token-pilot 0.43.0 → 0.44.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/marketplace.json +3 -3
- package/.claude-plugin/plugin.json +1 -1
- package/CHANGELOG.md +32 -0
- package/agents/tp-api-surface-tracker.md +1 -1
- package/agents/tp-audit-scanner.md +1 -1
- package/agents/tp-commit-writer.md +1 -1
- package/agents/tp-context-engineer.md +1 -1
- package/agents/tp-dead-code-finder.md +1 -1
- package/agents/tp-debugger.md +1 -1
- package/agents/tp-dep-health.md +1 -1
- package/agents/tp-doc-writer.md +1 -1
- package/agents/tp-history-explorer.md +1 -1
- package/agents/tp-impact-analyzer.md +1 -1
- package/agents/tp-incident-timeline.md +1 -1
- package/agents/tp-incremental-builder.md +1 -1
- package/agents/tp-migration-scout.md +1 -1
- package/agents/tp-onboard.md +1 -1
- package/agents/tp-performance-profiler.md +1 -1
- package/agents/tp-pr-reviewer.md +1 -1
- package/agents/tp-refactor-planner.md +1 -1
- package/agents/tp-review-impact.md +1 -1
- package/agents/tp-run.md +1 -1
- package/agents/tp-session-restorer.md +1 -1
- package/agents/tp-ship-coordinator.md +1 -1
- package/agents/tp-spec-writer.md +1 -1
- package/agents/tp-test-coverage-gapper.md +1 -1
- package/agents/tp-test-triage.md +1 -1
- package/agents/tp-test-writer.md +1 -1
- package/dist/config/defaults.js +5 -1
- package/dist/hooks/pre-bash.js +36 -0
- package/package.json +2 -2
|
@@ -6,14 +6,14 @@
|
|
|
6
6
|
},
|
|
7
7
|
"metadata": {
|
|
8
8
|
"description": "Token Pilot — save 60-90% tokens when AI reads code",
|
|
9
|
-
"version": "0.
|
|
9
|
+
"version": "0.44.0"
|
|
10
10
|
},
|
|
11
11
|
"plugins": [
|
|
12
12
|
{
|
|
13
13
|
"name": "token-pilot",
|
|
14
14
|
"source": "./",
|
|
15
|
-
"description": "Reduces token consumption by 60-90% via AST-aware lazy file reading, structural symbol navigation, and cross-session tool-usage analytics.
|
|
16
|
-
"version": "0.
|
|
15
|
+
"description": "Reduces token consumption by 60-90% via AST-aware lazy file reading, structural symbol navigation, and cross-session tool-usage analytics. 23 MCP tools + 25 subagents + budget watchdog hooks.",
|
|
16
|
+
"version": "0.44.0",
|
|
17
17
|
"author": {
|
|
18
18
|
"name": "Digital-Threads"
|
|
19
19
|
},
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "token-pilot",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.44.0",
|
|
4
4
|
"description": "Saves 60-90% tokens on AI code reading. AST-aware lazy reads, symbol navigation, find_usages, structural git diff/log, edit-safety guard, Task-routing matcher, cross-session telemetry (errors + diagnostics), 25 tp-* subagents tiered to haiku/sonnet/opus with budget watchdog.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Digital-Threads",
|
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,38 @@ All notable changes to Token Pilot will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.44.0] - 2026-06-10
|
|
9
|
+
|
|
10
|
+
### Changed — adaptive deny threshold ON by default
|
|
11
|
+
|
|
12
|
+
`hooks.adaptiveThreshold` now defaults to `true`. The curve is a no-op below
|
|
13
|
+
30% session burn, so short / light sessions read exactly as before. Once an
|
|
14
|
+
agent has already pulled many large files — the long-session degradation users
|
|
15
|
+
actually report — the Read-hook deny threshold tightens (300 → 225 → 150 → 90,
|
|
16
|
+
floor 50 lines), pushing the agent back onto `smart_read` / `read_symbol` when
|
|
17
|
+
context is most precious. Opt out with `adaptiveThreshold: false`.
|
|
18
|
+
|
|
19
|
+
### Added — pre-bash catches `sed` / `head` / `tail` raw-range dumps
|
|
20
|
+
|
|
21
|
+
The Bash pre-hook already blocked `cat <code-file>`; agents under pressure
|
|
22
|
+
worked around it with `sed -n '1,500p' file.ts` or `head -n 500 file.ts` to
|
|
23
|
+
pull a large slice straight to stdout. These now deny with a pointer to
|
|
24
|
+
`read_range` / `read_symbol` / `smart_read`. Exempt, as before: pipes
|
|
25
|
+
(processing), redirects (writing), `sed -i` (in-place edit), and small
|
|
26
|
+
`head` / `tail` counts (< 300 lines — the sanctioned bounded read).
