@delegance/claude-autopilot 2.5.0 → 5.0.0-alpha.2

package/src/cli/setup.ts

@@ -5,9 +5,13 @@ import { fileURLToPath } from 'node:url';
 import { detectProject } from './detector.ts';
 import { runHook } from './hook.ts';
 import { runDoctor } from './preflight.ts';
+import { detectLLMKey, LLM_KEY_NAMES } from '../core/detect/llm-key.ts';
 
 const PASS = '\x1b[32m✓\x1b[0m';
 const WARN = '\x1b[33m!\x1b[0m';
+const DIM  = (t: string) => `\x1b[2m${t}\x1b[0m`;
+const BOLD = (t: string) => `\x1b[1m${t}\x1b[0m`;
+const CYAN = (t: string) => `\x1b[36m${t}\x1b[0m`;
 
 const PRESET_LABELS: Record<string, string> = {
   'nextjs-supabase': 'Next.js + Supabase',
@@ -15,19 +19,69 @@ const PRESET_LABELS: Record<string, string> = {
   'rails-postgres': 'Ruby on Rails + PostgreSQL',
   'python-fastapi': 'Python FastAPI',
   'go': 'Go + PostgreSQL',
+  'generic': 'Generic (no stack-specific assumptions)',
+};
+
+export type ProfileName = 'security-strict' | 'team' | 'solo';
+
+const PROFILES: Record<ProfileName, { label: string; overlay: string }> = {
+  'security-strict': {
+    label: 'Security Strict',
+    overlay: [
+      'staticRules:',
+      '  - hardcoded-secrets',
+      '  - npm-audit',
+      '  - package-lock-sync',
+      '  - sql-injection',
+      '  - missing-auth',
+      '  - ssrf',
+      '  - insecure-redirect',
+      'policy:',
+      '  failOn: warning',
+      '  newOnly: false',
+    ].join('\n'),
+  },
+  'team': {
+    label: 'Team',
+    overlay: [
+      'staticRules:',
+      '  - hardcoded-secrets',
+      '  - npm-audit',
+      '  - package-lock-sync',
+      '  - sql-injection',
+      '  - missing-auth',
+      '  - ssrf',
+      '  - insecure-redirect',
+      'policy:',
+      '  failOn: critical',
+      '  newOnly: false',
+    ].join('\n'),
+  },
+  'solo': {
+    label: 'Solo Dev',
+    overlay: [
+      'staticRules:',
+      '  - hardcoded-secrets',
+      '  - npm-audit',
+      'policy:',
+      '  failOn: critical',
+      '  newOnly: false',
+    ].join('\n'),
+  },
 };
 
 export interface SetupOptions {
   cwd?: string;
   force?: boolean;
   skipHook?: boolean;
+  profile?: ProfileName;
 }
 
 function presetSearchPaths(name: string, cwd: string): string[] {
   const pkgRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..', '..');
   return [
-    path.join(pkgRoot, 'presets', name, 'autopilot.config.yaml'),
-    path.join(cwd, 'node_modules', '@delegance', 'claude-autopilot', 'presets', name, 'autopilot.config.yaml'),
+    path.join(pkgRoot, 'presets', name, 'guardrail.config.yaml'),
+    path.join(cwd, 'node_modules', '@delegance', 'claude-autopilot', 'presets', name, 'guardrail.config.yaml'),
   ];
 }
 
@@ -40,24 +94,35 @@ function findPresetConfig(name: string, cwd: string): string | null {
 
 export async function runSetup(options: SetupOptions = {}): Promise<void> {
   const cwd = options.cwd ?? process.cwd();
-  const dest = path.join(cwd, 'autopilot.config.yaml');
+  const dest = path.join(cwd, 'guardrail.config.yaml');
 
   if (fs.existsSync(dest) && !options.force) {
-    throw new Error('autopilot.config.yaml already exists — use --force to overwrite');
+    throw new Error('guardrail.config.yaml already exists — use --force to overwrite');
   }
 
