@delegance/claude-autopilot 1.5.0 → 1.7.0

package/CHANGELOG.md

@@ -1,5 +1,48 @@
 # Changelog
 
+## [1.7.0] — 2026-04-22
+
+### Added
+- **Stack auto-detection** (`src/core/detect/stack.ts`) — infers human-readable stack string from `package.json`, `go.mod`, `Cargo.toml`, `requirements.txt`, `Gemfile`; detects framework, ORM, auth, UI library, language; injected into review prompt automatically when `stack:` is absent from config
+- **Protected-paths auto-detection** (`src/core/detect/protected-paths.ts`) — scans for migration dirs (`data/deltas/`, `migrations/`, `db/migrate/`, `prisma/migrations/`, `alembic/versions/`, `flyway/`), schema files (`schema.prisma`, `schema.sql`, `db/schema.rb`), infra dirs (`terraform/`, `k8s/`, `helm/`, `.github/workflows/`); populates `protectedPaths` when not set in config
+- **Test-command runtime fallback** — re-runs project detector at `run` time when `testCommand` is absent from config; `null` still disables the test phase explicitly
+- **Git context enrichment** (`src/core/detect/git-context.ts`) — injects branch name and last commit message into the review prompt as `Change context: branch: feat/x | last commit: add user auth` so the LLM understands intent
+- `ReviewInput.context.gitSummary` — new context field; all five adapters (claude, gemini, codex, openai-compatible, auto) inject it when present
+- 18 new tests (9 stack + 9 protected-paths) — **199 total**
+
+## [1.6.0] — 2026-04-22
+
+### Added
+- **Provider usage scanner** (`src/core/detect/provider-usage.ts`) — walks project source files, counts per-provider API key and SDK references (capped at 1 per file to avoid skew), returns `ProviderCounts`
+- **`dominantProvider()`** — returns the provider with the highest file-reference count
+- **Smart `auto` tiebreaker** — when multiple API keys are present, `auto` scans the codebase and prefers the provider already used there; falls back to env-key priority order if counts are all zero
+- `ReviewInput.context.cwd` — threads working directory through to the review engine so `auto` knows where to scan; `review-phase.ts` now passes `cwd` in context
+- 12 new tests for `detectProviderUsage` and `dominantProvider` — **181 total**
+
+## [1.5.0] — 2026-04-22
+
+### Added
+- **Gemini adapter** (`gemini`) — Google Gemini 2.5 Pro via `@google/generative-ai`; accepts `GEMINI_API_KEY` or `GOOGLE_API_KEY`; 1M token context window
+- **OpenAI-compatible adapter** (`openai-compatible`) — works with any OpenAI-API-compatible endpoint (Groq, Ollama, Together AI, etc.); requires `options.model`; auto-selects API key via `options.apiKeyEnv` → `OPENAI_API_KEY` → `'ollama'`
+- **Updated auto adapter** — full priority chain: `ANTHROPIC_API_KEY` → `GEMINI_API_KEY`/`GOOGLE_API_KEY` → `OPENAI_API_KEY` → `GROQ_API_KEY` (wraps openai-compatible with Groq config)
+- `run.ts` no-key warning now lists all four key options
+
+### Changed
+- 169 tests total (up from 136)
+
+## [1.4.0] — 2026-04-21
+
+### Added
+- **Static rules registry** (`src/core/static-rules/registry.ts`) — lazy-loads built-in rules by name; fixes critical bug where config `staticRules` was always silently ignored
+- **7 built-in rules**: `hardcoded-secrets`, `npm-audit`, `package-lock-sync`, `console-log`, `todo-fixme`, `large-file`, `missing-tests`
+- **Claude adapter** (`claude`) — Anthropic Claude Opus 4.7 via `@anthropic-ai/sdk`; configurable model via `context.model`
+- **Auto adapter** (`auto`) — detects best available key at runtime; checked in priority order
+- `doctor` now checks `ANTHROPIC_API_KEY` in addition to `OPENAI_API_KEY`
+- 136 tests total
+
+### Fixed
+- **Critical**: `staticRules` in `RunInput` was never populated — config-listed rules were silently ignored. `loadRulesFromConfig()` now wired into `run.ts`
+
 ## [1.2.8] — 2026-04-21
 
