@delegance/claude-autopilot 5.0.6 → 5.0.8

package/dist/src/adapters/council/claude.js

@@ -3,6 +3,9 @@ import { GuardrailError } from "../../core/errors.js";
 import { classifyError } from "../review-engine/prompt-builder.js";
 const SYSTEM_PROMPT = `You are a technical advisor reviewing a software design decision. Evaluate the provided context and question critically. Be direct and specific. Surface tradeoffs, risks, and your recommendation.`;
 const MAX_OUTPUT_TOKENS = 2048;
+// Default Opus 4.7 rates — env override for other models.
+const COST_PER_M_INPUT = Number(process.env.CLAUDE_COST_INPUT_PER_M ?? 15.0);
+const COST_PER_M_OUTPUT = Number(process.env.CLAUDE_COST_OUTPUT_PER_M ?? 75.0);
 export function makeClaudeCouncilAdapter(model, label) {
     return {
         label,
@@ -30,10 +33,17 @@ export function makeClaudeCouncilAdapter(model, label) {
                     retryable: code === 'rate_limit',
                 });
             }
-            return response.content
+            const text = response.content
                 .filter(b => b.type === 'text')
                 .map(b => b.text)
                 .join('');
+            const usage = response.usage ? {
+                input: response.usage.input_tokens,
+                output: response.usage.output_tokens,
+                costUSD: (response.usage.input_tokens / 1_000_000) * COST_PER_M_INPUT +
+                    (response.usage.output_tokens / 1_000_000) * COST_PER_M_OUTPUT,
+            } : undefined;
+            return { text, usage };
         },
     };
 }

package/dist/src/adapters/council/openai.js

@@ -13,6 +13,10 @@ const MAX_OUTPUT_TOKENS = 2048;
 function isResponsesOnlyModel(model) {
     return /codex|^o[1-9]|^gpt-5\.3-/i.test(model);
 }
+// Per-million-token rates for gpt-5.3-codex (override via env for other models).
+// Mirrors the review-engine codex adapter's pricing.
+const COST_PER_M_INPUT = Number(process.env.CODEX_COST_INPUT_PER_M ?? 1.25);
+const COST_PER_M_OUTPUT = Number(process.env.CODEX_COST_OUTPUT_PER_M ?? 10.0);
 export function makeOpenAICouncilAdapter(model, label) {
     return {
         label,
@@ -31,7 +35,13 @@ export function makeOpenAICouncilAdapter(model, label) {
                         input: userInput,
                         max_output_tokens: MAX_OUTPUT_TOKENS,
                     });
-                    return response.output_text ?? '';
+                    const usage = response.usage ? {
+                        input: response.usage.input_tokens,
+                        output: response.usage.output_tokens,
+                        costUSD: (response.usage.input_tokens / 1_000_000) * COST_PER_M_INPUT +
+                            (response.usage.output_tokens / 1_000_000) * COST_PER_M_OUTPUT,
+                    } : undefined;
+                    return { text: response.output_text ?? '', usage };
                 }
                 const response = await client.chat.completions.create({
                     model,
@@ -41,7 +51,13 @@ export function makeOpenAICouncilAdapter(model, label) {
                         { role: 'user', content: userInput },
                     ],
                 });
-                return response.choices[0]?.message?.content ?? '';
+                const usage = response.usage ? {
+                    input: response.usage.prompt_tokens,
+                    output: response.usage.completion_tokens,
+                    costUSD: (response.usage.prompt_tokens / 1_000_000) * COST_PER_M_INPUT +
+                        (response.usage.completion_tokens / 1_000_000) * COST_PER_M_OUTPUT,
+                } : undefined;
+                return { text: response.choices[0]?.message?.content ?? '', usage };
             }
             catch (err) {
                 const message = err instanceof Error ? err.message : String(err);

package/dist/src/adapters/council/types.d.ts

@@ -1,5 +1,14 @@
+export interface CouncilUsage {
+    input: number;
+    output: number;
+    costUSD?: number;
+}
+export interface CouncilConsultResult {
+    text: string;
+    usage?: CouncilUsage;
+}
 export interface CouncilAdapter {
     readonly label: string;
-    consult(prompt: string, context: string): Promise<string>;
+    consult(prompt: string, context: string): Promise<CouncilConsultResult>;
 }
 //# sourceMappingURL=types.d.ts.map

