/high/medium/low)\n- Detailed description of the vulnerability\n- Proof of concept or attack scenario\n- Specific remediation steps with code examples\n\nFormat your response as JSON:\n{\n  \"risk_level\": \"critical|high|medium|low|none\",\n  \"findings\": [\n    {\n      \"title\": \"Vulnerability title\",\n      \"cwe_id\": \"CWE-XXX\",\n      \"cwe_name\": \"CWE Name\",\n      \"owasp_category\": \"A01:2021 or null\",\n      \"severity\": \"critical|high|medium|low\",\n      \"description\": \"Detailed description\",\n      \"attack_scenario\": \"How this could be exploited\",\n      \"remediation\": \"How to fix with code example\",\n      \"affected_lines\": \"Line numbers or code snippet\"\n    }\n  ],\n  \"positive_practices\": [\"Security measures already in place\"],\n  \"recommendations\": [\"General security improvements\"]\n}";
+export declare const OPTIMIZE_CODE_SYSTEM = "You are a performance optimization expert. Analyze code for optimization opportunities.\nFocus on: algorithmic complexity, memory usage, I/O efficiency, caching opportunities, and language-specific optimizations.\n\nFor each optimization, show the before and after code.\n\nFormat your response as JSON:\n{\n  \"current_assessment\": \"Brief assessment of current performance characteristics\",\n  \"optimizations\": [\n    {\n      \"title\": \"Optimization title\",\n      \"category\": \"algorithm|memory|io|caching|language_specific\",\n      \"impact\": \"high|medium|low\",\n      \"description\": \"What the optimization does and why\",\n      \"before\": \"Current code snippet\",\n      \"after\": \"Optimized code snippet\",\n      \"expected_improvement\": \"Expected impact (e.g., O(n^2) -> O(n log n))\"\n    }\n  ],\n  \"summary\": \"Overall optimization potential\"\n}";
+//# sourceMappingURL=ai-review.d.ts.map

package/dist/lib/ai-review.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-review.d.ts","sourceRoot":"","sources":["../../src/lib/ai-review.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,WAAW,GAAG,QAAQ,CAAC;IACjC,UAAU,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AA2FD,wBAAsB,QAAQ,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAUhG;AAID,eAAO,MAAM,kBAAkB,2zBAuB7B,CAAC;AAEH,eAAO,MAAM,oBAAoB,4WAGwD,CAAC;AAE1F,eAAO,MAAM,mBAAmB,0uBAoB9B,CAAC;AAEH,eAAO,MAAM,sBAAsB,4kCA6BjC,CAAC;AAEH,eAAO,MAAM,oBAAoB,w3BAoB/B,CAAC"}

