@delegance/claude-autopilot 2.3.0 → 2.5.0

package/CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [2.5.0] — 2026-04-22
+
+### Added
+- **Config schema validation** — `ignore:` and `reviewStrategy: diff|auto-diff` now accepted; unknown keys reported as `unexpected key "<name>"`; enum errors list allowed values; error message includes up to 5 violations with field paths
+- **`autopilot fix`** — reads `.autopilot-cache/findings.json`, asks the configured LLM to rewrite the ±20 lines around each finding, applies patches in place; `--severity critical|warning|all` (default: critical); `--dry-run` previews without writing; exits 1 if any fix fails
+- **`autopilot costs`** — prints all-time run count + spend, 7-day summary, and a last-10-runs table (date, files, tokens in/out, cost, duration)
+- `src/cli/fix.ts` — `runFix()`; sends numbered context window to LLM with fix instructions; strips markdown fences from response; handles `CANNOT_FIX` sentinel gracefully
+- `src/cli/costs.ts` — `runCosts()` reading `.autopilot-cache/costs.jsonl`
+- 9 new tests — **266 total**
+
+## [2.4.0] — 2026-04-22
+
+### Added
+- **`ignore:` config key** — embed suppression rules in `autopilot.config.yaml` via `ignore: ['tests/**', { rule: hardcoded-secrets, path: src/vendor/** }]`; merged with `.autopilot-ignore` file rules at run time
+- **Per-run cost log** — appends `{timestamp, files, inputTokens, outputTokens, costUSD, durationMs}` to `.autopilot-cache/costs.jsonl` after every run; corrupt lines skipped on read; `readCostLog()` exported for tooling
+- **`--inline-comments`** — posts a GitHub PR review with per-line inline comments for every finding that has a `file:line`; re-runs dismiss the previous autopilot review before posting a new one; `autopilot ci` enables this by default (`--no-inline-comments` to opt out)
+- **`reviewStrategy: auto-diff`** — tries diff first, falls back to full-file `auto` when diff is empty (new files, no git history); `--diff` flag still forces pure diff mode
+- `src/cli/pr-review-comments.ts` — `postReviewComments()` using `gh api repos/{nwo}/pulls/{pr}/reviews`
+- `src/core/persist/cost-log.ts` — `appendCostLog()`, `readCostLog()`
+- 9 new tests — **257 total**
+
 ## [2.3.0] — 2026-04-22
 
 ### Added

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "2.3.0",
+  "version": "2.5.0",
   "type": "module",
   "description": "Claude Code automation pipeline: spec → plan → implement → validate → PR",
   "keywords": [

package/src/cli/ci.ts

@@ -7,6 +7,7 @@ export interface CiCommandOptions {
   postComments?: boolean;
   sarifOutput?: string;
   diff?: boolean;
+  inlineComments?: boolean;
 }
 
 /**
@@ -36,5 +37,6 @@ export async function runCi(options: CiCommandOptions = {}): Promise<number> {
     format: 'sarif',
     outputPath: sarifOutput,
     diff: options.diff,
+    inlineComments: options.inlineComments ?? true,
   });
 }

