wdyt 0.1.7 → 0.1.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wdyt",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "type": "module",
   "description": "Code review context builder for LLMs - what do you think?",
   "license": "MIT",

package/src/commands/chat.ts

@@ -86,6 +86,91 @@ async function claudeCliAvailable(): Promise<boolean> {
   }
 }
 
+/**
+ * Embedded quality-auditor skill (fallback when file not found)
+ * This is used when running as a compiled binary
+ */
+const EMBEDDED_QUALITY_AUDITOR = `You are a pragmatic code auditor. Your job is to find real risks in recent changes - fast.
+
+## Audit Strategy
+
+### 1. Quick Scan (find obvious issues fast)
+- **Secrets**: API keys, passwords, tokens in code
+- **Debug code**: console.log, debugger, TODO/FIXME
+- **Commented code**: Dead code that should be deleted
+- **Large files**: Accidentally committed binaries, logs
+
+### 2. Correctness Review
+- Does the code match the stated intent?
+- Are there off-by-one errors, wrong operators, inverted conditions?
+- Do error paths actually handle errors?
+- Are promises/async properly awaited?
+
+### 3. Security Scan
+- **Injection**: SQL, XSS, command injection vectors
+- **Auth/AuthZ**: Are permissions checked? Can they be bypassed?
+- **Data exposure**: Is sensitive data logged, leaked, or over-exposed?
+- **Dependencies**: Any known vulnerable packages added?
+
+### 4. Simplicity Check
+- Could this be simpler?
+- Is there duplicated code that should be extracted?
+- Are there unnecessary abstractions?
+- Over-engineering for hypothetical future needs?
+
+### 5. Test Coverage
+- Are new code paths tested?
+- Do tests actually assert behavior (not just run)?
+- Are edge cases from gap analysis covered?
+- Are error paths tested?
+
+### 6. Performance Red Flags
+- N+1 queries or O(n²) loops
+- Unbounded data fetching
+- Missing pagination/limits
+- Blocking operations on hot paths
+
+## Output Format
+
+\`\`\`markdown
+## Quality Audit: [Branch/Feature]
+
+### Summary
+- Files changed: N
+- Risk level: Low / Medium / High
+- Ship recommendation: ✅ Ship / ⚠️ Fix first / ❌ Major rework
+
+### Critical (MUST fix before shipping)
+- **[File:line]**: [Issue]
+  - Risk: [What could go wrong]
+  - Fix: [Specific suggestion]
+
+### Should Fix (High priority)
+- **[File:line]**: [Issue]
+  - [Brief fix suggestion]
+
+### Consider (Nice to have)
+- [Minor improvement suggestion]
+
+### Test Gaps
+- [ ] [Untested scenario]
+
+### Security Notes
+- [Any security observations]
+
+### What's Good
+- [Positive observations - patterns followed, good decisions]
+\`\`\`
+
+## Rules
+
+- Find real risks, not style nitpicks
+- Be specific: file:line + concrete fix
+- Critical = could cause outage, data loss, security breach
+- Don't block shipping for minor issues
+- Acknowledge what's done well
+- If no issues found, say so clearly`;
+
 /**
  * Get the skills directory path (bundled with the package)
  */
@@ -97,25 +182,29 @@ function getSkillsDir(): string {
 
 /**
  * Load a skill prompt from a .md file
- * Strips YAML frontmatter (---...---) and returns the content
+ * Falls back to embedded prompt when running as compiled binary
  */
 async function loadSkillPrompt(skillName: string): Promise<string> {
+  // Try to load from file first
   const skillPath = join(getSkillsDir(), `${skillName}.md`);
   const file = Bun.file(skillPath);
 
-  if (!(await file.exists())) {
-    throw new Error(`Skill not found: ${skillPath}`);
+  if (await file.exists()) {
+    const content = await file.text();
+    // Strip YAML frontmatter if present
+    const frontmatterMatch = content.match(/^---\n[\s\S]*?\n---\n/);
+    if (frontmatterMatch) {
+      return content.slice(frontmatterMatch[0].length).trim();
+    }
+    return content.trim();
   }
 
-  const content = await file.text();
-
-  // Strip YAML frontmatter if present
-  const frontmatterMatch = content.match(/^---\n[\s\S]*?\n---\n/);
-  if (frontmatterMatch) {
-    return content.slice(frontmatterMatch[0].length).trim();
+  // Fallback to embedded prompt (for compiled binary)
+  if (skillName === "quality-auditor") {
+    return EMBEDDED_QUALITY_AUDITOR;
   }
 
-  return content.trim();
+  throw new Error(`Skill not found: ${skillName}`);
 }
 
 /**
@@ -317,13 +406,8 @@ export async function chatSendCommand(
       }
     }
 
-    // Log any skipped files to stderr so users are aware
-    if (errors.length > 0) {
-      console.error(`Warning: ${errors.length} file(s) skipped:`);
-      for (const err of errors) {
-        console.error(`  ${err}`);
-      }
-    }
+    // Note: Skipped files are silently ignored to avoid polluting stderr
+    // The files array contains only successfully read files
 
     // Build directory structure from the files we successfully read
     const directoryStructure = buildDirectoryStructure(files.map((f) => f.path));
@@ -344,7 +428,6 @@ export async function chatSendCommand(
 
     // Always run Claude CLI to process the chat - that's what a drop-in rp-cli replacement does
     if (await claudeCliAvailable()) {
-      console.error("[wdyt] Processing with Claude CLI...");
       const response = await runClaudeChat(chatPath, prompt);
 
       return {
@@ -355,7 +438,6 @@ export async function chatSendCommand(
     }
 
     // Fallback: just return the chat ID if Claude CLI isn't available
-    console.error("[wdyt] Claude CLI not found, returning context only");
     return {
       success: true,
       data: { id: chatId, path: chatPath },