npm - @delegance/claude-autopilot - Versions diffs - 5.0.1 → 5.0.2 - Mend

@delegance/claude-autopilot 5.0.1 → 5.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (410) hide show

package/dist/src/cli/index.js +39 -1
package/dist/src/cli/preflight.js +17 -4
package/package.json +4 -3
package/dist/presets/go/rules/go-sql-injection.d.ts.map +0 -1
package/dist/presets/go/rules/go-sql-injection.js.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.d.ts.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.js.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.d.ts.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.js.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.d.ts.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.js.map +0 -1
package/dist/presets/t3/rules/t3-server-only.d.ts.map +0 -1
package/dist/presets/t3/rules/t3-server-only.js.map +0 -1
package/dist/src/adapters/base.d.ts.map +0 -1
package/dist/src/adapters/base.js.map +0 -1
package/dist/src/adapters/council/claude.d.ts.map +0 -1
package/dist/src/adapters/council/claude.js.map +0 -1
package/dist/src/adapters/council/openai.d.ts.map +0 -1
package/dist/src/adapters/council/openai.js.map +0 -1
package/dist/src/adapters/council/types.d.ts.map +0 -1
package/dist/src/adapters/council/types.js.map +0 -1
package/dist/src/adapters/loader.d.ts.map +0 -1
package/dist/src/adapters/loader.js.map +0 -1
package/dist/src/adapters/migration-runner/supabase.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/supabase.js.map +0 -1
package/dist/src/adapters/migration-runner/types.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/types.js.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.js.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.js.map +0 -1
package/dist/src/adapters/review-bot-parser/types.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/types.js.map +0 -1
package/dist/src/adapters/review-engine/auto.d.ts.map +0 -1
package/dist/src/adapters/review-engine/auto.js.map +0 -1
package/dist/src/adapters/review-engine/claude.d.ts.map +0 -1
package/dist/src/adapters/review-engine/claude.js.map +0 -1
package/dist/src/adapters/review-engine/codex.d.ts.map +0 -1
package/dist/src/adapters/review-engine/codex.js.map +0 -1
package/dist/src/adapters/review-engine/gemini.d.ts.map +0 -1
package/dist/src/adapters/review-engine/gemini.js.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.d.ts.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.js.map +0 -1
package/dist/src/adapters/review-engine/parse-output.d.ts.map +0 -1
package/dist/src/adapters/review-engine/parse-output.js.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.d.ts.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.js.map +0 -1
package/dist/src/adapters/review-engine/types.d.ts.map +0 -1
package/dist/src/adapters/review-engine/types.js.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.js.map +0 -1
package/dist/src/adapters/vcs-host/github.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/github.js.map +0 -1
package/dist/src/adapters/vcs-host/types.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/types.js.map +0 -1
package/dist/src/cli/_pkg-root.d.ts.map +0 -1
package/dist/src/cli/_pkg-root.js.map +0 -1
package/dist/src/cli/autoregress-bridge.d.ts.map +0 -1
package/dist/src/cli/autoregress-bridge.js.map +0 -1
package/dist/src/cli/baseline.d.ts.map +0 -1
package/dist/src/cli/baseline.js.map +0 -1
package/dist/src/cli/ci.d.ts.map +0 -1
package/dist/src/cli/ci.js.map +0 -1
package/dist/src/cli/costs.d.ts.map +0 -1
package/dist/src/cli/costs.js.map +0 -1
package/dist/src/cli/council.d.ts.map +0 -1
package/dist/src/cli/council.js.map +0 -1
package/dist/src/cli/detector.d.ts.map +0 -1
package/dist/src/cli/detector.js.map +0 -1
package/dist/src/cli/explain.d.ts.map +0 -1
package/dist/src/cli/explain.js.map +0 -1
package/dist/src/cli/fix.d.ts.map +0 -1
package/dist/src/cli/fix.js.map +0 -1
package/dist/src/cli/hook.d.ts.map +0 -1
package/dist/src/cli/hook.js.map +0 -1
package/dist/src/cli/ignore-helper.d.ts.map +0 -1
package/dist/src/cli/ignore-helper.js.map +0 -1
package/dist/src/cli/index.d.ts.map +0 -1
package/dist/src/cli/index.js.map +0 -1
package/dist/src/cli/lsp.d.ts.map +0 -1
package/dist/src/cli/lsp.js.map +0 -1
package/dist/src/cli/mcp.d.ts.map +0 -1
package/dist/src/cli/mcp.js.map +0 -1
package/dist/src/cli/migrate-v4.d.ts.map +0 -1
package/dist/src/cli/migrate-v4.js.map +0 -1
package/dist/src/cli/pr-comment.d.ts.map +0 -1
package/dist/src/cli/pr-comment.js.map +0 -1
package/dist/src/cli/pr-desc.d.ts.map +0 -1
package/dist/src/cli/pr-desc.js.map +0 -1
package/dist/src/cli/pr-review-comments.d.ts.map +0 -1
package/dist/src/cli/pr-review-comments.js.map +0 -1
package/dist/src/cli/pr.d.ts.map +0 -1
package/dist/src/cli/pr.js.map +0 -1
package/dist/src/cli/preflight.d.ts.map +0 -1
package/dist/src/cli/preflight.js.map +0 -1
package/dist/src/cli/report.d.ts.map +0 -1
package/dist/src/cli/report.js.map +0 -1
package/dist/src/cli/run.d.ts.map +0 -1
package/dist/src/cli/run.js.map +0 -1
package/dist/src/cli/scan.d.ts.map +0 -1
package/dist/src/cli/scan.js.map +0 -1
package/dist/src/cli/setup.d.ts.map +0 -1
package/dist/src/cli/setup.js.map +0 -1
package/dist/src/cli/test-gen.d.ts.map +0 -1
package/dist/src/cli/test-gen.js.map +0 -1
package/dist/src/cli/triage.d.ts.map +0 -1
package/dist/src/cli/triage.js.map +0 -1
