@delegance/claude-autopilot 2.5.0 → 5.0.0-alpha.2

package/src/core/worker/server.ts

@@ -0,0 +1,81 @@
+import * as http from 'node:http';
+import * as net from 'node:net';
+import type { GuardrailConfig } from '../config/types.ts';
+import type { Finding } from '../findings/types.ts';
+
+export interface WorkerServerOptions {
+  cwd: string;
+  onReview: (files: string[], config: GuardrailConfig) => Promise<{ findings: Finding[]; usage?: { costUSD: number } }>;
+}
+
+export interface WorkerServer {
+  port: number;
+  close(): Promise<void>;
+}
+
+async function getRandomPort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const srv = net.createServer();
+    srv.listen(0, '127.0.0.1', () => {
+      const addr = srv.address() as net.AddressInfo;
+      srv.close(() => resolve(addr.port));
+    });
+    srv.on('error', reject);
+  });
+}
+
+export async function startWorkerServer(opts: WorkerServerOptions): Promise<WorkerServer> {
+  const port = await getRandomPort();
+  let jobsProcessed = 0;
+  const startedAt = Date.now();
+
+  const server = http.createServer(async (req, res) => {
+    if (req.method === 'GET' && req.url === '/status') {
+      res.writeHead(200, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        pid: process.pid, port, jobsProcessed,
+        queueDepth: 0,
+        uptimeMs: Date.now() - startedAt,
+      }));
+      return;
+    }
+
+    if (req.method === 'POST' && req.url === '/stop') {
+      res.writeHead(200);
+      res.end('{"ok":true}');
+      setImmediate(() => server.close());
+      return;
+    }
+
+    if (req.method === 'POST' && req.url === '/review') {
+      let body = '';
+      req.on('data', (chunk: Buffer) => { body += chunk.toString(); });
+      req.on('end', async () => {
+        try {
+          const { files, config } = JSON.parse(body) as { files: string[]; config: GuardrailConfig };
+          const result = await opts.onReview(files, config);
+          jobsProcessed++;
+          res.writeHead(200, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify(result));
+        } catch (err) {
+          res.writeHead(500, { 'Content-Type': 'application/json' });
+          res.end(JSON.stringify({ error: String(err) }));
+        }
+      });
+      return;
+    }
+
+    res.writeHead(404);
+    res.end('Not found');
+  });
+
+  await new Promise<void>((resolve, reject) => {
+    server.listen(port, '127.0.0.1', () => resolve());
+    server.on('error', reject);
+  });
+
+  return {
+    port,
+    close: () => new Promise<void>(resolve => server.close(() => resolve())),
+  };
+}

package/src/formatters/junit.ts

@@ -0,0 +1,52 @@
+import type { RunResult } from '../core/pipeline/run.ts';
+
+function escapeXml(s: string): string {
+  return s
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&apos;');
+}
+
+export function toJUnit(result: RunResult, opts: { suiteName?: string } = {}): string {
+  const name = opts.suiteName ?? 'guardrail';
+  const findings = result.allFindings;
+  const failures = findings.filter(f => f.severity === 'critical').length;
+  const total = findings.length;
+  const time = (result.durationMs / 1000).toFixed(3);
+
+  const lines: string[] = [
+    '<?xml version="1.0" encoding="UTF-8"?>',
+    `<testsuites name="${escapeXml(name)}" tests="${total}" failures="${failures}" time="${time}">`,
+    `  <testsuite name="${escapeXml(name)}" tests="${total}" failures="${failures}" errors="0" time="${time}">`,
+  ];
+
+  if (findings.length === 0) {
+    lines.push(`    <testcase name="no findings" classname="${escapeXml(name)}" />`);
+  }
+
+  for (const f of findings) {
+    const loc = f.line ? `${f.file}:${f.line}` : f.file;
+    const testName = escapeXml(`[${f.severity.toUpperCase()}] ${f.category} — ${loc}`);
+    const classname = escapeXml(f.file.replace(/\//g, '.').replace(/\.[tj]sx?$/, ''));
+    const body = escapeXml(f.message + (f.suggestion ? `\n${f.suggestion}` : ''));
+
+    if (f.severity === 'critical') {
+      lines.push(
+        `    <testcase name="${testName}" classname="${classname}">`,
+        `      <failure type="${escapeXml(f.category)}" message="${escapeXml(f.message)}">${body}</failure>`,
+        `    </testcase>`,
+      );
+    } else {
+      lines.push(
+        `    <testcase name="${testName}" classname="${classname}">`,
+        `      <system-out>${body}</system-out>`,
+        `    </testcase>`,
+      );
+    }
+  }
+
+  lines.push('  </testsuite>', '</testsuites>');
+  return lines.join('\n');
+}

