feat(persona): add role-based review personas

Add persona system for specialized review roles. Each persona defines: - A specific review focus (security, architecture, documentation) - Custom system prompt additions - Personality/tone adjustments Built-in personas: security, architect, docs Custom personas: load from JSON via persona-file flag Includes workspace validation to prevent path traversal attacks. Closes #51
2026-05-10 09:12:41 -07:00
23 changed files with 119 additions and 2752 deletions
@@ -26,40 +26,18 @@ inputs:
    required: false
    default: ''
  llm-base-url:
-    description: 'OpenAI-compatible LLM API base URL (not required for aicore provider)'
+    description: 'OpenAI-compatible LLM API base URL'
-    required: false
+    required: true
    default: ''
  llm-api-key:
-    description: 'LLM API key (not required for aicore provider)'
+    description: 'LLM API key'
-    required: false
+    required: true
    default: ''
  llm-model:
    description: 'LLM model name'
    required: true
  llm-provider:
-    description: 'LLM API provider: openai, anthropic, or aicore (default openai)'
+    description: 'LLM API provider: openai or anthropic (default openai)'
    required: false
    default: 'openai' 
  aicore-client-id:
    description: 'SAP AI Core client ID (required for aicore provider)'
    required: false
    default: ''
  aicore-client-secret:
    description: 'SAP AI Core client secret (required for aicore provider)'
    required: false
    default: ''
  aicore-auth-url:
    description: 'SAP AI Core authentication URL (required for aicore provider)'
    required: false
    default: ''
  aicore-api-url:
    description: 'SAP AI Core API URL (required for aicore provider)'
    required: false
    default: ''
  aicore-resource-group:
    description: 'SAP AI Core resource group (default: default)'
    required: false
    default: 'default'
  conventions-file:
    description: 'Path to conventions file in the repo (e.g. CLAUDE.md)'
    required: false
@@ -101,7 +79,7 @@ inputs:
    required: false
    default: ''
  persona-file:
-    description: 'Path to custom persona JSON file'
+    description: 'Path to persona JSON file with custom review focus'
    required: false
    default: ''
@@ -187,11 +165,6 @@ runs:
        SYSTEM_PROMPT_FILE: ${{ inputs.system-prompt-file }}
        PERSONA: ${{ inputs.persona }}
        PERSONA_FILE: ${{ inputs.persona-file }}
        AICORE_CLIENT_ID: ${{ inputs.aicore-client-id }}
        AICORE_CLIENT_SECRET: ${{ inputs.aicore-client-secret }}
        AICORE_AUTH_URL: ${{ inputs.aicore-auth-url }}
        AICORE_API_URL: ${{ inputs.aicore-api-url }}
        AICORE_RESOURCE_GROUP: ${{ inputs.aicore-resource-group }}
      run: |
        ARGS=""
        if [ "${{ inputs.dry-run }}" = "true" ]; then
@@ -18,10 +18,8 @@ jobs:
      - run: go vet ./...
      - run: go build -o review-bot ./cmd/review-bot
-  # Self-review using native SAP AI Core provider
+  # Self-review: builds from source since we're pre-release
-  # Models must match SAP AI Core deployments
+  # Models configured to match SAP AI Core deployments
  # Available models: gpt-5, anthropic--claude-4.6-sonnet, anthropic--claude-4.6-opus
  # Removed gpt-4.1, gpt-5-mini, gpt-4.1-mini - not deployed on AI Core
  review:
    runs-on: ubuntu-24.04
    if: github.event_name == 'pull_request'
@@ -31,12 +29,18 @@ jobs:
        include:
          - name: sonnet
            token_secret: SONNET_REVIEW_TOKEN
            provider: anthropic
            llm_path: /anthropic/v1
            model: anthropic--claude-4.6-sonnet
          - name: gpt
            token_secret: GPT_REVIEW_TOKEN
            provider: openai
            llm_path: /openai/v1
            model: gpt-5
          - name: security
            token_secret: SECURITY_REVIEW_TOKEN
            provider: openai
            llm_path: /openai/v1
            model: gpt-5
            system_prompt_file: SECURITY_REVIEW.md
    steps:
@@ -52,13 +56,10 @@ jobs:
          PR_NUMBER: ${{ github.event.pull_request.number }}
          REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}
          REVIEWER_NAME: ${{ matrix.name }}
-          LLM_PROVIDER: aicore
+          LLM_BASE_URL: ${{ secrets.LLM_BASE_URL }}${{ matrix.llm_path }}
          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
          LLM_MODEL: ${{ matrix.model }}
-          AICORE_CLIENT_ID: ${{ secrets.AICORE_CLIENT_ID }}
+          LLM_PROVIDER: ${{ matrix.provider }}
          AICORE_CLIENT_SECRET: ${{ secrets.AICORE_CLIENT_SECRET }}
          AICORE_AUTH_URL: ${{ secrets.AICORE_AUTH_URL }}
          AICORE_API_URL: ${{ secrets.AICORE_API_URL }}
          AICORE_RESOURCE_GROUP: ${{ secrets.AICORE_RESOURCE_GROUP }}
          CONVENTIONS_FILE: "CONVENTIONS.md"
          PATTERNS_REPO: "rodin/go-patterns"
          PATTERNS_FILES: "README.md,patterns/"
@@ -2,26 +2,8 @@
 ## Language & Dependencies
 - Go standard library only — no external dependencies.
 - Target the latest stable Go release.
 - **STRICT ALLOWLIST:** Only packages listed below may be imported. No exceptions.
 ### Approved Third-Party Packages
 | Package | Use Case | Scope |
 |---------|----------|-------|
 | `gopkg.in/yaml.v3` | YAML parsing (persona files, config) | production |
 | `github.com/google/go-cmp` | Test comparisons (`cmp.Diff`) | test only |
 **Any import not in this table or the Go standard library is forbidden.**
 Transitive dependencies of approved packages are automatically allowed.
 To request a new dependency:
 1. Open a PR that ONLY updates this table
 2. Requires explicit approval from Aaron
 3. After merge, a separate PR may use the package
 *Enforcement: `scripts/check-deps.sh` parses this table — update only here.*
 ## Error Handling
@@ -1,4 +1,4 @@
-.PHONY: build test test-integration lint clean coverage check-deps precommit
+.PHONY: build test test-integration lint clean coverage
 build:
 	go build -o review-bot ./cmd/review-bot/
@@ -12,15 +12,9 @@ test-integration:
 lint:
 	go vet ./...
 check-deps:
 	@./scripts/check-deps.sh
 clean:
 	rm -f review-bot
 coverage:
 	go test -coverprofile=coverage.out ./...
 	go tool cover -func=coverage.out
 # Precommit runs all checks required before pushing
 precommit: check-deps lint test
@@ -4,12 +4,12 @@ AI-powered code review bot for Gitea pull requests. Fetches diff + context, send
 ## Features
- **Multi-provider**: OpenAI-compatible, Anthropic Messages API, and SAP AI Core
+- **Multi-provider**: OpenAI-compatible and Anthropic Messages API
 - **Context-aware**: Fetches full file content, conventions, language patterns, CI status
 - **Smart budget**: Automatically trims context to fit model token limits
 - **Idempotent reviews**: Posts new review, then cleans up stale ones (one review per bot)
 - **Custom prompts**: Load additional instructions from a file (e.g. security-focused review)
- **Minimal dependencies**: Go stdlib + `gopkg.in/yaml.v3` only
+- **Zero dependencies**: Go stdlib only
 ## Quick Start: Composite Action
@@ -168,56 +168,28 @@ Prints the review to CI logs without posting to the PR. Useful for testing promp
    llm-provider: anthropic
 ```
 ### Using SAP AI Core
 For SAP environments with AI Core deployments, use the `aicore` provider for native authentication:
 ```yaml
 - uses: https://gitea.weiker.me/rodin/review-bot/.gitea/actions/review@v0.1.0
  with:
    reviewer-token: ${{ secrets.REVIEW_TOKEN }}
    reviewer-name: aicore-review
    llm-model: anthropic--claude-4.6-sonnet  # or gpt-5
    llm-provider: aicore
    aicore-client-id: ${{ secrets.AICORE_CLIENT_ID }}
    aicore-client-secret: ${{ secrets.AICORE_CLIENT_SECRET }}
    aicore-auth-url: ${{ secrets.AICORE_AUTH_URL }}
    aicore-api-url: ${{ secrets.AICORE_API_URL }}
    aicore-resource-group: default
 ```
 AI Core handles OAuth token management and deployment discovery automatically. Model names must match the deployment name in AI Core (e.g. `anthropic--claude-4.6-sonnet`, `gpt-5`).
 ## Action Inputs
 | Input | Required | Default | Description |
 |-------|----------|---------|-------------|
 | `reviewer-token` | Yes | — | Gitea token for posting reviews (needs `write:issue`, `write:repository`) |
 | `reviewer-name` | No | `""` | Logical identity for this reviewer. Used as sentinel for idempotent cleanup. Set this when running multiple review bots on the same PR. |
-| `llm-base-url` | No* | `""` | LLM API base URL (required unless using aicore provider) |
+| `llm-base-url` | Yes | — | LLM API base URL |
-| `llm-api-key` | No* | `""` | LLM API key (required unless using aicore provider) |
+| `llm-api-key` | Yes | — | LLM API key |
 | `llm-model` | Yes | — | Model name |
-| `llm-provider` | No | `openai` | API provider: `openai`, `anthropic`, or `aicore` |
+| `llm-provider` | No | `openai` | API provider: `openai` or `anthropic` |
 | `aicore-client-id` | No** | `""` | SAP AI Core client ID |
 | `aicore-client-secret` | No** | `""` | SAP AI Core client secret |
 | `aicore-auth-url` | No** | `""` | SAP AI Core authentication URL |
 | `aicore-api-url` | No** | `""` | SAP AI Core API URL |
 | `aicore-resource-group` | No | `default` | SAP AI Core resource group |
 | `conventions-file` | No | `""` | Path to coding conventions file in the repo |
 | `patterns-repo` | No | `""` | Comma-separated repos with language patterns (e.g. `rodin/go-patterns`) |
 | `patterns-files` | No | `README.md` | Files/directories to fetch from pattern repos |
 | `system-prompt-file` | No | `""` | Local file with additional system prompt instructions |
 | `persona` | No | `""` | Built-in persona name (security, architect, docs) |
-| `persona-file` | No | `""` | Path to persona file (YAML or JSON) with custom review focus |
+| `persona-file` | No | `""` | Path to persona JSON file with custom review focus |
 | `temperature` | No | `0` | LLM temperature (0 = server default) |
 | `timeout` | No | `300` | LLM request timeout in seconds |
 | `dry-run` | No | `false` | Print review to stdout instead of posting |
 | `update-existing` | No | `true` | Delete previous review from same bot before posting. Accepts: true/1/yes or false/0/no |
 | `version` | No | `latest` | review-bot version to install |
 *Required for `openai` and `anthropic` providers, not for `aicore`.
 **Required only for `aicore` provider.
 ## Runner Requirements
 The composite action requires these tools on the runner:
@@ -437,9 +409,9 @@ ignore:
  - Documentation formatting
 severity:
-  major: "Bugs that cause incorrect positions, fills, or money calculations"
+  major: Bugs that cause incorrect positions, fills, or money calculations
-  minor: "Edge cases that could cause issues under unusual conditions"
+  minor: Edge cases that could cause issues under unusual conditions
-  nit: "Clarity improvements for domain logic"
+  nit: Clarity improvements for domain logic
 ```
 Use it in CI:
@@ -452,13 +424,7 @@ Use it in CI:
    ...
 ```
-YAML is the recommended format for personas because it supports:
+JSON format is also supported for backwards compatibility.
 - Multi-line strings with `|` blocks (cleaner identity definitions)
 - Comments for documentation
 - More readable arrays and nested structures
 JSON is also supported for backwards compatibility—just use `.json` extension.
