@delegance/claude-autopilot 2.4.0 → 5.0.0-alpha.1

package/src/cli/lsp.ts

@@ -0,0 +1,200 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import type { Finding } from '../core/findings/types.ts';
+
+// LSP DiagnosticSeverity values (spec §3.16.1)
+const DSev = { Error: 1, Warning: 2, Information: 3 } as const;
+
+export function findingToUri(filePath: string, cwd: string): string {
+  const abs = path.isAbsolute(filePath) ? filePath : path.resolve(cwd, filePath);
+  // file:// with three slashes on Unix, four on Windows (file:///C:/...)
+  return `file://${abs.startsWith('/') ? '' : '/'}${abs}`;
+}
+
+export function findingToDiagnostic(f: Finding): {
+  range: { start: { line: number; character: number }; end: { line: number; character: number } };
+  severity: number;
+  source: string;
+  code: string;
+  message: string;
+} {
+  const line = Math.max(0, (f.line ?? 1) - 1); // LSP is 0-indexed; findings are 1-indexed
+  return {
+    range: { start: { line, character: 0 }, end: { line, character: 999 } },
+    severity: f.severity === 'critical' ? DSev.Error : f.severity === 'warning' ? DSev.Warning : DSev.Information,
+    source: 'guardrail',
+    code: f.id,
+    message: f.suggestion ? `${f.message}\n\n${f.suggestion}` : f.message,
+  };
+}
+
+export function groupByUri(findings: Finding[], cwd: string): Map<string, Finding[]> {
+  const map = new Map<string, Finding[]>();
+  for (const f of findings) {
+    const uri = findingToUri(f.file, cwd);
+    const arr = map.get(uri) ?? [];
+    arr.push(f);
+    map.set(uri, arr);
+  }
+  return map;
+}
+
+export function encodeMessage(body: object): Buffer {
+  const json = JSON.stringify(body);
+  const byteLen = Buffer.byteLength(json, 'utf8');
+  return Buffer.from(`Content-Length: ${byteLen}\r\n\r\n${json}`, 'utf8');
+}
+
+/** Parse as many complete LSP messages as possible from `buf`. Returns parsed objects and remaining bytes. */
+export function parseMessages(buf: Buffer): { messages: unknown[]; remaining: Buffer } {
+  const messages: unknown[] = [];
+  let remaining = buf;
+
+  while (remaining.length > 0) {
+    const headerEnd = remaining.indexOf('\r\n\r\n');
+    if (headerEnd < 0) break;
+
+    const headers = remaining.slice(0, headerEnd).toString('utf8');
+    const match = headers.match(/Content-Length:\s*(\d+)/i);
+    if (!match) { remaining = remaining.slice(headerEnd + 4); continue; }
+
+    const contentLength = parseInt(match[1]!, 10);
+    const bodyStart = headerEnd + 4;
+    if (remaining.length < bodyStart + contentLength) break;
+
+    const body = remaining.slice(bodyStart, bodyStart + contentLength).toString('utf8');
+    remaining = remaining.slice(bodyStart + contentLength);
+
+    try { messages.push(JSON.parse(body)); } catch { /* skip malformed */ }
+  }
+
+  return { messages, remaining };
+}
+
+export async function runLsp(options: { cwd?: string } = {}): Promise<void> {
+  const cwd = options.cwd ?? process.cwd();
+  const cacheFile = path.join(cwd, '.guardrail-cache', 'findings.json');
+
+  let initialized = false;
+  let didShutdown = false;
+
+  function send(msg: object): void {
+    process.stdout.write(encodeMessage(msg));
+  }
+
+  function notify(method: string, params: object): void {
+    send({ jsonrpc: '2.0', method, params });
+  }
+
+  function respond(id: number | string | null, result: unknown): void {