package/dist/lib/ai-review.js

@@ -0,0 +1,185 @@
+/**
+ * AI integration for pro-tier tools.
+ * Supports Anthropic (Claude) and OpenAI (GPT) APIs.
+ * Uses the customer's own API key.
+ */
+function detectProvider() {
+    const anthropicKey = process.env.ANTHROPIC_API_KEY;
+    if (anthropicKey) {
+        return { provider: 'anthropic', key: anthropicKey };
+    }
+    const openaiKey = process.env.OPENAI_API_KEY;
+    if (openaiKey) {
+        return { provider: 'openai', key: openaiKey };
+    }
+    return null;
+}
+async function callAnthropic(systemPrompt, userPrompt, key) {
+    const response = await fetch('https://api.anthropic.com/v1/messages', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': key,
+            'anthropic-version': '2023-06-01',
+        },
+        body: JSON.stringify({
+            model: 'claude-sonnet-4-20250514',
+            max_tokens: 4096,
+            system: systemPrompt,
+            messages: [{ role: 'user', content: userPrompt }],
+        }),
+        signal: AbortSignal.timeout(60000),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Anthropic API error (${response.status}): ${error}`);
+    }
+    const body = await response.json();
+    return {
+        content: body.content.map(c => c.text).join('\n'),
+        model: body.model,
+        provider: 'anthropic',
+        tokensUsed: { input: body.usage.input_tokens, output: body.usage.output_tokens },
+    };
+}
+async function callOpenAI(systemPrompt, userPrompt, key) {
+    const response = await fetch('https://api.openai.com/v1/chat/completions', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${key}`,
+        },
+        body: JSON.stringify({
+            model: 'gpt-4o',
+            max_tokens: 4096,
+            messages: [
+                { role: 'system', content: systemPrompt },
+                { role: 'user', content: userPrompt },
+            ],
+        }),
+        signal: AbortSignal.timeout(60000),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`OpenAI API error (${response.status}): ${error}`);
+    }
+    const body = await response.json();
+    return {
+        content: body.choices[0]?.message.content ?? '',
+        model: body.model,
+        provider: 'openai',
+        tokensUsed: { input: body.usage.prompt_tokens, output: body.usage.completion_tokens },
+    };
+}
+export async function aiReview(systemPrompt, userPrompt) {
+    const creds = detectProvider();
+    if (!creds) {
+        throw new Error('No AI API key found. Set ANTHROPIC_API_KEY or OPENAI_API_KEY.');
+    }
+    if (creds.provider === 'anthropic') {
+        return callAnthropic(systemPrompt, userPrompt, creds.key);
+    }
+    return callOpenAI(systemPrompt, userPrompt, creds.key);
+}
+// ── Prompt templates ────────────────────────────────────────────────
+export const DEEP_REVIEW_SYSTEM = `You are an expert code reviewer. Provide a comprehensive code review covering:
+1. Architecture and design quality
+2. Security vulnerabilities
+3. Performance concerns
+4. Error handling completeness
+5. Code clarity and maintainability
+6. Edge cases and potential bugs
+
+Format your response as JSON with this structure:
+{
+  "summary": "Overall assessment (2-3 sentences)",
+  "score": <1-10>,
+  "findings": [
+    {
+      "category": "security|performance|architecture|maintainability|bug|error_handling",
+      "severity": "critical|high|medium|low|info",
+      "title": "Short title",
+      "description": "Detailed explanation",
+      "suggestion": "How to fix it",
+      "line_hint": "relevant code snippet or null"
+    }
+  ],
+  "positives": ["Things done well"]
+}`;
+export const SUGGEST_TESTS_SYSTEM = `You are a test engineering expert. Given source code, generate comprehensive test cases.
+Write complete, runnable test code (not pseudocode) using the specified test framework.
+Cover: happy paths, edge cases, error conditions, boundary values, and integration points.
+Return ONLY the test file content, ready to save and run. Include all necessary imports.`;
+export const EXPLAIN_CODE_SYSTEM = `You are a technical writer and code documentation expert.
+Given source code, provide:
+1. A high-level explanation of what the code does and why
+2. Detailed inline documentation (docstrings/JSDoc for each function)
+3. A summary of the data flow and key algorithms
+4. Any non-obvious design decisions or trade-offs
+
+Format your response as JSON:
+{
+  "summary": "What this code does (2-3 sentences)",
+  "purpose": "Why this code exists",
+  "functions": [
+    {
+      "name": "function_name",
+      "docstring": "Complete docstring/JSDoc",
+      "explanation": "What it does and how"
+    }
+  ],
+  "data_flow": "How data moves through the code",
+  "design_notes": ["Important design decisions"]
+}`;
+export const SECURITY_REVIEW_SYSTEM = `You are a security engineer specializing in application security (OWASP Top 10, CWE).
+Perform a focused security review of the provided code.
+
+For each finding, include:
+- CWE ID and name
+- OWASP category if applicable
+- Severity (critical/high/medium/low)
+- Detailed description of the vulnerability
+- Proof of concept or attack scenario
+- Specific remediation steps with code examples
+
+Format your response as JSON:
+{
+  "risk_level": "critical|high|medium|low|none",
+  "findings": [
+    {
+      "title": "Vulnerability title",
+      "cwe_id": "CWE-XXX",
+      "cwe_name": "CWE Name",
+      "owasp_category": "A01:2021 or null",
+      "severity": "critical|high|medium|low",
+      "description": "Detailed description",
+      "attack_scenario": "How this could be exploited",
+      "remediation": "How to fix with code example",
+      "affected_lines": "Line numbers or code snippet"
+    }
+  ],
+  "positive_practices": ["Security measures already in place"],
+  "recommendations": ["General security improvements"]
+}`;
+export const OPTIMIZE_CODE_SYSTEM = `You are a performance optimization expert. Analyze code for optimization opportunities.
+Focus on: algorithmic complexity, memory usage, I/O efficiency, caching opportunities, and language-specific optimizations.
+
+For each optimization, show the before and after code.
+
+Format your response as JSON:
+{
+  "current_assessment": "Brief assessment of current performance characteristics",
+  "optimizations": [
+    {
+      "title": "Optimization title",
+      "category": "algorithm|memory|io|caching|language_specific",
+      "impact": "high|medium|low",
+      "description": "What the optimization does and why",
+      "before": "Current code snippet",
+      "after": "Optimized code snippet",
+      "expected_improvement": "Expected impact (e.g., O(n^2) -> O(n log n))"
+    }
+  ],
+  "summary": "Overall optimization potential"
+}`;
+//# sourceMappingURL=ai-review.js.map