package/src/cli/costs.ts

@@ -0,0 +1,80 @@
+import { readCostLog } from '../core/persist/cost-log.ts';
+import type { CostLogEntry } from '../core/persist/cost-log.ts';
+
+const C = {
+  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
+  green: '\x1b[32m', yellow: '\x1b[33m', cyan: '\x1b[36m',
+};
+const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
+
+function formatDate(iso: string): string {
+  try {
+    const d = new Date(iso);
+    return `${d.toLocaleDateString()} ${d.toLocaleTimeString([], { hour: '2-digit', minute: '2-digit' })}`;
+  } catch { return iso; }
+}
+
+function fmtUSD(n: number): string {
+  return n === 0 ? fmt('dim', '$0.0000') : `$${n.toFixed(4)}`;
+}
+
+function fmtTokens(n: number): string {
+  return n >= 1000 ? `${(n / 1000).toFixed(1)}k` : String(n);
+}
+
+export async function runCosts(cwd = process.cwd()): Promise<number> {
+  const log = readCostLog(cwd);
+
+  if (log.length === 0) {
+    console.log(fmt('yellow', '[costs] No run history found — run `autopilot run` first.'));
+    return 0;
+  }
+
+  // 7-day window
+  const sevenDaysAgo = Date.now() - 7 * 24 * 60 * 60 * 1000;
+  const recent = log.filter(e => new Date(e.timestamp).getTime() >= sevenDaysAgo);
+  const last10 = log.slice(-10).reverse();
+
+  const totalCost = log.reduce((s, e) => s + e.costUSD, 0);
+  const totalInput = log.reduce((s, e) => s + e.inputTokens, 0);
+  const totalOutput = log.reduce((s, e) => s + e.outputTokens, 0);
+  const recentCost = recent.reduce((s, e) => s + e.costUSD, 0);
+
+  console.log(`\n${fmt('bold', '[autopilot costs]')}\n`);
+
+  // Summary row
+  console.log(fmt('bold', 'Summary'));
+  console.log(`  All-time runs:   ${log.length}`);
+  console.log(`  All-time cost:   ${fmtUSD(totalCost)}  (${fmtTokens(totalInput)} in / ${fmtTokens(totalOutput)} out)`);
+  console.log(`  Last 7 days:     ${fmtUSD(recentCost)}  (${recent.length} run${recent.length !== 1 ? 's' : ''})`);
+  console.log('');
+
+  // Last 10 runs table
+  console.log(fmt('bold', `Recent runs (last ${last10.length})`));
+  const COL = { date: 22, files: 7, input: 8, output: 8, cost: 10, dur: 8 };
+  const header = [
+    'Date'.padEnd(COL.date),
+    'Files'.padStart(COL.files),
+    'In tok'.padStart(COL.input),
+    'Out tok'.padStart(COL.output),
+    'Cost'.padStart(COL.cost),
+    'Time'.padStart(COL.dur),
+  ].join('  ');
+  console.log(fmt('dim', '  ' + header));
+  console.log(fmt('dim', '  ' + '─'.repeat(header.length)));
+
+  for (const e of last10) {
+    const row = [
+      formatDate(e.timestamp).padEnd(COL.date),
+      String(e.files).padStart(COL.files),
+      fmtTokens(e.inputTokens).padStart(COL.input),
+      fmtTokens(e.outputTokens).padStart(COL.output),
+      fmtUSD(e.costUSD).padStart(COL.cost + 9), // +9 for ANSI codes in dim
+      `${e.durationMs}ms`.padStart(COL.dur),
+    ].join('  ');
+    console.log('  ' + row);
+  }
+
+  console.log('');
+  return 0;
+}

