@delegance/claude-autopilot 2.2.0 → 2.4.0

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [2.4.0] — 2026-04-22
+
+### Added
+- **`ignore:` config key** — embed suppression rules in `autopilot.config.yaml` via `ignore: ['tests/**', { rule: hardcoded-secrets, path: src/vendor/** }]`; merged with `.autopilot-ignore` file rules at run time
+- **Per-run cost log** — appends `{timestamp, files, inputTokens, outputTokens, costUSD, durationMs}` to `.autopilot-cache/costs.jsonl` after every run; corrupt lines skipped on read; `readCostLog()` exported for tooling
+- **`--inline-comments`** — posts a GitHub PR review with per-line inline comments for every finding that has a `file:line`; re-runs dismiss the previous autopilot review before posting a new one; `autopilot ci` enables this by default (`--no-inline-comments` to opt out)
+- **`reviewStrategy: auto-diff`** — tries diff first, falls back to full-file `auto` when diff is empty (new files, no git history); `--diff` flag still forces pure diff mode
+- `src/cli/pr-review-comments.ts` — `postReviewComments()` using `gh api repos/{nwo}/pulls/{pr}/reviews`
+- `src/core/persist/cost-log.ts` — `appendCostLog()`, `readCostLog()`
+- 9 new tests — **257 total**
+
+## [2.3.0] — 2026-04-22
+
+### Added
+- **Parallel chunk review** — file-level chunks are now reviewed concurrently (default parallelism: 3, configurable via `chunking.parallelism`); serial fallback preserved when `cost.budgetUSD` is set so budget enforcement remains accurate
+- **`.autopilot-ignore`** — project-level suppression file; format: `<rule-id> <glob>` or bare `<glob>` (matches any finding on that path); comments and blank lines ignored; suppressed count printed dim after run
+- **`--delta` mode** — only reports findings new since the previous run; pre-existing findings are hidden and the count is printed dim; findings always persisted to `.autopilot-cache/findings.json` after each run (gitignored)
+- `src/core/ignore/index.ts` — `loadIgnoreRules()`, `applyIgnoreRules()`
+- `src/core/persist/findings-cache.ts` — `loadCachedFindings()`, `saveCachedFindings()`, `filterNewFindings()`
+- 15 new tests — **248 total**
+
 ## [2.2.0] — 2026-04-22
 
 ### Added

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "2.2.0",
+  "version": "2.4.0",
   "type": "module",
   "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
   "keywords": [

package/src/cli/ci.ts

@@ -7,6 +7,7 @@ export interface CiCommandOptions {
   postComments?: boolean;
   sarifOutput?: string;
   diff?: boolean;
+  inlineComments?: boolean;
 }
 
 /**
@@ -36,5 +37,6 @@ export async function runCi(options: CiCommandOptions = {}): Promise<number> {
     format: 'sarif',
     outputPath: sarifOutput,
     diff: options.diff,
+    inlineComments: options.inlineComments ?? true,
   });
 }

package/src/cli/index.ts

@@ -67,6 +67,8 @@ Options (run):
   --files <a,b,c>      Explicit comma-separated file list (skips git detection)
   --dry-run            Show what would run without executing
   --diff               Send git diff hunks instead of full files (~70% fewer tokens)
+  --delta              Only report findings new since last run (suppress pre-existing)
+  --inline-comments    Post per-line review comments on the PR diff
   --post-comments      Post/update a summary comment on the open PR
   --format <text|sarif>  Output format (default: text)
   --output <path>        Output file path (required with --format sarif)
@@ -122,6 +124,8 @@ switch (subcommand) {
     const filesArg = flag('files');
     const dryRun = boolFlag('dry-run');
     const diff = boolFlag('diff');
+    const delta = boolFlag('delta');
+    const inlineComments = boolFlag('inline-comments');
     const postComments = boolFlag('post-comments');
     const formatArg = flag('format');
     const outputPath = flag('output');
@@ -141,6 +145,8 @@ switch (subcommand) {
       files: filesArg ? filesArg.split(',').map(f => f.trim()) : undefined,
       dryRun,
       diff,
+      delta,
+      inlineComments,
       postComments,
       format: formatArg as 'text' | 'sarif' | undefined,
       outputPath,
@@ -154,12 +160,14 @@ switch (subcommand) {
     const config = flag('config');
     const outputPath = flag('output');
     const noPostComments = boolFlag('no-post-comments');
+    const noInlineComments = boolFlag('no-inline-comments');
     const diff = boolFlag('diff');
     const code = await runCi({
       configPath: config,
       base,
       sarifOutput: outputPath,
       postComments: noPostComments ? false : undefined,
+      inlineComments: noInlineComments ? false : undefined,
       diff,
     });
     process.exit(code);