-  console.log('\n[setup] Detecting project type...');
+  console.log(`\n${BOLD('[guardrail setup]')} ${DIM(cwd)}\n`);
+  console.log(`${BOLD('Detecting project…')}\n`);
 
   const detection = detectProject(cwd);
   const label = PRESET_LABELS[detection.preset] ?? detection.preset;
 
   if (detection.confidence === 'high') {
-    console.log(`  ${PASS}  ${label} (${detection.evidence})`);
+    console.log(`  ${PASS}  Stack:        ${label}`);
+    console.log(`  ${PASS}  Evidence:     ${DIM(detection.evidence)}`);
+  } else {
+    console.log(`  ${WARN}  Stack:        ${label} ${DIM('(low confidence — fallback preset)')}`);
+    console.log(`       ${DIM(detection.evidence)}`);
+    console.log(`       ${DIM('Edit guardrail.config.yaml to switch presets if needed')}`);
+  }
+  console.log(`  ${PASS}  Test command: ${DIM(detection.testCommand)}`);
+
+  const { hasKey, preferred } = detectLLMKey();
+  if (hasKey) {
+    console.log(`  ${PASS}  LLM API key:  detected (${preferred})`);
   } else {
-    console.log(`  ${WARN}  ${label} — no strong signals found, defaulted to ${detection.preset}`);
-    console.log(`       \x1b[2mEdit autopilot.config.yaml to switch presets if needed\x1b[0m`);
+    console.log(`  ${WARN}  LLM API key:  not found`);
+    console.log(`       ${DIM(`Set one of: ${LLM_KEY_NAMES.join(', ')}`)}`);
   }
-  console.log(`  ${PASS}  Test command: ${detection.testCommand}`);
 
   const presetConfigPath = findPresetConfig(detection.preset, cwd);
   if (!presetConfigPath) {
@@ -66,20 +131,61 @@ export async function runSetup(options: SetupOptions = {}): Promise<void> {
 
   let presetContent = await fsAsync.readFile(presetConfigPath, 'utf8');
   presetContent = presetContent.trimEnd() + `\ntestCommand: "${detection.testCommand}"\n`;
+
+  // Apply profile overlay if specified
+  if (options.profile) {
+    const profile = PROFILES[options.profile];
+    if (profile) {
+      console.log(`  ${PASS}  Profile:      ${profile.label}`);
+      // Profile overlay replaces staticRules + policy sections from preset
+      presetContent = presetContent
+        .replace(/^staticRules:.*?(?=^\w|\z)/ms, '')
+        .replace(/^policy:.*?(?=^\w|\z)/ms, '');
+      presetContent = presetContent.trimEnd() + `\n${profile.overlay}\n`;
+    }
+  }
+
   await fsAsync.writeFile(dest, presetContent, 'utf8');
-  console.log(`  ${PASS}  Created autopilot.config.yaml`);
 
+  console.log(`\n${BOLD('Config written to guardrail.config.yaml:')}\n`);
+  for (const line of presetContent.trimEnd().split('\n')) {
+    console.log(`  ${DIM(line)}`);
+  }
+
+  let hookInstalled = false;
   if (!options.skipHook) {
     const hookCode = await runHook('install', { cwd, silent: true });
-    if (hookCode === 0) {
-      console.log(`  ${PASS}  Installed pre-push git hook`);
+    hookInstalled = hookCode === 0;
+    if (hookInstalled) {
+      console.log(`\n  ${PASS}  Pre-push git hook installed`);
     } else {
-      console.log(`  ${WARN}  Hook install failed (not fatal — run: npx autopilot hook install)`);
+      console.log(`\n  ${WARN}  Hook install failed (run: npx guardrail hook install)`);
     }
   }
 
-  console.log('\n[setup] Checking prerequisites...');
+  console.log('\nChecking prerequisites…');
   await runDoctor();
 
