clud-bug 0.6.24 → 0.6.26

package/lib/agents-md.js

@@ -45,11 +45,19 @@ const TOUCH_IF_PRESENT = [
 // set) is a documented advisory upgrade path — `clud-bug init` deliberately
 // preserves that state. If the block rendered "on" for that case, other
 // agents reading AGENTS.md would get a wrong model of the gate.
-export function renderBlock({ version, strictMode } = {}) {
+//
+// v0.6.25 (gotcha #2 fix): when the consuming repo IS the publisher of
+// the clud-bug-collaboration skill (skill source lives at
+// `skills/clud-bug-collaboration/SKILL.md` instead of the consumer-install
+// path `.claude/skills/...`), render the LOCAL repo path. Otherwise the
+// link is dead in the publisher repo (this used to require a manual fix
+// every v0.6.* propagation cycle on agent-skills).
+export function renderBlock({ version, strictMode, skillRelPath } = {}) {
   const versionLine = version ? `_Installed at clud-bug v${version}._` : '';
   const strictNote = strictMode === true
     ? '**on** in this repo (workflow check fails on critical findings)'
     : '**off** in this repo (advisory only)';
+  const skillPath = skillRelPath || '.claude/skills/clud-bug-collaboration/SKILL.md';
   return `${START_MARKER}
 <!-- clud-bug-block-version: ${BLOCK_VERSION} -->
 ## clud-bug — Claude PR review
@@ -57,7 +65,7 @@ export function renderBlock({ version, strictMode } = {}) {
 This repo uses [clud-bug](https://cludbug.dev) for automatic PR reviews.
 Full collaboration rules — fix-push flow, skill structure, comment format,
 strict-mode mechanics, workflow-edit constraint — live in the bundled
-[\`clud-bug-collaboration\` skill](.claude/skills/clud-bug-collaboration/SKILL.md).
+[\`clud-bug-collaboration\` skill](${skillPath}).
 Read that skill before pushing fixes addressing prior review threads.
 
 Strict mode is ${strictNote}. Toggle via \`.claude/skills/.clud-bug.json\`
@@ -71,6 +79,19 @@ ${versionLine}
 ${END_MARKER}`;
 }
 
+// v0.6.25 (gotcha #2): detect repos that PUBLISH the
+// clud-bug-collaboration skill (agent-skills is the canonical case).
+// When the skill source exists at `skills/clud-bug-collaboration/SKILL.md`
+// in the working tree, the AGENTS.md link should point there, not at the
+// consumer-install `.claude/skills/...` path that doesn't exist in the
+// publisher repo.
+export async function detectSkillRelPath(cwd) {
+  const publisherPath = 'skills/clud-bug-collaboration/SKILL.md';
+  const consumerPath = '.claude/skills/clud-bug-collaboration/SKILL.md';
+  if (await fileExists(join(cwd, publisherPath))) return publisherPath;
+  return consumerPath;
+}
+
 // Replace an existing clud-bug block in `content`, OR append if absent.
 // Idempotent: running multiple times leaves a single block.
 export function upsertBlock(content, block) {
@@ -126,7 +147,12 @@ function escapeRe(s) {
 //
 // Returns { touched: string[], created: string[] } for the caller to log.
 export async function applyToRepo(cwd, blockOpts = {}) {
-  const block = renderBlock(blockOpts);
+  // v0.6.25 / gotcha #2: detect publisher repo + render local skill path.
+  // Pre-v0.6.25 always rendered the consumer install path → broke
+  // agent-skills' check-links every propagation cycle. Detection runs
+  // before block render so the path is correct from the first write.
+  const skillRelPath = blockOpts.skillRelPath ?? await detectSkillRelPath(cwd);
+  const block = renderBlock({ ...blockOpts, skillRelPath });
   const touched = [];
   const created = [];
 

package/lib/detect.js

@@ -214,7 +214,15 @@ export function buildDescriptionLine(signals) {
   const parts = [];
   if (signals.name) parts.push(`This project is "${signals.name}".`);
   if (signals.description) {
-    const desc = signals.description.trim();
+    // v0.6.25 / issue #89: when signals.description comes from a
+    // README first paragraph or similar multi-paragraph source, the
+    // raw `\n` characters survive into the rendered YAML's
+    // APPEND_SYSTEM_PROMPT value. The renderer's indent-aware
+    // substitution preserves layout but a literal `\n` inside a YAML
+    // double-quoted string is interpreted as a newline, breaking
+    // the YAML. Collapse any whitespace run (including newlines + tabs)
+    // to a single space before further processing.
+    const desc = signals.description.replace(/\s+/g, ' ').trim();
     parts.push(/[.!?]$/.test(desc) ? desc : `${desc}.`);
   }
   if (signals.primaryLanguage) {

package/lib/prompts.js

@@ -177,6 +177,30 @@ Keep total output under ~600 tokens. Per finding:
 Not a hard cap (SDK doesn't expose max_tokens); brevity compounds
 across the org on every review.
 
+Turn budget self-rationing (v0.6.25 / §5.5 Layer 2):
+You are run with a finite \`--max-turns\` cap. The exact value, plus
+the pre-flight estimate for this PR, lands in the per-PR prompt
+section below as \`max_turns=N, estimated=M, files=F, +A/-D lines, threads=T\`.
+Treat that as your budget, not a ceiling to test.
+
+Rules:
+  - Reserve the LAST 5 turns for structured-output emit. It is
+    non-skippable; if you run out before emitting, the workflow
+    falls back to a synthetic summary scraped from your inline
+    findings (v0.6.26+ Layer 6) — strictly worse than a real one.
+  - Rough rates: ~1 turn per 50 lines of code, ~1 turn per 150 lines
+    of docs, ~1 turn per 100 lines of tests or config. Each prior
+    unresolved thread is ~1.5 turns to walk + decide.
+  - Every line of the diff MUST be in your scan. Never silently skip
+    a file. If you must shorten coverage to fit budget, switch from
+    deep-dive analysis to one-sentence per-file verdicts — but every
+    file gets a verdict, even if it's "no issues found".
+  - If you're falling behind pace (files_reviewed/files_total
+    materially less than turns_used/max_turns), broaden+shallow over
+    deep+narrow. Audit visibility lives in \`per_skill_scan\` — list
+    every file's verdict so a maintainer can verify nothing was
+    skipped.
+
 Incremental-diff handshake (v0.6.10+) — emit the SHA marker:
 At the very end of the summary (after the Skills-referenced footer,
 on its own line), append:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clud-bug",
-  "version": "0.6.24",
+  "version": "0.6.26",
   "description": "Skill-driven Claude PR review. Ship a brand-voice skill, get brand reviews. Each finding cites the skill that motivated it. CLI installs the workflow + a baseline kit; add more from skills.sh.",
   "homepage": "https://cludbug.dev",
   "bugs": "https://github.com/thrillmade/clud-bug/issues",

package/templates/workflow-py.yml.tmpl

@@ -1,10 +1,15 @@
-# clud-bug-template-version: v10
+# clud-bug-template-version: v12
 name: Clud Bug 🐛 Crawls Your Code
 
 on:
   pull_request:
     types: [opened, synchronize]
 