package/src/cli/pr-review-comments.ts

@@ -0,0 +1,92 @@
+import { runSafe } from '../core/shell.ts';
+import type { Finding } from '../core/findings/types.ts';
+
+const REVIEW_MARKER = '<!-- autopilot-inline -->';
+
+function getRepoNwo(cwd: string): string | null {
+  const raw = runSafe('gh', ['repo', 'view', '--json', 'nameWithOwner', '--jq', '.nameWithOwner'], { cwd });
+  return raw ? raw.trim() : null;
+}
+
+/** True when a review with our marker already exists on this PR (avoids duplicates on re-runs). */
+function findExistingReviewId(pr: number, nwo: string, cwd: string): number | null {
+  const raw = runSafe('gh', [
+    'api', `repos/${nwo}/pulls/${pr}/reviews`,
+    '--jq', `[.[] | select(.body | startswith("${REVIEW_MARKER}")) | .id] | first`,
+  ], { cwd });
+  if (!raw) return null;
+  const n = parseInt(raw.trim(), 10);
+  return isNaN(n) ? null : n;
+}
+
+export interface PostReviewCommentsResult {
+  posted: number;
+  skipped: number; // findings with no line number
+}
+
+/**
+ * Posts (or re-submits) a PR review with inline comments for each finding
+ * that has a file + line number. Findings without line numbers are skipped.
+ * Re-runs dismiss the previous autopilot review first to avoid stacking.
+ */
+export async function postReviewComments(
+  pr: number,
+  findings: Finding[],
+  cwd: string,
+): Promise<PostReviewCommentsResult> {
+  const nwo = getRepoNwo(cwd);
+  if (!nwo) throw new Error('Could not determine repository name — is gh authenticated?');
+
+  const commentable = findings.filter(
+    f => f.line !== undefined && f.file && f.file !== '<unspecified>' && f.file !== '<pipeline>',
+  );
+  const skipped = findings.length - commentable.length;
+
+  if (commentable.length === 0) return { posted: 0, skipped };
+
+  // Dismiss existing review so we don't stack on re-runs
+  const existingId = findExistingReviewId(pr, nwo, cwd);
+  if (existingId) {
+    runSafe('gh', [
+      'api', `repos/${nwo}/pulls/${pr}/reviews/${existingId}/dismissals`,
+      '--method', 'PUT',
+      '--field', 'message=Superseded by updated autopilot review',
+    ], { cwd });
+  }
+
+  // Build review body
+  const body = [
+    REVIEW_MARKER,
+    `**Autopilot** found ${commentable.length} inline finding${commentable.length !== 1 ? 's' : ''}.`,
+  ].join('\n');
+
+  // Build comments array as JSON
+  const comments = commentable.map(f => ({
+    path: f.file,
+    line: f.line,
+    side: 'RIGHT',
+    body: formatFindingBody(f),
+  }));
+
+  // gh api doesn't support array fields well via --field, use --input with JSON
+  const payload = JSON.stringify({ body, event: 'COMMENT', comments });
+  const result = runSafe('gh', [
+    'api', `repos/${nwo}/pulls/${pr}/reviews`,
+    '--method', 'POST',
+    '--input', '-',
+  ], { cwd, input: payload });
+
+  if (!result) throw new Error('Failed to post review — gh api returned no output');
+
+  return { posted: commentable.length, skipped };
+}
+
+function formatFindingBody(f: Finding): string {
+  const sev = f.severity === 'critical' ? '🚨 **CRITICAL**'
+            : f.severity === 'warning'  ? '⚠️ **Warning**'
+            : '💡 **Note**';
+  const lines = [`${sev} — ${f.message}`];
+  if (f.suggestion) lines.push(`\n> **Suggestion:** ${f.suggestion}`);
+  lines.push(`\n*[@delegance/claude-autopilot](https://github.com/axledbetter/claude-autopilot)*`);
+  return lines.join('');
+}

