@zhixuan92/multi-model-agent-core 3.10.4 → 3.10.6

package/dist/intake/resolve.js

@@ -1,25 +1,16 @@
 import { DEFAULT_TASK_TIMEOUT_MS } from '../config/schema.js';
-// 3.8.1 worker contract: each finding object has fields {id, severity, claim, evidence, suggestion?}.
-// `evidence` is REQUIRED and must be ≥20 chars — embed file:line as prose plus a
-// one-sentence explanation of what the cited code shows. Reviewer-emitted fields
-// (reviewerConfidence, reviewerSeverity) are added in the annotation pass; the
-// worker MUST NOT include them.
-const FINDINGS_BASE = [
-    'Your output MUST include a single ```json fenced code block containing a `findings[]` array.',
-    'Each finding object has these fields:',
-    '- `id` (string, unique within the array)',
-    '- `severity` (\'high\' | \'medium\' | \'low\')',
-    '- `claim` (string, what is wrong / what is true)',
-    '- `evidence` (string, REQUIRED, at least 20 characters): embed `file:line` as prose plus a one-sentence explanation of what the cited code or text actually shows. For project-level findings, describe what was searched/checked instead.',
-    '- `suggestion?` (string, optional): a fix, follow-up step, or recommendation',
-].join('\n');
+/**
+ * Worker output contract per route.
+ *
+ * The 5 read-only routes (audit / review / verify / debug / investigate) no
+ * longer carry a structured-output contract — the quality reviewer extracts
+ * findings from the worker's free-form narrative in one pass. See
+ * packages/core/src/review/quality-only-prompts.ts.
+ *
+ * The artifact route `execute_plan` keeps its narrative contract.
+ */
 export const OUTPUT_CONTRACT_CLAUSES = {
-    review_code: `${FINDINGS_BASE}\nEach finding should describe a code-level concern (correctness, security, performance, style as applicable to the focus). Embed the file:line in evidence; the reader will jump to the source from your prose.`,
-    debug_task: `${FINDINGS_BASE}\nUse hypothesis-driven debugging: each finding should identify a root cause and propose a fix in \`suggestion\`. Evidence should quote the relevant trace, log line, or code path.`,
-    verify_work: `${FINDINGS_BASE}\nMap each checklist item from the brief to a finding: pass (low severity, evidence shows the criterion was met) or fail (high/medium severity, evidence shows what is missing). One finding per checklist item.`,
-    audit_document: `${FINDINGS_BASE}\nEach finding should describe an issue discovered in the audited document. Severity reflects impact if the issue stands.`,
     execute_plan: 'Implement the task fully. Report: which task heading you matched, what files were created or modified, and any issues encountered. If no unique matching task was found, report that explicitly and do not implement anything.',
-    investigate_codebase: `${FINDINGS_BASE}\nFor an investigation, \`suggestion\` is optional and may be a follow-up question or angle to explore rather than a code fix. Evidence may be a file:line citation or a description of what was searched (e.g., "Searched src/middleware/, src/auth/ — no auth middleware found").`,
 };
 export const ROUTE_DEFAULTS = {
     delegate_tasks: {},

