@bookedsolid/rea 0.46.0 → 0.48.0

package/dist/cli/audit-timeline.js

@@ -165,6 +165,107 @@ function alignToBucket(epochMs, bucketSeconds) {
     const bucketMs = bucketSeconds * 1000;
     return Math.floor(epochMs / bucketMs) * bucketMs;
 }
+/**
+ * Format a duration in seconds as the coarsest single-unit compact
+ * string that round-trips through `parseDurationSeconds`. Mirrors the
+ * shape `--since` accepts (`s`/`m`/`h`/`d`/`w`).
+ *
+ * 0.47.0 charter item 1: powers the helpful-error suggestion + the
+ * auto-clamp `clamped_since` field. The largest-unit pass keeps the
+ * suggestion readable — `"21d"` not `"1814400s"`.
+ */
+export function formatDurationCompact(seconds) {
+    if (!Number.isFinite(seconds) || seconds <= 0)
+        return '0s';
+    const units = [
+        ['w', 60 * 60 * 24 * 7],
+        ['d', 60 * 60 * 24],
+        ['h', 60 * 60],
+        ['m', 60],
+        ['s', 1],
+    ];
+    for (const [unit, factor] of units) {
+        if (seconds % factor === 0) {
+            return `${String(seconds / factor)}${unit}`;
+        }
+    }
+    return `${String(seconds)}s`;
+}
+/**
+ * 0.47.0 charter item 1: build a helpful error message for the
+ * MAX_BUCKETS guard. Computes a concrete "use --bucket=X" and
+ * "use --since=Y" suggestion based on the actual inputs, so the
+ * operator sees the next step inline instead of having to do the
+ * division themselves.
+ *
+ * Strategy:
+ *   - "Try a wider bucket" — smallest unit from {1h, 4h, 1d, 1w} that
+ *     brings projected ≤ MAX_BUCKETS. Falls back to a concrete second
+ *     count if no unit fits (extreme `--since`).
+ *   - "Try a narrower since" — largest multiple of the requested bucket
+ *     that fits under MAX_BUCKETS, rendered compactly.
+ *
+ * The error text always includes the substrings `bucket=`, `since=`,
+ * and `Try` so test assertions can pin the shape.
+ */
+function bucketOverflowMessage(windowSeconds, bucketSeconds, rawBucket, rawSince, sinceImplicit) {
+    const projected = Math.ceil(windowSeconds / bucketSeconds);
+    // Candidate wider buckets, in ascending size — pick the first that fits.
+    const allCandidates = [
+        ['1h', 60 * 60],
+        ['4h', 4 * 60 * 60],
+        ['1d', 60 * 60 * 24],
+        ['1w', 60 * 60 * 24 * 7],
+    ];
+    const widerCandidates = allCandidates.filter((entry) => entry[1] > bucketSeconds);
+    let bucketSuggestion = null;
+    let bucketSuggestionCount = null;
+    for (const [label, secs] of widerCandidates) {
+        // Account for alignment slack: a window of N seconds at bucket
+        // size S emits up to `ceil(N/S) + 1` buckets after alignment
+        // (lower-edge + upper-edge alignment can each contribute one
+        // extra bucket vs the naive division). Codex round-4 P2 (0.47.0):
+        // suggesting a bucket where `ceil(N/S) === MAX_BUCKETS` would
+        // still re-throw at the post-alignment guard. Use the +1
+        // worst-case so the operator's retry actually succeeds.
+        const cnt = Math.ceil(windowSeconds / secs) + 1;
+        if (cnt <= MAX_BUCKETS) {
+            bucketSuggestion = label;
+            bucketSuggestionCount = cnt;
+            break;
+        }
+    }
+    // Largest --since that fits at the requested bucket size, rendered
+    // compactly. Subtract one bucket so the suggested value survives the
+    // post-alignment guard regardless of where `now` falls on the
+    // bucket lattice — codex round-1 P2 (0.47.0): a window of exactly
+    // `MAX_BUCKETS * bucketSeconds` aligns to MAX_BUCKETS+1 buckets in
+    // the common case (`now` not already on a boundary), so the
+    // operator pasting our suggestion would hit the same error they
+    // just got. `(MAX_BUCKETS - 1) * bucketSeconds` leaves alignment
+    // slack on either edge.