 ### Added

package/README.md

@@ -118,7 +118,7 @@ Presets: `nextjs-supabase`, `t3`, `python-fastapi`, `rails-postgres`, `go`.
 ```yaml
 configVersion: 1
 reviewEngine:
-  adapter: codex
+  adapter: auto        # auto-detects best available key at runtime
 testCommand: npm test
 protectedPaths:
   - src/core/**
@@ -130,6 +130,37 @@ staticRules:
 
 Full schema and preset defaults: `presets/<name>/autopilot.config.yaml`.
 
+### Review Engine Adapters
+
+| Adapter | Key required | Notes |
+|---|---|---|
+| `auto` | any below | Auto-selects best available (recommended) |
+| `claude` | `ANTHROPIC_API_KEY` | Opus 4.7 default |
+| `gemini` | `GEMINI_API_KEY` or `GOOGLE_API_KEY` | Gemini 2.5 Pro, 1M context |
+| `codex` | `OPENAI_API_KEY` | GPT-5 Codex |
+| `openai-compatible` | configurable | Groq, Ollama, Together AI, etc. |
+
+`auto` priority: Anthropic → Gemini → OpenAI → Groq.
+
+**Groq example:**
+```yaml
+reviewEngine:
+  adapter: openai-compatible
+  options:
+    model: llama-3.3-70b-versatile
+    baseUrl: https://api.groq.com/openai/v1
+    apiKeyEnv: GROQ_API_KEY
+```
+
+**Ollama (local, no key):**
+```yaml
+reviewEngine:
+  adapter: openai-compatible
+  options:
+    model: llama3.2
+    baseUrl: http://localhost:11434/v1
+```
+
 ## GitHub Actions
 
 ```yaml
@@ -175,7 +206,7 @@ Four pluggable adapter points:
 
 | Point | Built-in | Purpose |
 |---|---|---|
-| `review-engine` | `codex` | LLM code review (OpenAI) |
+| `review-engine` | `auto`, `claude`, `gemini`, `codex`, `openai-compatible` | LLM code review |
 | `vcs-host` | `github` | PR comments + SARIF upload |
 | `migration-runner` | `supabase` | DB migration execution |
 | `review-bot-parser` | `cursor` | Parse review bot comments |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "1.5.0",
+  "version": "1.7.0",
   "type": "module",
   "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
   "keywords": [

package/src/adapters/review-engine/auto.ts

@@ -1,44 +1,74 @@
 import type { Capabilities } from '../base.ts';
 import type { ReviewEngine, ReviewInput, ReviewOutput } from './types.ts';
 import { AutopilotError } from '../../core/errors.ts';
+import { detectProviderUsage, dominantProvider, type Provider } from '../../core/detect/provider-usage.ts';
 