 ### Persona vs system-prompt-file
@@ -69,15 +69,9 @@ func main() {
 	dryRun := flag.Bool("dry-run", false, "Print review to stdout instead of posting")
 	llmTemp := flag.Float64("llm-temperature", envOrDefaultFloat("LLM_TEMPERATURE", 0), "LLM temperature (0 = server default)")
 	llmTimeout := flag.Int("llm-timeout", envOrDefaultInt("LLM_TIMEOUT", 300), "LLM request timeout in seconds (default 300)")
-	llmProvider := flag.String("llm-provider", envOrDefault("LLM_PROVIDER", "openai"), "LLM API provider: openai, anthropic, or aicore")
+	llmProvider := flag.String("llm-provider", envOrDefault("LLM_PROVIDER", "openai"), "LLM API provider: openai or anthropic")
 	personaName := flag.String("persona", envOrDefault("PERSONA", ""), "Built-in persona name (security, architect, docs)")
 	personaFile := flag.String("persona-file", envOrDefault("PERSONA_FILE", ""), "Path to persona JSON file")
 	// AI Core specific flags (only used when provider=aicore)
 	aicoreClientID := flag.String("aicore-client-id", envOrDefault("AICORE_CLIENT_ID", ""), "SAP AI Core client ID (for provider=aicore)")
 	aicoreClientSecret := flag.String("aicore-client-secret", envOrDefault("AICORE_CLIENT_SECRET", ""), "SAP AI Core client secret (for provider=aicore)")
 	aicoreAuthURL := flag.String("aicore-auth-url", envOrDefault("AICORE_AUTH_URL", ""), "SAP AI Core auth URL (for provider=aicore)")
 	aicoreAPIURL := flag.String("aicore-api-url", envOrDefault("AICORE_API_URL", ""), "SAP AI Core API URL (for provider=aicore)")
 	aicoreResourceGroup := flag.String("aicore-resource-group", envOrDefault("AICORE_RESOURCE_GROUP", "default"), "SAP AI Core resource group (for provider=aicore)")
 	flag.Parse()
@@ -92,20 +86,10 @@ func main() {
 	slog.Info("review-bot starting", "version", version)
 	// Validate required fields
-	// For aicore provider, llm-base-url and llm-api-key are not required
+	if *giteaURL == "" || *repo == "" || *prNum == "" || *reviewerToken == "" ||
-	isAICore := llm.Provider(*llmProvider) == llm.ProviderAICore
+		*llmBaseURL == "" || *llmAPIKey == "" || *llmModel == "" {
 	if *giteaURL == "" || *repo == "" || *prNum == "" || *reviewerToken == "" || *llmModel == "" {
 		fmt.Fprintf(os.Stderr, "Error: missing required flags or environment variables\n\n")
-		fmt.Fprintf(os.Stderr, "Required: --gitea-url, --repo, --pr, --reviewer-token, --llm-model\n")
+		fmt.Fprintf(os.Stderr, "Required: --gitea-url, --repo, --pr, --reviewer-token, --llm-base-url, --llm-api-key, --llm-model\n")
 		os.Exit(1)
 	}
 	if !isAICore && (*llmBaseURL == "" || *llmAPIKey == "") {
 		fmt.Fprintf(os.Stderr, "Error: --llm-base-url and --llm-api-key are required for provider=%s\n", *llmProvider)
 		os.Exit(1)
 	}
 	if isAICore && (*aicoreClientID == "" || *aicoreClientSecret == "" || *aicoreAuthURL == "" || *aicoreAPIURL == "") {
 		fmt.Fprintf(os.Stderr, "Error: AI Core credentials required for provider=aicore\n\n")
 		fmt.Fprintf(os.Stderr, "Required: --aicore-client-id, --aicore-client-secret, --aicore-auth-url, --aicore-api-url\n")
 		os.Exit(1)
 	}
@@ -115,7 +99,29 @@ func main() {
 		os.Exit(1)
 	}
-	// NOTE: Persona loading deferred until after Gitea client init to support repo personas
+	// Load persona if specified
 	var persona *review.Persona
 	if *personaName != "" {
 		var err error
 		persona, err = review.LoadBuiltinPersona(*personaName)
 		if err != nil {
 			slog.Error("failed to load persona", "persona", *personaName, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded built-in persona", "persona", persona.Name, "display", persona.DisplayName)
 	} else if *personaFile != "" {
 		resolvedPath, err := validateWorkspacePath(*personaFile, "persona-file")
 		if err != nil {
 			slog.Error("invalid persona-file path", "error", err)
 			os.Exit(1)
 		}
 		persona, err = review.LoadPersona(resolvedPath)
 		if err != nil {
 			slog.Error("failed to load persona file", "file", *personaFile, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded persona from file", "file", *personaFile, "persona", persona.Name)
 	}
 	// Validate reviewer-name: only safe characters allowed in sentinel
 	if err := validateReviewerName(*reviewerName); err != nil {
@@ -151,17 +157,8 @@ func main() {
 	switch llm.Provider(*llmProvider) {
 	case llm.ProviderOpenAI, llm.ProviderAnthropic:
 		llmClient.WithProvider(llm.Provider(*llmProvider))
 	case llm.ProviderAICore:
 		llmClient.WithAICore(llm.AICoreConfig{
 			ClientID:      *aicoreClientID,
 			ClientSecret:  *aicoreClientSecret,
 			AuthURL:       *aicoreAuthURL,
 			APIURL:        *aicoreAPIURL,
 			ResourceGroup: *aicoreResourceGroup,
 		})
 		slog.Info("using SAP AI Core provider", "resource_group", *aicoreResourceGroup)
 	default:
-		slog.Error("invalid LLM provider", "provider", *llmProvider, "valid", "openai, anthropic, aicore")
+		slog.Error("invalid LLM provider", "provider", *llmProvider, "valid", "openai, anthropic")
 		os.Exit(1)
 	}
 	if *llmTimeout > 0 {
@@ -173,43 +170,6 @@ func main() {
 	ctx, cancel := context.WithTimeout(context.Background(), overallTimeout)
 	defer cancel()
 	// Load persona if specified (after Gitea client init to support repo personas)
 	var persona *review.Persona
 	if *personaName != "" {
 		// Try loading from repo first, then fall back to built-in
 		repoPersonas, err := review.LoadRepoPersonas(ctx, newGiteaClientAdapter(giteaClient), owner, repoName)
 		if err != nil {
 			slog.Warn("could not load repo personas", "repo", owner+"/"+repoName, "error", err)
 			// Continue with built-in personas only.
 			// NOTE: repoPersonas is nil here, but map indexing on a nil map is safe in Go
 			// (returns the zero value), so the fallback to built-in below works correctly.
 		}
 		if p, ok := repoPersonas[*personaName]; ok {
 			persona = p
 			slog.Info("loaded repo persona", "persona", persona.Name, "display", persona.DisplayName, "repo", owner+"/"+repoName)
 		} else {
 			// Fall back to built-in
 			persona, err = review.LoadBuiltinPersona(*personaName)
 			if err != nil {
 				slog.Error("failed to load persona", "persona", *personaName, "error", err)
 				os.Exit(1)
 			}
 			slog.Info("loaded built-in persona", "persona", persona.Name, "display", persona.DisplayName)
 		}
 	} else if *personaFile != "" {
 		resolvedPath, err := validateWorkspacePath(*personaFile, "persona-file")
 		if err != nil {
 			slog.Error("invalid persona-file path", "error", err)
 			os.Exit(1)
 		}
 		persona, err = review.LoadPersona(resolvedPath)
 		if err != nil {
 			slog.Error("failed to load persona file", "file", *personaFile, "error", err)
 			os.Exit(1)
 		}
 		slog.Info("loaded persona from file", "file", *personaFile, "persona", persona.Name)
 	}
 	slog.Info("reviewing pull request", "pr", prNumber, "repo", fmt.Sprintf("%s/%s", owner, repoName))
 	// Step 1: Fetch PR metadata
@@ -797,32 +757,3 @@ func shouldSkipStaleReview(evaluatedSHA, currentSHA string) bool {
 	}
 	return evaluatedSHA != currentSHA
 }
 // giteaClientAdapter adapts gitea.Client to review.GiteaClient interface.
 type giteaClientAdapter struct {
 	client *gitea.Client
 }
 func newGiteaClientAdapter(c *gitea.Client) *giteaClientAdapter {
 	return &giteaClientAdapter{client: c}
 }
 func (a *giteaClientAdapter) ListContents(ctx context.Context, owner, repo, path string) ([]review.ContentEntry, error) {
 	entries, err := a.client.ListContents(ctx, owner, repo, path)
 	if err != nil {
 		return nil, err
 	}
 	result := make([]review.ContentEntry, len(entries))
 	for i, e := range entries {
 		result[i] = review.ContentEntry{
 			Name: e.Name,
 			Path: e.Path,
 			Type: e.Type,
 		}
 	}
 	return result, nil
 }
 func (a *giteaClientAdapter) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
 	return a.client.GetFileContent(ctx, owner, repo, filepath)
 }
@@ -103,13 +103,11 @@ func TestValidateWorkspacePath(t *testing.T) {
 			errMatch:  "resolves outside workspace",
 		},
 		{
-			name:      "absolute path normalized to workspace-relative",
+			name:      "absolute path gets normalized to relative",
 			workspace: tmpDir,
 			path:      "/etc/passwd",
 			wantErr:   true,
-			// Go 1.21+ filepath.Join normalizes absolute paths: Join("/tmp/x", "/etc/passwd")
+			errMatch:  "failed to resolve", // filepath.Join strips leading / making it <workspace>/etc/passwd which doesn't exist
 			// becomes "/tmp/x/etc/passwd", which is within workspace but doesn't exist.
 			errMatch: "failed to resolve",
 		},
 		{
 			name:      "nonexistent file",
@@ -154,6 +152,7 @@ func TestValidateWorkspacePath(t *testing.T) {
 	}
 }
 func makeReview(id int64, login, state string, stale bool, body string) gitea.Review {
 	r := gitea.Review{
 		ID:    id,
@@ -165,6 +164,7 @@ func makeReview(id int64, login, state string, stale bool, body string) gitea.Re
 	return r
 }
 func TestBuildSupersededBody(t *testing.T) {
 	original := "# Review\n\nLooks good.\n\n<!-- review-bot:sonnet -->"
 	sentinel := "<!-- review-bot:sonnet -->"
@@ -734,8 +734,8 @@ func TestExtractSentinelName_EdgeCases(t *testing.T) {
 		{"<!-- review-bot:sonnet --> rest", "sonnet"},
 		{"<!-- review-bot:gpt-review --> rest", "gpt-review"},
 		{"no sentinel here", "unknown"},
-		{"<!-- review-bot:", "unknown"},                   // prefix but no suffix
+		{"<!-- review-bot:", "unknown"},       // prefix but no suffix
-		{"prefix <!-- review-bot:abc --> end", "abc"},     // embedded in text
+		{"prefix <!-- review-bot:abc --> end", "abc"}, // embedded in text
 	}
 	for _, tc := range tests {
@@ -1,9 +1,5 @@
 # Design: Role-based Review Personas (Issue #51)
 > **Note:** This design was revised during implementation to use JSON instead of YAML
 > to maintain the repository's zero-external-dependencies convention. All persona
 > files use JSON format. See "Design Revision" section at the end for details.
 ## Problem
 Current review-bot performs generic code review. Every reviewer (regardless of `reviewer-name`) uses the same base prompt and evaluates the same concerns. This leads to:
@@ -31,14 +27,14 @@ A persona is a named review role with:
 - **Scope boundaries** — What do I explicitly NOT comment on?
 - **Severity calibration** — What counts as MAJOR/MINOR/NIT for MY domain?
-Personas are defined in JSON files that can live:
+Personas are defined in YAML files that can live:
 1. In the pattern repos (shared across projects)
 2. In the target repo (project-specific personas)
-3. Inline via a new `--persona-file` flag (JSON format)
+3. Inline via a new `--persona-file` flag
 ### 2. Persona File Format
-```json
+```yaml
 # .review/personas/security.yaml
 name: security
 display_name: Security Specialist
@@ -81,7 +77,7 @@ output_format: |
 ### 3. New CLI Flags
 ```
--persona-file PATH      Path to persona JSON file (local or in repo)
+--persona-file PATH      Path to persona YAML file (local or in repo)
 --persona NAME           Built-in persona name (security, architect, domain)
 ```
@@ -1,108 +0,0 @@
 # Design: YAML Support for Persona Files (#57)
 ## Problem
 JSON is awkward for persona files that contain multi-line text (identity, severity descriptions). YAML supports cleaner multi-line strings and comments, improving readability and maintainability.
 ## Constraints
 - Backwards compatibility: existing JSON personas must continue to work
 - Security: protect against DoS via deeply nested YAML (AIKIDO-2024-10486)
 - Consistency: use `.yaml` extension (not `.yml`)
 - Library: use `gopkg.in/yaml.v3` (approved in CONVENTIONS.md) with explicit depth limiting
 ## Proposed Approach
 1. **Update `parsePersona`** to detect format from file extension
 2. **Add YAML parsing** with explicit depth limit (defense in depth)
 3. **Keep JSON as fallback** for files without `.yaml`/`.yml` extension
 4. **Convert built-in personas** to YAML format
 5. **Update embed directive** to include both formats
 ### File Extension Detection
 ```go
 func parsePersona(data []byte, source string) (*Persona, error) {
    isYAML := strings.HasSuffix(source, ".yaml") || strings.HasSuffix(source, ".yml")
    if isYAML {
        return parseYAML(data, source)
    }
    return parseJSON(data, source)
 }
 ```
 ### YAML Parsing with Depth Protection
 ```go
 func unmarshalYAMLWithDepthLimit(data []byte, out any, maxDepth int) error {
    var node yaml.Node
    dec := yaml.NewDecoder(bytes.NewReader(data))
    if err := dec.Decode(&node); err != nil {
        return err
    }
    if err := checkYAMLDepth(&node, 0, maxDepth); err != nil {
        return err
    }
    return node.Decode(out)
 }
 func checkYAMLDepth(node *yaml.Node, depth, maxDepth int) error {
    if depth > maxDepth {
        return fmt.Errorf("YAML nesting depth exceeds maximum (%d)", maxDepth)
    }
    // Handle alias nodes by following the Alias pointer
    if node.Kind == yaml.AliasNode && node.Alias != nil {
        return checkYAMLDepth(node.Alias, depth, maxDepth)
    }
    for _, child := range node.Content {
        if err := checkYAMLDepth(child, depth+1, maxDepth); err != nil {
            return err
        }
    }
    return nil
 }
 ```
 The `gopkg.in/yaml.v3` library does not have built-in depth protection, so we implement explicit depth checking by first decoding into a `yaml.Node`, walking the tree to verify depth (including alias resolution), then decoding into the target struct.
 ## State/Data Model
 No new state. Same `Persona` struct, just different parsing.