+# v0.6.25: workflow-level concurrency — see workflow.yml.tmpl.
+concurrency:
+  group: clud-bug-review-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   # Pre-flight (v0.6.14 / 0.0.W + v0.6.15 / 0.0.R) — see workflow.yml.tmpl.
   paths-check:
@@ -16,6 +21,12 @@ jobs:
       is_workflow_only: ${{ steps.classify.outputs.is_workflow_only }}
       model: ${{ steps.classify.outputs.model }}
       max_turns: ${{ steps.classify.outputs.max_turns }}
+      # v0.6.25 / §5.5 Layer 1.5 (calibration) — see workflow.yml.tmpl.
+      turns_estimated: ${{ steps.classify.outputs.turns_estimated }}
+      files_count: ${{ steps.classify.outputs.files_count }}
+      lines_added: ${{ steps.classify.outputs.lines_added }}
+      lines_deleted: ${{ steps.classify.outputs.lines_deleted }}
+      threads_count: ${{ steps.classify.outputs.threads_count }}
     steps:
       - name: Classify PR diff
         id: classify
@@ -34,20 +45,40 @@ jobs:
               echo "is_workflow_only=false"
               echo "model=$MODEL"
               echo "max_turns=15"
+              echo "turns_estimated=0"
+              echo "files_count=0"
+              echo "lines_added=0"
+              echo "lines_deleted=0"
+              echo "threads_count=0"
             } >> "$GITHUB_OUTPUT"
             exit 0
           fi
-          IS_WORKFLOW_ONLY=true
+          # v0.6.26 / 0.0.W² — see workflow.yml.tmpl for design notes.
+          ALL_IN_ALLOWLIST=true
+          HAS_WORKFLOW_CHANGE=false
           while IFS= read -r f; do
             case "$f" in
-              .github/workflows/clud-bug-*.yml) ;;
-              .github/actions/strict-mode-gate/*) ;;
-              *) IS_WORKFLOW_ONLY=false; break ;;
+              .github/workflows/clud-bug-*.yml) HAS_WORKFLOW_CHANGE=true ;;
+              .github/actions/strict-mode-gate/*) HAS_WORKFLOW_CHANGE=true ;;
+              AGENTS.md) ;;
+              .cursorrules|.clinerules|.windsurfrules|.continuerules) ;;
+              .github/copilot-instructions.md) ;;
+              .claude/skills/.clud-bug.json) ;;
+              .claude/skills/critical-issues-only/SKILL.md) ;;
+              .claude/skills/evidence-based-review/SKILL.md) ;;
+              .claude/skills/respect-existing-conventions/SKILL.md) ;;
+              docs/timeline.md|docs/file-structure.md|docs/decisions.md) ;;
+              docs/decisions-branches/*.md) ;;
+              *) ALL_IN_ALLOWLIST=false; break ;;
             esac
           done <<< "$CHANGED"
+          IS_WORKFLOW_ONLY=false
+          if [ "$ALL_IN_ALLOWLIST" = "true" ] && [ "$HAS_WORKFLOW_CHANGE" = "true" ]; then
+            IS_WORKFLOW_ONLY=true
+          fi
           echo "is_workflow_only=$IS_WORKFLOW_ONLY" >> "$GITHUB_OUTPUT"
           if [ "$IS_WORKFLOW_ONLY" = "true" ]; then
-            echo "::notice title=Clud Bug 🐛::Skipping LLM review — workflow-only PR."
+            echo "::notice title=Clud Bug 🐛::Skipping LLM review — clud-bug update output."
             echo "model=$MODEL" >> "$GITHUB_OUTPUT"
             exit 0
           fi
@@ -81,22 +112,57 @@ jobs:
           fi
           echo "model=$MODEL" >> "$GITHUB_OUTPUT"
 
-          # Adaptive max-turns (v0.6.23 / §5) — see workflow.yml.tmpl for design notes.
-          MAX_TURNS=15
+          # Smart budget (v0.6.25 / §5.5 Layer 1) — see workflow.yml.tmpl for design notes + formula.
+          FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
+          THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
+          THREAD_COUNT=${THREAD_COUNT:-0}
+
           if [ "$IS_TRIVIAL" = "true" ]; then
             MAX_TURNS=10
+            TURNS_ESTIMATED=10
+            LINES_ADDED=0
+            LINES_DELETED=0
+            echo "::notice title=Clud Bug 🐛::Trivial (Haiku) budget: max_turns=10."
           else
-            FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
-            THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
-            THREAD_COUNT=${THREAD_COUNT:-0}
-            if [ "$FILE_COUNT" -ge 30 ] || [ "$THREAD_COUNT" -ge 6 ]; then
-              MAX_TURNS=40
-            elif [ "$FILE_COUNT" -ge 10 ] || [ "$THREAD_COUNT" -ge 3 ]; then
-              MAX_TURNS=25
-            fi
-            echo "::notice title=Clud Bug 🐛::Turn budget: $MAX_TURNS ($FILE_COUNT files, $THREAD_COUNT prior threads)."
+            FILES_JSON=$(gh pr view "$PR_NUMBER" -R "$REPO" --json files --jq '.files' 2>/dev/null || echo '[]')
+            LINES_ADDED=$(echo "$FILES_JSON" | jq '[.[].additions] | add // 0' 2>/dev/null || echo 0)
+            LINES_DELETED=$(echo "$FILES_JSON" | jq '[.[].deletions] | add // 0' 2>/dev/null || echo 0)
+            LINES_ADDED=${LINES_ADDED:-0}
+            LINES_DELETED=${LINES_DELETED:-0}
+
+            # jq implements the §5.5 Layer 1 formula — see workflow.yml.tmpl.
+            TURNS_ESTIMATED=$(echo "$FILES_JSON" | jq --argjson threads "$THREAD_COUNT" '
+              def per_line(path):
+                if (path | test("\\.(test|spec)\\.|__tests__|^tests?/")) then 0.01
+                elif (path | test("\\.(md|txt|rst|adoc|mdx)$")) then 0.00666667
+                elif (path | test("\\.(yml|yaml|toml|json|cfg|ini|conf|tmpl)$")) then 0.01
+                elif (path | test("\\.(ts|tsx|py|js|jsx|mjs|cjs|go|rs|java|kt|rb|php|cs|c|cpp|h|hpp|swift|scala)$")) then 0.02
+                else 0.0125 end;
+              map(
+                select(.path != "docs/timeline.md"
+                       and .path != "docs/file-structure.md"
+                       and .path != "docs/decisions.md")
+                | (.additions) as $add | (.deletions) as $del
+                | (if $add < $del then $add else $del end) as $mod
+                | ($add - $mod) as $pa | ($del - $mod) as $pd
+                | per_line(.path) as $tw
+                | 0.3 + ($pa * $tw) + ($mod * 1.5 * $tw) + ($pd * 0.1 * $tw)
+              ) | (add // 0) + 10 + ($threads * 1.5) | (. + 0.9999999) | floor
+            ' 2>/dev/null || echo 15)
+            TURNS_ESTIMATED=${TURNS_ESTIMATED:-15}
+            MAX_TURNS=$(( (TURNS_ESTIMATED * 12 + 9) / 10 ))
+            [ "$MAX_TURNS" -lt 15 ] && MAX_TURNS=15
+            [ "$MAX_TURNS" -gt 60 ] && MAX_TURNS=60
+            echo "::notice title=Clud Bug 🐛::Smart budget: estimated $TURNS_ESTIMATED turns → max_turns=$MAX_TURNS ($FILE_COUNT files, +$LINES_ADDED/-$LINES_DELETED lines, $THREAD_COUNT prior threads)."
           fi
-          echo "max_turns=$MAX_TURNS" >> "$GITHUB_OUTPUT"
+          {
+            echo "max_turns=$MAX_TURNS"
+            echo "turns_estimated=$TURNS_ESTIMATED"
+            echo "files_count=$FILE_COUNT"
+            echo "lines_added=$LINES_ADDED"
+            echo "lines_deleted=$LINES_DELETED"
+            echo "threads_count=$THREAD_COUNT"
+          } >> "$GITHUB_OUTPUT"
 