-// Priority order for key detection
-async function resolveAdapter(): Promise<ReviewEngine> {
+interface AvailableProvider {
+  provider: Provider;
+  load: () => Promise<ReviewEngine>;
+}
+
+function buildGroqAdapter(base: ReviewEngine): ReviewEngine {
+  return {
+    ...base,
+    name: 'auto',
+    review(input: ReviewInput) {
+      return base.review({
+        ...input,
+        context: {
+          ...input.context,
+          model: 'llama-3.3-70b-versatile',
+          baseUrl: 'https://api.groq.com/openai/v1',
+          apiKeyEnv: 'GROQ_API_KEY',
+        } as typeof input.context,
+      });
+    },
+  };
+}
+
+function getAvailableProviders(): AvailableProvider[] {
+  const available: AvailableProvider[] = [];
   if (process.env.ANTHROPIC_API_KEY) {
-    const { claudeAdapter } = await import('./claude.ts');
-    return claudeAdapter;
+    available.push({ provider: 'anthropic', load: async () => (await import('./claude.ts')).claudeAdapter });
   }
   if (process.env.GEMINI_API_KEY || process.env.GOOGLE_API_KEY) {
-    const { geminiAdapter } = await import('./gemini.ts');
-    return geminiAdapter;
+    available.push({ provider: 'gemini', load: async () => (await import('./gemini.ts')).geminiAdapter });
   }
   if (process.env.OPENAI_API_KEY) {
-    const { codexAdapter } = await import('./codex.ts');
-    return codexAdapter;
+    available.push({ provider: 'openai', load: async () => (await import('./codex.ts')).codexAdapter });
   }
   if (process.env.GROQ_API_KEY) {
-    const { openaiCompatibleAdapter } = await import('./openai-compatible.ts');
-    // Wrap with Groq config injected into review() context
-    return {
-      ...openaiCompatibleAdapter,
-      name: 'auto',
-      review(input: ReviewInput) {
-        return openaiCompatibleAdapter.review({
-          ...input,
-          context: {
-            ...input.context,
-            model: 'llama-3.3-70b-versatile',
-            baseUrl: 'https://api.groq.com/openai/v1',
-            apiKeyEnv: 'GROQ_API_KEY',
-          } as typeof input.context,
-        });
-      },
-    };
+    available.push({
+      provider: 'groq',
+      load: async () => buildGroqAdapter((await import('./openai-compatible.ts')).openaiCompatibleAdapter),
+    });
+  }
+  return available;
+}
+
+async function resolveAdapter(cwd: string): Promise<ReviewEngine> {
+  const available = getAvailableProviders();
+
+  if (available.length === 0) {
+    throw new AutopilotError(
+      'No LLM API key found. Set one of: ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, GROQ_API_KEY',
+      { code: 'auth', provider: 'auto' },
+    );
+  }
+
+  // Single provider — no need to scan
+  if (available.length === 1) return available[0]!.load();
+
+  // Multiple keys present — prefer the provider most referenced in source code
+  const counts = detectProviderUsage(cwd);
+  const dominant = dominantProvider(counts);
+  if (dominant) {
+    const match = available.find(p => p.provider === dominant);
+    if (match) return match.load();
   }
-  throw new AutopilotError(
-    'No LLM API key found. Set one of: ANTHROPIC_API_KEY, GEMINI_API_KEY, OPENAI_API_KEY, GROQ_API_KEY',
-    { code: 'auth', provider: 'auto' },
-  );
+
+  // Fallback to first available (env-key priority order)
+  return available[0]!.load();
 }
 
 export const autoAdapter: ReviewEngine = {
@@ -54,7 +84,9 @@ export const autoAdapter: ReviewEngine = {
   },
 
   async review(input: ReviewInput): Promise<ReviewOutput> {
-    const adapter = await resolveAdapter();
+    const cwd = (input.context as Record<string, unknown> | undefined)?.['cwd'] as string | undefined
+      ?? process.cwd();
+    const adapter = await resolveAdapter(cwd);
     return adapter.review(input);
   },
 };

package/src/adapters/review-engine/claude.ts

@@ -14,7 +14,7 @@ const COST_PER_M_OUTPUT = 75.0;
 const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect reviewing code changes for quality, security, and correctness.
 
 The codebase context:
-{STACK}
+{STACK}{GIT_CONTEXT}
 
 Provide structured feedback in exactly this format:
 
@@ -56,7 +56,8 @@ export const claudeAdapter: ReviewEngine = {
 
     const model = (input.context as Record<string, unknown> | undefined)?.['model'] as string | undefined ?? DEFAULT_MODEL;
     const stack = input.context?.stack ?? 'A web application — stack details unspecified.';
-    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack);
+    const gitCtx = input.context?.gitSummary ? `\n\nChange context: ${input.context.gitSummary}` : '';
+    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack).replace('{GIT_CONTEXT}', gitCtx);
 
     const client = new Anthropic({ apiKey });
     let response: Anthropic.Message;

package/src/adapters/review-engine/codex.ts

@@ -10,7 +10,7 @@ const MAX_OUTPUT_TOKENS = 4096;
 const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect providing feedback on designs, proposals, and ideas.
 