-  console.log('\n[setup] Done. Run: npx autopilot run\n');
+  console.log(`\n${BOLD('Next steps:')}\n`);
+  if (!hasKey) {
+    console.log(`  1. ${CYAN('Set an LLM API key')} — guardrail needs one to review code:`);
+    console.log(`       export ANTHROPIC_API_KEY=sk-ant-...     # https://console.anthropic.com/`);
+    console.log(`       export OPENAI_API_KEY=sk-...            # https://platform.openai.com/api-keys`);
+    console.log(`       export GROQ_API_KEY=gsk_...             # https://console.groq.com/keys (free)\n`);
+    console.log(`  2. ${CYAN('Review your changes:')}`);
+    console.log(`       npx guardrail run --base main\n`);
+    console.log(`  3. ${CYAN('Scan any path directly:')}`);
+    console.log(`       npx guardrail scan src/auth/\n`);
+  } else {
+    console.log(`  ${CYAN('Review git-changed files:')}`);
+    console.log(`    npx guardrail run --base main\n`);
+    console.log(`  ${CYAN('Scan any path (no git needed):')}`);
+    console.log(`    npx guardrail scan src/auth/\n`);
+    console.log(`  ${CYAN('Ask a targeted question:')}`);
+    console.log(`    npx guardrail scan --ask "is there SQL injection here?" src/db/\n`);
+    if (!hookInstalled && !options.skipHook) {
+      console.log(`  ${CYAN('Install pre-push hook (auto-runs before git push):')}`);
+      console.log(`    npx guardrail hook install\n`);
+    }
+  }
 }

package/src/cli/test-gen.ts

@@ -0,0 +1,125 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { execFileSync } from 'node:child_process';
+import { loadConfig } from '../core/config/loader.ts';
+import { loadAdapter } from '../adapters/loader.ts';
+import type { ReviewEngine } from '../adapters/review-engine/types.ts';
+import { findCoverageGaps } from '../core/test-gen/coverage-analyzer.ts';
+import { detectTestFramework } from '../core/test-gen/framework-detector.ts';
+import { writeGeneratedTest, buildGenerationPrompt } from '../core/test-gen/test-writer.ts';
+
+const C = { reset: '\x1b[0m', green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', dim: '\x1b[2m', bold: '\x1b[1m', cyan: '\x1b[36m' };
+
+export interface TestGenOptions {
+  cwd?: string;
+  configPath?: string;
+  targets?: string[];
+  base?: string;
+  dryRun?: boolean;
+  verify?: boolean;
+}
+
+export async function runTestGen(options: TestGenOptions = {}): Promise<number> {
+  const cwd = options.cwd ?? process.cwd();
+  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
+
+  let config = { configVersion: 1 as const, testCommand: null as string | null };
+  if (fs.existsSync(configPath)) {
+    try {
+      const loaded = await loadConfig(configPath);
+      if (loaded) config = loaded as typeof config;
+    } catch {
+      // proceed with defaults if config fails to load
+    }
+  }
+
+  // Collect files to analyze
+  let files: string[];
+  if (options.targets && options.targets.length > 0) {
+    files = options.targets.map(t => path.isAbsolute(t) ? t : path.resolve(cwd, t));
+  } else {
+    // Fall back to git-changed files
+    try {
+      const base = options.base ?? 'HEAD~1';