 ## Error Cases
 | Error | Handling |
 |-------|----------|
 | Invalid YAML syntax | Return parse error with source file |
 | Deeply nested YAML | Library rejects (v1.16.0+ fix) |
 | Unknown extension | Fall back to JSON parsing |
 | Missing required fields | Validation rejects after parse |
 ## Edge Cases
 - File with `.json` extension but YAML content → JSON parse fails, user sees error
 - File with no extension → defaults to JSON
 - Embedded persona reference like `builtin:security` → detect by embed path (`personas/X.yaml`)
 ## Testing Strategy
 1. Unit tests for YAML parsing (valid, invalid, deeply nested)
 2. Unit tests for extension detection
 3. Integration test for built-in personas (now YAML)
 4. Backwards compat test: verify JSON still works for external files
 ## Completion Checklist
 1. [ ] `go-yaml` dependency added at v1.16.0+
 2. [ ] Extension detection uses case-insensitive comparison
 3. [ ] YAML parse errors include source file name
 4. [ ] JSON parsing still works for `.json` files
 5. [ ] Built-in personas converted to YAML with readable multi-line strings
 6. [ ] Embed directive updated to include `*.yaml`
 7. [ ] Test for deeply nested YAML rejection
 8. [ ] All existing tests pass
 ## Open Questions
 - Should we support both `.yaml` AND `.yml`? Issue says `.yaml` only for consistency, but some users expect `.yml`. **Decision:** Support both for reading, recommend `.yaml` in docs.
 - Should we add a "format" field to detect mismatched extension/content? **Decision:** No, keep it simple. Extension determines format.
@@ -2,4 +2,4 @@ module gitea.weiker.me/rodin/review-bot
 go 1.26.2
-require gopkg.in/yaml.v3 v3.0.1
+require gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -1,4 +1,3 @@
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
@@ -1,391 +0,0 @@
 package llm
 import (
 	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"net/url"
 	"strings"
 	"sync"
 	"time"
 )
 // AICoreOpenAIAPIVersion is the API version used for OpenAI models through AI Core.
 // Update this when SAP AI Core releases a new stable version.
 const AICoreOpenAIAPIVersion = "2024-12-01-preview"
 // maxErrorBodyLen limits the length of response bodies included in error messages
 // to prevent leaking potentially sensitive upstream details in logs.
 const maxErrorBodyLen = 200
 // AICoreConfig holds SAP AI Core authentication and connection settings.
 type AICoreConfig struct {
 	ClientID      string
 	ClientSecret  string
 	AuthURL       string
 	APIURL        string
 	ResourceGroup string
 }
 // AICoreClient wraps AI Core authentication and deployment discovery.
 // Thread-safe for concurrent use after construction.
 //
 // Design: The deployment cache is populated once and never invalidated. This is
 // acceptable for short-lived CI runner processes, but longer-lived deployments
 // may want to add a TTL or re-fetch on errors.
 type AICoreClient struct {
 	config AICoreConfig
 	http   *http.Client
 	mu          sync.RWMutex
 	token       string
 	tokenExpiry time.Time
 	deployments map[string]string // model name -> deployment URL
 }
 // NewAICoreClient creates a new AI Core client with the given configuration.
 // The client uses a default 5-minute timeout; use WithTimeout to customize.
 func NewAICoreClient(cfg AICoreConfig) *AICoreClient {
 	return &AICoreClient{
 		config:      cfg,
 		http:        &http.Client{Timeout: 5 * time.Minute},
 		deployments: make(map[string]string),
 	}
 }
 // WithTimeout sets the HTTP request timeout for AI Core calls.
 // This should be called during construction, before concurrent use.
 func (c *AICoreClient) WithTimeout(d time.Duration) *AICoreClient {
 	c.http.Timeout = d
 	return c
 }
 // truncateBody truncates a response body for inclusion in error messages.
 // This prevents leaking potentially sensitive upstream response details in logs.
 func truncateBody(body []byte) string {
 	if len(body) <= maxErrorBodyLen {
 		return string(body)
 	}
 	return string(body[:maxErrorBodyLen]) + "..."
 }
 // getToken returns a valid OAuth token, refreshing if necessary.
 func (c *AICoreClient) getToken(ctx context.Context) (string, error) {
 	c.mu.RLock()
 	if c.token != "" && time.Now().Add(5*time.Minute).Before(c.tokenExpiry) {
 		token := c.token
 		c.mu.RUnlock()
 		return token, nil
 	}
 	c.mu.RUnlock()
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	// Double-check after acquiring write lock
 	if c.token != "" && time.Now().Add(5*time.Minute).Before(c.tokenExpiry) {
 		return c.token, nil
 	}
 	token, expiry, err := c.fetchToken(ctx)
 	if err != nil {
 		return "", err
 	}
 	c.token = token
 	c.tokenExpiry = expiry
 	return token, nil
 }
 func (c *AICoreClient) fetchToken(ctx context.Context) (string, time.Time, error) {
 	tokenURL := strings.TrimRight(c.config.AuthURL, "/") + "/oauth/token"
 	data := url.Values{}
 	data.Set("grant_type", "client_credentials")
 	data.Set("client_id", c.config.ClientID)
 	data.Set("client_secret", c.config.ClientSecret)
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, tokenURL, strings.NewReader(data.Encode()))
 	if err != nil {
 		return "", time.Time{}, fmt.Errorf("create token request: %w", err)
 	}
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	resp, err := c.http.Do(req)
 	if err != nil {
 		return "", time.Time{}, fmt.Errorf("token request: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", time.Time{}, fmt.Errorf("read token response: %w", err)
 	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return "", time.Time{}, fmt.Errorf("token request failed (status %d): %s", resp.StatusCode, truncateBody(body))
 	}
 	var tokenResp struct {
 		AccessToken string `json:"access_token"`
 		ExpiresIn   int    `json:"expires_in"`
 	}
 	if err := json.Unmarshal(body, &tokenResp); err != nil {
 		return "", time.Time{}, fmt.Errorf("parse token response: %w", err)
 	}
 	if tokenResp.AccessToken == "" {
 		return "", time.Time{}, fmt.Errorf("empty access token in response")
 	}
 	expiry := time.Now().Add(time.Duration(tokenResp.ExpiresIn) * time.Second)
 	return tokenResp.AccessToken, expiry, nil
 }
 // getDeploymentURL returns the deployment URL for a model, fetching deployments if needed.
 // getDeploymentURL returns the deployment URL for a model, fetching deployments if needed.
 // Also returns a valid token for use by the caller, avoiding redundant getToken calls.
 //
 // Note: The token is fetched before acquiring the write lock to avoid holding the lock
 // during network I/O. In rare cases where multiple goroutines race and one waits a long
 // time for the write lock, the token could theoretically expire. The 5-minute refresh
 // buffer in getToken makes this extremely unlikely in practice.
 func (c *AICoreClient) getDeploymentURL(ctx context.Context, model string) (deployURL, token string, err error) {
 	c.mu.RLock()
 	if u, ok := c.deployments[model]; ok {
 		c.mu.RUnlock()
 		// Still need a token for the caller
 		token, err = c.getToken(ctx)
 		if err != nil {
 			return "", "", fmt.Errorf("get token: %w", err)
 		}
 		return u, token, nil
 	}
 	c.mu.RUnlock()
 	// Fetch token first (before acquiring write lock to avoid holding lock during I/O)
 	token, err = c.getToken(ctx)
 	if err != nil {
 		return "", "", fmt.Errorf("get token for deployments: %w", err)
 	}
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	// Double-check after acquiring write lock
 	if u, ok := c.deployments[model]; ok {
 		return u, token, nil
 	}
 	if err := c.fetchDeployments(ctx, token); err != nil {
 		return "", "", err
 	}
 	if u, ok := c.deployments[model]; ok {
 		return u, token, nil
 	}
 	return "", "", fmt.Errorf("no deployment found for model %q", model)
 }
 func (c *AICoreClient) fetchDeployments(ctx context.Context, token string) error {
 	deployURL := strings.TrimRight(c.config.APIURL, "/") + "/v2/lm/deployments"
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, deployURL, nil)
 	if err != nil {
 		return fmt.Errorf("create deployments request: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+token)
 	req.Header.Set("AI-Resource-Group", c.config.ResourceGroup)
 	resp, err := c.http.Do(req)
 	if err != nil {
 		return fmt.Errorf("deployments request: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return fmt.Errorf("read deployments response: %w", err)
 	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return fmt.Errorf("deployments request failed (status %d): %s", resp.StatusCode, truncateBody(body))
 	}
 	var deployResp struct {
 		Resources []struct {
 			DeploymentURL string `json:"deploymentUrl"`
 			Status        string `json:"status"`
 			Details       struct {
 				Resources struct {
 					BackendDetails struct {
 						Model struct {
 							Name string `json:"name"`
 						} `json:"model"`
 					} `json:"backend_details"`
 				} `json:"resources"`
 			} `json:"details"`
 		} `json:"resources"`
 	}
 	if err := json.Unmarshal(body, &deployResp); err != nil {
 		return fmt.Errorf("parse deployments response: %w", err)
 	}
 	for _, r := range deployResp.Resources {
 		if r.Status != "RUNNING" {
 			continue
 		}
 		modelName := r.Details.Resources.BackendDetails.Model.Name
 		if modelName == "" {
 			continue
 		}
 		c.deployments[modelName] = r.DeploymentURL
 	}
 	return nil
 }
 // CompleteAnthropic sends a request to an Anthropic model via AI Core.
 func (c *AICoreClient) CompleteAnthropic(ctx context.Context, model string, messages []Message, maxTokens int, temperature float64) (string, error) {
 	deployURL, token, err := c.getDeploymentURL(ctx, model)
 	if err != nil {
 		return "", err
 	}
 	// Extract system message
 	var system string
 	var userMessages []anthropicMsg
 	for _, m := range messages {
 		if m.Role == "system" {
 			system = m.Content
 		} else {
 			userMessages = append(userMessages, anthropicMsg{
 				Role:    m.Role,
 				Content: m.Content,
 			})
 		}
 	}
 	reqBody := anthropicRequest{
 		AnthropicVersion: "bedrock-2023-05-31", // SAP AI Core uses Bedrock format
 		// Model omitted - AI Core deployment already specifies model
 		MaxTokens: maxTokens,
 		System:    system,
 		Messages:  userMessages,
 	}
 	if temperature > 0 {
 		reqBody.Temperature = temperature
 	}
 	data, err := json.Marshal(reqBody)
 	if err != nil {
 		return "", fmt.Errorf("marshal request: %w", err)
 	}
 	// AI Core uses /invoke for Anthropic models
 	invokeURL := strings.TrimRight(deployURL, "/") + "/invoke"
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, invokeURL, bytes.NewReader(data))
 	if err != nil {
 		return "", fmt.Errorf("create request: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+token)
 	req.Header.Set("AI-Resource-Group", c.config.ResourceGroup)
 	req.Header.Set("Content-Type", "application/json")
 	resp, err := c.http.Do(req)
 	if err != nil {
 		return "", fmt.Errorf("AI Core request: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", fmt.Errorf("read response: %w", err)
 	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return "", fmt.Errorf("AI Core API error (status %d): %s", resp.StatusCode, truncateBody(body))
 	}
 	var anthropicResp anthropicResponse
 	if err := json.Unmarshal(body, &anthropicResp); err != nil {
 		return "", fmt.Errorf("parse response: %w", err)
 	}
 	if len(anthropicResp.Content) == 0 {
 		return "", fmt.Errorf("no content in response")
 	}
 	var sb strings.Builder
 	for _, block := range anthropicResp.Content {
 		if block.Type == "text" {
 			sb.WriteString(block.Text)
 		}
 	}
 	result := sb.String()
 	if result == "" {
 		return "", fmt.Errorf("no text content in response")
 	}
 	return result, nil
 }
 // CompleteOpenAI sends a request to an OpenAI model via AI Core.
 func (c *AICoreClient) CompleteOpenAI(ctx context.Context, model string, messages []Message, temperature float64) (string, error) {
 	deployURL, token, err := c.getDeploymentURL(ctx, model)
 	if err != nil {
 		return "", err
 	}
 	reqBody := ChatRequest{
 		Model:       model,
 		Temperature: temperature,
 		Messages:    messages,
 	}
 	data, err := json.Marshal(reqBody)
 	if err != nil {
 		return "", fmt.Errorf("marshal request: %w", err)
 	}
 	// AI Core uses /chat/completions?api-version=<version> for OpenAI models
 	chatURL := strings.TrimRight(deployURL, "/") + "/chat/completions?api-version=" + AICoreOpenAIAPIVersion
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, chatURL, bytes.NewReader(data))
 	if err != nil {
 		return "", fmt.Errorf("create request: %w", err)
 	}
 	req.Header.Set("Authorization", "Bearer "+token)
 	req.Header.Set("AI-Resource-Group", c.config.ResourceGroup)
 	req.Header.Set("Content-Type", "application/json")
 	resp, err := c.http.Do(req)
 	if err != nil {
 		return "", fmt.Errorf("AI Core request: %w", err)
 	}
 	defer resp.Body.Close()
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", fmt.Errorf("read response: %w", err)
 	}
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
 		return "", fmt.Errorf("AI Core API error (status %d): %s", resp.StatusCode, truncateBody(body))
 	}
 	var openaiResp ChatResponse
 	if err := json.Unmarshal(body, &openaiResp); err != nil {
 		return "", fmt.Errorf("parse response: %w", err)
 	}
 	if len(openaiResp.Choices) == 0 {
 		return "", fmt.Errorf("no choices in response")
 	}
 	return openaiResp.Choices[0].Message.Content, nil
 }
 // IsAnthropicModel returns true if the model name indicates an Anthropic model.