package/dist/src/cli/watch.d.ts.map +0 -1
package/dist/src/cli/watch.js.map +0 -1
package/dist/src/cli/worker.d.ts.map +0 -1
package/dist/src/cli/worker.js.map +0 -1
package/dist/src/core/cache/cached-engine.d.ts.map +0 -1
package/dist/src/core/cache/cached-engine.js.map +0 -1
package/dist/src/core/cache/review-cache.d.ts.map +0 -1
package/dist/src/core/cache/review-cache.js.map +0 -1
package/dist/src/core/chunking/index.d.ts.map +0 -1
package/dist/src/core/chunking/index.js.map +0 -1
package/dist/src/core/chunking/risk-ranker.d.ts.map +0 -1
package/dist/src/core/chunking/risk-ranker.js.map +0 -1
package/dist/src/core/config/loader.d.ts.map +0 -1
package/dist/src/core/config/loader.js.map +0 -1
package/dist/src/core/config/preset-resolver.d.ts.map +0 -1
package/dist/src/core/config/preset-resolver.js.map +0 -1
package/dist/src/core/config/schema.d.ts.map +0 -1
package/dist/src/core/config/schema.js.map +0 -1
package/dist/src/core/config/types.d.ts.map +0 -1
package/dist/src/core/config/types.js.map +0 -1
package/dist/src/core/council/config.d.ts.map +0 -1
package/dist/src/core/council/config.js.map +0 -1
package/dist/src/core/council/context.d.ts.map +0 -1
package/dist/src/core/council/context.js.map +0 -1
package/dist/src/core/council/runner.d.ts.map +0 -1
package/dist/src/core/council/runner.js.map +0 -1
package/dist/src/core/council/types.d.ts.map +0 -1
package/dist/src/core/council/types.js.map +0 -1
package/dist/src/core/detect/git-context.d.ts.map +0 -1
package/dist/src/core/detect/git-context.js.map +0 -1
package/dist/src/core/detect/llm-key.d.ts.map +0 -1
package/dist/src/core/detect/llm-key.js.map +0 -1
package/dist/src/core/detect/protected-paths.d.ts.map +0 -1
package/dist/src/core/detect/protected-paths.js.map +0 -1
package/dist/src/core/detect/provider-usage.d.ts.map +0 -1
package/dist/src/core/detect/provider-usage.js.map +0 -1
package/dist/src/core/detect/stack.d.ts.map +0 -1
package/dist/src/core/detect/stack.js.map +0 -1
package/dist/src/core/detect/workspaces.d.ts.map +0 -1
package/dist/src/core/detect/workspaces.js.map +0 -1
package/dist/src/core/errors.d.ts.map +0 -1
package/dist/src/core/errors.js.map +0 -1
package/dist/src/core/findings/dedup.d.ts.map +0 -1
package/dist/src/core/findings/dedup.js.map +0 -1
package/dist/src/core/findings/types.d.ts.map +0 -1
package/dist/src/core/findings/types.js.map +0 -1
package/dist/src/core/fix/generator.d.ts.map +0 -1
package/dist/src/core/fix/generator.js.map +0 -1
package/dist/src/core/git/diff-hunks.d.ts.map +0 -1
package/dist/src/core/git/diff-hunks.js.map +0 -1
package/dist/src/core/git/touched-files.d.ts.map +0 -1
package/dist/src/core/git/touched-files.js.map +0 -1
package/dist/src/core/ignore/index.d.ts.map +0 -1
package/dist/src/core/ignore/index.js.map +0 -1
package/dist/src/core/index.d.ts.map +0 -1
package/dist/src/core/index.js.map +0 -1
package/dist/src/core/logging/ndjson-writer.d.ts.map +0 -1
package/dist/src/core/logging/ndjson-writer.js.map +0 -1
package/dist/src/core/logging/redaction.d.ts.map +0 -1
package/dist/src/core/logging/redaction.js.map +0 -1
package/dist/src/core/mcp/concurrency.d.ts.map +0 -1
package/dist/src/core/mcp/concurrency.js.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.js.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.js.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.js.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.js.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.js.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.js.map +0 -1
package/dist/src/core/mcp/run-store.d.ts.map +0 -1
package/dist/src/core/mcp/run-store.js.map +0 -1
package/dist/src/core/mcp/workspace.d.ts.map +0 -1
package/dist/src/core/mcp/workspace.js.map +0 -1
package/dist/src/core/persist/baseline.d.ts.map +0 -1
package/dist/src/core/persist/baseline.js.map +0 -1
package/dist/src/core/persist/cost-log.d.ts.map +0 -1
package/dist/src/core/persist/cost-log.js.map +0 -1
package/dist/src/core/persist/findings-cache.d.ts.map +0 -1
package/dist/src/core/persist/findings-cache.js.map +0 -1
package/dist/src/core/persist/triage.d.ts.map +0 -1
package/dist/src/core/persist/triage.js.map +0 -1
package/dist/src/core/phases/static-rules.d.ts.map +0 -1
package/dist/src/core/phases/static-rules.js.map +0 -1
package/dist/src/core/phases/tests.d.ts.map +0 -1
package/dist/src/core/phases/tests.js.map +0 -1
package/dist/src/core/pipeline/review-phase.d.ts.map +0 -1
package/dist/src/core/pipeline/review-phase.js.map +0 -1
package/dist/src/core/pipeline/run.d.ts.map +0 -1
package/dist/src/core/pipeline/run.js.map +0 -1
package/dist/src/core/runtime/idempotency.d.ts.map +0 -1
package/dist/src/core/runtime/idempotency.js.map +0 -1
package/dist/src/core/runtime/lock.d.ts.map +0 -1
package/dist/src/core/runtime/lock.js.map +0 -1
package/dist/src/core/runtime/state.d.ts.map +0 -1
package/dist/src/core/runtime/state.js.map +0 -1
package/dist/src/core/schema-alignment/detector.d.ts.map +0 -1
package/dist/src/core/schema-alignment/detector.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.js.map +0 -1
package/dist/src/core/schema-alignment/llm-check.d.ts.map +0 -1
package/dist/src/core/schema-alignment/llm-check.js.map +0 -1
package/dist/src/core/schema-alignment/scanner.d.ts.map +0 -1
package/dist/src/core/schema-alignment/scanner.js.map +0 -1
package/dist/src/core/schema-alignment/types.d.ts.map +0 -1
