codereview-local 0.1.0__tar.gz

codereview_local-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Muhammad-NSQ
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

codereview_local-0.1.0/PKG-INFO

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: codereview-local
+Version: 0.1.0
+Summary: Local RAG-based code review CLI. No API keys. Runs fully on your machine.
+Home-page: https://github.com/Muhammad-NSQ/codereview
+Author: Muhammad
+License: MIT
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: typer
+Requires-Dist: chromadb
+Requires-Dist: sentence-transformers
+Requires-Dist: tree-sitter
+Requires-Dist: tree-sitter-python
+Requires-Dist: requests
+Requires-Dist: torch
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# codereview
+
+A local, privacy-first code review CLI tool powered by RAG and a local LLM. No API keys. No data leaves your machine.
+
+```bash
+pip install codereview-local
+codereview your_file.py
+```
+
+---
+
+## How it works
+
+Most code review tools send your code to a remote API. This one runs entirely on your machine.
+
+It uses a RAG (Retrieval-Augmented Generation) pipeline to intelligently select the most relevant parts of your code before sending them to a local LLM for review. This means it scales to large codebases without hitting context window limits.
+
+```
+your code
+    │
+    ▼
+tree-sitter parses into functions/classes
+    │
+    ▼
+sentence-transformers converts chunks to vectors
+    │
+    ▼
+ChromaDB stores all vectors in memory
+    │
+    ▼
+semantic queries retrieve the most relevant chunks
+("security vulnerabilities", "missing error handling", ...)
+    │
+    ▼
+local LLM reviews only what matters
+    │
+    ▼
+actionable feedback printed to terminal
+```
+
+---
+
+## Features
+
+- **Fully local** — runs on your machine, no API keys, no data sent anywhere
+- **RAG pipeline** — semantic retrieval finds the most relevant code across your entire project
+- **AST-based chunking** — splits by functions and classes using tree-sitter, not arbitrary character counts
+- **Multi-query retrieval** — five semantic queries cast different nets across your codebase
+- **Any file type** — works on Python, JavaScript, JSX, and anything else
+- **Directory support** — review an entire project at once
+- **Streaming output** — see the review as it generates, token by token
+- **GPU accelerated** — embedding model uses CUDA automatically if available
+
+---
+
+## Requirements
+
+- Python 3.10+
+- [Ollama](https://ollama.com) installed and running
+- A coding model pulled in Ollama
+
+```bash
+ollama pull qwen3-coder:latest
+# or a smaller/faster option:
+ollama pull deepseek-coder:6.7b
+```
+
+---
+
+## Installation
+
+```bash
+pip install codereview-local
+```
+
+Or from source:
+
+```bash
+git clone https://github.com/Muhammad-NSQ/codereview
+cd codereview
+pip install -e .
+```
+
+---
+
+## Usage
+
+**Review a single file:**
+
+```bash
+codereview path/to/file.py
+```
+
+**Review an entire directory:**
+
+```bash
+codereview path/to/project/
+```
+
+**Use a different model:**
+
+```bash
+codereview path/to/file.py --model deepseek-coder:6.7b
+```
+
+---
+
+## Example output
+
+```
+$ codereview app/auth.py
+
+📂 Indexing app/auth.py...
+   3 chunks indexed
+🔎 Running semantic retrieval...
+🤖 Reviewing with LLM...
+
+## Critical Security Issues
+
+**SQL Injection Vulnerability**
+- Line 3: Direct string concatenation in SQL query
+- Fix: Use parameterized queries: db.query("SELECT * FROM users WHERE id = ?", (id,))
+
+**Hardcoded Credentials**
+- Line 2: Database password exposed in plain text
+- Fix: Use environment variables or a secrets manager
+
+## Runtime Errors
+
+**Division by Zero**
+- Line 12: No check for b == 0 before division
+- Fix: Add validation: if b == 0: raise ValueError("Cannot divide by zero")
+
+## Bad Practices
+
+**Resource Leak**
+- Line 7: File handle opened but never closed
+- Fix: Use context manager: with open(path) as f:
+```
+
+---
+
+## Tech stack
+
+| Component | Library | Purpose |
+|---|---|---|
+| CLI | Typer | Command line interface |
+| AST parsing | tree-sitter | Split code by functions/classes |
+| Embeddings | sentence-transformers | Convert code to vectors |
+| Vector DB | ChromaDB | Store and search embeddings |
+| LLM | Ollama | Local language model inference |
+| HTTP | requests | Talk to Ollama API |
+
+---
+
+## Why RAG for code review?
+
+**The naive approach** — dump the entire file into the LLM — breaks on large codebases. A 2000-line file with 80 functions easily exceeds most models' context windows.
+
+**The RAG approach** — index everything, retrieve only what's relevant, send a focused context to the LLM. Five semantic queries target different problem categories:
+
+- Security vulnerabilities and injection attacks
+- Missing error handling and uncaught exceptions
+- Resource leaks and connection management
+- Bad practices and code smells
+- Input validation and type safety
+
+All matching chunks from all files share one ChromaDB collection, so the retrieval competes across your entire codebase — not file by file.
+
+---
+
+## Project structure
+
+```
+codereview/
+├── codereview/
+│   ├── __init__.py
+│   ├── chunker.py      # tree-sitter AST parsing
+│   ├── embedder.py     # sentence-transformers embeddings
+│   ├── retriever.py    # ChromaDB storage and retrieval
+│   ├── reviewer.py     # Ollama LLM integration
+│   └── cli.py          # Typer CLI and pipeline orchestration
+├── main.py
+└── setup.py
+```
+
+---
+
+## Author
+
+Muhammad — [GitHub](https://github.com/Muhammad-NSQ)