 The codebase context:
-{STACK}
+{STACK}{GIT_CONTEXT}
 
 Provide structured feedback in exactly this format:
 
@@ -49,7 +49,8 @@ export const codexAdapter: ReviewEngine = {
       throw new AutopilotError('OPENAI_API_KEY not set', { code: 'auth', provider: 'codex' });
     }
     const stack = input.context?.stack ?? 'A web application — stack details unspecified.';
-    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack);
+    const gitCtx = input.context?.gitSummary ? `\n\nChange context: ${input.context.gitSummary}` : '';
+    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack).replace('{GIT_CONTEXT}', gitCtx);
 
     const client = new OpenAI({ apiKey });
     let response;

package/src/adapters/review-engine/gemini.ts

@@ -14,7 +14,7 @@ const COST_PER_M_OUTPUT = 10.0;
 const PROMPT_TEMPLATE = `You are a senior software architect reviewing code changes for quality, security, and correctness.
 
 The codebase context:
-{STACK}
+{STACK}{GIT_CONTEXT}
 
 Please review the following:
 
@@ -64,7 +64,8 @@ export const geminiAdapter: ReviewEngine = {
 
     const model = (input.context as Record<string, unknown> | undefined)?.['model'] as string | undefined ?? DEFAULT_MODEL;
     const stack = input.context?.stack ?? 'A web application — stack details unspecified.';
-    const prompt = PROMPT_TEMPLATE.replace('{STACK}', stack).replace('{CONTENT}', input.content);
+    const gitCtx = input.context?.gitSummary ? `\n\nChange context: ${input.context.gitSummary}` : '';
+    const prompt = PROMPT_TEMPLATE.replace('{STACK}', stack).replace('{GIT_CONTEXT}', gitCtx).replace('{CONTENT}', input.content);
 
     const genAI = new GoogleGenerativeAI(apiKey);
     const genModel = genAI.getGenerativeModel({

package/src/adapters/review-engine/openai-compatible.ts

@@ -9,7 +9,7 @@ const MAX_OUTPUT_TOKENS = 4096;
 const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect reviewing code changes for quality, security, and correctness.
 
 The codebase context:
-{STACK}
+{STACK}{GIT_CONTEXT}
 
 Provide structured feedback in exactly this format:
 
@@ -63,7 +63,8 @@ export const openaiCompatibleAdapter: ReviewEngine = {
     }
 
     const stack = input.context?.stack ?? 'A web application — stack details unspecified.';
-    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack);
+    const gitCtx = input.context?.gitSummary ? `\n\nChange context: ${input.context.gitSummary}` : '';
+    const systemPrompt = SYSTEM_PROMPT_TEMPLATE.replace('{STACK}', stack).replace('{GIT_CONTEXT}', gitCtx);
     const client = new OpenAI({ apiKey, ...(baseURL ? { baseURL } : {}) });
 
     let response: OpenAI.Chat.ChatCompletion;

package/src/adapters/review-engine/types.ts

@@ -4,7 +4,7 @@ import type { Finding } from '../../core/findings/types.ts';
 export interface ReviewInput {
   content: string;
   kind: 'spec' | 'pr-diff' | 'file-batch';
-  context?: { spec?: string; plan?: string; stack?: string };
+  context?: { spec?: string; plan?: string; stack?: string; cwd?: string; gitSummary?: string };
 }
 
 export interface ReviewOutput {

package/src/cli/run.ts

@@ -33,6 +33,10 @@ import type { AutopilotConfig } from '../core/config/types.ts';
 import { fileURLToPath } from 'node:url';
 import { toSarif } from '../formatters/sarif.ts';
 import { emitAnnotations } from '../formatters/github-annotations.ts';
+import { detectStack } from '../core/detect/stack.ts';
+import { detectProtectedPaths } from '../core/detect/protected-paths.ts';
+import { detectGitContext } from '../core/detect/git-context.ts';
+import { detectProject } from './detector.ts';
 
 function readToolVersion(): string {
   const pkgPath = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../package.json');
@@ -92,6 +96,20 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     return 1;
   }
 