package/src/cli/fix.ts

@@ -0,0 +1,187 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { loadCachedFindings } from '../core/persist/findings-cache.ts';
+import { loadConfig } from '../core/config/loader.ts';
+import { loadAdapter } from '../adapters/loader.ts';
+import type { ReviewEngine } from '../adapters/review-engine/types.ts';
+import type { Finding } from '../core/findings/types.ts';
+
+const C = {
+  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
+};
+const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
+
+const CONTEXT_LINES = 20; // lines of file context to send on each side of the finding
+
+export interface FixCommandOptions {
+  cwd?: string;
+  configPath?: string;
+  severity?: 'critical' | 'warning' | 'all'; // which findings to fix (default: critical)
+  dryRun?: boolean;
+}
+
+interface FixResult {
+  file: string;
+  line: number;
+  findingMessage: string;
+  status: 'fixed' | 'skipped' | 'failed';
+  reason?: string;
+}
+
+export async function runFix(options: FixCommandOptions = {}): Promise<number> {
+  const cwd = options.cwd ?? process.cwd();
+  const configPath = options.configPath ?? path.join(cwd, 'autopilot.config.yaml');
+  const severityFilter = options.severity ?? 'critical';
+
+  if (!fs.existsSync(configPath)) {
+    console.error(fmt('red', `[fix] autopilot.config.yaml not found at ${configPath}`));
+    return 1;
+  }
+
+  const findings = loadCachedFindings(cwd);
+  if (findings.length === 0) {
+    console.log(fmt('yellow', '[fix] No cached findings — run `autopilot run` first.'));
+    return 0;
+  }
+
+  const fixable = findings.filter(f => {
+    if (!f.line || !f.file || f.file === '<unspecified>' || f.file === '<pipeline>') return false;
+    if (severityFilter === 'all') return true;
+    if (severityFilter === 'critical') return f.severity === 'critical';
+    return f.severity === 'critical' || f.severity === 'warning';
+  });
+
+  if (fixable.length === 0) {
+    console.log(fmt('yellow', `[fix] No fixable findings (severity=${severityFilter}, need file+line).`));
+    return 0;
+  }
+
+  console.log(`\n${fmt('bold', '[autopilot fix]')} ${fixable.length} finding${fixable.length !== 1 ? 's' : ''} to attempt\n`);
+
+  // Load review engine
+  let engine: ReviewEngine;
+  try {
+    const config = await loadConfig(configPath);
+    const ref = typeof config.reviewEngine === 'string' ? config.reviewEngine
+      : (config.reviewEngine?.adapter ?? 'auto');
+    engine = await loadAdapter<ReviewEngine>({
+      point: 'review-engine',
+      ref,
+      options: typeof config.reviewEngine === 'object' ? config.reviewEngine.options : undefined,
+    });
+  } catch (err) {
+    console.error(fmt('red', `[fix] Could not load review engine: ${err instanceof Error ? err.message : String(err)}`));
+    return 1;
+  }
+
+  const results: FixResult[] = [];
+
+  for (const finding of fixable) {
+    const result = await attemptFix(finding, engine, cwd, options.dryRun ?? false);
+    results.push(result);
+    const icon = result.status === 'fixed' ? fmt('green', '✓')
+               : result.status === 'skipped' ? fmt('dim', '–')
+               : fmt('red', '✗');
+    const loc = `${result.file}:${result.line}`;
+    console.log(`  ${icon}  ${loc.padEnd(40)} ${result.findingMessage.slice(0, 60)}`);
+    if (result.reason) console.log(fmt('dim', `       ${result.reason}`));
+  }
+
+  const fixed = results.filter(r => r.status === 'fixed').length;
+  const failed = results.filter(r => r.status === 'failed').length;
+  console.log('');
+  if (options.dryRun) {
+    console.log(fmt('yellow', `[fix] Dry run — no files modified. ${fixable.length} finding${fixable.length !== 1 ? 's' : ''} would be attempted.\n`));
+  } else {
+    console.log(fmt('green', `[fix] ${fixed} fixed`) + fmt('dim', `, ${failed} failed, ${results.length - fixed - failed} skipped\n`));
+  }
+  return failed > 0 ? 1 : 0;
+}
+
+async function attemptFix(
+  finding: Finding,
+  engine: ReviewEngine,
+  cwd: string,
+  dryRun: boolean,
+): Promise<FixResult> {
+  const base: FixResult = { file: finding.file, line: finding.line!, findingMessage: finding.message, status: 'skipped' };
+
+  const absPath = path.resolve(cwd, finding.file);
+  let fileContent: string;
+  try {
+    fileContent = fs.readFileSync(absPath, 'utf8');
+  } catch {
+    return { ...base, status: 'skipped', reason: 'file not readable' };
+  }
+
+  const lines = fileContent.split('\n');
+  const lineIdx = finding.line! - 1;
+  if (lineIdx < 0 || lineIdx >= lines.length) {
+    return { ...base, status: 'skipped', reason: 'line out of range' };
+  }
+
+  const startIdx = Math.max(0, lineIdx - CONTEXT_LINES);
+  const endIdx = Math.min(lines.length - 1, lineIdx + CONTEXT_LINES);
+  const contextLines = lines.slice(startIdx, endIdx + 1);
+  const startLine = startIdx + 1;
+
+  const numbered = contextLines.map((l, i) => {
+    const n = startLine + i;
+    const marker = n === finding.line ? '>>>' : '   ';
+    return `${marker} ${String(n).padStart(4)}: ${l}`;
+  }).join('\n');
+
+  const prompt = [
+    `File: ${finding.file}`,
+    `Finding (line ${finding.line}): [${finding.severity.toUpperCase()}] ${finding.message}`,
+    finding.suggestion ? `Suggestion: ${finding.suggestion}` : '',
+    '',
+    'Here are the relevant lines (>>> marks the finding):',
+    '```',
+    numbered,
+    '```',
+    '',
+    `Rewrite ONLY lines ${startLine}–${endIdx + 1} to fix this finding.`,
+    'Rules:',
+    '- Output ONLY the replacement lines, no explanation, no markdown fences',
+    '- Preserve indentation and line count as much as possible',
+    '- Make the minimal change needed to fix the finding',
+    '- If the fix cannot be done safely in this context, output exactly: CANNOT_FIX',
+  ].filter(Boolean).join('\n');
+
+  let rawOutput: string;
+  try {
+    const output = await engine.review({ content: prompt, kind: 'file-batch' });
+    rawOutput = output.rawOutput.trim();
+  } catch (err) {
+    return { ...base, status: 'failed', reason: `LLM error: ${err instanceof Error ? err.message : String(err)}` };
+  }
+
+  if (rawOutput === 'CANNOT_FIX' || rawOutput.includes('CANNOT_FIX')) {
+    return { ...base, status: 'skipped', reason: 'LLM: cannot fix safely' };
+  }
+
+  // Strip markdown fences if the model added them despite instructions
+  const cleaned = rawOutput.replace(/^```[a-z]*\n?/m, '').replace(/\n?```$/m, '').trimEnd();
+  const replacementLines = cleaned.split('\n');
+
+  if (dryRun) {
+    return { ...base, status: 'fixed', reason: `(dry run) would replace lines ${startLine}–${endIdx + 1}` };
+  }
+
+  // Splice replacement into file
+  const newLines = [
+    ...lines.slice(0, startIdx),
+    ...replacementLines,
+    ...lines.slice(endIdx + 1),
+  ];
+
+  try {
+    fs.writeFileSync(absPath, newLines.join('\n'), 'utf8');
+  } catch (err) {
+    return { ...base, status: 'failed', reason: `write error: ${err instanceof Error ? err.message : String(err)}` };
+  }
+
+  return { ...base, status: 'fixed' };
+}

