From 25ca6139b47bd532bffcf8891eda451950ea0e54 Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Fri, 1 May 2026 06:53:12 +0200 Subject: [PATCH] feat(config-audit): TOK flags CLAUDE.md cascade > 10k tokens (v5 M4) [skip-docs] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - New Pattern E in TOK: emits medium finding when activeConfig.claudeMd.estimatedTokens > 10_000 - Uses cascade tokens, file count, and calibration note as evidence - New fixtures: large-cascade (37k bytes / 14475 cascade tokens) + small-cascade (5k baseline) 572 → 574 tests, all green. --- .../config-audit/scanners/token-hotspots.mjs | 27 + .../tests/fixtures/large-cascade/CLAUDE.md | 1024 +++++++++++++++++ .../tests/fixtures/small-cascade/CLAUDE.md | 5 + .../tests/scanners/token-hotspots.test.mjs | 17 + 4 files changed, 1073 insertions(+) create mode 100644 plugins/config-audit/tests/fixtures/large-cascade/CLAUDE.md create mode 100644 plugins/config-audit/tests/fixtures/small-cascade/CLAUDE.md diff --git a/plugins/config-audit/scanners/token-hotspots.mjs b/plugins/config-audit/scanners/token-hotspots.mjs index b24b221..889378b 100644 --- a/plugins/config-audit/scanners/token-hotspots.mjs +++ b/plugins/config-audit/scanners/token-hotspots.mjs @@ -44,6 +44,10 @@ const VOLATILE_PATTERNS = [ const MAX_IMPORT_DEPTH = 2; +// v5 M4: cascades above this contribute >10k tokens to every turn even before +// any tool description loads. Heuristic for "context budget under pressure". +const CASCADE_TOKEN_THRESHOLD = 10_000; + const HOTSPOTS_MAX = 10; // v5 F7: shared evidence note appended to every TOK pattern finding. @@ -330,6 +334,29 @@ export async function scan(targetPath, discovery) { } } + // ── Pattern E: CLAUDE.md cascade > CASCADE_TOKEN_THRESHOLD (v5 M4) ── + if (activeConfig?.claudeMd?.estimatedTokens > CASCADE_TOKEN_THRESHOLD) { + const cascadeTokens = activeConfig.claudeMd.estimatedTokens; + const fileCount = activeConfig.claudeMd.files?.length ?? 0; + findings.push(finding({ + scanner: SCANNER, + severity: SEVERITY.medium, + title: 'CLAUDE.md cascade exceeds 10k tokens per turn', + description: + `The active CLAUDE.md cascade for this repo (${fileCount} files: managed + user + ` + + `ancestors + project + @imports) totals ~${cascadeTokens} tokens. Every turn loads this ` + + 'whole prefix; budget pressure compounds with tool schemas and MCP servers.', + file: activeConfig.claudeMd.files?.find(f => f.scope === 'project')?.path || null, + evidence: + `cascade_tokens=${cascadeTokens}; threshold=${CASCADE_TOKEN_THRESHOLD}; ` + + `files=${fileCount} — ${CALIBRATION_NOTE}`, + recommendation: + 'Trim the user/project CLAUDE.md, push reference material into @imports that load ' + + 'on-demand, or move long sections to skills. Aim for <10k tokens in the cascade.', + category: 'token-efficiency', + })); + } + // ── Hotspots ranking ── const hotspots = await buildHotspots(discovery, targetPath, activeConfig); diff --git a/plugins/config-audit/tests/fixtures/large-cascade/CLAUDE.md b/plugins/config-audit/tests/fixtures/large-cascade/CLAUDE.md new file mode 100644 index 0000000..782c6e5 --- /dev/null +++ b/plugins/config-audit/tests/fixtures/large-cascade/CLAUDE.md @@ -0,0 +1,1024 @@ +# Large Cascade Fixture + +Designed to trip CA-TOK CLAUDE.md cascade > 10k tokens. + +## Section 1 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 2 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 3 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 4 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 5 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 6 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 7 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 8 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 9 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 10 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 11 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 12 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 13 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 14 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 15 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 16 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 17 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 18 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 19 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 20 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 21 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 22 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 23 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 24 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 25 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 26 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 27 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 28 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 29 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 30 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 31 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 32 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 33 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 34 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 35 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 36 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 37 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 38 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 39 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 40 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 41 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 42 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 43 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 44 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 45 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 46 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 47 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 48 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 49 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 50 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 51 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 52 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 53 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 54 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 55 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 56 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 57 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 58 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 59 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + +## Section 60 + +Filler content for the large-cascade fixture. This file exists to push the +CLAUDE.md cascade above the 10k token threshold so the TOK scanner emits +CA-TOK-NNN "cascade total too large" findings. Each section repeats with +plausible technical prose so static scanners do not collapse it. + +- Convention bullet one +- Convention bullet two +- Convention bullet three +- Convention bullet four +- Convention bullet five + +Paragraph of naturalistic project guidance describing patterns the scanner +should treat as ordinary content. Tokens budgeted via four bytes per token +heuristic; this block is roughly 600 bytes. + diff --git a/plugins/config-audit/tests/fixtures/small-cascade/CLAUDE.md b/plugins/config-audit/tests/fixtures/small-cascade/CLAUDE.md new file mode 100644 index 0000000..43d0eef --- /dev/null +++ b/plugins/config-audit/tests/fixtures/small-cascade/CLAUDE.md @@ -0,0 +1,5 @@ +# Small Cascade Fixture + +Minimal CLAUDE.md so the cascade stays below the 10k token threshold even +when added to the ambient user/project cascade picked up by readActiveConfig. + diff --git a/plugins/config-audit/tests/scanners/token-hotspots.test.mjs b/plugins/config-audit/tests/scanners/token-hotspots.test.mjs index 12e7e3f..77087b8 100644 --- a/plugins/config-audit/tests/scanners/token-hotspots.test.mjs +++ b/plugins/config-audit/tests/scanners/token-hotspots.test.mjs @@ -189,6 +189,23 @@ describe('TOK scanner — hotspots contract', () => { }); }); +describe('TOK scanner — M4 cascade > 10k tokens (v5)', () => { + it('flags CLAUDE.md cascade > 10k tokens with medium severity', async () => { + const result = await runScanner('large-cascade'); + const f = result.findings.find(x => /cascade/i.test(x.title || '')); + assert.ok(f, `expected cascade finding; got: ${result.findings.map(x => x.title).join(' | ')}`); + assert.equal(f.severity, 'medium', `expected medium, got ${f.severity}`); + assert.match(f.title, /CLAUDE\.md cascade/i); + }); + + it('does NOT flag small cascade (< 10k tokens)', async () => { + const result = await runScanner('small-cascade'); + const f = result.findings.find(x => /cascade/i.test(x.title || '')); + assert.equal(f, undefined, + `expected no cascade finding for small fixture; got: ${f?.title}`); + }); +}); + describe('TOK scanner — F7 severity recalibration (v5)', () => { // Findings identified by title pattern, not finding ID — TOK IDs are // sequential per scan run, not semantic per pattern (output.mjs:31).