codereview_local-0.1.0/README.md

@@ -0,0 +1,191 @@
+# codereview
+
+A local, privacy-first code review CLI tool powered by RAG and a local LLM. No API keys. No data leaves your machine.
+
+```bash
+pip install codereview-local
+codereview your_file.py
+```
+
+---
+
+## How it works
+
+Most code review tools send your code to a remote API. This one runs entirely on your machine.
+
+It uses a RAG (Retrieval-Augmented Generation) pipeline to intelligently select the most relevant parts of your code before sending them to a local LLM for review. This means it scales to large codebases without hitting context window limits.
+
+```
+your code
+    │
+    ▼
+tree-sitter parses into functions/classes
+    │
+    ▼
+sentence-transformers converts chunks to vectors
+    │
+    ▼
+ChromaDB stores all vectors in memory
+    │
+    ▼
+semantic queries retrieve the most relevant chunks
+("security vulnerabilities", "missing error handling", ...)
+    │
+    ▼
+local LLM reviews only what matters
+    │
+    ▼
+actionable feedback printed to terminal
+```
+
+---
+
+## Features
+
+- **Fully local** — runs on your machine, no API keys, no data sent anywhere
+- **RAG pipeline** — semantic retrieval finds the most relevant code across your entire project
+- **AST-based chunking** — splits by functions and classes using tree-sitter, not arbitrary character counts
+- **Multi-query retrieval** — five semantic queries cast different nets across your codebase
+- **Any file type** — works on Python, JavaScript, JSX, and anything else
+- **Directory support** — review an entire project at once
+- **Streaming output** — see the review as it generates, token by token
+- **GPU accelerated** — embedding model uses CUDA automatically if available
+
+---
+
+## Requirements
+
+- Python 3.10+
+- [Ollama](https://ollama.com) installed and running
+- A coding model pulled in Ollama
+
+```bash
+ollama pull qwen3-coder:latest
+# or a smaller/faster option:
+ollama pull deepseek-coder:6.7b
+```
+
+---
+
+## Installation
+
+```bash
+pip install codereview-local
+```
+
+Or from source:
+
+```bash
+git clone https://github.com/Muhammad-NSQ/codereview
+cd codereview
+pip install -e .
+```
+
+---
+
+## Usage
+
+**Review a single file:**
+
+```bash
+codereview path/to/file.py
+```
+
+**Review an entire directory:**
+
+```bash
+codereview path/to/project/
+```
+
+**Use a different model:**
+
+```bash
+codereview path/to/file.py --model deepseek-coder:6.7b
+```
+
+---
+
+## Example output
+
+```
+$ codereview app/auth.py
+
+📂 Indexing app/auth.py...
+   3 chunks indexed
+🔎 Running semantic retrieval...
+🤖 Reviewing with LLM...
+
+## Critical Security Issues
+
+**SQL Injection Vulnerability**
+- Line 3: Direct string concatenation in SQL query
+- Fix: Use parameterized queries: db.query("SELECT * FROM users WHERE id = ?", (id,))
+
+**Hardcoded Credentials**
+- Line 2: Database password exposed in plain text
+- Fix: Use environment variables or a secrets manager
+
+## Runtime Errors
+
+**Division by Zero**
+- Line 12: No check for b == 0 before division