+  // Fill in missing config fields from auto-detection
+  if (!config.stack) {
+    const detected = detectStack(cwd);
+    if (detected) config = { ...config, stack: detected };
+  }
+  if (!config.protectedPaths || config.protectedPaths.length === 0) {
+    const detected = detectProtectedPaths(cwd);
+    if (detected.length > 0) config = { ...config, protectedPaths: detected };
+  }
+  if (config.testCommand === undefined) {
+    config = { ...config, testCommand: detectProject(cwd).testCommand };
+  }
+  const gitCtx = detectGitContext(cwd);
+
   // Resolve touched files
   const touchedFiles = options.files ?? resolveGitTouchedFiles({ cwd, base: options.base });
   if (touchedFiles.length === 0) {
@@ -141,6 +159,7 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     reviewEngine,
     staticRules,
     cwd,
+    gitSummary: gitCtx.summary ?? undefined,
   };
 
   console.log('');

package/src/core/detect/git-context.ts

@@ -0,0 +1,27 @@
+import { runSafe } from '../shell.ts';
+
+export interface GitContext {
+  branch: string | null;
+  commitMessage: string | null;
+  /** Short summary suitable for injecting into a review prompt */
+  summary: string | null;
+}
+
+/**
+ * Reads branch name and last commit message from git. Returns nulls gracefully
+ * if git is unavailable or the repo has no commits.
+ */
+export function detectGitContext(cwd: string): GitContext {
+  const branch = runSafe('git', ['-C', cwd, 'rev-parse', '--abbrev-ref', 'HEAD'])?.trim() ?? null;
+  const commitMessage = runSafe('git', ['-C', cwd, 'log', '-1', '--format=%s'])?.trim() ?? null;
+
+  let summary: string | null = null;
+  if (branch || commitMessage) {
+    const parts: string[] = [];
+    if (branch && branch !== 'HEAD') parts.push(`branch: ${branch}`);
+    if (commitMessage) parts.push(`last commit: ${commitMessage}`);
+    summary = parts.join(' | ');
+  }
+
+  return { branch, commitMessage, summary };
+}

package/src/core/detect/protected-paths.ts

@@ -0,0 +1,63 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+interface MigrationSignal {
+  glob: string;
+  check: (cwd: string) => boolean;
+}
+
+const MIGRATION_SIGNALS: MigrationSignal[] = [
+  { glob: 'data/deltas/**',           check: c => fs.existsSync(path.join(c, 'data', 'deltas')) },
+  { glob: 'migrations/**',            check: c => fs.existsSync(path.join(c, 'migrations')) },
+  { glob: 'db/migrate/**',            check: c => fs.existsSync(path.join(c, 'db', 'migrate')) },
+  { glob: 'database/migrations/**',   check: c => fs.existsSync(path.join(c, 'database', 'migrations')) },
+  { glob: 'prisma/migrations/**',     check: c => fs.existsSync(path.join(c, 'prisma', 'migrations')) },
+  { glob: 'alembic/versions/**',      check: c => fs.existsSync(path.join(c, 'alembic', 'versions')) },
+  { glob: 'flyway/**',                check: c => fs.existsSync(path.join(c, 'flyway')) },
+  // *.sql is handled below via readdirSync
+];
+
+const SCHEMA_FILES = [
+  'prisma/schema.prisma',
+  'schema.prisma',
+  'schema.sql',
+  'db/schema.rb',
+  'config/schema.xml',
+];
+
+const INFRA_SIGNALS: Array<{ glob: string; check: (cwd: string) => boolean }> = [
+  { glob: 'terraform/**',      check: c => fs.existsSync(path.join(c, 'terraform')) },
+  { glob: 'infra/**',          check: c => fs.existsSync(path.join(c, 'infra')) },
+  { glob: '.github/workflows/**', check: c => fs.existsSync(path.join(c, '.github', 'workflows')) },
+  { glob: 'k8s/**',            check: c => fs.existsSync(path.join(c, 'k8s')) },
+  { glob: 'helm/**',           check: c => fs.existsSync(path.join(c, 'helm')) },
+];
+
+/**
+ * Scans the project for migration directories, schema files, and infra configs
+ * and returns glob patterns suitable for `protectedPaths`.
+ */
+export function detectProtectedPaths(cwd: string): string[] {
+  const found = new Set<string>();
+
+  for (const sig of MIGRATION_SIGNALS) {
+    if (sig.check(cwd)) found.add(sig.glob);
+  }
+
+  // Root-level .sql files
+  try {
+    if (fs.readdirSync(cwd).some(f => f.endsWith('.sql'))) found.add('*.sql');
+  } catch { /* ignore */ }
+
+  for (const rel of SCHEMA_FILES) {
+    if (fs.existsSync(path.join(cwd, rel))) {
+      found.add(rel.includes('/') ? rel.split('/')[0] + '/**' : rel);
+    }
+  }
+
+  for (const sig of INFRA_SIGNALS) {
+    if (sig.check(cwd)) found.add(sig.glob);
+  }
+
+  return Array.from(found).sort();
+}

