claude-attribution 1.9.0 → 1.9.5

package/README.md

@@ -68,6 +68,51 @@ Up to three workflows are installed into repos that use this tool — one always
 
 ---
 
+## Publishing this package to npm
+
+This repo is set up to publish to npm from GitHub Actions on the **self-hosted runner** using an npm publish token. That avoids local OTP prompts while still fitting the repo's network restrictions.
+
+### One-time npm + GitHub setup
+
+This part must be done by a package owner:
+
+1. In npm, open the `claude-attribution` package and set **Publishing access** to **Require two-factor authentication or a granular access token with bypass 2fa enabled**.
+2. Create a **granular npm access token** that can publish `claude-attribution` and has **bypass 2FA** enabled.
+3. In GitHub, save that token as the `NPM_TOKEN` Actions secret for this repository (or an org secret exposed to this repo).
+4. Optional: you can leave the npm trusted publisher entry in place, but this self-hosted workflow authenticates with `NPM_TOKEN`.
+5. Plan to rotate the npm token periodically. npm currently caps granular token lifetime at 90 days.
+
+After that, the workflow in `.github/workflows/publish-npm.yml` can publish on the self-hosted runner without an interactive OTP prompt.
+
+### Release process
+
+This repo uses a **bump → merge → tag** publish flow:
+
+1. Bump `package.json` to the release version and update `CHANGELOG.md` in the PR.
+2. Merge that PR to `main`.
+3. Tag the merged commit from `main`:
+
+```bash
+git checkout main
+git pull --ff-only
+git tag v1.9.1
+git push origin v1.9.1
+```
+
+4. GitHub Actions runs `publish-npm.yml` and publishes that exact version to npm.
+
+### Important rules
+
+- The git tag must exactly match `package.json` without the `v` prefix.
+  - Example: tag `v1.9.1` requires `"version": "1.9.1"` in `package.json`
+- The workflow fails if the tag and package version do not match.
+- The workflow also fails if that package version is already published.
+- `NPM_TOKEN` must exist in GitHub Actions before the tag is pushed.
+- The npm token must be a granular publish token with bypass-2FA enabled for this package.
+- The self-hosted workflow publishes **without** `--provenance` because npm only accepts provenance from GitHub-hosted runners.
+
+---
+
 ## For Repo Maintainers: Installing Into a Repo
 
 ### Prerequisites
@@ -164,7 +209,7 @@ git push origin refs/notes/claude-attribution-map
 Marks every currently tracked file as AI-written at HEAD. After this, PR metrics will show:
 ```
 Codebase: ~100% AI (4150 / 4150 lines)
-This PR: 184 lines changed (4% of codebase) · 77% Claude edits · 142 AI lines
+This PR: 184 lines changed (4% of codebase) · 77% AI edits · 142 AI-attributed changed lines
 ```
 
 **Option 2 — Repo is human-written, or a mix (`--human` / no flag):**
@@ -251,7 +296,7 @@ The metrics block injected into the PR body looks like (when the cumulative mini
 > ## AI Coding Metrics
 >
 > **Codebase: ~77% AI** (3200 / 4150 lines)
-> **This PR:** 184 lines changed (4% of codebase) · 77% AI edits · 142 AI lines
+> **This PR:** 184 lines changed (4% of codebase) · 77% AI edits · 142 AI-attributed changed lines
 > **Session:** 12 prompts · 24m total (18m AI · 6m human)
 > **Assistant runtime:** Claude Code (claude-sonnet-4-6)
 >
@@ -278,6 +323,8 @@ For **Copilot CLI** sessions, the same block is rendered with provider-aware dif
 - model usage shows **Known Tokens** instead of Claude-style input/output/cache columns
 - cost is shown as **unavailable** unless durable local billing data exists
 
+The `This PR` line is based on the branch diff against the base branch, not the full final size of every touched file.
+
 The block is wrapped in HTML comments for idempotent updates — re-running replaces the existing block rather than appending:
 