+- Fix: Add validation: if b == 0: raise ValueError("Cannot divide by zero")
+
+## Bad Practices
+
+**Resource Leak**
+- Line 7: File handle opened but never closed
+- Fix: Use context manager: with open(path) as f:
+```
+
+---
+
+## Tech stack
+
+| Component | Library | Purpose |
+|---|---|---|
+| CLI | Typer | Command line interface |
+| AST parsing | tree-sitter | Split code by functions/classes |
+| Embeddings | sentence-transformers | Convert code to vectors |
+| Vector DB | ChromaDB | Store and search embeddings |
+| LLM | Ollama | Local language model inference |
+| HTTP | requests | Talk to Ollama API |
+
+---
+
+## Why RAG for code review?
+
+**The naive approach** — dump the entire file into the LLM — breaks on large codebases. A 2000-line file with 80 functions easily exceeds most models' context windows.
+
+**The RAG approach** — index everything, retrieve only what's relevant, send a focused context to the LLM. Five semantic queries target different problem categories:
+
+- Security vulnerabilities and injection attacks
+- Missing error handling and uncaught exceptions
+- Resource leaks and connection management
+- Bad practices and code smells
+- Input validation and type safety
+
+All matching chunks from all files share one ChromaDB collection, so the retrieval competes across your entire codebase — not file by file.
+
+---
+
+## Project structure
+
+```
+codereview/
+├── codereview/
+│   ├── __init__.py
+│   ├── chunker.py      # tree-sitter AST parsing
+│   ├── embedder.py     # sentence-transformers embeddings
+│   ├── retriever.py    # ChromaDB storage and retrieval
+│   ├── reviewer.py     # Ollama LLM integration
+│   └── cli.py          # Typer CLI and pipeline orchestration
+├── main.py
+└── setup.py
+```
+
+---
+
+## Author
+
+Muhammad — [GitHub](https://github.com/Muhammad-NSQ)

codereview_local-0.1.0/codereview/chunker.py

@@ -0,0 +1,34 @@
+import tree_sitter_python as tspython
+from tree_sitter import Language, Parser
+
+PY_LANGUAGE = Language(tspython.language())
+parser = Parser(PY_LANGUAGE)
+
+def chunk_code(source_code: str, file_path: str) -> list[dict]:
+    """Parse Python code and split into function/class chunks."""
+    chunks = []
+    tree = parser.parse(bytes(source_code, "utf8"))
+    root = tree.root_node
+
+    for node in root.children:
+        if node.type in ("function_definition", "class_definition"):
+            chunk_text = source_code[node.start_byte:node.end_byte]
+            chunks.append({
+                "text": chunk_text,
+                "file": file_path,
+                "start_line": node.start_point[0] + 1,
+                "end_line": node.end_point[0] + 1,
+                "type": node.type,
+            })
+
+    # If no functions/classes found, treat whole file as one chunk
+    if not chunks:
+        chunks.append({
+            "text": source_code,
+            "file": file_path,
+            "start_line": 1,
+            "end_line": source_code.count("\n") + 1,
+            "type": "module",
+        })
+
+    return chunks