package/dist/intake/resolve.js.map

@@ -1 +1 @@
-{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../src/intake/resolve.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAE9D,sGAAsG;AACtG,iFAAiF;AACjF,iFAAiF;AACjF,+EAA+E;AAC/E,gCAAgC;AAChC,MAAM,aAAa,GAAG;IACpB,8FAA8F;IAC9F,uCAAuC;IACvC,0CAA0C;IAC1C,gDAAgD;IAChD,kDAAkD;IAClD,4OAA4O;IAC5O,8EAA8E;CAC/E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEb,MAAM,CAAC,MAAM,uBAAuB,GAAyC;IAC3E,WAAW,EAAE,GAAG,aAAa,kNAAkN;IAC/O,UAAU,EAAE,GAAG,aAAa,qLAAqL;IACjN,WAAW,EAAE,GAAG,aAAa,kNAAkN;IAC/O,cAAc,EAAE,GAAG,aAAa,2HAA2H;IAC3J,YAAY,EAAE,gOAAgO;IAC9O,oBAAoB,EAAE,GAAG,aAAa,qRAAqR;CAC5T,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAA2C;IACpE,cAAc,EAAE,EAAE;IAClB,WAAW,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACnE,UAAU,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IAClE,WAAW,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACnE,cAAc,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACtE,YAAY,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE;IAC7D,oBAAoB,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;CAC7E,CAAC;AAEF,MAAM,UAAU,YAAY,CAC1B,KAAgB,EAChB,MAAwB;IAExB,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEzD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,SAAS,IAAI,UAAU,CAAC;IAE3E,MAAM,cAAc,GAAG,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,cAAc,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC;QACrE,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,OAAO,cAAc,EAAE;QACxC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;IAEjB,OAAO;QACL,MAAM;QACN,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,SAAmC;QAC9C,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,aAAa,CAAC,YAAY;QAC9D,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,MAAM;QACvC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,IAAI,uBAAuB;QAChE,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QAC7C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,aAAa,IAAI,UAAU;QAC3D,kBAAkB,EAAE,KAAK;QACzB,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;QAClB,uBAAuB,EAAE,KAAK,CAAC,uBAAuB;KACvD,CAAC;AACJ,CAAC"}
+{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../src/intake/resolve.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAE9D;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAyC;IAC3E,YAAY,EAAE,gOAAgO;CAC/O,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAA2C;IACpE,cAAc,EAAE,EAAE;IAClB,WAAW,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACnE,UAAU,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IAClE,WAAW,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACnE,cAAc,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;IACtE,YAAY,EAAE,EAAE,SAAS,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,EAAE;IAC7D,oBAAoB,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,cAAc,EAAE;CAC7E,CAAC;AAEF,MAAM,UAAU,YAAY,CAC1B,KAAgB,EAChB,MAAwB;IAExB,MAAM,aAAa,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEzD,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,aAAa,CAAC,SAAS,IAAI,UAAU,CAAC;IAE3E,MAAM,cAAc,GAAG,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,MAAM,MAAM,GAAG,cAAc,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC;QACrE,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,OAAO,cAAc,EAAE;QACxC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC;IAEjB,OAAO;QACL,MAAM;QACN,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,SAAmC;QAC9C,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,aAAa,CAAC,YAAY;QAC9D,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,MAAM;QACvC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,IAAI,uBAAuB;QAChE,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,UAAU,IAAI,EAAE;QAC7C,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,aAAa,IAAI,UAAU;QAC3D,kBAAkB,EAAE,KAAK;QACzB,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;QAClB,uBAAuB,EAAE,KAAK,CAAC,uBAAuB;KACvD,CAAC;AACJ,CAAC"}

package/dist/review/fallback-extraction.d.ts

@@ -0,0 +1,17 @@
+import { type AnnotatedFinding } from '../executors/_shared/findings-schema.js';
+/**
+ * Deterministic regex extractor — runs when the LLM reviewer's JSON output
+ * fails parse twice. Synthesizes AnnotatedFinding[] so telemetry always has
+ * something to count.
+ *
+ * Confidence is null. Ids are always sequential `F${i+1}` (never use the
+ * worker's number — duplicates would violate annotatedFindingsSchema).
+ * evidenceGrounded reflects the actual substring check on the normalized
+ * worker output.
+ *
+ * If the worker output has zero parseable numbered sections and no explicit
+ * "no findings" language, emits a single catch-all finding so downstream
+ * telemetry never sees an empty list.
+ */
+export declare function fallbackExtractFindings(workerOutput: string): AnnotatedFinding[];
+//# sourceMappingURL=fallback-extraction.d.ts.map

package/dist/review/fallback-extraction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fallback-extraction.d.ts","sourceRoot":"","sources":["../../src/review/fallback-extraction.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,gBAAgB,EACtB,MAAM,yCAAyC,CAAC;AA+FjD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,gBAAgB,EAAE,CAyChF"}