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "claude-attribution",
-	"version": "1.9.0",
+	"version": "1.9.5",
 	"description": "AI code attribution tracking for Claude Code and GitHub Copilot sessions",
 	"type": "module",
 	"bin": {

package/src/__tests__/copilot-session.test.ts

@@ -102,6 +102,7 @@ describe("copilot-session", () => {
 			expect(parsed?.activeMinutes).toBe(3);
 			expect(parsed?.aiMinutes).toBe(2);
 			expect(parsed?.humanMinutes).toBe(1);
+			expect(parsed?.signalSourceLabel).toBe("Copilot session logs");
 			expect(parsed?.costMode).toBe("unavailable");
 		} finally {
 			process.env.HOME = originalHome;
@@ -138,4 +139,131 @@ describe("copilot-session", () => {
 			await ctx.cleanup();
 		}
 	});
+
+	test("scopes Copilot session metrics to the provided start time", async () => {
+		const ctx = await createTempContext("copilot-session-since");
+		const originalHome = process.env.HOME;
+		try {
+			process.env.HOME = ctx.home;
+			const sessionId = "copilot-session-2";
+			await writeCopilotSession(ctx.home, sessionId, [
+				{
+					type: "session.start",
+					timestamp: "2026-04-01T10:00:00.000Z",
+					data: {
+						context: { cwd: ctx.repo, gitRoot: ctx.repo, branch: "feature/copilot" },
+					},
+				},
+				{
+					type: "user.message",
+					timestamp: "2026-04-01T10:00:00.000Z",
+					data: { content: "Old work" },
+				},
+				{
+					type: "assistant.message",
+					timestamp: "2026-04-01T10:01:00.000Z",
+					data: { outputTokens: 320 },
+				},
+				{
+					type: "assistant.turn_end",
+					timestamp: "2026-04-01T10:01:00.000Z",
+				},
+				{
+					type: "tool.execution_complete",
+					timestamp: "2026-04-01T10:01:00.000Z",
+					data: { model: "gpt-5.4" },
+				},
+				{
+					type: "user.message",
+					timestamp: "2026-04-01T11:00:00.000Z",
+					data: { content: "Current work" },
+				},
+				{
+					type: "assistant.message",
+					timestamp: "2026-04-01T11:02:00.000Z",
+					data: { outputTokens: 120 },
+				},
+				{
+					type: "assistant.turn_end",
+					timestamp: "2026-04-01T11:02:00.000Z",
+				},
+				{
+					type: "tool.execution_complete",
+					timestamp: "2026-04-01T11:02:00.000Z",
+					data: { model: "gpt-5.4" },
+				},
+			]);
+
+			const parsed = await parseCopilotSession(
+				sessionId,
+				ctx.repo,
+				undefined,
+				new Date("2026-04-01T10:30:00.000Z"),
+			);
+
+			expect(parsed).not.toBeNull();
+			expect(parsed?.humanPromptCount).toBe(1);
+			expect(parsed?.activeMinutes).toBe(2);
+			expect(parsed?.aiMinutes).toBe(2);
+			expect(parsed?.humanMinutes).toBe(0);
+			expect(parsed?.totals.totalCalls).toBe(1);
+			expect(parsed?.totals.totalOutputTokens).toBe(120);
+		} finally {
+			process.env.HOME = originalHome;
+			await ctx.cleanup();
+		}
+	});
+
+	test("keeps a recent prompt as the start anchor when /start is set immediately after it", async () => {
+		const ctx = await createTempContext("copilot-session-anchor");
+		const originalHome = process.env.HOME;
+		try {
+			process.env.HOME = ctx.home;
+			const sessionId = "copilot-session-3";
+			await writeCopilotSession(ctx.home, sessionId, [
+				{
+					type: "session.start",
+					timestamp: "2026-04-01T10:00:00.000Z",
+					data: {
+						context: { cwd: ctx.repo, gitRoot: ctx.repo, branch: "feature/copilot" },
+					},
+				},
+				{
+					type: "user.message",
+					timestamp: "2026-04-01T10:00:00.000Z",
+					data: { content: "Kick off the fix" },
+				},
+				{
+					type: "assistant.message",
+					timestamp: "2026-04-01T10:02:00.000Z",
+					data: { outputTokens: 240 },
+				},
+				{
+					type: "assistant.turn_end",
+					timestamp: "2026-04-01T10:02:00.000Z",
+				},
+				{
+					type: "tool.execution_complete",
+					timestamp: "2026-04-01T10:02:00.000Z",
+					data: { model: "gpt-5.4" },
+				},
+			]);
+
+			const parsed = await parseCopilotSession(
+				sessionId,
+				ctx.repo,
+				undefined,
+				new Date("2026-04-01T10:00:30.000Z"),
+			);
+
+			expect(parsed).not.toBeNull();
+			expect(parsed?.humanPromptCount).toBe(1);
+			expect(parsed?.activeMinutes).toBe(2);
+			expect(parsed?.aiMinutes).toBe(2);
+			expect(parsed?.humanMinutes).toBe(0);
+		} finally {
+			process.env.HOME = originalHome;
+			await ctx.cleanup();
+		}
+	});
 });

