feat(review): MR-review pipeline + review_changes MCP tool + codeiq review CLI

Plan Phase 3 — `codeiq review` and the `review_changes` MCP tool: index +
LLM review of a PR diff against the indexed graph.

Pieces:
- internal/review/diff.go — ParseDiff + GitDiff: shells `git diff` and
  parses the unified output into per-file ChangedFile{Path, Hunks,
  AddedLines, RemovedLines}.
- internal/review/config.go — Config + DefaultConfig. Targets local
  Ollama by default; OLLAMA_API_KEY flips to Ollama Cloud (gpt-oss:20b).
- internal/review/client.go — HTTP wrapper over the OpenAI-compatible
  /chat/completions endpoint Ollama (and most LLM proxies) expose. Single
  hard-coded system prompt; user prompt is the assembled diff + evidence.
  Strict JSON response shape: {summary, findings:[{file,line,severity,comment}]}.
- internal/review/service.go — Orchestrator. Diff → prompt → Client.Review.
  GraphContext interface lets cli/mcp inject graph evidence; nil means
  diff-only.
- internal/cli/review.go — `codeiq review [path]` subcommand with
  --base/--head/--model/--out/--format=markdown|json/--focus.
- internal/mcp/tools_review.go — `review_changes` MCP tool (consolidated
  alongside the other 6 phase-2 tools).

Tests (TDD per CLAUDE.md):
- TestParseDiff_FileWithSingleHunk / MultipleFiles / Empty
- TestClient_Review_HappyPath / NoBearerWhenKeyEmpty / NonJSON / HTTPError
  (all stub the LLM via httptest)
- TestService_BuildPrompt_HasFilesAndEvidence
- TestService_Review_EndToEnd_FixtureRepo (builds a 2-commit git fixture
  in t.TempDir(), stubs the LLM, asserts the report flows end to end)

Strict read-only-graph invariant: the MCP tool path never mutates the
cache or Kuzu store. `codeiq review` from the CLI runs index + enrich
before review when the graph is stale.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: aksOps

go/internal/cli/review.go

@@ -0,0 +1,107 @@
+package cli
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/randomcodespace/codeiq/go/internal/review"
+
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	registerSubcommand(func() *cobra.Command {
+		var (
+			base    string
+			head    string
+			model   string
+			outFile string
+			format  string
+			focus   []string
+		)
+		cmd := &cobra.Command{
+			Use:   "review [path]",
+			Short: "LLM-driven review of a PR diff against the indexed graph.",
+			Long: `Run an LLM review of git diff base..head, using the codeiq graph
+as evidence context. Defaults: base=HEAD~1, head=HEAD, model=gpt-oss:20b
+via local Ollama (set OLLAMA_API_KEY for Ollama Cloud).
+
+Output formats:
+  --format=markdown   (default) human-readable review
+  --format=json       structured Report for piping into other tools
+
+Plan §3 — Phase 3 of the optimization plan.`,
+			Example: `  codeiq review --base origin/main --head HEAD
+  OLLAMA_API_KEY=... codeiq review --model gpt-oss:120b
+  codeiq review --base v1.0 --head v1.1 --out review.md`,
+			Args: cobra.MaximumNArgs(1),
+			RunE: func(cmd *cobra.Command, args []string) error {
+				path := "."
+				if len(args) == 1 {
+					path = args[0]
+				}
+				abs, err := filepath.Abs(path)
+				if err != nil {
+					return err
+				}
+				cfg := review.DefaultConfig()
+				if model != "" {
+					cfg.Model = model
+				}
+				client := review.NewClient(cfg)
+				svc := review.NewService(client, nil)
+
+				ctx, cancel := context.WithTimeout(cmd.Context(), cfg.Timeout+30*time.Second)
+				defer cancel()
+				rep, err := svc.Review(ctx, abs, base, head, focus)
+				if err != nil {
+					return fmt.Errorf("review: %w", err)
+				}
+
+				var rendered string
+				if format == "json" {
+					b, _ := json.MarshalIndent(rep, "", "  ")
+					rendered = string(b) + "\n"
+				} else {
+					rendered = renderMarkdown(rep)
+				}
+				if outFile == "" {
+					fmt.Fprint(cmd.OutOrStdout(), rendered)
+					return nil
+				}
+				return os.WriteFile(outFile, []byte(rendered), 0644)
+			},
+		}
+		cmd.Flags().StringVar(&base, "base", "", "Base git ref (default: HEAD~1)")
+		cmd.Flags().StringVar(&head, "head", "", "Head git ref (default: HEAD)")
+		cmd.Flags().StringVar(&model, "model", "", "Override LLM model (default: from config)")
+		cmd.Flags().StringVarP(&outFile, "out", "o", "", "Write output to file instead of stdout")
+		cmd.Flags().StringVar(&format, "format", "markdown", "Output format: markdown | json")
+		cmd.Flags().StringSliceVar(&focus, "focus", nil, "Limit review to these file paths")
+		return cmd
+	})
+}
+
+func renderMarkdown(rep *review.Report) string {
+	var b strings.Builder
+	fmt.Fprintf(&b, "# Code Review (model: %s)\n\n", rep.Model)
+	fmt.Fprintf(&b, "## Summary\n\n%s\n\n", rep.Summary)
+	if len(rep.Findings) == 0 {
+		b.WriteString("## Findings\n\nNo findings.\n")
+		return b.String()
+	}
+	b.WriteString("## Findings\n\n")
+	for _, f := range rep.Findings {
+		loc := f.File
+		if f.Line > 0 {
+			loc = fmt.Sprintf("%s:%d", f.File, f.Line)
+		}
+		fmt.Fprintf(&b, "- **[%s] %s** — %s\n", strings.ToUpper(f.Severity), loc, f.Comment)
+	}
+	return b.String()
+}