codereview_local-0.1.0/codereview/cli.py

@@ -0,0 +1,88 @@
+import typer
+from pathlib import Path
+from codereview.chunker import chunk_code
+from codereview.embedder import embed_chunks, embed_query
+from codereview.retriever import store_chunks, retrieve_chunks, get_or_create_collection
+from codereview.reviewer import review_chunks
+
+app = typer.Typer()
+
+COLLECTION = "project_review"
+
+REVIEW_QUERIES = [
+    "security vulnerabilities SQL injection hardcoded credentials exposed secrets",
+    "missing error handling no try except uncaught exceptions crashes",
+    "resource leaks file handles not closed database connections not closed",
+    "bad practices code smells inefficient logic poor structure",
+    "input validation missing type checking no sanitization",
+]
+
+def index_file(file_path: str):
+    """Chunk and embed a file and store in the shared collection."""
+    source_code = Path(file_path).read_text()
+    chunks = chunk_code(source_code, file_path)
+    chunks = embed_chunks(chunks)
+    store_chunks(chunks, COLLECTION)
+    return len(chunks)
+
+def run_review(n_results: int = 10) -> str:
+    """Query the shared collection with semantic queries and review results."""
+    seen_ids = set()
+    all_documents = []
+
+    for query in REVIEW_QUERIES:
+        query_embedding = embed_query(query)
+        results = retrieve_chunks(query_embedding, n_results=n_results, collection_name=COLLECTION)
+        for doc, id_ in zip(results["documents"][0], results["ids"][0]):
+            if id_ not in seen_ids:
+                seen_ids.add(id_)
+                all_documents.append(doc)
+
+    if not all_documents:
+        return "No chunks retrieved."
+
+    return review_chunks(all_documents)
+
+@app.command()
+def review(
+    path: str = typer.Argument(..., help="File or directory to review"),
+    model: str = typer.Option("qwen3-coder:latest", help="Ollama model to use"),
+):
+    """Review code using local LLM and RAG."""
+    p = Path(path)
+
+    # reset collection for each run
+    try:
+        import chromadb
+        from chromadb.config import Settings
+        client = chromadb.Client(Settings(anonymized_telemetry=False))
+        client.delete_collection(COLLECTION)
+    except Exception:
+        pass
+
+    if p.is_file():
+        typer.echo(f"📂 Indexing {p}...")
+        n = index_file(str(p))
+        typer.echo(f"   {n} chunks indexed")
+
+    elif p.is_dir():
+        files = list(p.rglob("*.py"))
+        typer.echo(f"📂 Indexing {len(files)} files...")
+        total = 0
+        for f in files:
+            n = index_file(str(f))
+            total += n
+            typer.echo(f"   {f} → {n} chunks")
+        typer.echo(f"   Total: {total} chunks indexed\n")
+
+    else:
+        typer.echo(f"Error: {path} is not a valid file or directory")
+        raise typer.Exit(1)
+
+    typer.echo("🔎 Running semantic retrieval...")
+    typer.echo("🤖 Reviewing with LLM...\n")
+    result = run_review()
+    typer.echo(result)
+
+if __name__ == "__main__":
+    app()

codereview_local-0.1.0/codereview/embedder.py

@@ -0,0 +1,23 @@
+import os
+import torch
+os.environ["TOKENIZERS_PARALLELISM"] = "false"
+os.environ["HF_HUB_DISABLE_IMPLICIT_TOKEN"] = "1"
+
+from sentence_transformers import SentenceTransformer
+
+device = "cuda" if torch.cuda.is_available() else "cpu"
+model = SentenceTransformer("all-MiniLM-L6-v2", device=device)
+
+def embed_chunks(chunks: list[dict]) -> list[dict]:
+    """Add embeddings to each chunk."""
+    texts = [chunk["text"] for chunk in chunks]
+    embeddings = model.encode(texts, show_progress_bar=False)
+    
+    for chunk, embedding in zip(chunks, embeddings):
+        chunk["embedding"] = embedding.tolist()
+    
+    return chunks
+
+def embed_query(query: str) -> list[float]:
+    """Embed a natural language query string."""
+    return model.encode(query).tolist()

