@delegance/claude-autopilot 1.0.0-alpha.4

package/CHANGELOG.md

@@ -0,0 +1,45 @@
+# Changelog
+
+## 1.0.0-alpha.4 (2026-04-21)
+
+### New Features
+
+- **`autopilot watch`** (`src/cli/watch.ts`) — watches cwd recursively, debounces file changes (default 300ms), re-runs `runAutopilot()` on each batch, prints phase summary per run; Ctrl+C exits cleanly
+- **`--debounce <ms>`** flag on `watch` subcommand
+- **`makeDebouncer`** and **`isIgnored`** exported as pure functions (testable without real watcher)
+- **`files` field** in package.json — excludes tests, restricts publish to `bin/`, `src/`, `presets/`, `scripts/test-runner.mjs`, `CHANGELOG.md`
+- **`private: true` removed** — package is now publishable to npm
+- **`engines.node: >=22.0.0`**, `keywords`, `license`, `repository` added to package.json
+- 12 new watch tests (7 isIgnored + 5 debouncer) → 74 total
+
+## 1.0.0-alpha.3 (2026-04-21)
+
+### New Features
+
+- **`autopilot run`** (`src/cli/run.ts`) — runs the full pipeline from the terminal: loads config, resolves preset, auto-detects changed files via git diff, calls `runAutopilot()`, prints phase summary with inline finding details
+- **`autopilot init`** (`src/cli/init.ts`) — interactive preset scaffold: lists 5 presets, writes `autopilot.config.yaml`, prints next steps
+- **`autopilot preflight`** — re-routes to existing preflight checker
+- **Git touched-files resolver** (`src/core/git/touched-files.ts`) — `resolveGitTouchedFiles()` diffs HEAD~1..HEAD, falls back to `git status` for single-commit repos; configurable `--base` ref
+- **CLI entrypoint** (`src/cli/index.ts`) — dispatches to init/run/preflight subcommands; supports `--base`, `--config`, `--files`, `--dry-run` flags
+- **`bin.autopilot`** restored in `package.json` pointing at the new entrypoint
+- 10 new CLI tests (5 touched-files, 5 run-command) → 62 total
+
+## 1.0.0-alpha.2 (2026-04-20)
+
+### New Features
+
+- **Run pipeline orchestrator** (`src/core/pipeline/run.ts`) — top-level `runAutopilot()` sequences static-rules → tests → review phases with fail-fast semantics and cost accumulation
+- **2-tier chunking** (`src/core/chunking/`) — `auto` strategy selects single-pass (≤8K tokens) or file-level (≤60K); `single-pass` and `file-level` strategies configurable via `reviewStrategy`
+- **Cost visibility** — `costUSD` accumulated across review phase, surfaced in `RunResult.totalCostUSD`; optional `cost.budgetUSD` threshold emits warning and skips remaining chunks when exceeded
+- **Review-engine response cache** (`src/core/cache/`) — file-based SHA-256 cache with configurable TTL; `withCache()` wraps any `ReviewEngine`; atomic writes (tmp+rename)
+- **4 new presets** — `t3` (Next.js + tRPC + Prisma), `rails-postgres`, `python-fastapi`, `go`; each ships a stack.md and at least one stack-specific static rule
+- **20 scenario tests** (`tests/scenarios/run-pipeline.test.ts`) — covers fail-fast, autofix, budget, chunking strategies, preset loading
+
+### Fixes
+
+- `finalize()` now trusts per-phase status (which accounts for autofixes) instead of re-deriving from raw `allFindings` severity
+- Test script glob changed to `find tests -name '*.test.ts' | xargs` to pick up nested scenario tests
+
+## 1.0.0-alpha.1 (2026-04-20)
+
+Initial release — core infrastructure: adapter interfaces, config system, preflight CLI, static-rules phase with autofix, tests phase, Codex/GitHub/Supabase/Cursor adapters, nextjs-supabase preset, 32 unit tests.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Alex Ledbetter
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,58 @@
+# claude-autopilot
+
+End-to-end Claude Code pipeline: approved spec → plan → worktree → implementation → migrations → validation → PR → review engine → review-bot triage.
+
+**Status: v1.0.0-alpha.1** — core architecture in place, ported adapters (codex, github, supabase, cursor), 1 preset (nextjs-supabase), 32 passing tests. API may change through alpha.
+
+Full design spec: `docs/superpowers/specs/2026-04-20-claude-autopilot-v1-design.md`
+Implementation plans: `docs/superpowers/plans/`
+
+## Changes in v1.0 (alpha.1)
+
+- Four pluggable integration points (ReviewEngine, VcsHost, MigrationRunner, ReviewBotParser) with shared `AdapterBase`
+- YAML config (`autopilot.config.yaml`) replaces `.autopilot/stack.md`
+- Unified `Finding` type across validate + review-bot, with separate `TriageRecord[]` / `FixAttempt[]` history
+- Merged static-rules phase with global re-check after autofix
+- `AutopilotError` taxonomy with per-code retry policy
+- `apiVersion` + `getCapabilities()` on every adapter
+- Real tests phase — runs `testCommand` from config, emits critical finding on failure
+- NDJSON event log with secret redaction
+
+## Prerequisites
+
+- Node 22+
+- `gh` CLI authenticated
+- `OPENAI_API_KEY` in `.env.local`
+
+## Install
+
+```bash
+npm install --save-dev @delegance/claude-autopilot@alpha
+```
+
+## Usage (alpha.1)
+
+CLI surface is limited to `preflight` in alpha.1. `run`, `init`, `validate`, `codex-pr-review`, `bugbot` land in alpha.4.
+
+```bash
+npx autopilot          # runs preflight
+```
+
+## Preset quick-start
+
+```bash
+cp presets/nextjs-supabase/autopilot.config.yaml .
+# Edit adapters / protectedPaths / testCommand as needed
+npx tsx src/cli/preflight.ts
+```
+
+## Roadmap
+
+- **alpha.2:** chunking, cost, cache, remaining adapters, 5 presets, 20 scenario tests
+- **alpha.3:** idempotency wiring, concurrency, adapter trust, 60 conformance + 13 safety tests
+- **alpha.4:** full CLI (init, install-github-action, run --resume, etc.) + programmatic API
+- **beta → 1.0.0:** dogfood + npm publish
+
+## License
+
+MIT.

