failproofai 0.0.10 → 0.0.11-beta.2

package/src/audit/cli-adapters/cursor.ts

@@ -0,0 +1,51 @@
+/**
+ * Cursor Agent CLI transcript adapter.
+ */
+import { statSync } from "node:fs";
+import { getCursorProjects, getCursorSessionsByEncodedName } from "../../../lib/cursor-projects";
+import { getCursorSessionLog } from "../../../lib/cursor-sessions";
+import type { NormalizedToolEvent, TranscriptMetadata } from "../types";
+import type { ListOpts } from "./claude";
+import { logEntriesToEvents } from "./shared";
+
+export async function listCursorTranscriptMetadata(
+  opts: ListOpts = {},
+): Promise<TranscriptMetadata[]> {
+  const projectFilter = opts.projects ? new Set(opts.projects) : null;
+  const sinceMs = opts.sinceMs ?? 0;
+  const out: TranscriptMetadata[] = [];
+
+  const projects = await getCursorProjects();
+  for (const project of projects) {
+    const { cwd, sessions } = await getCursorSessionsByEncodedName(project.name);
+    const effectiveCwd = cwd ?? "";
+    if (projectFilter && !projectFilter.has(effectiveCwd)) continue;
+    for (const s of sessions) {
+      const mtimeMs = s.lastModified.getTime();
+      if (mtimeMs < sinceMs) continue;
+      let sizeBytes = 0;
+      try { sizeBytes = statSync(s.path).size; } catch { /* unreadable */ }
+      if (!s.sessionId) continue;
+      out.push({
+        cli: "cursor",
+        projectName: project.name,
+        sessionId: s.sessionId,
+        transcriptPath: s.path,
+        mtimeMs,
+        sizeBytes,
+      });
+    }
+  }
+  return out;
+}
+
+export async function streamCursorEvents(meta: TranscriptMetadata): Promise<NormalizedToolEvent[]> {
+  const log = await getCursorSessionLog(meta.sessionId);
+  if (!log) return [];
+  return logEntriesToEvents(log.entries, {
+    cli: "cursor",
+    sessionId: meta.sessionId,
+    transcriptPath: meta.transcriptPath,
+    cwd: log.cwd ?? "",
+  });
+}

package/src/audit/cli-adapters/gemini.ts

@@ -0,0 +1,51 @@
+/**
+ * Gemini CLI transcript adapter.
+ */
+import { statSync } from "node:fs";
+import { getGeminiProjects, getGeminiSessionsByEncodedName } from "../../../lib/gemini-projects";
+import { getGeminiSessionLog } from "../../../lib/gemini-sessions";
+import type { NormalizedToolEvent, TranscriptMetadata } from "../types";
+import type { ListOpts } from "./claude";
+import { logEntriesToEvents } from "./shared";
+
+export async function listGeminiTranscriptMetadata(
+  opts: ListOpts = {},
+): Promise<TranscriptMetadata[]> {
+  const projectFilter = opts.projects ? new Set(opts.projects) : null;
+  const sinceMs = opts.sinceMs ?? 0;
+  const out: TranscriptMetadata[] = [];
+
+  const projects = await getGeminiProjects();
+  for (const project of projects) {
+    const { cwd, sessions } = await getGeminiSessionsByEncodedName(project.name);
+    const effectiveCwd = cwd ?? "";
+    if (projectFilter && !projectFilter.has(effectiveCwd)) continue;
+    for (const s of sessions) {
+      const mtimeMs = s.lastModified.getTime();
+      if (mtimeMs < sinceMs) continue;
+      let sizeBytes = 0;
+      try { sizeBytes = statSync(s.path).size; } catch { /* unreadable */ }
+      if (!s.sessionId) continue;
+      out.push({
+        cli: "gemini",
+        projectName: project.name,
+        sessionId: s.sessionId,
+        transcriptPath: s.path,
+        mtimeMs,
+        sizeBytes,
+      });
+    }
+  }
+  return out;
+}
+
+export async function streamGeminiEvents(meta: TranscriptMetadata): Promise<NormalizedToolEvent[]> {
+  const log = await getGeminiSessionLog(meta.sessionId);
+  if (!log) return [];
+  return logEntriesToEvents(log.entries, {
+    cli: "gemini",
+    sessionId: meta.sessionId,
+    transcriptPath: meta.transcriptPath,
+    cwd: log.cwd ?? "",
+  });
+}