|
|
27
|
+
|
|
28
|
+
### Maintenance
|
|
29
|
+
|
|
30
|
+
`@ast-index/cli` lockfile tracks `3.47.0` (floor `^3.44.0` unchanged).
|
|
31
|
+
|
|
32
|
+
## [0.43.1] - 2026-06-06
|
|
33
|
+
|
|
34
|
+
### Fixed — `@ast-index/cli` floor raised to `^3.44.0`
|
|
35
|
+
|
|
36
|
+
`module_route` (0.43.0) needs the ast-index `module-route` command, which
|
|
37
|
+
exists only in ast-index 3.44+. The floor was `^3.38.0`, so an install
|
|
38
|
+
resolving ast-index below 3.44 would have `module_route` fail. No API change.
|
|
39
|
+
|
|
8
40
|
## [0.43.0] - 2026-06-06
|
|
9
41
|
|
|
10
42
|
Bundled release: everything actionable from **ast-index 3.41→3.45** and
|
|
@@ -9,7 +9,7 @@ tools:
|
|
|
9
9
|
- mcp__token-pilot__read_symbol
|
|
10
10
|
- Bash
|
|
11
11
|
model: haiku
|
|
12
|
-
token_pilot_version: "0.
|
|
12
|
+
token_pilot_version: "0.44.0"
|
|
13
13
|
token_pilot_body_hash: dd184501203fa7f3c73f419c4ffbe33c4be75400cb64a7a51733a3fe23f6e085
|
|
14
14
|
requiredMcpServers:
|
|
15
15
|
- "token-pilot"
|
|
@@ -8,7 +8,7 @@ tools:
|
|
|
8
8
|
- mcp__token-pilot__test_summary
|
|
9
9
|
- mcp__token-pilot__outline
|
|
10
10
|
- Bash
|
|
11
|
-
token_pilot_version: "0.
|
|
11
|
+
token_pilot_version: "0.44.0"
|
|
12
12
|
token_pilot_body_hash: de64a406b5176de19f7422619c7de7949b1f28865f225402c9cea9255f377428
|
|
13
13
|
requiredMcpServers:
|
|
14
14
|
- "token-pilot"
|
package/agents/tp-debugger.md
CHANGED
package/agents/tp-dep-health.md
CHANGED
package/agents/tp-doc-writer.md
CHANGED
|
@@ -12,7 +12,7 @@ tools:
|
|
|
12
12
|
- mcp__token-pilot__read_symbols
|
|
13
13
|
- Read
|
|
14
14
|
model: sonnet
|
|
15
|
-
token_pilot_version: "0.
|
|
15
|
+
token_pilot_version: "0.44.0"
|
|
16
16
|
token_pilot_body_hash: 351a987e11eba63852f5431a16d8eb53104f4f689f82fdcc5a2bf4db948ba92f
|
|
17
17
|
requiredMcpServers:
|
|
18
18
|
- "token-pilot"
|
|
@@ -8,7 +8,7 @@ tools:
|
|
|
8
8
|
- mcp__token-pilot__read_symbol
|
|
9
9
|
- Bash
|
|
10
10
|
model: inherit
|
|
11
|
-
token_pilot_version: "0.
|
|
11
|
+
token_pilot_version: "0.44.0"
|
|
12
12
|
token_pilot_body_hash: de5722bfea374eaab096c1ae635c37879e7a91370ee3cd0532f4240be03c91eb
|
|
13
13
|
requiredMcpServers:
|
|
14
14
|
- "token-pilot"
|
package/agents/tp-onboard.md
CHANGED
|
@@ -10,7 +10,7 @@ tools:
|
|
|
10
10
|
- mcp__token-pilot__smart_read
|
|
11
11
|
- mcp__token-pilot__smart_read_many
|
|
12
12
|
- mcp__token-pilot__read_section
|
|
13
|
-
token_pilot_version: "0.
|
|
13
|
+
token_pilot_version: "0.44.0"
|
|
14
14
|
token_pilot_body_hash: 832e95633fbc8e9b0c10f3e540a327d4be062fb4b3f17a6cce6be13f414e2927
|
|
15
15
|
requiredMcpServers:
|
|
16
16
|
- "token-pilot"
|
package/agents/tp-pr-reviewer.md
CHANGED
|
@@ -11,7 +11,7 @@ tools:
|
|
|
11
11
|
- mcp__token-pilot__read_for_edit
|
|
12
12
|
- Read
|
|
13
13
|
model: sonnet
|
|
14
|
-
token_pilot_version: "0.