 // SAP AI Core uses "anthropic--" prefix for Anthropic models (e.g., "anthropic--claude-3-5-sonnet").
 func IsAnthropicModel(model string) bool {
 	return strings.HasPrefix(model, "anthropic--")
 }
@@ -1,535 +0,0 @@
 package llm
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"strings"
 	"sync/atomic"
 	"testing"
 	"time"
 )
 func TestAICoreClient_TokenFetch(t *testing.T) {
 	tokenCalls := int32(0)
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/oauth/token" {
 			atomic.AddInt32(&tokenCalls, 1)
 			if r.Method != http.MethodPost {
 				t.Errorf("expected POST for token, got %s", r.Method)
 			}
 			if r.Header.Get("Content-Type") != "application/x-www-form-urlencoded" {
 				t.Errorf("expected form content type")
 			}
 			w.Header().Set("Content-Type", "application/json")
 			json.NewEncoder(w).Encode(map[string]interface{}{
 				"access_token": "test-token-123",
 				"expires_in":   3600,
 			})
 			return
 		}
 		t.Errorf("unexpected path: %s", r.URL.Path)
 	}))
 	defer server.Close()
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	token, err := client.getToken(context.Background())
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if token != "test-token-123" {
 		t.Errorf("expected token 'test-token-123', got %q", token)
 	}
 	// Second call should use cached token
 	token2, err := client.getToken(context.Background())
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if token2 != "test-token-123" {
 		t.Errorf("expected cached token")
 	}
 	if atomic.LoadInt32(&tokenCalls) != 1 {
 		t.Errorf("expected 1 token call (cached), got %d", tokenCalls)
 	}
 }
 func TestAICoreClient_DeploymentFetch(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/oauth/token" {
 			w.Header().Set("Content-Type", "application/json")
 			json.NewEncoder(w).Encode(map[string]interface{}{
 				"access_token": "test-token",
 				"expires_in":   3600,
 			})
 			return
 		}
 		if r.URL.Path == "/v2/lm/deployments" {
 			if r.Header.Get("Authorization") != "Bearer test-token" {
 				t.Errorf("expected Bearer auth")
 			}
 			if r.Header.Get("AI-Resource-Group") != "default" {
 				t.Errorf("expected resource group header")
 			}
 			w.Header().Set("Content-Type", "application/json")
 			json.NewEncoder(w).Encode(map[string]interface{}{
 				"resources": []map[string]interface{}{
 					{
 						"id":            "deploy-123",
 						"deploymentUrl": "https://example.com/v2/inference/deployments/deploy-123",
 						"status":        "RUNNING",
 						"details": map[string]interface{}{
 							"resources": map[string]interface{}{
 								"backend_details": map[string]interface{}{
 									"model": map[string]interface{}{
 										"name": "anthropic--claude-4.6-sonnet",
 									},
 								},
 							},
 						},
 					},
 					{
 						"id":            "deploy-456",
 						"deploymentUrl": "https://example.com/v2/inference/deployments/deploy-456",
 						"status":        "STOPPED",
 						"details": map[string]interface{}{
 							"resources": map[string]interface{}{
 								"backend_details": map[string]interface{}{
 									"model": map[string]interface{}{
 										"name": "gpt-5",
 									},
 								},
 							},
 						},
 					},
 					{
 						"id":            "deploy-789",
 						"deploymentUrl": "https://example.com/v2/inference/deployments/deploy-789",
 						"status":        "RUNNING",
 						"details": map[string]interface{}{
 							"resources": map[string]interface{}{
 								"backend_details": map[string]interface{}{
 									"model": map[string]interface{}{
 										"name": "gpt-5",
 									},
 								},
 							},
 						},
 					},
 				},
 			})
 			return
 		}
 		t.Errorf("unexpected path: %s", r.URL.Path)
 	}))
 	defer server.Close()
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	// Should find running deployment
 	url, _, err := client.getDeploymentURL(context.Background(), "anthropic--claude-4.6-sonnet")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if url != "https://example.com/v2/inference/deployments/deploy-123" {
 		t.Errorf("unexpected URL: %s", url)
 	}
 	// Should find running gpt-5, not stopped one
 	url, _, err = client.getDeploymentURL(context.Background(), "gpt-5")
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if url != "https://example.com/v2/inference/deployments/deploy-789" {
 		t.Errorf("unexpected URL: %s", url)
 	}
 	// Should error on unknown model
 	_, _, err = client.getDeploymentURL(context.Background(), "unknown-model")
 	if err == nil {
 		t.Error("expected error for unknown model")
 	}
 }
 func TestAICoreClient_CompleteAnthropic(t *testing.T) {
 	// baseURL is set after server creation; captured by closure in handlers
 	var baseURL string
 	mux := http.NewServeMux()
 	mux.HandleFunc("/oauth/token", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"access_token": "test-token",
 			"expires_in":   3600,
 		})
 	})
 	mux.HandleFunc("/v2/lm/deployments", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"resources": []map[string]interface{}{
 				{
 					"id":            "deploy-anthropic",
 					"deploymentUrl": baseURL + "/deployments/anthropic",
 					"status":        "RUNNING",
 					"details": map[string]interface{}{
 						"resources": map[string]interface{}{
 							"backend_details": map[string]interface{}{
 								"model": map[string]interface{}{
 									"name": "anthropic--claude-4.6-sonnet",
 								},
 							},
 						},
 					},
 				},
 			},
 		})
 	})
 	mux.HandleFunc("/deployments/anthropic/invoke", func(w http.ResponseWriter, r *http.Request) {
 		if r.Header.Get("Authorization") != "Bearer test-token" {
 			t.Errorf("expected Bearer auth on invoke")
 		}
 		var req anthropicRequest
 		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 			t.Fatalf("decode request: %v", err)
 		}
 		if req.AnthropicVersion != "bedrock-2023-05-31" {
 			t.Errorf("expected bedrock anthropic_version in request")
 		}
 		if req.System != "You are helpful" {
 			t.Errorf("expected system prompt: %q", req.System)
 		}
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"content": []map[string]interface{}{
 				{"type": "text", "text": "Hello from AI Core!"},
 			},
 		})
 	})
 	server := httptest.NewServer(mux)
 	baseURL = server.URL
 	defer server.Close()
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	result, err := client.CompleteAnthropic(context.Background(), "anthropic--claude-4.6-sonnet", []Message{
 		{Role: "system", Content: "You are helpful"},
 		{Role: "user", Content: "Hello"},
 	}, 8192, 0)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if result != "Hello from AI Core!" {
 		t.Errorf("expected 'Hello from AI Core!', got %q", result)
 	}
 }
 func TestAICoreClient_CompleteOpenAI(t *testing.T) {
 	var baseURL string
 	mux := http.NewServeMux()
 	mux.HandleFunc("/oauth/token", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"access_token": "test-token",
 			"expires_in":   3600,
 		})
 	})
 	mux.HandleFunc("/v2/lm/deployments", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"resources": []map[string]interface{}{
 				{
 					"id":            "deploy-openai",
 					"deploymentUrl": baseURL + "/deployments/openai",
 					"status":        "RUNNING",
 					"details": map[string]interface{}{
 						"resources": map[string]interface{}{
 							"backend_details": map[string]interface{}{
 								"model": map[string]interface{}{
 									"name": "gpt-5",
 								},
 							},
 						},
 					},
 				},
 			},
 		})
 	})
 	mux.HandleFunc("/deployments/openai/chat/completions", func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Query().Get("api-version") != AICoreOpenAIAPIVersion {
 			t.Errorf("expected api-version %s, got %s", AICoreOpenAIAPIVersion, r.URL.Query().Get("api-version"))
 		}
 		var req ChatRequest
 		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 			t.Fatalf("decode request: %v", err)
 		}
 		if req.Model != "gpt-5" {
 			t.Errorf("expected model gpt-5, got %s", req.Model)
 		}
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(ChatResponse{
 			Choices: []struct {
 				Message struct {
 					Content string `json:"content"`
 				} `json:"message"`
 			}{
 				{Message: struct {
 					Content string `json:"content"`
 				}{Content: "Hello from GPT-5!"}},
 			},
 		})
 	})
 	server := httptest.NewServer(mux)
 	baseURL = server.URL
 	defer server.Close()
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	result, err := client.CompleteOpenAI(context.Background(), "gpt-5", []Message{
 		{Role: "user", Content: "Hello"},
 	}, 0)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if result != "Hello from GPT-5!" {
 		t.Errorf("expected 'Hello from GPT-5!', got %q", result)
 	}
 }
 func TestIsAnthropicModel(t *testing.T) {
 	tests := []struct {
 		model    string
 		expected bool
 	}{
 		// SAP AI Core uses "anthropic--" prefix for Anthropic models
 		{"anthropic--claude-4.6-sonnet", true},
 		{"anthropic--claude-4.6-opus", true},
 		{"anthropic--claude-3-5-sonnet", true},
 		// Non-prefixed model names are not detected as Anthropic
 		// (SAP AI Core always uses the prefix for Anthropic models)
 		{"claude-sonnet-4", false},
 		{"gpt-5", false},
 		{"gpt-4.1", false},
 		{"llama-3", false},
 		{"my-claude-model", false}, // Avoid false positives on "claude" substring
 	}
 	for _, tt := range tests {
 		got := IsAnthropicModel(tt.model)
 		if got != tt.expected {
 			t.Errorf("IsAnthropicModel(%q) = %v, want %v", tt.model, got, tt.expected)
 		}
 	}
 }
 func TestAICoreClient_TokenExpiry(t *testing.T) {
 	tokenCalls := int32(0)
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/oauth/token" {
 			call := atomic.AddInt32(&tokenCalls, 1)
 			w.Header().Set("Content-Type", "application/json")
 			json.NewEncoder(w).Encode(map[string]interface{}{
 				"access_token": fmt.Sprintf("token-%d", call),
 				"expires_in":   1, // 1 second expiry
 			})
 			return
 		}
 	}))
 	defer server.Close()
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	// First call
 	token1, err := client.getToken(context.Background())
 	if err != nil {
 		t.Fatalf("first getToken: %v", err)
 	}
 	// Force token expiry by manipulating expiry time
 	client.mu.Lock()
 	client.tokenExpiry = time.Now().Add(-time.Hour)
 	client.mu.Unlock()
 	// Should fetch new token
 	token2, err := client.getToken(context.Background())
 	if err != nil {
 		t.Fatalf("second getToken: %v", err)
 	}
 	if token1 == token2 {
 		t.Error("expected different tokens after expiry")
 	}
 	if atomic.LoadInt32(&tokenCalls) != 2 {
 		t.Errorf("expected 2 token calls, got %d", tokenCalls)
 	}
 }
 func TestAICoreClient_WithTimeout(t *testing.T) {
 	client := NewAICoreClient(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       "https://auth.example.com",
 		APIURL:        "https://api.example.com",
 		ResourceGroup: "default",
 	})
 	// Default timeout is 5 minutes
 	if client.http.Timeout != 5*time.Minute {
 		t.Errorf("expected default timeout 5m, got %v", client.http.Timeout)
 	}
 	// WithTimeout should update the timeout
 	client.WithTimeout(10 * time.Minute)
 	if client.http.Timeout != 10*time.Minute {
 		t.Errorf("expected timeout 10m, got %v", client.http.Timeout)
 	}
 }
 func TestClient_WithAICore(t *testing.T) {
 	client := NewClient("http://example.com", "key", "model")
 	if client.provider != ProviderOpenAI {
 		t.Errorf("expected default provider openai, got %s", client.provider)
 	}
 	client.WithAICore(AICoreConfig{
 		ClientID:      "id",
 		ClientSecret:  "secret",
 		AuthURL:       "https://auth.example.com",
 		APIURL:        "https://api.example.com",
 		ResourceGroup: "default",
 	})
 	if client.provider != ProviderAICore {
 		t.Errorf("expected provider aicore, got %s", client.provider)
 	}
 	if client.aicore == nil {
 		t.Error("expected aicore client to be set")
 	}
 }
 func TestClient_WithTimeout_PropagatestoAICore(t *testing.T) {
 	client := NewClient("http://example.com", "key", "model").
 		WithAICore(AICoreConfig{
 			ClientID:      "id",
 			ClientSecret:  "secret",
 			AuthURL:       "https://auth.example.com",
 			APIURL:        "https://api.example.com",
 			ResourceGroup: "default",
 		})
 	// Default should be 5 minutes (inherited from parent client)
 	if client.aicore.http.Timeout != 5*time.Minute {
 		t.Errorf("expected aicore default timeout 5m, got %v", client.aicore.http.Timeout)
 	}
 	// WithTimeout should propagate to AI Core client
 	client.WithTimeout(15 * time.Minute)
 	if client.http.Timeout != 15*time.Minute {
 		t.Errorf("expected parent timeout 15m, got %v", client.http.Timeout)
 	}
 	if client.aicore.http.Timeout != 15*time.Minute {
 		t.Errorf("expected aicore timeout 15m, got %v", client.aicore.http.Timeout)
 	}
 }
 func TestClient_CompleteAICore(t *testing.T) {
 	var baseURL string
 	mux := http.NewServeMux()
 	mux.HandleFunc("/oauth/token", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"access_token": "test-token",
 			"expires_in":   3600,
 		})
 	})
 	mux.HandleFunc("/v2/lm/deployments", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(map[string]interface{}{
 			"resources": []map[string]interface{}{
 				{
 					"id":            "deploy-test",
 					"deploymentUrl": baseURL + "/deployments/test",
 					"status":        "RUNNING",
 					"details": map[string]interface{}{
 						"resources": map[string]interface{}{
 							"backend_details": map[string]interface{}{
 								"model": map[string]interface{}{
 									"name": "gpt-5",
 								},
 							},
 						},
 					},
 				},
 			},
 		})
 	})
 	mux.HandleFunc("/deployments/test/chat/completions", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		json.NewEncoder(w).Encode(ChatResponse{
 			Choices: []struct {
 				Message struct {
 					Content string `json:"content"`
 				} `json:"message"`
 			}{
 				{Message: struct {
 					Content string `json:"content"`
 				}{Content: "AI Core via Client works!"}},
 			},
 		})
 	})
 	server := httptest.NewServer(mux)
 	baseURL = server.URL
 	defer server.Close()
 	client := NewClient("", "", "gpt-5").WithAICore(AICoreConfig{
 		ClientID:      "test-id",
 		ClientSecret:  "test-secret",
 		AuthURL:       server.URL,
 		APIURL:        server.URL,
 		ResourceGroup: "default",
 	})
 	result, err := client.Complete(context.Background(), []Message{
 		{Role: "user", Content: "Hello"},
 	})
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
 	if !strings.Contains(result, "AI Core via Client works!") {
 		t.Errorf("unexpected result: %s", result)
 	}
 }
@@ -1,6 +1,6 @@
 // Package llm provides clients for LLM chat completion APIs.
