@delegance/claude-autopilot 2.0.0 → 2.2.0

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [2.2.0] — 2026-04-22
+
+### Added
+- **`reviewStrategy: diff`** — new chunking strategy that sends `git diff` unified hunks instead of full file contents; typically ~70% fewer tokens and more focused findings (LLM sees exactly what changed)
+- **`--diff` flag** on `run` and `ci` subcommands — shorthand to activate diff strategy without editing config
+- **`src/core/git/diff-hunks.ts`** — `getFileDiffs()`, `parseUnifiedDiff()`, `formatDiffContent()`; per-file diff sections in fenced code blocks; files that exceed `maxChars` are omitted with a count notice
+- `BuildChunksInput.base` / `ReviewPhaseInput.base` / `RunInput.base` — threads git base ref through pipeline to diff engine
+- 9 new tests for `parseUnifiedDiff` and `formatDiffContent` — **233 total**
+
+## [2.1.0] — 2026-04-22
+
+### Added
+- **Risk-weighted file ordering** (`src/core/chunking/risk-ranker.ts`) — ranks files before sending to LLM: protected paths (score 100) → auth/security (80) → payment/billing (70) → core logic (50) → config files (40) → everything else (30) → tests (10) → docs (5); ensures most sensitive code appears at the start of the LLM's context window
+- `BuildChunksInput.protectedPaths` — passed from config through review-phase to ranker so glob patterns from `protectedPaths:` config key are respected
+- 9 new tests for `rankByRisk` — **224 total**
+
 ## [2.0.0] — 2026-04-22
 
 ### Added

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "type": "module",
   "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
   "keywords": [

package/src/cli/ci.ts

@@ -6,6 +6,7 @@ export interface CiCommandOptions {
   base?: string;
   postComments?: boolean;
   sarifOutput?: string;
+  diff?: boolean;
 }
 
 /**
@@ -34,5 +35,6 @@ export async function runCi(options: CiCommandOptions = {}): Promise<number> {
     postComments: options.postComments ?? true,
     format: 'sarif',
     outputPath: sarifOutput,
+    diff: options.diff,
   });
 }

package/src/cli/index.ts

@@ -66,6 +66,7 @@ Options (run):
   --config <path>      Path to config file (default: ./autopilot.config.yaml)
   --files <a,b,c>      Explicit comma-separated file list (skips git detection)
   --dry-run            Show what would run without executing
+  --diff               Send git diff hunks instead of full files (~70% fewer tokens)
   --post-comments      Post/update a summary comment on the open PR
   --format <text|sarif>  Output format (default: text)
   --output <path>        Output file path (required with --format sarif)
@@ -120,6 +121,7 @@ switch (subcommand) {
     const config = flag('config');
     const filesArg = flag('files');
     const dryRun = boolFlag('dry-run');
+    const diff = boolFlag('diff');
     const postComments = boolFlag('post-comments');
     const formatArg = flag('format');
     const outputPath = flag('output');
@@ -138,6 +140,7 @@ switch (subcommand) {
       configPath: config,
       files: filesArg ? filesArg.split(',').map(f => f.trim()) : undefined,
       dryRun,
+      diff,
       postComments,
       format: formatArg as 'text' | 'sarif' | undefined,
       outputPath,
@@ -151,11 +154,13 @@ switch (subcommand) {
     const config = flag('config');
     const outputPath = flag('output');
     const noPostComments = boolFlag('no-post-comments');
+    const diff = boolFlag('diff');
     const code = await runCi({
       configPath: config,
       base,
       sarifOutput: outputPath,
       postComments: noPostComments ? false : undefined,
+      diff,
     });
     process.exit(code);
     break;

package/src/cli/run.ts

@@ -64,6 +64,7 @@ export interface RunCommandOptions {
   base?: string;        // git base ref (default HEAD~1)
   files?: string[];     // explicit file list (skips git detection)
   dryRun?: boolean;     // skip review, print what would run
+  diff?: boolean;       // use diff strategy (send git hunks instead of full files)
   format?: 'text' | 'sarif';
   outputPath?: string;
   postComments?: boolean; // post/update summary comment on the open PR
@@ -167,6 +168,11 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     ? await loadRulesFromConfig(config.staticRules)
     : [];
 
+  // Apply --diff flag: override reviewStrategy to 'diff'
+  if (options.diff && config.reviewStrategy !== 'diff') {
+    config = { ...config, reviewStrategy: 'diff' };
+  }
+
   // Execute pipeline
   const input: RunInput = {
     touchedFiles,
@@ -175,6 +181,7 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     staticRules,
     cwd,
     gitSummary: gitCtx.summary ?? undefined,
+    base: options.base,
   };
 
   console.log('');

package/src/core/chunking/index.ts

@@ -2,6 +2,8 @@ import * as fs from 'node:fs/promises';
 import * as path from 'node:path';
 import type { ReviewEngine, ReviewInput } from '../../adapters/review-engine/types.ts';
 import type { AutopilotConfig } from '../config/types.ts';
+import { rankByRisk } from './risk-ranker.ts';
+import { getFileDiffs, formatDiffContent } from '../git/diff-hunks.ts';
 