package/dist/src/core/schema-alignment/types.js.map +0 -1
package/dist/src/core/shell.d.ts.map +0 -1
package/dist/src/core/shell.js.map +0 -1
package/dist/src/core/static-rules/registry.d.ts.map +0 -1
package/dist/src/core/static-rules/registry.js.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.js.map +0 -1
package/dist/src/core/static-rules/rules/console-log.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/console-log.js.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.js.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.js.map +0 -1
package/dist/src/core/static-rules/rules/large-file.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/large-file.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.js.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.js.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.js.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.js.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.js.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.js.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.js.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.d.ts.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.js.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.d.ts.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.js.map +0 -1
package/dist/src/core/test-gen/framework-detector.d.ts.map +0 -1
package/dist/src/core/test-gen/framework-detector.js.map +0 -1
package/dist/src/core/test-gen/test-writer.d.ts.map +0 -1
package/dist/src/core/test-gen/test-writer.js.map +0 -1
package/dist/src/core/ui/design-context-loader.d.ts.map +0 -1
package/dist/src/core/ui/design-context-loader.js.map +0 -1
package/dist/src/core/worker/client.d.ts.map +0 -1
package/dist/src/core/worker/client.js.map +0 -1
package/dist/src/core/worker/lockfile.d.ts.map +0 -1
package/dist/src/core/worker/lockfile.js.map +0 -1
package/dist/src/core/worker/server.d.ts.map +0 -1
package/dist/src/core/worker/server.js.map +0 -1
package/dist/src/formatters/github-annotations.d.ts.map +0 -1
package/dist/src/formatters/github-annotations.js.map +0 -1
package/dist/src/formatters/index.d.ts.map +0 -1
package/dist/src/formatters/index.js.map +0 -1
package/dist/src/formatters/junit.d.ts.map +0 -1
package/dist/src/formatters/junit.js.map +0 -1
package/dist/src/formatters/sarif.d.ts.map +0 -1
package/dist/src/formatters/sarif.js.map +0 -1
package/dist/src/index.d.ts.map +0 -1
package/dist/src/index.js.map +0 -1
package/src/adapters/base.ts +0 -19
package/src/adapters/council/claude.ts +0 -41
package/src/adapters/council/openai.ts +0 -40
package/src/adapters/council/types.ts +0 -7
package/src/adapters/loader.ts +0 -108
package/src/adapters/migration-runner/supabase.ts +0 -56
package/src/adapters/migration-runner/types.ts +0 -36
package/src/adapters/review-bot-parser/cursor.ts +0 -13
package/src/adapters/review-bot-parser/declarative-base.ts +0 -64
package/src/adapters/review-bot-parser/types.ts +0 -9
package/src/adapters/review-engine/auto.ts +0 -94
package/src/adapters/review-engine/claude.ts +0 -100
package/src/adapters/review-engine/codex.ts +0 -82
package/src/adapters/review-engine/gemini.ts +0 -105
package/src/adapters/review-engine/openai-compatible.ts +0 -100
package/src/adapters/review-engine/parse-output.ts +0 -74
package/src/adapters/review-engine/prompt-builder.ts +0 -19
package/src/adapters/review-engine/types.ts +0 -19
package/src/adapters/vcs-host/commit-status.ts +0 -39
package/src/adapters/vcs-host/github.ts +0 -77
package/src/adapters/vcs-host/types.ts +0 -44
package/src/cli/_pkg-root.ts +0 -85
package/src/cli/autoregress-bridge.ts +0 -30
package/src/cli/baseline.ts +0 -125
package/src/cli/ci.ts +0 -45
package/src/cli/costs.ts +0 -80
package/src/cli/council.ts +0 -96
package/src/cli/detector.ts +0 -92
package/src/cli/explain.ts +0 -197
package/src/cli/fix.ts +0 -249
package/src/cli/hook.ts +0 -124
package/src/cli/ignore-helper.ts +0 -116
package/src/cli/index.ts +0 -612
package/src/cli/lsp.ts +0 -200
package/src/cli/mcp.ts +0 -206
package/src/cli/migrate-v4.ts +0 -388
package/src/cli/pr-comment.ts +0 -139
package/src/cli/pr-desc.ts +0 -168
package/src/cli/pr-review-comments.ts +0 -92
package/src/cli/pr.ts +0 -76
package/src/cli/preflight.ts +0 -235
package/src/cli/report.ts +0 -186
package/src/cli/run.ts +0 -425
package/src/cli/scan.ts +0 -233
package/src/cli/setup.ts +0 -191
package/src/cli/test-gen.ts +0 -125
package/src/cli/triage.ts +0 -137
package/src/cli/watch.ts +0 -190
package/src/cli/worker.ts +0 -109
package/src/core/.gitkeep +0 -0
package/src/core/cache/cached-engine.ts +0 -32
package/src/core/cache/review-cache.ts +0 -70
package/src/core/chunking/index.ts +0 -113
package/src/core/chunking/risk-ranker.ts +0 -56
package/src/core/config/loader.ts +0 -53
package/src/core/config/preset-resolver.ts +0 -46
package/src/core/config/schema.ts +0 -181
package/src/core/config/types.ts +0 -98
package/src/core/council/config.ts +0 -71
package/src/core/council/context.ts +0 -17
package/src/core/council/runner.ts +0 -83
package/src/core/council/types.ts +0 -45
package/src/core/detect/git-context.ts +0 -27
package/src/core/detect/llm-key.ts +0 -89
package/src/core/detect/protected-paths.ts +0 -63
package/src/core/detect/provider-usage.ts +0 -74
package/src/core/detect/stack.ts +0 -153
package/src/core/detect/workspaces.ts +0 -103