package/bin/autopilot.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env node
+// Thin launcher that uses tsx to run the TypeScript CLI entry point.
+// This is what `npx autopilot` resolves to — it hands off to tsx so TypeScript
+// source can execute without a separate build step during alpha.
+import { createRequire } from 'node:module';
+import { fileURLToPath } from 'node:url';
+import { spawnSync } from 'node:child_process';
+import * as path from 'node:path';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const tsxBin = path.resolve(__dirname, '..', 'node_modules', '.bin', 'tsx');
+const entrypoint = path.resolve(__dirname, '..', 'src', 'cli', 'index.ts');
+
+const result = spawnSync(tsxBin, [entrypoint, ...process.argv.slice(2)], { stdio: 'inherit' });
+process.exit(result.status ?? 1);

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@delegance/claude-autopilot",
+  "version": "1.0.0-alpha.4",
+  "type": "module",
+  "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
+  "keywords": ["claude", "autopilot", "ai", "pipeline", "code-review", "cli"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/axledbetter/claude-autopilot.git"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "bin": {
+    "autopilot": "bin/autopilot.js"
+  },
+  "files": [
+    "bin/",
+    "src/",
+    "presets/",
+    "scripts/test-runner.mjs",
+    "CHANGELOG.md"
+  ],
+  "scripts": {
+    "test": "node scripts/test-runner.mjs",
+    "typecheck": "tsc --noEmit",
+    "build": "tsc"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4",
+    "@types/node": "^22",
+    "ajv": "^8",
+    "dotenv": ">=16",
+    "js-yaml": "^4",
+    "minimatch": ">=9",
+    "openai": ">=4",
+    "tsx": ">=4",
+    "typescript": "^5"
+  }
+}

package/presets/go/autopilot.config.yaml

@@ -0,0 +1,20 @@
+configVersion: 1
+reviewEngine: { adapter: codex }
+vcsHost: { adapter: github }
+reviewBot: { adapter: cursor }
+protectedPaths:
+  - "migrations/**"
+  - "internal/auth/**"
+  - "internal/crypto/**"
+staticRules:
+  - hardcoded-secrets
+  - go-sql-injection
+testCommand: go test ./...
+thresholds:
+  bugbotAutoFix: 85
+  bugbotProposePatch: 60
+  maxValidateRetries: 3
+reviewStrategy: auto
+chunking:
+  smallTierMaxTokens: 8000
+  perFileMaxTokens: 32000