package/src/audit/cli-adapters/index.ts

@@ -0,0 +1,70 @@
+/**
+ * Adapter registry — maps each IntegrationType to its list+stream functions.
+ *
+ * Each adapter exposes:
+ *   • listTranscripts(opts) → Promise<TranscriptMetadata[]>
+ *   • streamEvents(meta)    → Promise<NormalizedToolEvent[]>
+ *
+ * Add a new CLI by writing a sibling module and registering it here.
+ */
+import type { IntegrationType } from "../../hooks/types";
+import type { NormalizedToolEvent, TranscriptMetadata } from "../types";
+import type { ListOpts } from "./claude";
+
+import { listClaudeTranscriptMetadata, streamClaudeEvents } from "./claude";
+import { listCodexTranscriptMetadata, streamCodexEvents } from "./codex";
+import { listCopilotTranscriptMetadata, streamCopilotEvents } from "./copilot";
+import { listCursorTranscriptMetadata, streamCursorEvents } from "./cursor";
+import { listOpenCodeTranscriptMetadata, streamOpenCodeEvents } from "./opencode";
+import { listPiTranscriptMetadata, streamPiEvents } from "./pi";
+import { listGeminiTranscriptMetadata, streamGeminiEvents } from "./gemini";
+
+export type { ListOpts };
+
+export interface CliAdapter {
+  cli: IntegrationType;
+  listTranscripts: (opts?: ListOpts) => Promise<TranscriptMetadata[]>;
+  streamEvents: (meta: TranscriptMetadata) => Promise<NormalizedToolEvent[]>;
+}
+
+export const ADAPTERS: Record<IntegrationType, CliAdapter> = {
+  claude: {
+    cli: "claude",
+    listTranscripts: listClaudeTranscriptMetadata,
+    streamEvents: streamClaudeEvents,
+  },
+  codex: {
+    cli: "codex",
+    listTranscripts: listCodexTranscriptMetadata,
+    streamEvents: streamCodexEvents,
+  },
+  copilot: {
+    cli: "copilot",
+    listTranscripts: listCopilotTranscriptMetadata,
+    streamEvents: streamCopilotEvents,
+  },
+  cursor: {
+    cli: "cursor",
+    listTranscripts: listCursorTranscriptMetadata,
+    streamEvents: streamCursorEvents,
+  },
+  opencode: {
+    cli: "opencode",
+    listTranscripts: listOpenCodeTranscriptMetadata,
+    streamEvents: streamOpenCodeEvents,
+  },
+  pi: {
+    cli: "pi",
+    listTranscripts: listPiTranscriptMetadata,
+    streamEvents: streamPiEvents,
+  },
+  gemini: {
+    cli: "gemini",
+    listTranscripts: listGeminiTranscriptMetadata,
+    streamEvents: streamGeminiEvents,
+  },
+};
+
+export function getAdapter(cli: IntegrationType): CliAdapter {
+  return ADAPTERS[cli];
+}