   clud-bug-review:
     needs: paths-check
@@ -180,43 +246,100 @@ jobs:
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
             format, the strict-mode header, the two-surface review
-            shape, and the FIX-PUSH FLOW applies.
+            shape, the FIX-PUSH FLOW, and (v0.6.25+) turn-budget
+            self-rationing applies.
+
+            ## Your turn budget for this PR (v0.6.25 / §5.5 Layer 2)
+
+            max_turns=${{ needs.paths-check.outputs.max_turns }},
+            estimated=${{ needs.paths-check.outputs.turns_estimated }},
+            files=${{ needs.paths-check.outputs.files_count }},
+            +${{ needs.paths-check.outputs.lines_added }}/-${{ needs.paths-check.outputs.lines_deleted }} lines,
+            prior_threads=${{ needs.paths-check.outputs.threads_count }}.
+
+            Plan accordingly per the "Turn budget self-rationing"
+            section in your system prompt. Reserve 5 turns for emit.
         id: clud-bug-review
 
       # v0.6.22 / 0.0.O: render structured output → post via gh pr comment.
+      # v0.6.25 / §5.5 Layer 1.5: append calibration marker.
       - name: Render + post structured review
         if: success() && steps.clud-bug-review.outputs.structured_output != ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           STRUCTURED: ${{ steps.clud-bug-review.outputs.structured_output }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
           BODY=$(printf '%s\n' "$STRUCTURED" | npx --yes clud-bug@{{CLUD_BUG_VERSION}} render --stdin)
-          gh pr comment "$PR_NUMBER" --body "$BODY"
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT -->"
+          gh pr comment "$PR_NUMBER" --body "$BODY
 
-      # Fallback when structured_output is empty (max-retries hit).
+          $CALIBRATION"
+
+      # v0.6.26 / §5.5 Layer 6 fallback render-from-inlines — see workflow.yml.tmpl for design notes.
       - name: Fallback summary (structured_output empty)
         if: success() && steps.clud-bug-review.outputs.structured_output == ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
-          gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
+          INLINES=$(gh api "repos/$REPO/pulls/$PR_NUMBER/comments?per_page=100" \
+            --jq "[.[] | select(.user.login == \"claude[bot]\" and .commit_id == \"$HEAD_SHA\")]")
+          INLINE_COUNT=$(echo "$INLINES" | jq 'length')
+          CRITICAL=$(echo "$INLINES" | jq '[.[] | select(.body | test("🔴"))] | length')
+          MINOR=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟡"))] | length')
+          PREEXISTING=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟣"))] | length')
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT, structured_output=empty, inline_findings=$INLINE_COUNT -->"
+          if [ "$INLINE_COUNT" -gt 0 ]; then
+            STATUS=""
+            [ "$CRITICAL" -gt 0 ] && STATUS=" — critical findings"
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review${STATUS}
+
+          **This round:** $CRITICAL critical · $MINOR minor · 0 resolved from prior · 0 still open
+
+          Found: $CRITICAL 🔴 / $MINOR 🟡 / $PREEXISTING 🟣
+
+          ⚠️ **Synthetic summary** (v0.6.26 §5.5 Layer 6 fallback). Inline findings above ARE the substantive review.
+
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          else
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
 
           **This round:** 0 critical · 0 minor · 0 resolved from prior · 0 still open
 
           Found: 0 🔴 / 0 🟡 / 0 🟣
 
-          ⚠️ Structured output (\`--json-schema\`) returned empty — likely max-retries hit on schema validation. Investigate the action logs.
+          ⚠️ Structured output (\`--json-schema\`) returned empty AND no inline findings posted. Investigate run logs.
+
+          Skills referenced: [none]
 
-          Skills referenced: [none]"
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          fi
 
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.24
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.26
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           # v0.6.22 / 0.0.O: summary now posted by github-actions[bot].

package/templates/workflow-ts.yml.tmpl

@@ -1,10 +1,15 @@
-# clud-bug-template-version: v10
+# clud-bug-template-version: v12
 name: Clud Bug 🐛 Crawls Your Code
 
 on:
   pull_request:
     types: [opened, synchronize]
 