package/src/formatters/sarif.ts

@@ -91,9 +91,9 @@ export function toSarif(
     runs: [{
       tool: {
         driver: {
-          name: 'claude-autopilot',
+          name: 'guardrail',
           version: opts.toolVersion,
-          informationUri: 'https://github.com/axledbetter/claude-autopilot',
+          informationUri: 'https://github.com/axledbetter/guardrail',
           rules: [...rulesMap.values()],
         },
       },

package/src/index.ts

@@ -1,4 +1,3 @@
 export type { Finding, Severity, FindingSource } from './core/findings/types.js';
 export type { RunResult, RunInput, PhaseResult } from './core/pipeline/run.js';
-export type { AutopilotConfig, AdapterRef, AdapterReference } from './core/config/types.js';
-export { normalizeSnapshot } from './snapshots/serializer.js';
+export type { GuardrailConfig, AdapterRef, AdapterReference } from './core/config/types.js';

package/tests/snapshots/baselines/src-formatters-sarif.json

@@ -13,9 +13,9 @@
       {
         "tool": {
           "driver": {
-            "name": "claude-autopilot",
+            "name": "guardrail",
             "version": "9.9.9",
-            "informationUri": "https://github.com/axledbetter/claude-autopilot",
+            "informationUri": "https://github.com/axledbetter/guardrail",
             "rules": [
               {
                 "id": "no-secrets",
@@ -137,9 +137,9 @@
       {
         "tool": {
           "driver": {
-            "name": "claude-autopilot",
+            "name": "guardrail",
             "version": "1.2.3",
-            "informationUri": "https://github.com/axledbetter/claude-autopilot",
+            "informationUri": "https://github.com/axledbetter/guardrail",
             "rules": [
               {
                 "id": "cat-a",

package/tests/snapshots/index.json

@@ -3,12 +3,12 @@
     "src/formatters/sarif.ts"
   ],
   "tests/snapshots/src-snapshots-impact-selector.snap.ts": [
-    "src/snapshots/impact-selector.ts"
+    "scripts/snapshots/impact-selector.ts"
   ],
   "tests/snapshots/src-snapshots-import-scanner.snap.ts": [
-    "src/snapshots/import-scanner.ts"
+    "scripts/snapshots/import-scanner.ts"
   ],
   "tests/snapshots/src-snapshots-serializer.snap.ts": [
-    "src/snapshots/serializer.ts"
+    "scripts/snapshots/serializer.ts"
   ]
 }

package/tests/snapshots/src-formatters-sarif.snap.ts

@@ -10,7 +10,7 @@ import { fileURLToPath } from 'node:url';
 import * as path from 'node:path';
 
 import { normalizeSarifUri, toSarif } from '../../src/formatters/sarif.ts';
-import { normalizeSnapshot } from '../../src/snapshots/serializer.ts';
+import { normalizeSnapshot } from '../../scripts/snapshots/serializer.ts';
 
 const SLUG = 'src-formatters-sarif';
 const baselineRaw =

package/tests/snapshots/src-snapshots-impact-selector.snap.ts

@@ -1,4 +1,4 @@
-// @snapshot-for: src/snapshots/impact-selector.ts
+// @snapshot-for: scripts/snapshots/impact-selector.ts
 // @generated-at: 2026-04-21T17:42:06.431Z
 // @source-commit: d207869
 // @generator-version: 1.0.0-alpha.6
@@ -9,8 +9,8 @@ import assert from 'node:assert/strict';
 import { fileURLToPath } from 'node:url';
 import * as path from 'node:path';
 
-import { selectSnapshots } from '../../src/snapshots/impact-selector.ts';
-import { normalizeSnapshot } from '../../src/snapshots/serializer.ts';
+import { selectSnapshots } from '../../scripts/snapshots/impact-selector.ts';
+import { normalizeSnapshot } from '../../scripts/snapshots/serializer.ts';
 
 const SLUG = 'src-snapshots-impact-selector';
 const baselineRaw = process.env.CAPTURE_BASELINE === '1' ? '{}' : fs.readFileSync(fileURLToPath(new URL('./baselines/src-snapshots-impact-selector.json', import.meta.url)), 'utf8');

package/tests/snapshots/src-snapshots-import-scanner.snap.ts

@@ -1,4 +1,4 @@
-// @snapshot-for: src/snapshots/import-scanner.ts
+// @snapshot-for: scripts/snapshots/import-scanner.ts
 // @generated-at: 2026-04-21T17:42:06.431Z
 // @source-commit: d207869
 // @generator-version: 1.0.0-alpha.6
@@ -9,8 +9,8 @@ import assert from 'node:assert/strict';
 import { fileURLToPath } from 'node:url';
 import * as path from 'node:path';
 