package/src/audit/cli-adapters/opencode.ts

@@ -0,0 +1,52 @@
+/**
+ * OpenCode (sst/opencode) transcript adapter.
+ *
+ * OpenCode is the outlier — sessions live in a SQLite database, not on disk
+ * as JSONL files. The `transcriptPath` is therefore a virtual `opencode://<id>`
+ * URI and `sizeBytes` is 0 (the file cache layer treats it as uncacheable).
+ */
+import { getOpenCodeProjects, getOpenCodeSessionsByEncodedName } from "../../../lib/opencode-projects";
+import { getOpenCodeSessionLog } from "../../../lib/opencode-sessions";
+import type { NormalizedToolEvent, TranscriptMetadata } from "../types";
+import type { ListOpts } from "./claude";
+import { logEntriesToEvents } from "./shared";
+
+export async function listOpenCodeTranscriptMetadata(
+  opts: ListOpts = {},
+): Promise<TranscriptMetadata[]> {
+  const projectFilter = opts.projects ? new Set(opts.projects) : null;
+  const sinceMs = opts.sinceMs ?? 0;
+  const out: TranscriptMetadata[] = [];
+
+  const projects = await getOpenCodeProjects();
+  for (const project of projects) {
+    const { cwd, sessions } = await getOpenCodeSessionsByEncodedName(project.name);
+    const effectiveCwd = cwd ?? "";
+    if (projectFilter && !projectFilter.has(effectiveCwd)) continue;
+    for (const s of sessions) {
+      const mtimeMs = s.lastModified.getTime();
+      if (mtimeMs < sinceMs) continue;
+      if (!s.sessionId) continue;
+      out.push({
+        cli: "opencode",
+        projectName: project.name,
+        sessionId: s.sessionId,
+        transcriptPath: s.path,
+        mtimeMs,
+        sizeBytes: 0,
+      });
+    }
+  }
+  return out;
+}
+
+export async function streamOpenCodeEvents(meta: TranscriptMetadata): Promise<NormalizedToolEvent[]> {
+  const log = await getOpenCodeSessionLog(meta.sessionId);
+  if (!log) return [];
+  return logEntriesToEvents(log.entries, {
+    cli: "opencode",
+    sessionId: meta.sessionId,
+    transcriptPath: meta.transcriptPath,
+    cwd: log.cwd ?? "",
+  });
+}

package/src/audit/cli-adapters/pi.ts

@@ -0,0 +1,51 @@
+/**
+ * Pi (pi-coding-agent) transcript adapter.
+ */
+import { statSync } from "node:fs";
+import { getPiProjects, getPiSessionsByEncodedName } from "../../../lib/pi-projects";
+import { getPiSessionLog } from "../../../lib/pi-sessions";
+import type { NormalizedToolEvent, TranscriptMetadata } from "../types";
+import type { ListOpts } from "./claude";
+import { logEntriesToEvents } from "./shared";
+
+export async function listPiTranscriptMetadata(
+  opts: ListOpts = {},
+): Promise<TranscriptMetadata[]> {
+  const projectFilter = opts.projects ? new Set(opts.projects) : null;
+  const sinceMs = opts.sinceMs ?? 0;
+  const out: TranscriptMetadata[] = [];
+
+  const projects = await getPiProjects();
+  for (const project of projects) {
+    const { cwd, sessions } = await getPiSessionsByEncodedName(project.name);
+    const effectiveCwd = cwd ?? "";
+    if (projectFilter && !projectFilter.has(effectiveCwd)) continue;
+    for (const s of sessions) {
+      const mtimeMs = s.lastModified.getTime();
+      if (mtimeMs < sinceMs) continue;
+      let sizeBytes = 0;
+      try { sizeBytes = statSync(s.path).size; } catch { /* unreadable */ }
+      if (!s.sessionId) continue;
+      out.push({
+        cli: "pi",
+        projectName: project.name,
+        sessionId: s.sessionId,
+        transcriptPath: s.path,
+        mtimeMs,
+        sizeBytes,
+      });
+    }
+  }
+  return out;
+}
+
+export async function streamPiEvents(meta: TranscriptMetadata): Promise<NormalizedToolEvent[]> {
+  const log = await getPiSessionLog(meta.sessionId);
+  if (!log) return [];
+  return logEntriesToEvents(log.entries, {
+    cli: "pi",
+    sessionId: meta.sessionId,
+    transcriptPath: meta.transcriptPath,
+    cwd: log.cwd ?? "",
+  });
+}

