fix: address review feedback on check-deps script

- Accept import paths starting with digit (e.g., 9fans.net/go) by relaxing filter from ^[a-zA-Z] to ^[[:alnum:]] - Fix misleading comment: loop uses Bash process substitution, not POSIX - Remove redundant \$ from grep regex (literal $ unreachable) - Capture stderr separately in go list to avoid mixing errors with output - Clarify CONVENTIONS.md wording on transitive vs direct deps Reviewed-by: sonnet-review-bot Reviewed-by: gpt-review-bot
2026-05-10 14:09:03 -07:00
30 changed files with 203 additions and 3713 deletions
@@ -38,8 +38,6 @@ jobs:
          - name: security
            token_secret: SECURITY_REVIEW_TOKEN
            model: gpt-5
            patterns_repo: rodin/security-patterns
            patterns_files: "."
            system_prompt_file: SECURITY_REVIEW.md
    steps:
      - uses: actions/checkout@v4
@@ -62,8 +60,8 @@ jobs:
          AICORE_API_URL: ${{ secrets.AICORE_API_URL }}
          AICORE_RESOURCE_GROUP: ${{ secrets.AICORE_RESOURCE_GROUP }}
          CONVENTIONS_FILE: "CONVENTIONS.md"
-          PATTERNS_REPO: ${{ matrix.patterns_repo || 'rodin/go-patterns' }}
+          PATTERNS_REPO: "rodin/go-patterns"
-          PATTERNS_FILES: ${{ matrix.patterns_files || 'README.md,patterns/' }}
+          PATTERNS_FILES: "README.md,patterns/"
          LLM_TIMEOUT: "600"
          SYSTEM_PROMPT_FILE: ${{ matrix.system_prompt_file }}
        run: ./review-bot
@@ -1,200 +0,0 @@
 # This composite action is designed for Gitea Actions runners.
 # Gitea Actions supports GitHub Actions syntax including $GITHUB_OUTPUT,
 # actions/cache, and actions/checkout.
 # Requirements: python3, sha256sum, curl (all present on ubuntu-* runners).
 name: 'AI Code Review'
 description: 'Run AI-powered code review on a pull request using review-bot'
 inputs:
  gitea-url:
    description: 'Gitea instance URL (defaults to server_url)'
    required: false
    default: ''
  repo:
    description: 'Repository (owner/name, defaults to current)'
    required: false
    default: ''
  pr-number:
    description: 'Pull request number (defaults to current PR)'
    required: false
    default: ''
  reviewer-token:
    description: 'Gitea token for posting the review'
    required: true
  reviewer-name:
    description: 'Display name for the reviewer'
    required: false
    default: ''
  llm-base-url:
    description: 'OpenAI-compatible LLM API base URL (not required for aicore provider)'
    required: false
    default: ''
  llm-api-key:
    description: 'LLM API key (not required for aicore provider)'
    required: false
    default: ''
  llm-model:
    description: 'LLM model name'
    required: true
  llm-provider:
    description: 'LLM API provider: openai, anthropic, or aicore (default openai)'
    required: false
    default: 'openai'
  aicore-client-id:
    description: 'SAP AI Core client ID (required for aicore provider)'
    required: false
    default: ''
  aicore-client-secret:
    description: 'SAP AI Core client secret (required for aicore provider)'
    required: false
    default: ''
  aicore-auth-url:
    description: 'SAP AI Core authentication URL (required for aicore provider)'
    required: false
    default: ''
  aicore-api-url:
    description: 'SAP AI Core API URL (required for aicore provider)'
    required: false
    default: ''
  aicore-resource-group:
    description: 'SAP AI Core resource group (default: default)'
    required: false
    default: 'default'
  conventions-file:
    description: 'Path to conventions file in the repo (e.g. CLAUDE.md)'
    required: false
    default: ''
  patterns-repo:
    description: 'Comma-separated repos with language patterns (e.g. rodin/elixir-patterns,rodin/phoenix-conventions)'
    required: false
    default: ''
  patterns-files:
    description: 'Comma-separated file paths or directories to fetch from patterns repos'
    required: false
    default: 'README.md'
  temperature:
    description: 'LLM temperature (0 = server default)'
    required: false
    default: '0'
  timeout:
    description: 'LLM request timeout in seconds (default 300)'
    required: false
    default: '300'
  version:
    description: 'review-bot version to install (e.g. v0.1.0, defaults to latest)'
    required: false
    default: 'latest'
  dry-run:
    description: 'Print review to stdout instead of posting'
    required: false
    default: 'false'
  update-existing:
    description: 'Delete previous review from same bot after posting new one. Accepts: true/1/yes or false/0/no (default true)'
    required: false
    default: 'true'
  system-prompt-file:
    description: 'Local file with additional system prompt instructions (e.g. security review focus)'
    required: false
    default: ''
  persona:
    description: 'Built-in persona name (security, architect, docs)'
    required: false
    default: ''
  persona-file:
    description: 'Path to custom persona JSON file'
    required: false
    default: ''
 runs:
  using: 'composite'
  steps:
    - name: Determine version
      id: version
      shell: bash
      run: |
        GITEA_URL="${{ inputs.gitea-url || github.server_url }}"
        REPO="${{ inputs.repo || 'rodin/review-bot' }}"
        if [ "${{ inputs.version }}" = "latest" ]; then
          VERSION=$(curl -sSf "${GITEA_URL}/api/v1/repos/${REPO}/releases?limit=1" \
            | python3 -c "import sys, json; releases = json.load(sys.stdin); print(releases[0]['tag_name'] if releases else '')")
          if [ -z "$VERSION" ]; then
            echo "Failed to determine latest version" >&2
            exit 1
          fi
        else
          VERSION="${{ inputs.version }}"
        fi
        echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
    - name: Cache review-bot binary
      id: cache
      uses: actions/cache@v4
      with:
        path: ${{ runner.temp }}/review-bot
        key: review-bot-linux-amd64-${{ steps.version.outputs.version }}
    - name: Install review-bot
      if: steps.cache.outputs.cache-hit != 'true'
      shell: bash
      run: |
        GITEA_URL="${{ inputs.gitea-url || github.server_url }}"
        REPO="${{ inputs.repo || 'rodin/review-bot' }}"
        VERSION="${{ steps.version.outputs.version }}"
        BINARY="review-bot-linux-amd64"
        curl -sSfL "${GITEA_URL}/${REPO}/releases/download/${VERSION}/${BINARY}" \
          -o "${{ runner.temp }}/review-bot"
        curl -sSfL "${GITEA_URL}/${REPO}/releases/download/${VERSION}/checksums.txt" \
          -o "${{ runner.temp }}/checksums.txt"
        # Verify SHA-256 checksum
        cd "${{ runner.temp }}"
        EXPECTED=$(grep "${BINARY}" checksums.txt | awk '{print $1}')
        ACTUAL=$(sha256sum review-bot | awk '{print $1}')
        if [ -z "$EXPECTED" ]; then
          echo "Error: no checksum found for ${BINARY}" >&2
          exit 1
        fi
        if [ "$EXPECTED" != "$ACTUAL" ]; then
          echo "Error: checksum mismatch!" >&2
          echo "  Expected: $EXPECTED" >&2
          echo "  Actual:   $ACTUAL" >&2
          exit 1
        fi
        chmod +x "${{ runner.temp }}/review-bot"
        echo "Installed review-bot ${VERSION} (checksum verified)"
    - name: Run review
      shell: bash
      env:
        GITHUB_SERVER_URL: ${{ inputs.gitea-url || github.server_url }}
        GITHUB_REPOSITORY: ${{ inputs.repo || github.repository }}
        PR_NUMBER: ${{ inputs.pr-number || github.event.pull_request.number }}
        REVIEWER_TOKEN: ${{ inputs.reviewer-token }}
        REVIEWER_NAME: ${{ inputs.reviewer-name }}
        LLM_BASE_URL: ${{ inputs.llm-base-url }}
        LLM_API_KEY: ${{ inputs.llm-api-key }}
        LLM_MODEL: ${{ inputs.llm-model }}
        CONVENTIONS_FILE: ${{ inputs.conventions-file }}
        PATTERNS_REPO: ${{ inputs.patterns-repo }}
        PATTERNS_FILES: ${{ inputs.patterns-files }}
        LLM_TEMPERATURE: ${{ inputs.temperature }}
        LLM_TIMEOUT: ${{ inputs.timeout }}
        LLM_PROVIDER: ${{ inputs.llm-provider }}
        UPDATE_EXISTING: ${{ inputs.update-existing }}
        SYSTEM_PROMPT_FILE: ${{ inputs.system-prompt-file }}
        PERSONA: ${{ inputs.persona }}
        PERSONA_FILE: ${{ inputs.persona-file }}
        AICORE_CLIENT_ID: ${{ inputs.aicore-client-id }}
        AICORE_CLIENT_SECRET: ${{ inputs.aicore-client-secret }}
        AICORE_AUTH_URL: ${{ inputs.aicore-auth-url }}
        AICORE_API_URL: ${{ inputs.aicore-api-url }}
        AICORE_RESOURCE_GROUP: ${{ inputs.aicore-resource-group }}
      run: |
        ARGS=""
        if [ "${{ inputs.dry-run }}" = "true" ]; then
          ARGS="--dry-run"
        fi
        ${{ runner.temp }}/review-bot $ARGS
@@ -1,69 +0,0 @@
 name: CI
 on:
  push:
    branches: [main]
  pull_request:
    types: [opened, synchronize]
 jobs:
  test:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.26'
      - run: go test ./...
      - run: go vet ./...
      - run: go build -o review-bot ./cmd/review-bot
  # Self-review using native SAP AI Core provider
  # Models must match SAP AI Core deployments
  # Available models: gpt-5, anthropic--claude-4.6-sonnet, anthropic--claude-4.6-opus
  # Removed gpt-4.1, gpt-5-mini, gpt-4.1-mini - not deployed on AI Core
  review:
    runs-on: ubuntu-24.04
    if: github.event_name == 'pull_request'
    needs: test
    strategy:
      matrix:
        include:
          - name: sonnet
            token_secret: SONNET_REVIEW_TOKEN
            model: anthropic--claude-4.6-sonnet
          - name: gpt
            token_secret: GPT_REVIEW_TOKEN
            model: gpt-5
          - name: security
            token_secret: SECURITY_REVIEW_TOKEN
            model: gpt-5
            patterns_repo: rodin/security-patterns
            patterns_files: "."
            system_prompt_file: SECURITY_REVIEW.md
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.26'
      - run: go build -o review-bot ./cmd/review-bot
      - name: Run ${{ matrix.name }} review
        env:
          GITHUB_SERVER_URL: ${{ github.server_url }}
          GITHUB_REPOSITORY: ${{ github.repository }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}
          REVIEWER_NAME: ${{ matrix.name }}
          LLM_PROVIDER: aicore
          LLM_MODEL: ${{ matrix.model }}
          AICORE_CLIENT_ID: ${{ secrets.AICORE_CLIENT_ID }}
          AICORE_CLIENT_SECRET: ${{ secrets.AICORE_CLIENT_SECRET }}
          AICORE_AUTH_URL: ${{ secrets.AICORE_AUTH_URL }}
          AICORE_API_URL: ${{ secrets.AICORE_API_URL }}
          AICORE_RESOURCE_GROUP: ${{ secrets.AICORE_RESOURCE_GROUP }}
          CONVENTIONS_FILE: "CONVENTIONS.md"
          PATTERNS_REPO: ${{ matrix.patterns_repo || 'rodin/go-patterns' }}
          PATTERNS_FILES: ${{ matrix.patterns_files || 'README.md,patterns/' }}
          LLM_TIMEOUT: "600"
          SYSTEM_PROMPT_FILE: ${{ matrix.system_prompt_file }}
        run: ./review-bot
@@ -1,38 +0,0 @@
 name: PR Ready Gate
 on:
  pull_request:
    types: [synchronize]
 jobs:
  clear-labels:
    runs-on: ubuntu-24.04
    # Always run - curl commands are safe if labels don't exist
    steps:
      - name: Remove ready and self-reviewed labels, reassign to author
        env:
          GITEA_TOKEN: ${{ secrets.RODIN_TOKEN }}
        run: |
          PR_NUMBER=${{ github.event.pull_request.number }}
          AUTHOR=${{ github.event.pull_request.user.login }}
          READY_LABEL_ID=38
          SELF_REVIEWED_LABEL_ID=37
          # Remove ready label if present
          curl -sS -X DELETE \
            -H "Authorization: token $GITEA_TOKEN" \
            "https://gitea.weiker.me/api/v1/repos/${{ github.repository }}/issues/${PR_NUMBER}/labels/${READY_LABEL_ID}" || true
          # Remove self-reviewed label if present
          curl -sS -X DELETE \
            -H "Authorization: token $GITEA_TOKEN" \
            "https://gitea.weiker.me/api/v1/repos/${{ github.repository }}/issues/${PR_NUMBER}/labels/${SELF_REVIEWED_LABEL_ID}" || true
          # Reassign to author
          curl -sS -X PATCH \
            -H "Authorization: token $GITEA_TOKEN" \
            -H "Content-Type: application/json" \
            -d "{\"assignees\": [\"${AUTHOR}\"]}" \
            "https://gitea.weiker.me/api/v1/repos/${{ github.repository }}/pulls/${PR_NUMBER}"
          echo "Cleared ready/self-reviewed labels and reassigned PR #${PR_NUMBER} to ${AUTHOR}"
@@ -1,97 +0,0 @@
 name: Release
 on:
  push:
    tags:
      - 'v*'
 jobs:
  release:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: '1.26'
      - name: Run tests
        run: |
          go vet ./...
          go test ./...
      - name: Build binaries
        run: |
          VERSION=${GITHUB_REF_NAME}
          mkdir -p dist
          GOOS=linux GOARCH=amd64 go build -ldflags "-s -w -X main.version=${VERSION}" -o dist/review-bot-linux-amd64 ./cmd/review-bot
          GOOS=linux GOARCH=arm64 go build -ldflags "-s -w -X main.version=${VERSION}" -o dist/review-bot-linux-arm64 ./cmd/review-bot
          GOOS=darwin GOARCH=amd64 go build -ldflags "-s -w -X main.version=${VERSION}" -o dist/review-bot-darwin-amd64 ./cmd/review-bot
          GOOS=darwin GOARCH=arm64 go build -ldflags "-s -w -X main.version=${VERSION}" -o dist/review-bot-darwin-arm64 ./cmd/review-bot
          cd dist && sha256sum * > checksums.txt
      - name: Create release and upload assets
        env:
          GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
        run: |
          VERSION=${GITHUB_REF_NAME}
          GITEA_URL="${{ github.server_url }}"
          REPO="${{ github.repository }}"
          # Create release (or find existing one for this tag)
          HTTP_CODE=$(curl -s -o /tmp/release_response.json -w "%{http_code}" -X POST \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            "${GITEA_URL}/api/v1/repos/${REPO}/releases" \
            -d "{\"tag_name\": \"${VERSION}\", \"name\": \"${VERSION}\", \"body\": \"Release ${VERSION}\", \"draft\": false, \"prerelease\": false}")
          if [ "$HTTP_CODE" = "409" ]; then
            echo "Release for ${VERSION} already exists, fetching existing..."
            curl -sSf -o /tmp/release_response.json \
              -H "Authorization: token ${GITEA_TOKEN}" \
              "${GITEA_URL}/api/v1/repos/${REPO}/releases/tags/${VERSION}"
          elif [ "$HTTP_CODE" != "201" ]; then
            echo "Failed to create release (HTTP ${HTTP_CODE})" >&2
            cat /tmp/release_response.json >&2
            exit 1
          fi
          # Parse release ID (python3 available on ubuntu-24.04 runners)
          RELEASE_ID=$(python3 -c "import json; print(json.load(open('/tmp/release_response.json'))['id'])")
          if [ -z "$RELEASE_ID" ]; then
            echo "Failed to parse release ID" >&2
            cat /tmp/release_response.json >&2
            exit 1
          fi
          echo "Release ID: ${RELEASE_ID}"
          # Upload each asset (idempotent: delete existing asset with same name first)
          for file in dist/*; do
            filename=$(basename "$file")
            echo "Uploading ${filename}..."
            # Check if asset already exists and delete it
            EXISTING_ID=$(export ASSET_NAME="${filename}"; curl -sS \
              -H "Authorization: token ${GITEA_TOKEN}" \
              "${GITEA_URL}/api/v1/repos/${REPO}/releases/${RELEASE_ID}/assets" \
              | python3 -c "import json,sys,os; name=os.environ['ASSET_NAME']; assets=json.load(sys.stdin); print(next((str(a['id']) for a in assets if a['name']==name),''))" 2>/dev/null)
            if [ -n "$EXISTING_ID" ]; then
              echo "  Asset ${filename} already exists (id=${EXISTING_ID}), deleting..."
              curl -sSf -X DELETE \
                -H "Authorization: token ${GITEA_TOKEN}" \
                "${GITEA_URL}/api/v1/repos/${REPO}/releases/${RELEASE_ID}/assets/${EXISTING_ID}"
            fi
            curl -sSf -X POST \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/octet-stream" \
              "${GITEA_URL}/api/v1/repos/${REPO}/releases/${RELEASE_ID}/assets?name=$(printf '%s' "${filename}" | jq -sRr @uri)" \
              --data-binary "@${file}"
          done
          echo "Release ${VERSION} created with assets"
@@ -14,7 +14,7 @@
 **Any import not in this table or the Go standard library is forbidden.**
-Transitive dependencies of approved packages are automatically allowed.
+Only *direct* dependencies (listed in go.mod without `// indirect`) are checked against this allowlist. Transitive dependencies pulled in by approved packages are implicitly allowed.