package/dist/review/fallback-extraction.js

@@ -0,0 +1,140 @@
+import { normalizeWhitespace, } from '../executors/_shared/findings-schema.js';
+/**
+ * Map a worker-emitted severity string (case-insensitive, may be "mid")
+ * to the canonical 4-tier value. Default 'medium' on unknown.
+ */
+function mapSeverity(raw) {
+    const s = raw.trim().toLowerCase();
+    if (s === 'critical')
+        return 'critical';
+    if (s === 'high')
+        return 'high';
+    if (s === 'medium' || s === 'mid')
+        return 'medium';
+    if (s === 'low')
+        return 'low';
+    return 'medium';
+}
+/**
+ * Match numbered/finding-shaped headings — broad enough to catch the most
+ * common Markdown patterns workers actually produce (Round-2 #5):
+ *   "## 1. Title"           — h2 with number
+ *   "### 2. Title"          — h3 with number
+ *   "#### 3: Title"         — h4 with number+colon
+ *   "### [4] Title"         — bracketed number
+ *   "### Finding 5 — Title" — "Finding N" form
+ *
+ * Plain `### Summary` / `### Performance Notes` are ignored on purpose
+ * so the fallback does not invent findings out of structural sections.
+ *
+ * Capture group 1 is the bracketed number (when [N] form), 2 is the bare
+ * number (otherwise). At least one is always set when this regex matches.
+ */
+const SECTION_RE = /^#{2,6}\s+(?:Finding\s+)?(?:\[(\d+)\]|(\d+))\s*[\.\:\)\-\—\–]?\s+(.+)$/gim;
+const SEVERITY_RE = /^Severity:\s*(critical|high|medium|mid|low)\s*$/gim;
+/** Single-pass section iteration (Round-1 P3). */
+function findSections(workerOutput) {
+    const sections = [];
+    SECTION_RE.lastIndex = 0;
+    let prev = null;
+    let match;
+    while ((match = SECTION_RE.exec(workerOutput)) !== null) {
+        const startIdx = match.index;
+        if (prev) {
+            sections.push({ ...prev, endIdx: startIdx });
+        }
+        // capture[1] = [N] bracketed number; capture[2] = bare number; capture[3] = title.
+        const workerNumber = match[1] ?? match[2] ?? '';
+        prev = {
+            startIdx,
+            workerNumber,
+            title: (match[3] ?? '').trim(),
+        };
+    }
+    if (prev)
+        sections.push({ ...prev, endIdx: workerOutput.length });
+    return sections;
+}
+/**
+ * Detect explicit "no findings" language so fallback returns [] instead of
+ * a synthetic catch-all when a clean codebase produces a clean narrative
+ * but the reviewer happens to fail JSON parse (Round-2 #6).
+ */
+const NO_FINDINGS_RE = /\b(?:no\s+(?:findings|issues|problems)\s+(?:found|detected|reported)?|nothing\s+to\s+report|0\s+findings|zero\s+findings)\b/i;
+function severityFromSection(section) {
+    SEVERITY_RE.lastIndex = 0;
+    const m = SEVERITY_RE.exec(section);
+    if (!m)
+        return 'medium';
+    return mapSeverity(m[1]);
+}
+/**
+ * Build meaningful synthetic evidence (Round-1 #8):
+ * - Prefer the section body (first 240 chars after the heading).
+ * - If the body is too short, build a meaningful sentence from the title,
+ *   not a space-padded string.
+ *
+ * Worker-stated number is preserved in the evidence prose, not in the id
+ * (Round-1 #2 — ids must always be unique sequential).
+ */
+function buildEvidence(sectionText, title, workerNumber) {
+    const body = sectionText.split('\n').slice(1).join('\n').trim();
+    if (body.length >= 20)
+        return body.slice(0, 240);
+    const synth = `Worker finding #${workerNumber} (${title}): no detailed body provided in implementer report.`;
+    return synth.length >= 20 ? synth : `${synth} fallback-synthesized.`;
+}
+/**
+ * Deterministic regex extractor — runs when the LLM reviewer's JSON output
+ * fails parse twice. Synthesizes AnnotatedFinding[] so telemetry always has
+ * something to count.
+ *
+ * Confidence is null. Ids are always sequential `F${i+1}` (never use the
+ * worker's number — duplicates would violate annotatedFindingsSchema).
+ * evidenceGrounded reflects the actual substring check on the normalized
+ * worker output.
+ *
+ * If the worker output has zero parseable numbered sections and no explicit
+ * "no findings" language, emits a single catch-all finding so downstream
+ * telemetry never sees an empty list.
+ */
+export function fallbackExtractFindings(workerOutput) {
+    const normalizedWorker = normalizeWhitespace(workerOutput);
+    const sections = findSections(workerOutput);
+    // Round-2 #6: respect explicit "no findings" worker output.
+    if (sections.length === 0 && NO_FINDINGS_RE.test(workerOutput)) {
+        return [];
+    }
+    if (sections.length === 0) {
+        const trimmed = workerOutput.trim();
+        // Use real worker text when long enough — preserves evidenceGrounded=true.
+        // Otherwise fall back to a meaningful synthetic sentence (knowingly ungrounded).
+        const evidence = trimmed.length >= 20
+            ? trimmed.slice(0, 240)
+            : `Worker output had no parseable findings (length ${trimmed.length}). Fallback emitted catch-all so telemetry has at least one entry.`;
+        const eNorm = normalizeWhitespace(evidence);
+        return [{
+                id: 'F1',
+                severity: 'medium',
+                claim: 'reviewer parse failed; deterministic fallback emitted single catch-all from worker output',
+                evidence,
+                reviewerConfidence: null,
+                evidenceGrounded: eNorm.length >= 20 && normalizedWorker.includes(eNorm),
+            }];
+    }
+    return sections.map((section, i) => {
+        const sectionText = workerOutput.slice(section.startIdx, section.endIdx);
+        const severity = severityFromSection(sectionText);
+        const evidence = buildEvidence(sectionText, section.title, section.workerNumber);
+        const eNorm = normalizeWhitespace(evidence);
+        return {
+            id: `F${i + 1}`,
+            severity,
+            claim: section.title || `Finding ${i + 1}`,
+            evidence,
+            reviewerConfidence: null,
+            evidenceGrounded: eNorm.length >= 20 && normalizedWorker.includes(eNorm),
+        };
+    });
+}
+//# sourceMappingURL=fallback-extraction.js.map