+# v0.6.25: workflow-level concurrency — see workflow.yml.tmpl.
+concurrency:
+  group: clud-bug-review-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   # Pre-flight (v0.6.14 / 0.0.W + v0.6.15 / 0.0.R) — see workflow.yml.tmpl.
   paths-check:
@@ -16,6 +21,12 @@ jobs:
       is_workflow_only: ${{ steps.classify.outputs.is_workflow_only }}
       model: ${{ steps.classify.outputs.model }}
       max_turns: ${{ steps.classify.outputs.max_turns }}
+      # v0.6.25 / §5.5 Layer 1.5 (calibration) — see workflow.yml.tmpl.
+      turns_estimated: ${{ steps.classify.outputs.turns_estimated }}
+      files_count: ${{ steps.classify.outputs.files_count }}
+      lines_added: ${{ steps.classify.outputs.lines_added }}
+      lines_deleted: ${{ steps.classify.outputs.lines_deleted }}
+      threads_count: ${{ steps.classify.outputs.threads_count }}
     steps:
       - name: Classify PR diff
         id: classify
@@ -34,20 +45,40 @@ jobs:
               echo "is_workflow_only=false"
               echo "model=$MODEL"
               echo "max_turns=15"
+              echo "turns_estimated=0"
+              echo "files_count=0"
+              echo "lines_added=0"
+              echo "lines_deleted=0"
+              echo "threads_count=0"
             } >> "$GITHUB_OUTPUT"
             exit 0
           fi
-          IS_WORKFLOW_ONLY=true
+          # v0.6.26 / 0.0.W² — see workflow.yml.tmpl for design notes.
+          ALL_IN_ALLOWLIST=true
+          HAS_WORKFLOW_CHANGE=false
           while IFS= read -r f; do
             case "$f" in
-              .github/workflows/clud-bug-*.yml) ;;
-              .github/actions/strict-mode-gate/*) ;;
-              *) IS_WORKFLOW_ONLY=false; break ;;
+              .github/workflows/clud-bug-*.yml) HAS_WORKFLOW_CHANGE=true ;;
+              .github/actions/strict-mode-gate/*) HAS_WORKFLOW_CHANGE=true ;;
+              AGENTS.md) ;;
+              .cursorrules|.clinerules|.windsurfrules|.continuerules) ;;
+              .github/copilot-instructions.md) ;;
+              .claude/skills/.clud-bug.json) ;;
+              .claude/skills/critical-issues-only/SKILL.md) ;;
+              .claude/skills/evidence-based-review/SKILL.md) ;;
+              .claude/skills/respect-existing-conventions/SKILL.md) ;;
+              docs/timeline.md|docs/file-structure.md|docs/decisions.md) ;;
+              docs/decisions-branches/*.md) ;;
+              *) ALL_IN_ALLOWLIST=false; break ;;
             esac
           done <<< "$CHANGED"
+          IS_WORKFLOW_ONLY=false
+          if [ "$ALL_IN_ALLOWLIST" = "true" ] && [ "$HAS_WORKFLOW_CHANGE" = "true" ]; then
+            IS_WORKFLOW_ONLY=true
+          fi
           echo "is_workflow_only=$IS_WORKFLOW_ONLY" >> "$GITHUB_OUTPUT"
           if [ "$IS_WORKFLOW_ONLY" = "true" ]; then
-            echo "::notice title=Clud Bug 🐛::Skipping LLM review — workflow-only PR."
+            echo "::notice title=Clud Bug 🐛::Skipping LLM review — clud-bug update output."
             echo "model=$MODEL" >> "$GITHUB_OUTPUT"
             exit 0
           fi
@@ -81,22 +112,57 @@ jobs:
           fi
           echo "model=$MODEL" >> "$GITHUB_OUTPUT"
 
-          # Adaptive max-turns (v0.6.23 / §5) — see workflow.yml.tmpl for design notes.
-          MAX_TURNS=15
+          # Smart budget (v0.6.25 / §5.5 Layer 1) — see workflow.yml.tmpl for design notes + formula.
+          FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
+          THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
+          THREAD_COUNT=${THREAD_COUNT:-0}
+
           if [ "$IS_TRIVIAL" = "true" ]; then
             MAX_TURNS=10
+            TURNS_ESTIMATED=10
+            LINES_ADDED=0
+            LINES_DELETED=0
+            echo "::notice title=Clud Bug 🐛::Trivial (Haiku) budget: max_turns=10."
           else
-            FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
-            THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
-            THREAD_COUNT=${THREAD_COUNT:-0}
-            if [ "$FILE_COUNT" -ge 30 ] || [ "$THREAD_COUNT" -ge 6 ]; then
-              MAX_TURNS=40
-            elif [ "$FILE_COUNT" -ge 10 ] || [ "$THREAD_COUNT" -ge 3 ]; then
-              MAX_TURNS=25
-            fi
-            echo "::notice title=Clud Bug 🐛::Turn budget: $MAX_TURNS ($FILE_COUNT files, $THREAD_COUNT prior threads)."
+            FILES_JSON=$(gh pr view "$PR_NUMBER" -R "$REPO" --json files --jq '.files' 2>/dev/null || echo '[]')
+            LINES_ADDED=$(echo "$FILES_JSON" | jq '[.[].additions] | add // 0' 2>/dev/null || echo 0)
+            LINES_DELETED=$(echo "$FILES_JSON" | jq '[.[].deletions] | add // 0' 2>/dev/null || echo 0)
+            LINES_ADDED=${LINES_ADDED:-0}
+            LINES_DELETED=${LINES_DELETED:-0}
+
+            # jq implements the §5.5 Layer 1 formula — see workflow.yml.tmpl.
+            TURNS_ESTIMATED=$(echo "$FILES_JSON" | jq --argjson threads "$THREAD_COUNT" '
+              def per_line(path):
+                if (path | test("\\.(test|spec)\\.|__tests__|^tests?/")) then 0.01
+                elif (path | test("\\.(md|txt|rst|adoc|mdx)$")) then 0.00666667
+                elif (path | test("\\.(yml|yaml|toml|json|cfg|ini|conf|tmpl)$")) then 0.01
+                elif (path | test("\\.(ts|tsx|py|js|jsx|mjs|cjs|go|rs|java|kt|rb|php|cs|c|cpp|h|hpp|swift|scala)$")) then 0.02
+                else 0.0125 end;
+              map(
+                select(.path != "docs/timeline.md"
+                       and .path != "docs/file-structure.md"
+                       and .path != "docs/decisions.md")
+                | (.additions) as $add | (.deletions) as $del
+                | (if $add < $del then $add else $del end) as $mod
+                | ($add - $mod) as $pa | ($del - $mod) as $pd
+                | per_line(.path) as $tw
+                | 0.3 + ($pa * $tw) + ($mod * 1.5 * $tw) + ($pd * 0.1 * $tw)
+              ) | (add // 0) + 10 + ($threads * 1.5) | (. + 0.9999999) | floor
+            ' 2>/dev/null || echo 15)
+            TURNS_ESTIMATED=${TURNS_ESTIMATED:-15}
+            MAX_TURNS=$(( (TURNS_ESTIMATED * 12 + 9) / 10 ))
+            [ "$MAX_TURNS" -lt 15 ] && MAX_TURNS=15
+            [ "$MAX_TURNS" -gt 60 ] && MAX_TURNS=60
+            echo "::notice title=Clud Bug 🐛::Smart budget: estimated $TURNS_ESTIMATED turns → max_turns=$MAX_TURNS ($FILE_COUNT files, +$LINES_ADDED/-$LINES_DELETED lines, $THREAD_COUNT prior threads)."
           fi
-          echo "max_turns=$MAX_TURNS" >> "$GITHUB_OUTPUT"
+          {
+            echo "max_turns=$MAX_TURNS"
+            echo "turns_estimated=$TURNS_ESTIMATED"
+            echo "files_count=$FILE_COUNT"
+            echo "lines_added=$LINES_ADDED"
+            echo "lines_deleted=$LINES_DELETED"
+            echo "threads_count=$THREAD_COUNT"
+          } >> "$GITHUB_OUTPUT"
 
   clud-bug-review:
     needs: paths-check
@@ -180,43 +246,100 @@ jobs:
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
             format, the strict-mode header, the two-surface review
-            shape, and the FIX-PUSH FLOW applies.
+            shape, the FIX-PUSH FLOW, and (v0.6.25+) turn-budget
+            self-rationing applies.
+
+            ## Your turn budget for this PR (v0.6.25 / §5.5 Layer 2)
+
+            max_turns=${{ needs.paths-check.outputs.max_turns }},
+            estimated=${{ needs.paths-check.outputs.turns_estimated }},
+            files=${{ needs.paths-check.outputs.files_count }},
+            +${{ needs.paths-check.outputs.lines_added }}/-${{ needs.paths-check.outputs.lines_deleted }} lines,
+            prior_threads=${{ needs.paths-check.outputs.threads_count }}.
+
+            Plan accordingly per the "Turn budget self-rationing"
+            section in your system prompt. Reserve 5 turns for emit.
         id: clud-bug-review
 