package/src/core/errors.ts +0 -37
package/src/core/findings/dedup.ts +0 -14
package/src/core/findings/types.ts +0 -39
package/src/core/fix/generator.ts +0 -149
package/src/core/git/diff-hunks.ts +0 -86
package/src/core/git/touched-files.ts +0 -73
package/src/core/ignore/index.ts +0 -54
package/src/core/index.ts +0 -1
package/src/core/logging/ndjson-writer.ts +0 -37
package/src/core/logging/redaction.ts +0 -19
package/src/core/mcp/concurrency.ts +0 -16
package/src/core/mcp/handlers/fix-finding.ts +0 -126
package/src/core/mcp/handlers/get-capabilities.ts +0 -62
package/src/core/mcp/handlers/get-findings.ts +0 -36
package/src/core/mcp/handlers/review-diff.ts +0 -65
package/src/core/mcp/handlers/scan-files.ts +0 -65
package/src/core/mcp/handlers/validate-fix.ts +0 -41
package/src/core/mcp/run-store.ts +0 -85
package/src/core/mcp/workspace.ts +0 -35
package/src/core/persist/baseline.ts +0 -112
package/src/core/persist/cost-log.ts +0 -30
package/src/core/persist/findings-cache.ts +0 -43
package/src/core/persist/triage.ts +0 -112
package/src/core/phases/static-rules.ts +0 -93
package/src/core/phases/tests.ts +0 -51
package/src/core/pipeline/review-phase.ts +0 -182
package/src/core/pipeline/run.ts +0 -116
package/src/core/runtime/idempotency.ts +0 -6
package/src/core/runtime/lock.ts +0 -29
package/src/core/runtime/state.ts +0 -97
package/src/core/schema-alignment/detector.ts +0 -59
package/src/core/schema-alignment/extractor/index.ts +0 -24
package/src/core/schema-alignment/extractor/prisma.ts +0 -21
package/src/core/schema-alignment/extractor/sql.ts +0 -99
package/src/core/schema-alignment/llm-check.ts +0 -91
package/src/core/schema-alignment/scanner.ts +0 -107
package/src/core/schema-alignment/types.ts +0 -43
package/src/core/shell.ts +0 -48
package/src/core/static-rules/registry.ts +0 -59
package/src/core/static-rules/rules/brand-tokens.ts +0 -145
package/src/core/static-rules/rules/console-log.ts +0 -42
package/src/core/static-rules/rules/hardcoded-secrets.ts +0 -83
package/src/core/static-rules/rules/insecure-redirect.ts +0 -67
package/src/core/static-rules/rules/large-file.ts +0 -37
package/src/core/static-rules/rules/missing-auth.ts +0 -70
package/src/core/static-rules/rules/missing-tests.ts +0 -57
package/src/core/static-rules/rules/npm-audit.ts +0 -38
package/src/core/static-rules/rules/package-lock-sync.ts +0 -54
package/src/core/static-rules/rules/schema-alignment.ts +0 -132
package/src/core/static-rules/rules/sql-injection.ts +0 -71
package/src/core/static-rules/rules/ssrf.ts +0 -63
package/src/core/static-rules/rules/todo-fixme.ts +0 -40
package/src/core/static-rules/tailwind-extractor.ts +0 -38
package/src/core/test-gen/coverage-analyzer.ts +0 -93
package/src/core/test-gen/framework-detector.ts +0 -21
package/src/core/test-gen/test-writer.ts +0 -33
package/src/core/ui/design-context-loader.ts +0 -87
package/src/core/worker/client.ts +0 -46
package/src/core/worker/lockfile.ts +0 -38
package/src/core/worker/server.ts +0 -81
package/src/formatters/github-annotations.ts +0 -36
package/src/formatters/index.ts +0 -3
package/src/formatters/junit.ts +0 -52
package/src/formatters/sarif.ts +0 -103
package/src/index.ts +0 -3

package/src/cli/setup.ts DELETED Viewed

@@ -1,191 +0,0 @@
-import * as fs from 'node:fs';
-import * as fsAsync from 'node:fs/promises';
-import * as path from 'node:path';
-import { detectProject } from './detector.ts';
-import { runHook } from './hook.ts';
-import { runDoctor } from './preflight.ts';
-import { detectLLMKey, LLM_KEY_NAMES } from '../core/detect/llm-key.ts';
-import { requirePackageRoot } from './_pkg-root.ts';
-const PASS = '\x1b[32m✓\x1b[0m';
-const WARN = '\x1b[33m!\x1b[0m';
-const DIM  = (t: string) => `\x1b[2m${t}\x1b[0m`;
-const BOLD = (t: string) => `\x1b[1m${t}\x1b[0m`;
-const CYAN = (t: string) => `\x1b[36m${t}\x1b[0m`;
-const PRESET_LABELS: Record<string, string> = {
-  'nextjs-supabase': 'Next.js + Supabase',
-  't3': 'T3 Stack (Next.js + tRPC + Prisma)',
-  'rails-postgres': 'Ruby on Rails + PostgreSQL',
-  'python-fastapi': 'Python FastAPI',
-  'go': 'Go + PostgreSQL',
-  'generic': 'Generic (no stack-specific assumptions)',
-};
-export type ProfileName = 'security-strict' | 'team' | 'solo';
-const PROFILES: Record<ProfileName, { label: string; overlay: string }> = {
-  'security-strict': {
-    label: 'Security Strict',
-    overlay: [
-      'staticRules:',
-      '  - hardcoded-secrets',
-      '  - npm-audit',
-      '  - package-lock-sync',
-      '  - sql-injection',
-      '  - missing-auth',
-      '  - ssrf',
-      '  - insecure-redirect',
-      'policy:',
-      '  failOn: warning',
-      '  newOnly: false',
-    ].join('\n'),
-  },
-  'team': {
-    label: 'Team',
-    overlay: [
-      'staticRules:',
-      '  - hardcoded-secrets',
-      '  - npm-audit',
-      '  - package-lock-sync',
-      '  - sql-injection',
-      '  - missing-auth',
-      '  - ssrf',
-      '  - insecure-redirect',
-      'policy:',
-      '  failOn: critical',
-      '  newOnly: false',
-    ].join('\n'),
-  },
-  'solo': {
-    label: 'Solo Dev',
-    overlay: [
-      'staticRules:',
-      '  - hardcoded-secrets',
-      '  - npm-audit',
-      'policy:',
-      '  failOn: critical',
-      '  newOnly: false',
-    ].join('\n'),
-  },
-};
-export interface SetupOptions {
-  cwd?: string;
-  force?: boolean;
-  skipHook?: boolean;
