1.3.0 rc

deployment/config/java-shared/application.properties.sample

@@ -232,6 +232,7 @@ llm.sync.anthropic.api-key=
 #RAG
 codecrow.rag.api.url=http://host.docker.internal:8001
 codecrow.rag.api.enabled=true
+codecrow.rag.api.secret=change-me-to-a-random-secret
 # RAG API timeouts (in seconds)
 codecrow.rag.api.timeout.connect=30
 codecrow.rag.api.timeout.read=120

deployment/config/mcp-client/.env.sample

@@ -2,6 +2,17 @@ AI_CLIENT_PORT=8000
 RAG_ENABLED=true
 RAG_API_URL=http://host.docker.internal:8001
 
+# === Service-to-Service Auth ===
+# Shared secret for authenticating requests between internal services.
+# Must match the SERVICE_SECRET configured on rag-pipeline.
+# Leave empty to disable auth (dev mode only).
+# IMPORTANT: Avoid $ { } characters in the secret — they can cause dotenv parsing issues.
+SERVICE_SECRET=change-me-to-a-random-secret
+
+# === Concurrency ===
+# Max parallel review requests handled simultaneously (default: 4)
+MAX_CONCURRENT_REVIEWS=4
+
 # API access for Platform MCP (internal network only)
 CODECROW_API_URL=http://codecrow-web-application:8081
 

deployment/config/rag-pipeline/.env.sample

@@ -1,7 +1,37 @@
+# === Service-to-Service Auth ===
+# Shared secret for authenticating incoming requests from mcp-client.
+# Must match the SERVICE_SECRET configured on mcp-client.
+# Leave empty to disable auth (dev mode only).
+# IMPORTANT: Avoid $ { } characters in the secret — they can cause dotenv parsing issues.
+SERVICE_SECRET=change-me-to-a-random-secret
+
+# === Path Traversal Guard ===
+# Root directory that repo_path arguments are allowed under.
+# The rag-pipeline will reject any index/query request whose resolved
+# path escapes this directory. Default: /tmp
+ALLOWED_REPO_ROOT=/tmp
+
 #QDRANT configuration
 QDRANT_URL=http://qdrant:6333
 QDRANT_COLLECTION_PREFIX=codecrow
 
+# ollama/openrouter
+EMBEDDING_PROVIDER=openrouter
+OLLAMA_BASE_URL=http://localhost:11434
+OLLAMA_EMBEDDING_MODEL=qwen3-embedding:0.6b
+
+# Ollama Performance Tuning
+# Batch size for embedding requests (higher = better throughput, more memory)
+OLLAMA_BATCH_SIZE=100
+# Request timeout in seconds (increase for slow CPU)
+OLLAMA_TIMEOUT=120
+
+# CPU Threading Optimization (set based on your CPU cores)
+# Recommended: physical_cores - 1 (leave 1 core for system)
+OMP_NUM_THREADS=6
+MKL_NUM_THREADS=6
+OPENBLAS_NUM_THREADS=6
+
 # OpenRouter Configuration
 # Get your API key from https://openrouter.ai/
 OPENROUTER_API_KEY=sk-or-v1-your-api-key-here

deployment/config/web-frontend/.env.sample

@@ -3,6 +3,26 @@ VITE_WEBHOOK_URL=http://localhost:8082
 VITE_GOOGLE_CLIENT_ID=YOUR_GOOGLE_CLIENT_ID
 SERVER_PORT=8080
 
+VITE_BLOG_URL=http://localhost:8083
+
+# ============================================================================
+# Feature Flags (Cloud-specific features - disabled by default for OSS)
+# ============================================================================
+# Set to "true" to enable cloud features. Leave empty or "false" to disable.
+#
+# VITE_FEATURE_BILLING - Enables billing page, subscription management, payment methods
+VITE_FEATURE_BILLING=false
+#
+# VITE_FEATURE_CLOUD_PLANS - Enables cloud subscription plans (Pro, Pro+, Enterprise)
+VITE_FEATURE_CLOUD_PLANS=false
+#
+# VITE_FEATURE_USAGE_ANALYTICS - Enables usage tracking and quota management
+VITE_FEATURE_USAGE_ANALYTICS=false
+#
+# VITE_FEATURE_ENTERPRISE - Enables SSO, SAML, and advanced team management
+VITE_FEATURE_ENTERPRISE=false
+
+
 # New Relic Browser Monitoring (Optional - leave empty to disable)
 # Get these values from: https://one.newrelic.com -> Browser -> Add data -> Browser monitoring
 # License Key: Use the BROWSER (Ingest) license key, NOT the main license key