       # v0.6.22 / 0.0.O: render structured output → post via gh pr comment.
+      # v0.6.25 / §5.5 Layer 1.5: append calibration marker.
       - name: Render + post structured review
         if: success() && steps.clud-bug-review.outputs.structured_output != ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           STRUCTURED: ${{ steps.clud-bug-review.outputs.structured_output }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
           BODY=$(printf '%s\n' "$STRUCTURED" | npx --yes clud-bug@{{CLUD_BUG_VERSION}} render --stdin)
-          gh pr comment "$PR_NUMBER" --body "$BODY"
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT -->"
+          gh pr comment "$PR_NUMBER" --body "$BODY
 
-      # Fallback when structured_output is empty (max-retries hit).
+          $CALIBRATION"
+
+      # v0.6.26 / §5.5 Layer 6 fallback render-from-inlines — see workflow.yml.tmpl for design notes.
       - name: Fallback summary (structured_output empty)
         if: success() && steps.clud-bug-review.outputs.structured_output == ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
-          gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
+          INLINES=$(gh api "repos/$REPO/pulls/$PR_NUMBER/comments?per_page=100" \
+            --jq "[.[] | select(.user.login == \"claude[bot]\" and .commit_id == \"$HEAD_SHA\")]")
+          INLINE_COUNT=$(echo "$INLINES" | jq 'length')
+          CRITICAL=$(echo "$INLINES" | jq '[.[] | select(.body | test("🔴"))] | length')
+          MINOR=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟡"))] | length')
+          PREEXISTING=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟣"))] | length')
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT, structured_output=empty, inline_findings=$INLINE_COUNT -->"
+          if [ "$INLINE_COUNT" -gt 0 ]; then
+            STATUS=""
+            [ "$CRITICAL" -gt 0 ] && STATUS=" — critical findings"
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review${STATUS}
+
+          **This round:** $CRITICAL critical · $MINOR minor · 0 resolved from prior · 0 still open
+
+          Found: $CRITICAL 🔴 / $MINOR 🟡 / $PREEXISTING 🟣
+
+          ⚠️ **Synthetic summary** (v0.6.26 §5.5 Layer 6 fallback). Inline findings above ARE the substantive review.
+
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          else
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
 
           **This round:** 0 critical · 0 minor · 0 resolved from prior · 0 still open
 
           Found: 0 🔴 / 0 🟡 / 0 🟣
 
-          ⚠️ Structured output (\`--json-schema\`) returned empty — likely max-retries hit on schema validation. Investigate the action logs.
+          ⚠️ Structured output (\`--json-schema\`) returned empty AND no inline findings posted. Investigate run logs.
+
+          Skills referenced: [none]
 
-          Skills referenced: [none]"
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          fi
 
       # Strict-mode gate — composite action; see workflow.yml.tmpl for design notes.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.24
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.26
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           # v0.6.22 / 0.0.O: summary now posted by github-actions[bot].

package/templates/workflow.yml.tmpl

@@ -1,20 +1,62 @@
-# clud-bug-template-version: v10
+# clud-bug-template-version: v12
 name: Clud Bug 🐛 Crawls Your Code
 
 on:
   pull_request:
     types: [opened, synchronize]
 
+# v0.6.25: workflow-level concurrency — newer pushes cancel older
+# in-flight runs on the same PR. Avoids the duplicate-review failure
+# mode hit on tokenomics #21 where my merge-of-main and logmind's
+# auto-regen-derived-docs follow-up fired two concurrent reviews
+# (each posted its own "in-progress" todo comment).
+concurrency:
+  group: clud-bug-review-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   # Pre-flight: classify the PR diff to decide (a) whether to skip the
   # LLM review entirely, and (b) which model to route to.
   #
-  # (a) Workflow-only PRs (v0.6.14 / 0.0.W): if every changed file
-  # matches `.github/workflows/clud-bug-*.yml` or
-  # `.github/actions/strict-mode-gate/**`, the LLM call is skipped
-  # entirely — claude-code-action would refuse anyway (self-modification
-  # guard), and template re-renders have no useful review surface.
-  # Skipping converts what were admin-bypass merges into normal ones.
+  # (a) Workflow-only / clud-bug-update PRs (v0.6.14 / 0.0.W;
+  # v0.6.26 / 0.0.W²): the LLM call is skipped when EITHER condition:
+  #
+  #   - Every changed file matches `.github/workflows/clud-bug-*.yml`
+  #     or `.github/actions/strict-mode-gate/**` (original 0.0.W —
+  #     pure workflow PRs that claude-code-action would refuse anyway
+  #     via its self-modification guard).
+  #
+  #   - The PR is a recognized `clud-bug update` propagation: every
+  #     changed file is in the clud-bug-update output allowlist AND a
+  #     workflow file (or strict-mode-gate composite) is part of the
+  #     change. v0.6.26 / 0.0.W² added this branch so the propagation
+  #     dance doesn't require admin-bypass every cycle.
+  #
+  # Allowlist (files `clud-bug update` legitimately touches):
+  #   .github/workflows/clud-bug-*.yml          (workflow re-render)
+  #   .github/actions/strict-mode-gate/*        (composite re-render)
+  #   AGENTS.md                                 (logmind block + clud-bug stanza)
+  #   .cursorrules / .clinerules / .windsurfrules / .continuerules
+  #   .github/copilot-instructions.md
+  #   .claude/skills/.clud-bug.json             (manifest)
+  #   .claude/skills/{critical-issues-only,evidence-based-review,
+  #                   respect-existing-conventions}/SKILL.md (baselines)
+  #   docs/timeline.md / docs/file-structure.md / docs/decisions.md
+  #   docs/decisions-branches/*.md              (logmind side-effects)
+  #
+  # The workflow-change requirement is the SIGNATURE that distinguishes
+  # "agent ran clud-bug update" from "user is editing AGENTS.md by hand."
+  # An AGENTS.md-only PR (no workflow change) still goes through normal
+  # review — this catches the prompt-injection-via-AGENTS.md attack
+  # surface that a naive allowlist would open.
+  #
+  # Safety envelope:
+  #   - Workflow file is still protected by the App-side guard (it just
+  #     never runs in this branch).
+  #   - Files in the allowlist are non-executable; modifying them can't
+  #     grant code execution.
+  #   - strictMode toggle is read from BASE ref so a PR can't disable
+  #     strict-mode on itself.
   #
   # (b) Trivial PRs (v0.6.15 / 0.0.R): if the PR author is a dep-bumping
   # bot (dependabot, renovate) OR the diff is small (<2KB) AND only
@@ -30,6 +72,17 @@ jobs:
       is_workflow_only: ${{ steps.classify.outputs.is_workflow_only }}
       model: ${{ steps.classify.outputs.model }}
       max_turns: ${{ steps.classify.outputs.max_turns }}
+      # v0.6.25 / §5.5 Layer 1.5 (calibration measurement): emit the
+      # raw estimated-turns alongside the actual max_turns the workflow
+      # passes to claude-code-action. The post-step records both into
+      # the summary comment as a hidden HTML marker so we can tune the
+      # per-file coefficients (Layer 1) from real consumer-review data
+      # over the Step 4 30-day window. Re-tune in v0.6.26+.
+      turns_estimated: ${{ steps.classify.outputs.turns_estimated }}
+      files_count: ${{ steps.classify.outputs.files_count }}
+      lines_added: ${{ steps.classify.outputs.lines_added }}
+      lines_deleted: ${{ steps.classify.outputs.lines_deleted }}
+      threads_count: ${{ steps.classify.outputs.threads_count }}
     steps:
       - name: Classify PR diff
         id: classify
@@ -53,22 +106,58 @@ jobs:
               echo "is_workflow_only=false"
               echo "model=$MODEL"
               echo "max_turns=15"
+              echo "turns_estimated=0"
+              echo "files_count=0"
+              echo "lines_added=0"
+              echo "lines_deleted=0"
+              echo "threads_count=0"
             } >> "$GITHUB_OUTPUT"
             exit 0
           fi
 