+    send({ jsonrpc: '2.0', id, result });
+  }
+
+  function respondError(id: number | string | null, code: number, message: string): void {
+    send({ jsonrpc: '2.0', id, error: { code, message } });
+  }
+
+  function readFindings(): Finding[] {
+    if (!fs.existsSync(cacheFile)) return [];
+    try { return JSON.parse(fs.readFileSync(cacheFile, 'utf8')) as Finding[]; }
+    catch { return []; }
+  }
+
+  function publishAll(findings: Finding[]): void {
+    const byUri = groupByUri(findings, cwd);
+    for (const [uri, ff] of byUri) {
+      notify('textDocument/publishDiagnostics', {
+        uri,
+        diagnostics: ff.map(findingToDiagnostic),
+      });
+    }
+  }
+
+  function publishForUri(uri: string, findings: Finding[]): void {
+    notify('textDocument/publishDiagnostics', {
+      uri,
+      diagnostics: findings.filter(f => findingToUri(f.file, cwd) === uri).map(findingToDiagnostic),
+    });
+  }
+
+  // Watch cache dir so editors see diagnostics update after a guardrail run
+  let watcher: fs.FSWatcher | null = null;
+
+  function startWatching(): void {
+    const dir = path.dirname(cacheFile);
+    if (!fs.existsSync(dir)) return;
+    try {
+      watcher = fs.watch(dir, { persistent: false }, (_event, filename) => {
+        if (filename === 'findings.json' && initialized) publishAll(readFindings());
+      });
+    } catch { /* watch unavailable */ }
+  }
+
+  type LspMessage = { jsonrpc: string; id?: number | string; method?: string; params?: unknown };
+
+  function handle(msg: LspMessage): void {
+    const { id, method, params } = msg;
+    if (!method) return; // response, ignore
+
+    switch (method) {
+      case 'initialize':
+        respond(id!, {
+          capabilities: {
+            textDocumentSync: { openClose: true, change: 1 /* full */ },
+          },
+          serverInfo: { name: 'guardrail', version: '4.1.0' },
+        });
+        break;
+
+      case 'initialized':
+        initialized = true;
+        startWatching();
+        publishAll(readFindings());
+        break;
+
+      case 'textDocument/didOpen':
+      case 'textDocument/didChange': {
+        const p = params as { textDocument?: { uri?: string } } | undefined;
+        const uri = p?.textDocument?.uri;
+        if (uri) publishForUri(uri, readFindings());
+        break;
+      }
+
+      case 'textDocument/didClose':
+        // Keep diagnostics visible after close
+        break;
+
+      case 'shutdown':
+        didShutdown = true;
+        watcher?.close();
+        respond(id!, null);
+        break;
+
+      case 'exit':
+        process.exit(didShutdown ? 0 : 1);
+        break;
+
+      case '$/cancelRequest':
+        break;
+
+      default:
+        if (id !== undefined) respondError(id, -32601, `Method not found: ${method}`);
+    }
+  }
+
+  // Frame-aware stdin reader
+  let buf = Buffer.alloc(0);
+  process.stdin.on('data', (chunk: Buffer) => {
+    buf = Buffer.concat([buf, chunk]);
+    const { messages, remaining } = parseMessages(buf);
+    buf = remaining as Buffer<ArrayBuffer>;
+    for (const msg of messages) handle(msg as LspMessage);
+  });
+
+  process.stdin.on('end', () => {
+    watcher?.close();
+    process.exit(0);
+  });
+
+  return new Promise<void>(() => { /* event-loop keeps us alive */ });
+}