package/src/audit/cli-adapters/shared.ts

@@ -0,0 +1,85 @@
+/**
+ * Shared helpers used by every per-CLI adapter.
+ *
+ * The lib/<cli>-sessions.ts parsers all produce the same `LogEntry[]` shape
+ * (defined in lib/log-entries.ts), so the conversion from LogEntry[] to
+ * NormalizedToolEvent[] is uniform across CLIs. The only per-CLI difference is
+ * the canonicalization function, which we delegate to
+ * `src/hooks/tool-name-canonicalize.ts`.
+ */
+import type { LogEntry } from "../../../lib/log-entries";
+import type { IntegrationType } from "../../hooks/types";
+import {
+  canonicalizeToolName,
+  canonicalizeToolInput,
+} from "../../hooks/tool-name-canonicalize";
+import {
+  AUDIT_TOOL_RESULT_MAX_BYTES,
+  type NormalizedToolEvent,
+} from "../types";
+
+/** Truncate a string to at most `maxBytes` UTF-8 bytes, preserving valid
+ *  encoding (never splits a multi-byte sequence). `String.prototype.length`
+ *  counts UTF-16 code units, not bytes — using it to "cap memory" would let
+ *  through up to 4× the intended byte budget for non-ASCII text. */
+function truncateToUtf8Bytes(s: string, maxBytes: number): string {
+  const buf = Buffer.from(s, "utf-8");
+  if (buf.byteLength <= maxBytes) return s;
+  // Walk back at most 3 bytes to land on a UTF-8 boundary (a leading byte is
+  // 0xxxxxxx or 11xxxxxx; continuation bytes are 10xxxxxx).
+  let end = maxBytes;
+  while (end > 0 && (buf[end] & 0xc0) === 0x80) end--;
+  return buf.subarray(0, end).toString("utf-8");
+}
+
+export interface ConvertContext {
+  cli: IntegrationType;
+  sessionId: string;
+  transcriptPath: string;
+  /** Cwd resolved by the per-CLI parser. May be empty if the transcript had no
+   *  session-start record. The audit falls back to the decoded project name. */
+  cwd: string;
+}
+
+/** Walks the LogEntry[] in timestamp order and yields one NormalizedToolEvent
+ *  per `tool_use` content block, with the matching `tool_result.content` text
+ *  attached (truncated). Returns events in chronological order. */
+export function logEntriesToEvents(
+  entries: LogEntry[],
+  ctx: ConvertContext,
+): NormalizedToolEvent[] {
+  const events: NormalizedToolEvent[] = [];
+
+  for (const entry of entries) {
+    if (entry.type !== "assistant") continue;
+    for (const block of entry.message.content) {
+      if (block.type !== "tool_use") continue;
+      const rawName = block.name;
+      const canonicalName = canonicalizeToolName(rawName, ctx.cli) ?? rawName;
+      const canonicalInput = canonicalizeToolInput(
+        canonicalName,
+        block.input,
+        ctx.cli,
+      ) as Record<string, unknown>;
+
+      let toolResultText: string | undefined;
+      if (block.result?.content) {
+        toolResultText = truncateToUtf8Bytes(block.result.content, AUDIT_TOOL_RESULT_MAX_BYTES);
+      }
+
+      events.push({
+        cli: ctx.cli,
+        sessionId: ctx.sessionId,
+        transcriptPath: ctx.transcriptPath,
+        cwd: ctx.cwd,
+        timestamp: entry.timestamp,
+        toolName: canonicalName,
+        rawToolName: rawName,
+        toolInput: canonicalInput ?? {},
+        toolResultText,
+      });
+    }
+  }
+
+  return events;
+}

package/src/audit/detectors/find-from-root.ts

@@ -0,0 +1,27 @@
+import type { Detector } from "../types";
+
+const RISKY_ROOTS = ["/", "/home", "/usr", "/etc", "/var", "/opt", "/Users"];
+
+/** Bash `find` invoked against the filesystem root or another high-level
+ *  directory — tends to exhaust resources and rarely returns useful results. */
+export const findFromRoot: Detector = {
+  name: "find-from-root",
+  description: "Bash `find` against `/`, `/home`, `/usr`, etc. — scope to cwd instead.",
+  category: "Risky",
+  severity: "warn",
+  displayTitle: "Ran find from /, /home, /usr, etc.",
+  impact: "Filesystem-wide finds exhaust resources and rarely return useful results.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command.trim();
+    // find / OR find /home OR find "/etc" …  — first non-flag arg
+    const match = /(?:^|[\s;|&])find\s+(?:-\S+\s+)*("[^"]+"|'[^']+'|\S+)/.exec(cmd);
+    if (!match) return null;
+    const raw = match[1].replace(/^["']|["']$/g, "");
+    const stripped = raw.replace(/\/+$/, "") || "/";
+    if (!RISKY_ROOTS.includes(stripped)) return null;
+    return { example: cmd.slice(0, 160) };
+  },
+};