-          # --- (a) workflow-only classifier ---
-          IS_WORKFLOW_ONLY=true
+          # --- (a) workflow-only / clud-bug-update classifier
+          #         (v0.6.14 / 0.0.W; widened in v0.6.26 / 0.0.W²) ---
+          # Two-track check:
+          #   ALL_IN_ALLOWLIST = every changed file is in the
+          #     clud-bug-update output allowlist (see header design notes
+          #     for the full list + rationale).
+          #   HAS_WORKFLOW_CHANGE = at least one workflow-file or
+          #     strict-mode-gate change is present. This is the signature
+          #     that distinguishes "clud-bug update output" from "user
+          #     edited AGENTS.md by hand" — naked AGENTS.md edits go
+          #     through normal review.
+          #
+          # Skip when both are true. Backward-compat with v0.6.14's
+          # `is_workflow_only` output name preserved (semantic widened to
+          # "skip-review-eligible"; the dependent clud-bug-review job
+          # gates on this output without needing a rename).
+          ALL_IN_ALLOWLIST=true
+          HAS_WORKFLOW_CHANGE=false
           while IFS= read -r f; do
             case "$f" in
-              .github/workflows/clud-bug-*.yml) ;;
-              .github/actions/strict-mode-gate/*) ;;
-              *) IS_WORKFLOW_ONLY=false; break ;;
+              .github/workflows/clud-bug-*.yml) HAS_WORKFLOW_CHANGE=true ;;
+              .github/actions/strict-mode-gate/*) HAS_WORKFLOW_CHANGE=true ;;
+              # v0.6.26 / 0.0.W² additions — files clud-bug update produces.
+              AGENTS.md) ;;
+              .cursorrules|.clinerules|.windsurfrules|.continuerules) ;;
+              .github/copilot-instructions.md) ;;
+              .claude/skills/.clud-bug.json) ;;
+              .claude/skills/critical-issues-only/SKILL.md) ;;
+              .claude/skills/evidence-based-review/SKILL.md) ;;
+              .claude/skills/respect-existing-conventions/SKILL.md) ;;
+              # logmind side-effects of `logmind log` on the same commit.
+              docs/timeline.md|docs/file-structure.md|docs/decisions.md) ;;
+              docs/decisions-branches/*.md) ;;
+              *) ALL_IN_ALLOWLIST=false; break ;;
             esac
           done <<< "$CHANGED"
+          IS_WORKFLOW_ONLY=false
+          if [ "$ALL_IN_ALLOWLIST" = "true" ] && [ "$HAS_WORKFLOW_CHANGE" = "true" ]; then
+            IS_WORKFLOW_ONLY=true
+          fi
           echo "is_workflow_only=$IS_WORKFLOW_ONLY" >> "$GITHUB_OUTPUT"
           if [ "$IS_WORKFLOW_ONLY" = "true" ]; then
-            echo "::notice title=Clud Bug 🐛::Skipping LLM review — PR only touches workflow files."
+            echo "::notice title=Clud Bug 🐛::Skipping LLM review — clud-bug update output (workflow + allowlist files, no review surface)."
             echo "model=$MODEL" >> "$GITHUB_OUTPUT"
             exit 0
           fi
@@ -113,37 +202,106 @@ jobs:
           fi
           echo "model=$MODEL" >> "$GITHUB_OUTPUT"
 