package/dist/review/fallback-extraction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fallback-extraction.js","sourceRoot":"","sources":["../../src/review/fallback-extraction.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,GAEpB,MAAM,yCAAyC,CAAC;AAIjD;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,CAAC,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,QAAQ,CAAC;IACnD,IAAI,CAAC,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,GAAG,2EAA2E,CAAC;AAC/F,MAAM,WAAW,GAAG,oDAAoD,CAAC;AASzE,kDAAkD;AAClD,SAAS,YAAY,CAAC,YAAoB;IACxC,MAAM,QAAQ,GAAiB,EAAE,CAAC;IAClC,UAAU,CAAC,SAAS,GAAG,CAAC,CAAC;IACzB,IAAI,IAAI,GAAqE,IAAI,CAAC;IAClF,IAAI,KAA6B,CAAC;IAClC,OAAO,CAAC,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC;QAC7B,IAAI,IAAI,EAAE,CAAC;YACT,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/C,CAAC;QACD,mFAAmF;QACnF,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,GAAG;YACL,QAAQ;YACR,YAAY;YACZ,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;SAC/B,CAAC;IACJ,CAAC;IACD,IAAI,IAAI;QAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IAClE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,cAAc,GAAG,8HAA8H,CAAC;AAEtJ,SAAS,mBAAmB,CAAC,OAAe;IAC1C,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC;IAC1B,MAAM,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,CAAC,CAAC;QAAE,OAAO,QAAQ,CAAC;IACxB,OAAO,WAAW,CAAC,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,KAAa,EAAE,YAAoB;IAC7E,MAAM,IAAI,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,IAAI,IAAI,CAAC,MAAM,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,mBAAmB,YAAY,KAAK,KAAK,qDAAqD,CAAC;IAC7G,OAAO,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,wBAAwB,CAAC;AACvE,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CAAC,YAAoB;IAC1D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAE5C,4DAA4D;IAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC/D,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;QACpC,2EAA2E;QAC3E,iFAAiF;QACjF,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE;YACnC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACvB,CAAC,CAAC,mDAAmD,OAAO,CAAC,MAAM,oEAAoE,CAAC;QAC1I,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,CAAC;gBACN,EAAE,EAAE,IAAI;gBACR,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE,2FAA2F;gBAClG,QAAQ;gBACR,kBAAkB,EAAE,IAAI;gBACxB,gBAAgB,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;aACzE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,WAAW,GAAG,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE;YACf,QAAQ;YACR,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE;YAC1C,QAAQ;YACR,kBAAkB,EAAE,IAAI;YACxB,gBAAgB,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,IAAI,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC;SACzE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/review/parse-reviewer-findings.d.ts

@@ -0,0 +1,26 @@
+import { type AnnotatedFinding } from '../executors/_shared/findings-schema.js';
+interface ParseOk {
+    ok: true;
+    findings: AnnotatedFinding[];
+    /** Findings whose evidence was NOT a substring of worker output — kept but flagged. */
+    ungroundedCount: number;
+}
+interface ParseErr {
+    ok: false;
+    reason: string;
+}
+export type ParseReviewerFindingsResult = ParseOk | ParseErr;
+/**
+ * Parse the reviewer's structured output and annotate each finding with
+ * `evidenceGrounded`.
+ *
+ * Pipeline:
+ * 1. Extract the final `` ```json `` block (permissive fence).
+ * 2. JSON.parse + Zod-validate against reviewerEmittedFindingsSchema.
+ * 3. Normalize worker output ONCE; for each finding set
+ *    `evidenceGrounded` against the normalized worker.
+ * 4. Return ALL findings — never drop. `ungroundedCount` is informational only.
+ */
+export declare function parseReviewerFindings(reviewerOutput: string, workerOutput: string): ParseReviewerFindingsResult;
+export {};
+//# sourceMappingURL=parse-reviewer-findings.d.ts.map

package/dist/review/parse-reviewer-findings.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-reviewer-findings.d.ts","sourceRoot":"","sources":["../../src/review/parse-reviewer-findings.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EACtB,MAAM,yCAAyC,CAAC;AAEjD,UAAU,OAAO;IACf,EAAE,EAAE,IAAI,CAAC;IACT,QAAQ,EAAE,gBAAgB,EAAE,CAAC;IAC7B,uFAAuF;IACvF,eAAe,EAAE,MAAM,CAAC;CACzB;AACD,UAAU,QAAQ;IAChB,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,MAAM,2BAA2B,GAAG,OAAO,GAAG,QAAQ,CAAC;AAmC7D;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CACnC,cAAc,EAAE,MAAM,EACtB,YAAY,EAAE,MAAM,GACnB,2BAA2B,CA0B7B"}