package/src/cli/index.ts

@@ -15,6 +15,7 @@ import { runWatch } from './watch.ts';
 import { runSetup } from './setup.ts';
 import { runDoctor } from './preflight.ts';
 import { runCi } from './ci.ts';
+import { runFix } from './fix.ts';
 
 const args = process.argv.slice(2);
 
@@ -28,7 +29,7 @@ if (args[0] === '--version' || args[0] === '-v') {
   process.exit(0);
 }
 
-const SUBCOMMANDS = ['init', 'run', 'ci', 'watch', 'hook', 'autoregress', 'doctor', 'preflight', 'setup', 'help', '--help', '-h'] as const;
+const SUBCOMMANDS = ['init', 'run', 'ci', 'fix', 'costs', 'watch', 'hook', 'autoregress', 'doctor', 'preflight', 'setup', 'help', '--help', '-h'] as const;
 const VALUE_FLAGS = ['base', 'config', 'files', 'format', 'output', 'debounce'];
 
 // Detect first non-flag arg as subcommand, default to 'run'
@@ -68,10 +69,19 @@ Options (run):
   --dry-run            Show what would run without executing
   --diff               Send git diff hunks instead of full files (~70% fewer tokens)
   --delta              Only report findings new since last run (suppress pre-existing)
+  --inline-comments    Post per-line review comments on the PR diff
   --post-comments      Post/update a summary comment on the open PR
   --format <text|sarif>  Output format (default: text)
   --output <path>        Output file path (required with --format sarif)
 
