@delegance/claude-autopilot 1.5.0 → 1.6.0

package/CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## [1.6.0] — 2026-04-22
+
+### Added
+- **Provider usage scanner** (`src/core/detect/provider-usage.ts`) — walks project source files, counts per-provider API key and SDK references (capped at 1 per file to avoid skew), returns `ProviderCounts`
+- **`dominantProvider()`** — returns the provider with the highest file-reference count
+- **Smart `auto` tiebreaker** — when multiple API keys are present, `auto` scans the codebase and prefers the provider already used there; falls back to env-key priority order if counts are all zero
+- `ReviewInput.context.cwd` — threads working directory through to the review engine so `auto` knows where to scan; `review-phase.ts` now passes `cwd` in context
+- 12 new tests for `detectProviderUsage` and `dominantProvider` — **181 total**
+
+## [1.5.0] — 2026-04-22
+
+### Added
+- **Gemini adapter** (`gemini`) — Google Gemini 2.5 Pro via `@google/generative-ai`; accepts `GEMINI_API_KEY` or `GOOGLE_API_KEY`; 1M token context window
+- **OpenAI-compatible adapter** (`openai-compatible`) — works with any OpenAI-API-compatible endpoint (Groq, Ollama, Together AI, etc.); requires `options.model`; auto-selects API key via `options.apiKeyEnv` → `OPENAI_API_KEY` → `'ollama'`
+- **Updated auto adapter** — full priority chain: `ANTHROPIC_API_KEY` → `GEMINI_API_KEY`/`GOOGLE_API_KEY` → `OPENAI_API_KEY` → `GROQ_API_KEY` (wraps openai-compatible with Groq config)
+- `run.ts` no-key warning now lists all four key options
+
+### Changed
+- 169 tests total (up from 136)
+
+## [1.4.0] — 2026-04-21
+
+### Added
+- **Static rules registry** (`src/core/static-rules/registry.ts`) — lazy-loads built-in rules by name; fixes critical bug where config `staticRules` was always silently ignored
+- **7 built-in rules**: `hardcoded-secrets`, `npm-audit`, `package-lock-sync`, `console-log`, `todo-fixme`, `large-file`, `missing-tests`
+- **Claude adapter** (`claude`) — Anthropic Claude Opus 4.7 via `@anthropic-ai/sdk`; configurable model via `context.model`
+- **Auto adapter** (`auto`) — detects best available key at runtime; checked in priority order
+- `doctor` now checks `ANTHROPIC_API_KEY` in addition to `OPENAI_API_KEY`
+- 136 tests total
+
+### Fixed
+- **Critical**: `staticRules` in `RunInput` was never populated — config-listed rules were silently ignored. `loadRulesFromConfig()` now wired into `run.ts`
+
 ## [1.2.8] — 2026-04-21
 
 ### Added

package/README.md

@@ -118,7 +118,7 @@ Presets: `nextjs-supabase`, `t3`, `python-fastapi`, `rails-postgres`, `go`.
 ```yaml
 configVersion: 1
 reviewEngine:
-  adapter: codex
+  adapter: auto        # auto-detects best available key at runtime
 testCommand: npm test
 protectedPaths:
   - src/core/**
@@ -130,6 +130,37 @@ staticRules:
 
 Full schema and preset defaults: `presets/<name>/autopilot.config.yaml`.
 
+### Review Engine Adapters
+
+| Adapter | Key required | Notes |
+|---|---|---|
+| `auto` | any below | Auto-selects best available (recommended) |
+| `claude` | `ANTHROPIC_API_KEY` | Opus 4.7 default |
+| `gemini` | `GEMINI_API_KEY` or `GOOGLE_API_KEY` | Gemini 2.5 Pro, 1M context |
+| `codex` | `OPENAI_API_KEY` | GPT-5 Codex |
+| `openai-compatible` | configurable | Groq, Ollama, Together AI, etc. |
+
+`auto` priority: Anthropic → Gemini → OpenAI → Groq.
+
+**Groq example:**
+```yaml
+reviewEngine:
+  adapter: openai-compatible
+  options:
+    model: llama-3.3-70b-versatile
+    baseUrl: https://api.groq.com/openai/v1
+    apiKeyEnv: GROQ_API_KEY
+```
+
+**Ollama (local, no key):**
+```yaml
+reviewEngine:
+  adapter: openai-compatible
+  options:
+    model: llama3.2
+    baseUrl: http://localhost:11434/v1
+```
+
 ## GitHub Actions
 