go/internal/mcp/tools_consolidated.go

@@ -32,6 +32,7 @@ func RegisterConsolidated(srv *Server, d *Deps) error {
 		toolTraceRelationships(d),
 		toolAnalyzeImpact(d),
 		toolTopologyView(d),
+		toolReviewChanges(d),
 	} {
 		if err := srv.Register(t); err != nil {
 			return fmt.Errorf("mcp: register consolidated tool %q: %w", t.Name, err)

go/internal/mcp/tools_review.go

@@ -0,0 +1,52 @@
+package mcp
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/randomcodespace/codeiq/go/internal/review"
+)
+
+// toolReviewChanges — Plan §3.3. LLM-driven review of base..head against
+// the indexed graph. Strictly read-only against the graph: the tool does
+// not mutate the cache or Kuzu store.
+//
+// The graph must already be enriched at the PR HEAD before this tool is
+// called — for that flow, use `codeiq review` from the CLI which runs
+// index + enrich + review in sequence.
+func toolReviewChanges(d *Deps) Tool {
+	return Tool{
+		Name: "review_changes",
+		Description: "Run an LLM-driven review of a git diff (base_ref..head_ref) " +
+			"against the indexed code graph. Computes evidence per changed " +
+			"file (graph blast radius, dependencies) and asks the configured " +
+			"LLM (default: local Ollama, set OLLAMA_API_KEY for Ollama Cloud) " +
+			"for review comments. The graph must already be enriched at the PR " +
+			"HEAD — run 'codeiq review' for the end-to-end flow.",
+		Schema: json.RawMessage(`{"type":"object","properties":{"base_ref":{"type":"string"},"head_ref":{"type":"string"},"model":{"type":"string"},"focus_files":{"type":"array","items":{"type":"string"}}}}`),
+		Handler: func(ctx context.Context, raw json.RawMessage) (any, error) {
+			var p struct {
+				BaseRef    string   `json:"base_ref"`
+				HeadRef    string   `json:"head_ref"`
+				Model      string   `json:"model"`
+				FocusFiles []string `json:"focus_files"`
+			}
+			_ = json.Unmarshal(raw, &p)
+			if d.RootPath == "" {
+				return NewErrorEnvelope(CodeInternalError, fmt.Errorf("review_changes requires a working tree root; set RootPath when wiring the MCP server"), RequestID(ctx)), nil
+			}
+			cfg := review.DefaultConfig()
+			if p.Model != "" {
+				cfg.Model = p.Model
+			}
+			svc := review.NewService(review.NewClient(cfg), nil)
+			rep, err := svc.Review(ctx, d.RootPath, p.BaseRef, p.HeadRef, p.FocusFiles)
+			if err != nil {
+				return NewErrorEnvelope(CodeInternalError, fmt.Errorf("review: %w", err), RequestID(ctx)), nil
+			}
+			rep.RequestID = RequestID(ctx)
+			return rep, nil
+		},
+	}
+}