|
|
14
|
+
token_pilot_version: "0.44.0"
|
|
15
15
|
token_pilot_body_hash: f83f50d05b4f70285ae7afed2b1a406fc436df56e61a0aedbfb31edc7f2b6e66
|
|
16
16
|
requiredMcpServers:
|
|
17
17
|
- "token-pilot"
|
|
@@ -8,7 +8,7 @@ tools:
|
|
|
8
8
|
- mcp__token-pilot__outline
|
|
9
9
|
- mcp__token-pilot__read_symbol
|
|
10
10
|
model: sonnet
|
|
11
|
-
token_pilot_version: "0.
|
|
11
|
+
token_pilot_version: "0.44.0"
|
|
12
12
|
token_pilot_body_hash: c5f6fc122c89e16e5cf774045f92169ee3468555320b898171ba13eca5323550
|
|
13
13
|
requiredMcpServers:
|
|
14
14
|
- "token-pilot"
|
|
@@ -9,7 +9,7 @@ tools:
|
|
|
9
9
|
- mcp__token-pilot__module_info
|
|
10
10
|
- Bash
|
|
11
11
|
model: sonnet
|
|
12
|
-
token_pilot_version: "0.
|
|
12
|
+
token_pilot_version: "0.44.0"
|
|
13
13
|
token_pilot_body_hash: 8ef3c3341cbfed4eb8dd130126a9683edc57e378c92ff0ca764d584fd941c55c
|
|
14
14
|
requiredMcpServers:
|
|
15
15
|
- "token-pilot"
|
package/agents/tp-run.md
CHANGED
package/agents/tp-spec-writer.md
CHANGED
|
@@ -10,7 +10,7 @@ tools:
|
|
|
10
10
|
- mcp__token-pilot__test_summary
|
|
11
11
|
- Glob
|
|
12
12
|
- Grep
|
|
13
|
-
token_pilot_version: "0.
|
|
13
|
+
token_pilot_version: "0.44.0"
|
|
14
14
|
token_pilot_body_hash: be81eed53a3720d146cf89e4a14a7a56577633f7c84c234c412ab70d64c05b11
|
|
15
15
|
requiredMcpServers:
|
|
16
16
|
- "token-pilot"
|
package/agents/tp-test-triage.md
CHANGED
|
@@ -8,7 +8,7 @@ tools:
|
|
|
8
8
|
- mcp__token-pilot__find_usages
|
|
9
9
|
- mcp__token-pilot__read_symbol
|
|
10
10
|
model: sonnet
|
|
11
|
-
token_pilot_version: "0.
|
|
11
|
+
token_pilot_version: "0.44.0"
|
|
12
12
|
token_pilot_body_hash: 362ecf4cb03b059421ea26933473700900073dc38b3a7fe271208dfb1ae14f90
|
|
13
13
|
requiredMcpServers:
|
|
14
14
|
- "token-pilot"
|
package/agents/tp-test-writer.md
CHANGED
package/dist/config/defaults.js
CHANGED
|
@@ -27,7 +27,11 @@ export const DEFAULT_CONFIG = {
|
|
|
27
27
|
autoInstall: true,
|
|
28
28
|
denyThreshold: 300,
|
|
29
29
|
mode: "deny-enhanced",
|
|
30
|
-
|
|
30
|
+
// v0.44.0 — ON by default. The curve is a no-op below 30% session
|
|
31
|
+
// burn (short/light sessions read exactly as before), and only
|
|
32
|
+
// tightens the deny threshold once an agent has already pulled many
|
|
33
|
+
// large files — i.e. the long-session degradation users actually hit.
|
|
34
|
+
adaptiveThreshold: true,
|
|
31
35
|
adaptiveBudgetTokens: 100_000,
|
|
32
36
|
},
|
|
33
37
|
context: {
|
package/dist/hooks/pre-bash.js
CHANGED
|
@@ -25,6 +25,11 @@
|
|
|
25
25
|
* v0.28.0; tighten only if tool-audit shows repeated escapes.