+      const out = execFileSync('git', ['diff', '--name-only', base, 'HEAD'], { cwd, encoding: 'utf8' });
+      files = out.trim().split('\n').filter(Boolean).map(f => path.resolve(cwd, f));
+    } catch {
+      console.error(`${C.red}[test-gen] No targets specified and git diff failed. Pass a path: guardrail test-gen src/${C.reset}`);
+      return 1;
+    }
+  }
+
+  console.log(`${C.bold}[test-gen]${C.reset} Analyzing ${files.length} file(s)...`);
+  const gaps = findCoverageGaps(files);
+
+  if (gaps.length === 0) {
+    console.log(`${C.green}[test-gen] No coverage gaps found${C.reset}`);
+    return 0;
+  }
+
+  for (const gap of gaps) {
+    const rel = path.relative(cwd, gap.file);
+    const covered = gap.exports.length;
+    console.log(`  ${C.cyan}${rel}${C.reset}  ${covered} uncovered export(s): ${gap.exports.join(', ')}`);
+  }
+
+  if (options.dryRun) {
+    console.log(`\n${C.yellow}[test-gen] Dry run — not generating tests${C.reset}`);
+    return 0;
+  }
+
+  // Load review engine for generation
+  const engineRef = (config as { reviewEngine?: unknown }).reviewEngine ?? 'auto';
+  let engine: Awaited<ReturnType<typeof loadAdapter>>;
+  try {
+    engine = await loadAdapter({ point: 'review-engine', ref: engineRef as string });
+  } catch (err) {
+    console.error(`${C.red}[test-gen] Could not load review engine: ${err}${C.reset}`);
+    return 1;
+  }
+
+  const framework = detectTestFramework(cwd);
+  const written: string[] = [];
+
+  for (const gap of gaps) {
+    let sourceContent: string;
+    try { sourceContent = fs.readFileSync(gap.file, 'utf8'); } catch { continue; }
+
+    const prompt = buildGenerationPrompt(gap, sourceContent, framework);
+
+    process.stdout.write(`  Generating ${path.relative(cwd, gap.testFile)}... `);
+    try {
+      const result = await (engine as unknown as ReviewEngine).review({ content: prompt, kind: 'spec', context: { cwd } });
+
+      // Extract code block if wrapped in markdown
+      let code = result.rawOutput.trim();
+      const fenceMatch = code.match(/```(?:typescript|ts|javascript|js)?\n([\s\S]*?)```/);
+      if (fenceMatch) code = fenceMatch[1]!.trim();
+
+      const testPath = writeGeneratedTest(gap, code);
+      written.push(testPath);
+      console.log(`${C.green}done${C.reset}`);
+
+      // Verify mode
+      if (options.verify && config.testCommand) {
+        try {
+          const [cmd, ...cmdArgs] = config.testCommand.split(/\s+/);
+          execFileSync(cmd!, cmdArgs, { cwd, stdio: 'ignore', timeout: 60_000 });
+        } catch {
+          fs.unlinkSync(testPath);
+          written.pop();
+          console.log(`  ${C.yellow}  ↳ tests failed — reverted${C.reset}`);
+        }
+      }
+    } catch (err) {
+      console.log(`${C.red}failed: ${err}${C.reset}`);
+    }
+  }
+
+  if (written.length > 0) {
+    console.log(`\n${C.green}[test-gen] Generated ${written.length} test file(s):${C.reset}`);
+    for (const f of written) console.log(`  ${path.relative(cwd, f)}`);
+  }
+
+  return 0;
+}