 export interface ReviewChunk {
   content: string;
@@ -11,10 +13,12 @@ export interface ReviewChunk {
 
 export interface BuildChunksInput {
   touchedFiles: string[];
-  strategy: 'auto' | 'single-pass' | 'file-level';
+  strategy: 'auto' | 'single-pass' | 'file-level' | 'diff';
   chunking?: AutopilotConfig['chunking'];
   engine: ReviewEngine;
   cwd?: string;
+  protectedPaths?: string[];
+  base?: string;  // git base ref — required for 'diff' strategy
 }
 
 const DEFAULT_SMALL_TIER_TOKENS = 8000;
@@ -24,7 +28,13 @@ export async function buildReviewChunks(input: BuildChunksInput): Promise<Review
   const smallMax = input.chunking?.smallTierMaxTokens ?? DEFAULT_SMALL_TIER_TOKENS;
   const fileMax = input.chunking?.perFileMaxTokens ?? DEFAULT_FILE_TIER_TOKENS;
 
-  const fileContents = await readFiles(input.touchedFiles, input.cwd);
+  // Diff strategy: send unified diff hunks instead of full file contents
+  if (input.strategy === 'diff') {
+    return buildDiffChunks(input);
+  }
+
+  const ranked = rankByRisk(input.touchedFiles, { protectedPaths: input.protectedPaths });
+  const fileContents = await readFiles(ranked, input.cwd);
 
   if (input.strategy === 'single-pass') {
     const combined = formatBatch(fileContents);
@@ -48,6 +58,19 @@ export async function buildReviewChunks(input: BuildChunksInput): Promise<Review
   return chunks;
 }
 
+function buildDiffChunks(input: BuildChunksInput): ReviewChunk[] {
+  const cwd = input.cwd ?? process.cwd();
+  const base = input.base ?? 'HEAD~1';
+  const ranked = rankByRisk(input.touchedFiles, { protectedPaths: input.protectedPaths });
+  const diffs = getFileDiffs(cwd, base, ranked);
+
+  if (diffs.length === 0) return [];
+
+  // Single chunk — diff content is already compact; truncation handled in formatDiffContent
+  const content = formatDiffContent(diffs);
+  return [{ content, kind: 'file-batch', files: diffs.map(d => d.file) }];
+}
+
 async function readFiles(touchedFiles: string[], cwd?: string): Promise<Map<string, string>> {
   const result = new Map<string, string>();
   for (const f of touchedFiles) {

package/src/core/chunking/risk-ranker.ts

@@ -0,0 +1,56 @@
+import { minimatch } from 'minimatch';
+
+interface RankOptions {
+  protectedPaths?: string[];
+}
+
+const AUTH_PATTERNS = [
+  /auth/i, /login/i, /logout/i, /session/i, /token/i, /jwt/i, /oauth/i,
+  /password/i, /credential/i, /secret/i, /permission/i, /role/i, /acl/i,
+];
+
+const PAYMENT_PATTERNS = [
+  /payment/i, /billing/i, /stripe/i, /checkout/i, /invoice/i, /charge/i,
+  /subscription/i, /wallet/i, /transaction/i, /refund/i,
+];
+
+const CORE_PATTERNS = [
+  /\/services\//i, /\/core\//i, /\/api\//i, /\/routes?\//i,
+  /\/controllers?\//i, /\/models?\//i, /\/middleware\//i, /\/handlers?\//i,
+];
+
+const TEST_EXT = /\.(test|spec)\.[a-z]+$/i;
+const DOC_EXT = /\.(md|txt|rst|adoc)$/i;
+const CONFIG_EXT = /\.(ya?ml|json|toml|ini|env)$/i;
+const CONFIG_NAMES = /(config|settings|env|constants)\./i;
+
+function scoreFile(file: string, protectedPaths: string[]): number {
+  const norm = file.replace(/\\/g, '/');
+
+  // Protected paths are highest risk
+  for (const pattern of protectedPaths) {
+    if (minimatch(norm, pattern, { matchBase: false }) ||
+        minimatch(norm, pattern, { matchBase: true })) {
+      return 100;
+    }
+  }
+
+  if (TEST_EXT.test(norm)) return 10;
+  if (DOC_EXT.test(norm)) return 5;
+
+  if (AUTH_PATTERNS.some(p => p.test(norm))) return 80;
+  if (PAYMENT_PATTERNS.some(p => p.test(norm))) return 70;
+  if (CORE_PATTERNS.some(p => p.test(norm))) return 50;
+  if (CONFIG_EXT.test(norm) || CONFIG_NAMES.test(norm)) return 40;
+
+  return 30;
+}
+
+/**
+ * Returns files sorted highest-risk first so LLM sees the most sensitive code
+ * at the start of its context window.
+ */
+export function rankByRisk(files: string[], options: RankOptions = {}): string[] {
+  const protectedPaths = options.protectedPaths ?? [];
+  return [...files].sort((a, b) => scoreFile(b, protectedPaths) - scoreFile(a, protectedPaths));
+}