package/presets/go/rules/go-sql-injection.ts

@@ -0,0 +1,65 @@
+import type { StaticRule } from '../../../src/core/phases/static-rules.ts';
+import type { Finding } from '../../../src/core/findings/types.ts';
+import * as fs from 'node:fs/promises';
+
+// fmt.Sprintf directly in a DB call (single-line)
+const SPRINTF_IN_QUERY = /(?:Query|Exec|QueryRow)\w*\s*\([^)]*fmt\.Sprintf/;
+// fmt.Sprintf result assigned to variable then used in DB call (multi-line)
+const SPRINTF_ASSIGN = /\bfmt\.Sprintf\s*\(/;
+const DB_CALL = /(?:Query|Exec|QueryRow)\w*\s*\(\s*(\w+)/;
+
+export const goSqlInjectionRule: StaticRule = {
+  name: 'go-sql-injection',
+  severity: 'critical',
+  async check(touchedFiles: string[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    const goFiles = touchedFiles.filter(f => f.endsWith('.go') && !f.endsWith('_test.go'));
+    for (const file of goFiles) {
+      try {
+        const content = await fs.readFile(file, 'utf8');
+        const lines = content.split('\n');
+
+        // Track variables assigned from fmt.Sprintf (multi-line detection)
+        const sprintfVars = new Set<string>();
+        for (const line of lines) {
+          const m = line.match(/^\s*(\w+)\s*(?::?=)\s*fmt\.Sprintf\s*\(/);
+          if (m) sprintfVars.add(m[1]!);
+        }
+
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i]!;
+          let hit = false;
+
+          // Direct inline: db.Query(fmt.Sprintf(...))
+          if (SPRINTF_IN_QUERY.test(line)) hit = true;
+
+          // Indirect: variable from fmt.Sprintf passed to DB call
+          if (!hit && sprintfVars.size > 0) {
+            const dbMatch = line.match(DB_CALL);
+            if (dbMatch && sprintfVars.has(dbMatch[1]!)) hit = true;
+          }
+
+          if (hit) {
+            findings.push({
+              id: `go-sql-injection:${file}:${i + 1}`,
+              source: 'static-rules',
+              severity: 'critical',
+              category: 'go-sql-injection',
+              file,
+              line: i + 1,
+              message: 'SQL injection risk: fmt.Sprintf used to build query string',
+              suggestion: 'Use parameterized queries: db.Query("WHERE id = $1", id)',
+              protectedPath: false,
+              createdAt: new Date().toISOString(),
+            });
+          }
+        }
+      } catch {
+        // unreadable — skip
+      }
+    }
+    return findings;
+  },
+};
+
+export default goSqlInjectionRule;

package/presets/go/stack.md

@@ -0,0 +1,20 @@
+A Go application with:
+- Go 1.22+, modules (go.mod/go.sum)
+- PostgreSQL via pgx/v5 or database/sql
+- Standard library HTTP or Chi/Gin router
+- testify for tests, sqlmock or pgxmock for DB mocks
+- golang-migrate or goose for schema migrations
+
+Conventions:
+- Repository pattern for DB access (internal/repository/)
+- Errors wrapped with fmt.Errorf("...: %w", err)
+- Context propagation on all DB and HTTP calls
+- No global state — dependency injection via constructors
+- pgx.Pool shared across request handlers
+
+Things that should flag CRITICAL:
+- fmt.Sprintf in SQL queries: fmt.Sprintf("WHERE id = %d", id)
+- Ignoring sql.ErrNoRows without handling
+- Missing context.Context in DB query calls
+- Goroutines spawned without WaitGroup or context cancellation
+- Secrets in Go source (API keys, DB passwords)

package/presets/nextjs-supabase/autopilot.config.yaml

@@ -0,0 +1,29 @@
+configVersion: 1
+reviewEngine: { adapter: codex }
+vcsHost: { adapter: github }
+migrationRunner: { adapter: supabase }
+reviewBot: { adapter: cursor }
+protectedPaths:
+  - "**/auth/**"
+  - "data/deltas/*.sql"
+  - "**/payment/**"
+  - "**/stripe/**"
+  - "**/encryption/**"
+  - "lib/supabase/**"
+  - "app/api/**/route.ts"
+  - "middleware.ts"
+  - "utils/supabase/middleware.ts"
+staticRules:
+  - hardcoded-secrets
+  - npm-audit
+  - package-lock-sync
+  - supabase-rls-bypass
+thresholds:
+  bugbotAutoFix: 85
+  bugbotProposePatch: 60
+  maxValidateRetries: 3
+reviewStrategy: auto
+chunking:
+  smallTierMaxTokens: 8000
+  partialReviewTokens: 60000
+  perFileMaxTokens: 32000