package/src/audit/detectors/git-commit-no-verify.ts

@@ -0,0 +1,22 @@
+import type { Detector } from "../types";
+
+/** `git commit ... --no-verify` (or short `-n`) — skipping pre-commit hooks. */
+export const gitCommitNoVerify: Detector = {
+  name: "git-commit-no-verify",
+  description: "git commit invoked with --no-verify / -n, skipping hooks.",
+  category: "Risky",
+  severity: "warn",
+  displayTitle: "Committed with --no-verify",
+  impact: "Skips pre-commit hooks that exist to catch broken or unsafe code.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command;
+    if (!/\bgit\s+commit\b/.test(cmd)) return null;
+    if (/\s--no-verify\b/.test(cmd) || /\s-n\b/.test(cmd)) {
+      return { example: cmd.replace(/\s+/g, " ").trim().slice(0, 160) };
+    }
+    return null;
+  },
+};

package/src/audit/detectors/index.ts

@@ -0,0 +1,33 @@
+/**
+ * Registry of audit-only detectors.
+ *
+ * Detectors are pure functions over a NormalizedToolEvent (plus optional
+ * per-session state). They detect "stupid behaviors" not currently covered by
+ * the runtime builtin policies, with no real-time enforcement — counting only.
+ *
+ * Add a new detector by writing a sibling file and registering it here.
+ */
+import type { Detector } from "../types";
+import { redundantCdCwd } from "./redundant-cd-cwd";
+import { preferEditOverReadCat } from "./prefer-edit-over-read-cat";
+import { preferEditOverSedAwk } from "./prefer-edit-over-sed-awk";
+import { preferWriteOverHeredoc } from "./prefer-write-over-heredoc";
+import { sleepPollingLoop } from "./sleep-polling-loop";
+import { findFromRoot } from "./find-from-root";
+import { gitCommitNoVerify } from "./git-commit-no-verify";
+import { rereadAfterEdit } from "./reread-after-edit";
+
+export const AUDIT_DETECTORS: Detector[] = [
+  redundantCdCwd,
+  preferEditOverReadCat,
+  preferEditOverSedAwk,
+  preferWriteOverHeredoc,
+  sleepPollingLoop,
+  findFromRoot,
+  gitCommitNoVerify,
+  rereadAfterEdit,
+];
+
+export function getDetectorByName(name: string): Detector | undefined {
+  return AUDIT_DETECTORS.find((d) => d.name === name);
+}

package/src/audit/detectors/prefer-edit-over-read-cat.ts

@@ -0,0 +1,31 @@
+import type { Detector } from "../types";
+
+const SOURCE_EXT_RE = /\.(?:ts|tsx|js|jsx|mjs|cjs|py|go|rs|java|kt|swift|rb|php|c|h|cc|cpp|hpp|cs|scala|sh|bash|zsh|json|yaml|yml|toml|md|txt|sql|html|css|scss|sass)$/i;
+
+/** `cat | head | tail | less | more` invoked on a single source file with no
+ *  shell pipeline / redirection. The Read tool is the right answer. .env files
+ *  are intentionally excluded (covered by `block-env-files`). */
+export const preferEditOverReadCat: Detector = {
+  name: "prefer-edit-over-read-cat",
+  description: "Bash `cat`/`head`/`tail`/`less`/`more` on a single source file — use Read.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Used `cat`/`head`/`tail` on a source file",
+  impact: "Burns tokens; the Read tool returns content directly without going through Bash output.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command.trim();
+    // Reject any shell pipeline, redirection, command chaining or substitution.
+    if (/[|<>;&`$()]/.test(cmd)) return null;
+    const match = /^(cat|head|tail|less|more)\s+(?:-\S+\s+)*(?:"([^"]+)"|'([^']+)'|(\S+))\s*$/.exec(cmd);
+    if (!match) return null;
+    const path = match[2] ?? match[3] ?? match[4] ?? "";
+    if (!path) return null;
+    // .env is covered by block-env-files; skip to avoid double-counting.
+    if (/(?:^|\/)\.env(?:\..+)?$/.test(path)) return null;
+    if (!SOURCE_EXT_RE.test(path)) return null;
+    return { example: cmd };
+  },
+};