package/src/__tests__/differ.test.ts

@@ -98,14 +98,28 @@ describe("attributeLines — basic classification", () => {
 		expect(stats.pctAi).toBe(67);
 	});
 
-	test("empty lines always → HUMAN regardless of snapshot", () => {
+	test("new blank lines in an AI-authored file count as AI", () => {
 		const before: string[] = [];
 		const after = ["", "const x = 1;", ""];
 		const committed = ["", "const x = 1;", ""];
-		const { attribution } = attributeLines(before, after, committed);
-		expect(attribution[0]).toBe("HUMAN"); // empty line
+		const { attribution, stats } = attributeLines(before, after, committed);
+		expect(attribution[0]).toBe("AI"); // new blank line
 		expect(attribution[1]).toBe("AI"); // real content Claude wrote
-		expect(attribution[2]).toBe("HUMAN"); // empty line
+		expect(attribution[2]).toBe("AI"); // new blank line
+		expect(stats.ai).toBe(3);
+		expect(stats.human).toBe(0);
+		expect(stats.pctAi).toBe(100);
+	});
+
+	test("pre-existing blank lines stay HUMAN", () => {
+		const before = ["", "const x = 1;"];
+		const after = ["", "const x = 1;", "const y = 2;"];
+		const committed = ["", "const x = 1;"];
+		const { attribution, stats } = attributeLines(before, after, committed);
+		expect(attribution[0]).toBe("HUMAN");
+		expect(attribution[1]).toBe("HUMAN");
+		expect(stats.ai).toBe(0);
+		expect(stats.human).toBe(2);
 	});
 });
 

package/src/__tests__/git-notes.test.ts

@@ -65,14 +65,19 @@ expect(await listNotes(ctx.repo)).toEqual([]);
 const result = await buildAllAiResult(ctx.repo, sha);
 expect(result.commit).toBe(sha);
 expect(result.files).toHaveLength(1);
-expect(result.files[0]).toMatchObject({
-path: "ai.txt",
-ai: 2,
-human: 1,
-total: 3,
-pctAi: 67,
-});
-expect(result.totals).toMatchObject({ ai: 2, human: 1, total: 3, pctAi: 67 });
+			expect(result.files[0]).toMatchObject({
+				path: "ai.txt",
+				ai: 3,
+				human: 0,
+				total: 3,
+				pctAi: 100,
+			});
+			expect(result.totals).toMatchObject({
+				ai: 3,
+				human: 0,
+				total: 3,
+				pctAi: 100,
+			});
 
 const meta = await getCommitMeta(ctx.repo, sha);
 expect(meta.authorName).toBe("Test User");