package/presets/nextjs-supabase/rules/supabase-rls-bypass.ts

@@ -0,0 +1,39 @@
+import * as fs from 'node:fs/promises';
+import type { Finding } from '../../../src/core/findings/types.ts';
+import type { StaticRule } from '../../../src/core/phases/static-rules.ts';
+
+export const supabaseRlsBypassRule: StaticRule = {
+  name: 'supabase-rls-bypass',
+  severity: 'critical',
+
+  async check(touchedFiles: string[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    const clientSideFiles = touchedFiles.filter(f =>
+      (f.endsWith('.tsx') || f.includes('/components/')) &&
+      !f.includes('/api/') && !f.includes('.test.') && !f.includes('__tests__')
+    );
+
+    for (const file of clientSideFiles) {
+      let content: string;
+      try { content = await fs.readFile(file, 'utf8'); } catch { continue; }
+      if (!content.includes('createServiceRoleClient')) continue;
+
+      const lineIndex = content.split('\n').findIndex(l => l.includes('createServiceRoleClient'));
+      findings.push({
+        id: `supabase-rls-bypass-${file}-${lineIndex}`,
+        source: 'static-rules',
+        severity: 'critical',
+        category: 'supabase-rls-bypass',
+        file,
+        line: lineIndex >= 0 ? lineIndex + 1 : undefined,
+        message: 'createServiceRoleClient() in client-side code — service role key is a RLS bypass',
+        suggestion: 'Use createServerSupabase in a server component or route handler',
+        protectedPath: true,
+        createdAt: new Date().toISOString(),
+      });
+    }
+    return findings;
+  },
+};
+
+export default supabaseRlsBypassRule;

package/presets/nextjs-supabase/stack.md

@@ -0,0 +1,20 @@
+A Next.js 16 App Router application with:
+- TypeScript, React 19, Tailwind CSS
+- Supabase (Postgres + RLS on all tables)
+- Jest/Vitest for unit tests, Playwright for E2E
+- OpenAI/Anthropic for LLM calls
+- Optional: Weaviate multi-tenant (every query must include .withTenant())
+
+Conventions:
+- DB mutations go through server-side service functions
+- API routes under app/api/ return NextResponse.json
+- Service role key is SERVER-ONLY; never imported in client components
+- Every table has RLS; bypass via createServiceRoleClient() is server-only
+
+Things that should flag CRITICAL:
+- createServiceRoleClient() in client-side code
+- Raw SQL in route handlers
+- Missing rate limit on public POST endpoints
+- Weaviate queries without .withTenant()
+- Secrets committed to code
+- RLS policy DROP without replacement

package/presets/python-fastapi/autopilot.config.yaml

@@ -0,0 +1,20 @@
+configVersion: 1
+reviewEngine: { adapter: codex }
+vcsHost: { adapter: github }
+reviewBot: { adapter: cursor }
+protectedPaths:
+  - "alembic/versions/**"
+  - "app/core/security.py"
+  - "app/core/config.py"
+staticRules:
+  - hardcoded-secrets
+  - fastapi-missing-auth
+testCommand: pytest -q
+thresholds:
+  bugbotAutoFix: 85
+  bugbotProposePatch: 60
+  maxValidateRetries: 3
+reviewStrategy: auto
+chunking:
+  smallTierMaxTokens: 8000
+  perFileMaxTokens: 32000

package/presets/python-fastapi/rules/fastapi-missing-auth.ts

@@ -0,0 +1,50 @@
+import type { StaticRule } from '../../../src/core/phases/static-rules.ts';
+import type { Finding } from '../../../src/core/findings/types.ts';
+import * as fs from 'node:fs/promises';
+
+// Routes that are decorated with state-mutating HTTP verbs but lack a Depends() auth call
+const MUTATION_DECORATOR = /@(app|router)\.(post|put|patch|delete)\s*\(/i;
+const HAS_AUTH_DEP = /Depends\s*\(\s*(?:get_current_user|require_auth|authenticate|verify_token)/i;
+
+export const fastapiMissingAuthRule: StaticRule = {
+  name: 'fastapi-missing-auth',
+  severity: 'critical',
+  async check(touchedFiles: string[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    const pyFiles = touchedFiles.filter(f => f.endsWith('.py'));
+    for (const file of pyFiles) {
+      try {
+        const content = await fs.readFile(file, 'utf8');
+        const lines = content.split('\n');
+        // Check whether any router-level dependency covers the whole file
+        const fileHasRouterAuth = HAS_AUTH_DEP.test(content.slice(0, 2000));
+        if (fileHasRouterAuth) continue;
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i]!;
+          if (!MUTATION_DECORATOR.test(line)) continue;
+          // Scan up to 40 lines after the decorator for per-endpoint auth
+          const block = lines.slice(i, i + 40).join('\n');
+          if (!HAS_AUTH_DEP.test(block)) {
+            findings.push({
+              id: `fastapi-missing-auth:${file}:${i + 1}`,
+              source: 'static-rules',
+              severity: 'critical',
+              category: 'fastapi-missing-auth',
+              file,
+              line: i + 1,
+              message: 'Mutation endpoint may be missing auth dependency',
+              suggestion: 'Add current_user: User = Depends(get_current_user) to the route parameters',
+              protectedPath: false,
+              createdAt: new Date().toISOString(),
+            });
+          }
+        }
+      } catch {
+        // unreadable — skip
+      }
+    }
+    return findings;
+  },
+};
+
+export default fastapiMissingAuthRule;

