token-pilot 0.8.0 → 0.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +9 -0
  2. package/README.md +4 -0
  3. package/dist/ast-index/client.d.ts +1 -1
  4. package/dist/ast-index/client.js +14 -9
  5. package/dist/server.js +2 -0
  6. package/package.json +21 -12
package/CHANGELOG.md CHANGED
@@ -5,6 +5,15 @@ All notable changes to Token Pilot will be documented in this file.
5
5
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
6
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
 
8
+ ## [0.8.1] - 2026-03-08
9
+
10
+ ### Added
11
+ - **ast-grep auto-install** — `@ast-grep/cli` added as optional dependency. `code_audit(check="pattern")` now works out-of-the-box without manual `brew install ast-grep`.
12
+ - **MCP instructions: security audit guidance** — instructions now recommend Grep for security patterns (password, token, secret, credential) and `find_unused` for dead code detection.
13
+
14
+ ### Changed
15
+ - **ast-index stats → JSON parsing** — `--format json` for reliable file count extraction instead of regex on text output.
16
+
8
17
  ## [0.8.0] - 2026-03-07
9
18
 
10
19
  ### Added
package/README.md CHANGED
@@ -107,6 +107,10 @@ brew tap defendend/ast-index && brew install ast-index
107
107
  npx token-pilot install-ast-index
108
108
  ```
109
109
 
110
+ ### ast-grep (bundled)
111
+
112
+ [ast-grep](https://ast-grep.github.io/) (`sg`) is included as optional dependency for structural code pattern search via `code_audit(check="pattern")`. Installs automatically with `npm i -g token-pilot`.
113
+
110
114
  ### PreToolUse Hook (Claude Code only)
111
115
 
112
116
  Optional hook that intercepts `Read` calls for large code files (>500 lines) and suggests `smart_read`. Claude Code only.
package/dist/ast-index/client.d.ts CHANGED
@@ -21,7 +21,7 @@ export declare class AstIndexClient {
21
21
  private buildIndex;
22
22
  /** Mark index as oversized — disables index-dependent tools, outline still works */
23
23
  private handleOversizedIndex;
24
- /** Extract file count from stats output */
24
+ /** Extract file count from stats output (JSON or text) */
25
25
  private parseFileCount;
26
26
  outline(filePath: string): Promise<FileStructure | null>;
27
27
  /**
package/dist/ast-index/client.js CHANGED
@@ -75,9 +75,8 @@ export class AstIndexClient {
75
75
  // Check if index already exists and has files
76
76
  let existingFileCount = 0;
77
77
  try {
78
- const stats = await this.exec(['stats']);
79
- const filesMatch = stats.match(/Files:\s*(\d+)/);
80
- existingFileCount = filesMatch ? parseInt(filesMatch[1], 10) : 0;
78
+ const stats = await this.exec(['--format', 'json', 'stats']);
79
+ existingFileCount = this.parseFileCount(stats);
81
80
  }
82
81
  catch { /* no index yet */ }
83
82
  // Guard: existing index is oversized (node_modules leak from previous build)
@@ -97,9 +96,7 @@ export class AstIndexClient {
97
96
  await this.exec(['update'], 30000);
98
97
  // Re-check count after update
99
98
  try {
100
- const statsText = await this.exec(['stats']);
101
- const filesMatch = statsText.match(/Files:\s*(\d+)/);
102
- existingFileCount = filesMatch ? parseInt(filesMatch[1], 10) : existingFileCount;
99
+ existingFileCount = this.parseFileCount(await this.exec(['--format', 'json', 'stats']));
103
100
  }
104
101
  catch { /* keep previous count */ }
105
102
  // Guard: update may have grown index beyond limit
@@ -118,7 +115,7 @@ export class AstIndexClient {
118
115
  console.error('[token-pilot] ast-index: building index (this may take a moment)...');
119
116
  try {
120
117
  await this.exec(['rebuild'], 120000);
121
- const fileCount = this.parseFileCount(await this.exec(['stats']).catch(() => ''));
118
+ const fileCount = this.parseFileCount(await this.exec(['--format', 'json', 'stats']).catch(() => ''));
122
119