 To request a new dependency:
 1. Open a PR that ONLY updates this table
@@ -9,7 +9,7 @@ AI-powered code review bot for Gitea pull requests. Fetches diff + context, send
 - **Smart budget**: Automatically trims context to fit model token limits
 - **Idempotent reviews**: Posts new review, then cleans up stale ones (one review per bot)
 - **Custom prompts**: Load additional instructions from a file (e.g. security-focused review)
- **Minimal dependencies**: Go stdlib + `gopkg.in/yaml.v3` only
+- **Zero dependencies**: Go stdlib only
 ## Quick Start: Composite Action
@@ -208,7 +208,7 @@ AI Core handles OAuth token management and deployment discovery automatically. M
 | `patterns-files` | No | `README.md` | Files/directories to fetch from pattern repos |
 | `system-prompt-file` | No | `""` | Local file with additional system prompt instructions |
 | `persona` | No | `""` | Built-in persona name (security, architect, docs) |
-| `persona-file` | No | `""` | Path to persona file (YAML or JSON) with custom review focus |
+| `persona-file` | No | `""` | Path to persona JSON file with custom review focus |
 | `temperature` | No | `0` | LLM temperature (0 = server default) |
 | `timeout` | No | `300` | LLM request timeout in seconds |
 | `dry-run` | No | `false` | Print review to stdout instead of posting |
@@ -329,12 +329,11 @@ All flags have environment variable equivalents:
 ### Token Scopes Required
 | Scope | Purpose |
-|-------|--------|
+|-------|---------|
 | `write:issue` | Post and delete reviews |
 | `write:repository` | Read PR diffs, file content, commit statuses |
 | `read:user` | Self-request as reviewer (optional but recommended) |
-Without `read:user`, the bot still works but cannot add itself to the PR's reviewer list.
+No `read:user` scope needed — the bot identifies itself from the review response.
 ## Development
@@ -409,38 +408,32 @@ Each persona posts independently with its own sentinel, so reviews don't interfe
 ### Custom Personas
-Create a YAML file with your domain-specific review focus:
+Create a JSON file with your domain-specific review focus:
-```yaml
+```json
-# .review/personas/trading.yaml
+// .review/personas/trading.json
-name: trading
+{
-display_name: Trading Domain Expert
+  "name": "trading",
-
+  "display_name": "Trading Domain Expert",
-identity: |
+  "identity": "You are a trading systems expert reviewing code for correctness.\n\nYour expertise:\n- Order lifecycle and state machines\n- Fill handling and partial fills\n- Position tracking and P&L calculations\n- Event sourcing invariants",
-  You are a trading systems expert reviewing code for correctness.
+  "focus": [
-
+    "Order state machine correctness",
-  Your expertise:
+    "Fill handling edge cases (partial, overfill)",
-  - Order lifecycle and state machines
+    "Position and P&L calculation accuracy",
-  - Fill handling and partial fills
+    "Event replay determinism",
-  - Position tracking and P&L calculations
+    "Decimal precision for money"
-  - Event sourcing invariants
+  ],
-
+  "ignore": [
-focus:
+    "Code style",
-  - Order state machine correctness
+    "General performance",
-  - Fill handling edge cases (partial, overfill)
+    "Documentation formatting"
-  - Position and P&L calculation accuracy
+  ],
-  - Event replay determinism
+  "severity": {
-  - Decimal precision for money
+    "major": "Bugs that cause incorrect positions, fills, or money calculations",
-
+    "minor": "Edge cases that could cause issues under unusual conditions",
-ignore:
+    "nit": "Clarity improvements for domain logic"
-  - Code style
+  }
-  - General performance
+}
  - Documentation formatting
 severity:
  major: "Bugs that cause incorrect positions, fills, or money calculations"
  minor: "Edge cases that could cause issues under unusual conditions"
  nit: "Clarity improvements for domain logic"
 ```
 Use it in CI:
@@ -449,24 +442,17 @@ Use it in CI:
 - uses: rodin/review-bot/.gitea/actions/review@v1
  with:
    reviewer-name: trading
-    persona-file: .review/personas/trading.yaml
+    persona-file: .review/personas/trading.json
    ...
 ```
 YAML is the recommended format for personas because it supports:
 - Multi-line strings with `|` blocks (cleaner identity definitions)
 - Comments for documentation
 - More readable arrays and nested structures
 JSON is also supported for backwards compatibility—just use `.json` extension.
 ### Persona vs system-prompt-file
 | Feature | `persona` / `persona-file` | `system-prompt-file` |
 |---------|---------------------------|----------------------|
 | Replaces base prompt | Yes | No (appends) |
-| Structured format | Yes (YAML/JSON) | No (freeform) |
+| Structured format | Yes (JSON) | No (freeform) |
 | Focus/ignore lists | Yes | Manual |
 | Severity calibration | Yes | Manual |
 | Header display name | Yes | No |
@@ -54,8 +54,8 @@ func main() {
 	logFormat := flag.String("log-format", envOrDefault("LOG_FORMAT", "text"), "Log output format: text or json")
 	verbosity := flag.String("verbosity", envOrDefault("LOG_VERBOSITY", "info"), "Log verbosity: debug, info, warn, error")
 	// CLI flags
-	giteaURL := flag.String("gitea-url", envOrDefault("GITEA_URL", envOrDefault("GITHUB_SERVER_URL", "")), "Gitea instance URL")
+	giteaURL := flag.String("gitea-url", envOrDefault("GITEA_URL", ""), "Gitea instance URL")
-	repo := flag.String("repo", envOrDefault("GITEA_REPO", envOrDefault("GITHUB_REPOSITORY", "")), "Repository (owner/name)")
+	repo := flag.String("repo", envOrDefault("GITEA_REPO", ""), "Repository (owner/name)")
 	prNum := flag.String("pr", envOrDefault("PR_NUMBER", ""), "Pull request number")
 	reviewerName := flag.String("reviewer-name", envOrDefault("REVIEWER_NAME", ""), "Reviewer display name")
 	reviewerToken := flag.String("reviewer-token", envOrDefault("REVIEWER_TOKEN", ""), "Gitea token for posting review")
@@ -79,6 +79,7 @@ func main() {
 	aicoreAPIURL := flag.String("aicore-api-url", envOrDefault("AICORE_API_URL", ""), "SAP AI Core API URL (for provider=aicore)")
 	aicoreResourceGroup := flag.String("aicore-resource-group", envOrDefault("AICORE_RESOURCE_GROUP", "default"), "SAP AI Core resource group (for provider=aicore)")
 	flag.Parse()
 	flag.Parse()
 	if *versionFlag {
@@ -115,7 +116,29 @@ func main() {
 		os.Exit(1)
 	}
-	// NOTE: Persona loading deferred until after Gitea client init to support repo personas
+	// Load persona if specified
 	var persona *review.Persona
 	if *personaName != "" {
 		var err error
 		persona, err = review.LoadBuiltinPersona(*personaName)
 		if err != nil {
 			slog.Error("failed to load persona", "persona", *personaName, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded built-in persona", "persona", persona.Name, "display", persona.DisplayName)
 	} else if *personaFile != "" {
 		resolvedPath, err := validateWorkspacePath(*personaFile, "persona-file")
 		if err != nil {
 			slog.Error("invalid persona-file path", "error", err)
 			os.Exit(1)
 		}
 		persona, err = review.LoadPersona(resolvedPath)
 		if err != nil {
 			slog.Error("failed to load persona file", "file", *personaFile, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded persona from file", "file", *personaFile, "persona", persona.Name)
 	}
 	// Validate reviewer-name: only safe characters allowed in sentinel
 	if err := validateReviewerName(*reviewerName); err != nil {
@@ -173,43 +196,6 @@ func main() {
 	ctx, cancel := context.WithTimeout(context.Background(), overallTimeout)
 	defer cancel()
 	// Load persona if specified (after Gitea client init to support repo personas)
 	var persona *review.Persona
 	if *personaName != "" {
 		// Try loading from repo first, then fall back to built-in
 		repoPersonas, err := review.LoadRepoPersonas(ctx, newGiteaClientAdapter(giteaClient), owner, repoName)
 		if err != nil {
 			slog.Warn("could not load repo personas", "repo", owner+"/"+repoName, "error", err)
 			// Continue with built-in personas only.
 			// NOTE: repoPersonas is nil here, but map indexing on a nil map is safe in Go
 			// (returns the zero value), so the fallback to built-in below works correctly.
 		}
 		if p, ok := repoPersonas[*personaName]; ok {
 			persona = p
 			slog.Info("loaded repo persona", "persona", persona.Name, "display", persona.DisplayName, "repo", owner+"/"+repoName)
 		} else {
 			// Fall back to built-in
 			persona, err = review.LoadBuiltinPersona(*personaName)
 			if err != nil {
 				slog.Error("failed to load persona", "persona", *personaName, "error", err)
 				os.Exit(1)
 			}
 			slog.Info("loaded built-in persona", "persona", persona.Name, "display", persona.DisplayName)
 		}
 	} else if *personaFile != "" {
 		resolvedPath, err := validateWorkspacePath(*personaFile, "persona-file")
 		if err != nil {
 			slog.Error("invalid persona-file path", "error", err)
 			os.Exit(1)
 		}
 		persona, err = review.LoadPersona(resolvedPath)
 		if err != nil {
 			slog.Error("failed to load persona file", "file", *personaFile, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded persona from file", "file", *personaFile, "persona", persona.Name)
 	}
 	slog.Info("reviewing pull request", "pr", prNumber, "repo", fmt.Sprintf("%s/%s", owner, repoName))
 	// Step 1: Fetch PR metadata
@@ -544,9 +530,6 @@ func fetchPatterns(ctx context.Context, client *gitea.Client, patternsRepo, patt
 		}
 		owner, repo := parts[0], parts[1]
 		var repoLoadedFiles []string
 		var repoSkippedFiles []string
 		for _, path := range paths {
 			path = strings.TrimSpace(path)
 			if path == "" {
@@ -562,22 +545,11 @@ func fetchPatterns(ctx context.Context, client *gitea.Client, patternsRepo, patt
 			for filePath, content := range files {
 				// Only include markdown and text files as patterns
 				if !isPatternFile(filePath) {
 					repoSkippedFiles = append(repoSkippedFiles, filePath)
 					continue
 				}
 				repoLoadedFiles = append(repoLoadedFiles, filePath)
 				sb.WriteString(fmt.Sprintf("### %s/%s\n\n%s\n\n", repoRef, filePath, content))
 			}
 		}
 		if len(repoLoadedFiles) > 0 {
 			slog.Info("loaded pattern files", "repo", repoRef, "count", len(repoLoadedFiles), "files", repoLoadedFiles)
 		} else {
 			slog.Warn("no pattern files loaded", "repo", repoRef, "paths", paths)
 		}
 		if len(repoSkippedFiles) > 0 {
 			slog.Debug("skipped non-pattern files", "repo", repoRef, "count", len(repoSkippedFiles), "files", repoSkippedFiles)
 		}
 	}
 	return sb.String()
 }
@@ -811,32 +783,3 @@ func shouldSkipStaleReview(evaluatedSHA, currentSHA string) bool {
 	}
 	return evaluatedSHA != currentSHA
 }
 // giteaClientAdapter adapts gitea.Client to review.GiteaClient interface.
 type giteaClientAdapter struct {
 	client *gitea.Client
 }
 func newGiteaClientAdapter(c *gitea.Client) *giteaClientAdapter {
 	return &giteaClientAdapter{client: c}
 }
 func (a *giteaClientAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
 	entries, err := a.client.ListContents(ctx, owner, repo, path)
 	if err != nil {
 		return nil, err
 	}
 	result := make([]review.ContentEntry, len(entries))
 	for i, e := range entries {
 		result[i] = review.ContentEntry{
 			Name: e.Name,
 			Path: e.Path,
 			Type: e.Type,
 		}
 	}
 	return result, nil
 }
 func (a *giteaClientAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
 	return a.client.GetFileContent(ctx, owner, repo, filepath)
 }
@@ -1,108 +0,0 @@
 # Design: YAML Support for Persona Files (#57)
 ## Problem
 JSON is awkward for persona files that contain multi-line text (identity, severity descriptions). YAML supports cleaner multi-line strings and comments, improving readability and maintainability.
 ## Constraints
 - Backwards compatibility: existing JSON personas must continue to work
 - Security: protect against DoS via deeply nested YAML (AIKIDO-2024-10486)
 - Consistency: use `.yaml` extension (not `.yml`)
 - Library: use `gopkg.in/yaml.v3` (approved in CONVENTIONS.md) with explicit depth limiting
 ## Proposed Approach
 1. **Update `parsePersona`** to detect format from file extension
 2. **Add YAML parsing** with explicit depth limit (defense in depth)
 3. **Keep JSON as fallback** for files without `.yaml`/`.yml` extension
 4. **Convert built-in personas** to YAML format
 5. **Update embed directive** to include both formats
 ### File Extension Detection
 ```go
 func parsePersona(data []byte, source string) (*Persona, error) {
    isYAML := strings.HasSuffix(source, ".yaml") || strings.HasSuffix(source, ".yml")
    if isYAML {
        return parseYAML(data, source)
    }
    return parseJSON(data, source)
 }
 ```
 ### YAML Parsing with Depth Protection
 ```go
 func unmarshalYAMLWithDepthLimit(data []byte, out any, maxDepth int) error {
    var node yaml.Node
    dec := yaml.NewDecoder(bytes.NewReader(data))
    if err := dec.Decode(&node); err != nil {
        return err
    }
    if err := checkYAMLDepth(&node, 0, maxDepth); err != nil {
        return err
    }
    return node.Decode(out)
 }
 func checkYAMLDepth(node *yaml.Node, depth, maxDepth int) error {
    if depth > maxDepth {
        return fmt.Errorf("YAML nesting depth exceeds maximum (%d)", maxDepth)
    }
    // Handle alias nodes by following the Alias pointer
    if node.Kind == yaml.AliasNode && node.Alias != nil {
        return checkYAMLDepth(node.Alias, depth, maxDepth)
    }
    for _, child := range node.Content {
        if err := checkYAMLDepth(child, depth+1, maxDepth); err != nil {
            return err
        }
    }
    return nil
 }
 ```
 The `gopkg.in/yaml.v3` library does not have built-in depth protection, so we implement explicit depth checking by first decoding into a `yaml.Node`, walking the tree to verify depth (including alias resolution), then decoding into the target struct.
 ## State/Data Model
 No new state. Same `Persona` struct, just different parsing.
 ## Error Cases
 | Error | Handling |
 |-------|----------|
 | Invalid YAML syntax | Return parse error with source file |
 | Deeply nested YAML | Library rejects (v1.16.0+ fix) |
 | Unknown extension | Fall back to JSON parsing |
 | Missing required fields | Validation rejects after parse |
 ## Edge Cases
 - File with `.json` extension but YAML content → JSON parse fails, user sees error
 - File with no extension → defaults to JSON
 - Embedded persona reference like `builtin:security` → detect by embed path (`personas/X.yaml`)
 ## Testing Strategy
 1. Unit tests for YAML parsing (valid, invalid, deeply nested)
 2. Unit tests for extension detection
 3. Integration test for built-in personas (now YAML)
 4. Backwards compat test: verify JSON still works for external files
 ## Completion Checklist
 1. [ ] `go-yaml` dependency added at v1.16.0+
 2. [ ] Extension detection uses case-insensitive comparison
 3. [ ] YAML parse errors include source file name
 4. [ ] JSON parsing still works for `.json` files
 5. [ ] Built-in personas converted to YAML with readable multi-line strings
 6. [ ] Embed directive updated to include `*.yaml`
 7. [ ] Test for deeply nested YAML rejection
 8. [ ] All existing tests pass
 ## Open Questions
 - Should we support both `.yaml` AND `.yml`? Issue says `.yaml` only for consistency, but some users expect `.yml`. **Decision:** Support both for reading, recommend `.yaml` in docs.
 - Should we add a "format" field to detect mismatched extension/content? **Decision:** No, keep it simple. Extension determines format.
@@ -1,268 +0,0 @@
 # GitHub Support for review-bot
 ## Goal
 AI code reviews on GitHub PRs using SAP AI Core as the LLM provider.
 ## Non-Goals
 - Auto-detection of platform (explicit `--provider` flag is fine)
 - Unifying into one abstraction layer for its own sake
 ## Constraints
 1. **Same features on both platforms** — anything review-bot does on Gitea should work on GitHub
 2. **Testable** — small interfaces, dependency injection, no global state
 3. **Interface from working code** — extract from gitea/, don't invent in vacuum
 ---
 ## Part 1: Feature Inventory
 What does review-bot actually do?
 ### Core Review Flow
 | Feature | Description |
 |---------|-------------|
 | Get PR metadata | Title, body, head SHA, base ref |
 | Get PR diff | Unified diff format |
 | Get PR files | List of changed files with status |
 | Get file content | Raw file at ref |
 | List directory | Enumerate files in path |
 | Post review | Body + inline comments + verdict |
 ### Review Management
 | Feature | Description |
 |---------|-------------|
 | List reviews | Get existing reviews on PR |
 | Delete review | Remove old review before re-posting |
 | Get authenticated user | Who am I? |
 ### Platform-Specific (not in shared interface)
 | Feature | Gitea | GitHub |
 |---------|-------|--------|
 | Resolve comment | Yes | No equivalent |
 | Timeline API | Yes | No equivalent |
 These stay on gitea.Client directly. Callers that need them type-assert.