codereview_local-0.1.0/codereview/retriever.py

@@ -0,0 +1,29 @@
+import chromadb
+from chromadb.config import Settings
+
+client = chromadb.Client(Settings(anonymized_telemetry=False))
+
+def get_or_create_collection(name: str = "codereview"):
+    return client.get_or_create_collection(name=name)
+
+def store_chunks(chunks: list[dict], collection_name: str = "codereview"):
+    """Store embedded chunks in ChromaDB."""
+    collection = get_or_create_collection(collection_name)
+    
+    ids = [f"{chunk['file']}:{chunk['start_line']}" for chunk in chunks]
+    embeddings = [chunk["embedding"] for chunk in chunks]
+    documents = [chunk["text"] for chunk in chunks]
+    metadatas = [{
+        "file": chunk["file"],
+        "start_line": chunk["start_line"],
+        "end_line": chunk["end_line"],
+        "type": chunk["type"],
+    } for chunk in chunks]
+
+    collection.upsert(ids=ids, embeddings=embeddings, documents=documents, metadatas=metadatas)
+
+def retrieve_chunks(query_embedding: list[float], n_results: int = 5, collection_name: str = "codereview"):
+    """Retrieve most relevant chunks for a query."""
+    collection = get_or_create_collection(collection_name)
+    results = collection.query(query_embeddings=[query_embedding], n_results=n_results)
+    return results

codereview_local-0.1.0/codereview/reviewer.py

@@ -0,0 +1,56 @@
+import requests
+
+OLLAMA_URL = "http://localhost:11434/api/generate"
+DEFAULT_MODEL = "qwen3-coder:latest"
+
+def review_chunks(documents: list[str], model: str = DEFAULT_MODEL) -> str:
+    """Send retrieved code chunks to Ollama for review with streaming output."""
+    
+    combined_code = "\n\n---\n\n".join(documents)
+    
+    prompt = f"""You are an expert code reviewer. Review the following code and provide specific, actionable feedback.
+
+Focus on:
+1. Bugs and potential runtime errors
+2. Security issues
+3. Bad practices and code smells
+4. Performance problems
+5. Missing error handling
+
+Be specific — mention line numbers or function names when possible.
+Do not praise the code, only give constructive feedback.
+
+Code to review:
+{combined_code}
+
+Review:"""
+
+    payload = {
+        "model": model,
+        "prompt": prompt,
+        "stream": True,
+    }
+
+    full_response = []
+
+    try:
+        with requests.post(OLLAMA_URL, json=payload, stream=True, timeout=120) as response:
+            response.raise_for_status()
+            for line in response.iter_lines():
+                if line:
+                    import json
+                    chunk = json.loads(line)
+                    token = chunk.get("response", "")
+                    print(token, end="", flush=True)
+                    full_response.append(token)
+                    if chunk.get("done", False):
+                        break
+        print()
+        return "".join(full_response)
+
+    except requests.exceptions.ConnectionError:
+        return "Error: Ollama is not running. Start it with: ollama serve"
+    except requests.exceptions.Timeout:
+        return "Error: Ollama timed out. The model may be overloaded."
+    except Exception as e:
+        return f"Error: {e}"