package/src/core/detect/provider-usage.ts

@@ -0,0 +1,74 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+export type Provider = 'anthropic' | 'gemini' | 'openai' | 'groq';
+
+const PROVIDER_PATTERNS: Record<Provider, RegExp> = {
+  anthropic: /ANTHROPIC_API_KEY|@anthropic-ai\/sdk|anthropic\.com|claude-[a-z0-9]/gi,
+  gemini:    /GEMINI_API_KEY|GOOGLE_API_KEY|@google\/generative-ai|generativelanguage\.googleapis/gi,
+  openai:    /OPENAI_API_KEY|openai\.com|gpt-[0-9]/gi,
+  groq:      /GROQ_API_KEY|api\.groq\.com/gi,
+};
+
+const SOURCE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs', '.py', '.go', '.rb']);
+
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', '.nuxt', 'out',
+  'coverage', '__pycache__', '.venv', 'venv', 'target', '.gradle', '.cache', '.turbo']);
+
+function walkSync(dir: string, files: string[] = []): string[] {
+  let entries: fs.Dirent[];
+  try {
+    entries = fs.readdirSync(dir, { withFileTypes: true });
+  } catch {
+    return files;
+  }
+  for (const entry of entries) {
+    if (SKIP_DIRS.has(entry.name)) continue;
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) {
+      walkSync(full, files);
+    } else if (entry.isFile() && SOURCE_EXTENSIONS.has(path.extname(entry.name))) {
+      files.push(full);
+    }
+  }
+  return files;
+}
+
+export interface ProviderCounts {
+  anthropic: number;
+  gemini: number;
+  openai: number;
+  groq: number;
+}
+
+/**
+ * Scans source files under `cwd` and returns per-provider match counts.
+ * Counts are capped at 1 per file to avoid skewing on generated lock files.
+ */
+export function detectProviderUsage(cwd: string): ProviderCounts {
+  const counts: ProviderCounts = { anthropic: 0, gemini: 0, openai: 0, groq: 0 };
+  const files = walkSync(cwd);
+  for (const file of files) {
+    let content: string;
+    try {
+      content = fs.readFileSync(file, 'utf8');
+    } catch {
+      continue;
+    }
+    for (const [provider, pattern] of Object.entries(PROVIDER_PATTERNS) as [Provider, RegExp][]) {
+      pattern.lastIndex = 0;
+      if (pattern.test(content)) counts[provider]++;
+    }
+  }
+  return counts;
+}
+
+/**
+ * Returns the provider with the highest usage count, or null if all zero.
+ */
+export function dominantProvider(counts: ProviderCounts): Provider | null {
+  const entries = Object.entries(counts) as [Provider, number][];
+  const max = Math.max(...entries.map(([, v]) => v));
+  if (max === 0) return null;
+  return entries.find(([, v]) => v === max)![0];
+}