-import { buildImportMap } from '../../src/snapshots/import-scanner.ts';
-import { normalizeSnapshot } from '../../src/snapshots/serializer.ts';
+import { buildImportMap } from '../../scripts/snapshots/import-scanner.ts';
+import { normalizeSnapshot } from '../../scripts/snapshots/serializer.ts';
 
 const SLUG = 'src-snapshots-import-scanner';
 void SLUG;

package/tests/snapshots/src-snapshots-serializer.snap.ts

@@ -1,4 +1,4 @@
-// @snapshot-for: src/snapshots/serializer.ts
+// @snapshot-for: scripts/snapshots/serializer.ts
 // @generated-at: 2026-04-21T17:42:06.431Z
 // @source-commit: d207869
 // @generator-version: 1.0.0-alpha.6
@@ -8,7 +8,7 @@ import { describe, it } from 'node:test';
 import assert from 'node:assert/strict';
 import { fileURLToPath } from 'node:url';
 import * as path from 'node:path';
-import { normalizeSnapshot } from '../../src/snapshots/serializer.ts';
+import { normalizeSnapshot } from '../../scripts/snapshots/serializer.ts';
 
 const SLUG = 'src-snapshots-serializer';
 const baselineRaw = process.env.CAPTURE_BASELINE === '1' ? '{}' : fs.readFileSync(fileURLToPath(new URL('./baselines/src-snapshots-serializer.json', import.meta.url)), 'utf8');

package/bin/autopilot.js

@@ -1,20 +0,0 @@
-#!/usr/bin/env node
-import { fileURLToPath } from 'node:url';
-import { spawnSync } from 'node:child_process';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const entrypoint = path.resolve(__dirname, '..', 'src', 'cli', 'index.ts');
-
-// Locate tsx: own node_modules (dev) → consumer's node_modules/.bin → PATH
-function findTsx() {
-  const own = path.resolve(__dirname, '..', 'node_modules', '.bin', 'tsx');
-  if (fs.existsSync(own)) return own;
-  const consumer = path.resolve(__dirname, '..', '..', '..', '.bin', 'tsx');
-  if (fs.existsSync(consumer)) return consumer;
-  return 'tsx';
-}
-
-const result = spawnSync(findTsx(), [entrypoint, ...process.argv.slice(2)], { stdio: 'inherit' });
-process.exit(result.status ?? 1);