 ```yaml
@@ -175,7 +206,7 @@ Four pluggable adapter points:
 
 | Point | Built-in | Purpose |
 |---|---|---|
-| `review-engine` | `codex` | LLM code review (OpenAI) |
+| `review-engine` | `auto`, `claude`, `gemini`, `codex`, `openai-compatible` | LLM code review |
 | `vcs-host` | `github` | PR comments + SARIF upload |
 | `migration-runner` | `supabase` | DB migration execution |
 | `review-bot-parser` | `cursor` | Parse review bot comments |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "type": "module",
   "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
   "keywords": [

package/src/adapters/review-engine/auto.ts

@@ -1,44 +1,74 @@
 import type { Capabilities } from '../base.ts';
 import type { ReviewEngine, ReviewInput, ReviewOutput } from './types.ts';
 import { AutopilotError } from '../../core/errors.ts';
+import { detectProviderUsage, dominantProvider, type Provider } from '../../core/detect/provider-usage.ts';
 
-// Priority order for key detection
-async function resolveAdapter(): Promise<ReviewEngine> {
+interface AvailableProvider {
+  provider: Provider;
+  load: () => Promise<ReviewEngine>;
+}
+
+function buildGroqAdapter(base: ReviewEngine): ReviewEngine {
+  return {
+    ...base,
+    name: 'auto',
+    review(input: ReviewInput) {
+      return base.review({
+        ...input,
+        context: {
+          ...input.context,
+          model: 'llama-3.3-70b-versatile',
+          baseUrl: 'https://api.groq.com/openai/v1',
+          apiKeyEnv: 'GROQ_API_KEY',
+        } as typeof input.context,
+      });
+    },
+  };
+}
+
+function getAvailableProviders(): AvailableProvider[] {
+  const available: AvailableProvider[] = [];
   if (process.env.ANTHROPIC_API_KEY) {
-    const { claudeAdapter } = await import('./claude.ts');
-    return claudeAdapter;
+    available.push({ provider: 'anthropic', load: async () => (await import('./claude.ts')).claudeAdapter });
   }
   if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) {
-    const { geminiAdapter } = await import('./gemini.ts');
-    return geminiAdapter;
+    available.push({ provider: 'gemini', load: async () => (await import('./gemini.ts')).geminiAdapter });
   }
   if (process.env.OPENAI_API_KEY) {
-    const { codexAdapter } = await import('./codex.ts');
-    return codexAdapter;
+    available.push({ provider: 'openai', load: async () => (await import('./codex.ts')).codexAdapter });
   }
   if (process.env.GROQ_API_KEY) {
-    const { openaiCompatibleAdapter } = await import('./openai-compatible.ts');
-    // Wrap with Groq config injected into review() context
-    return {
-      ...openaiCompatibleAdapter,
-      name: 'auto',
-      review(input: ReviewInput) {
-        return openaiCompatibleAdapter.review({
-          ...input,
-          context: {
-            ...input.context,
-            model: 'llama-3.3-70b-versatile',
-            baseUrl: 'https://api.groq.com/openai/v1',
-            apiKeyEnv: 'GROQ_API_KEY',
-          } as typeof input.context,
-        });
-      },
-    };
+    available.push({
+      provider: 'groq',
+      load: async () => buildGroqAdapter((await import('./openai-compatible.ts')).openaiCompatibleAdapter),
+    });
+  }
+  return available;
+}
+
+async function resolveAdapter(cwd: string): Promise<ReviewEngine> {
+  const available = getAvailableProviders();
+
+  if (available.length === 0) {
+    throw new AutopilotError(
+      'No LLM API key found. Set one of: ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, GROQ_API_KEY',
+      { code: 'auth', provider: 'auto' },
+    );
+  }
+
+  // Single provider — no need to scan
+  if (available.length === 1) return available[0]!.load();
+
+  // Multiple keys present — prefer the provider most referenced in source code
+  const counts = detectProviderUsage(cwd);
+  const dominant = dominantProvider(counts);
+  if (dominant) {
+    const match = available.find(p => p.provider === dominant);
+    if (match) return match.load();
   }
-  throw new AutopilotError(
-    'No LLM API key found. Set one of: ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, GROQ_API_KEY',
-    { code: 'auth', provider: 'auto' },
-  );
+
+  // Fallback to first available (env-key priority order)
+  return available[0]!.load();
 }
 