package/dist/src/adapters/review-engine/parse-output.js

@@ -22,9 +22,11 @@ const CODE_EXT = String.raw `(?:` +
     // 3
     String.raw `asm|cjs|clj|cpp|css|edn|elm|env|erl|exs|fsi|fsx|gql|hcl|hpp|htm|ini|jsx|lua|mdx|mjs|mli|nim|php|sol|sql|tsx|vue|xml|yml|zig|zsh|` +
     // 2
-    String.raw `cc|cs|ex|fs|go|hs|jl|js|kt|md|mk|ml|mm|pl|pm|py|rb|rs|sc|sh|tf|ts|` +
-    // 1
-    String.raw `c|d|h|m|r|s` +
+    String.raw `cc|cs|ex|fs|go|hs|jl|js|kt|md|mk|ml|mm|pl|pm|py|rb|rs|sc|sh|tf|ts` +
+    // (single-letter code extensions like c/d/h/m/r/s are intentionally NOT in
+    // the bare-reference alternation: prose like "fn.r" or "lib.h" matches as
+    // a "file" too easily and breaks the `fix` command. They still match when
+    // explicitly backtick-wrapped — the LLM has to signal intent.)
     String.raw `)`;
 // Matches "path/to/file.ts:42" (bare with known ext), "`path/to/file.ts`" (any
 // ext when explicitly backtick-wrapped). Backtick-wrapped accepts any extension
@@ -33,10 +35,20 @@ const FILE_REF = new RegExp(String.raw `(?:` +
     String.raw `\x60([^\x60]+\.[a-z]{1,6})\x60` +
     String.raw `|(\b[\w./\-]+\.` + CODE_EXT + String.raw `)(?::(\d+))?` +
     String.raw `)`, 'i');
+// Matches "line 42", "on line 42", "at line 42" — used as a fallback when the
+// LLM mentions a line number separately from the file ref. Critical for `fix`:
+// without a line, the fixer can't extract a code snippet, so findings without
+// `line` got silently dropped from `fix --dry-run` (the path-only finding case
+// was the most-cited demo torpedo from the 5.0.7 stress test).
+const LINE_REF = /\b(?:on |at )?line\s+(\d+)\b/i;
 function extractFileRef(text) {
     const m = text.match(FILE_REF);
-    if (!m)
-        return { file: '<unspecified>' };
+    if (!m) {
+        // No file ref at all — but maybe the body still has "line N" prose we can
+        // surface. Caller treats file `<unspecified>` as a sentinel either way.
+        const lm = text.match(LINE_REF);
+        return lm ? { file: '<unspecified>', line: parseInt(lm[1], 10) } : { file: '<unspecified>' };
+    }
     const raw = (m[1] ?? m[2]);
     // Skip version strings (v1.2.3), bare dotfile extensions with no path
     // separator, and known prose abbreviations that slipped through the regex
@@ -45,10 +57,16 @@ function extractFileRef(text) {
     if (/^v?\d/.test(raw) ||
         (!raw.includes('/') && raw.startsWith('.') && raw.split('.').length === 2) ||
         /^(?:e\.g|i\.e|etc|vs|cf|al|U\.S|U\.K)$/i.test(raw)) {
-        return { file: '<unspecified>' };
+        const lm = text.match(LINE_REF);
+        return lm ? { file: '<unspecified>', line: parseInt(lm[1], 10) } : { file: '<unspecified>' };
     }
-    const line = m[3] ? parseInt(m[3], 10) : undefined;
-    return { file: raw, line };
+    // Prefer the colon-line from the file ref (`foo.ts:42`); fall back to a
+    // separately-mentioned line ("line 42") only when the file ref didn't carry one.
+    const colonLine = m[3] ? parseInt(m[3], 10) : undefined;
+    if (colonLine !== undefined)
+        return { file: raw, line: colonLine };
+    const lm = text.match(LINE_REF);
+    return lm ? { file: raw, line: parseInt(lm[1], 10) } : { file: raw };
 }
 // Accepts any of: `### [CRITICAL] title`, `### CRITICAL title`, `### **CRITICAL** title`,
 // `### **[CRITICAL]** title`. Severity capture works across variants.

