Claude-Autopilot

First general availability of the renamed package.

@delegance/guardrail is now @delegance/claude-autopilot. Old installs keep working via a forwarding tombstone published as @delegance/[email protected].

Install

npm install -g @delegance/claude-autopilot
claude-autopilot init

What changed in v5

• Renamed from @delegance/guardrail to @delegance/claude-autopilot to reflect what the package actually is — an end-to-end autonomous development pipeline, not just a PR review tool.
• Pipeline-first README with competitive comparison against Devin, Copilot Workspace, Factory Droids, and OpenHands.
• Compiled JS under dist/ (alphas .3–.5 hardened package-root resolution, adapter loaders, and rule loaders so the published tarball runs identically to local source).
• claude-autopilot bin added; legacy guardrail bin remains aliased to the review subcommands through v5.x.
• Forwarding tombstone at the old name so existing npm install -g @delegance/guardrail users keep working.
• Codemod to migrate consumers from old → new package name.
• Superpowers compat doctor + grouped verbs to make the CLI surface easier to learn.

Benchmark

On a Next.js fixture seeded with 13 production-realistic bugs across the categories the README advertises (SQL injection, hardcoded secret, missing auth, IDOR, CORS wildcard, SSRF, open redirect, TOCTOU race, silent error swallow, off-by-one, missing rate limit, console.log in prod, missing input validation):

| Configuration | Bugs caught | Cost | Time |
|---|---|---|---|
| claude-autopilot scan --all with Claude Opus | 13 / 13 | $0.21 | 38 s |

Reproduction steps in the README.

Release path

• alpha.1 — rename to @delegance/claude-autopilot
• alpha.2 — compat gate + superpowers doctor + grouped verbs
• alpha.3 — compiled JS, tombstone, codemod, CI parity
• alpha.4 — package-root resolution under compiled JS
• alpha.5 — adapter + rule loaders under compiled JS
• 5.0.0 GA — promote alpha.5 + ship benchmark in README (#38)