package/dist/review/parse-reviewer-findings.js

@@ -0,0 +1,73 @@
+import { reviewerEmittedFindingsSchema, normalizeWhitespace, } from '../executors/_shared/findings-schema.js';
+// Permissive fence regex (Round-3 #2): case-insensitive `json`, allow:
+//   - any whitespace (including none) between opening fence and content
+//   - any whitespace (including none) between content and closing fence
+//     so compact "[]```" or content-on-one-line forms are accepted.
+// The captured group is JSON-trimmed before parse.
+const JSON_BLOCK_RE = /```json[ \t]*\r?\n?([\s\S]*?)\s*```[ \t]*/gi;
+/**
+ * Extract the LAST `` ```json `` fenced code block from the reviewer output.
+ * Reviewers often emit example/format JSON earlier; the real findings array
+ * is conventionally last. Single-pass — does not materialize all matches.
+ */
+function extractFinalJsonBlock(output) {
+    let last = null;
+    let match;
+    // Reset lastIndex on the shared regex to make this re-entrant.
+    JSON_BLOCK_RE.lastIndex = 0;
+    while ((match = JSON_BLOCK_RE.exec(output)) !== null) {
+        last = match;
+    }
+    return last ? last[1] ?? null : null;
+}
+/**
+ * Substring check against a pre-normalized worker output. Avoids re-normalizing
+ * the (potentially large) worker output for every finding (Round-1 P2).
+ */
+function evidenceIsGroundedAgainst(evidence, normalizedWorker) {
+    const e = normalizeWhitespace(evidence);
+    if (e.length < 20)
+        return false;
+    return normalizedWorker.includes(e);
+}
+/**
+ * Parse the reviewer's structured output and annotate each finding with
+ * `evidenceGrounded`.
+ *
+ * Pipeline:
+ * 1. Extract the final `` ```json `` block (permissive fence).
+ * 2. JSON.parse + Zod-validate against reviewerEmittedFindingsSchema.
+ * 3. Normalize worker output ONCE; for each finding set
+ *    `evidenceGrounded` against the normalized worker.
+ * 4. Return ALL findings — never drop. `ungroundedCount` is informational only.
+ */
+export function parseReviewerFindings(reviewerOutput, workerOutput) {
+    const block = extractFinalJsonBlock(reviewerOutput);
+    if (block === null) {
+        return { ok: false, reason: 'reviewer output missing ```json fenced block' };
+    }
+    let parsed;
+    try {
+        // Trim — the permissive regex can capture leading/trailing whitespace.
+        parsed = JSON.parse(block.trim());
+    }
+    catch (err) {
+        return { ok: false, reason: `reviewer JSON parse failed: ${err instanceof Error ? err.message : String(err)}` };
+    }
+    const validated = reviewerEmittedFindingsSchema.safeParse(parsed);
+    if (!validated.success) {
+        return { ok: false, reason: `findings array validation failed: ${validated.error.message}` };
+    }
+    // Round-2 P2: fuse map + count to avoid the second pass.
+    const normalizedWorker = normalizeWhitespace(workerOutput);
+    const annotated = [];
+    let ungroundedCount = 0;
+    for (const f of validated.data) {
+        const grounded = evidenceIsGroundedAgainst(f.evidence, normalizedWorker);
+        if (!grounded)
+            ungroundedCount++;
+        annotated.push({ ...f, evidenceGrounded: grounded });
+    }
+    return { ok: true, findings: annotated, ungroundedCount };
+}
+//# sourceMappingURL=parse-reviewer-findings.js.map

package/dist/review/parse-reviewer-findings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-reviewer-findings.js","sourceRoot":"","sources":["../../src/review/parse-reviewer-findings.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAC7B,mBAAmB,GAEpB,MAAM,yCAAyC,CAAC;AAcjD,uEAAuE;AACvE,wEAAwE;AACxE,wEAAwE;AACxE,oEAAoE;AACpE,mDAAmD;AACnD,MAAM,aAAa,GAAG,6CAA6C,CAAC;AAEpE;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,MAAc;IAC3C,IAAI,IAAI,GAA2B,IAAI,CAAC;IACxC,IAAI,KAA6B,CAAC;IAClC,+DAA+D;IAC/D,aAAa,CAAC,SAAS,GAAG,CAAC,CAAC;IAC5B,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACrD,IAAI,GAAG,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,SAAS,yBAAyB,CAAC,QAAgB,EAAE,gBAAwB;IAC3E,MAAM,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAChC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AACtC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAAsB,EACtB,YAAoB;IAEpB,MAAM,KAAK,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;IACpD,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,8CAA8C,EAAE,CAAC;IAC/E,CAAC;IACD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,uEAAuE;QACvE,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;IAClH,CAAC;IACD,MAAM,SAAS,GAAG,6BAA6B,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAClE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qCAAqC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;IAC/F,CAAC;IACD,yDAAyD;IACzD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAC3D,MAAM,SAAS,GAAuB,EAAE,CAAC;IACzC,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,yBAAyB,CAAC,CAAC,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QACzE,IAAI,CAAC,QAAQ;YAAE,eAAe,EAAE,CAAC;QACjC,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,eAAe,EAAE,CAAC;AAC5D,CAAC"}