java-ecosystem/libs/analysis-engine/pom.xml

@@ -68,6 +68,12 @@
             <artifactId>okhttp</artifactId>
         </dependency>
 
+        <!-- JTokkit for token counting -->
+        <dependency>
+            <groupId>com.knuddels</groupId>
+            <artifactId>jtokkit</artifactId>
+        </dependency>
+
         <!-- Test Dependencies -->
         <dependency>
             <groupId>org.junit.jupiter</groupId>

java-ecosystem/libs/analysis-engine/src/main/java/module-info.java

@@ -18,10 +18,12 @@
     requires com.fasterxml.jackson.annotation;
     requires jakarta.persistence;
     requires kotlin.stdlib;
+    requires jtokkit;
 
     exports org.rostilos.codecrow.analysisengine.aiclient;
     exports org.rostilos.codecrow.analysisengine.config;
     exports org.rostilos.codecrow.analysisengine.dto.request.ai;
+    exports org.rostilos.codecrow.analysisengine.dto.request.ai.enrichment;
     exports org.rostilos.codecrow.analysisengine.dto.request.processor;
     exports org.rostilos.codecrow.analysisengine.dto.request.validation;
     exports org.rostilos.codecrow.analysisengine.exception;

java-ecosystem/libs/analysis-engine/src/main/java/org/rostilos/codecrow/analysisengine/aiclient/AiAnalysisClient.java

@@ -160,7 +160,7 @@ public Map<String, Object> performAnalysis(AiAnalysisRequest request, java.util.
 
     /**
      * Extracts analysis data from nested response structure.
-     * Expected: response -> result -> {comment, issues}
+     * Expected: response -> result -> {comment, issues, inference_stats}
      * Issues can be either a List (array) or Map (object with numeric keys)
      */
     private Map<String, Object> extractAndValidateAnalysisData(Map response) throws IOException {
@@ -176,6 +176,15 @@ private Map<String, Object> extractAndValidateAnalysisData(Map response) throws
             if (result == null) {
                 throw new IOException("Missing 'result' field in AI response");
             }
+
+            // Check for error response from MCP client
+            Object errorFlag = result.get("error");
+            if (Boolean.TRUE.equals(errorFlag) || "true".equals(String.valueOf(errorFlag))) {
+                String errorMessage = result.get("error_message") != null 
+                    ? String.valueOf(result.get("error_message"))
+                    : String.valueOf(result.get("comment"));
+                throw new IOException("Analysis failed: " + errorMessage);
+            }
 
             if (!result.containsKey("comment") || !result.containsKey("issues")) {
                 throw new IOException("Analysis data missing required fields: 'comment' and/or 'issues'");

java-ecosystem/libs/analysis-engine/src/main/java/org/rostilos/codecrow/analysisengine/dto/request/ai/AiAnalysisRequestImpl.java

@@ -1,6 +1,7 @@
 package org.rostilos.codecrow.analysisengine.dto.request.ai;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
+import org.rostilos.codecrow.analysisengine.dto.request.ai.enrichment.PrEnrichmentDataDto;
 import org.rostilos.codecrow.core.model.ai.AIConnection;
 import org.rostilos.codecrow.core.model.ai.AIProviderKey;
 import org.rostilos.codecrow.core.model.codeanalysis.AnalysisMode;
@@ -44,6 +45,9 @@
     protected final String deltaDiff;
     protected final String previousCommitHash;
     protected final String currentCommitHash;
+
+    // File enrichment data (full file contents + dependency graph)
+    protected final PrEnrichmentDataDto enrichmentData;
 
     protected AiAnalysisRequestImpl(Builder<?> builder) {
         this.projectId = builder.projectId;
@@ -74,6 +78,8 @@
         this.deltaDiff = builder.deltaDiff;
         this.previousCommitHash = builder.previousCommitHash;
         this.currentCommitHash = builder.currentCommitHash;
+        // File enrichment data
+        this.enrichmentData = builder.enrichmentData;
     }
 
     public Long getProjectId() {
@@ -181,6 +187,10 @@
         return currentCommitHash;
     }
 