-  profile?: ProfileName;
-}
-function presetSearchPaths(name: string, cwd: string): string[] {
-  const pkgRoot = requirePackageRoot(import.meta.url);
-  return [
-    path.join(pkgRoot, 'presets', name, 'guardrail.config.yaml'),
-    path.join(cwd, 'node_modules', '@delegance', 'claude-autopilot', 'presets', name, 'guardrail.config.yaml'),
-  ];
-}
-function findPresetConfig(name: string, cwd: string): string | null {
-  for (const p of presetSearchPaths(name, cwd)) {
-    if (fs.existsSync(p)) return p;
-  }
-  return null;
-}
-export async function runSetup(options: SetupOptions = {}): Promise<void> {
-  const cwd = options.cwd ?? process.cwd();
-  const dest = path.join(cwd, 'guardrail.config.yaml');
-  if (fs.existsSync(dest) && !options.force) {
-    throw new Error('guardrail.config.yaml already exists — use --force to overwrite');
-  }
-  console.log(`\n${BOLD('[setup]')} ${DIM(cwd)}\n`);
-  console.log(`${BOLD('Detecting project…')}\n`);
-  const detection = detectProject(cwd);
-  const label = PRESET_LABELS[detection.preset] ?? detection.preset;
-  if (detection.confidence === 'high') {
-    console.log(`  ${PASS}  Stack:        ${label}`);
-    console.log(`  ${PASS}  Evidence:     ${DIM(detection.evidence)}`);
-  } else {
-    console.log(`  ${WARN}  Stack:        ${label} ${DIM('(low confidence — fallback preset)')}`);
-    console.log(`       ${DIM(detection.evidence)}`);
-    console.log(`       ${DIM('Edit guardrail.config.yaml to switch presets if needed')}`);
-  }
-  console.log(`  ${PASS}  Test command: ${DIM(detection.testCommand)}`);
-  const { hasKey, preferred } = detectLLMKey();
-  if (hasKey) {
-    console.log(`  ${PASS}  LLM API key:  detected (${preferred})`);
-  } else {
-    console.log(`  ${WARN}  LLM API key:  not found`);
-    console.log(`       ${DIM(`Set one of: ${LLM_KEY_NAMES.join(', ')}`)}`);
-  }
-  const presetConfigPath = findPresetConfig(detection.preset, cwd);
-  if (!presetConfigPath) {
-    throw new Error(`Preset config not found for: ${detection.preset}. Looked in:\n  ${presetSearchPaths(detection.preset, cwd).join('\n  ')}`);
-  }
-  let presetContent = await fsAsync.readFile(presetConfigPath, 'utf8');
-  presetContent = presetContent.trimEnd() + `\ntestCommand: "${detection.testCommand}"\n`;
-  // Apply profile overlay if specified
-  if (options.profile) {
-    const profile = PROFILES[options.profile];
-    if (profile) {
-      console.log(`  ${PASS}  Profile:      ${profile.label}`);
-      // Profile overlay replaces staticRules + policy sections from preset
-      presetContent = presetContent
-        .replace(/^staticRules:.*?(?=^\w|\z)/ms, '')
-        .replace(/^policy:.*?(?=^\w|\z)/ms, '');
-      presetContent = presetContent.trimEnd() + `\n${profile.overlay}\n`;
-    }
-  }
-  await fsAsync.writeFile(dest, presetContent, 'utf8');
-  console.log(`\n${BOLD('Config written to guardrail.config.yaml:')}\n`);
-  for (const line of presetContent.trimEnd().split('\n')) {
-    console.log(`  ${DIM(line)}`);
-  }
-  let hookInstalled = false;
-  if (!options.skipHook) {
-    const hookCode = await runHook('install', { cwd, silent: true });
-    hookInstalled = hookCode === 0;
-    if (hookInstalled) {
-      console.log(`\n  ${PASS}  Pre-push git hook installed`);
-    } else {
-      console.log(`\n  ${WARN}  Hook install failed (run: npx guardrail hook install)`);
-    }
-  }
-  console.log('\nChecking prerequisites…');
-  await runDoctor();
-  console.log(`\n${BOLD('Next steps:')}\n`);
-  if (!hasKey) {
-    console.log(`  1. ${CYAN('Set an LLM API key')} — guardrail needs one to review code:`);
-    console.log(`       export ANTHROPIC_API_KEY=sk-ant-...     # https://console.anthropic.com/`);
-    console.log(`       export OPENAI_API_KEY=sk-...            # https://platform.openai.com/api-keys`);
-    console.log(`       export GROQ_API_KEY=gsk_...             # https://console.groq.com/keys (free)\n`);
-    console.log(`  2. ${CYAN('Review your changes:')}`);
-    console.log(`       npx guardrail run --base main\n`);
-    console.log(`  3. ${CYAN('Scan any path directly:')}`);
-    console.log(`       npx guardrail scan src/auth/\n`);
-  } else {
-    console.log(`  ${CYAN('Review git-changed files:')}`);
-    console.log(`    npx guardrail run --base main\n`);
-    console.log(`  ${CYAN('Scan any path (no git needed):')}`);
-    console.log(`    npx guardrail scan src/auth/\n`);
-    console.log(`  ${CYAN('Ask a targeted question:')}`);
-    console.log(`    npx guardrail scan --ask "is there SQL injection here?" src/db/\n`);
-    if (!hookInstalled && !options.skipHook) {
-      console.log(`  ${CYAN('Install pre-push hook (auto-runs before git push):')}`);
-      console.log(`    npx guardrail hook install\n`);
-    }
-  }
-}

package/src/cli/test-gen.ts DELETED Viewed

@@ -1,125 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { execFileSync } from 'node:child_process';
-import { loadConfig } from '../core/config/loader.ts';
-import { loadAdapter } from '../adapters/loader.ts';
-import type { ReviewEngine } from '../adapters/review-engine/types.ts';
-import { findCoverageGaps } from '../core/test-gen/coverage-analyzer.ts';
-import { detectTestFramework } from '../core/test-gen/framework-detector.ts';
-import { writeGeneratedTest, buildGenerationPrompt } from '../core/test-gen/test-writer.ts';