+  fix          Auto-fix cached findings using the configured LLM
+  costs        Show per-run cost summary from .autopilot-cache/costs.jsonl
+
+Options (fix):
+  --severity <critical|warning|all>  Which findings to fix (default: critical)
+  --dry-run                          Preview fixes without writing files
+  --config <path>                    Path to config file
+
 Options (watch):
   --config <path>      Path to config file (default: ./autopilot.config.yaml)
   --debounce <ms>      Debounce delay in ms (default: 300)
@@ -124,6 +134,7 @@ switch (subcommand) {
     const dryRun = boolFlag('dry-run');
     const diff = boolFlag('diff');
     const delta = boolFlag('delta');
+    const inlineComments = boolFlag('inline-comments');
     const postComments = boolFlag('post-comments');
     const formatArg = flag('format');
     const outputPath = flag('output');
@@ -144,6 +155,7 @@ switch (subcommand) {
       dryRun,
       diff,
       delta,
+      inlineComments,
       postComments,
       format: formatArg as 'text' | 'sarif' | undefined,
       outputPath,
@@ -157,12 +169,14 @@ switch (subcommand) {
     const config = flag('config');
     const outputPath = flag('output');
     const noPostComments = boolFlag('no-post-comments');
+    const noInlineComments = boolFlag('no-inline-comments');
     const diff = boolFlag('diff');
     const code = await runCi({
       configPath: config,
       base,
       sarifOutput: outputPath,
       postComments: noPostComments ? false : undefined,
+      inlineComments: noInlineComments ? false : undefined,
       diff,
     });
     process.exit(code);
@@ -185,6 +199,30 @@ switch (subcommand) {
     break;
   }
 
+  case 'fix': {
+    const config = flag('config');
+    const severityArg = flag('severity');
+    if (severityArg && !['critical', 'warning', 'all'].includes(severityArg)) {
+      console.error(`\x1b[31m[autopilot] --severity must be "critical", "warning", or "all"\x1b[0m`);
+      process.exit(1);
+    }
+    const dryRun = boolFlag('dry-run');
+    const code = await runFix({
+      configPath: config,
+      severity: severityArg as 'critical' | 'warning' | 'all' | undefined,
+      dryRun,
+    });
+    process.exit(code);
+    break;
+  }
+
+  case 'costs': {
+    const { runCosts } = await import('./costs.ts');
+    const code = await runCosts();
+    process.exit(code);
+    break;
+  }
+
   case 'setup': {
     const force = args.includes('--force');
     await runSetup({ force });

package/src/cli/pr-review-comments.ts

@@ -0,0 +1,92 @@
+import { runSafe } from '../core/shell.ts';
+import type { Finding } from '../core/findings/types.ts';
+
+const REVIEW_MARKER = '<!-- autopilot-inline -->';
+
+function getRepoNwo(cwd: string): string | null {
+  const raw = runSafe('gh', ['repo', 'view', '--json', 'nameWithOwner', '--jq', '.nameWithOwner'], { cwd });
+  return raw ? raw.trim() : null;
+}
+
+/** True when a review with our marker already exists on this PR (avoids duplicates on re-runs). */
+function findExistingReviewId(pr: number, nwo: string, cwd: string): number | null {
+  const raw = runSafe('gh', [
+    'api', `repos/${nwo}/pulls/${pr}/reviews`,
+    '--jq', `[.[] | select(.body | startswith("${REVIEW_MARKER}")) | .id] | first`,
+  ], { cwd });
+  if (!raw) return null;
+  const n = parseInt(raw.trim(), 10);
+  return isNaN(n) ? null : n;
+}
+
+export interface PostReviewCommentsResult {
+  posted: number;
+  skipped: number; // findings with no line number
+}
+
+/**
+ * Posts (or re-submits) a PR review with inline comments for each finding
+ * that has a file + line number. Findings without line numbers are skipped.
+ * Re-runs dismiss the previous autopilot review first to avoid stacking.
+ */
+export async function postReviewComments(
+  pr: number,
+  findings: Finding[],
+  cwd: string,
+): Promise<PostReviewCommentsResult> {
+  const nwo = getRepoNwo(cwd);
+  if (!nwo) throw new Error('Could not determine repository name — is gh authenticated?');
+
+  const commentable = findings.filter(
+    f => f.line !== undefined && f.file && f.file !== '<unspecified>' && f.file !== '<pipeline>',
+  );
+  const skipped = findings.length - commentable.length;
+
+  if (commentable.length === 0) return { posted: 0, skipped };
+
+  // Dismiss existing review so we don't stack on re-runs
+  const existingId = findExistingReviewId(pr, nwo, cwd);
+  if (existingId) {
+    runSafe('gh', [
+      'api', `repos/${nwo}/pulls/${pr}/reviews/${existingId}/dismissals`,
+      '--method', 'PUT',
+      '--field', 'message=Superseded by updated autopilot review',
+    ], { cwd });
+  }
+
+  // Build review body
+  const body = [
+    REVIEW_MARKER,
+    `**Autopilot** found ${commentable.length} inline finding${commentable.length !== 1 ? 's' : ''}.`,
+  ].join('\n');
+
+  // Build comments array as JSON
+  const comments = commentable.map(f => ({
+    path: f.file,
+    line: f.line,
+    side: 'RIGHT',
+    body: formatFindingBody(f),
+  }));
+
+  // gh api doesn't support array fields well via --field, use --input with JSON
+  const payload = JSON.stringify({ body, event: 'COMMENT', comments });
+  const result = runSafe('gh', [
+    'api', `repos/${nwo}/pulls/${pr}/reviews`,
+    '--method', 'POST',
+    '--input', '-',
+  ], { cwd, input: payload });
+
+  if (!result) throw new Error('Failed to post review — gh api returned no output');
+
+  return { posted: commentable.length, skipped };
+}
+
+function formatFindingBody(f: Finding): string {
+  const sev = f.severity === 'critical' ? '🚨 **CRITICAL**'
+            : f.severity === 'warning'  ? '⚠️ **Warning**'
+            : '💡 **Note**';
+  const lines = [`${sev} — ${f.message}`];
+  if (f.suggestion) lines.push(`\n> **Suggestion:** ${f.suggestion}`);
+  lines.push(`\n*[@delegance/claude-autopilot](https://github.com/axledbetter/claude-autopilot)*`);
+  return lines.join('');
+}