+    const fittingSinceSeconds = (MAX_BUCKETS - 1) * bucketSeconds;
+    const sinceSuggestion = formatDurationCompact(fittingSinceSeconds);
+    const sinceSuggestionCount = Math.floor(fittingSinceSeconds / bucketSeconds);
+    const parts = [];
+    const reason = sinceImplicit
+        ? `--since not specified; defaulting to full audit log (${rawSince}) at --bucket=${rawBucket} = ${String(projected)} buckets exceeds MAX_BUCKETS=${String(MAX_BUCKETS)}.`
+        : `--bucket=${rawBucket} × --since=${rawSince} = ${String(projected)} buckets exceeds MAX_BUCKETS=${String(MAX_BUCKETS)}.`;
+    parts.push(reason);
+    const suggestions = [];
+    if (bucketSuggestion !== null && bucketSuggestionCount !== null) {
+        suggestions.push(`--bucket=${bucketSuggestion} (${String(bucketSuggestionCount)} buckets)`);
+    }
+    suggestions.push(`--since=${sinceSuggestion} (${String(sinceSuggestionCount)} buckets)`);
+    parts.push(`Try ${suggestions.join(' or ')}.`);
+    return parts.join(' ');
+}
+// 0.47.0 round-3 (codex P1+P2): the pre-scan `measureLogBounds`
+// helper was removed. The all-time auto-clamp now runs as a
+// post-scan recovery against observed bucket keys (the only data
+// that can't be fooled by caller-supplied timestamps or empty
+// current-file edge cases). See the "post-scan auto-clamp" branch
+// inside `computeAuditTimeline`.
 /**
  * Compute the bucketed timeline. Pure (read-only). Throws
  * `AuditTimelineOptionError` on bad `--since` / `--bucket`; throws on
@@ -181,6 +282,7 @@ export async function computeAuditTimeline(options = {}) {
     let windowSeconds = null;
     let windowStart = null;
     let windowEnd = null;
+    let clampedSince = null;
     if (options.since !== undefined && options.since.length > 0) {
         try {
             windowSeconds = parseDurationSeconds(options.since);
@@ -194,16 +296,28 @@ export async function computeAuditTimeline(options = {}) {
         windowEnd = now;
         windowStart = new Date(now.getTime() - windowSeconds * 1000);
         // Guard against runaway bucket counts under a wide --since with a
-        // tiny --bucket. A simple ceiling is cheaper than rendering 100k
-        // empty rows and gives the operator a clear remediation path.
+        // tiny --bucket. 0.47.0 charter item 1: deliver a concrete-suggestion
+        // error rather than the prior "use a larger --bucket or narrower
+        // --since" generic line — the operator should see the next step
+        // inline.
         const projected = Math.ceil(windowSeconds / bucketSeconds);
         if (projected > MAX_BUCKETS) {
-            throw new AuditTimelineOptionError(`--bucket=${bucketRaw} with --since=${options.since} would emit ` +
-                `${String(projected)} buckets (max ${String(MAX_BUCKETS)}). ` +
-                `Use a larger --bucket or narrower --since.`);
+            throw new AuditTimelineOptionError(bucketOverflowMessage(windowSeconds, bucketSeconds, bucketRaw, options.since, false));
         }
     }
     const files = await resolveTimelineFileWalk(baseDir);
+    // 0.47.0 charter item 2: auto-clamp on long-history repos is
+    // implemented as a POST-SCAN recovery, not a pre-scan guess. Codex
+    // round-3 P1: a pre-scan clamp based on `latestMs - earliestMs`
+    // span is wrong for the no-`--since` path, which normally emits
+    // ONLY event-bearing buckets. A sparse long-lived repo (two
+    // records a year apart at `--bucket=1h`) has a 365d span but a
+    // 2-bucket result — pre-clamping would incorrectly drop one of
+    // those events. We must let the scan see what bucket count the
+    // actual records produce, then clamp only if that exceeds
+    // MAX_BUCKETS. The clamp anchor uses the busiest in-data range
+    // (max observed timestamp + alignment buffer), so we never have
+    // to guess from disk metadata. See the post-scan branch below.