package/src/cli/mcp.ts

@@ -0,0 +1,206 @@
+// src/cli/mcp.ts
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { loadConfig } from '../core/config/loader.ts';
+import { loadAdapter } from '../adapters/loader.ts';
+import type { ReviewEngine } from '../adapters/review-engine/types.ts';
+import type { GuardrailConfig } from '../core/config/types.ts';
+import { handleReviewDiff } from '../core/mcp/handlers/review-diff.ts';
+import { handleScanFiles } from '../core/mcp/handlers/scan-files.ts';
+import { handleGetFindings } from '../core/mcp/handlers/get-findings.ts';
+import { handleFixFinding } from '../core/mcp/handlers/fix-finding.ts';
+import { handleValidateFix } from '../core/mcp/handlers/validate-fix.ts';
+import { handleGetCapabilities } from '../core/mcp/handlers/get-capabilities.ts';
+
+export async function runMcp(options: { cwd?: string; configPath?: string } = {}): Promise<void> {
+  const cwd = options.cwd ?? process.cwd();
+  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
+
+  let config: GuardrailConfig = { configVersion: 1 };
+  if (fs.existsSync(configPath)) {
+    const loaded = await loadConfig(configPath);
+    if (loaded) config = loaded;
+  }
+
+  // Determine adapter name and options from config
+  const engineRef = (config as unknown as Record<string, unknown>).reviewEngine;
+  const ref =
+    typeof engineRef === 'string'
+      ? engineRef
+      : (engineRef as { adapter?: string } | undefined)?.adapter ?? 'auto';
+  const engineOptions =
+    typeof engineRef === 'object' && engineRef !== null
+      ? (engineRef as { options?: Record<string, unknown> }).options
+      : undefined;
+
+  const engine = await loadAdapter<ReviewEngine>({ point: 'review-engine', ref, options: engineOptions });
+  const adapterName = engine.name;
+
+  const server = new Server(
+    { name: 'guardrail', version: '1.0.0' },
+    { capabilities: { tools: {} } },
+  );
+
+  server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: [
+      {
+        name: 'review_diff',
+        description: 'Review git-changed files against a base ref. Returns structured findings.',
+        inputSchema: {
+          type: 'object',
+          properties: {
+            base: { type: 'string', description: 'Base ref to diff against (default: upstream or HEAD~1)' },
+            cwd: { type: 'string', description: 'Working directory (default: process.cwd())' },
+            static_only: { type: 'boolean', description: 'Skip LLM review, run static rules only' },
+          },
+        },
+      },
+      {
+        name: 'scan_files',
+        description: 'Review specific files or directories. Does not require git.',
+        inputSchema: {
+          type: 'object',
+          required: ['files'],
+          properties: {
+            files: { type: 'array', items: { type: 'string' }, description: 'File or directory paths to scan' },
+            cwd: { type: 'string' },
+            ask: { type: 'string', description: 'Targeted question, e.g. "is there SQL injection risk?"' },
+          },
+        },
+      },
+      {
+        name: 'get_findings',
+        description: 'Return findings from a prior review_diff or scan_files run by run_id.',
+        inputSchema: {
+          type: 'object',
+          required: ['run_id'],
+          properties: {
+            run_id: { type: 'string' },
+            severity: { type: 'string', enum: ['critical', 'warning', 'note'], description: 'Minimum severity to include' },
+            cwd: { type: 'string' },
+          },
+        },
+      },
+      {
+        name: 'fix_finding',
+        description: 'Apply an LLM-generated fix for a specific finding. Validates file checksum before applying.',
+        inputSchema: {
+          type: 'object',
+          required: ['run_id', 'finding_id'],
+          properties: {
+            run_id: { type: 'string' },
+            finding_id: { type: 'string' },
+            cwd: { type: 'string' },
+            dry_run: { type: 'boolean', description: 'Return patch without applying' },
+          },
+        },
+      },
+      {
+        name: 'validate_fix',
+        description: 'Run the configured testCommand and return pass/fail.',
+        inputSchema: {
+          type: 'object',
+          properties: {
+            cwd: { type: 'string' },
+            files: { type: 'array', items: { type: 'string' } },
+          },
+        },
+      },
+      {
+        name: 'get_capabilities',
+        description: 'Return adapter, enabled rules, and workspace metadata.',
+        inputSchema: {
+          type: 'object',
+          properties: { cwd: { type: 'string' } },
+        },
+      },
+    ],
+  }));
+
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args = {} } = request.params;
+    const a = args as Record<string, unknown>;
+
+    try {
+      let result: unknown;
+      switch (name) {
+        case 'review_diff':
+          result = await handleReviewDiff(
+            {
+              base: a['base'] as string | undefined,
+              cwd: a['cwd'] as string | undefined,
+              static_only: a['static_only'] as boolean | undefined,
+            },
+            config,
+            engine,
+          );
+          break;
+        case 'scan_files':
+          result = await handleScanFiles(
+            {
+              files: a['files'] as string[],
+              cwd: a['cwd'] as string | undefined,
+              ask: a['ask'] as string | undefined,
+            },
+            config,
+            engine,
+          );
+          break;
+        case 'get_findings':
+          result = await handleGetFindings({
+            run_id: a['run_id'] as string,
+            severity: a['severity'] as 'critical' | 'warning' | 'note' | undefined,
+            cwd: a['cwd'] as string | undefined,
+          });
+          break;
+        case 'fix_finding':
+          result = await handleFixFinding(
+            {
+              run_id: a['run_id'] as string,
+              finding_id: a['finding_id'] as string,
+              cwd: a['cwd'] as string | undefined,
+              dry_run: a['dry_run'] as boolean | undefined,
+            },
+            config,
+            engine,
+          );
+          break;
+        case 'validate_fix':
+          result = await handleValidateFix(
+            {
+              cwd: a['cwd'] as string | undefined,
+              files: a['files'] as string[] | undefined,
+            },
+            config,
+          );
+          break;
+        case 'get_capabilities':
+          result = await handleGetCapabilities(
+            { cwd: a['cwd'] as string | undefined },
+            config,
+            adapterName,
+          );
+          break;
+        default:
+          return {
+            content: [{ type: 'text' as const, text: JSON.stringify({ error: `Unknown tool: ${name}` }) }],
+            isError: true,
+          };
+      }
+      return { content: [{ type: 'text' as const, text: JSON.stringify(result) }] };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      const code = (err as { code?: string }).code ?? 'unknown_error';
+      return {
+        content: [{ type: 'text' as const, text: JSON.stringify({ error: msg, code }) }],
+        isError: true,
+      };
+    }
+  });
+
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}