package/src/cli/run.ts

@@ -38,8 +38,10 @@ import { detectProtectedPaths } from '../core/detect/protected-paths.ts';
 import { detectGitContext } from '../core/detect/git-context.ts';
 import { detectProject } from './detector.ts';
 import { detectPrNumber, formatComment, postPrComment } from './pr-comment.ts';
-import { loadIgnoreRules, applyIgnoreRules } from '../core/ignore/index.ts';
+import { postReviewComments } from './pr-review-comments.ts';
+import { loadIgnoreRules, parseConfigIgnore, applyIgnoreRules } from '../core/ignore/index.ts';
 import { loadCachedFindings, saveCachedFindings, filterNewFindings } from '../core/persist/findings-cache.ts';
+import { appendCostLog } from '../core/persist/cost-log.ts';
 
 function readToolVersion(): string {
   const pkgPath = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../package.json');
@@ -66,8 +68,9 @@ export interface RunCommandOptions {
   base?: string;        // git base ref (default HEAD~1)
   files?: string[];     // explicit file list (skips git detection)
   dryRun?: boolean;     // skip review, print what would run
-  diff?: boolean;       // use diff strategy (send git hunks instead of full files)
-  delta?: boolean;      // only report findings not present in last run's baseline
+  diff?: boolean;           // use diff strategy (send git hunks instead of full files)
+  delta?: boolean;          // only report findings not present in last run's baseline
+  inlineComments?: boolean; // post per-line review comments on the PR diff
   format?: 'text' | 'sarif';
   outputPath?: string;
   postComments?: boolean; // post/update summary comment on the open PR
@@ -190,8 +193,8 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
   console.log('');
   const result = await runAutopilot(input);
 
-  // Apply .autopilot-ignore suppression rules
-  const ignoreRules = loadIgnoreRules(cwd);
+  // Apply .autopilot-ignore + config ignore: rules
+  const ignoreRules = [...loadIgnoreRules(cwd), ...parseConfigIgnore(config.ignore)];
   if (ignoreRules.length > 0) {
     const before = result.allFindings.length;
     result.allFindings = applyIgnoreRules(result.allFindings, ignoreRules);
@@ -220,6 +223,17 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
   // Always persist the unfiltered findings as the new baseline
   saveCachedFindings(cwd, result.allFindings);
 