|
|
26
26
|
*/
|
|
27
27
|
const CODE_EXT_RE = /\.(ts|tsx|js|jsx|mjs|cjs|py|rb|go|rs|java|kt|swift|php|cs|cpp|c|h|hpp|scala|clj|ex|exs|elm|ml|fs|dart|lua|sh|bash|zsh)(\s|$|;|\||&|>|<)/;
|
|
28
|
+
// v0.44.0 — a `head -n N` / `tail -n N` slice this large on a code file is
|
|
29
|
+
// a whole-file dump in disguise. Mirrors the Read-hook denyThreshold (300)
|
|
30
|
+
// so the two layers agree on what counts as "too big". Smaller slices are
|
|
31
|
+
// the sanctioned bounded alternative and pass through.
|
|
32
|
+
const RAW_SLICE_DENY_LINES = 300;
|
|
28
33
|
/** Check whether the command contains a specific utility invocation at
|
|
29
34
|
* top level (not inside a quoted string). Cheap lexical match. */
|
|
30
35
|
function invokes(command, utility) {
|
|
@@ -133,6 +138,37 @@ function detectHeavyPatternSingle(command) {
|
|
|
133
138
|
"For head/tail access use `head -n N` or `tail -n N`.",
|
|
134
139
|
};
|
|
135
140
|
}
|
|
141
|
+
// 3b. sed / head / tail reading a code file as a raw range dump.
|
|
142
|
+
// v0.44.0 — closes the leak the cat rule left open: an agent under
|
|
143
|
+
// context pressure reaches for `sed -n '1,500p' file.ts` or
|
|
144
|
+
// `head -n 500 file.ts` to pull a big slice straight to stdout,
|
|
145
|
+
// sidestepping both the Read hook and the cat rule. Exempt the same
|
|
146
|
+
// shapes cat exempts — pipes (processing) and redirects (writing) —
|
|
147
|
+
// plus `sed -i` (in-place edit, not a read).
|
|
148
|
+
const dumpsCodeFile = CODE_EXT_RE.test(cmd) && !cmd.includes("|") && !/>/.test(cmd);
|
|
149
|
+
if (dumpsCodeFile && invokes(cmd, "sed") && !/\bsed\b[^|>]*\s-i\b/.test(cmd)) {
|
|
150
|
+
return {
|
|
151
|
+
kind: "deny",
|
|
152
|
+
reason: "`sed` on a code file dumps a raw range into context. " +
|
|
153
|
+
"Use mcp__token-pilot__read_range(path, start, end) for a bounded slice, " +
|
|
154
|
+
"read_symbol(path, name) for one function, or smart_read(path) for structure.",
|
|
155
|
+
};
|
|
156
|
+
}
|
|
157
|
+
if (dumpsCodeFile && (invokes(cmd, "head") || invokes(cmd, "tail"))) {
|
|
158
|
+
// Match an explicit line count: `-500`, `-n 500`, `-n500`. A `-c N`
|
|
159
|
+
// byte count or the default (no flag → 10 lines) never matches, so
|
|
160
|
+
// genuinely small slices pass through untouched.
|
|
161
|
+
const m = cmd.match(/(?:^|\s)-(?:n\s*)?(\d+)\b/);
|
|
162
|
+
const n = m ? parseInt(m[1], 10) : 0;
|
|
163
|
+
if (n >= RAW_SLICE_DENY_LINES) {
|
|
164
|
+
return {
|
|
165
|
+
kind: "deny",
|
|
166
|
+
reason: "`head`/`tail` with a large line count dumps a big slice into context. " +
|
|
167
|
+
"Use mcp__token-pilot__read_range(path, start, end) for a bounded slice, " +
|
|
168
|
+
"or smart_read(path) for a structural overview.",
|
|
169
|
+
};
|
|
170
|
+
}
|
|
171
|
+
}
|
|
136
172
|
// 4. git log without -n / -N / -<N> (short-form max-count) / --max-count
|
|
137
173
|
// v0.30.3: added -<N> support — `git log --oneline -5` is canonical
|
|
138
174
|
// bounded syntax and must not trip the heuristic.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "token-pilot",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.44.0",
|
|
4
4
|
"description": "Save up to 80% tokens when AI reads code — MCP server for token-efficient code navigation, AST-aware structural reading instead of dumping full files into context window",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -68,7 +68,7 @@
|
|
|
68
68
|
"license": "MIT",
|
|
69
69
|
"dependencies": {
|
|
70
70
|
"@modelcontextprotocol/sdk": "^1.12.0",
|
|
71
|
-
"@ast-index/cli": "^3.
|
|
71
|
+
"@ast-index/cli": "^3.44.0",
|
|
72
72
|
"chokidar": "^4.0.3"
|
|
73
73
|
},
|
|
74
74
|
"devDependencies": {
|