Package Exports
- @preflight-ai/cli
- @preflight-ai/cli/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@preflight-ai/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
Prefl AI - Your Dream Code Review Tool â¨
Professional AI-powered code review that catches bugs before they reach production
Website: prefl.run
đ Features
- đ¤ AI-Powered Analysis - Deep semantic code review with Groq LLM (senior architect-level analysis)
- đ Production Bug Detection - Catches 16+ categories of bugs that pass code review & testing but crash in production
- đ E2E & UX Analysis - Detects forms without validation, missing error handling, broken navigation, poor user feedback
- đ¯ Smart Context Tracking - Analyzes related code and imports to maintain full context
- đ¨ Critical Issue Blocking - Prevents commits with critical problems
- đ Multi-Language Support - Works with any programming language (JavaScript, Python, Go, Java, C#, Ruby, PHP, Rust, etc.)
- ⥠Lightning Fast - AI analysis in 2-5 seconds
- đ¨ Beautiful Output - Clear, categorized, emoji-rich reports with actionable fixes
- đž Export Reports - Save detailed analysis to files
- đĒ Git Integration - Auto-runs on pre-commit hooks
- đ§ Auto-Fix - AI-suggested patches for common issues
- đ§Ž Business Logic Validation - Checks all code paths, missing returns, edge cases
- đ Environment Validation - Detects missing environment variables and config issues
- đ API Integration Analysis - Validates API calls, external dependencies, deprecations
- đž Resource Exhaustion Detection - Finds unbounded loops, memory issues, connection pooling problems
- đ Distributed System Analysis - Detects cross-service issues, transaction problems, cascading failures
- đ Form Validation Check - Ensures proper input validation, required fields, error messages
- đ§ Navigation Analysis - Validates links, routes, 404 pages, auth-protected redirects
đĻ Installation
npm i -g @preflight-ai/cli@latestđ ī¸ Setup
1. Initialize in your project
cd your-project
prefl initThis will:
- â
Create
prefl.jsonconfig file - â
Create
.envand ask for your GROQ API key - â
Add
.envto.gitignore - â Install pre-commit hook automatically
2. Get your Groq API Key
- Visit console.groq.com
- Create a free account
- Generate an API key
- Paste it when prompted during
prefl init
đ¯ Usage
Automatic Review (Recommended)
Once initialized, Prefl automatically reviews your code before every commit:
git add .
git commit -m "feat: add new feature"
# ⨠Prefl analyzes your changes automatically!Manual Analysis
# Analyze staged changes
prefl analyze
# Analyze entire repository
prefl analyze --all
# Save report to file
prefl analyze --output my-report.txt
# JSON output for CI/CD
prefl analyze --format jsonCommands
prefl init # Setup Prefl in your project
prefl analyze # Analyze staged changes
prefl analyze --all # Analyze entire repo
prefl analyze --output FILE # Save results to file
prefl analyze --full # Full project scan + detailed report
prefl fix # Generate AI-suggested patches
prefl fix --apply # Auto-apply generated fixes
prefl install-hook # Install pre-commit hook
prefl --version # Show version
prefl --help # Show helpđ What Gets Analyzed?
Prefl's AI analyzes your code with 16 critical categories of production bugs that commonly pass code review and testing:
đ¨ CRITICAL ISSUES (Blocks Commits)
- ⥠Race Conditions & Async Bugs - Shared state without locking, read-modify-write without atomicity
- đ¯ Edge Cases & Boundary Conditions - Missing validation for null/empty/negative/NaN/Infinity
- đ State Mutations & Side Effects - Unintended parameter mutations, missing immutability
- đ° Memory Leaks - Missing cleanup for intervals/listeners/subscriptions, closure leaks
- đ Network & API Failures - Missing error handling, timeout, retries, unsafe JSON parsing
- đ Authentication & Authorization - Unprotected endpoints, missing role/permission checks
- đĸ Type Coercion & Conversions - String vs number comparisons, unsafe casting, missing validation
- đ Time & Date Bugs - Invalid dates, timezone issues, DST problems, date comparison failures
- đ§Ž Business Logic Completeness - Functions with missing returns, uncovered branches, undefined results
- đ Environment & Configuration - Missing env vars, unvalidated config, hardcoded values that should be dynamic
- đ External Dependency Issues - Deprecated APIs, breaking changes, missing version checks, unsafe response assumptions
- đž Resource Exhaustion - Unbounded loops/recursion, loading entire datasets, no pagination/connection pooling
- đ Distributed System Issues - Cross-service transactions, cascading failures, data consistency problems
- đ User Experience & Runtime - Forms without validation, missing error handling, no loading states, blank screens on errors
- đ Form & Input Validation - Input fields without validation, required fields not enforced, unsafe user input
- đ§ Navigation & Routing - Broken links, undefined routes, missing 404 pages, unprotected redirects
â ī¸ WARNINGS (Recommended Fixes)
- âŋ Accessibility - Missing alt text, ARIA labels, keyboard navigation
- ⥠Performance - N+1 queries, unnecessary re-renders, blocking main thread
- đĄī¸ Resilience - Missing error boundaries, fallback UI, poor error messages
- đ Browser Compatibility - Unsupported APIs in older browsers/platforms
- đ Monitoring - Missing logging in critical paths
đ¨ Example Output
đ¤ Analyzing with AI (8 context files)...
⨠Analysis complete! Found 3 issue(s)
đ Code Review Results
đ¨ Critical: 3 | â ī¸ Warnings: 0 | âšī¸ Info: 0
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
đ¨ CRITICAL ISSUES (Must Fix)
1. âĄ
File: src/payment.ts:45
Category: Race Condition
Issue: Race condition: shared state modified in async function without locking.