package/presets/python-fastapi/stack.md

@@ -0,0 +1,20 @@
+A Python FastAPI application with:
+- FastAPI, Python 3.11+, SQLAlchemy 2.x (async), Alembic migrations
+- Pydantic v2 for request/response models and settings
+- PostgreSQL via asyncpg driver
+- JWT authentication via python-jose or authlib
+- pytest for tests
+
+Conventions:
+- Dependency injection via FastAPI Depends()
+- DB session injected per-request (not global)
+- Pydantic BaseSettings for all config (no os.environ direct access)
+- Alembic for all schema changes (never raw CREATE TABLE in code)
+- Async endpoints where possible
+
+Things that should flag CRITICAL:
+- f-string SQL: f"SELECT * FROM users WHERE id = {user_id}"
+- Unauthenticated POST/PUT/DELETE endpoints on non-public paths
+- Secrets hardcoded in Python files
+- os.environ direct access instead of Pydantic settings
+- Synchronous DB calls in async endpoints (blocking event loop)

package/presets/rails-postgres/autopilot.config.yaml

@@ -0,0 +1,21 @@
+configVersion: 1
+reviewEngine: { adapter: codex }
+vcsHost: { adapter: github }
+reviewBot: { adapter: cursor }
+protectedPaths:
+  - "db/migrate/**"
+  - "config/credentials.yml.enc"
+  - "config/master.key"
+  - "app/models/user.rb"
+staticRules:
+  - hardcoded-secrets
+  - rails-sql-injection
+testCommand: bundle exec rspec --format progress
+thresholds:
+  bugbotAutoFix: 85
+  bugbotProposePatch: 60
+  maxValidateRetries: 3
+reviewStrategy: auto
+chunking:
+  smallTierMaxTokens: 8000
+  perFileMaxTokens: 32000

package/presets/rails-postgres/rules/rails-sql-injection.ts

@@ -0,0 +1,42 @@
+import type { StaticRule } from '../../../src/core/phases/static-rules.ts';
+import type { Finding } from '../../../src/core/findings/types.ts';
+import * as fs from 'node:fs/promises';
+
+const INTERPOLATED_WHERE = /\.where\s*\(\s*["'`][^"'`]*#\{/;
+const INTERPOLATED_ORDER = /\.order\s*\(\s*["'`][^"'`]*#\{/;
+
+export const railsSqlInjectionRule: StaticRule = {
+  name: 'rails-sql-injection',
+  severity: 'critical',
+  async check(touchedFiles: string[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    const rubyFiles = touchedFiles.filter(f => f.endsWith('.rb'));
+    for (const file of rubyFiles) {
+      try {
+        const lines = (await fs.readFile(file, 'utf8')).split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          const line = lines[i]!;
+          if (INTERPOLATED_WHERE.test(line) || INTERPOLATED_ORDER.test(line)) {
+            findings.push({
+              id: `rails-sql-injection:${file}:${i + 1}`,
+              source: 'static-rules',
+              severity: 'critical',
+              category: 'rails-sql-injection',
+              file,
+              line: i + 1,
+              message: 'SQL injection risk: string interpolation in Active Record query',
+              suggestion: 'Use parameterized queries: .where("name = ?", params[:name])',
+              protectedPath: false,
+              createdAt: new Date().toISOString(),
+            });
+          }
+        }
+      } catch {
+        // unreadable — skip
+      }
+    }
+    return findings;
+  },
+};
+
+export default railsSqlInjectionRule;