-          # --- (c) adaptive max-turns (v0.6.23 / §5) ---
-          # Scope-based turn budget so large PRs (many files OR many prior
-          # unresolved threads to walk in FIX-PUSH FLOW) don't exhaust the
-          # default 15-turn budget. Concrete failure that motivated this:
-          # tokenomics PR #18 (23 docs files + 6 prior claude[bot] threads)
-          # exhausted the cap under v0.6.12 AND under v0.6.22's
-          # structured-output flow.
+          # --- (c) smart budget estimation (v0.6.25 / §5.5 Layer 1) ---
+          # Replaces v0.6.23's 4-bucket if-elif with a line-based
+          # formula. File count was a crude proxy; lines + edit-type +
+          # file-class is much better. Per-file cost in turns:
+          #
+          #   per_file_cost = 0.3 + added × tw × 1.0
+          #                       + modified × tw × 1.5      # context-heavy
+          #                       + deleted × tw × 0.1       # trivial
           #
-          # Buckets:
-          #   Trivial (Haiku) → 10
-          #   Standard (<10 files AND <3 prior threads) → 15 (current default)
-          #   Larger (≥10 files OR ≥3 prior threads) → 25
-          #   Very large (≥30 files OR ≥6 prior threads) → 40
-          MAX_TURNS=15
+          # type_weight tw (turns per line):
+          #   code (.ts/.py/.js/.go/.rs/.java/...) : 1/50
+          #   docs (.md/.txt/.rst/.adoc/...)       : 1/150
+          #   tests (.test.*/.spec.*/__tests__/*)   : 1/100
+          #   config (.yml/.toml/.json/.cfg)        : 1/100
+          #   derived (timeline.md/file-structure.md/decisions.md) : 0
+          #
+          #   estimated_turns = 10 + sum(per_file_cost) + 1.5 × prior_threads
+          #   max_turns = max(estimated × 1.2, 15)        # 20% safety margin
+          #   max_turns = min(max_turns, 60)              # ceiling; L5 retry above
+          #
+          # Emit overhead 10 (raised from initial 5 design): tokenomics
+          # #21 (26 docs files, +310/-235) used ~25 turns vs old-formula
+          # 16 — structured-output emit + JSON-schema retries + initial
+          # context loading cost ~5-10 turns themselves. Will retune from
+          # Layer 1.5 calibration data in v0.6.26+.
+          #
+          # `gh` is the source for additions/deletions + threads.
+          # `jq` is the inline estimator (preinstalled on ubuntu-latest
+          # runners; an earlier design used python3 but jq sidesteps the
+          # YAML-block-indent vs heredoc-content-indent dance).
+          # Calibration via the turns_estimated + turns_actually_used data
+          # points the post-step records (Layer 1.5).
+          FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
+          # Count unresolved claude-bot threads. Best-effort: rate-limit
+          # or auth failures default to 0 (no escalation, fall back to
+          # the line-count-only estimate).
+          THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
+          THREAD_COUNT=${THREAD_COUNT:-0}
+
           if [ "$IS_TRIVIAL" = "true" ]; then
+            # Haiku route stays on a small flat budget — trivial PRs
+            # need ~5 turns; 10 leaves margin.
             MAX_TURNS=10
+            TURNS_ESTIMATED=10
+            LINES_ADDED=0
+            LINES_DELETED=0
+            echo "::notice title=Clud Bug 🐛::Trivial (Haiku) budget: max_turns=10."
           else
-            FILE_COUNT=$(echo "$CHANGED" | wc -l | tr -d ' ')
-            # Count unresolved claude-bot threads. Best-effort: rate-limit
-            # or auth failures default to 0 (no escalation, fall back to
-            # file-count tier).
-            THREAD_COUNT=$(gh api graphql -f query='{repository(owner:"'"$(echo "$REPO" | cut -d/ -f1)"'",name:"'"$(echo "$REPO" | cut -d/ -f2)"'"){pullRequest(number:'"$PR_NUMBER"'){reviewThreads(first:50){nodes{isResolved comments(first:1){nodes{author{login}}}}}}}}' --jq '[.data.repository.pullRequest.reviewThreads.nodes[] | select(.isResolved == false and (.comments.nodes[0].author.login == "claude" or .comments.nodes[0].author.login == "claude[bot]"))] | length' 2>/dev/null || echo 0)
-            THREAD_COUNT=${THREAD_COUNT:-0}
-            if [ "$FILE_COUNT" -ge 30 ] || [ "$THREAD_COUNT" -ge 6 ]; then
-              MAX_TURNS=40
-            elif [ "$FILE_COUNT" -ge 10 ] || [ "$THREAD_COUNT" -ge 3 ]; then
-              MAX_TURNS=25
-            fi
-            echo "::notice title=Clud Bug 🐛::Turn budget: $MAX_TURNS ($FILE_COUNT files, $THREAD_COUNT prior unresolved claude threads)."
+            FILES_JSON=$(gh pr view "$PR_NUMBER" -R "$REPO" --json files --jq '.files' 2>/dev/null || echo '[]')
+            LINES_ADDED=$(echo "$FILES_JSON" | jq '[.[].additions] | add // 0' 2>/dev/null || echo 0)
+            LINES_DELETED=$(echo "$FILES_JSON" | jq '[.[].deletions] | add // 0' 2>/dev/null || echo 0)
+            LINES_ADDED=${LINES_ADDED:-0}
+            LINES_DELETED=${LINES_DELETED:-0}
+
+            # jq implements the formula from §5.5 Layer 1:
+            #   per_file_cost = 0.3 + pa×tw + mod×1.5×tw + pd×0.1×tw
+            #   estimated     = 10 + sum(per_file_cost) + 1.5×threads
+            # type_weight tw (turns per line; reciprocal of lines-per-turn):
+            #   code 1/50 = 0.02, docs 1/150 ≈ 0.00667,
+            #   tests/config 1/100 = 0.01, unknown 1/80 = 0.0125
+            # Emit overhead 10 (raised from 5 in initial design): empirical
+            # tokenomics #21 (26 docs files, +310/-235) used ~25 turns vs
+            # formula-predicted 16 — structured-output emit + JSON-schema
+            # retries + initial context loading cost ~5-10 turns themselves.
+            # 10 matches better; will retune from Layer 1.5 calibration data.
+            # ceil via (+ 0.9999999 | floor) since jq has no ceil.
+            TURNS_ESTIMATED=$(echo "$FILES_JSON" | jq --argjson threads "$THREAD_COUNT" '
+              def per_line(path):
+                if (path | test("\\.(test|spec)\\.|__tests__|^tests?/")) then 0.01
+                elif (path | test("\\.(md|txt|rst|adoc|mdx)$")) then 0.00666667
+                elif (path | test("\\.(yml|yaml|toml|json|cfg|ini|conf|tmpl)$")) then 0.01
+                elif (path | test("\\.(ts|tsx|py|js|jsx|mjs|cjs|go|rs|java|kt|rb|php|cs|c|cpp|h|hpp|swift|scala)$")) then 0.02
+                else 0.0125 end;
+              map(
+                select(.path != "docs/timeline.md"
+                       and .path != "docs/file-structure.md"
+                       and .path != "docs/decisions.md")
+                | (.additions) as $add | (.deletions) as $del
+                | (if $add < $del then $add else $del end) as $mod
+                | ($add - $mod) as $pa | ($del - $mod) as $pd
+                | per_line(.path) as $tw
+                | 0.3 + ($pa * $tw) + ($mod * 1.5 * $tw) + ($pd * 0.1 * $tw)
+              ) | (add // 0) + 10 + ($threads * 1.5) | (. + 0.9999999) | floor
+            ' 2>/dev/null || echo 15)
+            TURNS_ESTIMATED=${TURNS_ESTIMATED:-15}
+
+            # max_turns = ceil(estimated × 1.2), floor 15, ceiling 60
+            MAX_TURNS=$(( (TURNS_ESTIMATED * 12 + 9) / 10 ))
+            [ "$MAX_TURNS" -lt 15 ] && MAX_TURNS=15
+            [ "$MAX_TURNS" -gt 60 ] && MAX_TURNS=60
+            echo "::notice title=Clud Bug 🐛::Smart budget: estimated $TURNS_ESTIMATED turns → max_turns=$MAX_TURNS ($FILE_COUNT files, +$LINES_ADDED/-$LINES_DELETED lines, $THREAD_COUNT prior threads). v0.6.25 Phase 1; coefficients TBD from calibration data."
           fi
-          echo "max_turns=$MAX_TURNS" >> "$GITHUB_OUTPUT"
+          {
+            echo "max_turns=$MAX_TURNS"
+            echo "turns_estimated=$TURNS_ESTIMATED"
+            echo "files_count=$FILE_COUNT"
+            echo "lines_added=$LINES_ADDED"
+            echo "lines_deleted=$LINES_DELETED"
+            echo "threads_count=$THREAD_COUNT"
+          } >> "$GITHUB_OUTPUT"
 
   clud-bug-review:
     needs: paths-check
@@ -288,44 +446,133 @@ jobs:
             Review this pull request following the discipline in your
             system prompt — every rule about skill routing, comment
             format, the strict-mode header, the two-surface review
-            shape, and the FIX-PUSH FLOW applies.
+            shape, the FIX-PUSH FLOW, and (v0.6.25+) turn-budget
+            self-rationing applies.
+
+            ## Your turn budget for this PR (v0.6.25 / §5.5 Layer 2)
+
+            max_turns=${{ needs.paths-check.outputs.max_turns }},
+            estimated=${{ needs.paths-check.outputs.turns_estimated }},
+            files=${{ needs.paths-check.outputs.files_count }},
+            +${{ needs.paths-check.outputs.lines_added }}/-${{ needs.paths-check.outputs.lines_deleted }} lines,
+            prior_threads=${{ needs.paths-check.outputs.threads_count }}.
+
+            Plan accordingly per the "Turn budget self-rationing"
+            section in your system prompt. The estimate is the
+            pre-flight's best guess; the cap is the workflow's hard
+            stop. Reserve 5 turns for emit.
         id: clud-bug-review
 