+    public PrEnrichmentDataDto getEnrichmentData() {
+        return enrichmentData;
+    }
+
 
     public static Builder<?> builder() {
         return new Builder<>();
@@ -216,6 +226,8 @@
         private String deltaDiff;
         private String previousCommitHash;
         private String currentCommitHash;
+        // File enrichment data
+        private PrEnrichmentDataDto enrichmentData;
 
         protected Builder() {
         }
@@ -278,6 +290,113 @@
             return self();
         }
 
+        /**
+         * Set previous issues from ALL PR analysis versions.
+         * This provides the LLM with complete issue history including resolved issues,
+         * helping it understand what was already found and fixed.
+         * 
+         * Issues are deduplicated by fingerprint (file + line ±3 + severity + truncated reason).
+         * When duplicates exist across versions, we keep the most recent version's data
+         * but preserve resolved status if ANY version marked it resolved.
+         * 
+         * @param allPrAnalyses List of all analyses for this PR, ordered by version DESC (newest first)
+         */
+        public T withAllPrAnalysesData(List<CodeAnalysis> allPrAnalyses) {
+            if (allPrAnalyses == null || allPrAnalyses.isEmpty()) {
+                return self();
+            }
+
+            // Convert all issues to DTOs
+            List<AiRequestPreviousIssueDTO> allIssues = allPrAnalyses.stream()
+                    .flatMap(analysis -> analysis.getIssues().stream())
+                    .map(AiRequestPreviousIssueDTO::fromEntity)
+                    .toList();
+
+            // Deduplicate: group by fingerprint, keep most recent version but preserve resolved status
+            java.util.Map<String, AiRequestPreviousIssueDTO> deduped = new java.util.LinkedHashMap<>();
+
+            for (AiRequestPreviousIssueDTO issue : allIssues) {
+                String fingerprint = computeIssueFingerprint(issue);
+                AiRequestPreviousIssueDTO existing = deduped.get(fingerprint);
+
+                if (existing == null) {
+                    // First occurrence of this issue
+                    deduped.put(fingerprint, issue);
+                } else {
+                    // Duplicate found - keep the one with higher prVersion (more recent)
+                    // But if older version is resolved and newer is not, preserve resolved status
+                    int existingVersion = existing.prVersion() != null ? existing.prVersion() : 0;
+                    int currentVersion = issue.prVersion() != null ? issue.prVersion() : 0;
+
+                    boolean existingResolved = "resolved".equalsIgnoreCase(existing.status());
+                    boolean currentResolved = "resolved".equalsIgnoreCase(issue.status());
+
+                    if (currentVersion > existingVersion) {
+                        // Current is newer - use it, but preserve resolved status if existing was resolved
+                        if (existingResolved && !currentResolved) {
+                            // Older version was resolved but newer one isn't marked - use resolved data from older
+                            deduped.put(fingerprint, mergeResolvedStatus(issue, existing));
+                        } else {
+                            deduped.put(fingerprint, issue);
+                        }
+                    } else if (existingVersion == currentVersion) {
+                        // Same version - prefer resolved one
+                        if (currentResolved && !existingResolved) {
+                            deduped.put(fingerprint, issue);
+                        }
+                    }
+                    // If existing is newer, keep it (already in map)
+                }
+            }
+
+            this.previousCodeAnalysisIssues = new java.util.ArrayList<>(deduped.values());
+
+            return self();
+        }
+
+        /**
+         * Compute a fingerprint for an issue to detect duplicates across PR versions.
+         * Uses: file + normalized line (±3 tolerance) + severity + first 50 chars of reason.
+         */
+        private String computeIssueFingerprint(AiRequestPreviousIssueDTO issue) {
+            String file = issue.file() != null ? issue.file() : "";
+            // Normalize line to nearest multiple of 3 for tolerance
+            int lineGroup = issue.line() != null ? (issue.line() / 3) : 0;
+            String severity = issue.severity() != null ? issue.severity() : "";
+            String reasonPrefix = issue.reason() != null 
+                ? issue.reason().substring(0, Math.min(50, issue.reason().length())).toLowerCase().trim()
+                : "";
+
+            return file + "::" + lineGroup + "::" + severity + "::" + reasonPrefix;
+        }
+
+        /**
+         * Merge resolved status from an older issue version into a newer one.
+         * Creates a new DTO with the newer issue's data but the older issue's resolution info.
+         */
+        private AiRequestPreviousIssueDTO mergeResolvedStatus(
+                AiRequestPreviousIssueDTO newer, 
+                AiRequestPreviousIssueDTO resolvedOlder) {
+            return new AiRequestPreviousIssueDTO(
+                    newer.id(),
+                    newer.type(),
+                    newer.severity(),
+                    newer.reason(),
+                    newer.suggestedFixDescription(),
+                    newer.suggestedFixDiff(),
+                    newer.file(),
+                    newer.line(),
+                    newer.branch(),
+                    newer.pullRequestId(),
+                    resolvedOlder.status(), // Use resolved status from older
+                    newer.category(),
+                    newer.prVersion(),
+                    resolvedOlder.resolvedDescription(),
+                    resolvedOlder.resolvedByCommit(),
+                    resolvedOlder.resolvedInAnalysisId()
+            );
+        }
+
         public T withMaxAllowedTokens(int maxAllowedTokens) {
             this.maxAllowedTokens = maxAllowedTokens;
             return self();
@@ -354,6 +473,11 @@
             return self();
         }
 