 ---
 ## Part 2: GitHub API Mapping
 | Feature | Gitea API | GitHub API |
 |---------|-----------|------------|
 | Get PR | `GET /api/v1/repos/.../pulls/{n}` | `GET /repos/.../pulls/{n}` |
 | Get diff | `.diff` suffix | `Accept: application/vnd.github.diff` header |
 | Get files | `GET .../pulls/{n}/files` | Same |
 | Get file content | `GET .../raw/{path}?ref=` | `GET .../contents/{path}?ref=` + base64 decode |
 | List directory | `GET .../contents/{path}` | Same |
 | Post review | `POST .../pulls/{n}/reviews` | Same (adapter handles comment schema) |
 | List reviews | `GET .../pulls/{n}/reviews` | Same |
 | Delete review | `DELETE .../pulls/{n}/reviews/{id}` | Same |
 | Get user | `GET /api/v1/user` | `GET /user` |
 ---
 ## Part 3: Interface Design
 **Principle:** Extract from working gitea/ code. The interface is discovered, not invented.
 ### Small, role-based interfaces
 ```go
 // vcs/interfaces.go
 type PRReader interface {
    GetPullRequest(ctx context.Context, owner, repo string, number int) (*PullRequest, error)
    GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error)
    GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]ChangedFile, error)
 }
 type FileReader interface {
    GetFileContent(ctx context.Context, owner, repo, path, ref string) (string, error)
    ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error)
 }
 type Reviewer interface {
    PostReview(ctx context.Context, owner, repo string, number int, req ReviewRequest) (*Review, error)
    ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error)
    DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error
 }
 type Identity interface {
    GetAuthenticatedUser(ctx context.Context) (string, error)
 }
 // Client combines all for callers that need everything
 type Client interface {
    PRReader
    FileReader
    Reviewer
    Identity
 }
 ```
 ### Types
 Use what gitea/ already has. Move to vcs/types.go or re-export.
 ```go
 type PullRequest struct { ... }   // from gitea.PullRequest
 type ChangedFile struct { ... }   // from gitea.ChangedFile
 type ContentEntry struct { ... }  // from gitea.ContentEntry
 type Review struct { ... }        // from gitea.Review
 type ReviewRequest struct { ... } // new, for PostReview input
 type ReviewComment struct { ... } // from gitea.ReviewComment
 ```
 ### Adapter responsibilities
 Each adapter (gitea, github) handles:
 - API URL construction
 - Auth header format (`token` vs `Bearer`)
 - Request/response mapping
 - Comment schema translation (line numbers, commit IDs, etc.)
 ---
 ## Part 4: Test Plan
 ### Unit Tests (mock HTTP)
 ```
 github/
  pr_test.go        # TestGetPullRequest, TestGetDiff, TestGetFiles
  files_test.go     # TestGetFileContent, TestListContents
  review_test.go    # TestPostReview, TestListReviews, TestDeleteReview
  identity_test.go  # TestGetAuthenticatedUser
 ```
 Per method: happy path, 404, 401, 429, malformed response.
 ### Integration Tests
 Against github.com/aweiker/ai-core-review-bot:
 - Fetch real PR
 - Fetch real file
 - Post + delete review (clean up)
 ### End-to-End
 Open PR on test repo, run full review-bot, verify review appears.
 ---
 ## Part 5: Implementation Phases
 ### Phase 1: Extract interfaces from gitea/
 **Work:**
 - Create `vcs/interfaces.go` with interfaces extracted from gitea/client.go signatures
 - Create `vcs/types.go` — move or alias types from gitea/
 - Verify gitea.Client satisfies vcs.Client (compile-time check)
 **Exit criteria:** `var _ vcs.Client = (*gitea.Client)(nil)` compiles.
 ---
 ### Phase 2: Gitea adapter (if needed)
 **Work:**
 - If gitea.Client method signatures don't match exactly, create wrapper
 - Keep gitea/ working exactly as before
 **Exit criteria:** Existing tests pass. No behavior change.
 ---
 ### Phase 3: GitHub client — PRReader
 **Work:**
 - `github/client.go` — struct, constructor, HTTP helpers
 - `github/pr.go` — GetPullRequest, GetPullRequestDiff, GetPullRequestFiles
 - Unit tests
 **Exit criteria:** `go test ./github/...` passes for PR methods.
 ---
 ### Phase 4: GitHub client — FileReader
 **Work:**
 - `github/files.go` — GetFileContent, ListContents
 - Unit tests
 **Exit criteria:** Unit tests pass.
 ---
 ### Phase 5: GitHub client — Reviewer + Identity
 **Work:**
 - `github/review.go` — PostReview, ListReviews, DeleteReview
 - `github/identity.go` — GetAuthenticatedUser
 - Unit tests
 **Exit criteria:** Unit tests pass.
 ---
 ### Phase 6: Integration tests
 **Work:**
 - `integration/github_test.go`
 - Test against real GitHub
 **Exit criteria:** All integration tests pass.
 ---
 ### Phase 7: Wire into cmd/review-bot
 **Work:**
 - Add `--provider github|gitea` flag (default: gitea for backward compat)
 - Select client based on flag
 - Update to use vcs interfaces where it makes sense
 **Exit criteria:**
 - `./review-bot --provider github ...` works
 - `./review-bot --provider gitea ...` works (same as before)
 - Existing Gitea workflows unchanged
 ---
 ### Phase 8: GitHub Actions workflow + releases
 **Work:**
 - `.github/workflows/ci.yml` — test on PR
 - `.github/workflows/release.yml` — publish binary to GitHub releases
 - `.github/actions/review/action.yml` — composite action
 - Action downloads binary from github.com/aweiker/ai-core-review-bot releases
 **Exit criteria:** 
 - CI runs on github.com/aweiker/ai-core-review-bot
 - Release creates downloadable binary
 - Review action posts review successfully
 ---
 ## Part 6: Decisions
 | Question | Decision |
 |----------|----------|
 | Auth token | Workflow `GITHUB_TOKEN` (automatic) |
 | Binary distribution | GitHub releases on aweiker/ai-core-review-bot |
 | Comment schema | Adapter's job — translate ReviewComment to platform format |
 | Default provider | `gitea` for backward compatibility |
 | Shared types | vcs/types.go (extracted from gitea/) |
 | Platform-specific features | Stay on concrete client, not interface |
 ---
 ## Summary
 8 phases. Start by extracting interfaces from working gitea/ code, not inventing them. GitHub implements the same interfaces. Each phase has clear exit criteria.
@@ -11,11 +11,9 @@ import (
 	"fmt"
 	"io"
 	"log/slog"
 	"net"
 	"net/http"
 	"net/url"
 	"strings"
 	"syscall"
 	"time"
 )
@@ -41,26 +39,12 @@ func IsNotFound(err error) bool {
 	return errors.As(err, &apiErr) && apiErr.StatusCode == http.StatusNotFound
 }
 // IsServerError reports whether an error is an API 5xx response.
 func IsServerError(err error) bool {
 	var apiErr *APIError
 	return errors.As(err, &apiErr) && apiErr.StatusCode >= 500 && apiErr.StatusCode < 600
 }
 // Client interacts with the Gitea API.
 // A Client is safe for concurrent use by multiple goroutines.
 type Client struct {
 	baseURL string
 	token   string
 	http    *http.Client
 	// RetryBackoff defines the delays between retry attempts.
 	// RetryBackoff[i] is the delay before attempt i+1 (after attempt i fails).
 	// If nil, defaults to {1s, 2s}. Set to shorter durations in tests.
 	//
 	// This field must be configured before the first request is made.
 	// Modifying it while requests are in flight is not safe.
 	RetryBackoff []time.Duration
 }
 // NewClient creates a new Gitea API client.
@@ -72,12 +56,6 @@ func NewClient(baseURL, token string) *Client {
 	}
 }
 // SetHTTPClient sets the underlying HTTP client used for requests.
 // This is intended for testing to inject mock transports.
 func (c *Client) SetHTTPClient(hc *http.Client) {
 	c.http = hc
 }
 // PullRequest holds relevant PR metadata.
 type PullRequest struct {
 	Title string `json:"title"`
@@ -232,185 +210,24 @@ func (c *Client) PostReview(ctx context.Context, owner, repo string, number int,
 	return &review, nil
 }
 // isTemporaryNetError reports whether err is a temporary network error worth retrying.
 // This includes connection refused, network unreachable, connection reset, and DNS
 // timeouts. It explicitly excludes permanent errors like permission denied or
 // "no such host" DNS failures.
 func isTemporaryNetError(err error) bool {
 	if err == nil {
 		return false
 	}
 	// Check for OpError and inspect the underlying syscall error.
 	// Not all OpErrors are transient — permission denied, for example, is permanent.
 	var opErr *net.OpError
 	if errors.As(err, &opErr) {
 		return isRetriableSyscallError(opErr.Err)
 	}
 	// DNS errors: only retry on timeout, not on "no such host" which is permanent.
 	var dnsErr *net.DNSError
 	if errors.As(err, &dnsErr) {
 		return dnsErr.IsTimeout
 	}
 	// Check for net.Error with Timeout() (Temporary is deprecated)
 	var netErr net.Error
 	if errors.As(err, &netErr) {
 		return netErr.Timeout()
 	}
 	return false
 }
 // isRetriableSyscallError reports whether the underlying error from a net.OpError
 // is a transient syscall error worth retrying.
 func isRetriableSyscallError(err error) bool {
 	if err == nil {
 		return false
 	}
 	// Check for syscall.Errno directly or wrapped
 	var errno syscall.Errno
 	if errors.As(err, &errno) {
 		switch errno {
 		case syscall.ECONNREFUSED, // connection refused — server not listening
 			syscall.ECONNRESET,   // connection reset by peer
 			syscall.ENETUNREACH,  // network unreachable
 			syscall.EHOSTUNREACH, // host unreachable
 			syscall.ETIMEDOUT:    // connection timed out
 			return true
 		default:
 			// EACCES, EPERM, etc. are permanent — don't retry
 			return false
 		}
 	}
 	// If we can't identify the specific syscall error, be conservative and retry.
 	// This handles wrapped errors or platform-specific error types.
 	// The retry count is limited, so erring on the side of retrying is safe.
 	return true
 }
 // redactURL strips query parameters from a URL for safe logging.
 // This prevents accidental exposure of sensitive data that future callers
 // might pass via query strings.
 func redactURL(rawURL string) string {
 	parsed, err := url.Parse(rawURL)
 	if err != nil {
 		// If we cannot parse it, return a safe placeholder rather than
 		// potentially logging something sensitive.
 		return "[invalid URL]"
 	}
 	if parsed.RawQuery != "" {
 		parsed.RawQuery = "[redacted]"
 	}
 	return parsed.String()
 }
 // sanitizeErrorForLog returns a loggable version of an error that omits
 // potentially sensitive content like response bodies. For APIError, only
 // the status code is included; for other errors, the type is preserved.
 func sanitizeErrorForLog(err error) string {
 	if err == nil {
 		return "<nil>"
 	}
 	var apiErr *APIError
 	if errors.As(err, &apiErr) {
 		return fmt.Sprintf("HTTP %d", apiErr.StatusCode)
 	}
 	return err.Error()
 }
 // doGet performs an HTTP GET request with retry on 5xx errors and temporary
 // network errors. Retries up to 3 times with exponential backoff (1s, 2s delays
 // by default; configurable via Client.RetryBackoff for testing).
 func (c *Client) doGet(ctx context.Context, reqURL string) ([]byte, error) {
-	const maxAttempts = 3
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, reqURL, nil)
-	// backoff[i] is the delay before attempt i+1 (i.e., after attempt i fails).
+	if err != nil {
-	// First attempt (i=0) has no delay; retries wait 1s then 2s by default.
+		return nil, err
 	backoff := c.RetryBackoff
 	if backoff == nil {
 		backoff = []time.Duration{1 * time.Second, 2 * time.Second}
 	}
 	req.Header.Set("Authorization", "token "+c.token)
-	// maxErrorBodyBytes limits how much of an error response body we read
+	resp, err := c.http.Do(req)
-	// to protect against malicious servers sending unbounded data.
+	if err != nil {
-	const maxErrorBodyBytes = 64 * 1024 // 64 KB
+		return nil, err
 	var lastErr error
 	for attempt := 0; attempt < maxAttempts; attempt++ {
 		if attempt > 0 {
 			// Determine delay: use backoff slice if available, otherwise retry immediately.
 			// An empty RetryBackoff slice means "retry without delay" — this is intentional
 			// as the caller explicitly configured no delays.
 			var delay time.Duration
 			if attempt-1 < len(backoff) {
 				delay = backoff[attempt-1]
 			}
 			if delay > 0 {
 				slog.Warn("retrying request after error",
 					"attempt", attempt+1,
 					"url", redactURL(reqURL),
 					"delay", delay.String(),
 					"lastError", sanitizeErrorForLog(lastErr))
 				timer := time.NewTimer(delay)
 				select {
 				case <-timer.C:
 				case <-ctx.Done():
 					timer.Stop()
 					return nil, ctx.Err()
 				}
 			}
 		}
 		req, err := http.NewRequestWithContext(ctx, http.MethodGet, reqURL, nil)
 		if err != nil {
 			return nil, err
 		}
 		req.Header.Set("Authorization", "token "+c.token)
 		resp, err := c.http.Do(req)
 		if err != nil {
 			// Always capture the error for consistent return at loop end.
 			// This ensures both network errors and HTTP 5xx return lastErr.
 			lastErr = err
 			// Only retry temporary network errors when attempts remain.
 			if attempt < maxAttempts-1 && isTemporaryNetError(err) {
 				slog.Warn("temporary network error, will retry",
 					"attempt", attempt+1,
 					"url", redactURL(reqURL),
 					"error", err)
 				continue
 			}
 			// Non-retryable network error or final attempt exhausted.
 			return nil, lastErr
 		}
 		if resp.StatusCode >= 200 && resp.StatusCode < 300 {
 			body, err := io.ReadAll(resp.Body)
 			resp.Body.Close()
 			if err != nil {
 				return nil, err
 			}
 			return body, nil
 		}
 		// Error path: limit how much we read from potentially malicious server
 		errBody, _ := io.ReadAll(io.LimitReader(resp.Body, maxErrorBodyBytes))
 		resp.Body.Close()
 		lastErr = &APIError{StatusCode: resp.StatusCode, Body: string(errBody)}
 		// Only retry on 5xx server errors
 		if resp.StatusCode < 500 || resp.StatusCode >= 600 {
 			return nil, lastErr
 		}
 	}
 	defer resp.Body.Close()
-	return nil, lastErr
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		body, _ := io.ReadAll(resp.Body)
 		return nil, &APIError{StatusCode: resp.StatusCode, Body: string(body)}
 	}
 	return io.ReadAll(resp.Body)
 }
 // escapePath escapes each segment of a relative file path for use in URLs.
@@ -434,13 +251,7 @@ type ContentEntry struct {
 // ListContents lists files and directories at a given path in a repo.
 // Pass an empty path to list the repository root.
 // If the path points to a file (not a directory), Gitea returns a single
 // object instead of an array; this method normalizes both cases to a slice.
 func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
 	// Normalize "." to empty string — Gitea API rejects "." with 500
 	if path == "." {
 		path = ""
 	}
 	var reqURL string
 	if path == "" {
 		reqURL = fmt.Sprintf("%s/api/v1/repos/%s/%s/contents", c.baseURL, url.PathEscape(owner), url.PathEscape(repo))
@@ -453,16 +264,7 @@ func (c *Client) ListContents(ctx context.Context, owner, repo, path string) ([]
 	}
 	var entries []ContentEntry
 	if err := json.Unmarshal(body, &entries); err != nil {
-		// Gitea returns a single object (not an array) when path is a file
+		return nil, fmt.Errorf("parse contents JSON: %w", err)
 		var single ContentEntry
 		if err2 := json.Unmarshal(body, &single); err2 != nil {
 			return nil, fmt.Errorf("parse contents JSON: %w", err)
 		}
 		// Guard against empty/malformed responses
 		if single.Name == "" && single.Path == "" {
 			return nil, fmt.Errorf("parse contents JSON: empty response for path %q", path)
 		}
 		entries = []ContentEntry{single}
 	}
 	return entries, nil
 }
@@ -515,9 +317,9 @@ func (c *Client) GetAllFilesInPath(ctx context.Context, owner, repo, path string
 // Review represents a pull request review from the Gitea API.