package/presets/rails-postgres/stack.md

@@ -0,0 +1,20 @@
+A Ruby on Rails 7 application with:
+- Rails 7.x, Ruby 3.2+, PostgreSQL
+- RSpec for tests (spec/), FactoryBot for fixtures
+- Active Record ORM (migrations in db/migrate/)
+- Devise or similar for authentication
+- Turbo/Stimulus for frontend
+
+Conventions:
+- Fat models, thin controllers
+- Service objects in app/services/ for complex business logic
+- Migrations are irreversible destructive operations — always write down/up
+- Strong parameters in controllers for all form inputs
+- Background jobs in app/jobs/ via Sidekiq
+
+Things that should flag CRITICAL:
+- Raw SQL interpolation: User.where("name = '#{params[:name]}'")
+- Mass assignment without strong params
+- Secrets in application.rb or initializers (not credentials.yml.enc)
+- Missing foreign key constraints in migrations
+- N+1 queries (missing .includes() on associations)

package/presets/t3/autopilot.config.yaml

@@ -0,0 +1,22 @@
+configVersion: 1
+reviewEngine: { adapter: codex }
+vcsHost: { adapter: github }
+reviewBot: { adapter: cursor }
+protectedPaths:
+  - "src/server/auth/**"
+  - "prisma/migrations/**"
+  - "src/env.js"
+  - "src/server/db.ts"
+staticRules:
+  - hardcoded-secrets
+  - npm-audit
+  - package-lock-sync
+  - t3-server-only
+thresholds:
+  bugbotAutoFix: 85
+  bugbotProposePatch: 60
+  maxValidateRetries: 3
+reviewStrategy: auto
+chunking:
+  smallTierMaxTokens: 8000
+  perFileMaxTokens: 32000

package/presets/t3/rules/t3-server-only.ts

@@ -0,0 +1,35 @@
+import type { StaticRule } from '../../../src/core/phases/static-rules.ts';
+import type { Finding } from '../../../src/core/findings/types.ts';
+import * as fs from 'node:fs/promises';
+
+export const t3ServerOnlyRule: StaticRule = {
+  name: 't3-server-only',
+  severity: 'critical',
+  async check(touchedFiles: string[]): Promise<Finding[]> {
+    const findings: Finding[] = [];
+    for (const file of touchedFiles) {
+      if (!file.includes('src/server/') && !file.endsWith('.server.ts')) continue;
+      try {
+        const content = await fs.readFile(file, 'utf8');
+        if (!content.includes("'server-only'") && !content.includes('"server-only"')) {
+          findings.push({
+            id: `t3-server-only:${file}`,
+            source: 'static-rules',
+            severity: 'critical',
+            category: 't3-server-only',
+            file,
+            message: 'Server utility missing `server-only` import guard',
+            suggestion: "Add `import 'server-only'` at the top of this file",
+            protectedPath: false,
+            createdAt: new Date().toISOString(),
+          });
+        }
+      } catch {
+        // file unreadable — skip
+      }
+    }
+    return findings;
+  },
+};
+
+export default t3ServerOnlyRule;

package/presets/t3/stack.md

@@ -0,0 +1,20 @@
+A T3 Stack application with:
+- Next.js App Router, TypeScript, Tailwind CSS
+- tRPC v11 for type-safe APIs (router in src/server/api/)
+- Prisma ORM with Postgres (migrations in prisma/migrations/)
+- NextAuth.js for authentication
+- Zod for input validation
+
+Conventions:
+- tRPC procedures live in src/server/api/routers/
+- DB access only through Prisma client in src/server/db.ts
+- Server-only code uses `server-only` package import guard
+- env.js validates all env vars at startup (Zod schema)
+- Client components must not import from src/server/
+
+Things that should flag CRITICAL:
+- Direct Prisma client usage in client components
+- Missing `server-only` guard on server utilities
+- tRPC procedure without input validation (Zod)
+- Secrets hardcoded in source
+- Prisma $executeRaw with unsanitized user input

package/scripts/test-runner.mjs

@@ -0,0 +1,16 @@
+// Cross-platform test runner using Node 22 built-in fs.glob
+import { glob } from 'node:fs/promises';
+import { spawnSync } from 'node:child_process';
+
+const files = [];
+for await (const f of glob('tests/**/*.test.ts')) {
+  files.push(f);
+}
+files.sort();
+
+const result = spawnSync(
+  'node',
+  ['--test', '--import', 'tsx', ...files],
+  { stdio: 'inherit', shell: false },
+);
+process.exit(result.status ?? 1);