package/src/cli/pr-comment.ts

@@ -1,12 +1,12 @@
 import { runSafe } from '../core/shell.ts';
 import type { RunResult } from '../core/pipeline/run.ts';
-import type { AutopilotConfig } from '../core/config/types.ts';
+import type { GuardrailConfig } from '../core/config/types.ts';
 import type { GitContext } from '../core/detect/git-context.ts';
 import { readFileSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
-const COMMENT_MARKER = '<!-- autopilot-review -->';
+const COMMENT_MARKER = '<!-- guardrail-review -->';
 
 function readVersion(): string {
   try {
@@ -42,7 +42,7 @@ function findExistingCommentId(pr: number, cwd: string): number | null {
 /** Format a RunResult into a markdown PR comment. */
 export function formatComment(
   result: RunResult,
-  config: AutopilotConfig,
+  config: GuardrailConfig,
   gitCtx: GitContext,
   touchedFileCount: number,
 ): string {
@@ -108,9 +108,9 @@ export function formatComment(
   }
 
   if (result.totalCostUSD !== undefined) {
-    lines.push(`*Cost: $${result.totalCostUSD.toFixed(4)} · ${result.durationMs}ms · [@delegance/claude-autopilot](https://github.com/axledbetter/claude-autopilot) v${readVersion()}*`);
+    lines.push(`*Cost: $${result.totalCostUSD.toFixed(4)} · ${result.durationMs}ms · [@delegance/guardrail](https://github.com/axledbetter/guardrail) v${readVersion()}*`);
   } else {
-    lines.push(`*${result.durationMs}ms · [@delegance/claude-autopilot](https://github.com/axledbetter/claude-autopilot) v${readVersion()}*`);
+    lines.push(`*${result.durationMs}ms · [@delegance/guardrail](https://github.com/axledbetter/guardrail) v${readVersion()}*`);
   }
 