Multiple concurrent requests will corrupt balance data, causing financial errors.
Fix: Use db.transaction() or mutex.lock() to ensure atomicity:
await db.transaction(async (trx) => {
const current = await trx.select('balance');
await trx.update({ balance: current - amount });
});
2. đ
File: src/api/user.ts:23
Category: Security
Issue: Missing authentication middleware on /admin/users endpoint.
Anyone can access admin-only data without authorization.
Fix: Add requireAuth and requireAdmin middleware before handler:
app.get('/admin/users', requireAuth, requireAdmin, handler)
3. đ§Ž
File: src/utils.ts:89
Category: Business Logic
Issue: Function returns undefined for non-premium users.
Missing else branch causes caller code to break.
Fix: Add explicit return for all code paths:
if (isPremium) return price * 0.9;
return price; // Handle non-premium case
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
đ Commit blocked due to critical issues. Please fix them first.đ E2E & UX Analysis Examples
Prefl now analyzes user experience and runtime issues that cause poor UX:
Form Validation Issues
// â BAD - Prefl detects:
function LoginForm() {
const handleSubmit = async (e) => {
await fetch('/api/login', {
body: JSON.stringify({ email })
});
};
return (
<form onSubmit={handleSubmit}>
<input type="email" value={email} />
<button>Login</button>
</form>
);
}
// Prefl reports:
đ¨ CRITICAL: No error handling in handleSubmit
Category: Ux Runtime
Issue: Form submission has no error handling. Users will see blank screen if API fails.
Fix: Add try-catch and show error message to user
đ¨ CRITICAL: No loading state during API call
Category: Form Validation
Issue: Button stays clickable during API call. Users can submit multiple times.
Fix: Add isLoading state and disable button: <button disabled={isLoading}>
đ¨ CRITICAL: Form doesn't prevent default submission
Category: Form Validation
Issue: Form will cause page reload on submit, losing all state.
Fix: Add e.preventDefault() at start of handleSubmit
đ WARNING: No input validation
Category: Form Validation
Issue: Email input has no validation. Invalid emails will reach API.
Fix: Add validation: if (!/\S+@\S+/.test(email)) { setError('Invalid email'); return; }Navigation Issues
// â BAD - Prefl detects:
<a href="">Settings</a>
<Link to="/admin">{user.name}</Link>
// Prefl reports:
đ¨ CRITICAL: Empty href attribute
Category: Navigation
Issue: Link has empty href, will reload current page
Fix: Provide valid href: <a href="/settings">Settings</a>
đ¨ CRITICAL: No auth check before admin redirect
Category: Navigation
Issue: Link to /admin doesn't check if user has admin permissions
Fix: Add permission check: {user.isAdmin && <Link to="/admin">}API Call Issues
// â BAD - Prefl detects:
const data = await fetch('/api/users').then(r => r.json());
return data.users.map(u => u.name);
// Prefl reports:
đ¨ CRITICAL: No error handling for API call
Category: Api Integration
Issue: fetch() can fail (network error, timeout, 500). No try-catch.
Fix: Wrap in try-catch and handle errors
đ¨ CRITICAL: Unsafe property access
Category: Edge Case
Issue: data.users.map assumes data.users exists. Will crash if null/undefined.
Fix: Add safety: return data?.users?.map(u => u?.name) || []
đ WARNING: No loading state for users
Category: Ux Runtime
Issue: No loading indicator while fetching. Poor UX.
Fix: Add loading state: {isLoading ? <Spinner /> : <UserList />}âī¸ Configuration
Edit prefl.json in your project root:
{
"ignore": {
"globs": [
"node_modules/**",
"dist/**",
".git/**",
"*.test.js",
"coverage/**"
]
},
"review": {
"blockSeverities": ["critical"],
"context": {
"baseLimit": 10,
"importExpansionLimit": 20
}
}
}Configuration Options
- ignore.globs: Files/folders to skip (supports glob patterns)
- review.blockSeverities: Which severity levels block commits (
["critical"],["critical", "warning"], or[]) - review.context.baseLimit: How many files to include as context (default: 10)
- review.context.importExpansionLimit: Max files to add via import tracking (default: 20)
đ§ Advanced Features
Generate and Apply Fixes
# Generate a patch file
prefl fix
# Validate the patch
prefl fix --dry-run
# Auto-apply the patch
prefl fix --applyCI/CD Integration
# .github/workflows/code-review.yml
name: Prefl Code Review
on: [pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20 }
- run: npm i -g @preflight-ai/cli
- run: prefl analyze --format json
env:
GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}đ Why Prefl?
| Feature | Prefl | ESLint | SonarQube |
|---|---|---|---|
| AI-Powered Analysis | â | â | â |
| Production Bug Focus | â | â | â ī¸ Limited |
| Race Condition Detection | â | â | â |
| Auto-Fix Suggestions | â | â ī¸ Limited | â |
| Runtime Error Detection | â | â ī¸ Limited | â ī¸ Limited |
| Security Scanning | â | â ī¸ Plugins | â |
| Memory Leak Detection | â | â | â ī¸ Limited |
| Multi-Language | â | â | â |
| Context-Aware | â | â | â ī¸ Limited |
| Actionable Fixes | â | â ī¸ Sometimes | â ī¸ Sometimes |
| Beautiful Output | â | â | â ī¸ Web Only |
Prefl uses AI to catch bugs that humans miss - issues that look correct in review, pass tests, but crash in production.
đ¤ Contributing
We welcome contributions! Please see our Contributing Guide.
đ License
Apache 2.0 - See LICENSE for details
đŦ Support
- đ Website: prefl.run
- đ§ Email: support@prefl.run
- đ Issues: GitHub Issues
Made with â¤ī¸ by developers, for developers