package/dist/review/quality-only-prompts.d.ts

@@ -1,21 +1,28 @@
 /**
- * Quality-only review prompts for the 5 read-only mma-* routes (3.8.1+).
+ * Quality-only review prompts for the 5 read-only mma-* routes (3.10.5+).
  *
- * Each prompt asks the reviewer to ANNOTATE every worker finding with:
- *  - reviewerConfidence: integer 0–100, how confident YOU (reviewer) are that
- *    this finding is correct, on-brief, and well-grounded in the evidence.
- *  - reviewerSeverity (optional): only set when you disagree with the worker's
- *    severity. Workers tend to inflate; use this to dial down.
+ * The reviewer receives ONLY the implementer's free-form markdown narrative
+ * and the original brief. It must:
+ *  1. Read the worker's narrative.
+ *  2. Identify every distinct issue/finding/checklist-item the worker raised.
+ *  3. Assign sequential ids (F1, F2, ...) — even if the worker numbered them,
+ *     the reviewer re-numbers from 1 to ensure uniqueness.
+ *  4. Set `severity` to its OWN final 4-tier judgment {critical, high, medium,
+ *     low}. The reviewer is authoritative — there is no separate
+ *     `reviewerSeverity` field. Map worker-stated "mid" -> "medium". When
+ *     the worker did not state a severity, judge from impact.
+ *  5. Score each finding's reviewerConfidence (0-100) — how confident YOU
+ *     would be defending the finding's correctness if challenged.
+ *  6. Quote evidence VERBATIM (≥20 chars) from the worker's output. The
+ *     downstream parser flags non-substring quotes via
+ *     `evidenceGrounded:false` but never drops findings.
+ *  7. Emit ONE fenced JSON code block as the LAST block in your response.
  *
- * The reviewer returns a single ```json fenced block containing a JSON array
- * of {id, reviewerConfidence, reviewerSeverity?} objects, one per worker
- * finding (matched by id). NO verdict, NO gate, NO rework signal.
+ * If the worker raised zero issues, emit `[]` and stop.
  */
-import type { WorkerFinding } from '../executors/_shared/findings-schema.js';
 interface PromptContext {
     workerOutput: string;
     brief: string;
-    workerFindings: WorkerFinding[];
 }
 export declare function buildAuditQualityPrompt(ctx: PromptContext): string;
 export declare function buildReviewQualityPrompt(ctx: PromptContext): string;

package/dist/review/quality-only-prompts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"quality-only-prompts.d.ts","sourceRoot":"","sources":["../../src/review/quality-only-prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AAE7E,UAAU,aAAa;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,aAAa,EAAE,CAAC;CACjC;AAyCD,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAmBlE;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAmBnE;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAoBnE;AAED,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAqBxE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAoBlE"}
+{"version":3,"file":"quality-only-prompts.d.ts","sourceRoot":"","sources":["../../src/review/quality-only-prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,UAAU,aAAa;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf;AAwED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAMlE;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAMnE;AAED,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAMnE;AAED,wBAAgB,6BAA6B,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAMxE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,aAAa,GAAG,MAAM,CAMlE"}

package/dist/review/quality-only-prompts.js

@@ -1,155 +1,106 @@
 /**
- * Quality-only review prompts for the 5 read-only mma-* routes (3.8.1+).
+ * Quality-only review prompts for the 5 read-only mma-* routes (3.10.5+).
  *
- * Each prompt asks the reviewer to ANNOTATE every worker finding with:
- *  - reviewerConfidence: integer 0–100, how confident YOU (reviewer) are that
- *    this finding is correct, on-brief, and well-grounded in the evidence.
- *  - reviewerSeverity (optional): only set when you disagree with the worker's
- *    severity. Workers tend to inflate; use this to dial down.
+ * The reviewer receives ONLY the implementer's free-form markdown narrative
+ * and the original brief. It must:
+ *  1. Read the worker's narrative.
+ *  2. Identify every distinct issue/finding/checklist-item the worker raised.
+ *  3. Assign sequential ids (F1, F2, ...) — even if the worker numbered them,
+ *     the reviewer re-numbers from 1 to ensure uniqueness.
+ *  4. Set `severity` to its OWN final 4-tier judgment {critical, high, medium,
+ *     low}. The reviewer is authoritative — there is no separate
+ *     `reviewerSeverity` field. Map worker-stated "mid" -> "medium". When
+ *     the worker did not state a severity, judge from impact.
+ *  5. Score each finding's reviewerConfidence (0-100) — how confident YOU
+ *     would be defending the finding's correctness if challenged.
+ *  6. Quote evidence VERBATIM (≥20 chars) from the worker's output. The
+ *     downstream parser flags non-substring quotes via
+ *     `evidenceGrounded:false` but never drops findings.
+ *  7. Emit ONE fenced JSON code block as the LAST block in your response.
  *
- * The reviewer returns a single ```json fenced block containing a JSON array
- * of {id, reviewerConfidence, reviewerSeverity?} objects, one per worker
- * finding (matched by id). NO verdict, NO gate, NO rework signal.
+ * If the worker raised zero issues, emit `[]` and stop.
  */
-const RUBRIC = `
-## How to score \`reviewerConfidence\` (integer 0-100)
-
-You are scoring whether YOU would defend this finding if pushed. Not severity.
-Not the worker's self-confidence.
-
-  80-100: evidence directly supports the claim, on-brief, defend without hesitation
-  60-79:  evidence supports claim with minor gaps, on-brief, plausible
-  40-59:  claim plausible but evidence thin, partial, or requires inference
-  20-39:  claim weak, evidence does not back it up, OR off-brief
-   0-19:  unsupported, contradicted, fabricated, OR completely off-brief
-
-## How to use \`reviewerSeverity\` (optional)
-
-Only set when you DISAGREE with the worker's \`severity\`. Workers tend to
-inflate ("everything is high"); use \`reviewerSeverity\` to dial down. Omit
-when you agree.
-
+const RUBRIC_TEMPLATE = String.raw `
 ## Output format (REQUIRED)
 