 type Review struct {
-	ID   int64  `json:"id"`
+	ID       int64  `json:"id"`
-	Body string `json:"body"`
+	Body     string `json:"body"`
-	User struct {
+	User     struct {
 		Login string `json:"login"`
 	} `json:"user"`
 	State    string `json:"state"`
@@ -6,14 +6,10 @@ import (
 	"errors"
 	"fmt"
 	"io"
 	"net"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"sync/atomic"
 	"syscall"
 	"testing"
 	"time"
 )
 func TestGetPullRequest(t *testing.T) {
@@ -280,64 +276,11 @@ func TestListContents(t *testing.T) {
 	}
 }
 func TestListContents_DotPath(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// "." should be normalized to empty path, which hits the root contents endpoint
 		if r.URL.Path != "/api/v1/repos/owner/repo/contents" {
 			t.Errorf("expected root contents path, got: %s", r.URL.Path)
 		}
 		w.Header().Set("Content-Type", "application/json")
 		fmt.Fprintf(w, `[{"name":"README.md","path":"README.md","type":"file"}]`)
 	}))
 	defer server.Close()
 	client := NewClient(server.URL, "test-token")
 	entries, err := client.ListContents(context.Background(), "owner", "repo", ".")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(entries) != 1 {
 		t.Fatalf("expected 1 entry, got %d", len(entries))
 	}
 	if entries[0].Name != "README.md" {
 		t.Errorf("expected README.md, got %s", entries[0].Name)
 	}
 }
 func TestListContents_FilePath(t *testing.T) {
 	// Gitea returns a single object (not an array) when path is a file
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path != "/api/v1/repos/owner/repo/contents/README.md" {
 			t.Errorf("unexpected path: %s", r.URL.Path)
 		}
 		w.Header().Set("Content-Type", "application/json")
 		// Single object, not an array
 		fmt.Fprintf(w, `{"name":"README.md","path":"README.md","type":"file"}`)
 	}))
 	defer server.Close()
 	client := NewClient(server.URL, "test-token")
 	entries, err := client.ListContents(context.Background(), "owner", "repo", "README.md")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(entries) != 1 {
 		t.Fatalf("expected 1 entry, got %d", len(entries))
 	}
 	if entries[0].Name != "README.md" {
 		t.Errorf("expected README.md, got %s", entries[0].Name)
 	}
 	if entries[0].Type != "file" {
 		t.Errorf("expected type file, got %s", entries[0].Type)
 	}
 }
 func TestGetAllFilesInPath_File(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/api/v1/repos/owner/repo/contents/README.md" {
-			// Gitea returns a single object (not array) when path is a file
+			// Gitea returns 404 for contents API on files (it's not a dir)
-			w.Header().Set("Content-Type", "application/json")
+			http.NotFound(w, r)
 			fmt.Fprintf(w, `{"name":"README.md","path":"README.md","type":"file"}`)
 			return
 		}
 		if r.URL.Path == "/api/v1/repos/owner/repo/raw/README.md" {
@@ -641,9 +584,9 @@ func TestGetAllFilesInPath_403Propagates(t *testing.T) {
 func TestIsNotFound(t *testing.T) {
 	tests := []struct {
-		name string
+		name   string
-		err  error
+		err    error
-		want bool
+		want   bool
 	}{
 		{"nil error", nil, false},
 		{"non-API error", fmt.Errorf("network timeout"), false},
@@ -800,347 +743,3 @@ func TestResolveComment_Error(t *testing.T) {
 		t.Fatal("expected error for 404 response")
 	}
 }
 func TestIsServerError(t *testing.T) {
 	tests := []struct {
 		name string
 		err  error
 		want bool
 	}{
 		{"nil error", nil, false},
 		{"non-API error", fmt.Errorf("network timeout"), false},
 		{"404 APIError", &APIError{StatusCode: 404, Body: "not found"}, false},
 		{"500 APIError", &APIError{StatusCode: 500, Body: "server error"}, true},
 		{"502 APIError", &APIError{StatusCode: 502, Body: "bad gateway"}, true},
 		{"503 APIError", &APIError{StatusCode: 503, Body: "unavailable"}, true},
 		{"599 APIError", &APIError{StatusCode: 599, Body: "edge case"}, true},
 		{"600 not server error", &APIError{StatusCode: 600, Body: "edge"}, false},
 		{"400 not server error", &APIError{StatusCode: 400, Body: "bad request"}, false},
 		{"wrapped 500", fmt.Errorf("fetch: %w", &APIError{StatusCode: 500, Body: "err"}), true},
 		{"wrapped 404", fmt.Errorf("fetch: %w", &APIError{StatusCode: 404, Body: "err"}), false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := IsServerError(tt.err)
 			if got != tt.want {
 				t.Errorf("IsServerError(%v) = %v, want %v", tt.err, got, tt.want)
 			}
 		})
 	}
 }
 func TestDoGet_RetriesOn500(t *testing.T) {
 	attempts := 0
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attempts++
 		if attempts < 3 {
 			w.WriteHeader(http.StatusInternalServerError)
 			w.Write([]byte(`{"message":"transient error"}`))
 			return
 		}
 		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(`{"data":"success"}`))
 	}))
 	defer server.Close()
 	client := NewClient(server.URL, "test-token")
 	// Use short backoff for fast tests
 	client.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
 	body, err := client.doGet(context.Background(), server.URL+"/test")
 	if err != nil {
 		t.Fatalf("expected success after retry, got error: %v", err)
 	}
 	if string(body) != `{"data":"success"}` {
 		t.Errorf("body = %q, want %q", string(body), `{"data":"success"}`)
 	}
 	if attempts != 3 {
 		t.Errorf("attempts = %d, want 3", attempts)
 	}
 }
 func TestDoGet_FailsAfterMaxRetries(t *testing.T) {
 	attempts := 0
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attempts++
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte(`{"message":"persistent error"}`))
 	}))
 	defer server.Close()
 	client := NewClient(server.URL, "test-token")
 	// Use short backoff for fast tests
 	client.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
 	_, err := client.doGet(context.Background(), server.URL+"/test")
 	if err == nil {
 		t.Fatal("expected error after max retries")
 	}
 	var apiErr *APIError
 	if !errors.As(err, &apiErr) {
 		t.Fatalf("expected APIError, got: %v", err)
 	}
 	if apiErr.StatusCode != http.StatusInternalServerError {
 		t.Errorf("status = %d, want 500", apiErr.StatusCode)
 	}
 	if attempts != 3 {
 		t.Errorf("attempts = %d, want 3 (max retries)", attempts)
 	}
 }
 func TestDoGet_NoRetryOn4xx(t *testing.T) {
 	attempts := 0
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attempts++
 		w.WriteHeader(http.StatusForbidden)
 		w.Write([]byte(`{"message":"forbidden"}`))
 	}))
 	defer server.Close()
 	client := NewClient(server.URL, "test-token")
 	_, err := client.doGet(context.Background(), server.URL+"/test")
 	if err == nil {
 		t.Fatal("expected error for 403")
 	}
 	var apiErr *APIError
 	if !errors.As(err, &apiErr) {
 		t.Fatalf("expected APIError, got: %v", err)
 	}
 	if apiErr.StatusCode != http.StatusForbidden {
 		t.Errorf("status = %d, want 403", apiErr.StatusCode)
 	}
 	if attempts != 1 {
 		t.Errorf("attempts = %d, want 1 (no retry on 4xx)", attempts)
 	}
 }
 func TestDoGet_RespectsContextCancellation(t *testing.T) {
 	attempts := 0
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		attempts++
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte(`{"message":"error"}`))
 	}))
 	defer server.Close()
 	ctx, cancel := context.WithCancel(context.Background())
 	client := NewClient(server.URL, "test-token")
 	// Use longer backoff to give us time to cancel during the wait
 	client.RetryBackoff = []time.Duration{100 * time.Millisecond, 100 * time.Millisecond}
 	// Cancel after first attempt returns and retry begins
 	go func() {
 		time.Sleep(20 * time.Millisecond)
 		cancel()
 	}()
 	_, err := client.doGet(ctx, server.URL+"/test")
 	if err == nil {
 		t.Fatal("expected error on context cancellation")
 	}
 	// Should have made 1 attempt, then context cancelled during backoff
 	if attempts != 1 {
 		t.Errorf("attempts = %d, expected 1 before context cancel during backoff", attempts)
 	}
 }
 // mockTransport is a test helper that returns errors for the first N calls,
 // then delegates to a real server.
 type mockTransport struct {
 	failCount    int32 // number of failures remaining (atomic)
 	failErr      error // error to return on failure
 	realServer   *httptest.Server
 	attemptsMade atomic.Int32 // tracks total attempts
 }
 func (m *mockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 	m.attemptsMade.Add(1)
 	remaining := atomic.AddInt32(&m.failCount, -1)
 	if remaining >= 0 {
 		// Still have failures to return
 		return nil, m.failErr
 	}
 	// Redirect to real server
 	req.URL.Host = m.realServer.Listener.Addr().String()
 	req.URL.Scheme = "http"
 	return http.DefaultTransport.RoundTrip(req)
 }
 func TestDoGet_RetriesOnTemporaryNetError(t *testing.T) {
 	// Real server that will handle successful requests
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		w.Write([]byte(`{"status":"ok"}`))
 	}))
 	defer server.Close()
 	// Mock transport: fail twice with ECONNREFUSED, then succeed
 	mt := &mockTransport{
 		failCount:  2,
 		failErr:    &net.OpError{Op: "dial", Net: "tcp", Err: syscall.ECONNREFUSED},
 		realServer: server,
 	}
 	client := NewClient("http://fake-host/", "test-token")
 	client.SetHTTPClient(&http.Client{Transport: mt})
 	client.RetryBackoff = []time.Duration{1 * time.Millisecond, 1 * time.Millisecond}
 	body, err := client.doGet(context.Background(), "http://fake-host/test")
 	if err != nil {
 		t.Fatalf("expected success after retries, got error: %v", err)
 	}
 	if string(body) != `{"status":"ok"}` {
 		t.Errorf("body = %q, want %q", string(body), `{"status":"ok"}`)
 	}
 	// Should have made exactly 3 attempts: 2 failures + 1 success
 	if got := mt.attemptsMade.Load(); got != 3 {
 		t.Errorf("attempts = %d, want 3 (2 failures + 1 success)", got)
 	}
 }
 func TestIsTemporaryNetError(t *testing.T) {
 	tests := []struct {
 		name string
 		err  error
 		want bool
 	}{
 		{"nil error", nil, false},
 		{"plain error", fmt.Errorf("some error"), false},
 		// OpError with retriable syscall errors
 		{"OpError ECONNREFUSED", &net.OpError{Op: "dial", Err: syscall.ECONNREFUSED}, true},
 		{"OpError ECONNRESET", &net.OpError{Op: "read", Err: syscall.ECONNRESET}, true},
 		{"OpError ENETUNREACH", &net.OpError{Op: "dial", Err: syscall.ENETUNREACH}, true},
 		{"OpError EHOSTUNREACH", &net.OpError{Op: "dial", Err: syscall.EHOSTUNREACH}, true},
 		{"OpError ETIMEDOUT", &net.OpError{Op: "dial", Err: syscall.ETIMEDOUT}, true},
 		// OpError with permanent syscall errors — should NOT retry
 		{"OpError EACCES", &net.OpError{Op: "dial", Err: syscall.EACCES}, false},
 		{"OpError EPERM", &net.OpError{Op: "dial", Err: syscall.EPERM}, false},
 		// OpError with unknown inner error — conservative retry
 		{"OpError unknown inner", &net.OpError{Op: "dial", Err: fmt.Errorf("unknown")}, true},
 		// DNS errors
 		{"DNS timeout", &net.DNSError{IsTimeout: true}, true},
 		{"DNS no such host", &net.DNSError{IsTimeout: false, Name: "bad.host"}, false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := isTemporaryNetError(tt.err)
 			if got != tt.want {
 				t.Errorf("isTemporaryNetError(%v) = %v, want %v", tt.err, got, tt.want)
 			}
 		})
 	}
 }
 func TestIsRetriableSyscallError(t *testing.T) {
 	tests := []struct {
 		name string
 		err  error
 		want bool
 	}{
 		{"nil", nil, false},
 		{"ECONNREFUSED", syscall.ECONNREFUSED, true},
 		{"ECONNRESET", syscall.ECONNRESET, true},
 		{"ENETUNREACH", syscall.ENETUNREACH, true},
 		{"EHOSTUNREACH", syscall.EHOSTUNREACH, true},
 		{"ETIMEDOUT", syscall.ETIMEDOUT, true},
 		{"EACCES (permanent)", syscall.EACCES, false},
 		{"EPERM (permanent)", syscall.EPERM, false},
 		{"ENOENT (permanent)", syscall.ENOENT, false},
 		{"unknown error", fmt.Errorf("something"), true}, // conservative retry
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := isRetriableSyscallError(tt.err)
 			if got != tt.want {
 				t.Errorf("isRetriableSyscallError(%v) = %v, want %v", tt.err, got, tt.want)
 			}
 		})
 	}
 }
 func TestRedactURL(t *testing.T) {
 	tests := []struct {
 		name  string
 		input string
 		want  string
 	}{
 		{
 			name:  "no query params",
 			input: "https://gitea.example.com/api/v1/repos/owner/repo/pulls/1",
 			want:  "https://gitea.example.com/api/v1/repos/owner/repo/pulls/1",
 		},
 		{
 			name:  "with query params - redacts",
 			input: "https://gitea.example.com/api/v1/repos/owner/repo/raw/file?ref=main",
 			want:  "https://gitea.example.com/api/v1/repos/owner/repo/raw/file?[redacted]",
 		},
 		{
 			name:  "multiple query params",
 			input: "https://example.com/path?token=secret&page=1",
 			want:  "https://example.com/path?[redacted]",
 		},
 		{
 			name:  "invalid URL",
 			input: "://invalid",
 			want:  "[invalid URL]",
 		},
 		{
 			name:  "empty string",
 			input: "",
 			want:  "",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := redactURL(tt.input)
 			if got != tt.want {
 				t.Errorf("redactURL(%q) = %q, want %q", tt.input, got, tt.want)
 			}
 		})
 	}
 }
 func TestSanitizeErrorForLog(t *testing.T) {
 	tests := []struct {
 		name string
 		err  error
 		want string
 	}{
 		{
 			name: "nil error",
 			err:  nil,
 			want: "<nil>",
 		},
 		{
 			name: "APIError omits body",
 			err:  &APIError{StatusCode: 500, Body: "internal error: database connection failed"},
 			want: "HTTP 500",
 		},
 		{
 			name: "APIError with large body still only shows status",
 			err:  &APIError{StatusCode: 502, Body: strings.Repeat("x", 1000)},
 			want: "HTTP 502",
 		},
 		{
 			name: "non-API error preserved",
 			err:  fmt.Errorf("connection refused"),
 			want: "connection refused",
 		},
 		{
 			name: "wrapped APIError",
 			err:  fmt.Errorf("request failed: %w", &APIError{StatusCode: 503, Body: "service unavailable"}),
 			want: "HTTP 503",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := sanitizeErrorForLog(tt.err)
 			if got != tt.want {
 				t.Errorf("sanitizeErrorForLog() = %q, want %q", got, tt.want)
 			}
 		})
 	}
 }
@@ -1,5 +1,3 @@
 module gitea.weiker.me/rodin/review-bot
 go 1.26.2
 require gopkg.in/yaml.v3 v3.0.1
@@ -1,4 +0,0 @@
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1,153 +1,81 @@
 package review
 import (
 	"bytes"
 	"embed"
 	"encoding/json"
 	"fmt"
 	"os"
 	"sort"
 	"strings"
 	"unicode/utf8"
 	"gopkg.in/yaml.v3"
 )
-//go:embed personas/*.yaml
+//go:embed personas/*.json
 var embeddedPersonas embed.FS
 // MaxPersonaFileSize is the maximum size for persona files (64 KB).
 // This prevents denial-of-service via excessively large files.
 const MaxPersonaFileSize = 64 * 1024
 // MaxYAMLDepth is the maximum nesting depth allowed in YAML persona files.
 // This prevents stack exhaustion from deeply nested structures.
 const MaxYAMLDepth = 20
 // MaxYAMLNodes is the maximum number of YAML nodes allowed in persona files.
 // This prevents DoS via wide-but-shallow structures that bypass depth limits.
 const MaxYAMLNodes = 1000
 // Persona defines a specialized review role with focused expertise.
 type Persona struct {
-	Name         string   `json:"name" yaml:"name"`
+	Name         string   `json:"name"`
-	DisplayName  string   `json:"display_name" yaml:"display_name"`
+	DisplayName  string   `json:"display_name"`
-	ModelPref    string   `json:"model_preference,omitempty" yaml:"model_preference,omitempty"`
+	ModelPref    string   `json:"model_preference,omitempty"`
-	Identity     string   `json:"identity" yaml:"identity"`
+	Identity     string   `json:"identity"`
-	Focus        []string `json:"focus" yaml:"focus"`
+	Focus        []string `json:"focus"`
-	Ignore       []string `json:"ignore" yaml:"ignore"`
+	Ignore       []string `json:"ignore"`
-	Severity     Severity `json:"severity" yaml:"severity"`
+	Severity     Severity `json:"severity"`
-	OutputFormat string   `json:"output_format,omitempty" yaml:"output_format,omitempty"`
+	OutputFormat string   `json:"output_format,omitempty"`
 }
 // Severity defines what constitutes each severity level for this persona.
 // These are prompt guidance for the LLM, not output format changes.
 type Severity struct {
-	Major string `json:"major" yaml:"major"`
+	Major string `json:"major"`
-	Minor string `json:"minor" yaml:"minor"`
+	Minor string `json:"minor"`
-	Nit   string `json:"nit" yaml:"nit"`
+	Nit   string `json:"nit"`
 }
-// LoadPersona loads a persona from a JSON or YAML file path.
+// LoadPersona loads a persona from a JSON file path.
 // Format is detected by file extension: .yaml/.yml for YAML, .json or other for JSON.
 // Files larger than MaxPersonaFileSize are rejected.
 //
 // Symlinks are supported: os.Stat follows symlinks, so a symlink pointing to
 // a regular file will pass the IsRegular() check. Symlinks to non-regular files
 // (directories, FIFOs, devices) are still rejected.
 func LoadPersona(path string) (*Persona, error) {
 	// os.Stat follows symlinks, so symlinks to regular files are supported.
 	// The IsRegular() check operates on the target, not the symlink itself.
 	info, err := os.Stat(path)
 	if err != nil {
 		return nil, fmt.Errorf("read persona file %s: %w", path, err)
 	}
 	if !info.Mode().IsRegular() {
 		return nil, fmt.Errorf("persona file %s is not a regular file", path)
 	}
 	if info.Size() > MaxPersonaFileSize {
 		return nil, fmt.Errorf("persona file %s exceeds maximum size (%d bytes)", path, MaxPersonaFileSize)
 	}
 	data, err := os.ReadFile(path)
 	if err != nil {
 		return nil, fmt.Errorf("read persona file %s: %w", path, err)
 	}
 	// Re-check size after read to defend against TOCTOU races where file
 	// grows between stat and read (e.g., appending process, replaced file).
 	if len(data) > MaxPersonaFileSize {
 		return nil, fmt.Errorf("persona file %s exceeds maximum size (%d bytes)", path, MaxPersonaFileSize)
 	}
 	return parsePersona(data, path)
 }
 // LoadBuiltinPersona loads a built-in persona by name.
