q-kdb-code-review

# q-kdb-code-review

AI-powered code review for Q/kdb+ — catch bugs, performance issues, and security vulnerabilities in the most terse language in quantitative finance.

## What it does

Reviews Q/kdb+ code with deep understanding of Q idioms, performance patterns, and common pitfalls. Built for quant developers, kdb+ DBAs, and trading infrastructure teams.

**Catches:**

- Type errors in implicit casts (e.g., mixing longs and floats in comparisons)
- Rank errors from wrong argument counts in function calls
- Unescaped signals in protected evaluation
- Memory-inefficient queries (selecting all columns when only some are needed)
- Missing `peach` parallelism opportunities for embarrassingly parallel operations
- Unsafe `eval`/`value` usage on user-supplied strings (Q injection)
- Unlocked tables during concurrent inserts
- Missing `` `g# `` grouped attributes on high-cardinality join columns
- N-squared joins that should be `aj` (asof joins) or `wj` (window joins)
- Race conditions in timer callbacks (.z.ts)
- Unprotected IPC handlers (.z.pg, .z.ps) and exposed .z.pw

**Strictness modes:**

| Mode | What it checks |
|------|---------------|
| `standard` | Bugs, correctness, type errors, join semantics, null handling |
| `strict` | Everything in standard + performance (attributes, peach, vector ops) + style |
| `security` | Everything in standard + injection via string eval, unprotected IPC handlers, exposed .z.pw, port exposure |

**Intelligent routing via Astrai:** Complex algorithmic Q (custom signal generation, real-time CEP) routes to powerful models. Simple table operations (selects, inserts, schema definitions) route to cheaper, faster models. You get the best result at the lowest cost.

**BYOK (Bring Your Own Keys):** Your provider API keys, your billing. Astrai routes to the best model among your configured providers.

## Setup

1. **Get a free API key** at [as-trai.com](https://as-trai.com)
2. **Set your API key:**
   ```bash
   export ASTRAI_API_KEY="your_...