     // Bucket key is the aligned epoch-ms boundary; value is the count.
     const buckets = new Map();
     let totalEvents = 0;
@@ -275,8 +389,19 @@ export async function computeAuditTimeline(options = {}) {
         // the renderer.
         const emit = Math.floor((endKey - startKey) / stepMs) + 1;
         if (emit > MAX_BUCKETS) {
-            throw new AuditTimelineOptionError(`--bucket / --since would emit ${String(emit)} buckets after alignment ` +
-                `(max ${String(MAX_BUCKETS)}). Use a larger --bucket or narrower --since.`);
+            // Post-alignment overflow is a near-miss vs the pre-scan
+            // projection check (alignment can add at most one bucket on
+            // either edge). Codex round-6 P3 (0.47.0): the helpful-error
+            // builder previously recomputed the projected count from
+            // `windowSeconds` and could end up saying "= 2000 buckets
+            // exceeds MAX_BUCKETS=2000" when the actual post-alignment
+            // count was 2001. Inflate `windowSeconds` by enough to make
+            // the projection match the actual aligned emit count — that
+            // way the operator sees a consistent number, and the
+            // remediation suggestions inherit the same +1 bias.
+            const effectiveSince = clampedSince ?? (options.since ?? formatDurationCompact(windowSeconds ?? 0));
+            const reportedSeconds = Math.max(windowSeconds ?? 0, (emit - 1) * bucketSeconds + 1);
+            throw new AuditTimelineOptionError(bucketOverflowMessage(reportedSeconds, bucketSeconds, bucketRaw, effectiveSince, options.since === undefined || options.since.length === 0));
         }
         for (let k = startKey; k <= endKey; k += stepMs) {
             result.push({
@@ -288,20 +413,107 @@ export async function computeAuditTimeline(options = {}) {
     }
     else if (buckets.size > 0) {
         const keys = Array.from(buckets.keys()).sort((a, b) => a - b);
+        const stepMs = bucketSeconds * 1000;
         if (keys.length > MAX_BUCKETS) {
-            // Without --since the operator hasn't asked for a fixed shape,
-            // but a runaway result still needs a guard. Refuse rather than
-            // truncate silently.
-            throw new AuditTimelineOptionError(`Without --since, the audit log spans ${String(keys.length)} ${bucketRaw} buckets ` +
-                `(max ${String(MAX_BUCKETS)}). Pass --since to scope, or use a larger --bucket.`);
+            // 0.47.0 charter item 2 (post-scan auto-clamp): the actual
+            // observed bucket count exceeds MAX_BUCKETS. The no-`--since`
+            // path emits only event-bearing buckets (not a zero-filled
+            // lattice), so clamping by a contiguous time window would
+            // discard most of the newest activity on SPARSE logs (codex
+            // round-5 P1: e.g. one record/day across 2001 days at
+            // --bucket=1h, a time-window clamp keeps ~83 buckets — the
+            // newest-2000-keys clamp keeps all 2000 newest event-bearing
+            // buckets). The right shape: slice the keys array to the newest
+            // MAX_BUCKETS entries directly.
+            //
+            // Codex round-3 P1: clamp on OBSERVED data, not guessed span.
+            // Codex round-3 P2: observed-max timestamp sidesteps both the
+            // empty-current-file case and the out-of-order-timestamp case.
+            // Codex round-4 P2: full MAX_BUCKETS budget (the +1 alignment
+            // slack doesn't apply when cherry-picking from observed keys).
+            const fittingBuckets = MAX_BUCKETS;
+            const kept = keys.slice(keys.length - fittingBuckets);
+            const startKey = kept[0];
+            const anchorKey = kept[kept.length - 1];
+            // Determine whether the kept buckets form a CONTIGUOUS lattice
+            // (every bucket between startKey and anchorKey is present) or a
+            // SPARSE one (gaps inside). The no-`--since` path emits only
+            // event-bearing buckets, so a sparse clamp is the common case.
+            // Codex round-6 P2 (0.47.0): if we filled `window.start/end/
+            // seconds` with the bucket span of a sparse clamp, the JSON
+            // would lie to dashboard consumers — `total_events / window.
+            // seconds` would derive a wildly-wrong rate, and the operator
+            // could NOT reproduce the view by re-running with
+            // `--since=<clamped_since>` (it would either error or include
+            // far more buckets). Treat the two shapes distinctly:
+            //   - contiguous: report the time-window shape (operator can
+            //     paste `--since=<clamped_since>` to reproduce).