+  // Append to per-run cost log
+  const reviewPhase = result.phases.find(p => p.phase === 'review') as { usage?: { input: number; output: number } } | undefined;
+  appendCostLog(cwd, {
+    timestamp: new Date().toISOString(),
+    files: touchedFiles.length,
+    inputTokens: reviewPhase?.usage?.input ?? 0,
+    outputTokens: reviewPhase?.usage?.output ?? 0,
+    costUSD: result.totalCostUSD ?? 0,
+    durationMs: result.durationMs,
+  });
+
   // emitAnnotations is a no-op unless GITHUB_ACTIONS=true
   emitAnnotations(result.allFindings);
 
@@ -231,6 +245,21 @@ export async function runCommand(options: RunCommandOptions = {}): Promise<numbe
     console.log(fmt('dim', `[run] SARIF written to ${options.outputPath}`));
   }
 
+  // Post inline PR review comments if requested
+  if (options.inlineComments) {
+    const pr = detectPrNumber(cwd);
+    if (!pr) {
+      console.log(fmt('yellow', '  [run] --inline-comments: no open PR found — skipping'));
+    } else {
+      try {
+        const { posted, skipped } = await postReviewComments(pr, result.allFindings, cwd);
+        console.log(fmt('dim', `  [run] PR #${pr} inline review: ${posted} comment${posted !== 1 ? 's' : ''} posted${skipped > 0 ? `, ${skipped} skipped (no line number)` : ''}`));
+      } catch (err) {
+        console.error(fmt('yellow', `  [run] Failed to post inline comments: ${err instanceof Error ? err.message : String(err)}`));
+      }
+    }
+  }
+
   // Post PR comment if requested
   if (options.postComments) {
     const pr = detectPrNumber(cwd);

package/src/core/chunking/index.ts

@@ -13,12 +13,12 @@ export interface ReviewChunk {
 
 export interface BuildChunksInput {
   touchedFiles: string[];
-  strategy: 'auto' | 'single-pass' | 'file-level' | 'diff';
+  strategy: 'auto' | 'single-pass' | 'file-level' | 'diff' | 'auto-diff';
   chunking?: AutopilotConfig['chunking'];
   engine: ReviewEngine;
   cwd?: string;
   protectedPaths?: string[];
-  base?: string;  // git base ref — required for 'diff' strategy
+  base?: string;  // git base ref — required for 'diff'/'auto-diff' strategy
 }
 
 const DEFAULT_SMALL_TIER_TOKENS = 8000;
@@ -33,6 +33,14 @@ export async function buildReviewChunks(input: BuildChunksInput): Promise<Review
     return buildDiffChunks(input);
   }
 
+  // auto-diff: try diff first; fall back to full-file auto if diff is empty
+  // (handles new files, initial commits, or repos with no base ref)
+  if (input.strategy === 'auto-diff') {
+    const diffChunks = buildDiffChunks(input);
+    if (diffChunks.length > 0) return diffChunks;
+    // fall through to auto with full files
+  }
+
   const ranked = rankByRisk(input.touchedFiles, { protectedPaths: input.protectedPaths });
   const fileContents = await readFiles(ranked, input.cwd);
 

package/src/core/config/loader.ts

@@ -30,11 +30,23 @@ export async function loadConfig(path: string): Promise<AutopilotConfig> {
   }
 
   if (!validate(parsed)) {
-    const errors = (validate.errors ?? []).map(e => `${e.instancePath || '<root>'}: ${e.message}`);
-    throw new AutopilotError('Config schema validation failed', {
-      code: 'invalid_config',
-      details: { path, errors },
+    const errors = (validate.errors ?? []).map(e => {
+      const loc = e.instancePath ? e.instancePath.replace(/^\//, '').replace(/\//g, '.') : '<root>';
+      // enum errors: list allowed values
+      if (e.keyword === 'enum' && Array.isArray(e.params?.allowedValues)) {
+        return `${loc}: must be one of ${(e.params.allowedValues as unknown[]).map(v => JSON.stringify(v)).join(', ')}`;
+      }
+      // additionalProperties: name the unexpected key
+      if (e.keyword === 'additionalProperties' && e.params?.additionalProperty) {
+        return `${loc}: unexpected key "${e.params.additionalProperty as string}"`;
+      }
+      return `${loc}: ${e.message ?? 'invalid'}`;
     });
+    const summary = errors.slice(0, 5).join('\n  ');
+    throw new AutopilotError(
+      `autopilot.config.yaml is invalid:\n  ${summary}${errors.length > 5 ? `\n  …and ${errors.length - 5} more` : ''}`,
+      { code: 'invalid_config', details: { path, errors } },
+    );
   }
 