   return lines.join('\n');

package/src/cli/pr-desc.ts

@@ -0,0 +1,168 @@
+import type { Finding } from '../core/findings/types.ts';
+import * as fs from 'node:fs';
+import { execSync, spawnSync } from 'node:child_process';
+
+export interface PrDescOptions {
+  base?: string;
+  post?: boolean;
+  yes?: boolean;
+  output?: string;
+  _gitDiff?: string;
+  _branchName?: string;
+  _cachedFindings?: Finding[];
+  _reviewEngine?: {
+    review(input: { content: string; kind: string }): Promise<{ rawOutput: string }>;
+  };
+}
+
+export interface PrDescResult {
+  title: string;
+  body: string;
+  prUrl?: string;
+}
+
+export function truncateDiff(diff: string, charLimit = 6000): string {
+  if (diff.length <= charLimit) return diff;
+  const remaining = diff.length - charLimit;
+  return `${diff.slice(0, charLimit)}[...truncated ${remaining} chars]`;
+}
+
+export function summarizeFindings(findings: Finding[], max = 10): string {
+  if (findings.length === 0) return 'None';
+  const order: Record<string, number> = { critical: 0, error: 1, warning: 2, info: 3 };
+  const sorted = [...findings].sort(
+    (a, b) => (order[a.severity] ?? 9) - (order[b.severity] ?? 9),
+  );
+  return sorted
+    .slice(0, max)
+    .map(f => `- [${f.severity.toUpperCase()}] ${f.file}:${f.line ?? '?'} — ${f.message}`)
+    .join('\n');
+}
+
+export function parseDescription(raw: string): { title: string; body: string } {
+  const titleMatch = raw.match(/^Title:\s*(.+)$/m);
+  const title = titleMatch ? titleMatch[1]!.trim() : 'chore: update';
+  const sepIdx = raw.indexOf('\n\n---\n');
+  const body = sepIdx !== -1 ? raw.slice(sepIdx + 5).trim() : raw.replace(/^Title:.*\n?/m, '').trim();
+  return { title, body };
+}
+
+export async function runPrDesc(options: PrDescOptions): Promise<PrDescResult> {
+  const branchName = options._branchName ?? getBranchName();
+  const diff = options._gitDiff ?? getGitDiff(options.base);
+
+  if (!diff.trim()) {
+    process.stdout.write('No changes detected\n');
+    return { title: 'No changes detected', body: '' };
+  }
+
+  const findings = options._cachedFindings ?? loadCachedFindings();
+  const prompt = buildPrompt(branchName, truncateDiff(diff), summarizeFindings(findings));
+
+  const engine = options._reviewEngine ?? (await resolveEngine() as unknown as { review(input: { content: string; kind: string }): Promise<{ rawOutput: string }> });
+  const { rawOutput } = await engine.review({ content: prompt, kind: 'pr-diff' });
+  const { title, body } = parseDescription(rawOutput);
+
+  const formatted = `Title: ${title}\n\n---\n${body}`;
+
+  if (options.output) {
+    fs.writeFileSync(options.output, formatted, 'utf8');
+  } else {
+    process.stdout.write(formatted + '\n');
+  }
+
+  if (options.post) {
+    return createPr(title, body, options.yes ?? false);
+  }
+
+  return { title, body };
+}
+
+function getBranchName(): string {
+  try {
+    return execSync('git rev-parse --abbrev-ref HEAD', { encoding: 'utf8' }).trim();
+  } catch {
+    return 'unknown';
+  }
+}
+
+function getGitDiff(base?: string): string {
+  try {
+    const ref = base ?? getUpstreamBase();
+    return execSync(`git diff ${ref}...HEAD`, { encoding: 'utf8' });
+  } catch {
+    return '';
+  }
+}
+
+function getUpstreamBase(): string {
+  try {
+    return execSync(
+      'git rev-parse --abbrev-ref --symbolic-full-name @{u}',
+      { encoding: 'utf8' },
+    ).trim();
+  } catch {
+    return 'HEAD~1';
+  }
+}
+
+function loadCachedFindings(): Finding[] {
+  try {
+    return JSON.parse(fs.readFileSync('.guardrail-cache/findings.json', 'utf8')) as Finding[];
+  } catch {
+    return [];
+  }
+}
+
+function buildPrompt(branch: string, diff: string, findingsSummary: string): string {
+  return `Generate a pull request description with three sections:
+
+## Summary
+<3-5 bullet points describing what changed and why>
+
+## Changes
+<grouped by file/area, concise>
+
+## Test Plan
+<checklist of what to verify before merging>
+
+Branch: ${branch}
+Diff:
+${diff}
+
+Guardrail findings in this diff:
+${findingsSummary}`;
+}
+
+async function resolveEngine() {
+  const { loadAdapter } = await import('../adapters/loader.ts');
+  const { loadConfig } = await import('../core/config/loader.ts');
+  const configPath = process.env.GUARDRAIL_CONFIG ?? 'guardrail.config.yaml';
+  let engineRef = 'auto';
+  try {
+    const cfg = await loadConfig(configPath);
+    const rev = (cfg as { reviewEngine?: unknown }).reviewEngine;
+    if (rev) engineRef = typeof rev === 'string' ? rev : (rev as { adapter: string }).adapter;
+  } catch {
+    // no config file — fall back to auto
+  }
+  return loadAdapter({ point: 'review-engine', ref: engineRef });
+}
+
+async function createPr(title: string, body: string, yes: boolean): Promise<PrDescResult> {
+  if (!yes) {
+    process.stdout.write('\nCreate PR with this description? [y/N] ');
+    const answer = await new Promise<string>(resolve => {
+      process.stdin.setEncoding('utf8');
+      process.stdin.once('data', (chunk: string) => resolve(chunk.split('\n')[0] ?? ''));
+    });
+    if (!answer.toLowerCase().startsWith('y')) return { title, body };
+  }
+  const result = spawnSync('gh', ['pr', 'create', '--title', title, '--body', body], { encoding: 'utf8' });
+  if (result.status !== 0) {
+    throw new Error(`gh pr create failed: ${result.stderr?.trim() || result.error?.message || 'unknown error'}`);
+  }
+  const prUrl = result.stdout.trim();
+  process.stdout.write(`\nPR created: ${prUrl}\n`);
+  return { title, body, prUrl };
+}