+            //   - sparse: leave `window` null (no reproducible duration
+            //     exists), but still report `clamped_since` so callers
+            //     know the kept-bucket count was budgeted.
+            const expectedContiguousCount = Math.floor((anchorKey - startKey) / stepMs) + 1;
+            const isContiguous = expectedContiguousCount === kept.length;
+            // 0.47.0 charter item 2: `clamped_since` is ALWAYS a duration
+            // string (per the charter `clamped_since: "<DUR>"` contract).
+            // It carries the approximate time span the rendered window
+            // covers — informative, not necessarily paste-back-safe.
+            //
+            // Codex round-8 P2 (0.47.0): on stale logs (latest record
+            // hours/days ago) `--since=<DUR>` would NOT reproduce the
+            // returned data because `--since` always anchors on `now`,
+            // not on the audit's latest record. The reproducibility
+            // promise we entertained briefly across rounds 7-8 is
+            // inherently unsound — `--since` semantics fix one side of
+            // the window (now), so any clamp anchored at an older
+            // timestamp can't round-trip through it. The `note:` line in
+            // human output now describes the field as APPROXIMATE
+            // rather than pasteable.
+            //
+            // Codex round-8 P2 (0.47.0): the sparse-clamp branch
+            // previously emitted `"newest 2000 buckets"` for clarity, but
+            // that broke the documented `<DUR>` shape — dashboards trying
+            // to parse it as a duration would fail only on sparse logs.
+            // Both branches now emit a duration string; the human note
+            // adds the "sparse" qualifier so operators understand what
+            // they're looking at.
+            const spanSeconds = Math.max(bucketSeconds, Math.ceil((anchorKey - startKey) / 1000) + bucketSeconds);
+            clampedSince = formatDurationCompact(spanSeconds);
+            // For contiguous clamps, also fill window.* so consumers can
+            // compute rates against a real duration. For sparse clamps,
+            // window.* stays null — `total_events / window.seconds` would
+            // be meaningless when the kept buckets don't form a contiguous
+            // lattice.
+            if (isContiguous) {
+                windowSeconds = spanSeconds;
+                windowEnd = new Date(anchorKey + stepMs);
+                windowStart = new Date(startKey);
+            }
+            // Track the contiguous-vs-sparse shape so the renderer can
+            // surface the right note.
+            void expectedContiguousCount; // used above via isContiguous
+            // Emit each kept bucket. total_events under the post-scan clamp
+            // path counts only what the rendered buckets contain — older
+            // sliced-out buckets contribute nothing to the report.
+            let inWindow = 0;
+            for (const k of kept) {
+                const cnt = buckets.get(k) ?? 0;
+                result.push({
+                    start: new Date(k).toISOString(),
+                    end: new Date(k + stepMs).toISOString(),
+                    count: cnt,
+                });
+                inWindow += cnt;
+            }
+            totalEvents = inWindow;
         }
-        const stepMs = bucketSeconds * 1000;
-        for (const k of keys) {
-            result.push({
-                start: new Date(k).toISOString(),
-                end: new Date(k + stepMs).toISOString(),
-                count: buckets.get(k) ?? 0,
-            });
+        else {
+            for (const k of keys) {
+                result.push({
+                    start: new Date(k).toISOString(),
+                    end: new Date(k + stepMs).toISOString(),
+                    count: buckets.get(k) ?? 0,
+                });
+            }
         }
     }
     // Peak index. -1 when no events at all (every bucket is 0 or the
@@ -329,6 +541,7 @@ export async function computeAuditTimeline(options = {}) {
         total_events: totalEvents,
         peak_index: peakIndex,
         files_scanned: filesScanned,
+        clamped_since: clampedSince,
     };
 }
 /**
@@ -381,10 +594,39 @@ function formatWindowLabel(seconds) {
  */
 export function renderAuditTimeline(result) {
     const lines = [];
-    const windowLabel = formatWindowLabel(result.window.seconds);
+    // Codex round-9 P2 (0.47.0): when auto-clamp fires, the regular
+    // `last <DUR>` header (derived from `window.seconds`) is wrong —
+    // contiguous stale logs would print "last 1d" even though the
+    // newest event was days ago, and sparse clamps would fall back
+    // to "all time". Use a clamp-aware header that describes the
+    // returned shape instead.