package/skills/autopilot.md

@@ -1,157 +0,0 @@
----
-name: autopilot
-description: Run the @delegance/claude-autopilot code review pipeline — static rules, LLM review, snapshot regression. Use before any PR or after completing a feature.
----
-
-# autopilot — Code Review Pipeline
-
-Runs static rules, optional LLM review, and impact-aware snapshot regression on git-changed files. Auto-detects stack, protected paths, and test command from the project. Outputs findings inline and optionally as SARIF for GitHub Code Scanning.
-
-## When to Use
-
-- Before creating a PR: `npx autopilot run --base main`
-- Inside CI: `npx autopilot ci` (one-command, posts PR comment + SARIF)
-- Dev loop: `npx autopilot watch`
-- First setup: `npx autopilot setup && npx autopilot doctor`
-
-## Prerequisites
-
-```bash
-npx autopilot doctor   # checks Node 22+, tsx, gh CLI, API key, git config
-```
-
-## Commands
-
-### `run` — pipeline on git-changed files
-
-```bash
-npx autopilot run                          # diff HEAD~1 (default)
-npx autopilot run --base main              # diff against branch
-npx autopilot run --files src/a.ts,src/b.ts  # explicit files
-npx autopilot run --dry-run                # show what would run
-npx autopilot run --post-comments          # post/update summary on open PR
-npx autopilot run --format sarif --output autopilot.sarif
-```
-
-### `ci` — opinionated CI entrypoint
-
-```bash
-npx autopilot ci          # base=GITHUB_BASE_REF, post-comments=true, sarif written
-npx autopilot ci --base develop
-npx autopilot ci --no-post-comments
-npx autopilot ci --output results.sarif
-```
-
-Equivalent to `run --base <ref> --post-comments --format sarif --output <path>`. Base ref resolves from `GITHUB_BASE_REF` → `CI_MERGE_REQUEST_TARGET_BRANCH_NAME` → `HEAD~1`.
-
-### `setup` — zero-prompt first run
-
-```bash
-npx autopilot setup         # auto-detect stack, write config, install hook
-npx autopilot setup --force # overwrite existing config
-```
-
-Auto-detects: Go, Rails, FastAPI, T3, Next.js+Supabase. Runs doctor at end.
-
-### `watch` — dev loop
-
-```bash
-npx autopilot watch
-npx autopilot watch --debounce 500
-```
-
-### `autoregress` — snapshot regression
-
-```bash
-npx autopilot autoregress generate   # create baselines for changed files
-npx autopilot autoregress run        # run impact-selected snapshots
-npx autopilot autoregress run --all  # run all snapshots
-npx autopilot autoregress diff       # show diffs vs baselines
-npx autopilot autoregress update     # overwrite baselines after intentional change
-```
-
-### `hook` — pre-push git hook
-
-```bash
-npx autopilot hook install
-npx autopilot hook uninstall
-npx autopilot hook status
-```
-
-## LLM Review Adapters
-
-Configure via `reviewEngine.adapter` in `autopilot.config.yaml`:
-
-| Adapter | Key env var | Notes |
-|---------|-------------|-------|
-| `auto` | any | Picks available provider; prefers the one already used in code |
-| `claude` | `ANTHROPIC_API_KEY` | Claude Opus 4.7 |
-| `gemini` | `GEMINI_API_KEY` or `GOOGLE_API_KEY` | Gemini 2.5 Pro, 1M context |
-| `codex` | `OPENAI_API_KEY` | gpt-5.3-codex via responses API |
-| `openai-compatible` | configurable | Any OpenAI-API endpoint (Groq, Ollama, Together) |
-
-`auto` priority order: Anthropic → Gemini → OpenAI → Groq. When multiple keys are present, `auto` scans the project source files and prefers the provider already referenced most.
-
-## Auto-Detection
-
-When config fields are absent, `autopilot run` fills them in automatically:
-
-- **stack** — parsed from `package.json`, `go.mod`, `Cargo.toml`, `requirements.txt`, `Gemfile`; injected into review prompt
-- **protectedPaths** — migration dirs (`data/deltas/`, `migrations/`, `prisma/migrations/`, etc.), schema files, infra dirs (`terraform/`, `.github/workflows/`)
-- **testCommand** — re-detected at run time from project files; set `testCommand: null` to disable explicitly
-- **git context** — branch + last commit injected as `Change context: branch: X | last commit: Y`
-
-Detection lines are printed dim after the file count: `auto-detected: stack: Next.js + Supabase | protected: data/deltas/** ...`
-
-## Interpreting Results
-
-**Exit code 0** — pass or warnings only. Safe to proceed.
-**Exit code 1** — blocking findings. Fix before merging.
-
-Finding severities: `critical` blocks merge, `warning` should fix, `note` informational.
-
-PR comment (via `--post-comments` or `ci`): status badge, phase table, critical/warning findings, cost footer. Edits existing comment on re-runs (tracked via `<!-- autopilot-review -->` marker).
-
-SARIF output: upload with `github/codeql-action/upload-sarif@v3` for inline PR diff annotations. Also auto-emits `::error`/`::warning` annotations when `GITHUB_ACTIONS=true`.
-
-## Config (`autopilot.config.yaml`)
-
-```yaml
-configVersion: 1
-reviewEngine:
-  adapter: auto         # auto, claude, gemini, codex, openai-compatible
-testCommand: npm test   # null to disable
-protectedPaths:         # auto-detected if omitted
-  - data/deltas/**
-  - .github/workflows/**
-staticRules:
-  - hardcoded-secrets
-  - npm-audit
-  - package-lock-sync
-  - console-log
-  - todo-fixme
-  - large-file
-  - missing-tests
-```
-
-Preset defaults at: `node_modules/@delegance/claude-autopilot/presets/<name>/autopilot.config.yaml`
-
-## GitHub Actions
-
-```yaml
-- uses: axledbetter/claude-autopilot/.github/actions/ci@main
-  with:
-    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}   # or openai/gemini/groq
-```
-
-Runs `npx autopilot ci`, uploads SARIF, annotates PR diff. All API key inputs optional — whichever is set gets used by `auto`.
-
-## Integration with Development Pipeline
-
-```bash
-# After implementing feature
-npx autopilot run --base main
-
-# If findings → fix → re-run (max 3 iterations)
-# If clean → push → create PR
-```