-Respond with exactly one fenced JSON code block. The block must contain a
-JSON array of objects, one entry per worker finding (matched by \`id\`). Example:
-
-\`\`\`json
-[
-  { "id": "F1", "reviewerConfidence": 85 },
-  { "id": "F2", "reviewerConfidence": 35, "reviewerSeverity": "low" },
-  { "id": "F3", "reviewerConfidence": 70 }
+Respond with exactly one fenced JSON code block AS THE LAST BLOCK in your
+response. The block contains a JSON array of finding objects, in the order
+the worker presented them. Example:
+
+` + '```json\n' + `[
+  {
+    "id": "F1",
+    "severity": "critical",
+    "claim": "Remote code execution via unsanitized input in src/handler.ts:42",
+    "evidence": "user input is passed directly into shellExec() without escaping",
+    "suggestion": "Use a parameterized API or escape input",
+    "reviewerConfidence": 90
+  },
+  {
+    "id": "F2",
+    "severity": "medium",
+    "claim": "Auth check missing on /admin endpoint",
+    "evidence": "router.get('/admin', adminHandler) — no auth middleware applied",
+    "reviewerConfidence": 60
+  }
 ]
-\`\`\`
-
-Every worker finding id must appear exactly once. No extra ids. No missing
-ids. Surrounding prose is allowed but ignored by the parser.
+` + '```' + `
+
+Field rules:
+- ` + '`id`' + `: assign sequentially F1, F2, F3, ... (your choice; must be unique).
+- ` + '`severity`' + `: one of "critical" | "high" | "medium" | "low" — YOUR
+   final judgment, not the worker's. The worker's value is a hint; you may
+   dial it up or down based on actual impact (workers tend to inflate).
+   - critical: must fix before any other work (RCE, auth bypass, data loss)
+   - high:     serious bug / security issue, blocks release
+   - medium:   real issue, should fix soon
+   - low:      minor issue, nice to fix
+   Map worker-said "mid" -> "medium". When the worker omitted severity, judge.
+- ` + '`claim`' + `: one-sentence summary.
+- ` + '`evidence`' + `: REQUIRED, ≥20 chars, MUST be a verbatim quote from the
+   worker's output. The parser flags non-substring quotes — quote precisely.
+- ` + '`suggestion`' + `: optional; quote or paraphrase the worker's recommended fix.
+- ` + '`reviewerConfidence`' + `: integer 0-100. How confident YOU (reviewer) are
+   that the finding is correct, on-brief, and well-grounded:
+     80-100: defend without hesitation
+     60-79:  plausible, minor gaps
+     40-59:  thin evidence
+     20-39:  weak / off-brief
+      0-19:  unsupported / fabricated
+
+If the worker raised NO issues, return ` + '`[]`' + `. Surrounding prose is allowed
+but ignored by the parser — only the LAST ` + '```json' + ` block is read.
 `.trim();
-function renderFindings(findings) {
-    return JSON.stringify(findings, null, 2);
-}
-export function buildAuditQualityPrompt(ctx) {
-    return `You are reviewing an audit produced by a worker.
+function buildPrompt(role, onBriefCheck, ctx) {
+    return `You are reviewing a ${role} produced by a worker.
 
-The user requested an audit. The brief was:
+The user requested a ${role}. The brief was:
 
 ${ctx.brief}
 
 ## On-brief check (per finding)
 
-For each worker finding, ask: is this the kind of issue the audit asked for?
-A security audit should produce security findings, not style nits.
+${onBriefCheck}
 