package/src/cli/run.ts

@@ -38,6 +38,10 @@ import { detectProtectedPaths } from '../core/detect/protected-paths.ts';
 import { detectGitContext } from '../core/detect/git-context.ts';
 import { detectProject } from './detector.ts';
 import { detectPrNumber, formatComment, postPrComment } from './pr-comment.ts';
+import { postReviewComments } from './pr-review-comments.ts';
+import { loadIgnoreRules, parseConfigIgnore, applyIgnoreRules } from '../core/ignore/index.ts';
+import { loadCachedFindings, saveCachedFindings, filterNewFindings } from '../core/persist/findings-cache.ts';
+import { appendCostLog } from '../core/persist/cost-log.ts';
 
 function readToolVersion(): string {
   const pkgPath = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../package.json');
@@ -64,7 +68,9 @@ export interface RunCommandOptions {
   base?: string;        // git base ref (default HEAD~1)
   files?: string[];     // explicit file list (skips git detection)
   dryRun?: boolean;     // skip review, print what would run
-  diff?: boolean;       // use diff strategy (send git hunks instead of full files)
+  diff?: boolean;           // use diff strategy (send git hunks instead of full files)
+  delta?: boolean;          // only report findings not present in last run's baseline
+  inlineComments?: boolean; // post per-line review comments on the PR diff
   format?: 'text' | 'sarif';
   outputPath?: string;
   postComments?: boolean; // post/update summary comment on the open PR
@@ -187,6 +193,47 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
   console.log('');
   const result = await runAutopilot(input);
 
+  // Apply .autopilot-ignore + config ignore: rules
+  const ignoreRules = [...loadIgnoreRules(cwd), ...parseConfigIgnore(config.ignore)];
+  if (ignoreRules.length > 0) {
+    const before = result.allFindings.length;
+    result.allFindings = applyIgnoreRules(result.allFindings, ignoreRules);
+    for (const phase of result.phases) {
+      phase.findings = applyIgnoreRules(phase.findings, ignoreRules);
+    }
+    const suppressed = before - result.allFindings.length;
+    if (suppressed > 0) {
+      console.log(fmt('dim', `  [run] ${suppressed} finding${suppressed !== 1 ? 's' : ''} suppressed by .autopilot-ignore`));
+    }
+  }
+
+  // Delta mode: filter to only new findings vs last run's baseline, then persist
+  if (options.delta) {
+    const cached = loadCachedFindings(cwd);
+    const before = result.allFindings.length;
+    result.allFindings = filterNewFindings(result.allFindings, cached);
+    for (const phase of result.phases) {
+      phase.findings = filterNewFindings(phase.findings, cached);
+    }
+    const existing = before - result.allFindings.length;
+    if (existing > 0) {
+      console.log(fmt('dim', `  [run] ${existing} pre-existing finding${existing !== 1 ? 's' : ''} hidden (--delta mode)`));
+    }
+  }
+  // Always persist the unfiltered findings as the new baseline
+  saveCachedFindings(cwd, result.allFindings);
+
+  // Append to per-run cost log
+  const reviewPhase = result.phases.find(p => p.phase === 'review') as { usage?: { input: number; output: number } } | undefined;
+  appendCostLog(cwd, {
+    timestamp: new Date().toISOString(),
+    files: touchedFiles.length,
+    inputTokens: reviewPhase?.usage?.input ?? 0,
+    outputTokens: reviewPhase?.usage?.output ?? 0,
+    costUSD: result.totalCostUSD ?? 0,
+    durationMs: result.durationMs,
+  });
+
   // emitAnnotations is a no-op unless GITHUB_ACTIONS=true
   emitAnnotations(result.allFindings);
 
@@ -198,6 +245,21 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     console.log(fmt('dim', `[run] SARIF written to ${options.outputPath}`));
   }
 