package/dist/src/cli/council.js

@@ -7,6 +7,7 @@ import { runCouncil } from "../core/council/runner.js";
 import { makeClaudeCouncilAdapter } from "../adapters/council/claude.js";
 import { makeOpenAICouncilAdapter } from "../adapters/council/openai.js";
 import { GuardrailError } from "../core/errors.js";
+import { appendCostLog } from "../core/persist/cost-log.js";
 function makeAdapter(entry) {
     switch (entry.adapter) {
         case 'claude': return makeClaudeCouncilAdapter(entry.model, entry.label);
@@ -58,14 +59,26 @@ export async function runCouncilCmd(opts) {
     }
     const adapters = councilConfig.models.map(makeAdapter);
     const synthesizer = opts.noSynthesize
-        ? { label: 'none', consult: async () => '' }
+        ? { label: 'none', consult: async () => ({ text: '' }) }
         : makeAdapter(councilConfig.synthesizer);
-    const result = await runCouncil(councilConfig, adapters, synthesizer, opts.prompt, contextDoc);
+    const start = Date.now();
+    const { result, usage } = await runCouncil(councilConfig, adapters, synthesizer, opts.prompt, contextDoc);
     // When no-synthesize, clear the empty synthesis object
     if (opts.noSynthesize && result.synthesis?.text === '') {
         delete result['synthesis'];
     }
     process.stdout.write(JSON.stringify(result, null, 2) + '\n');
+    // Persist to cost log so `claude-autopilot costs` reflects council runs
+    // (previously dropped — only scan + run pipeline were tracked, leading to
+    // misleadingly low lifetime totals after a council-heavy session).
+    appendCostLog(cwd, {
+        timestamp: new Date().toISOString(),
+        files: 0,
+        inputTokens: usage.inputTokens,
+        outputTokens: usage.outputTokens,
+        costUSD: usage.costUSD,
+        durationMs: Date.now() - start,
+    });
     if (result.status === 'failed')
         return 2;
     if (result.status === 'partial')

package/dist/src/cli/fix.js

@@ -38,8 +38,13 @@ export async function runFix(options = {}) {
         console.log(fmt('yellow', '[fix] No cached findings — run `guardrail scan <path>` or `guardrail run` first.'));
         return 0;
     }
-    const fixable = findings.filter(f => {
-        if (!f.line || !f.file || f.file === '<unspecified>' || f.file === '<pipeline>')
+    // Two gates:
+    //  - "actionable": has a real file path. Surfaced in dry-run so the user sees
+    //    findings even when the LLM didn't pin a line number.
+    //  - "fixable": also has a line. The LLM-fix loop needs both to extract a
+    //    code snippet around the finding location.
+    const actionable = findings.filter(f => {
+        if (!f.file || f.file === '<unspecified>' || f.file === '<pipeline>')
             return false;
         if (severityFilter === 'all')
             return true;
@@ -47,8 +52,21 @@ export async function runFix(options = {}) {
             return f.severity === 'critical';
         return f.severity === 'critical' || f.severity === 'warning';
     });
+    const fixable = actionable.filter(f => f.line && f.line > 0);
+    if (actionable.length === 0) {
+        console.log(fmt('yellow', `[fix] No actionable findings (severity=${severityFilter}, need file path).`));
+        return 0;
+    }
     if (fixable.length === 0) {
-        console.log(fmt('yellow', `[fix] No fixable findings (severity=${severityFilter}, need file+line).`));
+        const verb = actionable.length === 1 ? 'has' : 'have';
+        const noun = actionable.length === 1 ? 'finding' : 'findings';
+        console.log(fmt('yellow', `[fix] ${actionable.length} ${noun} ${verb} file but no line — model output was line-less. Re-run scan with --ask "include line numbers" or run \`claude-autopilot run\` for richer extraction.`));
+        for (const f of actionable) {
+            const sev = f.severity === 'critical' ? fmt('red', 'CRITICAL')
+                : f.severity === 'warning' ? fmt('yellow', 'WARNING ')
+                    : fmt('dim', 'NOTE    ');
+            console.log(`  [${sev}] ${fmt('dim', f.file)} ${f.message}`);
+        }
         return 0;
     }
     const modeNote = options.dryRun ? ' (dry run)' : options.yes ? '' : ' (interactive — use --yes to skip prompts)';

package/dist/src/cli/pr-desc.d.ts

@@ -13,8 +13,14 @@ export interface PrDescOptions {
             kind: string;
         }): Promise<{
             rawOutput: string;
+            usage?: {
+                input: number;
+                output: number;
+                costUSD?: number;
+            };
         }>;
     };
+    _cwd?: string;
 }
 export interface PrDescResult {
     title: string;