package/src/cli/pr-review-comments.ts

@@ -1,7 +1,7 @@
 import { runSafe } from '../core/shell.ts';
 import type { Finding } from '../core/findings/types.ts';
 
-const REVIEW_MARKER = '<!-- autopilot-inline -->';
+const REVIEW_MARKER = '<!-- guardrail-inline -->';
 
 function getRepoNwo(cwd: string): string | null {
   const raw = runSafe('gh', ['repo', 'view', '--json', 'nameWithOwner', '--jq', '.nameWithOwner'], { cwd });
@@ -50,7 +50,7 @@ export async function postReviewComments(
     runSafe('gh', [
       'api', `repos/${nwo}/pulls/${pr}/reviews/${existingId}/dismissals`,
       '--method', 'PUT',
-      '--field', 'message=Superseded by updated autopilot review',
+      '--field', 'message=Superseded by updated guardrail review',
     ], { cwd });
   }
 
@@ -87,6 +87,6 @@ function formatFindingBody(f: Finding): string {
             : '💡 **Note**';
   const lines = [`${sev} — ${f.message}`];
   if (f.suggestion) lines.push(`\n> **Suggestion:** ${f.suggestion}`);
-  lines.push(`\n*[@delegance/claude-autopilot](https://github.com/axledbetter/claude-autopilot)*`);
+  lines.push(`\n*[@delegance/guardrail](https://github.com/axledbetter/guardrail)*`);
   return lines.join('');
 }