codereview_local-0.1.0/codereview_local.egg-info/PKG-INFO

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: codereview-local
+Version: 0.1.0
+Summary: Local RAG-based code review CLI. No API keys. Runs fully on your machine.
+Home-page: https://github.com/Muhammad-NSQ/codereview
+Author: Muhammad
+License: MIT
+Classifier: Programming Language :: Python :: 3
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Topic :: Software Development :: Quality Assurance
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: typer
+Requires-Dist: chromadb
+Requires-Dist: sentence-transformers
+Requires-Dist: tree-sitter
+Requires-Dist: tree-sitter-python
+Requires-Dist: requests
+Requires-Dist: torch
+Dynamic: author
+Dynamic: classifier
+Dynamic: description
+Dynamic: description-content-type
+Dynamic: home-page
+Dynamic: license
+Dynamic: license-file
+Dynamic: requires-dist
+Dynamic: requires-python
+Dynamic: summary
+
+# codereview
+
+A local, privacy-first code review CLI tool powered by RAG and a local LLM. No API keys. No data leaves your machine.
+
+```bash
+pip install codereview-local
+codereview your_file.py
+```
+
+---
+
+## How it works
+
+Most code review tools send your code to a remote API. This one runs entirely on your machine.
+
+It uses a RAG (Retrieval-Augmented Generation) pipeline to intelligently select the most relevant parts of your code before sending them to a local LLM for review. This means it scales to large codebases without hitting context window limits.
+
+```
+your code
+    │
+    ▼
+tree-sitter parses into functions/classes
+    │
+    ▼
+sentence-transformers converts chunks to vectors
+    │
+    ▼
+ChromaDB stores all vectors in memory
+    │
+    ▼
+semantic queries retrieve the most relevant chunks
+("security vulnerabilities", "missing error handling", ...)
+    │
+    ▼
+local LLM reviews only what matters
+    │
+    ▼
+actionable feedback printed to terminal
+```
+
+---
+
+## Features
+
+- **Fully local** — runs on your machine, no API keys, no data sent anywhere
+- **RAG pipeline** — semantic retrieval finds the most relevant code across your entire project
+- **AST-based chunking** — splits by functions and classes using tree-sitter, not arbitrary character counts
+- **Multi-query retrieval** — five semantic queries cast different nets across your codebase
+- **Any file type** — works on Python, JavaScript, JSX, and anything else
+- **Directory support** — review an entire project at once
+- **Streaming output** — see the review as it generates, token by token
+- **GPU accelerated** — embedding model uses CUDA automatically if available
+
+---
+
+## Requirements
+
+- Python 3.10+
+- [Ollama](https://ollama.com) installed and running
+- A coding model pulled in Ollama
+
+```bash
+ollama pull qwen3-coder:latest
+# or a smaller/faster option:
+ollama pull deepseek-coder:6.7b
+```
+
+---
+
+## Installation
+
+```bash
+pip install codereview-local
+```
+
+Or from source:
+
+```bash
+git clone https://github.com/Muhammad-NSQ/codereview
+cd codereview
+pip install -e .
+```
+
+---
+
+## Usage
+
+**Review a single file:**
+
+```bash
+codereview path/to/file.py
+```
+
+**Review an entire directory:**
+
+```bash
+codereview path/to/project/
+```
+
+**Use a different model:**
+
+```bash
+codereview path/to/file.py --model deepseek-coder:6.7b
+```
+
+---
+
+## Example output
+
+```
+$ codereview app/auth.py
+
+📂 Indexing app/auth.py...
+   3 chunks indexed
+🔎 Running semantic retrieval...
+🤖 Reviewing with LLM...
+
+## Critical Security Issues
+
+**SQL Injection Vulnerability**
+- Line 3: Direct string concatenation in SQL query
+- Fix: Use parameterized queries: db.query("SELECT * FROM users WHERE id = ?", (id,))
+
+**Hardcoded Credentials**
+- Line 2: Database password exposed in plain text
+- Fix: Use environment variables or a secrets manager
+
+## Runtime Errors
+
+**Division by Zero**
+- Line 12: No check for b == 0 before division
+- Fix: Add validation: if b == 0: raise ValueError("Cannot divide by zero")
+
+## Bad Practices
+
+**Resource Leak**
+- Line 7: File handle opened but never closed
+- Fix: Use context manager: with open(path) as f:
+```
+
+---
+
+## Tech stack
+
+| Component | Library | Purpose |
+|---|---|---|
+| CLI | Typer | Command line interface |
+| AST parsing | tree-sitter | Split code by functions/classes |
+| Embeddings | sentence-transformers | Convert code to vectors |
+| Vector DB | ChromaDB | Store and search embeddings |
+| LLM | Ollama | Local language model inference |
+| HTTP | requests | Talk to Ollama API |
+
+---
+
+## Why RAG for code review?
+
+**The naive approach** — dump the entire file into the LLM — breaks on large codebases. A 2000-line file with 80 functions easily exceeds most models' context windows.
+
+**The RAG approach** — index everything, retrieve only what's relevant, send a focused context to the LLM. Five semantic queries target different problem categories:
+
+- Security vulnerabilities and injection attacks
+- Missing error handling and uncaught exceptions
+- Resource leaks and connection management
+- Bad practices and code smells
+- Input validation and type safety
+
+All matching chunks from all files share one ChromaDB collection, so the retrieval competes across your entire codebase — not file by file.
+
+---
+
+## Project structure
+
+```
+codereview/
+├── codereview/
+│   ├── __init__.py
+│   ├── chunker.py      # tree-sitter AST parsing
+│   ├── embedder.py     # sentence-transformers embeddings
+│   ├── retriever.py    # ChromaDB storage and retrieval
+│   ├── reviewer.py     # Ollama LLM integration
+│   └── cli.py          # Typer CLI and pipeline orchestration
+├── main.py
+└── setup.py
+```
+
+---
+
+## Author
+
+Muhammad — [GitHub](https://github.com/Muhammad-NSQ)