package/src/core/config/types.ts

@@ -27,7 +27,7 @@ export interface AutopilotConfig {
     maxCodexRetries?: number;
     maxBugbotRounds?: number;
   };
-  reviewStrategy?: 'auto' | 'single-pass' | 'file-level';
+  reviewStrategy?: 'auto' | 'single-pass' | 'file-level' | 'diff';
   chunking?: {
     smallTierMaxTokens?: number;
     partialReviewTokens?: number;

package/src/core/git/diff-hunks.ts

@@ -0,0 +1,86 @@
+import { runSafe } from '../shell.ts';
+
+export interface FileDiff {
+  file: string;
+  hunks: string;  // unified diff content for this file (header + hunks)
+  additions: number;
+  deletions: number;
+}
+
+/**
+ * Returns per-file unified diffs for the given files between base and HEAD.
+ * Falls back to working-tree diff (unstaged) when base diff is empty for a file.
+ */
+export function getFileDiffs(cwd: string, base: string, files: string[]): FileDiff[] {
+  if (files.length === 0) return [];
+
+  // Get full diff in one shot — more efficient than per-file calls
+  const raw = runSafe('git', ['diff', base, 'HEAD', '--unified=3', '--', ...files], { cwd })
+    ?? runSafe('git', ['diff', 'HEAD', '--unified=3', '--', ...files], { cwd })
+    ?? '';
+
+  return parseUnifiedDiff(raw, files);
+}
+
+/**
+ * Parses unified diff output into per-file FileDiff entries.
+ * Only returns files that actually have diff content.
+ */
+export function parseUnifiedDiff(raw: string, requestedFiles: string[]): FileDiff[] {
+  if (!raw.trim()) return [];
+
+  const results: FileDiff[] = [];
+  const sections = raw.split(/^(?=diff --git )/m).filter(Boolean);
+
+  const requested = new Set(requestedFiles.map(f => f.replace(/\\/g, '/')));
+
+  for (const section of sections) {
+    // Extract b/ filename from diff header: diff --git a/src/foo.ts b/src/foo.ts
+    const headerMatch = section.match(/^diff --git a\/.+ b\/(.+)$/m);
+    if (!headerMatch) continue;
+    const file = headerMatch[1]!.trim();
+    if (!requested.has(file)) continue;
+
+    // Strip the git binary/index header lines, keep hunk content
+    const hunkStart = section.indexOf('@@');
+    const hunks = hunkStart >= 0 ? section.slice(hunkStart) : '';
+    if (!hunks.trim()) continue;
+
+    let additions = 0;
+    let deletions = 0;
+    for (const line of hunks.split('\n')) {
+      if (line.startsWith('+') && !line.startsWith('+++')) additions++;
+      if (line.startsWith('-') && !line.startsWith('---')) deletions++;
+    }
+
+    results.push({ file, hunks: hunks.trimEnd(), additions, deletions });
+  }
+
+  return results;
+}
+
+/**
+ * Formats FileDiff entries into a review-ready string.
+ * Total size is bounded by maxChars (default 120K chars ≈ 30K tokens).
+ */
+export function formatDiffContent(diffs: FileDiff[], maxChars = 120_000): string {
+  const parts: string[] = [];
+  let total = 0;
+  let skipped = 0;
+
+  for (const d of diffs) {
+    const section = `## ${d.file} (+${d.additions}/-${d.deletions})\n\`\`\`diff\n${d.hunks}\n\`\`\``;
+    if (total + section.length > maxChars) {
+      skipped++;
+      continue;
+    }
+    parts.push(section);
+    total += section.length;
+  }
+
+  if (skipped > 0) {
+    parts.push(`[${skipped} file${skipped !== 1 ? 's' : ''} omitted — diff exceeded size limit]`);
+  }
+
+  return parts.join('\n\n');
+}

package/src/core/pipeline/review-phase.ts

@@ -19,6 +19,7 @@ export interface ReviewPhaseInput {
   cwd?: string;
   gitSummary?: string;
   budgetRemainingUSD?: number;
+  base?: string;
 }
 
 export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPhaseResult> {
@@ -34,6 +35,8 @@ export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPha
     chunking: input.config.chunking,
     engine: input.engine,
     cwd: input.cwd,
+    protectedPaths: input.config.protectedPaths,
+    base: input.base,
   });
 
   const allFindings: Finding[] = [];

package/src/core/pipeline/run.ts

@@ -18,6 +18,7 @@ export interface RunInput {
   staticRules?: StaticRule[];
   cwd?: string;
   gitSummary?: string;
+  base?: string;
 }
 
 export interface RunResult {
@@ -62,6 +63,7 @@ export async function runAutopilot(input: RunInput): Promise<RunResult> {
       cwd: input.cwd,
       gitSummary: input.gitSummary,
       budgetRemainingUSD: budgetUSD,
+      base: input.base,
     });
     phases.push(reviewResult);
     if (reviewResult.costUSD !== undefined) {