 // Returns an error if the persona doesn't exist.
 // Built-in personas are stored in YAML format only (see embed directive).
 func LoadBuiltinPersona(name string) (*Persona, error) {
-	yamlFile := name + ".yaml"
+	filename := name + ".json"
-	data, err := embeddedPersonas.ReadFile("personas/" + yamlFile)
+	data, err := embeddedPersonas.ReadFile("personas/" + filename) // embed.FS paths use forward slashes per io/fs spec
 	if err != nil {
 		available := ListBuiltinPersonas()
 		return nil, fmt.Errorf("unknown built-in persona %q (available: %s)", name, strings.Join(available, ", "))
 	}
-	return parsePersona(data, "builtin:"+yamlFile)
+	return parsePersona(data, "builtin:"+name)
 }
-// ListBuiltinPersonas returns the names of all built-in personas in sorted order.
+// ListBuiltinPersonas returns the names of all built-in personas.
 // Returns an empty slice if the embedded directory cannot be read.
 func ListBuiltinPersonas() []string {
 	entries, err := embeddedPersonas.ReadDir("personas")
 	if err != nil {
 		return []string{}
 	}
-	seen := make(map[string]bool)
+	var names []string
 	for _, e := range entries {
 		if e.IsDir() {
 			continue
 		}
 		name := e.Name()
-		// Strip extension to get persona name
+		if strings.HasSuffix(name, ".json") {
-		var personaName string
+			names = append(names, strings.TrimSuffix(name, ".json"))
 		switch {
 		case strings.HasSuffix(name, ".yaml"):
 			personaName = strings.TrimSuffix(name, ".yaml")
 		case strings.HasSuffix(name, ".yml"):
 			personaName = strings.TrimSuffix(name, ".yml")
 		case strings.HasSuffix(name, ".json"):
 			personaName = strings.TrimSuffix(name, ".json")
 		default:
 			continue
 		}
 		if !seen[personaName] {
 			seen[personaName] = true
 		}
 	}
 	names := make([]string, 0, len(seen))
 	for name := range seen {
 		names = append(names, name)
 	}
 	sort.Strings(names)
 	return names
 }
 // parsePersona parses persona data from JSON or YAML format.
 // Format is detected by the source file extension.
 func parsePersona(data []byte, source string) (*Persona, error) {
 	lowerSource := strings.ToLower(source)
 	isYAML := strings.HasSuffix(lowerSource, ".yaml") || strings.HasSuffix(lowerSource, ".yml")
 	var p Persona
-	var err error
+	if err := json.Unmarshal(data, &p); err != nil {
 	if isYAML {
 		err = unmarshalYAMLWithDepthLimit(data, &p, MaxYAMLDepth)
 	} else {
 		// Use json.Decoder with DisallowUnknownFields for consistency with
 		// YAML's KnownFields(true) - both reject unknown fields to catch typos.
 		dec := json.NewDecoder(bytes.NewReader(data))
 		dec.DisallowUnknownFields()
 		err = dec.Decode(&p)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("parse persona %s: %w", source, err)
 	}
 	if err := validatePersona(&p, source); err != nil {
@@ -156,81 +84,6 @@ func parsePersona(data []byte, source string) (*Persona, error) {
 	return &p, nil
 }
 // unmarshalYAMLWithDepthLimit unmarshals YAML data with explicit depth limiting
 // and strict field checking. This protects against stack exhaustion from deeply
 // nested structures and catches typos in field names.
 // Multi-document YAML files are rejected to prevent silent data loss.
 func unmarshalYAMLWithDepthLimit(data []byte, out any, maxDepth int) error {
 	// First pass: decode into a yaml.Node to check depth limits and node counts.
 	// This prevents stack exhaustion before we attempt to decode into structs.
 	var node yaml.Node
 	dec := yaml.NewDecoder(bytes.NewReader(data))
 	if err := dec.Decode(&node); err != nil {
 		return err
 	}
 	// Reject multi-document YAML files - silently ignoring additional documents
 	// could lead to confusing behavior where users think their changes take effect.
 	var extra yaml.Node
 	if dec.Decode(&extra) == nil {
 		return fmt.Errorf("multi-document YAML is not supported; only single-document files are allowed")
 	}
 	nodeCount := 0
 	if err := checkYAMLDepth(&node, 0, maxDepth, MaxYAMLNodes, make(map[*yaml.Node]struct{}), &nodeCount); err != nil {
 		return err
 	}
 	// Second pass: decode with strict field checking enabled.
 	// KnownFields(true) rejects unknown keys, catching typos like "focuss" or "identiy".
 	// We must re-decode from the original data because yaml.Node.Decode() doesn't
 	// support the KnownFields option.
 	strictDec := yaml.NewDecoder(bytes.NewReader(data))
 	strictDec.KnownFields(true)
 	return strictDec.Decode(out)
 }
 // checkYAMLDepth recursively checks that YAML nodes don't exceed the depth limit
 // or the total node count limit. It also detects alias cycles to prevent infinite
 // recursion from crafted YAML with self-referential aliases.
 func checkYAMLDepth(node *yaml.Node, depth, maxDepth, maxNodes int, seen map[*yaml.Node]struct{}, nodeCount *int) error {
 	if depth > maxDepth {
 		return fmt.Errorf("YAML nesting depth exceeds maximum (%d)", maxDepth)
 	}
 	// Track total nodes visited as defense-in-depth against wide-but-shallow attacks.
 	*nodeCount++
 	if *nodeCount > maxNodes {
 		return fmt.Errorf("YAML node count exceeds maximum (%d)", maxNodes)
 	}
 	// Cycle detection: if we've seen this node before, we're in a cycle.
 	if _, ok := seen[node]; ok {
 		return nil // Already validated this subtree, skip to avoid infinite recursion.
 	}
 	seen[node] = struct{}{}
 	// Handle alias nodes: follow the alias to its anchor target.
 	// Increment depth when following aliases since they expand the effective structure.
 	if node.Kind == yaml.AliasNode && node.Alias != nil {
 		return checkYAMLDepth(node.Alias, depth+1, maxDepth, maxNodes, seen, nodeCount)
 	}
 	for _, child := range node.Content {
 		if err := checkYAMLDepth(child, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 // ParsePersonaBytes parses persona data from bytes with a source label for errors.
 // This is useful for parsing personas fetched from external sources (e.g., Gitea API)
 // without requiring filesystem access. Format is detected by source extension.
 func ParsePersonaBytes(data []byte, source string) (*Persona, error) {
 	return parsePersona(data, source)
 }
 func validatePersona(p *Persona, source string) error {
 	if p.Name == "" {
 		return fmt.Errorf("persona %s: name is required", source)
@@ -1,13 +1,10 @@
 package review
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"gopkg.in/yaml.v3"
 )
 func TestLoadBuiltinPersona(t *testing.T) {
@@ -90,83 +87,6 @@ func TestListBuiltinPersonas(t *testing.T) {
 	}
 }
 func TestLoadPersonaFromYAMLFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.yaml")
 	content := `# Test persona
 name: test
 display_name: Test Persona
 identity: |
  You are a test persona.
  Multi-line identity works.
 focus:
  - testing
  - validation
 ignore:
  - nothing
 severity:
  major: Big problems
  minor: Small problems
  nit: Tiny problems
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	if p.Name != "test" {
 		t.Errorf("Name = %q, want %q", p.Name, "test")
 	}
 	if p.DisplayName != "Test Persona" {
 		t.Errorf("DisplayName = %q, want %q", p.DisplayName, "Test Persona")
 	}
 	if len(p.Focus) != 2 {
 		t.Errorf("Focus len = %d, want 2", len(p.Focus))
 	}
 	if !strings.Contains(p.Identity, "Multi-line") {
 		t.Error("Identity should contain multi-line content")
 	}
 }
 func TestLoadPersonaFromYMLFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.yml")
 	content := `name: test
 display_name: Test YML
 identity: Test identity
 focus:
  - testing
 ignore: []
 severity:
  major: Big
  minor: Small
  nit: Tiny
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	if p.Name != "test" {
 		t.Errorf("Name = %q, want %q", p.Name, "test")
 	}
 	if p.DisplayName != "Test YML" {
 		t.Errorf("DisplayName = %q, want %q", p.DisplayName, "Test YML")
 	}
 }
 func TestLoadPersonaFromJSONFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.json")
@@ -176,7 +96,6 @@ func TestLoadPersonaFromJSONFile(t *testing.T) {
 		"display_name": "Test Persona",
 		"identity": "You are a test persona.\nMulti-line identity works.",
 		"focus": ["testing", "validation"],
 		"ignore": ["nothing"],
 		"severity": {
 			"major": "Big problems",
@@ -211,38 +130,22 @@ func TestLoadPersonaFromJSONFile(t *testing.T) {
 func TestLoadPersonaValidation(t *testing.T) {
 	tests := []struct {
 		name    string
-		content string
+		json    string
 		ext     string
 		wantErr string
 	}{
 		{
-			name:    "missing name yaml",
+			name:    "missing name",
-			content: "identity: test\n",
+			json:    `{"identity": "test"}`,
 			ext:     ".yaml",
 			wantErr: "name is required",
 		},
 		{
-			name:    "missing identity yaml",
+			name:    "missing identity",
-			content: "name: test\n",
+			json:    `{"name": "test"}`,
 			ext:     ".yaml",
 			wantErr: "identity is required",
 		},
 		{
-			name:    "missing name json",
+			name: "display_name defaults to name",
-			content: `{"identity": "test"}`,
+			json: `{"name": "test", "identity": "test identity"}`,
 			ext:     ".json",
 			wantErr: "name is required",
 		},
 		{
 			name:    "missing identity json",
 			content: `{"name": "test"}`,
 			ext:     ".json",
 			wantErr: "identity is required",
 		},
 		{
 			name:    "display_name defaults to name",
 			content: "name: test\nidentity: test identity\n",
 			ext:     ".yaml",
 			// No error expected - should succeed
 		},
 	}
@@ -250,8 +153,8 @@ func TestLoadPersonaValidation(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
-			path := filepath.Join(dir, "test"+tt.ext)
+			path := filepath.Join(dir, "test.json")
-			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
+			if err := os.WriteFile(path, []byte(tt.json), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
@@ -281,25 +184,12 @@ func TestLoadPersonaValidation(t *testing.T) {
 }
 func TestLoadPersonaFileNotFound(t *testing.T) {
-	_, err := LoadPersona("/nonexistent/path/persona.yaml")
+	_, err := LoadPersona("/nonexistent/path/persona.json")
 	if err == nil {
 		t.Error("expected error for nonexistent file")
 	}
 }
 func TestLoadPersonaInvalidYAML(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "invalid.yaml")
 	if err := os.WriteFile(path, []byte("not valid yaml:\n  - [broken"), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for invalid YAML")
 	}
 }
 func TestLoadPersonaInvalidJSON(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "invalid.json")
@@ -313,38 +203,6 @@ func TestLoadPersonaInvalidJSON(t *testing.T) {
 	}
 }
 func TestLoadPersonaCaseInsensitiveExtension(t *testing.T) {
 	tests := []struct {
 		name string
 		ext  string
 	}{
 		{"lowercase yaml", ".yaml"},
 		{"uppercase YAML", ".YAML"},
 		{"mixed case Yaml", ".Yaml"},
 		{"lowercase yml", ".yml"},
 		{"uppercase YML", ".YML"},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "test"+tt.ext)
 			content := "name: test\nidentity: test identity\n"
 			if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			p, err := LoadPersona(path)
 			if err != nil {
 				t.Fatalf("LoadPersona failed for extension %s: %v", tt.ext, err)
 			}
 			if p.Name != "test" {
 				t.Errorf("Name = %q, want %q", p.Name, "test")
 			}
 		})
 	}
 }
 func TestCapitalizeFirst(t *testing.T) {
 	tests := []struct {
 		input string
@@ -379,400 +237,3 @@ func TestListBuiltinPersonasReturnsEmptySlice(t *testing.T) {
 		t.Error("ListBuiltinPersonas should return empty slice, not nil")
 	}
 }
 func TestYAMLMultilineStrings(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "multiline.yaml")
 	// Test literal block scalar (|) which preserves newlines
 	content := `name: multiline
 display_name: Multiline Test
 identity: |
  First line.
  Second line.
  Third line.
 focus:
  - item one
 ignore: []
 severity:
  major: Major issue
  minor: Minor issue
  nit: Nit
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	// Literal block scalar preserves newlines
 	if !strings.Contains(p.Identity, "\n") {
 		t.Error("Identity should contain newlines from literal block scalar")
 	}
 	if !strings.Contains(p.Identity, "Second line") {
 		t.Error("Identity should contain 'Second line'")
 	}
 }
 func TestYAMLComments(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "comments.yaml")
 	content := `# This is a comment
 name: commented  # inline comment
 display_name: Commented Persona
 # Another comment
 identity: Test identity
 focus:
  - item  # comment after item
 ignore: []
 severity:
  major: Major
  minor: Minor
  nit: Nit
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	// Comments should be ignored
 	if p.Name != "commented" {
 		t.Errorf("Name = %q, want %q", p.Name, "commented")
 	}
 	if p.Focus[0] != "item" {
 		t.Errorf("Focus[0] = %q, want %q", p.Focus[0], "item")
 	}
 }
 func TestYAMLDeeplyNestedRejection(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "deeply-nested.yaml")
 	// Build a deeply nested YAML structure that exceeds MaxYAMLDepth (20).
 	// Each level adds 2 to the depth count (key + value mapping).
 	var sb strings.Builder
 	sb.WriteString("name: test\nidentity: test\nnested:\n")
 	indent := "  "
 	for i := 0; i < 25; i++ {
 		sb.WriteString(strings.Repeat(indent, i+1))
 		sb.WriteString(fmt.Sprintf("level%d:\n", i))
 	}
 	sb.WriteString(strings.Repeat(indent, 26))
 	sb.WriteString("value: too-deep\n")
 	if err := os.WriteFile(path, []byte(sb.String()), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for deeply nested YAML, got nil")
 	}
 	if !strings.Contains(err.Error(), "nesting depth exceeds") {
 		t.Errorf("error = %q, want containing 'nesting depth exceeds'", err.Error())
 	}
 }
 func TestYAMLFileSizeLimit(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "huge.yaml")
 	// Create a file larger than MaxPersonaFileSize (64 KB)
 	content := "name: test\nidentity: " + strings.Repeat("x", MaxPersonaFileSize+1) + "\n"
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for oversized file, got nil")
 	}
 	if !strings.Contains(err.Error(), "exceeds maximum size") {
 		t.Errorf("error = %q, want containing 'exceeds maximum size'", err.Error())
 	}
 }
 func TestYAMLAliasCycleDetection(t *testing.T) {
 	// Test that our checkYAMLDepth function handles alias cycles gracefully
 	// by using the seen map to prevent infinite recursion.
 	// We test this directly because go-yaml's parser handles most cycles
 	// at parse time, but we need to ensure our checker is robust.
 	// Create a node structure where an alias points to a parent node,
 	// simulating what could happen with malicious input that bypasses
 	// go-yaml's cycle detection.
 	parent := &yaml.Node{
 		Kind: yaml.MappingNode,
 		Content: []*yaml.Node{
 			{Kind: yaml.ScalarNode, Value: "name"},
 			{Kind: yaml.ScalarNode, Value: "test"},
 			{Kind: yaml.ScalarNode, Value: "nested"},
 		},
 	}
 	// Create a child that aliases back to the parent (artificial cycle)
 	aliasToParent := &yaml.Node{
 		Kind:  yaml.AliasNode,
 		Alias: parent,
 	}
 	parent.Content = append(parent.Content, aliasToParent)
 	nodeCount := 0
 	seen := make(map[*yaml.Node]struct{})
 	// This should NOT hang or stack overflow - the seen map prevents infinite recursion
 	err := checkYAMLDepth(parent, 0, MaxYAMLDepth, MaxYAMLNodes, seen, &nodeCount)
 	if err != nil {
 		t.Errorf("unexpected error traversing cyclic structure: %v", err)
 	}
 	// Verify we tracked the parent in the seen map
 	if _, ok := seen[parent]; !ok {
 		t.Error("parent node not tracked in seen map")
 	}
 }
 func TestYAMLMultiDocumentRejection(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "multi.yaml")
 	// Multi-document YAML (documents separated by ---)
 	content := `name: first
 identity: first document
 ---
 name: second
 identity: second document
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for multi-document YAML, got nil")
 	}
 	if !strings.Contains(err.Error(), "multi-document") {
 		t.Errorf("error = %q, want containing 'multi-document'", err.Error())
 	}
 }
 func TestYAMLNodeCountLimit(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "wide.yaml")
 	// Build a YAML structure that's shallow but wide - many keys at the same level
 	// to test the node count limit (should exceed MaxYAMLNodes = 1000)
 	var sb strings.Builder
 	sb.WriteString("name: test\nidentity: test\n")
 	for i := 0; i < 600; i++ {
 		sb.WriteString(fmt.Sprintf("key%d: value%d\n", i, i))
 	}
 	if err := os.WriteFile(path, []byte(sb.String()), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for wide YAML exceeding node count, got nil")
 	}
 	if !strings.Contains(err.Error(), "node count exceeds") {
 		t.Errorf("error = %q, want containing 'node count exceeds'", err.Error())
 	}
 }
 func TestCheckYAMLDepthCycleDetectionDirect(t *testing.T) {
 	// Direct test of cycle detection in checkYAMLDepth by creating
 	// a node structure with an artificial cycle.