-const C = { reset: '\x1b[0m', green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', dim: '\x1b[2m', bold: '\x1b[1m', cyan: '\x1b[36m' };
-export interface TestGenOptions {
-  cwd?: string;
-  configPath?: string;
-  targets?: string[];
-  base?: string;
-  dryRun?: boolean;
-  verify?: boolean;
-}
-export async function runTestGen(options: TestGenOptions = {}): Promise<number> {
-  const cwd = options.cwd ?? process.cwd();
-  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
-  let config = { configVersion: 1 as const, testCommand: null as string | null };
-  if (fs.existsSync(configPath)) {
-    try {
-      const loaded = await loadConfig(configPath);
-      if (loaded) config = loaded as typeof config;
-    } catch {
-      // proceed with defaults if config fails to load
-    }
-  }
-  // Collect files to analyze
-  let files: string[];
-  if (options.targets && options.targets.length > 0) {
-    files = options.targets.map(t => path.isAbsolute(t) ? t : path.resolve(cwd, t));
-  } else {
-    // Fall back to git-changed files
-    try {
-      const base = options.base ?? 'HEAD~1';
-      const out = execFileSync('git', ['diff', '--name-only', base, 'HEAD'], { cwd, encoding: 'utf8' });
-      files = out.trim().split('\n').filter(Boolean).map(f => path.resolve(cwd, f));
-    } catch {
-      console.error(`${C.red}[test-gen] No targets specified and git diff failed. Pass a path: guardrail test-gen src/${C.reset}`);
-      return 1;
-    }
-  }
-  console.log(`${C.bold}[test-gen]${C.reset} Analyzing ${files.length} file(s)...`);
-  const gaps = findCoverageGaps(files);
-  if (gaps.length === 0) {
-    console.log(`${C.green}[test-gen] No coverage gaps found${C.reset}`);
-    return 0;
-  }
-  for (const gap of gaps) {
-    const rel = path.relative(cwd, gap.file);
-    const covered = gap.exports.length;
-    console.log(`  ${C.cyan}${rel}${C.reset}  ${covered} uncovered export(s): ${gap.exports.join(', ')}`);
-  }
-  if (options.dryRun) {
-    console.log(`\n${C.yellow}[test-gen] Dry run — not generating tests${C.reset}`);
-    return 0;
-  }
-  // Load review engine for generation
-  const engineRef = (config as { reviewEngine?: unknown }).reviewEngine ?? 'auto';
-  let engine: Awaited<ReturnType<typeof loadAdapter>>;
-  try {
-    engine = await loadAdapter({ point: 'review-engine', ref: engineRef as string });
-  } catch (err) {
-    console.error(`${C.red}[test-gen] Could not load review engine: ${err}${C.reset}`);
-    return 1;
-  }
-  const framework = detectTestFramework(cwd);
-  const written: string[] = [];
-  for (const gap of gaps) {
-    let sourceContent: string;
-    try { sourceContent = fs.readFileSync(gap.file, 'utf8'); } catch { continue; }
-    const prompt = buildGenerationPrompt(gap, sourceContent, framework);
-    process.stdout.write(`  Generating ${path.relative(cwd, gap.testFile)}... `);
-    try {
-      const result = await (engine as unknown as ReviewEngine).review({ content: prompt, kind: 'spec', context: { cwd } });
-      // Extract code block if wrapped in markdown
-      let code = result.rawOutput.trim();
-      const fenceMatch = code.match(/```(?:typescript|ts|javascript|js)?\n([\s\S]*?)```/);
-      if (fenceMatch) code = fenceMatch[1]!.trim();
-      const testPath = writeGeneratedTest(gap, code);
-      written.push(testPath);
-      console.log(`${C.green}done${C.reset}`);
-      // Verify mode
-      if (options.verify && config.testCommand) {
-        try {
-          const [cmd, ...cmdArgs] = config.testCommand.split(/\s+/);
-          execFileSync(cmd!, cmdArgs, { cwd, stdio: 'ignore', timeout: 60_000 });
-        } catch {
-          fs.unlinkSync(testPath);
-          written.pop();
-          console.log(`  ${C.yellow}  ↳ tests failed — reverted${C.reset}`);
-        }
-      }
-    } catch (err) {
-      console.log(`${C.red}failed: ${err}${C.reset}`);
-    }
-  }
-  if (written.length > 0) {
-    console.log(`\n${C.green}[test-gen] Generated ${written.length} test file(s):${C.reset}`);
-    for (const f of written) console.log(`  ${path.relative(cwd, f)}`);
-  }
-  return 0;
-}

package/src/cli/triage.ts DELETED Viewed

@@ -1,137 +0,0 @@
-import { loadCachedFindings } from '../core/persist/findings-cache.ts';
-import {
-  loadTriage, saveTriage, addTriageEntry, removeTriageEntry, clearExpiredEntries,
-  type TriageState,
-} from '../core/persist/triage.ts';
-const C = {
-  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
-  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m',
-};
-const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
-export interface TriageCommandOptions {
-  cwd?: string;
-}
-function parseTriageArgs(rest: string[]): { reason?: string; expiresInDays?: number; positional: string[] } {
-  let reason: string | undefined;
-  let expiresInDays: number | undefined;
-  const positional: string[] = [];
-  for (let i = 0; i < rest.length; i++) {
-    if (rest[i] === '--reason' && rest[i + 1]) { reason = rest[++i]; }
-    else if (rest[i] === '--expires' && rest[i + 1]) { expiresInDays = parseInt(rest[++i]!, 10); }
-    else if (!rest[i]!.startsWith('--')) { positional.push(rest[i]!); }
-  }
-  return { reason, expiresInDays, positional };
-}
-export async function runTriage(
-  subcommand: string | undefined,
-  rest: string[],
-  options: TriageCommandOptions = {},
-): Promise<number> {