codereview_local-0.1.0/codereview_local.egg-info/SOURCES.txt

@@ -0,0 +1,15 @@
+LICENSE
+README.md
+setup.py
+codereview/__init__.py
+codereview/chunker.py
+codereview/cli.py
+codereview/embedder.py
+codereview/retriever.py
+codereview/reviewer.py
+codereview_local.egg-info/PKG-INFO
+codereview_local.egg-info/SOURCES.txt
+codereview_local.egg-info/dependency_links.txt
+codereview_local.egg-info/entry_points.txt
+codereview_local.egg-info/requires.txt
+codereview_local.egg-info/top_level.txt

codereview_local-0.1.0/codereview_local.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

codereview_local-0.1.0/codereview_local.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+codereview = codereview.cli:app

codereview_local-0.1.0/codereview_local.egg-info/requires.txt

@@ -0,0 +1,7 @@
+typer
+chromadb
+sentence-transformers
+tree-sitter
+tree-sitter-python
+requests
+torch

codereview_local-0.1.0/codereview_local.egg-info/top_level.txt

@@ -0,0 +1 @@
+codereview

codereview_local-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

codereview_local-0.1.0/setup.py

@@ -0,0 +1,35 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="codereview-local",
+    version="0.1.0",
+    description="Local RAG-based code review CLI. No API keys. Runs fully on your machine.",
+    long_description=open("README.md").read(),
+    long_description_content_type="text/markdown",
+    author="Muhammad",
+    url="https://github.com/Muhammad-NSQ/codereview",
+    packages=find_packages(),
+    install_requires=[
+        "typer",
+        "chromadb",
+        "sentence-transformers",
+        "tree-sitter",
+        "tree-sitter-python",
+        "requests",
+        "torch",
+    ],
+    entry_points={
+        "console_scripts": [
+            "codereview=codereview.cli:app",
+        ],
+    },
+    python_requires=">=3.10",
+    license="MIT",
+    classifiers=[
+        "Programming Language :: Python :: 3",
+        "License :: OSI Approved :: MIT License",
+        "Operating System :: OS Independent",
+        "Topic :: Software Development :: Quality Assurance",
+        "Topic :: Software Development :: Libraries :: Python Modules",
+    ],
+)