       # v0.6.22 / 0.0.O: render the structured output to the summary
       # comment shape, post via gh pr comment. Guarded so we only run
       # when the action returned a non-empty structured payload
       # (max-retries hit → empty → fall through to the next step).
+      #
+      # v0.6.25 / §5.5 Layer 1.5 (calibration measurement): append a
+      # hidden HTML marker carrying the pre-flight estimate + the
+      # actual max_turns we passed to claude-code-action. Aggregation
+      # script lives in clud-bug usage --calibration (TBD v0.6.26+);
+      # for now, the marker is just an audit trail visible via
+      # `gh api ...issues/N/comments`.
       - name: Render + post structured review
         if: success() && steps.clud-bug-review.outputs.structured_output != ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           STRUCTURED: ${{ steps.clud-bug-review.outputs.structured_output }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
           BODY=$(printf '%s\n' "$STRUCTURED" | npx --yes clud-bug@{{CLUD_BUG_VERSION}} render --stdin)
-          gh pr comment "$PR_NUMBER" --body "$BODY"
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT -->"
+          gh pr comment "$PR_NUMBER" --body "$BODY
+
+          $CALIBRATION"
 
       # Fallback comment when the model couldn't produce schema-valid
       # output after max retries (structured_output is empty). Keeps a
       # bare H2 header so the strict-mode gate sees a comment and falls
       # open (advisory) rather than panicking on a missing summary.
+      # v0.6.26 / §5.5 Layer 6: when structured_output is empty BUT inline
+      # findings were posted before the budget exhausted (tokenomics #21
+      # pattern), scrape the inline findings via gh api and render a
+      # synthetic summary that cites the real findings. Avoids the
+      # "0-findings-shown / 5-inline-posted" failure mode where the
+      # maintainer reading the PR sees a meaningless empty summary even
+      # though the review actually surfaced issues.
+      #
+      # If NO inline findings were posted either, falls through to the
+      # original advisory bare-H2 (legacy v0.6.22 behaviour).
       - name: Fallback summary (structured_output empty)
         if: success() && steps.clud-bug-review.outputs.structured_output == ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPO: ${{ github.repository }}
+          HEAD_SHA: ${{ github.event.pull_request.head.sha }}
+          TURNS_ESTIMATED: ${{ needs.paths-check.outputs.turns_estimated }}
+          MAX_TURNS: ${{ needs.paths-check.outputs.max_turns }}
+          FILES_COUNT: ${{ needs.paths-check.outputs.files_count }}
+          LINES_ADDED: ${{ needs.paths-check.outputs.lines_added }}
+          LINES_DELETED: ${{ needs.paths-check.outputs.lines_deleted }}
+          THREADS_COUNT: ${{ needs.paths-check.outputs.threads_count }}
         run: |
           set -euo pipefail
-          gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
+
+          # Layer 6: count inline findings claude[bot] posted on THIS
+          # head SHA via the inline-review-thread endpoint. Filter to
+          # the current SHA so older review-pass findings don't inflate
+          # the count.
+          INLINES=$(gh api "repos/$REPO/pulls/$PR_NUMBER/comments?per_page=100" \
+            --jq "[.[] | select(.user.login == \"claude[bot]\" and .commit_id == \"$HEAD_SHA\")]")
+          INLINE_COUNT=$(echo "$INLINES" | jq 'length')
+          CRITICAL=$(echo "$INLINES" | jq '[.[] | select(.body | test("🔴"))] | length')
+          MINOR=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟡"))] | length')
+          PREEXISTING=$(echo "$INLINES" | jq '[.[] | select(.body | test("🟣"))] | length')
+          # Findings with no emoji prefix (cross-cutting / un-prefixed) — count once.
+          UNPREFIXED=$(( INLINE_COUNT - CRITICAL - MINOR - PREEXISTING ))
+          [ "$UNPREFIXED" -lt 0 ] && UNPREFIXED=0
+
+          CALIBRATION="<!-- clud-bug-calibration: turns_estimated=$TURNS_ESTIMATED, max_turns=$MAX_TURNS, files=$FILES_COUNT, lines_added=$LINES_ADDED, lines_deleted=$LINES_DELETED, threads=$THREADS_COUNT, structured_output=empty, inline_findings=$INLINE_COUNT -->"
+
+          if [ "$INLINE_COUNT" -gt 0 ]; then
+            # L6 synthetic summary — cites the real inline findings the
+            # action managed to post before structured-output emit failed.
+            STATUS=""
+            [ "$CRITICAL" -gt 0 ] && STATUS=" — critical findings"
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review${STATUS}
+
+          **This round:** $CRITICAL critical · $MINOR minor · 0 resolved from prior · 0 still open
+
+          Found: $CRITICAL 🔴 / $MINOR 🟡 / $PREEXISTING 🟣
+
+          ⚠️ **Synthetic summary** (v0.6.26 §5.5 Layer 6 fallback) — the action posted $INLINE_COUNT inline finding(s) before the structured-output emit step exhausted its turn budget (or hit schema-validation retries). The inline findings above ARE the substantive review; this summary is reconstructed from them. v0.6.26's Layer 5 (auto-retry on cap-hit) is the more permanent fix; this is the safety net.
+
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          else
+            # No inline findings either — legacy bare-H2 advisory. The
+            # action errored before it could post anything substantive.
+            gh pr comment "$PR_NUMBER" --body "## 🐛 Clud Bug review
 
           **This round:** 0 critical · 0 minor · 0 resolved from prior · 0 still open
 
           Found: 0 🔴 / 0 🟡 / 0 🟣
 
-          ⚠️ Structured output (\`--json-schema\`) returned empty — likely max-retries hit on schema validation. Investigate the action logs.
+          ⚠️ Structured output (\`--json-schema\`) returned empty AND no inline findings were posted. The action likely errored before producing review output — investigate the run logs.
+
+          Skills referenced: [none]
 
-          Skills referenced: [none]"
+          <!-- last-reviewed-sha: $HEAD_SHA -->
+
+          $CALIBRATION"
+          fi
 
       # Strict-mode gate. Fails the check when the BASE ref's manifest
       # has { "strictMode": true } AND the latest clud-bug review's first
@@ -342,7 +589,7 @@ jobs:
       # Letting the action's own failure fail the check is louder and right.
       - name: Strict mode — fail check on critical findings
         if: success()
-        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.24
+        uses: thrillmade/clud-bug/.github/actions/strict-mode-gate@v0.6.26
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           # v0.6.22 / 0.0.O: the summary is now posted by the workflow