 	// This tests the seen map logic independent of go-yaml's parsing.
 	node := &yaml.Node{
 		Kind: yaml.MappingNode,
 		Content: []*yaml.Node{
 			{Kind: yaml.ScalarNode, Value: "key"},
 			{Kind: yaml.ScalarNode, Value: "value"},
 		},
 	}
 	// Create a cycle by making a child reference the parent
 	cycleChild := &yaml.Node{
 		Kind:  yaml.AliasNode,
 		Alias: node, // Points back to the parent
 	}
 	node.Content = append(node.Content,
 		&yaml.Node{Kind: yaml.ScalarNode, Value: "cyclic"},
 		cycleChild,
 	)
 	nodeCount := 0
 	seen := make(map[*yaml.Node]struct{})
 	err := checkYAMLDepth(node, 0, MaxYAMLDepth, MaxYAMLNodes, seen, &nodeCount)
 	// Should complete without infinite recursion due to cycle detection
 	if err != nil {
 		t.Errorf("unexpected error: %v", err)
 	}
 	// The seen map should contain multiple entries
 	if len(seen) < 2 {
 		t.Errorf("seen map has %d entries, expected at least 2", len(seen))
 	}
 }
 func TestListBuiltinPersonasSortedOrder(t *testing.T) {
 	names := ListBuiltinPersonas()
 	if len(names) < 2 {
 		t.Skip("need at least 2 personas to test ordering")
 	}
 	// Verify the list is sorted
 	for i := 1; i < len(names); i++ {
 		if names[i-1] > names[i] {
 			t.Errorf("ListBuiltinPersonas not sorted: %q > %q", names[i-1], names[i])
 		}
 	}
 }
 func TestYAMLUnknownFieldsRejected(t *testing.T) {
 	tests := []struct {
 		name    string
 		content string
 		wantErr string
 	}{
 		{
 			name: "unknown top-level field",
 			content: `name: test
 identity: test identity
 unknown_field: should fail
 `,
 			wantErr: "unknown_field",
 		},
 		{
 			name: "typo in field name",
 			content: `name: test
 identiy: typo should fail
 `,
 			wantErr: "identiy",
 		},
 		{
 			name: "unknown field in severity",
 			content: `name: test
 identity: test
 severity:
  major: Major
  minro: typo
 `,
 			wantErr: "minro",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "unknown.yaml")
 			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			_, err := LoadPersona(path)
 			if err == nil {
 				t.Errorf("expected error for unknown field %q, got nil", tt.wantErr)
 				return
 			}
 			if !strings.Contains(err.Error(), tt.wantErr) {
 				t.Errorf("error = %q, want containing %q", err.Error(), tt.wantErr)
 			}
 		})
 	}
 }
 func TestJSONUnknownFieldsRejected(t *testing.T) {
 	tests := []struct {
 		name    string
 		content string
 		wantErr string
 	}{
 		{
 			name: "unknown top-level field",
 			content: `{
 				"name": "test",
 				"identity": "test identity",
 				"unknown_field": "should fail"
 			}`,
 			wantErr: "unknown_field",
 		},
 		{
 			name: "typo in field name",
 			content: `{
 				"name": "test",
 				"identiy": "typo should fail"
 			}`,
 			wantErr: "identiy",
 		},
 		{
 			name: "unknown field in severity",
 			content: `{
 				"name": "test",
 				"identity": "test",
 				"severity": {
 					"major": "ok",
 					"miner": "typo"
 				}
 			}`,
 			wantErr: "miner",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "test.json")
 			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			_, err := LoadPersona(path)
 			if err == nil {
 				t.Fatal("expected error for unknown field, got nil")
 			}
 			if !strings.Contains(err.Error(), tt.wantErr) {
 				t.Errorf("error = %q, want to contain %q", err.Error(), tt.wantErr)
 			}
 		})
 	}
 }
 func TestLoadPersonaSymlink(t *testing.T) {
 	// Create a regular persona file
 	dir := t.TempDir()
 	realFile := filepath.Join(dir, "real.yaml")
 	content := `name: test
 identity: test identity
 `
 	if err := os.WriteFile(realFile, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	// Create a symlink to it
 	symlink := filepath.Join(dir, "link.yaml")
 	if err := os.Symlink(realFile, symlink); err != nil {
 		t.Fatalf("failed to create symlink: %v", err)
 	}
 	// LoadPersona should work via symlink
 	p, err := LoadPersona(symlink)
 	if err != nil {
 		t.Fatalf("LoadPersona via symlink failed: %v", err)
 	}
 	if p.Name != "test" {
 		t.Errorf("Name = %q, want %q", p.Name, "test")
 	}
 }
@@ -0,0 +1,26 @@
 {
  "name": "architect",
  "display_name": "Software Architect",
  "identity": "You are a software architect reviewing code for design quality.\n\nYour expertise:\n- Design patterns and anti-patterns\n- Code organization and module boundaries\n- API design and contracts\n- Testability and dependency injection\n- Consistency with existing architecture\n- Technical debt identification",
  "focus": [
    "Design pattern violations or misuse",
    "Module boundary violations (inappropriate coupling)",
    "API design issues (unclear contracts, leaky abstractions)",
    "Testability problems (hidden dependencies, god objects)",
    "Inconsistency with existing codebase patterns",
    "Unnecessary complexity or over-engineering",
    "Missing abstractions or premature abstraction"
  ],
  "ignore": [
    "Security vulnerabilities (security persona handles these)",
    "Performance micro-optimizations",
    "Code style and formatting",
    "Documentation typos",
    "Test implementation details"
  ],
  "severity": {
    "major": "Architectural violations that will cause maintenance problems or make the codebase harder to evolve",
    "minor": "Design issues that reduce clarity or testability but don't block progress",
    "nit": "Minor pattern deviations or style preferences"
  }
 }
@@ -1,37 +0,0 @@
 # Software Architect Persona
 # Focuses on design quality, patterns, and code organization
 name: architect
 display_name: Software Architect
 identity: |
  You are a software architect reviewing code for design quality.
  Your expertise:
  - Design patterns and anti-patterns
  - Code organization and module boundaries
  - API design and contracts
  - Testability and dependency injection
  - Consistency with existing architecture
  - Technical debt identification
 focus:
  - Design pattern violations or misuse
  - Module boundary violations (inappropriate coupling)
  - API design issues (unclear contracts, leaky abstractions)
  - Testability problems (hidden dependencies, god objects)
  - Inconsistency with existing codebase patterns
  - Unnecessary complexity or over-engineering
  - Missing abstractions or premature abstraction
 ignore:
  - Security vulnerabilities (security persona handles these)
  - Performance micro-optimizations
  - Code style and formatting
  - Documentation typos
  - Test implementation details
 severity:
  major: "Architectural violations that will cause maintenance problems or make the codebase harder to evolve"
  minor: "Design issues that reduce clarity or testability but don't block progress"
  nit: "Minor pattern deviations or style preferences"
@@ -0,0 +1,26 @@
 {
  "name": "docs",
  "display_name": "Documentation Reviewer",
  "identity": "You are a documentation specialist reviewing code for clarity and documentation quality.\n\nYour expertise:\n- API documentation and examples\n- Code comments and their accuracy\n- Error message clarity\n- README and guide quality\n- Naming clarity and self-documenting code",
  "focus": [
    "Missing or outdated documentation",
    "Unclear or misleading comments",
    "Poor error messages (cryptic, unhelpful, missing context)",
    "Confusing naming (functions, variables, types)",
    "Missing examples for complex APIs",
    "Inconsistent terminology",
    "Documentation that contradicts the code"
  ],
  "ignore": [
    "Security vulnerabilities",
    "Performance issues",
    "Design patterns",
    "Test coverage",
    "Code style (unless it affects readability)"
  ],
  "severity": {
    "major": "Documentation that actively misleads or missing docs for critical functionality",
    "minor": "Unclear documentation or poor error messages that will confuse users",
    "nit": "Minor clarity improvements or typo fixes"
  }
 }
@@ -1,36 +0,0 @@
 # Documentation Reviewer Persona
 # Focuses on clarity, documentation quality, and self-documenting code
 name: docs
 display_name: Documentation Reviewer
 identity: |
  You are a documentation specialist reviewing code for clarity and documentation quality.
  Your expertise:
  - API documentation and examples
  - Code comments and their accuracy
  - Error message clarity
  - README and guide quality
  - Naming clarity and self-documenting code
 focus:
  - Missing or outdated documentation
  - Unclear or misleading comments
  - Poor error messages (cryptic, unhelpful, missing context)
  - Confusing naming (functions, variables, types)
  - Missing examples for complex APIs
  - Inconsistent terminology
  - Documentation that contradicts the code
 ignore:
  - Security vulnerabilities
  - Performance issues
  - Design patterns
  - Test coverage
  - Code style (unless it affects readability)
 severity:
  major: "Documentation that actively misleads or missing docs for critical functionality"
  minor: "Unclear documentation or poor error messages that will confuse users"
  nit: "Minor clarity improvements or typo fixes"
@@ -0,0 +1,26 @@
 {
  "name": "security",
  "display_name": "Security Specialist",
  "identity": "You are a security specialist reviewing code for vulnerabilities.\n\nYour expertise:\n- OWASP Top 10 vulnerabilities\n- Injection attacks (SQL, command, path traversal, template)\n- Authentication and authorization patterns\n- Secrets management and exposure risks\n- Race conditions with security implications\n- Event sourcing attack vectors (replay attacks, event injection)",
  "focus": [
    "Injection attacks (SQL, command, path traversal, template injection)",
    "Authentication and authorization gaps or bypasses",
    "Secrets exposure (hardcoded credentials, tokens in logs, config leaks)",
    "Input validation failures (unsanitized input, unsafe deserialization)",
    "Race conditions that could be exploited",
    "Cryptographic weaknesses (weak algorithms, improper key handling)",
    "Information disclosure through error messages or logs"
  ],
  "ignore": [
    "Code style and naming conventions",
    "Performance optimizations (unless security-related)",
    "Documentation quality",
    "General code quality or readability",
    "Test coverage"
  ],
  "severity": {
    "major": "Exploitable vulnerabilities: auth bypass, injection, data exfiltration, privilege escalation, RCE",
    "minor": "Defense-in-depth issues: missing rate limiting, verbose errors, weak input validation",
    "nit": "Theoretical risks with low exploitability or impact"
  }
 }
@@ -1,37 +0,0 @@
 # Security Specialist Persona
 # Focuses on vulnerabilities, auth issues, and security best practices
 name: security
 display_name: Security Specialist
 identity: |
  You are a security specialist reviewing code for vulnerabilities.
  Your expertise:
  - OWASP Top 10 vulnerabilities
  - Injection attacks (SQL, command, path traversal, template)
  - Authentication and authorization patterns
  - Secrets management and exposure risks
  - Race conditions with security implications
  - Event sourcing attack vectors (replay attacks, event injection)
 focus:
  - Injection attacks (SQL, command, path traversal, template injection)
  - Authentication and authorization gaps or bypasses
  - Secrets exposure (hardcoded credentials, tokens in logs, config leaks)
  - Input validation failures (unsanitized input, unsafe deserialization)
  - Race conditions that could be exploited
  - Cryptographic weaknesses (weak algorithms, improper key handling)
  - Information disclosure through error messages or logs
 ignore:
  - Code style and naming conventions
  - Performance optimizations (unless security-related)
  - Documentation quality
  - General code quality or readability
  - Test coverage
 severity:
  major: "Exploitable vulnerabilities: auth bypass, injection, data exfiltration, privilege escalation, RCE"
  minor: "Defense-in-depth issues: missing rate limiting, verbose errors, weak input validation"
  nit: "Theoretical risks with low exploitability or impact"
@@ -1,150 +0,0 @@
 package review
 import (
 	"context"
 	"log/slog"
 	"strings"
 )
 // RepoPersonaPath is the directory path where repo-specific personas are stored.
 const RepoPersonaPath = ".review-bot/personas"
 // GiteaClient defines the subset of gitea.Client methods needed for loading repo personas.
 // This interface allows for easier testing and decouples the review package from gitea.
 type GiteaClient interface {
 	ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error)
 	GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error)
 }
 // ContentEntry represents a file or directory entry from the contents API.
 // This mirrors gitea.ContentEntry to avoid import cycles.
 type ContentEntry struct {
 	Name string `json:"name"`
 	Path string `json:"path"`
 	Type string `json:"type"` // "file" or "dir"
 }
 // LoadRepoPersonas fetches personas from a repository's .review-bot/personas/ directory.
 // Returns an empty map (not nil) if the directory doesn't exist or is empty.
 // Individual parse failures are logged and skipped; the remaining personas are still returned.
 // Auth errors and other non-404 errors are propagated.
 // Files exceeding MaxPersonaFileSize are rejected to prevent resource exhaustion.
 func LoadRepoPersonas(ctx context.Context, client GiteaClient, owner, repo string) (map[string]*Persona, error) {
 	result := make(map[string]*Persona)
 	entries, err := client.ListContents(ctx, owner, repo, RepoPersonaPath)
 	if err != nil {
 		// Check if this is a 404 (directory doesn't exist) - expected case
 		if isNotFoundError(err) {
 			slog.Debug("no repo personas directory found", "repo", owner+"/"+repo)
 			return result, nil
 		}
 		// Other errors (auth, server) should propagate
 		return nil, err
 	}
 	if len(entries) == 0 {
 		slog.Debug("repo personas directory is empty", "repo", owner+"/"+repo)
 		return result, nil
 	}
 	for _, entry := range entries {
 		if entry.Type != "file" {
 			continue
 		}
 		// Only process YAML files
 		if !isYAMLFile(entry.Name) {
 			continue
 		}
 		content, err := client.GetFileContent(ctx, owner, repo, entry.Path)
 		if err != nil {
 			slog.Warn("could not fetch repo persona file",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"error", err)
 			continue
 		}
 		// Enforce size limit before parsing to prevent resource exhaustion
 		if len(content) > MaxPersonaFileSize {
 			slog.Warn("repo persona file exceeds maximum size",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"size", len(content),
 				"max", MaxPersonaFileSize)
 			continue
 		}
 		persona, err := ParsePersonaBytes([]byte(content), entry.Path)
 		if err != nil {
 			slog.Warn("could not parse repo persona file",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"error", err)
 			continue
 		}
 		result[persona.Name] = persona
 		slog.Debug("loaded repo persona",
 			"name", persona.Name,
 			"file", entry.Path,
 			"repo", owner+"/"+repo)
 	}
 	return result, nil
 }
 // MergePersonas combines built-in personas with repo personas.
 // Repo personas take precedence on name collision.
 // Returns a new map; inputs are not modified.
 func MergePersonas(builtin, repo map[string]*Persona) map[string]*Persona {
 	result := make(map[string]*Persona, len(builtin)+len(repo))
 	// Copy built-in personas first
 	for name, p := range builtin {
 		result[name] = p
 	}
 	// Overlay repo personas (override on collision)
 	for name, p := range repo {
 		if _, exists := result[name]; exists {
 			slog.Debug("repo persona overrides built-in", "name", name)
 		}
 		result[name] = p
 	}
 	return result
 }
 // GetBuiltinPersonasMap returns all built-in personas as a map keyed by name.
 // Returns an empty map (not nil) if loading fails.
 func GetBuiltinPersonasMap() map[string]*Persona {
 	result := make(map[string]*Persona)
 	for _, name := range ListBuiltinPersonas() {
 		p, err := LoadBuiltinPersona(name)
 		if err != nil {
 			slog.Warn("could not load built-in persona", "name", name, "error", err)
 			continue
 		}
 		result[name] = p
 	}
 	return result
 }
 // isYAMLFile checks if a filename has a YAML extension.
 func isYAMLFile(name string) bool {
 	lower := strings.ToLower(name)
 	return strings.HasSuffix(lower, ".yaml") || strings.HasSuffix(lower, ".yml")
 }
 // isNotFoundError checks if an error represents a 404 response.