 //
-// Supports OpenAI-compatible (default), Anthropic Messages API, and SAP AI Core providers.
+// Supports OpenAI-compatible (default) and Anthropic Messages API providers.
 package llm
 import (
@@ -22,8 +22,6 @@ const (
 	ProviderOpenAI Provider = "openai"
 	// ProviderAnthropic uses the Anthropic Messages API endpoint.
 	ProviderAnthropic Provider = "anthropic"
 	// ProviderAICore uses SAP AI Core with OAuth authentication.
 	ProviderAICore Provider = "aicore"
 )
 // Client calls an LLM chat completion API.
@@ -37,7 +35,6 @@ type Client struct {
 	temperature float64
 	provider    Provider
 	http        *http.Client
 	aicore      *AICoreClient // Only set when provider is aicore
 }
 // NewClient creates a new LLM client. Default provider is OpenAI-compatible.
@@ -52,12 +49,8 @@ func NewClient(baseURL, apiKey, model string) *Client {
 }
 // WithTimeout sets the HTTP request timeout for LLM calls (default 5 minutes).
 // When using AI Core, this also sets the timeout on the AI Core client.
 func (c *Client) WithTimeout(d time.Duration) *Client {
 	c.http.Timeout = d
 	if c.aicore != nil {
 		c.aicore.WithTimeout(d)
 	}
 	return c
 }
@@ -67,21 +60,12 @@ func (c *Client) WithTemperature(t float64) *Client {
 	return c
 }
-// WithProvider sets the API provider format (openai, anthropic, or aicore).
+// WithProvider sets the API provider format (openai or anthropic).
 func (c *Client) WithProvider(p Provider) *Client {
 	c.provider = p
 	return c
 }
 // WithAICore configures the client to use SAP AI Core for authentication.
 // This sets the provider to aicore automatically.
 // The AI Core client inherits the current HTTP timeout from this client.
 func (c *Client) WithAICore(cfg AICoreConfig) *Client {
 	c.provider = ProviderAICore
 	c.aicore = NewAICoreClient(cfg).WithTimeout(c.http.Timeout)
 	return c
 }
 // Message represents a chat message.
 type Message struct {
 	Role    string `json:"role"`
@@ -98,8 +82,6 @@ func (c *Client) Complete(ctx context.Context, messages []Message) (string, erro
 		switch c.provider {
 		case ProviderAnthropic:
 			result, err = c.completeAnthropic(ctx, messages)
 		case ProviderAICore:
 			result, err = c.completeAICore(ctx, messages)
 		default:
 			result, err = c.completeOpenAI(ctx, messages)
 		}
@@ -124,18 +106,6 @@ func (c *Client) Complete(ctx context.Context, messages []Message) (string, erro
 	return "", err
 }
 // completeAICore routes to AI Core using the appropriate endpoint based on model type.
 func (c *Client) completeAICore(ctx context.Context, messages []Message) (string, error) {
 	if c.aicore == nil {
 		return "", fmt.Errorf("AI Core client not configured")
 	}
 	if IsAnthropicModel(c.model) {
 		return c.aicore.CompleteAnthropic(ctx, c.model, messages, 8192, c.temperature)
 	}
 	return c.aicore.CompleteOpenAI(ctx, c.model, messages, c.temperature)
 }
 // isRetryableError returns true for transient errors worth retrying.
 func isRetryableError(err error) bool {
 	if err == nil {
@@ -206,12 +176,11 @@ func (c *Client) completeOpenAI(ctx context.Context, messages []Message) (string
 // --- Anthropic Messages API implementation ---
 type anthropicRequest struct {
-	AnthropicVersion string         `json:"anthropic_version,omitempty"`
+	Model       string            `json:"model"`
-	Model       string         `json:"model,omitempty"`
+	MaxTokens   int               `json:"max_tokens"`
-	MaxTokens   int            `json:"max_tokens"`
+	System      string            `json:"system,omitempty"`
-	System      string         `json:"system,omitempty"`
+	Messages    []anthropicMsg    `json:"messages"`
-	Messages    []anthropicMsg `json:"messages"`
+	Temperature float64           `json:"temperature,omitempty"`
 	Temperature float64        `json:"temperature,omitempty"`
 }
 type anthropicMsg struct {
@@ -37,7 +37,7 @@ func FormatMarkdownWithDisplay(result *ReviewResult, displayName, sentinelName s
 	}
 	if headerName != "" {
-		title := CapitalizeFirst(headerName)
+		title := strings.ToUpper(headerName[:1]) + headerName[1:]
 		sb.WriteString(fmt.Sprintf("# %s Review\n\n", title))
 	}
@@ -1,14 +1,12 @@
 package review
 import (
 	"bytes"
 	"embed"
 	"encoding/json"
 	"fmt"
 	"os"
-	"sort"
+	"path/filepath"
 	"strings"
 	"unicode/utf8"
 	"gopkg.in/yaml.v3"
 )
@@ -16,18 +14,6 @@ import (
 //go:embed personas/*.yaml
 var embeddedPersonas embed.FS
 // MaxPersonaFileSize is the maximum size for persona files (64 KB).
 // This prevents denial-of-service via excessively large files.
 const MaxPersonaFileSize = 64 * 1024
 // MaxYAMLDepth is the maximum nesting depth allowed in YAML persona files.
 // This prevents stack exhaustion from deeply nested structures.
 const MaxYAMLDepth = 20
 // MaxYAMLNodes is the maximum number of YAML nodes allowed in persona files.
 // This prevents DoS via wide-but-shallow structures that bypass depth limits.
 const MaxYAMLNodes = 1000
 // Persona defines a specialized review role with focused expertise.
 type Persona struct {
 	Name         string   `json:"name" yaml:"name"`
@@ -48,189 +34,71 @@ type Severity struct {
 	Nit   string `json:"nit" yaml:"nit"`
 }
-// LoadPersona loads a persona from a JSON or YAML file path.
+// LoadPersona loads a persona from a file path.
-// Format is detected by file extension: .yaml/.yml for YAML, .json or other for JSON.
+// Supports both YAML (.yaml, .yml) and JSON (.json) formats.
 // Files larger than MaxPersonaFileSize are rejected.
 //
 // Symlinks are supported: os.Stat follows symlinks, so a symlink pointing to
 // a regular file will pass the IsRegular() check. Symlinks to non-regular files
 // (directories, FIFOs, devices) are still rejected.
 func LoadPersona(path string) (*Persona, error) {
 	// os.Stat follows symlinks, so symlinks to regular files are supported.
 	// The IsRegular() check operates on the target, not the symlink itself.
 	info, err := os.Stat(path)
 	if err != nil {
 		return nil, fmt.Errorf("read persona file %s: %w", path, err)
 	}
 	if !info.Mode().IsRegular() {
 		return nil, fmt.Errorf("persona file %s is not a regular file", path)
 	}
 	if info.Size() > MaxPersonaFileSize {
 		return nil, fmt.Errorf("persona file %s exceeds maximum size (%d bytes)", path, MaxPersonaFileSize)
 	}
 	data, err := os.ReadFile(path)
 	if err != nil {
 		return nil, fmt.Errorf("read persona file %s: %w", path, err)
 	}
 	// Re-check size after read to defend against TOCTOU races where file
 	// grows between stat and read (e.g., appending process, replaced file).
 	if len(data) > MaxPersonaFileSize {
 		return nil, fmt.Errorf("persona file %s exceeds maximum size (%d bytes)", path, MaxPersonaFileSize)
 	}
 	return parsePersona(data, path)
 }
 // LoadBuiltinPersona loads a built-in persona by name.
 // Returns an error if the persona doesn't exist.
 // Built-in personas are stored in YAML format only (see embed directive).
 func LoadBuiltinPersona(name string) (*Persona, error) {
-	yamlFile := name + ".yaml"
+	filename := name + ".yaml"
-	data, err := embeddedPersonas.ReadFile("personas/" + yamlFile)
+	data, err := embeddedPersonas.ReadFile("personas/" + filename) // embed.FS paths use forward slashes per io/fs spec
 	if err != nil {
 		available := ListBuiltinPersonas()
 		return nil, fmt.Errorf("unknown built-in persona %q (available: %s)", name, strings.Join(available, ", "))
 	}
-	return parsePersona(data, "builtin:"+yamlFile)
+	return parsePersona(data, "builtin:"+name)
 }
-// ListBuiltinPersonas returns the names of all built-in personas in sorted order.
+// ListBuiltinPersonas returns the names of all built-in personas.
 // Returns an empty slice if the embedded directory cannot be read.
 func ListBuiltinPersonas() []string {
 	entries, err := embeddedPersonas.ReadDir("personas")
 	if err != nil {
-		return []string{}
+		return nil
 	}
-	seen := make(map[string]bool)
+	var names []string
 	for _, e := range entries {
 		if e.IsDir() {
 			continue
 		}
 		name := e.Name()
-		// Strip extension to get persona name
+		if strings.HasSuffix(name, ".yaml") {
-		var personaName string
+			names = append(names, strings.TrimSuffix(name, ".yaml"))
-		switch {
+		} else if strings.HasSuffix(name, ".yml") {
-		case strings.HasSuffix(name, ".yaml"):
+			names = append(names, strings.TrimSuffix(name, ".yml"))
 			personaName = strings.TrimSuffix(name, ".yaml")
 		case strings.HasSuffix(name, ".yml"):
 			personaName = strings.TrimSuffix(name, ".yml")
 		case strings.HasSuffix(name, ".json"):
 			personaName = strings.TrimSuffix(name, ".json")
 		default:
 			continue
 		}
 		if !seen[personaName] {
 			seen[personaName] = true
 		}
 	}
 	names := make([]string, 0, len(seen))
 	for name := range seen {
 		names = append(names, name)
 	}
 	sort.Strings(names)
 	return names
 }
 // parsePersona parses persona data from JSON or YAML format.
 // Format is detected by the source file extension.
 func parsePersona(data []byte, source string) (*Persona, error) {
 	lowerSource := strings.ToLower(source)
 	isYAML := strings.HasSuffix(lowerSource, ".yaml") || strings.HasSuffix(lowerSource, ".yml")
 	var p Persona
-	var err error
+	
-	if isYAML {
+	// Determine format by extension or try YAML first (it's a superset of JSON)
-		err = unmarshalYAMLWithDepthLimit(data, &p, MaxYAMLDepth)
+	ext := strings.ToLower(filepath.Ext(source))
 	if ext == ".json" {
 		if err := json.Unmarshal(data, &p); err != nil {
 			return nil, fmt.Errorf("parse persona %s: %w", source, err)
 		}
 	} else {
-		// Use json.Decoder with DisallowUnknownFields for consistency with
+		// YAML (also handles .yaml, .yml, and builtin: prefix)
-		// YAML's KnownFields(true) - both reject unknown fields to catch typos.
+		if err := yaml.Unmarshal(data, &p); err != nil {
-		dec := json.NewDecoder(bytes.NewReader(data))
+			return nil, fmt.Errorf("parse persona %s: %w", source, err)
-		dec.DisallowUnknownFields()
+		}
 		err = dec.Decode(&p)
 	}
 	if err != nil {
 		return nil, fmt.Errorf("parse persona %s: %w", source, err)
 	}
 	if err := validatePersona(&p, source); err != nil {
 		return nil, err
 	}
 	return &p, nil
 }
 // unmarshalYAMLWithDepthLimit unmarshals YAML data with explicit depth limiting
 // and strict field checking. This protects against stack exhaustion from deeply
 // nested structures and catches typos in field names.
 // Multi-document YAML files are rejected to prevent silent data loss.
 func unmarshalYAMLWithDepthLimit(data []byte, out any, maxDepth int) error {
 	// First pass: decode into a yaml.Node to check depth limits and node counts.
 	// This prevents stack exhaustion before we attempt to decode into structs.
 	var node yaml.Node
 	dec := yaml.NewDecoder(bytes.NewReader(data))
 	if err := dec.Decode(&node); err != nil {
 		return err
 	}
 	// Reject multi-document YAML files - silently ignoring additional documents
 	// could lead to confusing behavior where users think their changes take effect.
 	var extra yaml.Node
 	if dec.Decode(&extra) == nil {
 		return fmt.Errorf("multi-document YAML is not supported; only single-document files are allowed")
 	}
 	nodeCount := 0
 	if err := checkYAMLDepth(&node, 0, maxDepth, MaxYAMLNodes, make(map[*yaml.Node]struct{}), &nodeCount); err != nil {
 		return err
 	}
 	// Second pass: decode with strict field checking enabled.
 	// KnownFields(true) rejects unknown keys, catching typos like "focuss" or "identiy".
 	// We must re-decode from the original data because yaml.Node.Decode() doesn't
 	// support the KnownFields option.
 	strictDec := yaml.NewDecoder(bytes.NewReader(data))
 	strictDec.KnownFields(true)
 	return strictDec.Decode(out)
 }
 // checkYAMLDepth recursively checks that YAML nodes don't exceed the depth limit
 // or the total node count limit. It also detects alias cycles to prevent infinite
 // recursion from crafted YAML with self-referential aliases.
 func checkYAMLDepth(node *yaml.Node, depth, maxDepth, maxNodes int, seen map[*yaml.Node]struct{}, nodeCount *int) error {
 	if depth > maxDepth {
 		return fmt.Errorf("YAML nesting depth exceeds maximum (%d)", maxDepth)
 	}
 	// Track total nodes visited as defense-in-depth against wide-but-shallow attacks.