package/src/cli/triage.ts

@@ -0,0 +1,137 @@
+import { loadCachedFindings } from '../core/persist/findings-cache.ts';
+import {
+  loadTriage, saveTriage, addTriageEntry, removeTriageEntry, clearExpiredEntries,
+  type TriageState,
+} from '../core/persist/triage.ts';
+
+const C = {
+  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m',
+};
+const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
+
+export interface TriageCommandOptions {
+  cwd?: string;
+}
+
+function parseTriageArgs(rest: string[]): { reason?: string; expiresInDays?: number; positional: string[] } {
+  let reason: string | undefined;
+  let expiresInDays: number | undefined;
+  const positional: string[] = [];
+  for (let i = 0; i < rest.length; i++) {
+    if (rest[i] === '--reason' && rest[i + 1]) { reason = rest[++i]; }
+    else if (rest[i] === '--expires' && rest[i + 1]) { expiresInDays = parseInt(rest[++i]!, 10); }
+    else if (!rest[i]!.startsWith('--')) { positional.push(rest[i]!); }
+  }
+  return { reason, expiresInDays, positional };
+}
+
+export async function runTriage(
+  subcommand: string | undefined,
+  rest: string[],
+  options: TriageCommandOptions = {},
+): Promise<number> {
+  const cwd = options.cwd ?? process.cwd();
+
+  if (subcommand === 'list' || subcommand === 'show') {
+    return cmdList(cwd);
+  }
+
+  if (subcommand === 'clear') {
+    const { positional } = parseTriageArgs(rest);
+    return cmdClear(cwd, positional, rest.includes('--expired'));
+  }
+
+  // Default: triage <finding-id> <state>
+  const findingId = subcommand;
+  const { reason, expiresInDays, positional } = parseTriageArgs(rest);
+  const stateArg = positional[0];
+
+  if (!findingId || !stateArg) {
+    printUsage();
+    return 1;
+  }
+
+  if (stateArg !== 'accepted-risk' && stateArg !== 'false-positive') {
+    console.error(fmt('red', `[triage] State must be "accepted-risk" or "false-positive", got: "${stateArg}"`));
+    return 1;
+  }
+
+  const findings = loadCachedFindings(cwd);
+  const finding = findings.find(f => f.id === findingId || f.id.startsWith(findingId));
+  if (!finding) {
+    console.error(fmt('red', `[triage] Finding not found: "${findingId}"`));
+    console.error(fmt('dim', '         Run `guardrail run` or `guardrail scan` first, then `guardrail report` to list IDs'));
+    return 1;
+  }
+
+  addTriageEntry(cwd, finding, stateArg as TriageState, { reason, expiresInDays });
+
+  const expNote = expiresInDays !== undefined ? fmt('dim', ` (expires in ${expiresInDays} days)`) : '';
+  console.log(`${fmt('green', '✓')}  ${fmt('bold', stateArg)}  ${finding.file}${finding.line ? `:${finding.line}` : ''} — ${finding.message}${expNote}`);
+  if (reason) console.log(fmt('dim', `   Reason: ${reason}`));
+  console.log(fmt('dim', '   Suppressed from future runs. Commit .guardrail-triage.json to share with team.'));
+  return 0;
+}
+
+function cmdList(cwd: string): number {
+  const store = loadTriage(cwd);
+  const now = new Date().toISOString();
+  const active = store.entries.filter(e => !e.expiresAt || e.expiresAt > now);
+  const expired = store.entries.filter(e => e.expiresAt && e.expiresAt <= now);
+
+  if (store.entries.length === 0) {
+    console.log(fmt('dim', '[triage] No triaged findings.'));
+    return 0;
+  }
+
+  console.log(`\n${fmt('bold', '[guardrail triage]')} ${active.length} active, ${expired.length} expired\n`);
+  for (const e of active) {
+    const tag = e.state === 'false-positive'
+      ? fmt('dim', 'false-positive ')
+      : fmt('yellow', 'accepted-risk  ');
+    const exp = e.expiresAt ? fmt('dim', ` expires ${e.expiresAt.slice(0, 10)}`) : '';
+    console.log(`  [${tag}]  ${fmt('dim', `${e.file}${e.line ? `:${e.line}` : ''}`)} — ${e.id}${exp}`);
+    if (e.reason) console.log(fmt('dim', `             Reason: ${e.reason}`));
+  }
+  if (expired.length > 0) {
+    console.log(fmt('dim', `\n  ${expired.length} expired — run \`guardrail triage clear --expired\` to remove`));
+  }
+  console.log('');
+  return 0;
+}
+
+function cmdClear(cwd: string, ids: string[], expired: boolean): number {
+  if (expired) {
+    const removed = clearExpiredEntries(cwd);
+    console.log(fmt('dim', `[triage] Cleared ${removed} expired entr${removed === 1 ? 'y' : 'ies'}`));
+    return 0;
+  }
+  if (ids.length === 0) {
+    console.error(fmt('red', '[triage] clear requires a finding ID or --expired'));
+    return 1;
+  }
+  const removed = removeTriageEntry(cwd, ids);
+  console.log(fmt('dim', `[triage] Cleared ${removed} entr${removed === 1 ? 'y' : 'ies'}`));
+  return 0;
+}
+
+function printUsage(): void {
+  console.error(`
+${fmt('bold', 'Usage:')}
+  guardrail triage <finding-id> accepted-risk|false-positive [options]
+  guardrail triage list
+  guardrail triage clear <finding-id> [<id>...]
+  guardrail triage clear --expired
+
+${fmt('bold', 'Options:')}
+  --reason <text>    Explain why this finding was triaged
+  --expires <days>   Auto-expire triage after N days
+
+${fmt('bold', 'States:')}
+  accepted-risk      Known issue, risk accepted — suppress without fixing
+  false-positive     Finding is incorrect — suppress permanently (or with expiry)
+
+${fmt('dim', 'Finding IDs come from `guardrail report` or the run output.')}
+`);
+}