-  const cwd = options.cwd ?? process.cwd();
-  if (subcommand === 'list' || subcommand === 'show') {
-    return cmdList(cwd);
-  }
-  if (subcommand === 'clear') {
-    const { positional } = parseTriageArgs(rest);
-    return cmdClear(cwd, positional, rest.includes('--expired'));
-  }
-  // Default: triage <finding-id> <state>
-  const findingId = subcommand;
-  const { reason, expiresInDays, positional } = parseTriageArgs(rest);
-  const stateArg = positional[0];
-  if (!findingId || !stateArg) {
-    printUsage();
-    return 1;
-  }
-  if (stateArg !== 'accepted-risk' && stateArg !== 'false-positive') {
-    console.error(fmt('red', `[triage] State must be "accepted-risk" or "false-positive", got: "${stateArg}"`));
-    return 1;
-  }
-  const findings = loadCachedFindings(cwd);
-  const finding = findings.find(f => f.id === findingId || f.id.startsWith(findingId));
-  if (!finding) {
-    console.error(fmt('red', `[triage] Finding not found: "${findingId}"`));
-    console.error(fmt('dim', '         Run `guardrail run` or `guardrail scan` first, then `guardrail report` to list IDs'));
-    return 1;
-  }
-  addTriageEntry(cwd, finding, stateArg as TriageState, { reason, expiresInDays });
-  const expNote = expiresInDays !== undefined ? fmt('dim', ` (expires in ${expiresInDays} days)`) : '';
-  console.log(`${fmt('green', '✓')}  ${fmt('bold', stateArg)}  ${finding.file}${finding.line ? `:${finding.line}` : ''} — ${finding.message}${expNote}`);
-  if (reason) console.log(fmt('dim', `   Reason: ${reason}`));
-  console.log(fmt('dim', '   Suppressed from future runs. Commit .guardrail-triage.json to share with team.'));
-  return 0;
-}
-function cmdList(cwd: string): number {
-  const store = loadTriage(cwd);
-  const now = new Date().toISOString();
-  const active = store.entries.filter(e => !e.expiresAt || e.expiresAt > now);
-  const expired = store.entries.filter(e => e.expiresAt && e.expiresAt <= now);
-  if (store.entries.length === 0) {
-    console.log(fmt('dim', '[triage] No triaged findings.'));
-    return 0;
-  }
-  console.log(`\n${fmt('bold', '[triage]')} ${active.length} active, ${expired.length} expired\n`);
-  for (const e of active) {
-    const tag = e.state === 'false-positive'
-      ? fmt('dim', 'false-positive ')
-      : fmt('yellow', 'accepted-risk  ');
-    const exp = e.expiresAt ? fmt('dim', ` expires ${e.expiresAt.slice(0, 10)}`) : '';
-    console.log(`  [${tag}]  ${fmt('dim', `${e.file}${e.line ? `:${e.line}` : ''}`)} — ${e.id}${exp}`);
-    if (e.reason) console.log(fmt('dim', `             Reason: ${e.reason}`));
-  }
-  if (expired.length > 0) {
-    console.log(fmt('dim', `\n  ${expired.length} expired — run \`guardrail triage clear --expired\` to remove`));
-  }
-  console.log('');
-  return 0;
-}
-function cmdClear(cwd: string, ids: string[], expired: boolean): number {
-  if (expired) {
-    const removed = clearExpiredEntries(cwd);
-    console.log(fmt('dim', `[triage] Cleared ${removed} expired entr${removed === 1 ? 'y' : 'ies'}`));
-    return 0;
-  }
-  if (ids.length === 0) {
-    console.error(fmt('red', '[triage] clear requires a finding ID or --expired'));
-    return 1;
-  }
-  const removed = removeTriageEntry(cwd, ids);
-  console.log(fmt('dim', `[triage] Cleared ${removed} entr${removed === 1 ? 'y' : 'ies'}`));
-  return 0;
-}
-function printUsage(): void {
-  console.error(`
-${fmt('bold', 'Usage:')}
-  guardrail triage <finding-id> accepted-risk|false-positive [options]
-  guardrail triage list
-  guardrail triage clear <finding-id> [<id>...]
-  guardrail triage clear --expired
-${fmt('bold', 'Options:')}
-  --reason <text>    Explain why this finding was triaged
-  --expires <days>   Auto-expire triage after N days
-${fmt('bold', 'States:')}
-  accepted-risk      Known issue, risk accepted — suppress without fixing
-  false-positive     Finding is incorrect — suppress permanently (or with expiry)
-${fmt('dim', 'Finding IDs come from `guardrail report` or the run output.')}
-`);
-}

package/src/cli/watch.ts DELETED Viewed

@@ -1,190 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { loadConfig } from '../core/config/loader.ts';
-import { resolvePreset, mergeConfigs } from '../core/config/preset-resolver.ts';
-import { loadAdapter } from '../adapters/loader.ts';
-import { runGuardrail } from '../core/pipeline/run.ts';
-import type { ReviewEngine } from '../adapters/review-engine/types.ts';
-import type { GuardrailConfig } from '../core/config/types.ts';
-const C = {
-  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
-  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
-};
-const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
-// Anchored to path segment boundaries — avoids matching "mynode_modules" or similar
-export const IGNORED_PATTERNS: readonly RegExp[] = [
-  /(^|[/\\])node_modules([/\\]|$)/,
-  /(^|[/\\])\.git([/\\]|$)/,
-  /(^|[/\\])\.guardrail-cache([/\\]|$)/,
-  /\.(log|tmp|swp|swo|DS_Store)$/,
-  /~$/,
-];
-export function isIgnored(p: string): boolean {
-  return IGNORED_PATTERNS.some(r => r.test(p));
-}
-/**
- * Pure debounce accumulator — returned functions are the testable core of watch logic.
- * schedule(file) → adds file, starts/resets timer; when debounce fires, calls flush(batch).
- * onSchedule (optional) is called on every schedule() with the file and current queue size.