 	*nodeCount++
 	if *nodeCount > maxNodes {
 		return fmt.Errorf("YAML node count exceeds maximum (%d)", maxNodes)
 	}
 	// Cycle detection: if we've seen this node before, we're in a cycle.
 	if _, ok := seen[node]; ok {
 		return nil // Already validated this subtree, skip to avoid infinite recursion.
 	}
 	seen[node] = struct{}{}
 	// Handle alias nodes: follow the alias to its anchor target.
 	// Increment depth when following aliases since they expand the effective structure.
 	if node.Kind == yaml.AliasNode && node.Alias != nil {
 		return checkYAMLDepth(node.Alias, depth+1, maxDepth, maxNodes, seen, nodeCount)
 	}
 	for _, child := range node.Content {
 		if err := checkYAMLDepth(child, depth+1, maxDepth, maxNodes, seen, nodeCount); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 // ParsePersonaBytes parses persona data from bytes with a source label for errors.
 // This is useful for parsing personas fetched from external sources (e.g., Gitea API)
 // without requiring filesystem access. Format is detected by source extension.
 func ParsePersonaBytes(data []byte, source string) (*Persona, error) {
 	return parsePersona(data, source)
 }
 func validatePersona(p *Persona, source string) error {
 	if p.Name == "" {
 		return fmt.Errorf("persona %s: name is required", source)
@@ -244,16 +112,3 @@ func validatePersona(p *Persona, source string) error {
 	}
 	return nil
 }
 // CapitalizeFirst capitalizes the first rune of a string in a Unicode-safe way.
 // Returns the original string if it's empty.
 func CapitalizeFirst(s string) string {
 	if s == "" {
 		return s
 	}
 	r, size := utf8.DecodeRuneInString(s)
 	if r == utf8.RuneError {
 		return s
 	}
 	return strings.ToUpper(string(r)) + s[size:]
 }
@@ -1,13 +1,10 @@
 package review
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"gopkg.in/yaml.v3"
 )
 func TestLoadBuiltinPersona(t *testing.T) {
@@ -94,7 +91,7 @@ func TestLoadPersonaFromYAMLFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.yaml")
-	content := `# Test persona
+	content := `
 name: test
 display_name: Test Persona
 identity: |
@@ -134,39 +131,6 @@ severity:
 	}
 }
 func TestLoadPersonaFromYMLFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.yml")
 	content := `name: test
 display_name: Test YML
 identity: Test identity
 focus:
  - testing
 ignore: []
 severity:
  major: Big
  minor: Small
  nit: Tiny
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	if p.Name != "test" {
 		t.Errorf("Name = %q, want %q", p.Name, "test")
 	}
 	if p.DisplayName != "Test YML" {
 		t.Errorf("DisplayName = %q, want %q", p.DisplayName, "Test YML")
 	}
 }
 func TestLoadPersonaFromJSONFile(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "test.json")
@@ -174,9 +138,8 @@ func TestLoadPersonaFromJSONFile(t *testing.T) {
 	content := `{
 		"name": "test",
 		"display_name": "Test Persona",
-		"identity": "You are a test persona.\nMulti-line identity works.",
+		"identity": "You are a test persona.",
-		"focus": ["testing", "validation"],
+		"focus": ["testing"],
 		"ignore": ["nothing"],
 		"severity": {
 			"major": "Big problems",
@@ -200,49 +163,27 @@ func TestLoadPersonaFromJSONFile(t *testing.T) {
 	if p.DisplayName != "Test Persona" {
 		t.Errorf("DisplayName = %q, want %q", p.DisplayName, "Test Persona")
 	}
 	if len(p.Focus) != 2 {
 		t.Errorf("Focus len = %d, want 2", len(p.Focus))
 	}
 	if !strings.Contains(p.Identity, "Multi-line") {
 		t.Error("Identity should contain multi-line content")
 	}
 }
 func TestLoadPersonaValidation(t *testing.T) {
 	tests := []struct {
 		name    string
-		content string
+		yaml    string
 		ext     string
 		wantErr string
 	}{
 		{
-			name:    "missing name yaml",
+			name:    "missing name",
-			content: "identity: test\n",
+			yaml:    "identity: test",
 			ext:     ".yaml",
 			wantErr: "name is required",
 		},
 		{
-			name:    "missing identity yaml",
+			name:    "missing identity",
-			content: "name: test\n",
+			yaml:    "name: test",
 			ext:     ".yaml",
 			wantErr: "identity is required",
 		},
 		{
-			name:    "missing name json",
+			name: "display_name defaults to name",
-			content: `{"identity": "test"}`,
+			yaml: "name: test\nidentity: test identity",
 			ext:     ".json",
 			wantErr: "name is required",
 		},
 		{
 			name:    "missing identity json",
 			content: `{"name": "test"}`,
 			ext:     ".json",
 			wantErr: "identity is required",
 		},
 		{
 			name:    "display_name defaults to name",
 			content: "name: test\nidentity: test identity\n",
 			ext:     ".yaml",
 			// No error expected - should succeed
 		},
 	}
@@ -250,8 +191,8 @@ func TestLoadPersonaValidation(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
-			path := filepath.Join(dir, "test"+tt.ext)
+			path := filepath.Join(dir, "test.yaml")
-			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
+			if err := os.WriteFile(path, []byte(tt.yaml), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
@@ -290,7 +231,7 @@ func TestLoadPersonaFileNotFound(t *testing.T) {
 func TestLoadPersonaInvalidYAML(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "invalid.yaml")
-	if err := os.WriteFile(path, []byte("not valid yaml:\n  - [broken"), 0644); err != nil {
+	if err := os.WriteFile(path, []byte("not: valid: yaml: here"), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
@@ -299,480 +240,3 @@ func TestLoadPersonaInvalidYAML(t *testing.T) {
 		t.Error("expected error for invalid YAML")
 	}
 }
 func TestLoadPersonaInvalidJSON(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "invalid.json")
 	if err := os.WriteFile(path, []byte("not valid json {"), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for invalid JSON")
 	}
 }
 func TestLoadPersonaCaseInsensitiveExtension(t *testing.T) {
 	tests := []struct {
 		name string
 		ext  string
 	}{
 		{"lowercase yaml", ".yaml"},
 		{"uppercase YAML", ".YAML"},
 		{"mixed case Yaml", ".Yaml"},
 		{"lowercase yml", ".yml"},
 		{"uppercase YML", ".YML"},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "test"+tt.ext)
 			content := "name: test\nidentity: test identity\n"
 			if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			p, err := LoadPersona(path)
 			if err != nil {
 				t.Fatalf("LoadPersona failed for extension %s: %v", tt.ext, err)
 			}
 			if p.Name != "test" {
 				t.Errorf("Name = %q, want %q", p.Name, "test")
 			}
 		})
 	}
 }
 func TestCapitalizeFirst(t *testing.T) {
 	tests := []struct {
 		input string
 		want  string
 	}{
 		{"hello", "Hello"},
 		{"Hello", "Hello"},
 		{"HELLO", "HELLO"},
 		{"a", "A"},
 		{"", ""},
 		{"日本語", "日本語"}, // Non-ASCII: Japanese doesn't have case
 		{"über", "Über"},   // German umlaut
 		{"élève", "Élève"}, // French accent
 	}
 	for _, tt := range tests {
 		t.Run(tt.input, func(t *testing.T) {
 			got := CapitalizeFirst(tt.input)
 			if got != tt.want {
 				t.Errorf("CapitalizeFirst(%q) = %q, want %q", tt.input, got, tt.want)
 			}
 		})
 	}
 }
 func TestListBuiltinPersonasReturnsEmptySlice(t *testing.T) {
 	// ListBuiltinPersonas should return an empty slice (not nil) on error.
 	// We can't easily test the error case, but we can verify the success case
 	// returns a proper slice.
 	names := ListBuiltinPersonas()
 	if names == nil {
 		t.Error("ListBuiltinPersonas should return empty slice, not nil")
 	}
 }
 func TestYAMLMultilineStrings(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "multiline.yaml")
 	// Test literal block scalar (|) which preserves newlines
 	content := `name: multiline
 display_name: Multiline Test
 identity: |
  First line.
  Second line.
  Third line.
 focus:
  - item one
 ignore: []
 severity:
  major: Major issue
  minor: Minor issue
  nit: Nit
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	// Literal block scalar preserves newlines
 	if !strings.Contains(p.Identity, "\n") {
 		t.Error("Identity should contain newlines from literal block scalar")
 	}
 	if !strings.Contains(p.Identity, "Second line") {
 		t.Error("Identity should contain 'Second line'")
 	}
 }
 func TestYAMLComments(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "comments.yaml")
 	content := `# This is a comment
 name: commented  # inline comment
 display_name: Commented Persona
 # Another comment
 identity: Test identity
 focus:
  - item  # comment after item
 ignore: []
 severity:
  major: Major
  minor: Minor
  nit: Nit
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	p, err := LoadPersona(path)
 	if err != nil {
 		t.Fatalf("LoadPersona failed: %v", err)
 	}
 	// Comments should be ignored
 	if p.Name != "commented" {
 		t.Errorf("Name = %q, want %q", p.Name, "commented")
 	}
 	if p.Focus[0] != "item" {
 		t.Errorf("Focus[0] = %q, want %q", p.Focus[0], "item")
 	}
 }
 func TestYAMLDeeplyNestedRejection(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "deeply-nested.yaml")
 	// Build a deeply nested YAML structure that exceeds MaxYAMLDepth (20).
 	// Each level adds 2 to the depth count (key + value mapping).
 	var sb strings.Builder
 	sb.WriteString("name: test\nidentity: test\nnested:\n")
 	indent := "  "
 	for i := 0; i < 25; i++ {
 		sb.WriteString(strings.Repeat(indent, i+1))
 		sb.WriteString(fmt.Sprintf("level%d:\n", i))
 	}
 	sb.WriteString(strings.Repeat(indent, 26))
 	sb.WriteString("value: too-deep\n")
 	if err := os.WriteFile(path, []byte(sb.String()), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for deeply nested YAML, got nil")
 	}
 	if !strings.Contains(err.Error(), "nesting depth exceeds") {
 		t.Errorf("error = %q, want containing 'nesting depth exceeds'", err.Error())
 	}
 }
 func TestYAMLFileSizeLimit(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "huge.yaml")
 	// Create a file larger than MaxPersonaFileSize (64 KB)
 	content := "name: test\nidentity: " + strings.Repeat("x", MaxPersonaFileSize+1) + "\n"
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for oversized file, got nil")
 	}
 	if !strings.Contains(err.Error(), "exceeds maximum size") {
 		t.Errorf("error = %q, want containing 'exceeds maximum size'", err.Error())
 	}
 }
 func TestYAMLAliasCycleDetection(t *testing.T) {
 	// Test that our checkYAMLDepth function handles alias cycles gracefully
 	// by using the seen map to prevent infinite recursion.
 	// We test this directly because go-yaml's parser handles most cycles
 	// at parse time, but we need to ensure our checker is robust.
 	// Create a node structure where an alias points to a parent node,
 	// simulating what could happen with malicious input that bypasses
 	// go-yaml's cycle detection.
 	parent := &yaml.Node{
 		Kind: yaml.MappingNode,
 		Content: []*yaml.Node{
 			{Kind: yaml.ScalarNode, Value: "name"},
 			{Kind: yaml.ScalarNode, Value: "test"},
 			{Kind: yaml.ScalarNode, Value: "nested"},
 		},
 	}
 	// Create a child that aliases back to the parent (artificial cycle)
 	aliasToParent := &yaml.Node{
 		Kind:  yaml.AliasNode,
 		Alias: parent,
 	}
 	parent.Content = append(parent.Content, aliasToParent)
 	nodeCount := 0
 	seen := make(map[*yaml.Node]struct{})
 	// This should NOT hang or stack overflow - the seen map prevents infinite recursion
 	err := checkYAMLDepth(parent, 0, MaxYAMLDepth, MaxYAMLNodes, seen, &nodeCount)
 	if err != nil {
 		t.Errorf("unexpected error traversing cyclic structure: %v", err)
 	}
 	// Verify we tracked the parent in the seen map
 	if _, ok := seen[parent]; !ok {
 		t.Error("parent node not tracked in seen map")
 	}
 }
 func TestYAMLMultiDocumentRejection(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "multi.yaml")
 	// Multi-document YAML (documents separated by ---)
 	content := `name: first
 identity: first document
 ---
 name: second
 identity: second document
 `
 	if err := os.WriteFile(path, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for multi-document YAML, got nil")
 	}
 	if !strings.Contains(err.Error(), "multi-document") {
 		t.Errorf("error = %q, want containing 'multi-document'", err.Error())
 	}
 }
 func TestYAMLNodeCountLimit(t *testing.T) {
 	dir := t.TempDir()
 	path := filepath.Join(dir, "wide.yaml")
 	// Build a YAML structure that's shallow but wide - many keys at the same level
 	// to test the node count limit (should exceed MaxYAMLNodes = 1000)
 	var sb strings.Builder
 	sb.WriteString("name: test\nidentity: test\n")
 	for i := 0; i < 600; i++ {
 		sb.WriteString(fmt.Sprintf("key%d: value%d\n", i, i))
 	}
 	if err := os.WriteFile(path, []byte(sb.String()), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	_, err := LoadPersona(path)
 	if err == nil {
 		t.Error("expected error for wide YAML exceeding node count, got nil")
 	}
 	if !strings.Contains(err.Error(), "node count exceeds") {
 		t.Errorf("error = %q, want containing 'node count exceeds'", err.Error())
 	}
 }
 func TestCheckYAMLDepthCycleDetectionDirect(t *testing.T) {
 	// Direct test of cycle detection in checkYAMLDepth by creating
 	// a node structure with an artificial cycle.