     const cadenceLabel = bucketLabel(result.bucket.seconds, result.bucket.raw);
+    let windowLabel;
+    if (result.clamped_since !== null) {
+        windowLabel = `clamped to ~${result.clamped_since} of newest activity`;
+    }
+    else {
+        windowLabel = formatWindowLabel(result.window.seconds);
+    }
     lines.push(`rea audit timeline (${windowLabel}, ${cadenceLabel})`);
     lines.push('─'.repeat(40));
+    // 0.47.0 charter item 2: surface the auto-clamp inline. Operators
+    // scanning the rendered output should immediately see that the
+    // window they got isn't the full audit log. Codex round-8 P2
+    // (0.47.0): `clamped_since` is informational, not reproducible —
+    // `--since=DUR` anchors at `now`, so a clamp anchored at an older
+    // record can't round-trip. Codex round-9 P3 (0.47.0): only a
+    // WIDER `--bucket` actually changes the result — pinning the same
+    // bucket would just re-trigger the clamp. The remediation
+    // suggestion names "wider" explicitly to avoid sending operators
+    // down a no-op retry path.
+    if (result.clamped_since !== null) {
+        lines.push(`note: --since not specified; auto-clamped to newest ${String(MAX_BUCKETS)} buckets ` +
+            `(~${result.clamped_since} span at --bucket=${result.bucket.raw}). ` +
+            `Pass --since=DUR to anchor at now, or rerun with a WIDER --bucket ` +
+            `(current ${result.bucket.raw}) to fit the full log.`);
+        lines.push('');
+    }
     // Codex round-1 P2 (0.46.0): the zero-events case has two distinct
     // shapes and the renderer must NOT collapse them.
     //

package/dist/cli/audit-top-blocks.d.ts

@@ -0,0 +1,154 @@
+/**
+ * `rea audit top-blocks [--since=DUR] [--limit=N] [--json]` — 0.47.0
+ * charter item 3.
+ *
+ * Surface the most recent refusal events from the audit log. Designed
+ * for the question "why was that refused?" — operators see the latest
+ * blocks at a glance with enough context (timestamp, tool, reason) to
+ * grep the offending Bash/Edit/Write call site or fix the policy that
+ * tripped the gate.
+ *
+ * A "refusal" in the rea audit schema is any record whose
+ * `InvocationStatus` is NOT `Allowed` — that's `Denied` (policy
+ * refused) OR `Error` (middleware exception or downstream failure).
+ * Both are interesting to operators debugging "why didn't this run".
+ *
+ * # Walk scope
+ *
+ * Mirrors `audit summary` / `audit by-tool` / `audit timeline`: the
+ * current `.rea/audit.jsonl` PLUS every rotated `audit-…jsonl` segment
+ * is walked regardless of `--since` (the per-record timestamp filter
+ * inside the main loop decides what counts). Rotated filename stamps
+ * mark the rotation INSTANT, not the earliest record contained
+ * (0.41.0 round-3 P2 / 0.42.0 charter item 3) — pruning by filename
+ * would silently drop in-window records from conservatively-rotated
+ * logs. Walking every segment is the only sound shape.
+ *
+ * # Output (default)
+ *
+ *     rea audit top-blocks (last 24h, limit 20)
+ *     ─────────────────────────────────────────
+ *     a1b2c3d4  2026-05-17T12:34:56.789Z  Bash    rm -rf bypass attempted (...)
+ *     deadbeef  2026-05-17T11:20:01.123Z  Write   blocked-path .env write
+ *     …
+ *     total: 4 refusal events in window
+ *     files scanned: 2
+ *
+ * # JSON output
+ *
+ *     {
+ *       "schema_version": 1,
+ *       "since": "24h",
+ *       "limit": 20,
+ *       "window": { "seconds": 86400, "start": "...", "end": "..." },
+ *       "total_matched": 4,
+ *       "events": [
+ *         { "hash": "a1b2c3d4...", "timestamp": "...", "tool": "Bash",
+ *           "status": "denied", "reason": "rm -rf bypass attempted (...)" },
+ *         …
+ *       ],
+ *       "files_scanned": ["/abs/path/.rea/audit.jsonl"]
+ *     }
+ *
+ * `total_matched` is the pre-limit count so dashboards can show "20 of
+ * 47 refusals in window". `events` is sorted newest-first and capped at
+ * `limit`.