   return parsed as AutopilotConfig;

package/src/core/config/schema.ts

@@ -35,7 +35,24 @@ export const AUTOPILOT_CONFIG_SCHEMA = {
       },
       additionalProperties: false,
     },
-    reviewStrategy: { enum: ['auto', 'single-pass', 'file-level'] },
+    ignore: {
+      type: 'array',
+      items: {
+        oneOf: [
+          { type: 'string' },
+          {
+            type: 'object',
+            required: ['path'],
+            properties: {
+              rule: { type: 'string' },
+              path: { type: 'string' },
+            },
+            additionalProperties: false,
+          },
+        ],
+      },
+    },
+    reviewStrategy: { enum: ['auto', 'single-pass', 'file-level', 'diff', 'auto-diff'] },
     chunking: {
       type: 'object',
       properties: {

package/src/core/config/types.ts

@@ -27,7 +27,8 @@ export interface AutopilotConfig {
     maxCodexRetries?: number;
     maxBugbotRounds?: number;
   };
-  reviewStrategy?: 'auto' | 'single-pass' | 'file-level' | 'diff';
+  ignore?: Array<string | { rule?: string; path: string }>;
+  reviewStrategy?: 'auto' | 'single-pass' | 'file-level' | 'diff' | 'auto-diff';
   chunking?: {
     smallTierMaxTokens?: number;
     partialReviewTokens?: number;

package/src/core/ignore/index.ts

@@ -2,6 +2,7 @@ import * as fs from 'node:fs';
 import * as path from 'node:path';
 import { minimatch } from 'minimatch';
 import type { Finding } from '../findings/types.ts';
+import type { AutopilotConfig } from '../config/types.ts';
 
 export interface IgnoreRule {
   ruleId: string | '*';  // finding id prefix or '*' for any
@@ -36,6 +37,17 @@ function matchesRule(finding: Finding, rule: IgnoreRule): boolean {
   return minimatch(finding.file.replace(/\\/g, '/'), rule.pathGlob, { matchBase: true });
 }
 
+/** Convert `ignore:` entries from autopilot.config.yaml into IgnoreRules. */
+export function parseConfigIgnore(entries: AutopilotConfig['ignore']): IgnoreRule[] {
+  if (!entries || entries.length === 0) return [];
+  return entries.map(entry => {
+    if (typeof entry === 'string') {
+      return { ruleId: '*', pathGlob: entry };
+    }
+    return { ruleId: entry.rule ?? '*', pathGlob: entry.path };
+  });
+}
+
 export function applyIgnoreRules(findings: Finding[], rules: IgnoreRule[]): Finding[] {
   if (rules.length === 0) return findings;
   return findings.filter(f => !rules.some(r => matchesRule(f, r)));

package/src/core/persist/cost-log.ts

@@ -0,0 +1,30 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+
+const CACHE_DIR = '.autopilot-cache';
+const LOG_FILE = 'costs.jsonl';
+
+export interface CostLogEntry {
+  timestamp: string;
+  files: number;
+  inputTokens: number;
+  outputTokens: number;
+  costUSD: number;
+  durationMs: number;
+}
+
+export function appendCostLog(cwd: string, entry: CostLogEntry): void {
+  const dir = path.join(cwd, CACHE_DIR);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.appendFileSync(path.join(dir, LOG_FILE), JSON.stringify(entry) + '\n', 'utf8');
+}
+
+export function readCostLog(cwd: string): CostLogEntry[] {
+  const p = path.join(cwd, CACHE_DIR, LOG_FILE);
+  if (!fs.existsSync(p)) return [];
+  return fs.readFileSync(p, 'utf8')
+    .split('\n')
+    .filter(Boolean)
+    .map(line => { try { return JSON.parse(line) as CostLogEntry; } catch { return null; } })
+    .filter((e): e is CostLogEntry => e !== null);
+}