+        public T withEnrichmentData(PrEnrichmentDataDto enrichmentData) {
+            this.enrichmentData = enrichmentData;
+            return self();
+        }
+
         public AiAnalysisRequestImpl build() {
             return new AiAnalysisRequestImpl(this);
         }

java-ecosystem/libs/analysis-engine/src/main/java/org/rostilos/codecrow/analysisengine/dto/request/ai/AiRequestPreviousIssueDTO.java

@@ -15,12 +15,23 @@ public record AiRequestPreviousIssueDTO(
         String branch,
         String pullRequestId,
         String status, // open|resolved|ignored
-        String category
+        String category,
+        // Resolution tracking fields
+        Integer prVersion, // Which PR iteration this issue was found in
+        String resolvedDescription, // Description of how the issue was resolved
+        String resolvedByCommit, // Commit hash that resolved the issue
+        Long resolvedInAnalysisId // Analysis ID where this was resolved (null if still open)
 ) {
     public static AiRequestPreviousIssueDTO fromEntity(CodeAnalysisIssue issue) {
         String categoryStr = issue.getIssueCategory() != null 
             ? issue.getIssueCategory().name() 
             : IssueCategory.CODE_QUALITY.name();
+
+        Integer prVersion = null;
+        if (issue.getAnalysis() != null) {
+            prVersion = issue.getAnalysis().getPrVersion();
+        }
+
         return new AiRequestPreviousIssueDTO(
                 String.valueOf(issue.getId()),
                 categoryStr,
@@ -33,7 +44,11 @@ public static AiRequestPreviousIssueDTO fromEntity(CodeAnalysisIssue issue) {
                 issue.getAnalysis() == null ? null : issue.getAnalysis().getBranchName(),
                 issue.getAnalysis() == null || issue.getAnalysis().getPrNumber() == null ? null : String.valueOf(issue.getAnalysis().getPrNumber()),
                 issue.isResolved() ? "resolved" : "open",
-                categoryStr
+                categoryStr,
+                prVersion,
+                issue.getResolvedDescription(),
+                issue.getResolvedCommitHash(),
+                issue.getResolvedAnalysisId()
         );
     }
 }