package/src/audit/detectors/prefer-edit-over-sed-awk.ts

@@ -0,0 +1,27 @@
+import type { Detector } from "../types";
+
+/** In-place edits with `sed -i` or `awk … > file` that should have been done
+ *  with the Edit tool. */
+export const preferEditOverSedAwk: Detector = {
+  name: "prefer-edit-over-sed-awk",
+  description: "Bash `sed -i`/`awk` in-place edits — use Edit.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Used sed -i or awk for an in-place edit",
+  impact: "Edit tool is safer and produces a diff the agent can verify.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command.trim();
+    // `sed -i ...` (GNU/macOS) or `sed -i'.bak' ...` (BSD-style)
+    if (/(?:^|\s|;|&&|\|\|)sed\b[^|]*\s-i(?=\b|['"])/.test(cmd)) {
+      return { example: cmd };
+    }
+    // `awk '...' file > out` or `awk '...' file > file` (in-place via redirection)
+    if (/(?:^|\s|;|&&|\|\|)awk\b[^|]*\s>\s*\S+/.test(cmd) && !/\|/.test(cmd)) {
+      return { example: cmd };
+    }
+    return null;
+  },
+};

package/src/audit/detectors/prefer-write-over-heredoc.ts

@@ -0,0 +1,36 @@
+import type { Detector } from "../types";
+
+/** `cat << EOF > file` heredoc patterns or `echo … > file` writing multi-line
+ *  content. The Write tool is the right answer. */
+export const preferWriteOverHeredoc: Detector = {
+  name: "prefer-write-over-heredoc",
+  description: "Bash heredoc / `echo > file` writing multi-line content — use Write.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Used heredoc / `echo > file` to write a multi-line file",
+  impact: "Write tool handles escaping and is verifiable.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command;
+    // Heredoc redirected to a file IMMEDIATELY after the delimiter:
+    //   `cat <<'EOF' > path`   ← match (heredoc opens AND redirects in one step)
+    //   `cat <<EOF` inside `$(...)` ← skip (heredoc captured by command substitution,
+    //                                   later `> file` is unrelated)
+    // The redirect must appear before the next whitespace/newline that ends the
+    // heredoc opener line — otherwise it's a body or downstream redirect.
+    // Heredoc delimiters are case-sensitive but `EOF`, `eof`, `Eof`, `MARKER`
+    // and digits-after-letter are all valid; match any letter/digit/underscore.
+    if (/<<-?\s*['"]?[A-Za-z_][A-Za-z0-9_]*['"]?\s*>\s*\S/.test(cmd)) {
+      const summary = cmd.replace(/\s+/g, " ").trim().slice(0, 160);
+      return { example: summary };
+    }
+    // `echo "multi\nline" > file` or `printf "..." > file` with embedded newlines.
+    if (/(?:^|\s|;|&&|\|\|)(?:echo|printf)\s+["'][^"']*\n[^"']*["']\s*>\s*\S/.test(cmd)) {
+      const summary = cmd.replace(/\s+/g, " ").trim().slice(0, 160);
+      return { example: summary };
+    }
+    return null;
+  },
+};

package/src/audit/detectors/redundant-cd-cwd.ts

@@ -0,0 +1,28 @@
+import type { Detector } from "../types";
+
+/** Bash command starting with `cd <absolute-path> && …` where the absolute
+ *  path equals (or is the same realpath as) the session's cwd. The agent's
+ *  shell already runs in cwd — the prefix is pure waste. Explicitly called
+ *  out in the Claude Code system prompt for git commands. */
+export const redundantCdCwd: Detector = {
+  name: "redundant-cd-cwd",
+  description:
+    "Bash commands prefixed with `cd <cwd> && …` even though commands already run in cwd.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Prepended cd <cwd> before commands",
+  impact: "Pure waste — your agent's shell already runs in `cwd`.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string" || !event.cwd) return null;
+    const trimmed = command.trimStart();
+    const match = /^cd\s+(?:"([^"]+)"|'([^']+)'|(\S+))\s*&&\s*([\s\S]+)$/.exec(trimmed);
+    if (!match) return null;
+    const path = (match[1] ?? match[2] ?? match[3] ?? "").replace(/\/+$/, "");
+    const cwd = event.cwd.replace(/\/+$/, "");
+    if (path !== cwd) return null;
+    const rest = match[4].trim();
+    return { example: `cd ${path} && ${rest}` };
+  },
+};