+  // Post inline PR review comments if requested
+  if (options.inlineComments) {
+    const pr = detectPrNumber(cwd);
+    if (!pr) {
+      console.log(fmt('yellow', '  [run] --inline-comments: no open PR found — skipping'));
+    } else {
+      try {
+        const { posted, skipped } = await postReviewComments(pr, result.allFindings, cwd);
+        console.log(fmt('dim', `  [run] PR #${pr} inline review: ${posted} comment${posted !== 1 ? 's' : ''} posted${skipped > 0 ? `, ${skipped} skipped (no line number)` : ''}`));
+      } catch (err) {
+        console.error(fmt('yellow', `  [run] Failed to post inline comments: ${err instanceof Error ? err.message : String(err)}`));
+      }
+    }
+  }
+
   // Post PR comment if requested
   if (options.postComments) {
     const pr = detectPrNumber(cwd);

package/src/core/chunking/index.ts

@@ -13,12 +13,12 @@ export interface ReviewChunk {
 
 export interface BuildChunksInput {
   touchedFiles: string[];
-  strategy: 'auto' | 'single-pass' | 'file-level' | 'diff';
+  strategy: 'auto' | 'single-pass' | 'file-level' | 'diff' | 'auto-diff';
   chunking?: AutopilotConfig['chunking'];
   engine: ReviewEngine;
   cwd?: string;
   protectedPaths?: string[];
-  base?: string;  // git base ref — required for 'diff' strategy
+  base?: string;  // git base ref — required for 'diff'/'auto-diff' strategy
 }
 
 const DEFAULT_SMALL_TIER_TOKENS = 8000;
@@ -33,6 +33,14 @@ export async function buildReviewChunks(input: BuildChunksInput): Promise<Review
     return buildDiffChunks(input);
   }
 
+  // auto-diff: try diff first; fall back to full-file auto if diff is empty
+  // (handles new files, initial commits, or repos with no base ref)
+  if (input.strategy === 'auto-diff') {
+    const diffChunks = buildDiffChunks(input);
+    if (diffChunks.length > 0) return diffChunks;
+    // fall through to auto with full files
+  }
+
   const ranked = rankByRisk(input.touchedFiles, { protectedPaths: input.protectedPaths });
   const fileContents = await readFiles(ranked, input.cwd);
 

package/src/core/config/types.ts

@@ -27,7 +27,8 @@ export interface AutopilotConfig {
     maxCodexRetries?: number;
     maxBugbotRounds?: number;
   };
-  reviewStrategy?: 'auto' | 'single-pass' | 'file-level' | 'diff';
+  ignore?: Array<string | { rule?: string; path: string }>;
+  reviewStrategy?: 'auto' | 'single-pass' | 'file-level' | 'diff' | 'auto-diff';
   chunking?: {
     smallTierMaxTokens?: number;
     partialReviewTokens?: number;

package/src/core/ignore/index.ts

@@ -0,0 +1,54 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { minimatch } from 'minimatch';
+import type { Finding } from '../findings/types.ts';
+import type { AutopilotConfig } from '../config/types.ts';
+
+export interface IgnoreRule {
+  ruleId: string | '*';  // finding id prefix or '*' for any
+  pathGlob: string | null; // null = match all paths
+}
+
+export function loadIgnoreRules(cwd: string): IgnoreRule[] {
+  const filePath = path.join(cwd, '.autopilot-ignore');
+  if (!fs.existsSync(filePath)) return [];
+
+  const rules: IgnoreRule[] = [];
+  for (const raw of fs.readFileSync(filePath, 'utf8').split('\n')) {
+    const line = raw.trim();
+    if (!line || line.startsWith('#')) continue;
+
+    const parts = line.split(/\s+/);
+    if (parts.length === 1) {
+      // bare glob — suppress any finding whose file matches
+      rules.push({ ruleId: '*', pathGlob: parts[0]! });
+    } else {
+      // <rule-id-or-*> <path-glob>
+      rules.push({ ruleId: parts[0]!, pathGlob: parts[1]! });
+    }
+  }
+  return rules;
+}
+
+function matchesRule(finding: Finding, rule: IgnoreRule): boolean {
+  const ruleMatches = rule.ruleId === '*' || finding.id.startsWith(rule.ruleId);
+  if (!ruleMatches) return false;
+  if (rule.pathGlob === null) return true;
+  return minimatch(finding.file.replace(/\\/g, '/'), rule.pathGlob, { matchBase: true });
+}
+
+/** Convert `ignore:` entries from autopilot.config.yaml into IgnoreRules. */
+export function parseConfigIgnore(entries: AutopilotConfig['ignore']): IgnoreRule[] {
+  if (!entries || entries.length === 0) return [];
+  return entries.map(entry => {
+    if (typeof entry === 'string') {
+      return { ruleId: '*', pathGlob: entry };
+    }
+    return { ruleId: entry.rule ?? '*', pathGlob: entry.path };
+  });
+}
+
+export function applyIgnoreRules(findings: Finding[], rules: IgnoreRule[]): Finding[] {
+  if (rules.length === 0) return findings;
+  return findings.filter(f => !rules.some(r => matchesRule(f, r)));
+}