 	// This tests the seen map logic independent of go-yaml's parsing.
 	node := &yaml.Node{
 		Kind: yaml.MappingNode,
 		Content: []*yaml.Node{
 			{Kind: yaml.ScalarNode, Value: "key"},
 			{Kind: yaml.ScalarNode, Value: "value"},
 		},
 	}
 	// Create a cycle by making a child reference the parent
 	cycleChild := &yaml.Node{
 		Kind:  yaml.AliasNode,
 		Alias: node, // Points back to the parent
 	}
 	node.Content = append(node.Content,
 		&yaml.Node{Kind: yaml.ScalarNode, Value: "cyclic"},
 		cycleChild,
 	)
 	nodeCount := 0
 	seen := make(map[*yaml.Node]struct{})
 	err := checkYAMLDepth(node, 0, MaxYAMLDepth, MaxYAMLNodes, seen, &nodeCount)
 	// Should complete without infinite recursion due to cycle detection
 	if err != nil {
 		t.Errorf("unexpected error: %v", err)
 	}
 	// The seen map should contain multiple entries
 	if len(seen) < 2 {
 		t.Errorf("seen map has %d entries, expected at least 2", len(seen))
 	}
 }
 func TestListBuiltinPersonasSortedOrder(t *testing.T) {
 	names := ListBuiltinPersonas()
 	if len(names) < 2 {
 		t.Skip("need at least 2 personas to test ordering")
 	}
 	// Verify the list is sorted
 	for i := 1; i < len(names); i++ {
 		if names[i-1] > names[i] {
 			t.Errorf("ListBuiltinPersonas not sorted: %q > %q", names[i-1], names[i])
 		}
 	}
 }
 func TestYAMLUnknownFieldsRejected(t *testing.T) {
 	tests := []struct {
 		name    string
 		content string
 		wantErr string
 	}{
 		{
 			name: "unknown top-level field",
 			content: `name: test
 identity: test identity
 unknown_field: should fail
 `,
 			wantErr: "unknown_field",
 		},
 		{
 			name: "typo in field name",
 			content: `name: test
 identiy: typo should fail
 `,
 			wantErr: "identiy",
 		},
 		{
 			name: "unknown field in severity",
 			content: `name: test
 identity: test
 severity:
  major: Major
  minro: typo
 `,
 			wantErr: "minro",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "unknown.yaml")
 			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			_, err := LoadPersona(path)
 			if err == nil {
 				t.Errorf("expected error for unknown field %q, got nil", tt.wantErr)
 				return
 			}
 			if !strings.Contains(err.Error(), tt.wantErr) {
 				t.Errorf("error = %q, want containing %q", err.Error(), tt.wantErr)
 			}
 		})
 	}
 }
 func TestJSONUnknownFieldsRejected(t *testing.T) {
 	tests := []struct {
 		name    string
 		content string
 		wantErr string
 	}{
 		{
 			name: "unknown top-level field",
 			content: `{
 				"name": "test",
 				"identity": "test identity",
 				"unknown_field": "should fail"
 			}`,
 			wantErr: "unknown_field",
 		},
 		{
 			name: "typo in field name",
 			content: `{
 				"name": "test",
 				"identiy": "typo should fail"
 			}`,
 			wantErr: "identiy",
 		},
 		{
 			name: "unknown field in severity",
 			content: `{
 				"name": "test",
 				"identity": "test",
 				"severity": {
 					"major": "ok",
 					"miner": "typo"
 				}
 			}`,
 			wantErr: "miner",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			dir := t.TempDir()
 			path := filepath.Join(dir, "test.json")
 			if err := os.WriteFile(path, []byte(tt.content), 0644); err != nil {
 				t.Fatalf("failed to write test file: %v", err)
 			}
 			_, err := LoadPersona(path)
 			if err == nil {
 				t.Fatal("expected error for unknown field, got nil")
 			}
 			if !strings.Contains(err.Error(), tt.wantErr) {
 				t.Errorf("error = %q, want to contain %q", err.Error(), tt.wantErr)
 			}
 		})
 	}
 }
 func TestLoadPersonaSymlink(t *testing.T) {
 	// Create a regular persona file
 	dir := t.TempDir()
 	realFile := filepath.Join(dir, "real.yaml")
 	content := `name: test
 identity: test identity
 `
 	if err := os.WriteFile(realFile, []byte(content), 0644); err != nil {
 		t.Fatalf("failed to write test file: %v", err)
 	}
 	// Create a symlink to it
 	symlink := filepath.Join(dir, "link.yaml")
 	if err := os.Symlink(realFile, symlink); err != nil {
 		t.Fatalf("failed to create symlink: %v", err)
 	}
 	// LoadPersona should work via symlink
 	p, err := LoadPersona(symlink)
 	if err != nil {
 		t.Fatalf("LoadPersona via symlink failed: %v", err)
 	}
 	if p.Name != "test" {
 		t.Errorf("Name = %q, want %q", p.Name, "test")
 	}
 }
@@ -1,6 +1,3 @@
 # Software Architect Persona
 # Focuses on design quality, patterns, and code organization
 name: architect
 display_name: Software Architect
@@ -1,6 +1,3 @@
 # Documentation Reviewer Persona
 # Focuses on clarity, documentation quality, and self-documenting code
 name: docs
 display_name: Documentation Reviewer
@@ -1,6 +1,3 @@
 # Security Specialist Persona
 # Focuses on vulnerabilities, auth issues, and security best practices
 name: security
 display_name: Security Specialist
@@ -1,150 +0,0 @@
 package review
 import (
 	"context"
 	"log/slog"
 	"strings"
 )
 // RepoPersonaPath is the directory path where repo-specific personas are stored.
 const RepoPersonaPath = ".review-bot/personas"
 // GiteaClient defines the subset of gitea.Client methods needed for loading repo personas.
 // This interface allows for easier testing and decouples the review package from gitea.
 type GiteaClient interface {
 	ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error)
 	GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error)
 }
 // ContentEntry represents a file or directory entry from the contents API.
 // This mirrors gitea.ContentEntry to avoid import cycles.
 type ContentEntry struct {
 	Name string `json:"name"`
 	Path string `json:"path"`
 	Type string `json:"type"` // "file" or "dir"
 }
 // LoadRepoPersonas fetches personas from a repository's .review-bot/personas/ directory.
 // Returns an empty map (not nil) if the directory doesn't exist or is empty.
 // Individual parse failures are logged and skipped; the remaining personas are still returned.
 // Auth errors and other non-404 errors are propagated.
 // Files exceeding MaxPersonaFileSize are rejected to prevent resource exhaustion.
 func LoadRepoPersonas(ctx context.Context, client GiteaClient, owner, repo string) (map[string]*Persona, error) {
 	result := make(map[string]*Persona)
 	entries, err := client.ListContents(ctx, owner, repo, RepoPersonaPath)
 	if err != nil {
 		// Check if this is a 404 (directory doesn't exist) - expected case
 		if isNotFoundError(err) {
 			slog.Debug("no repo personas directory found", "repo", owner+"/"+repo)
 			return result, nil
 		}
 		// Other errors (auth, server) should propagate
 		return nil, err
 	}
 	if len(entries) == 0 {
 		slog.Debug("repo personas directory is empty", "repo", owner+"/"+repo)
 		return result, nil
 	}
 	for _, entry := range entries {
 		if entry.Type != "file" {
 			continue
 		}
 		// Only process YAML files
 		if !isYAMLFile(entry.Name) {
 			continue
 		}
 		content, err := client.GetFileContent(ctx, owner, repo, entry.Path)
 		if err != nil {
 			slog.Warn("could not fetch repo persona file",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"error", err)
 			continue
 		}
 		// Enforce size limit before parsing to prevent resource exhaustion
 		if len(content) > MaxPersonaFileSize {
 			slog.Warn("repo persona file exceeds maximum size",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"size", len(content),
 				"max", MaxPersonaFileSize)
 			continue
 		}
 		persona, err := ParsePersonaBytes([]byte(content), entry.Path)
 		if err != nil {
 			slog.Warn("could not parse repo persona file",
 				"file", entry.Path,
 				"repo", owner+"/"+repo,
 				"error", err)
 			continue
 		}
 		result[persona.Name] = persona
 		slog.Debug("loaded repo persona",
 			"name", persona.Name,
 			"file", entry.Path,
 			"repo", owner+"/"+repo)
 	}
 	return result, nil
 }
 // MergePersonas combines built-in personas with repo personas.
 // Repo personas take precedence on name collision.
 // Returns a new map; inputs are not modified.
 func MergePersonas(builtin, repo map[string]*Persona) map[string]*Persona {
 	result := make(map[string]*Persona, len(builtin)+len(repo))
 	// Copy built-in personas first
 	for name, p := range builtin {
 		result[name] = p
 	}
 	// Overlay repo personas (override on collision)
 	for name, p := range repo {
 		if _, exists := result[name]; exists {
 			slog.Debug("repo persona overrides built-in", "name", name)
 		}
 		result[name] = p
 	}
 	return result
 }
 // GetBuiltinPersonasMap returns all built-in personas as a map keyed by name.
 // Returns an empty map (not nil) if loading fails.
 func GetBuiltinPersonasMap() map[string]*Persona {
 	result := make(map[string]*Persona)
 	for _, name := range ListBuiltinPersonas() {
 		p, err := LoadBuiltinPersona(name)
 		if err != nil {
 			slog.Warn("could not load built-in persona", "name", name, "error", err)
 			continue
 		}
 		result[name] = p
 	}
 	return result
 }
 // isYAMLFile checks if a filename has a YAML extension.
 func isYAMLFile(name string) bool {
 	lower := strings.ToLower(name)
 	return strings.HasSuffix(lower, ".yaml") || strings.HasSuffix(lower, ".yml")
 }
 // isNotFoundError checks if an error represents a 404 response.
 // This uses a specific "HTTP 404" substring match rather than a generic "not found"
 // match to avoid masking authentication failures or transport errors that might
 // contain "not found" in their message.
 func isNotFoundError(err error) bool {
 	if err == nil {
 		return false
 	}
 	return strings.Contains(err.Error(), "HTTP 404")
 }
@@ -1,443 +0,0 @@
 package review
 import (
 	"context"
 	"errors"
 	"strings"
 	"testing"
 )
 func TestParsePersonaBytes(t *testing.T) {
 	tests := []struct {
 		name       string
 		data       string
 		source     string
 		wantName   string
 		wantErr    string
 	}{
 		{
 			name: "valid yaml",
 			data: `name: test
 identity: test identity
 focus:
  - testing
 `,
 			source:   "test.yaml",
 			wantName: "test",
 		},
 		{
 			name:    "missing name",
 			data:    "identity: test\n",
 			source:  "test.yaml",
 			wantErr: "name is required",
 		},
 		{
 			name:    "invalid yaml",
 			data:    "not: valid:\n  yaml: [broken",
 			source:  "test.yaml",
 			wantErr: "parse",
 		},
 		{
 			name: "json format by extension",
 			data: `{"name": "jsontest", "identity": "json identity"}`,
 			source:   "test.json",
 			wantName: "jsontest",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			p, err := ParsePersonaBytes([]byte(tt.data), tt.source)
 			if tt.wantErr != "" {
 				if err == nil {
 					t.Fatalf("expected error containing %q, got nil", tt.wantErr)
 				}
 				if !strings.Contains(err.Error(), tt.wantErr) {
 					t.Errorf("error = %q, want containing %q", err.Error(), tt.wantErr)
 				}
 				return
 			}
 			if err != nil {
 				t.Fatalf("unexpected error: %v", err)
 			}
 			if p.Name != tt.wantName {
 				t.Errorf("Name = %q, want %q", p.Name, tt.wantName)
 			}
 		})
 	}
 }
 // mockGiteaClient implements GiteaClient for testing.
 type mockGiteaClient struct {
 	contents map[string][]ContentEntry // path -> entries
 	files    map[string]string         // path -> content
 	listErr  error
 	fileErr  map[string]error // path -> error
 }
 func (m *mockGiteaClient) ListContents(ctx context.Context, owner, repo, path string) ([]ContentEntry, error) {
 	if m.listErr != nil {
 		return nil, m.listErr
 	}
 	entries, ok := m.contents[path]
 	if !ok {
 		return nil, errors.New("list contents .review-bot/personas: HTTP 404: not found")
 	}
 	return entries, nil
 }
 func (m *mockGiteaClient) GetFileContent(ctx context.Context, owner, repo, filepath string) (string, error) {
 	if m.fileErr != nil {
 		if err, ok := m.fileErr[filepath]; ok {
 			return "", err
 		}
 	}
 	content, ok := m.files[filepath]
 	if !ok {
 		return "", errors.New("HTTP 404: file not found")
 	}
 	return content, nil
 }
 func TestLoadRepoPersonas(t *testing.T) {
 	ctx := context.Background()
 	t.Run("directory not found returns empty map", func(t *testing.T) {
 		client := &mockGiteaClient{} // No contents configured -> 404
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if personas == nil {
 			t.Error("expected empty map, got nil")
 		}
 		if len(personas) != 0 {
 			t.Errorf("expected 0 personas, got %d", len(personas))
 		}
 	})
 	t.Run("empty directory returns empty map", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {},
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 0 {
 			t.Errorf("expected 0 personas, got %d", len(personas))
 		}
 	})
 	t.Run("loads valid personas", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "trading.yaml", Path: ".review-bot/personas/trading.yaml", Type: "file"},
 					{Name: "crypto.yaml", Path: ".review-bot/personas/crypto.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/trading.yaml": `name: trading
 display_name: Trading Expert
 identity: You are a trading expert.