  // Guard: rebuild produced oversized index
123
120
  if (fileCount > AstIndexClient.MAX_INDEX_FILES) {
124
121
  return this.handleOversizedIndex(fileCount);
@@ -130,7 +127,7 @@ export class AstIndexClient {
130
127
  // If rebuild failed due to lock, check if index is usable anyway
131
128
  const errMsg = buildErr instanceof Error ? buildErr.message : String(buildErr);
132
129
  if (errMsg.includes('lock') || errMsg.includes('already running')) {
133
- const count = this.parseFileCount(await this.exec(['stats']).catch(() => ''));
130
+ const count = this.parseFileCount(await this.exec(['--format', 'json', 'stats']).catch(() => ''));
134
131
  if (count > 0 && count <= AstIndexClient.MAX_INDEX_FILES) {
135
132
  this.indexed = true;
136
133
  console.error(`[token-pilot] ast-index: using existing index (${count} files, rebuild skipped due to lock)`);
@@ -158,8 +155,16 @@ export class AstIndexClient {
158
155
  ` → Tools disabled: find_unused, find_usages, related_files, project_overview\n` +
159
156
  ` → Tools still working: outline, smart_read, smart_read_many, read_symbol`);
160
157
  }
161
- /** Extract file count from stats output */
158
+ /** Extract file count from stats output (JSON or text) */
162
159
  parseFileCount(statsText) {
160
+ // Try JSON first (--format json)
161
+ try {
162
+ const json = JSON.parse(statsText);
163
+ if (json?.stats?.file_count !== undefined)
164
+ return json.stats.file_count;
165
+ }
166
+ catch { /* not JSON, fall through */ }
167
+ // Fallback: text format
163
168
  const match = statsText.match(/Files:\s*(\d+)/);
164
169
  return match ? parseInt(match[1], 10) : 0;
165
170
  }
package/dist/server.js CHANGED
@@ -193,8 +193,10 @@ export async function createServer(projectRoot, options) {
193
193
  '',
194
194
  'COMBINE BOTH for audits and code review:',
195
195
  '• Structure/navigation → Token Pilot (project_overview, outline, smart_read)',
196
+ '• Dead code detection → find_unused (finds unreferenced symbols)',
196
197
  '• Code issues → code_audit (TODOs, deprecated, structural patterns like bare except:)',
197
198
  '• Text pattern search/counting → Grep (regex, count mode)',
199
+ '• Security audit → Grep for: password, token, secret, credential, hardcoded, api_key, TODO.*security',
198
200
  '• Deep dive into specific code → read_symbol (after finding issues)',
199
201
  '',
200
202
  'WORKFLOW: project_overview → smart_read → read_symbol → read_for_edit → edit → read_diff',
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "token-pilot",
3
- "version": "0.8.0",
4
- "description": "MCP server that reduces token consumption in AI coding assistants via AST-aware lazy file reading",
3
+ "version": "0.8.1",
4
+ "description": "Save 80% tokens when AI reads code MCP server for token-efficient code navigation, AST-aware structural reading instead of dumping full files into context window",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
7
7
  "bin": {
@@ -28,18 +28,24 @@
28
28
  "prepublishOnly": "npm run build && chmod +x dist/index.js"
29
29
  },
30
30
  "keywords": [
31
- "mcp",
32
- "token",
33
- "ast",
34
- "claude",
35
- "cursor",
36
- "codex",
37
- "cline",
38
- "ai",
39
- "coding-assistant",
31
+ "token-savings",
32
+ "token-reduction",
33
+ "context-window",
34
+ "save-tokens",
35
+ "reduce-tokens",
36
+ "token-efficient",
37
+ "token-economy",
40
38
  "context-optimization",
39
+ "fewer-tokens",
40
+ "mcp",
41
+ "mcp-server",
41
42
  "model-context-protocol",
42
- "token-savings"
43
+ "ast",
44
+ "code-reading",
45
+ "code-navigation",
46
+ "smart-read",
47
+ "ai-coding",
48
+ "llm-tools"
43
49
  ],
44
50
  "repository": {
45
51
  "type": "git",
@@ -69,5 +75,8 @@
69
75
  "ast-index": {
70
76
  "optional": true
71
77
  }
78
+ },
79
+ "optionalDependencies": {
80
+ "@ast-grep/cli": "^0.41.0"
72
81
  }
73
82
  }