package/src/cli/watch.ts

@@ -3,9 +3,9 @@ import * as path from 'node:path';
 import { loadConfig } from '../core/config/loader.ts';
 import { resolvePreset, mergeConfigs } from '../core/config/preset-resolver.ts';
 import { loadAdapter } from '../adapters/loader.ts';
-import { runAutopilot } from '../core/pipeline/run.ts';
+import { runGuardrail } from '../core/pipeline/run.ts';
 import type { ReviewEngine } from '../adapters/review-engine/types.ts';
-import type { AutopilotConfig } from '../core/config/types.ts';
+import type { GuardrailConfig } from '../core/config/types.ts';
 
 const C = {
   reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
@@ -17,7 +17,7 @@ const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
 export const IGNORED_PATTERNS: readonly RegExp[] = [
   /(^|[/\\])node_modules([/\\]|$)/,
   /(^|[/\\])\.git([/\\]|$)/,
-  /(^|[/\\])\.autopilot-cache([/\\]|$)/,
+  /(^|[/\\])\.guardrail-cache([/\\]|$)/,
   /\.(log|tmp|swp|swo|DS_Store)$/,
   /~$/,
 ];
@@ -29,10 +29,12 @@ export function isIgnored(p: string): boolean {
 /**
  * Pure debounce accumulator — returned functions are the testable core of watch logic.
  * schedule(file) → adds file, starts/resets timer; when debounce fires, calls flush(batch).
+ * onSchedule (optional) is called on every schedule() with the file and current queue size.
  */
 export function makeDebouncer(
   flushFn: (batch: string[]) => void,
   debounceMs: number,
+  onSchedule?: (file: string, queueSize: number) => void,
 ): { schedule: (file: string) => void; pending: () => string[] } {
   const pending = new Set<string>();
   let timer: ReturnType<typeof setTimeout> | null = null;
@@ -46,6 +48,7 @@ export function makeDebouncer(
         timer = null;
         flushFn(batch);
       }, debounceMs);
+      onSchedule?.(file, pending.size);
     },
     pending() { return [...pending]; },
   };
@@ -59,47 +62,55 @@ export interface WatchOptions {
 
 export async function runWatch(options: WatchOptions = {}): Promise<void> {
   const cwd = options.cwd ?? process.cwd();
-  const configPath = options.configPath ?? path.join(cwd, 'autopilot.config.yaml');
+  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
   const debounceMs = options.debounceMs ?? 300;
 
+  // Zero-config fallback — same as `run`
+  let config: GuardrailConfig;
   if (!fs.existsSync(configPath)) {
-    console.error(fmt('red', `[watch] autopilot.config.yaml not found — run: npx autopilot init`));
-    process.exit(1);
+    config = { configVersion: 1, reviewEngine: { adapter: 'auto' }, testCommand: null };
+  } else {
+    try {
+      const userConfig = await loadConfig(configPath);
+      config = userConfig.preset
+        ? mergeConfigs((await resolvePreset(userConfig.preset)).config, userConfig)
+        : userConfig;
+    } catch (err) {
+      console.error(fmt('red', `[watch] Config error: ${err instanceof Error ? err.message : String(err)}`));
+      process.exit(1);
+    }
   }
 