package/dist/src/cli/pr-desc.js

@@ -1,5 +1,6 @@
 import * as fs from 'node:fs';
 import { execSync, spawnSync } from 'node:child_process';
+import { appendCostLog } from "../core/persist/cost-log.js";
 export function truncateDiff(diff, charLimit = 6000) {
     if (diff.length <= charLimit)
         return diff;
@@ -87,7 +88,8 @@ export async function runPrDesc(options) {
     const findings = options._cachedFindings ?? loadCachedFindings();
     const prompt = buildPrompt(branchName, truncateDiff(diff), summarizeFindings(findings));
     const engine = options._reviewEngine ?? await resolveEngine();
-    const { rawOutput } = await engine.review({ content: prompt, kind: 'pr-diff' });
+    const start = Date.now();
+    const { rawOutput, usage } = await engine.review({ content: prompt, kind: 'pr-diff' });
     // Extract first non-empty bullet from the model's Summary section as a
     // last-resort title fallback when the model didn't emit `Title: ...`.
     const firstSummaryLine = rawOutput.split('\n')
@@ -101,6 +103,17 @@ export async function runPrDesc(options) {
     else {
         process.stdout.write(formatted + '\n');
     }
+    // Persist to cost log AFTER the output is emitted. The function itself
+    // swallows write errors (see core/persist/cost-log.ts) so a read-only FS
+    // or full disk doesn't kill commands that already succeeded.
+    appendCostLog(options._cwd ?? process.cwd(), {
+        timestamp: new Date().toISOString(),
+        files: 1,
+        inputTokens: usage?.input ?? 0,
+        outputTokens: usage?.output ?? 0,
+        costUSD: usage?.costUSD ?? 0,
+        durationMs: Date.now() - start,
+    });
     if (options.post) {
         return createPr(title, body, options.yes ?? false);
     }

package/dist/src/cli/scan.js

@@ -133,17 +133,17 @@ export async function runScan(options = {}) {
         cwd,
         gitSummary: focusHint,
     });
-    // Single-file scan fallback — when only one file was scanned, the LLM
-    // doesn't always repeat the file path in its findings (it knows the
-    // context). Backfill `<unspecified>` with the actual scan target so the
-    // `fix` command can match findings to real paths. Without this, a
-    // `claude-autopilot scan src/foo.ts` produces findings with file
-    // `<unspecified>` and `fix --severity all` reports "no fixable findings".
+    // Single-file scan: every finding is about that file (or its imports).
+    // The LLM sometimes emits prose tokens like "n.r" or "fn.c" that the parser
+    // greedily matches as a file ref, producing junk paths that break `fix`.
+    // For single-file scan we KNOW the file — overwrite unconditionally rather
+    // than only filling `<unspecified>`. The 5.0.6 fallback was conditional on
+    // `<unspecified>` and missed the prose-noise case, leaving findings with
+    // bogus `n.r` paths that broke `fix --severity all` ("no fixable findings").
     if (relFiles.length === 1) {
         const onlyFile = relFiles[0];
         for (const f of result.findings) {
-            if (!f.file || f.file === '<unspecified>')
-                f.file = onlyFile;
+            f.file = onlyFile;
         }
     }
     // Apply ignore rules

package/dist/src/core/council/runner.d.ts

@@ -1,4 +1,12 @@
 import type { CouncilConfig, CouncilResult } from './types.ts';
 import type { CouncilAdapter } from '../../adapters/council/types.ts';
-export declare function runCouncil(config: CouncilConfig, adapters: CouncilAdapter[], synthesizer: CouncilAdapter, prompt: string, contextDoc: string): Promise<CouncilResult>;
+export interface CouncilRunOutput {
+    result: CouncilResult;
+    usage: {
+        inputTokens: number;
+        outputTokens: number;
+        costUSD: number;
+    };
+}
+export declare function runCouncil(config: CouncilConfig, adapters: CouncilAdapter[], synthesizer: CouncilAdapter, prompt: string, contextDoc: string): Promise<CouncilRunOutput>;
 //# sourceMappingURL=runner.d.ts.map