go/internal/review/client.go

@@ -0,0 +1,132 @@
+package review
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+)
+
+// Finding is one structured review comment from the LLM.
+type Finding struct {
+	File     string `json:"file"`
+	Line     int    `json:"line,omitempty"`
+	Severity string `json:"severity"` // info | low | medium | high | critical
+	Comment  string `json:"comment"`
+}
+
+// Report is the structured LLM output. Both CLI (markdown) and MCP (JSON)
+// paths consume this shape.
+type Report struct {
+	Summary   string    `json:"summary"`
+	Findings  []Finding `json:"findings"`
+	Model     string    `json:"model"`
+	RequestID string    `json:"request_id,omitempty"`
+}
+
+// SystemPrompt is the single system message we use for every review.
+// Plan §3.1 — "use the structured graph evidence to find correctness,
+// security, and architectural issues".
+const SystemPrompt = `You are reviewing a pull request. Use the structured graph evidence to find correctness, security, and architectural issues. ` +
+	`Return strictly JSON in this shape: ` +
+	`{"summary": "<one-paragraph overview>", "findings": [{"file": "<path>", "line": <int>, "severity": "info|low|medium|high|critical", "comment": "<message>"}]}. ` +
+	`No prose before or after the JSON. ` +
+	`If the diff is trivial, return an empty findings array — do NOT invent issues.`
+
+// Client wraps the OpenAI-compatible /chat/completions endpoint exposed
+// by Ollama, Ollama Cloud, and proxies. The HTTPClient field is exported
+// so tests can inject a stub.
+type Client struct {
+	Config     Config
+	HTTPClient *http.Client
+}
+
+// NewClient returns a Client with cfg and a default *http.Client.
+func NewClient(cfg Config) *Client {
+	return &Client{
+		Config:     cfg,
+		HTTPClient: &http.Client{Timeout: cfg.Timeout},
+	}
+}
+
+type chatRequest struct {
+	Model    string        `json:"model"`
+	Messages []chatMessage `json:"messages"`
+	Stream   bool          `json:"stream"`
+}
+
+type chatMessage struct {
+	Role    string `json:"role"`
+	Content string `json:"content"`
+}
+
+type chatResponse struct {
+	ID      string `json:"id"`
+	Model   string `json:"model"`
+	Choices []struct {
+		Message chatMessage `json:"message"`
+	} `json:"choices"`
+}
+
+// Review sends the assembled prompt to the LLM and parses the structured
+// reply into a Report. The user prompt should already include the diff
+// + evidence pack rendering.
+func (c *Client) Review(ctx context.Context, userPrompt string) (*Report, error) {
+	body, err := json.Marshal(chatRequest{
+		Model:  c.Config.Model,
+		Stream: false,
+		Messages: []chatMessage{
+			{Role: "system", Content: SystemPrompt},
+			{Role: "user", Content: userPrompt},
+		},
+	})
+	if err != nil {
+		return nil, fmt.Errorf("marshal request: %w", err)
+	}
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, c.Config.Endpoint+"/chat/completions", bytes.NewReader(body))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	if c.Config.APIKey != "" {
+		req.Header.Set("Authorization", "Bearer "+c.Config.APIKey)
+	}
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("LLM call: %w", err)
+	}
+	defer resp.Body.Close()
+	raw, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode >= 400 {
+		return nil, fmt.Errorf("LLM HTTP %d: %s", resp.StatusCode, snippet(string(raw)))
+	}
+	var cr chatResponse
+	if err := json.Unmarshal(raw, &cr); err != nil {
+		return nil, fmt.Errorf("decode chat response: %w (body: %s)", err, snippet(string(raw)))
+	}
+	if len(cr.Choices) == 0 {
+		return nil, fmt.Errorf("LLM returned no choices: %s", snippet(string(raw)))
+	}
+	var rep Report
+	content := cr.Choices[0].Message.Content
+	if err := json.Unmarshal([]byte(content), &rep); err != nil {
+		return nil, fmt.Errorf("LLM did not return strict JSON: %w (content: %s)", err, snippet(content))
+	}
+	if rep.Model == "" {
+		rep.Model = cr.Model
+	}
+	return &rep, nil
+}
+
+func snippet(s string) string {
+	const max = 500
+	if len(s) > max {
+		return s[:max] + "..."
+	}
+	return s
+}