package/src/audit/detectors/reread-after-edit.ts

@@ -0,0 +1,58 @@
+import type { Detector, DetectorSessionState } from "../types";
+
+const STATE_KEY = "rereadAfterEdit";
+const WINDOW = 5;
+
+interface RereadState {
+  /** Map of file_path → number of remaining tool-calls in which a Read should
+   *  trigger this detector. Decremented every tool event; deleted at 0. */
+  countdown: Map<string, number>;
+}
+
+function getState(state: DetectorSessionState): RereadState {
+  let s = state[STATE_KEY] as RereadState | undefined;
+  if (!s) {
+    s = { countdown: new Map() };
+    state[STATE_KEY] = s;
+  }
+  return s;
+}
+
+/** When Edit or Write lands on file_path, then a subsequent Read of the same
+ *  file_path within N tool calls is wasteful — the editor already returned the
+ *  updated content. Explicitly called out in the Claude system prompt. */
+export const rereadAfterEdit: Detector = {
+  name: "reread-after-edit",
+  description: "Read of a file that was just Edit'd or Write'n in the same session.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Re-read a file it just edited",
+  impact: "Edit/Write already returned the updated content; the second Read is wasted tokens.",
+  detect(event, sessionState) {
+    const state = getState(sessionState);
+    const filePath = (event.toolInput as { file_path?: unknown }).file_path;
+    const pathStr = typeof filePath === "string" ? filePath : null;
+
+    // Tick down every existing countdown.
+    for (const [key, n] of state.countdown) {
+      if (n <= 1) state.countdown.delete(key);
+      else state.countdown.set(key, n - 1);
+    }
+
+    if (!pathStr) return null;
+
+    if (event.toolName === "Edit" || event.toolName === "Write") {
+      state.countdown.set(pathStr, WINDOW);
+      return null;
+    }
+
+    if (event.toolName === "Read") {
+      if (state.countdown.has(pathStr)) {
+        state.countdown.delete(pathStr); // count once per edit-then-read pair
+        return { example: `Read ${pathStr} immediately after Edit/Write` };
+      }
+    }
+
+    return null;
+  },
+};

package/src/audit/detectors/sleep-polling-loop.ts

@@ -0,0 +1,34 @@
+import type { Detector } from "../types";
+
+const SLEEP_THRESHOLD_SECONDS = 30;
+
+/** Bash `sleep N` where N ≥ 30 (busy polling), or `while …; sleep …; done`. */
+export const sleepPollingLoop: Detector = {
+  name: "sleep-polling-loop",
+  description: "Bash long `sleep` or while-sleep polling loops.",
+  category: "Wasteful",
+  severity: "info",
+  displayTitle: "Used a long sleep or while-sleep polling loop",
+  impact: "Burns wall-clock; better to wait for an explicit signal.",
+  detect(event) {
+    if (event.toolName !== "Bash") return null;
+    const command = (event.toolInput as { command?: unknown }).command;
+    if (typeof command !== "string") return null;
+    const cmd = command;
+    // while-sleep loop
+    if (/\bwhile\b[\s\S]*?\bsleep\b[\s\S]*?\bdone\b/.test(cmd)) {
+      return { example: cmd.replace(/\s+/g, " ").trim().slice(0, 160) };
+    }
+    // Standalone long sleep. parseFloat so `sleep 0.5m` (= 30s) isn't dropped.
+    const match = /\bsleep\s+(\d+(?:\.\d+)?)(m|h|d)?\b/.exec(cmd);
+    if (match) {
+      const n = parseFloat(match[1]);
+      const unit = match[2] ?? "s";
+      const seconds = unit === "m" ? n * 60 : unit === "h" ? n * 3600 : unit === "d" ? n * 86400 : n;
+      if (seconds >= SLEEP_THRESHOLD_SECONDS) {
+        return { example: cmd.replace(/\s+/g, " ").trim().slice(0, 160) };
+      }
+    }
+    return null;
+  },
+};