package/dist/lib/ai-review.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-review.js","sourceRoot":"","sources":["../../src/lib/ai-review.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH,SAAS,cAAc;IACrB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IACnD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC;IACtD,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAC7C,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,YAAoB,EAAE,UAAkB,EAAE,GAAW;IAChF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,uCAAuC,EAAE;QACpE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,WAAW,EAAE,GAAG;YAChB,mBAAmB,EAAE,YAAY;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,KAAK,EAAE,0BAA0B;YACjC,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;SAClD,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAI/B,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;QACjD,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,WAAW;QACrB,UAAU,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE;KACjF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,YAAoB,EAAE,UAAkB,EAAE,GAAW;IAC7E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;QACzE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,eAAe,EAAE,UAAU,GAAG,EAAE;SACjC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,KAAK,EAAE,QAAQ;YACf,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE;gBACzC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE;aACtC;SACF,CAAC;QACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;KACnC,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAI/B,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,OAAO,IAAI,EAAE;QAC/C,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,iBAAiB,EAAE;KACtF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,YAAoB,EAAE,UAAkB;IACrE,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;AACzD,CAAC;AAED,uEAAuE;AAEvE,MAAM,CAAC,MAAM,kBAAkB,GAAG;;;;;;;;;;;;;;;;;;;;;;;EAuBhC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;yFAGqD,CAAC;AAE1F,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;EAoBjC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6BpC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;EAoBlC,CAAC"}

package/dist/lib/complexity.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Cyclomatic complexity calculator.
+ * Uses regex-based analysis (not AST) for JS/TS, Python, Go.
+ * Counts decision points: if, else if, for, while, switch case, &&, ||, ternary, catch, etc.
+ */
+export interface FunctionComplexity {
+    name: string;
+    startLine: number;
+    endLine: number;
+    complexity: number;
+    rating: 'simple' | 'moderate' | 'complex' | 'very_complex';
+}
+export interface ComplexityResult {
+    functions: FunctionComplexity[];
+    overall: number;
+    averagePerFunction: number;
+    rating: 'simple' | 'moderate' | 'complex' | 'very_complex';
+}
+export declare function calculateComplexity(code: string, language: string): ComplexityResult;
+//# sourceMappingURL=complexity.d.ts.map

package/dist/lib/complexity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"complexity.d.ts","sourceRoot":"","sources":["../../src/lib/complexity.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,cAAc,CAAC;CAC5D;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,kBAAkB,EAAE,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,SAAS,GAAG,cAAc,CAAC;CAC5D;AAuND,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,gBAAgB,CAiDpF"}