package/dist/src/core/council/runner.js

@@ -4,13 +4,19 @@ async function consultWithTimeout(adapter, prompt, context, timeoutMs) {
     const start = Date.now();
     let timer;
     try {
-        const text = await Promise.race([
+        const consultResult = await Promise.race([
             adapter.consult(prompt, context),
             new Promise((_, reject) => {
                 timer = setTimeout(() => reject(new Error('timeout')), timeoutMs);
             }),
         ]);
-        return { label: adapter.label, status: 'ok', text, latencyMs: Date.now() - start };
+        return {
+            label: adapter.label,
+            status: 'ok',
+            text: consultResult.text,
+            latencyMs: Date.now() - start,
+            usage: consultResult.usage,
+        };
     }
     catch (err) {
         const message = err instanceof Error ? err.message : String(err);
@@ -30,9 +36,27 @@ export async function runCouncil(config, adapters, synthesizer, prompt, contextD
     const run_id = crypto.randomUUID();
     const context = windowContext(contextDoc, config.parallelInputMaxTokens);
     const responses = await Promise.all(adapters.map(a => consultWithTimeout(a, prompt, context, config.timeoutMs)));
+    const aggregateUsage = (entries) => {
+        let inputTokens = 0, outputTokens = 0, costUSD = 0;
+        for (const e of entries) {
+            if (e.usage) {
+                inputTokens += e.usage.input;
+                outputTokens += e.usage.output;
+                costUSD += e.usage.costUSD ?? 0;
+            }
+        }
+        return { inputTokens, outputTokens, costUSD };
+    };
+    // Strip internal `usage` field before serializing to the public CouncilResult
+    // schema — usage is summed and surfaced separately so the CLI can log it to
+    // the cost ledger without leaking it into the JSON wire format.
+    const publicResponses = responses.map(({ usage: _u, ...rest }) => rest);
     const successful = responses.filter(r => r.status === 'ok');
     if (successful.length < config.minSuccessfulResponses) {
-        return { schema_version: 1, run_id, status: 'failed', prompt, responses };
+        return {
+            result: { schema_version: 1, run_id, status: 'failed', prompt, responses: publicResponses },
+            usage: aggregateUsage(responses),
+        };
     }
     const responseSections = successful
         .map(r => `### ${r.label}\n${r.text}`)
@@ -47,13 +71,20 @@ export async function runCouncil(config, adapters, synthesizer, prompt, contextD
     // Synthesizer shares the same per-call timeout as model calls so a hung
     // synthesizer API doesn't block the whole command indefinitely.
     const synthResponse = await consultWithTimeout(synthesizer, synthesisPrompt, synthesisCtx, config.timeoutMs);
+    const totalUsage = aggregateUsage([...responses, synthResponse]);
     // status:'ok' means the synthesizer call itself completed without error.
     // Empty text is valid (e.g. the --no-synthesize stub that intentionally
     // returns ''); only treat actual failures/timeouts as partial.
     if (synthResponse.status === 'ok') {
         const synthesis = { label: synthesizer.label, text: synthResponse.text ?? '', latencyMs: synthResponse.latencyMs };
-        return { schema_version: 1, run_id, status: 'success', prompt, responses, synthesis };
+        return {
+            result: { schema_version: 1, run_id, status: 'success', prompt, responses: publicResponses, synthesis },
+            usage: totalUsage,
+        };
     }
-    return { schema_version: 1, run_id, status: 'partial', prompt, responses };
+    return {
+        result: { schema_version: 1, run_id, status: 'partial', prompt, responses: publicResponses },
+        usage: totalUsage,
+    };
 }
 //# sourceMappingURL=runner.js.map

package/dist/src/core/persist/cost-log.js

@@ -3,9 +3,20 @@ import * as path from 'node:path';
 const CACHE_DIR = '.guardrail-cache';
 const LOG_FILE = 'costs.jsonl';
 export function appendCostLog(cwd, entry) {
-    const dir = path.join(cwd, CACHE_DIR);
-    fs.mkdirSync(dir, { recursive: true });
-    fs.appendFileSync(path.join(dir, LOG_FILE), JSON.stringify(entry) + '\n', 'utf8');
+    // Cost log is observability, not a contract. A failed write (read-only FS,
+    // full disk, permission error) must NEVER block the caller — every callsite
+    // calls this *after* its primary output is emitted, and a throw here would
+    // cause unhandled-rejection crashes after work has already succeeded.
+    // Bugbot HIGH on PR #51 surfaced this for pr-desc/council; consolidating
+    // the swallow here so the same defense applies to scan/run automatically.
+    try {
+        const dir = path.join(cwd, CACHE_DIR);
+        fs.mkdirSync(dir, { recursive: true });
+        fs.appendFileSync(path.join(dir, LOG_FILE), JSON.stringify(entry) + '\n', 'utf8');
+    }
+    catch {
+        // Intentionally empty — observability failures should not surface to users.
+    }
 }
 export function readCostLog(cwd) {
     const p = path.join(cwd, CACHE_DIR, LOG_FILE);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@delegance/claude-autopilot",
-  "version": "5.0.6",
+  "version": "5.0.8",
   "type": "module",
   "description": "Autonomous development pipeline for Claude Code: brainstorm → spec → plan → implement → migrate → validate → PR → review → merge. Multi-model, local-first, every phase a skill you can intervene in.",
   "keywords": [