 focus:
  - order handling
  - risk management
 `,
 				".review-bot/personas/crypto.yaml": `name: crypto
 display_name: Crypto Expert
 identity: You are a cryptography expert.
 focus:
  - key management
  - encryption
 `,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 2 {
 			t.Fatalf("expected 2 personas, got %d", len(personas))
 		}
 		if personas["trading"] == nil {
 			t.Error("expected trading persona")
 		}
 		if personas["crypto"] == nil {
 			t.Error("expected crypto persona")
 		}
 		if personas["trading"].DisplayName != "Trading Expert" {
 			t.Errorf("trading display name = %q, want %q", personas["trading"].DisplayName, "Trading Expert")
 		}
 	})
 	t.Run("skips invalid persona files", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "valid.yaml", Path: ".review-bot/personas/valid.yaml", Type: "file"},
 					{Name: "invalid.yaml", Path: ".review-bot/personas/invalid.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/valid.yaml": `name: valid
 identity: Valid persona
 `,
 				".review-bot/personas/invalid.yaml": "not valid yaml: [broken",
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		// Should have the valid one, skip the invalid
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped invalid), got %d", len(personas))
 		}
 		if personas["valid"] == nil {
 			t.Error("expected valid persona")
 		}
 	})
 	t.Run("skips non-yaml files", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "persona.yaml", Path: ".review-bot/personas/persona.yaml", Type: "file"},
 					{Name: "README.md", Path: ".review-bot/personas/README.md", Type: "file"},
 					{Name: "notes.txt", Path: ".review-bot/personas/notes.txt", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/persona.yaml": `name: test
 identity: Test persona
 `,
 				".review-bot/personas/README.md": "# Personas\n\nPut your personas here.",
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (yaml only), got %d", len(personas))
 		}
 	})
 	t.Run("skips subdirectories", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "persona.yaml", Path: ".review-bot/personas/persona.yaml", Type: "file"},
 					{Name: "subdir", Path: ".review-bot/personas/subdir", Type: "dir"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/persona.yaml": `name: test
 identity: Test persona
 `,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (files only), got %d", len(personas))
 		}
 	})
 	t.Run("propagates auth errors", func(t *testing.T) {
 		client := &mockGiteaClient{
 			listErr: errors.New("HTTP 401: unauthorized"),
 		}
 		_, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err == nil {
 			t.Fatal("expected error for auth failure")
 		}
 		if !strings.Contains(err.Error(), "401") {
 			t.Errorf("error = %q, want containing '401'", err.Error())
 		}
 	})
 	t.Run("skips files that fail to fetch", func(t *testing.T) {
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "good.yaml", Path: ".review-bot/personas/good.yaml", Type: "file"},
 					{Name: "bad.yaml", Path: ".review-bot/personas/bad.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/good.yaml": `name: good
 identity: Good persona
 `,
 			},
 			fileErr: map[string]error{
 				".review-bot/personas/bad.yaml": errors.New("HTTP 500: internal server error"),
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped failed fetch), got %d", len(personas))
 		}
 	})
 	t.Run("skips oversized files", func(t *testing.T) {
 		// Create a content string that exceeds MaxPersonaFileSize (64KB)
 		oversizedContent := strings.Repeat("a", MaxPersonaFileSize+1)
 		client := &mockGiteaClient{
 			contents: map[string][]ContentEntry{
 				RepoPersonaPath: {
 					{Name: "normal.yaml", Path: ".review-bot/personas/normal.yaml", Type: "file"},
 					{Name: "huge.yaml", Path: ".review-bot/personas/huge.yaml", Type: "file"},
 				},
 			},
 			files: map[string]string{
 				".review-bot/personas/normal.yaml": `name: normal
 identity: Normal sized persona
 `,
 				".review-bot/personas/huge.yaml": oversizedContent,
 			},
 		}
 		personas, err := LoadRepoPersonas(ctx, client, "owner", "repo")
 		if err != nil {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		// Should have the normal one, skip the oversized
 		if len(personas) != 1 {
 			t.Fatalf("expected 1 persona (skipped oversized), got %d", len(personas))
 		}
 		if personas["normal"] == nil {
 			t.Error("expected normal persona")
 		}
 	})
 }
 func TestMergePersonas(t *testing.T) {
 	builtin := map[string]*Persona{
 		"security": {Name: "security", Identity: "Built-in security"},
 		"docs":     {Name: "docs", Identity: "Built-in docs"},
 	}
 	repo := map[string]*Persona{
 		"security": {Name: "security", Identity: "Repo security override"},
 		"trading":  {Name: "trading", Identity: "Repo trading"},
 	}
 	merged := MergePersonas(builtin, repo)
 	t.Run("repo overrides builtin on collision", func(t *testing.T) {
 		if merged["security"].Identity != "Repo security override" {
 			t.Errorf("security identity = %q, want repo override", merged["security"].Identity)
 		}
 	})
 	t.Run("builtin preserved when no collision", func(t *testing.T) {
 		if merged["docs"].Identity != "Built-in docs" {
 			t.Errorf("docs identity = %q, want built-in", merged["docs"].Identity)
 		}
 	})
 	t.Run("repo-only persona added", func(t *testing.T) {
 		if merged["trading"] == nil {
 			t.Error("expected trading persona from repo")
 		}
 		if merged["trading"].Identity != "Repo trading" {
 			t.Errorf("trading identity = %q, want repo", merged["trading"].Identity)
 		}
 	})
 	t.Run("original maps not modified", func(t *testing.T) {
 		if builtin["trading"] != nil {
 			t.Error("builtin map was modified")
 		}
 		if len(repo) != 2 {
 			t.Error("repo map was modified")
 		}
 	})
 }
 func TestGetBuiltinPersonasMap(t *testing.T) {
 	personas := GetBuiltinPersonasMap()
 	if len(personas) == 0 {
 		t.Fatal("expected at least one built-in persona")
 	}
 	// Verify expected personas exist
 	expected := []string{"security", "architect", "docs"}
 	for _, name := range expected {
 		if personas[name] == nil {
 			t.Errorf("expected built-in persona %q", name)
 		}
 	}
 	// Verify personas are valid
 	for name, p := range personas {
 		if p.Name != name {
 			t.Errorf("persona %q has mismatched name %q", name, p.Name)
 		}
 		if p.Identity == "" {
 			t.Errorf("persona %q has empty identity", name)
 		}
 	}
 }
 func TestIsYAMLFile(t *testing.T) {
 	tests := []struct {
 		name string
 		want bool
 	}{
 		{"test.yaml", true},
 		{"test.yml", true},
 		{"test.YAML", true},
 		{"test.YML", true},
 		{"test.json", false},
 		{"test.md", false},
 		{"test.txt", false},
 		{"yaml", false},
 		{"yaml.md", false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := isYAMLFile(tt.name); got != tt.want {
 				t.Errorf("isYAMLFile(%q) = %v, want %v", tt.name, got, tt.want)
 			}
 		})
 	}
 }
 func TestIsNotFoundError(t *testing.T) {
 	tests := []struct {
 		err  error
 		want bool
 	}{
 		{nil, false},
 		{errors.New("HTTP 404: not found"), true},
 		{errors.New("HTTP 404"), true},
 		// Intentionally false: generic "not found" could mask auth/transport errors.
 		// Only explicit HTTP 404 responses should be treated as "directory doesn't exist".
 		{errors.New("something not found"), false},
 		{errors.New("HTTP 401: unauthorized"), false},
 		{errors.New("connection refused"), false},
 	}
 	for _, tt := range tests {
 		name := "nil"
 		if tt.err != nil {
 			name = tt.err.Error()
 		}
 		t.Run(name, func(t *testing.T) {
 			if got := isNotFoundError(tt.err); got != tt.want {
 				t.Errorf("isNotFoundError(%v) = %v, want %v", tt.err, got, tt.want)
 			}
 		})
 	}
 }
@@ -1,127 +0,0 @@
 #!/usr/bin/env bash
 # check-deps.sh - Enforces the strict dependency allowlist from CONVENTIONS.md
 # Exit 1 if any unapproved import is found.
 #
 # Requires: Bash 4+ (for associative arrays), Go toolchain
 # 
 # The allowlist is parsed from CONVENTIONS.md to maintain a single source of truth.
 # Enforces Scope column: "test only" packages cannot appear in non-test code.
 set -euo pipefail
 # Check bash version
 if ((BASH_VERSINFO[0] < 4)); then
    echo "❌ Bash 4+ required (found ${BASH_VERSION})"
    echo "   On macOS: brew install bash"
    exit 1
 fi
 CONVENTIONS_FILE="${1:-CONVENTIONS.md}"
 if [ ! -f "$CONVENTIONS_FILE" ]; then
    echo "❌ CONVENTIONS.md not found"
    exit 1
 fi
 # Parse approved packages from CONVENTIONS.md table using awk (POSIX-compatible)
 # Format: | `package` | use case | scope |
 declare -A ALLOWED_PROD=()
 declare -A ALLOWED_TEST=()
 while IFS= read -r line; do
    # Use awk to extract package and scope from table row
    pkg=$(echo "$line" | awk -F'|' '{gsub(/^[[:space:]]*`|`[[:space:]]*$/, "", $2); print $2}')
    scope=$(echo "$line" | awk -F'|' '{gsub(/^[[:space:]]+|[[:space:]]+$/, "", $4); print tolower($4)}')
    if [ -n "$pkg" ] && [ "$pkg" != "Package" ] && [[ "$pkg" =~ ^[a-zA-Z] ]]; then
        if [[ "$scope" == *"test"* ]]; then
            ALLOWED_TEST["$pkg"]=1
        else
            ALLOWED_PROD["$pkg"]=1
        fi
    fi
 done < <(grep '| `' "$CONVENTIONS_FILE" 2>/dev/null || true)
 ALL_ALLOWED=("${!ALLOWED_PROD[@]}" "${!ALLOWED_TEST[@]}")
 if [ ${#ALL_ALLOWED[@]} -eq 0 ]; then
    echo "⚠️  No approved packages found in $CONVENTIONS_FILE"
    echo "   (This is fine if you want stdlib-only)"
 fi
 # Helper: check if import matches any package in an associative array (literal prefix, no glob)
 matches_allowlist() {
    local import="$1"
    shift
    local -n allowlist=$1
    for allowed in "${!allowlist[@]}"; do
        # Exact match
        if [ "$import" = "$allowed" ]; then
            return 0
        fi
        # Literal prefix match for subpackages: must match "pkg/" exactly
        if [ "${import#"$allowed/"}" != "$import" ]; then
            return 0
        fi
    done
    return 1
 }
 # Get direct module dependencies from go.mod
 DIRECT_IMPORTS=$(go list -m -f '{{if and (not .Indirect) (not .Main)}}{{.Path}}{{end}}' all 2>&1) || {
    echo "❌ Failed to list dependencies: $DIRECT_IMPORTS"
    exit 1
 }
 DIRECT_IMPORTS=$(echo "$DIRECT_IMPORTS" | grep -v '^$' || true)
 if [ -z "$DIRECT_IMPORTS" ]; then
    echo "✅ No external dependencies"
    exit 0
 fi
 # Check ALL direct dependencies are in some allowlist
 VIOLATIONS=""
 while IFS= read -r import; do
    [ -z "$import" ] && continue
    if ! matches_allowlist "$import" ALLOWED_PROD && ! matches_allowlist "$import" ALLOWED_TEST; then
        VIOLATIONS="${VIOLATIONS}  - ${import} (not in allowlist)"$'\n'
    fi
 done <<< "$DIRECT_IMPORTS"
 if [ -n "$VIOLATIONS" ]; then
    echo "❌ UNAPPROVED DEPENDENCIES DETECTED"
    echo ""
    echo "The following imports are not in the allowlist:"
    printf "%s" "$VIOLATIONS"
    echo ""
    echo "To add a dependency, update CONVENTIONS.md (requires Aaron's approval)"
    exit 1
 fi
 # Enforce Scope: test-only packages must not appear in non-test code
 # Get imports used by non-test code only (go list -deps without -test excludes test deps)
 PROD_IMPORTS=$(go list -deps -f '{{if not .Standard}}{{.ImportPath}}{{end}}' ./... 2>/dev/null || true)
 TEST_ONLY_IN_PROD=""
 for test_pkg in "${!ALLOWED_TEST[@]}"; do
    # Use word-boundary matching: exact match or followed by /
    if echo "$PROD_IMPORTS" | grep -qE "^${test_pkg}(/|\$|$)"; then
        TEST_ONLY_IN_PROD="${TEST_ONLY_IN_PROD}  - ${test_pkg} (marked 'test only' but used in production code)"$'\n'
    fi
 done
 if [ -n "$TEST_ONLY_IN_PROD" ]; then
    echo "❌ TEST-ONLY DEPENDENCIES IN PRODUCTION CODE"
    echo ""
    printf "%s" "$TEST_ONLY_IN_PROD"
    echo ""
    echo "These packages are marked 'test only' in CONVENTIONS.md"
    echo "and must only be imported from *_test.go files."
    exit 1
 fi
 echo "✅ All dependencies are approved"
 echo "   Direct module deps: $(echo "$DIRECT_IMPORTS" | wc -l | tr -d ' ')"
 echo "   Production allowlist: ${#ALLOWED_PROD[@]}, Test-only allowlist: ${#ALLOWED_TEST[@]}"
`@@ -2,4 +2,4 @@ module gitea.weiker.me/rodin/review-bot`

	`go 1.26.2`	`go 1.26.2`

	`require gopkg.in/yaml.v3 v3.0.1`	`require gopkg.in/yaml.v3 v3.0.1 // indirect`