-  let config: AutopilotConfig;
-  try {
-    const userConfig = await loadConfig(configPath);
-    config = userConfig.preset
-      ? mergeConfigs((await resolvePreset(userConfig.preset)).config, userConfig)
-      : userConfig;
-  } catch (err) {
-    console.error(fmt('red', `[watch] Config error: ${err instanceof Error ? err.message : String(err)}`));
-    process.exit(1);
-  }
+  const hasAnyKey = !!(process.env.ANTHROPIC_API_KEY || process.env.GEMINI_API_KEY ||
+    process.env.GOOGLE_API_KEY || process.env.OPENAI_API_KEY || process.env.GROQ_API_KEY);
 
   let reviewEngine: ReviewEngine | undefined;
-  if (config.reviewEngine) {
+  if (config.reviewEngine && hasAnyKey) {
     const ref = typeof config.reviewEngine === 'string' ? config.reviewEngine : config.reviewEngine.adapter;
-    if (process.env.OPENAI_API_KEY) {
-      try {
-        reviewEngine = await loadAdapter<ReviewEngine>({
-          point: 'review-engine', ref,
-          options: typeof config.reviewEngine === 'string' ? undefined : config.reviewEngine.options,
-        });
-      } catch { /* skip */ }
-    }
+    try {
+      reviewEngine = await loadAdapter<ReviewEngine>({
+        point: 'review-engine', ref,
+        options: typeof config.reviewEngine === 'string' ? undefined : config.reviewEngine.options,
+      });
+    } catch { /* skip — static rules still run */ }
   }
 
-  console.log(`\n${fmt('bold', '[autopilot watch]')} ${fmt('dim', cwd)}`);
-  console.log(fmt('dim', `  debounce: ${debounceMs}ms  |  Ctrl+C to exit\n`));
+  const keyStatus = hasAnyKey
+    ? fmt('green', '✓ LLM review enabled')
+    : fmt('yellow', '! No API key — static rules only  (set ANTHROPIC_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, or GROQ_API_KEY)');
+
+  console.log(`\n${fmt('bold', '[guardrail watch]')} ${fmt('dim', cwd)}`);
+  console.log(fmt('dim', `  debounce: ${debounceMs}ms  |  Ctrl+C to exit`));
+  console.log(`  ${keyStatus}\n`);
+  console.log(fmt('dim', '  Watching for changes…\n'));
 
   let running = false;
   const nextPending = new Set<string>();
+  let debounceLineShown = false;
 
   const runBatch = async (batch: string[]) => {
+    debounceLineShown = false;
     if (running) {
-      // Queue these files for the next run after the current one completes
       for (const f of batch) nextPending.add(f);
       return;
     }
@@ -111,7 +122,7 @@ export async function runWatch(options: WatchOptions = {}): Promise<void> {
     console.log(fmt('dim', `  changed: ${rel.slice(0, 4).join(', ')}${rel.length > 4 ? ` +${rel.length - 4} more` : ''}`));
 
     try {
-      const result = await runAutopilot({ touchedFiles: rel, config, reviewEngine, cwd });
+      const result = await runGuardrail({ touchedFiles: rel, config, reviewEngine, cwd });
 
       for (const phase of result.phases) {
         const icon = phase.status === 'pass' ? fmt('green', '✓')
@@ -137,7 +148,8 @@ export async function runWatch(options: WatchOptions = {}): Promise<void> {
     }
 
     running = false;
-    // Flush anything that accumulated while we were running
+    console.log(fmt('dim', '\n  Watching for changes…'));
+
     if (nextPending.size > 0) {
       const queued = [...nextPending];
       nextPending.clear();
@@ -145,7 +157,16 @@ export async function runWatch(options: WatchOptions = {}): Promise<void> {
     }
   };
 
-  const debouncer = makeDebouncer(batch => { runBatch(batch); }, debounceMs);
+  const debouncer = makeDebouncer(
+    batch => { runBatch(batch); },
+    debounceMs,
+    (_file, queueSize) => {
+      if (!debounceLineShown && !running) {
+        process.stdout.write(fmt('dim', `  ⋯ ${queueSize} file(s) queued — reviewing in ${debounceMs}ms…\r`));
+        debounceLineShown = true;
+      }
+    },
+  );
 
   const onEvent = (_event: string, filename: string | null) => {
     if (!filename) return;