 // This uses a specific "HTTP 404" substring match rather than a generic "not found"
 // match to avoid masking authentication failures or transport errors that might
 // contain "not found" in their message.
 func isNotFoundError(err error) bool {
 	if err == nil {
 		return false
 	}
 	return strings.Contains(err.Error(), "HTTP 404")
 }
@@ -1,443 +0,0 @@
 package review
 import (
 	"context"
 	"errors"
 	"strings"
 	"testing"
 )
 func TestParsePersonaBytes(t *testing.T) {
 	tests := []struct {
 		name       string
 		data       string
 		source     string
 		wantName   string
 		wantErr    string
 	}{
 		{
 			name: "valid yaml",
 			data: `name: test
 identity: test identity
 focus:
  - testing
 `,
 			source:   "test.yaml",
 			wantName: "test",
 		},
 		{
 			name:    "missing name",
 			data:    "identity: test\n",
 			source:  "test.yaml",
 			wantErr: "name is required",
 		},
 		{
 			name:    "invalid yaml",
 			data:    "not: valid:\n  yaml: [broken",
 			source:  "test.yaml",
 			wantErr: "parse",
 		},
 		{
 			name: "json format by extension",
 			data: `{"name": "jsontest", "identity": "json identity"}`,
 			source:   "test.json",
 			wantName: "jsontest",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			p, err := ParsePersonaBytes([]byte(tt.data), tt.source)
 			if tt.wantErr != "" {
 				if err == nil {
 					t.Fatalf("expected error containing %q, got nil", tt.wantErr)
 				}
 				if !strings.Contains(err.Error(), tt.wantErr) {
 					t.Errorf("error = %q, want containing %q", err.Error(), tt.wantErr)
 				}
 				return
 			}
 			if err != nil {
 				t.Fatalf("unexpected error: %v", err)
 			}
 			if p.Name != tt.wantName {
 				t.Errorf("Name = %q, want %q", p.Name, tt.wantName)
 			}
 		})
 	}
 }
 // mockGiteaClient implements GiteaClient for testing.
 type mockGiteaClient struct {
 	contents map[string][]ContentEntry // path -> entries
 	files    map[string]string         // path -> content
 	listErr  error
 	fileErr  map[string]error // path -> error
 }
 func (m *mockGiteaClient) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
 	if m.listErr != nil {
 		return nil, m.listErr
 	}
 	entries, ok := m.contents[path]
 	if !ok {
 		return nil, errors.New("list contents .review-bot/personas: HTTP 404: not found")
 	}
 	return entries, nil
 }
 func (m *mockGiteaClient) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
 	if m.fileErr != nil {
 		if err, ok := m.fileErr[filepath]; ok {
 			return "", err
 		}
 	}
 	content, ok := m.files[filepath]
 	if !ok {
 		return "", errors.New("HTTP 404: file not found")
 	}
 	return content, nil
 }
 func TestLoadRepoPersonas(t *testing.T) {
 	ctx := context.Background()
 	t.Run("directory not found returns empty map", func(t *testing.T) {
 		client := &mockGiteaClient{} // No contents configured -> 404
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if personas == nil {
 			t.Error("expected empty map, got nil")
 		}
 		if len(personas) != 0 {
 			t.Errorf("expected 0 personas, got %d", len(personas))
 		}
 	})
 	t.Run("empty directory returns empty map", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {},
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 0 {
 			t.Errorf("expected 0 personas, got %d", len(personas))
 		}
 	})
 	t.Run("loads valid personas", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "trading.yaml", Path: ".review-bot/personas/trading.yaml", Type: "file"},
 					{Name: "crypto.yaml", Path: ".review-bot/personas/crypto.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/trading.yaml": `name: trading
 display_name: Trading Expert
 identity: You are a trading expert.
 focus:
  - order handling
  - risk management
 `,
 				".review-bot/personas/crypto.yaml": `name: crypto
 display_name: Crypto Expert
 identity: You are a cryptography expert.
 focus:
  - key management
  - encryption
 `,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 2 {
 			t.Fatalf("expected 2 personas, got %d", len(personas))
 		}
 		if personas["trading"] == nil {
 			t.Error("expected trading persona")
 		}
 		if personas["crypto"] == nil {
 			t.Error("expected crypto persona")
 		}
 		if personas["trading"].DisplayName != "Trading Expert" {
 			t.Errorf("trading display name = %q, want %q", personas["trading"].DisplayName, "Trading Expert")
 		}
 	})
 	t.Run("skips invalid persona files", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "valid.yaml", Path: ".review-bot/personas/valid.yaml", Type: "file"},
 					{Name: "invalid.yaml", Path: ".review-bot/personas/invalid.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/valid.yaml": `name: valid
 identity: Valid persona
 `,
 				".review-bot/personas/invalid.yaml": "not valid yaml: [broken",
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		// Should have the valid one, skip the invalid
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped invalid), got %d", len(personas))
 		}
 		if personas["valid"] == nil {
 			t.Error("expected valid persona")
 		}
 	})
 	t.Run("skips non-yaml files", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "persona.yaml", Path: ".review-bot/personas/persona.yaml", Type: "file"},
 					{Name: "README.md", Path: ".review-bot/personas/README.md", Type: "file"},
 					{Name: "notes.txt", Path: ".review-bot/personas/notes.txt", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/persona.yaml": `name: test
 identity: Test persona
 `,
 				".review-bot/personas/README.md": "# Personas\n\nPut your personas here.",
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (yaml only), got %d", len(personas))
 		}
 	})
 	t.Run("skips subdirectories", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "persona.yaml", Path: ".review-bot/personas/persona.yaml", Type: "file"},
 					{Name: "subdir", Path: ".review-bot/personas/subdir", Type: "dir"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/persona.yaml": `name: test
 identity: Test persona
 `,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (files only), got %d", len(personas))
 		}
 	})
 	t.Run("propagates auth errors", func(t *testing.T) {
 		client := &mockGiteaClient{
 			listErr: errors.New("HTTP 401: unauthorized"),
 		}
 		_, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err == nil {
 			t.Fatal("expected error for auth failure")
 		}
 		if !strings.Contains(err.Error(), "401") {
 			t.Errorf("error = %q, want containing '401'", err.Error())
 		}
 	})
 	t.Run("skips files that fail to fetch", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "good.yaml", Path: ".review-bot/personas/good.yaml", Type: "file"},
 					{Name: "bad.yaml", Path: ".review-bot/personas/bad.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/good.yaml": `name: good
 identity: Good persona
 `,
 			},
 			fileErr: map[string]error{
 				".review-bot/personas/bad.yaml": errors.New("HTTP 500: internal server error"),
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped failed fetch), got %d", len(personas))
 		}
 	})
 	t.Run("skips oversized files", func(t *testing.T) {
 		// Create a content string that exceeds MaxPersonaFileSize (64KB)
 		oversizedContent := strings.Repeat("a", MaxPersonaFileSize+1)
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "normal.yaml", Path: ".review-bot/personas/normal.yaml", Type: "file"},
 					{Name: "huge.yaml", Path: ".review-bot/personas/huge.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/normal.yaml": `name: normal
 identity: Normal sized persona
 `,
 				".review-bot/personas/huge.yaml": oversizedContent,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		// Should have the normal one, skip the oversized
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped oversized), got %d", len(personas))
 		}
 		if personas["normal"] == nil {
 			t.Error("expected normal persona")
 		}
 	})
 }
 func TestMergePersonas(t *testing.T) {
 	builtin := map[string]*Persona{
 		"security": {Name: "security", Identity: "Built-in security"},
 		"docs":     {Name: "docs", Identity: "Built-in docs"},
 	}
 	repo := map[string]*Persona{
 		"security": {Name: "security", Identity: "Repo security override"},
 		"trading":  {Name: "trading", Identity: "Repo trading"},
 	}
 	merged := MergePersonas(builtin, repo)
 	t.Run("repo overrides builtin on collision", func(t *testing.T) {
 		if merged["security"].Identity != "Repo security override" {
 			t.Errorf("security identity = %q, want repo override", merged["security"].Identity)
 		}
 	})
 	t.Run("builtin preserved when no collision", func(t *testing.T) {
 		if merged["docs"].Identity != "Built-in docs" {
 			t.Errorf("docs identity = %q, want built-in", merged["docs"].Identity)
 		}
 	})
 	t.Run("repo-only persona added", func(t *testing.T) {
 		if merged["trading"] == nil {
 			t.Error("expected trading persona from repo")
 		}
 		if merged["trading"].Identity != "Repo trading" {
 			t.Errorf("trading identity = %q, want repo", merged["trading"].Identity)
 		}
 	})
 	t.Run("original maps not modified", func(t *testing.T) {
 		if builtin["trading"] != nil {
 			t.Error("builtin map was modified")
 		}
 		if len(repo) != 2 {
 			t.Error("repo map was modified")
 		}
 	})
 }
 func TestGetBuiltinPersonasMap(t *testing.T) {
 	personas := GetBuiltinPersonasMap()
 	if len(personas) == 0 {
 		t.Fatal("expected at least one built-in persona")
 	}
 	// Verify expected personas exist
 	expected := []string{"security", "architect", "docs"}
 	for _, name := range expected {
 		if personas[name] == nil {
 			t.Errorf("expected built-in persona %q", name)
 		}
 	}
 	// Verify personas are valid
 	for name, p := range personas {
 		if p.Name != name {
 			t.Errorf("persona %q has mismatched name %q", name, p.Name)
 		}
 		if p.Identity == "" {
 			t.Errorf("persona %q has empty identity", name)
 		}
 	}
 }
 func TestIsYAMLFile(t *testing.T) {
 	tests := []struct {
 		name string
 		want bool
 	}{
 		{"test.yaml", true},
 		{"test.yml", true},
 		{"test.YAML", true},
 		{"test.YML", true},
 		{"test.json", false},
 		{"test.md", false},
 		{"test.txt", false},
 		{"yaml", false},
 		{"yaml.md", false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := isYAMLFile(tt.name); got != tt.want {
 				t.Errorf("isYAMLFile(%q) = %v, want %v", tt.name, got, tt.want)
 			}
 		})
 	}
 }
 func TestIsNotFoundError(t *testing.T) {
 	tests := []struct {
 		err  error
 		want bool
 	}{
 		{nil, false},
 		{errors.New("HTTP 404: not found"), true},
 		{errors.New("HTTP 404"), true},
 		// Intentionally false: generic "not found" could mask auth/transport errors.
 		// Only explicit HTTP 404 responses should be treated as "directory doesn't exist".
 		{errors.New("something not found"), false},
 		{errors.New("HTTP 401: unauthorized"), false},
 		{errors.New("connection refused"), false},
 	}
 	for _, tt := range tests {
 		name := "nil"
 		if tt.err != nil {
 			name = tt.err.Error()
 		}
 		t.Run(name, func(t *testing.T) {
 			if got := isNotFoundError(tt.err); got != tt.want {
 				t.Errorf("isNotFoundError(%v) = %v, want %v", tt.err, got, tt.want)
 			}
 		})
 	}
 }
@@ -23,7 +23,8 @@ if [ ! -f "$CONVENTIONS_FILE" ]; then
    exit 1
 fi
-# Parse approved packages from CONVENTIONS.md table using awk (POSIX-compatible)
+# Parse approved packages from CONVENTIONS.md table
 # Note: uses Bash process substitution (< <(...)) for the loop
 # Format: | `package` | use case | scope |
 declare -A ALLOWED_PROD=()
 declare -A ALLOWED_TEST=()
@@ -33,7 +34,8 @@ while IFS= read -r line; do
    pkg=$(echo "$line" | awk -F'|' '{gsub(/^[[:space:]]*`|`[[:space:]]*$/, "", $2); print $2}')
    scope=$(echo "$line" | awk -F'|' '{gsub(/^[[:space:]]+|[[:space:]]+$/, "", $4); print tolower($4)}')
-    if [ -n "$pkg" ] && [ "$pkg" != "Package" ] && [[ "$pkg" =~ ^[a-zA-Z] ]]; then
+    # Accept packages starting with letter or digit (e.g., 9fans.net/go)
    if [ -n "$pkg" ] && [ "$pkg" != "Package" ] && [[ "$pkg" =~ ^[[:alnum:]] ]]; then
        if [[ "$scope" == *"test"* ]]; then
            ALLOWED_TEST["$pkg"]=1
        else
@@ -69,8 +71,12 @@ matches_allowlist() {
 }
 # Get direct module dependencies from go.mod
-DIRECT_IMPORTS=$(go list -m -f '{{if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all 2>&1) || {
+# Capture stderr separately to avoid mixing error messages with package list
-    echo "❌ Failed to list dependencies: $DIRECT_IMPORTS"
+GO_LIST_STDERR=$(mktemp)
 trap 'rm -f "$GO_LIST_STDERR"' EXIT
 DIRECT_IMPORTS=$(go list -m -f '{{if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all 2>"$GO_LIST_STDERR") || {
    echo "❌ Failed to list dependencies:"
    cat "$GO_LIST_STDERR"
    exit 1
 }
 DIRECT_IMPORTS=$(echo "$DIRECT_IMPORTS" | grep -v '^$' || true)
@@ -106,8 +112,8 @@ PROD_IMPORTS=$(go list -deps -f '{{if not .Standard}}{{.ImportPath}}{{end}}' ./.
 TEST_ONLY_IN_PROD=""
 for test_pkg in "${!ALLOWED_TEST[@]}"; do
-    # Use word-boundary matching: exact match or followed by /
+    # Match exact package or subpackages (pkg or pkg/...)
-    if echo "$PROD_IMPORTS" | grep -qE "^${test_pkg}(/|\$|$)"; then
+    if echo "$PROD_IMPORTS" | grep -qE "^${test_pkg}(/|$)"; then
        TEST_ONLY_IN_PROD="${TEST_ONLY_IN_PROD}  - ${test_pkg} (marked 'test only' but used in production code)"$'\n'
    fi
 done
@@ -1,27 +0,0 @@
 //go:build phase2
 package vcs_test
 import (
 	"gitea.weiker.me/rodin/review-bot/gitea"
 	"gitea.weiker.me/rodin/review-bot/vcs"
 )
 // Compile-time assertion: documents the gap between gitea.Client and vcs.Client.
 // Guarded by the "phase2" build tag — enable once the Gitea adapter bridges these gaps:
 //
 //  1. PostReview signature mismatch:
 //     gitea.Client:  PostReview(ctx, owner, repo, number, event, body string, comments []gitea.ReviewComment)
 //     vcs.Reviewer:  PostReview(ctx, owner, repo, number, req vcs.ReviewRequest)
 //
 //  2. GetFileContent signature mismatch:
 //     gitea.Client:  GetFileContent(ctx, owner, repo, filepath string)  [no ref; uses default branch]
 //     vcs.FileReader: GetFileContent(ctx, owner, repo, path, ref string)
 //     (gitea.Client has GetFileContentRef for the ref variant)
 //
 //  3. ReviewComment type mismatch:
 //     gitea.ReviewComment uses NewPosition int64 (Gitea line-number convention)
 //     vcs.ReviewComment uses Position int (GitHub diff-position convention)
 //
 // The Gitea adapter (Phase 2) will wrap gitea.Client to bridge these gaps.
 var _ vcs.Client = (*gitea.Client)(nil)
@@ -1,40 +0,0 @@
 // Package vcs defines the shared VCS client interface and supporting types.
 // Platform adapters (gitea, github) implement these interfaces so the core
 // review logic can work with any VCS platform without platform-specific code.
 package vcs
 import "context"
 // PRReader can fetch pull request metadata, diffs, and changed files.
 type PRReader interface {
 	GetPullRequest(ctx context.Context, owner, repo string, number int) (*PullRequest, error)
 	GetPullRequestDiff(ctx context.Context, owner, repo string, number int) (string, error)
 	GetPullRequestFiles(ctx context.Context, owner, repo string, number int) ([]ChangedFile, error)
 }
 // FileReader can fetch file contents and list directory entries.
 type FileReader interface {
 	GetFileContent(ctx context.Context, owner, repo, path, ref string) (string, error)
 	ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error)
 }
 // Reviewer can post, list, and delete pull request reviews.
 type Reviewer interface {
 	PostReview(ctx context.Context, owner, repo string, number int, req ReviewRequest) (*Review, error)
 	ListReviews(ctx context.Context, owner, repo string, number int) ([]Review, error)
 	DeleteReview(ctx context.Context, owner, repo string, number int, reviewID int64) error
 }
 // Identity can report who the authenticated user is.
 type Identity interface {
 	GetAuthenticatedUser(ctx context.Context) (string, error)
 }
 // Client is the full VCS interface: PR reads, file reads, review management, and identity.
 // Platform adapters (gitea, github) implement this interface.
 type Client interface {
 	PRReader
 	FileReader
 	Reviewer
 	Identity
 }
@@ -1,82 +0,0 @@
 package vcs
 // ReviewEvent is the event type for a pull request review action.
 // Adapters must translate these action constants to/from platform-native values.
 // For example, Gitea uses "APPROVED" as both action and state, while GitHub
 // uses "APPROVE" for the action and returns "approved" as the state.
 type ReviewEvent string
 const (
 	// ReviewEventApprove approves the pull request.
 	ReviewEventApprove ReviewEvent = "APPROVE"
 	// ReviewEventRequestChanges requests changes to the pull request.
 	ReviewEventRequestChanges ReviewEvent = "REQUEST_CHANGES"
 	// ReviewEventComment posts a review comment without approval or rejection.
 	ReviewEventComment ReviewEvent = "COMMENT"
 )
 // HeadRef identifies the source branch and latest commit of a pull request.
 type HeadRef struct {
 	SHA string `json:"sha"`
 	Ref string `json:"ref"`
 }
 // UserInfo identifies a user by login name.
 type UserInfo struct {
 	Login string `json:"login"`
 }
 // PullRequest holds relevant PR metadata.
 type PullRequest struct {
 	Title string  `json:"title"`
 	Body  string  `json:"body"`
 	Head  HeadRef `json:"head"`
 }
 // ChangedFile represents a file modified in a PR.
 type ChangedFile struct {
 	Filename string `json:"filename"`
 	Status   string `json:"status"`
 }
 // ContentEntry represents a file or directory entry from the contents API.
 type ContentEntry struct {
 	Name string `json:"name"`
 	Path string `json:"path"`
 	Type string `json:"type"` // "file" or "dir"
 }
 // Review represents a pull request review.
 type Review struct {
 	ID       int64    `json:"id"`
 	Body     string   `json:"body"`
 	User     UserInfo `json:"user"`
 	State    string   `json:"state"`
 	Stale    bool     `json:"stale"`
 	CommitID string   `json:"commit_id"`
 }
 // ReviewComment represents an inline comment in a review.
 // All adapters use GitHub diff-position convention:
 //   - Position is a 1-indexed offset from the @@ hunk line in the unified diff.
 //   - CommitID identifies the commit the comment is anchored to.
 //     It is optional; omit (empty string) for review-level comments that are
 //     not attached to a specific commit.
 //
 // Adapters are responsible for translating to/from platform-native formats
 // (e.g. Gitea uses line numbers; GitHub uses diff positions natively).
 type ReviewComment struct {
 	Path     string `json:"path"`
 	Position int    `json:"position"` // diff-position: 1-indexed offset from @@ hunk line
 	CommitID string `json:"commit_id"`
 	Body     string `json:"body"`
 }
 // ReviewRequest is the payload for posting a review.
 type ReviewRequest struct {
 	// Body is the top-level review comment.