package/src/core/persist/cost-log.ts

@@ -0,0 +1,30 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+const CACHE_DIR = '.autopilot-cache';
+const LOG_FILE = 'costs.jsonl';
+
+export interface CostLogEntry {
+  timestamp: string;
+  files: number;
+  inputTokens: number;
+  outputTokens: number;
+  costUSD: number;
+  durationMs: number;
+}
+
+export function appendCostLog(cwd: string, entry: CostLogEntry): void {
+  const dir = path.join(cwd, CACHE_DIR);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.appendFileSync(path.join(dir, LOG_FILE), JSON.stringify(entry) + '\n', 'utf8');
+}
+
+export function readCostLog(cwd: string): CostLogEntry[] {
+  const p = path.join(cwd, CACHE_DIR, LOG_FILE);
+  if (!fs.existsSync(p)) return [];
+  return fs.readFileSync(p, 'utf8')
+    .split('\n')
+    .filter(Boolean)
+    .map(line => { try { return JSON.parse(line) as CostLogEntry; } catch { return null; } })
+    .filter((e): e is CostLogEntry => e !== null);
+}

package/src/core/persist/findings-cache.ts

@@ -0,0 +1,43 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import type { Finding } from '../findings/types.ts';
+
+const CACHE_DIR = '.autopilot-cache';
+const CACHE_FILE = 'findings.json';
+
+function cacheFilePath(cwd: string): string {
+  return path.join(cwd, CACHE_DIR, CACHE_FILE);
+}
+
+function findingKey(f: Finding): string {
+  return `${f.id}::${f.file}::${f.line ?? ''}`;
+}
+
+export function loadCachedFindings(cwd: string): Finding[] {
+  const p = cacheFilePath(cwd);
+  if (!fs.existsSync(p)) return [];
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf8')) as Finding[];
+  } catch {
+    return [];
+  }
+}
+
+export function saveCachedFindings(cwd: string, findings: Finding[]): void {
+  const dir = path.join(cwd, CACHE_DIR);
+  fs.mkdirSync(dir, { recursive: true });
+  // atomic write
+  const tmp = cacheFilePath(cwd) + '.tmp';
+  fs.writeFileSync(tmp, JSON.stringify(findings, null, 2), 'utf8');
+  fs.renameSync(tmp, cacheFilePath(cwd));
+}
+
+/**
+ * Returns only findings not present in the cached baseline.
+ * Two findings are considered the same when id + file + line all match.
+ */
+export function filterNewFindings(current: Finding[], cached: Finding[]): Finding[] {
+  if (cached.length === 0) return current;
+  const seen = new Set(cached.map(findingKey));
+  return current.filter(f => !seen.has(findingKey(f)));
+}

package/src/core/pipeline/review-phase.ts

@@ -1,7 +1,7 @@
 import type { ReviewEngine } from '../../adapters/review-engine/types.ts';
 import type { Finding } from '../findings/types.ts';
 import type { AutopilotConfig } from '../config/types.ts';
-import { buildReviewChunks } from '../chunking/index.ts';
+import { buildReviewChunks, type ReviewChunk } from '../chunking/index.ts';
 
 export interface ReviewPhaseResult {
   phase: 'review';
@@ -22,6 +22,48 @@ export interface ReviewPhaseInput {
   base?: string;
 }
 