package/src/core/detect/stack.ts

@@ -0,0 +1,153 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+function readJson(p: string): Record<string, unknown> | null {
+  try { return JSON.parse(fs.readFileSync(p, 'utf8')); } catch { return null; }
+}
+
+function fileContains(p: string, needle: string): boolean {
+  try { return fs.readFileSync(p, 'utf8').includes(needle); } catch { return false; }
+}
+
+function readFile(p: string): string {
+  try { return fs.readFileSync(p, 'utf8'); } catch { return ''; }
+}
+
+function version(deps: Record<string, string>, name: string): string | null {
+  const v = deps[name];
+  if (!v) return null;
+  return v.replace(/^[\^~>=<\s]+/, '').split('.')[0] ?? null;
+}
+
+/**
+ * Infers a human-readable stack description from project files.
+ * Returns null if nothing definitive is found (caller should omit from prompt).
+ */
+export function detectStack(cwd: string): string | null {
+  // Go
+  const goMod = path.join(cwd, 'go.mod');
+  if (fs.existsSync(goMod)) {
+    const content = readFile(goMod);
+    const parts = ['Go'];
+    if (content.includes('gin-gonic/gin')) parts.push('Gin');
+    else if (content.includes('labstack/echo')) parts.push('Echo');
+    else if (content.includes('gofiber/fiber')) parts.push('Fiber');
+    else if (content.includes('go-chi/chi')) parts.push('Chi');
+    if (content.includes('database/sql') || content.includes('sqlx') || content.includes('pgx')) parts.push('PostgreSQL');
+    if (content.includes('gorm.io')) parts.push('GORM');
+    if (content.includes('redis')) parts.push('Redis');
+    return parts.join(' + ');
+  }
+
+  // Rust
+  const cargoToml = path.join(cwd, 'Cargo.toml');
+  if (fs.existsSync(cargoToml)) {
+    const content = readFile(cargoToml);
+    const parts = ['Rust'];
+    if (content.includes('actix-web')) parts.push('Actix-Web');
+    else if (content.includes('axum')) parts.push('Axum');
+    else if (content.includes('warp')) parts.push('Warp');
+    if (content.includes('sqlx') || content.includes('diesel')) parts.push('PostgreSQL');
+    if (content.includes('serde')) parts.push('Serde');
+    if (content.includes('tokio')) parts.push('Tokio async');
+    return parts.join(' + ');
+  }
+
+  // Ruby / Rails
+  const gemfile = path.join(cwd, 'Gemfile');
+  if (fs.existsSync(gemfile)) {
+    const content = readFile(gemfile);
+    const parts: string[] = [];
+    if (content.includes("'rails'") || content.includes('"rails"')) parts.push('Ruby on Rails');
+    else if (content.includes("'sinatra'") || content.includes('"sinatra"')) parts.push('Sinatra');
+    else parts.push('Ruby');
+    if (content.includes('pg') || content.includes('postgresql')) parts.push('PostgreSQL');
+    else if (content.includes('mysql')) parts.push('MySQL');
+    else if (content.includes('sqlite')) parts.push('SQLite');
+    if (content.includes('rspec')) parts.push('RSpec');
+    if (content.includes('sidekiq')) parts.push('Sidekiq');
+    return parts.join(' + ');
+  }
+
+  // Python
+  const reqTxt = path.join(cwd, 'requirements.txt');
+  const pyproject = path.join(cwd, 'pyproject.toml');
+  const hasFastapi = fileContains(reqTxt, 'fastapi') || fileContains(pyproject, 'fastapi');
+  const hasDjango  = fileContains(reqTxt, 'django')  || fileContains(pyproject, 'django');
+  const hasFlask   = fileContains(reqTxt, 'flask')   || fileContains(pyproject, 'flask');
+  if (hasFastapi || hasDjango || hasFlask || fs.existsSync(reqTxt) || fs.existsSync(pyproject)) {
+    const parts: string[] = [];
+    if (hasFastapi) parts.push('FastAPI');
+    else if (hasDjango) parts.push('Django');
+    else if (hasFlask) parts.push('Flask');
+    else parts.push('Python');