 	Body string `json:"body"`
 	// Event is the review action (approve, request changes, or comment).
 	Event    ReviewEvent     `json:"event"`
 	Comments []ReviewComment `json:"comments,omitempty"`
 }
@@ -1,142 +0,0 @@
 package vcs
 import (
 	"context"
 	"fmt"
 	"strconv"
 	"strings"
 )
 // GetAllFilesInPath recursively fetches all file contents under a path using the
 // provided FileReader. Returns a map of filepath -> content for all files found.
 // If the path points to an empty directory, returns an empty map.
 func GetAllFilesInPath(ctx context.Context, client FileReader, owner, repo, path string) (map[string]string, error) {
 	results := make(map[string]string)
 	entries, err := client.ListContents(ctx, owner, repo, path)
 	if err != nil {
 		return nil, fmt.Errorf("list contents %q: %w", path, err)
 	}
 	for _, entry := range entries {
 		switch entry.Type {
 		case "file":
 			content, err := client.GetFileContent(ctx, owner, repo, entry.Path, "")
 			if err != nil {
 				return nil, fmt.Errorf("get file %q: %w", entry.Path, err)
 			}
 			results[entry.Path] = content
 		case "dir":
 			subResults, err := GetAllFilesInPath(ctx, client, owner, repo, entry.Path)
 			if err != nil {
 				return nil, fmt.Errorf("recurse into %q: %w", entry.Path, err)
 			}
 			for k, v := range subResults {
 				results[k] = v
 			}
 		}
 	}
 	return results, nil
 }
 // BuildLineToPositionMap parses a unified diff and returns a per-file map of
 // new-file line number → diff-position.
 //
 // Position is a 1-indexed offset from the @@ hunk line (GitHub convention):
 //   - The @@ hunk header itself counts as position 1 (for the first hunk)
 //   - Every subsequent content line (context, addition, deletion) increments position
 //   - A second @@ hunk in the same file continues the count; it does not reset
 //   - Addition and context lines have new-file line numbers and are mapped
 //   - Deletion lines have a position but no new-file line; they are not in the map
 //   - "\ No newline at end of file" markers do not count as a position
 //
 // Returns: map[filename]map[newFileLine]diffPosition
 func BuildLineToPositionMap(diff string) map[string]map[int]int {
 	result := make(map[string]map[int]int)
 	lines := strings.Split(diff, "\n")
 	var currentFile string
 	var position int
 	var newLine int
 	for _, line := range lines {
 		// Detect new file in diff — resets position counter per file.
 		if strings.HasPrefix(line, "+++ b/") {
 			currentFile = strings.TrimPrefix(line, "+++ b/")
 			position = 0
 			newLine = 0
 			if result[currentFile] == nil {
 				result[currentFile] = make(map[int]int)
 			}
 			continue
 		}
 		// Skip deleted-file target (no new lines to map).
 		if strings.HasPrefix(line, "+++ /dev/null") {
 			currentFile = ""
 			continue
 		}
 		// Skip metadata lines that are not part of position counting.
 		if strings.HasPrefix(line, "diff --git") ||
 			strings.HasPrefix(line, "--- ") ||
 			strings.HasPrefix(line, "index ") ||
 			strings.HasPrefix(line, "\\") {
 			continue
 		}
 		// Parse hunk headers — the @@ line itself occupies a position.
 		if strings.HasPrefix(line, "@@") && currentFile != "" {
 			position++
 			newLine = parseHunkNewStart(line)
 			continue
 		}
 		if currentFile == "" {
 			continue
 		}
 		// Content lines within a hunk.
 		switch {
 		case strings.HasPrefix(line, "+"):
 			// Addition: maps to both a position and a new-file line.
 			position++
 			result[currentFile][newLine] = position
 			newLine++
 		case strings.HasPrefix(line, "-"):
 			// Deletion: occupies a position but has no new-file line number.
 			position++
 		case strings.HasPrefix(line, " "):
 			// Context line: maps to both a position and a new-file line.
 			position++
 			result[currentFile][newLine] = position
 			newLine++
 		}
 		// Any other line (empty trailing lines from Split, etc.) is ignored.
 	}
 	return result
 }
 // parseHunkNewStart extracts the new-file starting line number from a hunk header.
 // Format: @@ -old_start[,old_count] +new_start[,new_count] @@[ optional section heading]
 func parseHunkNewStart(hunkLine string) int {
 	// Find the +N part after the first @@
 	plusIdx := strings.Index(hunkLine, "+")
 	if plusIdx < 0 {
 		return 1
 	}
 	rest := hunkLine[plusIdx+1:]
 	// Read digits until comma, space, or end.
 	if idx := strings.IndexAny(rest, ", @"); idx > 0 {
 		rest = rest[:idx]
 	}
 	n, err := strconv.Atoi(rest)
 	if err != nil {
 		return 1
 	}
 	return n
 }
@@ -1,456 +0,0 @@
 package vcs_test
 import (
 	"context"
 	"fmt"
 	"testing"
 	"gitea.weiker.me/rodin/review-bot/vcs"
 )
 // mockFileReader implements vcs.FileReader for testing.
 type mockFileReader struct {
 	contents map[string]string             // path -> content
 	dirs     map[string][]vcs.ContentEntry // path -> entries
 }
 func (m *mockFileReader) GetFileContent(_ context.Context, _, _, path, _ string) (string, error) {
 	content, ok := m.contents[path]
 	if !ok {
 		return "", fmt.Errorf("file not found: %s", path)
 	}
 	return content, nil
 }
 func (m *mockFileReader) ListContents(_ context.Context, _, _, path string) ([]vcs.ContentEntry, error) {
 	entries, ok := m.dirs[path]
 	if !ok {
 		return nil, fmt.Errorf("directory not found: %s", path)
 	}
 	return entries, nil
 }
 // --- GetAllFilesInPath tests ---
 func TestGetAllFilesInPath_EmptyDir(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{
 			"src": {},
 		},
 	}
 	result, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "src")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(result) != 0 {
 		t.Errorf("expected empty map, got %d entries", len(result))
 	}
 }
 func TestGetAllFilesInPath_FlatDir(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{
 			"src": {
 				{Name: "main.go", Path: "src/main.go", Type: "file"},
 				{Name: "util.go", Path: "src/util.go", Type: "file"},
 			},
 		},
 		contents: map[string]string{
 			"src/main.go": "package main",
 			"src/util.go": "package main\n\nfunc helper() {}",
 		},
 	}
 	result, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "src")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(result) != 2 {
 		t.Fatalf("expected 2 files, got %d", len(result))
 	}
 	if result["src/main.go"] != "package main" {
 		t.Errorf("unexpected content for main.go: %q", result["src/main.go"])
 	}
 	if result["src/util.go"] != "package main\n\nfunc helper() {}" {
 		t.Errorf("unexpected content for util.go: %q", result["src/util.go"])
 	}
 }
 func TestGetAllFilesInPath_NestedDirs(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{
 			"src": {
 				{Name: "main.go", Path: "src/main.go", Type: "file"},
 				{Name: "pkg", Path: "src/pkg", Type: "dir"},
 			},
 			"src/pkg": {
 				{Name: "lib.go", Path: "src/pkg/lib.go", Type: "file"},
 				{Name: "internal", Path: "src/pkg/internal", Type: "dir"},
 			},
 			"src/pkg/internal": {
 				{Name: "helper.go", Path: "src/pkg/internal/helper.go", Type: "file"},
 			},
 		},
 		contents: map[string]string{
 			"src/main.go":                "package main",
 			"src/pkg/lib.go":             "package pkg",
 			"src/pkg/internal/helper.go": "package internal",
 		},
 	}
 	result, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "src")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(result) != 3 {
 		t.Fatalf("expected 3 files, got %d", len(result))
 	}
 	if result["src/main.go"] != "package main" {
 		t.Errorf("unexpected content for main.go")
 	}
 	if result["src/pkg/lib.go"] != "package pkg" {
 		t.Errorf("unexpected content for lib.go")
 	}
 	if result["src/pkg/internal/helper.go"] != "package internal" {
 		t.Errorf("unexpected content for helper.go")
 	}
 }
 func TestGetAllFilesInPath_Mixed(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{
 			"root": {
 				{Name: "README.md", Path: "root/README.md", Type: "file"},
 				{Name: "empty", Path: "root/empty", Type: "dir"},
 				{Name: "docs", Path: "root/docs", Type: "dir"},
 			},
 			"root/empty": {},
 			"root/docs": {
 				{Name: "guide.md", Path: "root/docs/guide.md", Type: "file"},
 			},
 		},
 		contents: map[string]string{
 			"root/README.md":     "# Hello",
 			"root/docs/guide.md": "## Guide",
 		},
 	}
 	result, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "root")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if len(result) != 2 {
 		t.Fatalf("expected 2 files, got %d", len(result))
 	}
 	if result["root/README.md"] != "# Hello" {
 		t.Errorf("unexpected content for README.md")
 	}
 	if result["root/docs/guide.md"] != "## Guide" {
 		t.Errorf("unexpected content for guide.md")
 	}
 }
 func TestGetAllFilesInPath_ListContentsError(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{},
 	}
 	_, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "missing")
 	if err == nil {
 		t.Fatal("expected error for missing directory")
 	}
 }
 func TestGetAllFilesInPath_GetFileContentError(t *testing.T) {
 	mock := &mockFileReader{
 		dirs: map[string][]vcs.ContentEntry{
 			"src": {
 				{Name: "bad.go", Path: "src/bad.go", Type: "file"},
 			},
 		},
 		contents: map[string]string{},
 	}
 	_, err := vcs.GetAllFilesInPath(context.Background(), mock, "owner", "repo", "src")
 	if err == nil {
 		t.Fatal("expected error when file content fetch fails")
 	}
 }
 // --- BuildLineToPositionMap tests ---
 func TestBuildLineToPositionMap_SingleHunk(t *testing.T) {
 	diff := `diff --git a/main.go b/main.go
 index abc..def 100644
 --- a/main.go
 +++ b/main.go
@@ -5,7 +5,8 @@ package main
 import "fmt"
 func main() {
 -	fmt.Println("old")
 +	fmt.Println("new")
 +	fmt.Println("added")
 	return
 }
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	fileMap, ok := result["main.go"]
 	if !ok {
 		t.Fatal("expected main.go in result")
 	}
 	// @@ line is position 1
 	// " import \"fmt\""       -> pos 2, newLine 5
 	// " "                     -> pos 3, newLine 6
 	// " func main() {"       -> pos 4, newLine 7
 	// "-\tfmt.Println..."    -> pos 5, no new line
 	// "+\tfmt.Println..."    -> pos 6, newLine 8
 	// "+\tfmt.Println..."    -> pos 7, newLine 9
 	// " \treturn"            -> pos 8, newLine 10
 	// " }"                   -> pos 9, newLine 11
 	expected := map[int]int{
 		5:  2,
 		6:  3,
 		7:  4,
 		8:  6,
 		9:  7,
 		10: 8,
 		11: 9,
 	}
 	for line, wantPos := range expected {
 		gotPos, exists := fileMap[line]
 		if !exists {
 			t.Errorf("line %d: expected position %d, but line not in map", line, wantPos)
 			continue
 		}
 		if gotPos != wantPos {
 			t.Errorf("line %d: expected position %d, got %d", line, wantPos, gotPos)
 		}
 	}
 	if len(fileMap) != len(expected) {
 		t.Errorf("expected %d entries, got %d", len(expected), len(fileMap))
 	}
 }
 func TestBuildLineToPositionMap_MultiHunk(t *testing.T) {
 	diff := `diff --git a/main.go b/main.go
 --- a/main.go
 +++ b/main.go
@@ -1,3 +1,4 @@
 package main
 +import "fmt"
 func main() {
@@ -10,3 +11,4 @@ func main() {
 	return
 +	// extra
 }
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	fileMap, ok := result["main.go"]
 	if !ok {
 		t.Fatal("expected main.go in result")
 	}
 	// First hunk:
 	// @@ line         -> pos 1
 	// " package main" -> pos 2, newLine 1
 	// " "             -> pos 3, newLine 2
 	// "+import..."    -> pos 4, newLine 3
 	// " func main.."  -> pos 5, newLine 4
 	//
 	// Second hunk (position continues!):
 	// @@ line         -> pos 6
 	// " \treturn"     -> pos 7, newLine 11
 	// "+\t// extra"   -> pos 8, newLine 12
 	// " }"            -> pos 9, newLine 13
 	expected := map[int]int{
 		1:  2,
 		2:  3,
 		3:  4,
 		4:  5,
 		11: 7,
 		12: 8,
 		13: 9,
 	}
 	for line, wantPos := range expected {
 		gotPos, exists := fileMap[line]
 		if !exists {
 			t.Errorf("line %d: expected position %d, but line not in map", line, wantPos)
 			continue
 		}
 		if gotPos != wantPos {
 			t.Errorf("line %d: expected position %d, got %d", line, wantPos, gotPos)
 		}
 	}
 }
 func TestBuildLineToPositionMap_DeletionLinesNotInMap(t *testing.T) {
 	diff := `diff --git a/old.go b/old.go
 --- a/old.go
 +++ b/old.go
@@ -1,3 +1,1 @@
 -line one
 -line two
 remaining
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	fileMap, ok := result["old.go"]
 	if !ok {
 		t.Fatal("expected old.go in result")
 	}
 	// @@ line        -> pos 1
 	// "-line one"    -> pos 2, no new line
 	// "-line two"    -> pos 3, no new line
 	// " remaining"   -> pos 4, newLine 1
 	if pos, ok := fileMap[1]; !ok || pos != 4 {
 		t.Errorf("line 1: expected position 4, got %d (exists=%v)", pos, ok)
 	}
 	if len(fileMap) != 1 {
 		t.Errorf("expected 1 entry (only 'remaining'), got %d", len(fileMap))
 	}
 }
 func TestBuildLineToPositionMap_MultipleFiles(t *testing.T) {
 	diff := `diff --git a/a.go b/a.go
 --- a/a.go
 +++ b/a.go
@@ -1,2 +1,3 @@
 package a
 +// added
 diff --git a/b.go b/b.go
 new file mode 100644
 --- /dev/null
 +++ b/b.go
@@ -0,0 +1,3 @@
 +package b
 +
 +func B() {}
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	// File a.go
 	aMap, ok := result["a.go"]
 	if !ok {
 		t.Fatal("expected a.go in result")
 	}
 	// @@ line      -> pos 1
 	// " package a" -> pos 2, newLine 1
 	// "+// added"  -> pos 3, newLine 2
 	// " "          -> pos 4, newLine 3
 	if aMap[1] != 2 {
 		t.Errorf("a.go line 1: expected pos 2, got %d", aMap[1])
 	}
 	if aMap[2] != 3 {
 		t.Errorf("a.go line 2: expected pos 3, got %d", aMap[2])
 	}
 	if aMap[3] != 4 {
 		t.Errorf("a.go line 3: expected pos 4, got %d", aMap[3])
 	}
 	// File b.go — position resets for new file
 	bMap, ok := result["b.go"]
 	if !ok {
 		t.Fatal("expected b.go in result")
 	}
 	// @@ line          -> pos 1
 	// "+package b"     -> pos 2, newLine 1
 	// "+"              -> pos 3, newLine 2
 	// "+func B() {}"   -> pos 4, newLine 3
 	if bMap[1] != 2 {
 		t.Errorf("b.go line 1: expected pos 2, got %d", bMap[1])
 	}
 	if bMap[2] != 3 {
 		t.Errorf("b.go line 2: expected pos 3, got %d", bMap[2])
 	}
 	if bMap[3] != 4 {
 		t.Errorf("b.go line 3: expected pos 4, got %d", bMap[3])
 	}
 }
 func TestBuildLineToPositionMap_EmptyDiff(t *testing.T) {
 	result := vcs.BuildLineToPositionMap("")
 	if len(result) != 0 {
 		t.Errorf("expected empty map for empty diff, got %d entries", len(result))
 	}
 }
 func TestBuildLineToPositionMap_NoNewlineMarker(t *testing.T) {
 	diff := `diff --git a/a.go b/a.go
 --- a/a.go
 +++ b/a.go
@@ -1,2 +1,2 @@
 -old
 +new
 \ No newline at end of file
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	fileMap := result["a.go"]
 	// @@ line  -> pos 1
 	// "-old"   -> pos 2
 	// "+new"   -> pos 3, newLine 1
 	// "\ No.." -> not counted
 	if fileMap[1] != 3 {
 		t.Errorf("line 1: expected position 3, got %d", fileMap[1])
 	}
 	if len(fileMap) != 1 {
 		t.Errorf("expected 1 entry, got %d", len(fileMap))
 	}
 }
 func TestBuildLineToPositionMap_SingleLineHunk(t *testing.T) {
 	diff := `diff --git a/single.go b/single.go
 --- a/single.go
 +++ b/single.go
@@ -1 +1 @@
 -old
 +new
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	fileMap := result["single.go"]
 	// @@ line -> pos 1
 	// "-old"  -> pos 2
 	// "+new"  -> pos 3, newLine 1
 	if fileMap[1] != 3 {
 		t.Errorf("line 1: expected position 3, got %d", fileMap[1])
 	}
 }
 func TestBuildLineToPositionMap_DeletedFile(t *testing.T) {
 	diff := `diff --git a/deleted.go b/deleted.go
 deleted file mode 100644
 --- a/deleted.go
 +++ /dev/null
@@ -1,3 +0,0 @@
 -package deleted
 -
 -func Gone() {}
 `
 	result := vcs.BuildLineToPositionMap(diff)
 	if _, ok := result["deleted.go"]; ok {
 		t.Error("deleted file should not appear in result")
 	}
 }