 export const autoAdapter: ReviewEngine = {
@@ -54,7 +84,9 @@ export const autoAdapter: ReviewEngine = {
   },
 
   async review(input: ReviewInput): Promise<ReviewOutput> {
-    const adapter = await resolveAdapter();
+    const cwd = (input.context as Record<string, unknown> | undefined)?.['cwd'] as string | undefined
+      ?? process.cwd();
+    const adapter = await resolveAdapter(cwd);
     return adapter.review(input);
   },
 };

package/src/adapters/review-engine/types.ts

@@ -4,7 +4,7 @@ import type { Finding } from '../../core/findings/types.ts';
 export interface ReviewInput {
   content: string;
   kind: 'spec' | 'pr-diff' | 'file-batch';
-  context?: { spec?: string; plan?: string; stack?: string };
+  context?: { spec?: string; plan?: string; stack?: string; cwd?: string };
 }
 
 export interface ReviewOutput {

package/src/core/detect/provider-usage.ts

@@ -0,0 +1,74 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+export type Provider = 'anthropic' | 'gemini' | 'openai' | 'groq';
+
+const PROVIDER_PATTERNS: Record<Provider, RegExp> = {
+  anthropic: /ANTHROPIC_API_KEY|@anthropic-ai\/sdk|anthropic\.com|claude-[a-z0-9]/gi,
+  gemini:    /GEMINI_API_KEY|GOOGLE_API_KEY|@google\/generative-ai|generativelanguage\.googleapis/gi,
+  openai:    /OPENAI_API_KEY|openai\.com|gpt-[0-9]/gi,
+  groq:      /GROQ_API_KEY|api\.groq\.com/gi,
+};
+
+const SOURCE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs', '.py', '.go', '.rb']);
+
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'out',
+  'coverage', '__pycache__', '.venv', 'venv', 'target', '.gradle', '.cache', '.turbo']);
+
+function walkSync(dir: string, files: string[] = []): string[] {
+  let entries: fs.Dirent[];
+  try {
+    entries = fs.readdirSync(dir, { withFileTypes: true });
+  } catch {
+    return files;
+  }
+  for (const entry of entries) {
+    if (SKIP_DIRS.has(entry.name)) continue;
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      walkSync(full, files);
+    } else if (entry.isFile() && SOURCE_EXTENSIONS.has(path.extname(entry.name))) {
+      files.push(full);
+    }
+  }
+  return files;
+}
+
+export interface ProviderCounts {
+  anthropic: number;
+  gemini: number;
+  openai: number;
+  groq: number;
+}
+
+/**
+ * Scans source files under `cwd` and returns per-provider match counts.
+ * Counts are capped at 1 per file to avoid skewing on generated lock files.
+ */
+export function detectProviderUsage(cwd: string): ProviderCounts {
+  const counts: ProviderCounts = { anthropic: 0, gemini: 0, openai: 0, groq: 0 };
+  const files = walkSync(cwd);
+  for (const file of files) {
+    let content: string;
+    try {
+      content = fs.readFileSync(file, 'utf8');
+    } catch {
+      continue;
+    }
+    for (const [provider, pattern] of Object.entries(PROVIDER_PATTERNS) as [Provider, RegExp][]) {
+      pattern.lastIndex = 0;
+      if (pattern.test(content)) counts[provider]++;
+    }
+  }
+  return counts;
+}
+
+/**
+ * Returns the provider with the highest usage count, or null if all zero.
+ */
+export function dominantProvider(counts: ProviderCounts): Provider | null {
+  const entries = Object.entries(counts) as [Provider, number][];
+  const max = Math.max(...entries.map(([, v]) => v));
+  if (max === 0) return null;
+  return entries.find(([, v]) => v === max)![0];
+}

package/src/core/pipeline/review-phase.ts

@@ -49,7 +49,7 @@ export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPha
     const output = await input.engine.review({
       content: chunk.content,
       kind: chunk.kind,
-      context: { stack: input.config.stack },
+      context: { stack: input.config.stack, cwd: input.cwd },
     });
     allFindings.push(...output.findings);
     if (output.usage) {