diff --git a/plugins/config-audit/commands/tokens.md b/plugins/config-audit/commands/tokens.md index d156cac..92e1342 100644 --- a/plugins/config-audit/commands/tokens.md +++ b/plugins/config-audit/commands/tokens.md @@ -57,7 +57,7 @@ Use the Read tool on `$TMPFILE`. Extract: - `total_estimated_tokens` — top-line number - `hotspots[]` — top 10 ranked sources -- `findings[]` — Opus 4.7 pattern findings (CA-TOK-001..004) +- `findings[]` — Opus 4.7 pattern findings (CA-TOK-001..003) - `counts` — severity breakdown Render as markdown: @@ -104,7 +104,7 @@ rm -f "$TMPFILE" - **`/config-audit whats-active`** — full inventory of what loads (plugins, skills, MCP, hooks) - **`/config-audit posture`** — overall health scorecard (Token Efficiency is the 8th area) - **`/config-audit fix`** — auto-fix deterministic issues (where applicable) -- See `knowledge/opus-4.7-patterns.md` for the full pattern catalogue (CA-TOK-001 … 004) +- See `knowledge/opus-4.7-patterns.md` for the full pattern catalogue (CA-TOK-001 … 003) ``` ## Scope and limits diff --git a/plugins/config-audit/knowledge/opus-4.7-patterns.md b/plugins/config-audit/knowledge/opus-4.7-patterns.md index 28b5946..caf09c6 100644 --- a/plugins/config-audit/knowledge/opus-4.7-patterns.md +++ b/plugins/config-audit/knowledge/opus-4.7-patterns.md @@ -15,7 +15,10 @@ telemetry and is explicitly out of scope. | 1 | Cache-breaking volatile top-of-file content in CLAUDE.md (timestamps, session ids, rolling activity logs above stable content) | CA-TOK-001 | medium | Move volatile sections to the bottom of CLAUDE.md, or extract to an `@import`-ed file that lives outside the prompt-cache prefix. Keep the first 30 lines stable across turns. | | 2 | Redundant tool/permission declarations in settings.json (e.g., both `"Read"` and `"Read(**)"`, duplicate Bash matchers, overlapping glob patterns) | CA-TOK-002 | low | Deduplicate the `permissions.allow` and `permissions.deny` arrays. Prefer the most specific entry that still grants the intended access. Each duplicate entry inflates the tool-schema payload sent on every turn. | | 3 | Deep `@import` chain in CLAUDE.md (more than 2 hops, e.g., A → B → C → D) | CA-TOK-003 | medium | Flatten the chain to ≤ 2 hops. Each `@import` boundary fragments the prompt-cache prefix; deeply chained imports defeat caching for the deepest content even when it never changes. | -| 4 | Sonnet-era configuration signature: clean structural baseline with no Opus 4.7 features enabled (no skills, no managed-settings, no plugins, no rules) | CA-TOK-004 | info | Informational only. The configuration is structurally clean but does not yet leverage Opus 4.7-specific features (managed settings, deeper plugin integration). Not a defect — a hint that token-efficiency-driven optimisations have not been applied. Threshold calibration pending Topic 3 research. | + +> The v4 sonnet-era signature pattern was removed in v5 F5 — too noisy and not +> actionable. Hotspots ranking and per-pattern findings cover the same ground +> with concrete, file-anchored signal. ## Detection notes @@ -30,9 +33,6 @@ telemetry and is explicitly out of scope. `Bash(*)` is also present), or exact duplicates. - **Pattern 3 (deep imports)** uses the existing IMP scanner's chain depth as the input — anything > 2 hops triggers TOK-003 as well as the IMP finding. -- **Pattern 4 (sonnet-era)** is informational and emitted only when a config - is otherwise clean (no skills, no managed-settings, no plugins, minimal - hooks). The threshold is heuristic until Topic 3 research lands. ## Threshold calibration @@ -40,8 +40,7 @@ All thresholds in this catalogue are **structural** — derived from the existing `estimateTokens(bytes, kind)` heuristic in `scanners/lib/active-config-reader.mjs:29-39`. They are intentionally conservative until Topic 3 (token-cost model) research is complete. When -Topic 3 lands, severities for patterns 1–3 will be re-tuned and pattern 4 -may gain a measurable threshold. +Topic 3 lands, severities for patterns 1–3 will be re-tuned. The `estimateTokens` heuristic uses ~4 bytes per token for markdown content, which is conservative but unverified against an authoritative tokenizer.