+interface ChunkResult {
+  findings: Finding[];
+  inputTokens: number;
+  outputTokens: number;
+  costUSD: number;
+}
+
+async function reviewChunk(chunk: ReviewChunk, input: ReviewPhaseInput): Promise<ChunkResult> {
+  const output = await input.engine.review({
+    content: chunk.content,
+    kind: chunk.kind,
+    context: { stack: input.config.stack, cwd: input.cwd, gitSummary: input.gitSummary },
+  });
+  return {
+    findings: output.findings,
+    inputTokens: output.usage?.input ?? 0,
+    outputTokens: output.usage?.output ?? 0,
+    costUSD: output.usage?.costUSD ?? 0,
+  };
+}
+
+/** Run up to `limit` promises concurrently, preserving result order. */
+async function pMap<T, R>(
+  items: T[],
+  fn: (item: T, index: number) => Promise<R>,
+  limit: number,
+): Promise<R[]> {
+  const results: R[] = new Array(items.length);
+  let next = 0;
+
+  async function worker(): Promise<void> {
+    while (next < items.length) {
+      const i = next++;
+      results[i] = await fn(items[i]!, i);
+    }
+  }
+
+  const workers = Array.from({ length: Math.min(limit, items.length) }, () => worker());
+  await Promise.all(workers);
+  return results;
+}
+
 export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPhaseResult> {
   const start = Date.now();
 
@@ -39,41 +81,51 @@ export async function runReviewPhase(input: ReviewPhaseInput): Promise<ReviewPha
     base: input.base,
   });
 
-  const allFindings: Finding[] = [];
-  let totalInputTokens = 0;
-  let totalOutputTokens = 0;
-  let totalCostUSD = 0;
-  let budgetExceeded = false;
+  const parallelism = input.config.chunking?.parallelism ?? 3;
+  const budgetUSD = input.budgetRemainingUSD;
 
-  for (const chunk of chunks) {
-    if (input.budgetRemainingUSD !== undefined && totalCostUSD >= input.budgetRemainingUSD) {
-      budgetExceeded = true;
-      break;
+  // For budget tracking we still need to enforce it — run serially if budget set,
+  // parallel otherwise (budget check between serial chunks is the safe path).
+  let chunkResults: ChunkResult[];
+  if (budgetUSD !== undefined) {
+    chunkResults = [];
+    let spent = 0;
+    let budgetExceeded = false;
+    for (const chunk of chunks) {
+      if (spent >= budgetUSD) { budgetExceeded = true; break; }
+      const r = await reviewChunk(chunk, input);
+      spent += r.costUSD;
+      chunkResults.push(r);
     }
-    const output = await input.engine.review({
-      content: chunk.content,
-      kind: chunk.kind,
-      context: { stack: input.config.stack, cwd: input.cwd, gitSummary: input.gitSummary },
-    });
-    allFindings.push(...output.findings);
-    if (output.usage) {
-      totalInputTokens += output.usage.input;
-      totalOutputTokens += output.usage.output;
-      if (output.usage.costUSD !== undefined) totalCostUSD += output.usage.costUSD;
+    if (budgetExceeded) {
+      chunkResults.push({
+        findings: [{
+          id: 'budget-exceeded',
+          source: 'pipeline',
+          severity: 'warning',
+          category: 'budget',
+          file: '<pipeline>',
+          message: `Review budget of $${budgetUSD} USD exceeded — remaining chunks skipped`,
+          protectedPath: false,
+          createdAt: new Date().toISOString(),
+        }],
+        inputTokens: 0, outputTokens: 0, costUSD: 0,
+      });
     }
+  } else {
+    chunkResults = await pMap(chunks, chunk => reviewChunk(chunk, input), parallelism);
   }
 
-  if (budgetExceeded) {
-    allFindings.push({
-      id: 'budget-exceeded',
-      source: 'pipeline',
-      severity: 'warning',
-      category: 'budget',
-      file: '<pipeline>',
-      message: `Review budget of $${input.budgetRemainingUSD} USD exceeded — remaining chunks skipped`,
-      protectedPath: false,
-      createdAt: new Date().toISOString(),
-    });
+  let totalInputTokens = 0;
+  let totalOutputTokens = 0;
+  let totalCostUSD = 0;
+  const allFindings: Finding[] = [];
+
+  for (const r of chunkResults) {
+    allFindings.push(...r.findings);
+    totalInputTokens += r.inputTokens;
+    totalOutputTokens += r.outputTokens;
+    totalCostUSD += r.costUSD;
   }
 
   const hasCritical = allFindings.some(f => f.severity === 'critical');