+    const combined = readFile(reqTxt) + readFile(pyproject);
+    if (combined.includes('sqlalchemy') || combined.includes('SQLAlchemy')) parts.push('SQLAlchemy');
+    if (combined.includes('postgresql') || combined.includes('psycopg')) parts.push('PostgreSQL');
+    if (combined.includes('pydantic')) parts.push('Pydantic');
+    if (combined.includes('celery')) parts.push('Celery');
+    return parts.join(' + ');
+  }
+
+  // Node / JS / TS
+  const pkgPath = path.join(cwd, 'package.json');
+  if (!fs.existsSync(pkgPath)) return null;
+  const pkg = readJson(pkgPath);
+  if (!pkg) return null;
+
+  const deps: Record<string, string> = {
+    ...(pkg['dependencies'] as Record<string, string> ?? {}),
+    ...(pkg['devDependencies'] as Record<string, string> ?? {}),
+  };
+
+  const parts: string[] = [];
+  const isTs = 'typescript' in deps || fs.existsSync(path.join(cwd, 'tsconfig.json'));
+
+  // Framework
+  if ('next' in deps) {
+    const v = version(deps, 'next');
+    parts.push(v ? `Next.js ${v}` : 'Next.js');
+  } else if ('nuxt' in deps || 'nuxt3' in deps) {
+    parts.push('Nuxt');
+  } else if ('remix' in deps || '@remix-run/react' in deps) {
+    parts.push('Remix');
+  } else if ('astro' in deps) {
+    parts.push('Astro');
+  } else if ('express' in deps) {
+    parts.push('Express');
+  } else if ('fastify' in deps) {
+    parts.push('Fastify');
+  } else if ('hono' in deps) {
+    parts.push('Hono');
+  } else if ('react' in deps) {
+    parts.push('React');
+  } else if ('vue' in deps) {
+    parts.push('Vue');
+  } else if ('svelte' in deps || '@sveltejs/kit' in deps) {
+    parts.push('SvelteKit');
+  }
+
+  // Database / ORM
+  if ('@supabase/supabase-js' in deps) parts.push('Supabase');
+  if ('prisma' in deps || '@prisma/client' in deps) parts.push('Prisma');
+  if ('drizzle-orm' in deps) parts.push('Drizzle');
+  if ('typeorm' in deps) parts.push('TypeORM');
+  if ('mongoose' in deps) parts.push('MongoDB');
+
+  // Meta-frameworks / routers
+  if ('@trpc/server' in deps) parts.push('tRPC');
+  if ('graphql' in deps && ('apollo-server' in deps || '@apollo/server' in deps)) parts.push('GraphQL/Apollo');
+
+  // Auth
+  if ('next-auth' in deps || '@auth/core' in deps) parts.push('NextAuth');
+  if ('clerk' in deps || '@clerk/nextjs' in deps) parts.push('Clerk');
+
+  // UI
+  if ('tailwindcss' in deps) parts.push('Tailwind CSS');
+
+  // Language suffix
+  if (isTs) parts.push('TypeScript');
+
+  if (parts.length === 0) return null;
+  return parts.join(' + ');
+}

package/src/core/pipeline/review-phase.ts

@@ -17,6 +17,7 @@ export interface ReviewPhaseInput {
   engine: ReviewEngine;
   config: AutopilotConfig;
   cwd?: string;
+  gitSummary?: string;
   budgetRemainingUSD?: number;
 }
 
@@ -49,7 +50,7 @@ export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPha
     const output = await input.engine.review({
       content: chunk.content,
       kind: chunk.kind,
-      context: { stack: input.config.stack },
+      context: { stack: input.config.stack, cwd: input.cwd, gitSummary: input.gitSummary },
     });
     allFindings.push(...output.findings);
     if (output.usage) {

package/src/core/pipeline/run.ts

@@ -17,6 +17,7 @@ export interface RunInput {
   reviewEngine?: ReviewEngine;
   staticRules?: StaticRule[];
   cwd?: string;
+  gitSummary?: string;
 }
 
 export interface RunResult {
@@ -59,6 +60,7 @@ export async function runAutopilot(input: RunInput): Promise<RunResult> {
       engine: input.reviewEngine,
       config: input.config,
       cwd: input.cwd,
+      gitSummary: input.gitSummary,
       budgetRemainingUSD: budgetUSD,
     });
     phases.push(reviewResult);