+ */
+import type { Command } from 'commander';
+export declare const AUDIT_TOP_BLOCKS_SCHEMA_VERSION = 1;
+/** Default `--limit` value. 20 fits a debugging session's eyeballable window. */
+export declare const DEFAULT_LIMIT = 20;
+/**
+ * Hard ceiling on `--limit`. Refusal events are typically a small slice
+ * of total traffic, but a 1000 cap keeps the renderer / JSON output
+ * bounded under a runaway misconfiguration that's denying everything.
+ */
+export declare const MAX_LIMIT = 1000;
+/**
+ * Thrown when `--limit` is outside [1, MAX_LIMIT] or `--since` fails to
+ * parse. The commander wrapper catches and exits 1. Distinct from
+ * `AuditByToolOptionError` / `AuditTimelineOptionError` so the
+ * caller-facing message names the right flag.
+ */
+export declare class AuditTopBlocksOptionError extends Error {
+    constructor(message: string);
+}
+export interface AuditTopBlocksEvent {
+    /** Full sha256 hash from the audit record — stable cross-tool ID. */
+    hash: string;
+    /** Raw ISO-8601 timestamp from the record. */
+    timestamp: string;
+    /** Tool name as recorded; `(unknown)` for missing/empty. */
+    tool: string;
+    /** Raw `status` value (`denied` / `error`). */
+    status: string;
+    /**
+     * Best-effort human-readable reason. Sourced from the record's
+     * `error` field when present, else a synthesized "<status>: <tool>"
+     * fallback so the row carries SOMETHING informative even when the
+     * middleware didn't attach an error message.
+     */
+    reason: string;
+    /** Session ID from the record; useful for cross-referencing. */
+    session_id: string;
+}
+export interface AuditTopBlocksResult {
+    schema_version: typeof AUDIT_TOP_BLOCKS_SCHEMA_VERSION;
+    /** Raw `--since` value as passed by the caller (`null` when omitted). */
+    since: string | null;
+    /** Resolved `--limit` actually used. */
+    limit: number;
+    window: {
+        seconds: number | null;
+        start: string | null;
+        end: string | null;
+    };
+    /** Pre-limit count of refusal records in window. */
+    total_matched: number;
+    /** Sorted newest-first; capped at `limit`. */
+    events: AuditTopBlocksEvent[];
+    /** Absolute paths of audit files actually read. */
+    files_scanned: string[];
+}
+export interface ComputeAuditTopBlocksOptions {
+    /** Override CWD. Tests set this; production uses `process.cwd()`. */
+    baseDir?: string;
+    /** Raw `--since` value (e.g. `24h`, `7d`). Parsed via parseDuration. */
+    since?: string;
+    /** Raw `--limit` value. Default `DEFAULT_LIMIT`. */
+    limit?: number;
+    /** Test seam — pin "now" for deterministic window calculations. */
+    now?: Date;
+}
+/**
+ * Compute the top-blocks list. Pure (read-only). Throws
+ * `AuditTopBlocksOptionError` on bad `--since` / `--limit`.
+ */
+export declare function computeAuditTopBlocks(options?: ComputeAuditTopBlocksOptions): Promise<AuditTopBlocksResult>;
+/**
+ * Render the result as a human-readable terminal block. JSON callers
+ * bypass this; the rendering is intentionally minimal — a fixed-column
+ * table that scans cleanly in a typical terminal.
+ */
+export declare function renderAuditTopBlocks(result: AuditTopBlocksResult): string;
+export interface RunAuditTopBlocksOptions {
+    since?: string;
+    limit?: number;
+    json?: boolean;
+    /** Test seam — pin "now". */
+    now?: Date;
+}
+/** Commander entrypoint. */
+export declare function runAuditTopBlocks(options: RunAuditTopBlocksOptions): Promise<void>;
+/**
+ * Strict integer parser for the commander `--limit <n>` option.
+ *
+ * Mirrors the `parseTopOption` discipline in `audit-by-tool.ts`:
+ * reject anything that isn't a bare integer so `Number.parseInt`
+ * can't silently truncate (`1.5` → `1`, `10abc` → `10`).
+ */
+export declare function parseLimitOption(raw: string): number;
+/**
+ * Register `rea audit top-blocks` under the `audit` command group.
+ */
+export declare function registerAuditTopBlocksCommand(auditCommand: Command): void;