- */
-export function makeDebouncer(
-  flushFn: (batch: string[]) => void,
-  debounceMs: number,
-  onSchedule?: (file: string, queueSize: number) => void,
-): { schedule: (file: string) => void; pending: () => string[] } {
-  const pending = new Set<string>();
-  let timer: ReturnType<typeof setTimeout> | null = null;
-  return {
-    schedule(file: string) {
-      pending.add(file);
-      if (timer) clearTimeout(timer);
-      timer = setTimeout(() => {
-        const batch = [...pending];
-        pending.clear();
-        timer = null;
-        flushFn(batch);
-      }, debounceMs);
-      onSchedule?.(file, pending.size);
-    },
-    pending() { return [...pending]; },
-  };
-}
-export interface WatchOptions {
-  cwd?: string;
-  configPath?: string;
-  debounceMs?: number;
-}
-export async function runWatch(options: WatchOptions = {}): Promise<void> {
-  const cwd = options.cwd ?? process.cwd();
-  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
-  const debounceMs = options.debounceMs ?? 300;
-  // Zero-config fallback — same as `run`
-  let config: GuardrailConfig;
-  if (!fs.existsSync(configPath)) {
-    config = { configVersion: 1, reviewEngine: { adapter: 'auto' }, testCommand: null };
-  } else {
-    try {
-      const userConfig = await loadConfig(configPath);
-      config = userConfig.preset
-        ? mergeConfigs((await resolvePreset(userConfig.preset)).config, userConfig)
-        : userConfig;
-    } catch (err) {
-      console.error(fmt('red', `[watch] Config error: ${err instanceof Error ? err.message : String(err)}`));
-      process.exit(1);
-    }
-  }
-  const hasAnyKey = !!(process.env.ANTHROPIC_API_KEY || process.env.GEMINI_API_KEY ||
-    process.env.GOOGLE_API_KEY || process.env.OPENAI_API_KEY || process.env.GROQ_API_KEY);
-  let reviewEngine: ReviewEngine | undefined;
-  if (config.reviewEngine && hasAnyKey) {
-    const ref = typeof config.reviewEngine === 'string' ? config.reviewEngine : config.reviewEngine.adapter;
-    try {
-      reviewEngine = await loadAdapter<ReviewEngine>({
-        point: 'review-engine', ref,
-        options: typeof config.reviewEngine === 'string' ? undefined : config.reviewEngine.options,
-      });
-    } catch { /* skip — static rules still run */ }
-  }
-  const keyStatus = hasAnyKey
-    ? fmt('green', '✓ LLM review enabled')
-    : fmt('yellow', '! No API key — static rules only  (set ANTHROPIC_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, or GROQ_API_KEY)');
-  console.log(`\n${fmt('bold', '[watch]')} ${fmt('dim', cwd)}`);
-  console.log(fmt('dim', `  debounce: ${debounceMs}ms  |  Ctrl+C to exit`));
-  console.log(`  ${keyStatus}\n`);
-  console.log(fmt('dim', '  Watching for changes…\n'));
-  let running = false;
-  const nextPending = new Set<string>();
-  let debounceLineShown = false;
-  const runBatch = async (batch: string[]) => {
-    debounceLineShown = false;
-    if (running) {
-      for (const f of batch) nextPending.add(f);
-      return;
-    }
-    running = true;
-    const rel = batch.map(f => path.isAbsolute(f) ? path.relative(cwd, f) : f);
-    const ts = new Date().toLocaleTimeString();
-    console.log(`\n${fmt('cyan', `─── ${ts} ──────────────────────────────────`)}`);
-    console.log(fmt('dim', `  changed: ${rel.slice(0, 4).join(', ')}${rel.length > 4 ? ` +${rel.length - 4} more` : ''}`));
-    try {
-      const result = await runGuardrail({ touchedFiles: rel, config, reviewEngine, cwd });
-      for (const phase of result.phases) {
-        const icon = phase.status === 'pass' ? fmt('green', '✓')
-          : phase.status === 'skip' ? fmt('dim', '–')
-          : phase.status === 'warn' ? fmt('yellow', '!')
-          : fmt('red', '✗');
-        console.log(`  ${icon}  ${phase.phase.padEnd(14)}${fmt('dim', ` ${(phase as {durationMs?: number}).durationMs ?? 0}ms`)}`);
-        for (const f of phase.findings) {
-          if (f.severity === 'critical' || f.severity === 'warning') {
-            const sev = f.severity === 'critical' ? fmt('red', 'CRITICAL') : fmt('yellow', 'WARNING ');
-            console.log(`       ${sev}  ${f.file}${f.line ? `:${f.line}` : ''} — ${f.message}`);
-          }
-        }
-      }
-      const verdict = result.status === 'pass' ? fmt('green', '✓ pass')
-        : result.status === 'warn' ? fmt('yellow', '! warn')
-        : fmt('red', '✗ fail');
-      const cost = result.totalCostUSD !== undefined ? fmt('dim', `  $${result.totalCostUSD.toFixed(4)}`) : '';
-      console.log(`\n  ${verdict}${cost}  ${fmt('dim', `${result.durationMs}ms`)}`);
-    } catch (err) {
-      console.error(fmt('red', `  error: ${err instanceof Error ? err.message : String(err)}`));
-    }
-    running = false;
-    console.log(fmt('dim', '\n  Watching for changes…'));
-    if (nextPending.size > 0) {
-      const queued = [...nextPending];
-      nextPending.clear();
-      runBatch(queued);
-    }
-  };
-  const debouncer = makeDebouncer(
-    batch => { runBatch(batch); },
-    debounceMs,
-    (_file, queueSize) => {
-      if (!debounceLineShown && !running) {
-        process.stdout.write(fmt('dim', `  ⋯ ${queueSize} file(s) queued — reviewing in ${debounceMs}ms…\r`));
-        debounceLineShown = true;
-      }
-    },
-  );
-  const onEvent = (_event: string, filename: string | null) => {
-    if (!filename) return;
-    const full = path.isAbsolute(filename) ? filename : path.join(cwd, filename);
-    if (isIgnored(full)) return;
-    debouncer.schedule(full);
-  };
-  // fs.watch recursive is supported on macOS/Linux kernel ≥5.1; Windows uses ReadDirectoryChangesW.
-  // Alpha limitation: not battle-tested in Docker/container contexts — upgrade to chokidar for beta.
-  const watcher = fs.watch(cwd, { recursive: true }, onEvent);
-  process.on('SIGINT', () => {
-    console.log(fmt('dim', '\n[watch] exiting'));
-    watcher.close();
-    process.exit(0);
-  });
-  // Keep the process alive
-  await new Promise<void>(() => { /* never resolves — watch loop runs until SIGINT */ });
-}