Merge pull request #13 from thinkgrid-labs/dev

fix(cli): implement smart diff exclusions and memory safety guards

Author: akosidencio

apps/local-cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@diffmind/cli",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "diffmind CLI — local-first AI code review for your git diffs",
   "author": "Thinkgrid Labs <hello@thinkgrid.com>",
   "license": "MIT",

apps/local-cli/src/formatters.ts

@@ -72,6 +72,6 @@ export function filterBySeverity(report: ReviewReport, minSeverity: Severity): R
 }
 
 export function printBanner(): void {
-  console.log(chalk.cyan.bold("\n  diffmind") + chalk.dim(" v0.4.2 — local-first AI code review"));
+  console.log(chalk.cyan.bold("\n  diffmind") + chalk.dim(" v0.4.3 — local-first AI code review"));
   console.log(chalk.dim("  Model: Qwen2.5-Coder-1.5B-Instruct | Inference: Dual-Engine (Native + Wasm)\n"));
 }

apps/local-cli/src/index.ts

@@ -68,6 +68,25 @@ const MODELS: Record<string, ModelConfig> = {
 
 const DEFAULT_MODEL = "1.5b";
 
+/**
+ * Common generated or dependency files that should be excluded from the AI review
+ * to prevent massive diffs and memory exhaustion.
+ */
+const DEFAULT_IGNORED_PATHSPECS = [
+  ":!node_modules",
+  ":!*-lock.json",
+  ":!pnpm-lock.yaml",
+  ":!package-lock.json",
+  ":!yarn.lock",
+  ":!dist",
+  ":!build",
+  ":!.next",
+  ":!.cache",
+  ":!*.map",
+  ":!*.min.js",
+  ":!*.min.css",
+];
+
 function getActiveModelId(): string {
   const configPath = path.join(os.homedir(), ".diffmind", "config.json");
   if (fs.existsSync(configPath)) {
@@ -109,7 +128,7 @@ const opts: {
 program
   .name("diffmind")
   .description("Local-first AI code review for your git diffs")
-  .version("0.4.2")
+  .version("0.4.3")
   .option("-b, --branch <name>", "Target branch to diff against", "main")
   .option("-f, --format <type>", 'Output format: "markdown" or "json"', "markdown")
   .option("-o, --output <file>", "Write output to a file instead of stdout")
@@ -338,11 +357,11 @@ async function getDiff(): Promise<string> {
   try {
     const result = child_process.spawnSync(
       "git",
-      ["diff", `${opts.branch}...HEAD`],
+      ["diff", `${opts.branch}...HEAD`, "--", ".", ...DEFAULT_IGNORED_PATHSPECS],
       {
-        maxBuffer: 10 * 1024 * 1024, // 10MB max diff
+        maxBuffer: 20 * 1024 * 1024, // 20MB max raw buffer
         encoding: "utf-8",
-        shell: false, // Explicitly disable shell for security
+        shell: false,
       }
     );
 
@@ -354,6 +373,16 @@ async function getDiff(): Promise<string> {
     const sizeKB = Math.round(diff.length / 1024);
     spinner.succeed(`Diff captured (${sizeKB}KB)`);
 
+    // Hard Safety Limit: 1.5MB
+    if (sizeKB > 1500) {
+      spinner.fail(chalk.red(`Diff too large to process (${sizeKB}KB)`));
+      console.log(chalk.yellow(`\n⚠️  The diff exceeds the 1.5MB safety limit for local AI.`));
+      console.log(chalk.dim(`  This is usually caused by large generated files or many changes at once.`));
+      console.log(chalk.dim(`  Try reviewing specific files or smaller branches using:`));
+      console.log(chalk.cyan(`    diffmind --branch ${opts.branch} path/to/folder\n`));
+      process.exit(1);
+    }
+
     if (sizeKB > 500) {
       console.log(chalk.yellow(`\n⚠️  Warning: Large diff detected (${sizeKB}KB).`));
       console.log(chalk.dim(`  Analyzing very large diffs can be slow on local AI and may impact quality.`));

package.json

@@ -1,6 +1,6 @@
 {
   "name": "diffmind",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "private": true,
   "description": "Local-first AI code review agent — powered by on-device Wasm inference",
   "author": "Thinkgrid Labs <dennis@thinkgrid.dev>",

packages/core-engine/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "core-engine"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 description = "diffmind shared AI engine core"
 

packages/core-engine/src/lib.rs

@@ -207,7 +207,15 @@ fn chunk_diff(diff: &str, max_lines: usize) -> Vec<String> {
             chunks.push(std::mem::take(&mut current));
             line_count = 0;
         }
-        current.push_str(line);
+
+        // Truncate extremely long lines (e.g. minified code) to prevent OOM
+        if line.len() > 2048 {
+            current.push_str(&line[..2048]);
+            current.push_str("... [line truncated]");
+        } else {
+            current.push_str(line);
+        }
+        
         current.push('\n');
         line_count += 1;
     }

packages/core-native/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "core-native"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 
 [lib]

packages/core-native/core_native.node

@@ -1,6 +1,6 @@
 {
   "name": "@diffmind/core-native",
-  "version": "0.4.2",
+  "version": "0.4.3",
   "description": "Native Node.js addon for diffmind AI engine",
   "main": "index.js",
   "types": "index.d.ts",

packages/core-native/package.json

@@ -1,6 +1,6 @@
 [package]
 name = "core-wasm"
-version = "0.4.2"
+version = "0.4.3"
 edition = "2021"
 description = "diffmind Wasm core — on-device security analysis via Qwen2.5-Coder"