-## Worker findings to annotate
+## Worker output to extract findings from
 
-\`\`\`json
-${renderFindings(ctx.workerFindings)}
-\`\`\`
+${ctx.workerOutput}
 
-${RUBRIC}`;
+${RUBRIC_TEMPLATE}`;
+}
+export function buildAuditQualityPrompt(ctx) {
+    return buildPrompt('audit', 'For each finding, ask: is this the kind of issue the audit asked for? A security audit should produce security findings, not style nits.', ctx);
 }
 export function buildReviewQualityPrompt(ctx) {
-    return `You are reviewing a code review produced by a worker.
-
-The user requested a code review. The brief was:
-
-${ctx.brief}
-
-## On-brief check (per finding)
-
-For each worker finding, ask: is this within the requested focus area?
-A security review should produce security findings, not formatting nits.
-
-## Worker findings to annotate
-
-\`\`\`json
-${renderFindings(ctx.workerFindings)}
-\`\`\`
-
-${RUBRIC}`;
+    return buildPrompt('code review', 'For each finding, ask: is this within the requested focus area? A security review should produce security findings, not formatting nits.', ctx);
 }
 export function buildVerifyQualityPrompt(ctx) {
-    return `You are reviewing a verification report produced by a worker.
-
-The user provided a checklist of acceptance criteria. The brief was:
-
-${ctx.brief}
-
-## On-brief check (per finding)
-
-Each finding should map to one checklist item with evidence the criterion was
-met or unmet. Flag findings that don't correspond to any checklist item, or
-whose evidence doesn't actually demonstrate the claimed pass/fail status.
-
-## Worker findings to annotate
-
-\`\`\`json
-${renderFindings(ctx.workerFindings)}
-\`\`\`
-
-${RUBRIC}`;
+    return buildPrompt('verification report', 'Each finding should map to one checklist item with evidence the criterion was met or unmet. Flag findings that do not correspond to any checklist item, or whose evidence does not actually demonstrate the claimed pass/fail status.', ctx);
 }
 export function buildInvestigateQualityPrompt(ctx) {
-    return `You are reviewing a codebase investigation produced by a worker.
-
-The user asked a question. The brief was:
-
-${ctx.brief}
-
-## On-brief check (per finding)
-
-Each finding should be relevant to the question. Findings may be code-level
-(file:line cited in evidence) or project-level synthesis (what was searched,
-what was not found). Flag findings whose evidence does not support the claim
-or whose claim drifts from the question.
-
-## Worker findings to annotate
-
-\`\`\`json
-${renderFindings(ctx.workerFindings)}
-\`\`\`
-
-${RUBRIC}`;
+    return buildPrompt('codebase investigation', 'Each finding should be relevant to the question. Findings may be code-level (file:line cited in evidence) or project-level synthesis (what was searched, what was not found). Flag findings whose evidence does not support the claim or whose claim drifts from the question.', ctx);
 }
 export function buildDebugQualityPrompt(ctx) {
-    return `You are reviewing a debugging hypothesis produced by a worker.
-
-The user reported a failure. The brief was:
-
-${ctx.brief}
-
-## On-brief check (per finding)
-
-Each finding should be a hypothesis, root-cause claim, or evidence
-(reproducer, error pattern, code path). Flag findings that don't logically
-follow from cited evidence or that exceed what the trace actually shows.
-
-## Worker findings to annotate
-
-\`\`\`json
-${renderFindings(ctx.workerFindings)}
-\`\`\`
-
-${RUBRIC}`;
+    return buildPrompt('debugging hypothesis', 'Each finding should be a hypothesis, root-cause claim, or evidence (reproducer, error pattern, code path). Flag findings that do not logically follow from cited evidence or that exceed what the trace actually shows.', ctx);
 }
 //# sourceMappingURL=quality-only-prompts.js.map

package/dist/review/quality-only-prompts.js.map

@@ -1 +1 @@
-{"version":3,"file":"quality-only-prompts.js","sourceRoot":"","sources":["../../src/review/quality-only-prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,MAAM,MAAM,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiCd,CAAC,IAAI,EAAE,CAAC;AAET,SAAS,cAAc,CAAC,QAAyB;IAC/C,OAAO,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAkB;IACxD,OAAO;;;;EAIP,GAAG,CAAC,KAAK;;;;;;;;;;EAUT,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;;;EAGlC,MAAM,EAAE,CAAC;AACX,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAkB;IACzD,OAAO;;;;EAIP,GAAG,CAAC,KAAK;;;;;;;;;;EAUT,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;;;EAGlC,MAAM,EAAE,CAAC;AACX,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAkB;IACzD,OAAO;;;;EAIP,GAAG,CAAC,KAAK;;;;;;;;;;;EAWT,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;;;EAGlC,MAAM,EAAE,CAAC;AACX,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,GAAkB;IAC9D,OAAO;;;;EAIP,GAAG,CAAC,KAAK;;;;;;;;;;;;EAYT,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;;;EAGlC,MAAM,EAAE,CAAC;AACX,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAkB;IACxD,OAAO;;;;EAIP,GAAG,CAAC,KAAK;;;;;;;;;;;EAWT,cAAc,CAAC,GAAG,CAAC,cAAc,CAAC;;;EAGlC,MAAM,EAAE,CAAC;AACX,CAAC"}
+{"version":3,"file":"quality-only-prompts.js","sourceRoot":"","sources":["../../src/review/quality-only-prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAOH,MAAM,eAAe,GAAG,MAAM,CAAC,GAAG,CAAA;;;;;;;CAOjC,GAAG,WAAW,GAAG;;;;;;;;;;;;;;;;;CAiBjB,GAAG,KAAK,GAAG;;;GAGT,GAAG,MAAM,GAAG;GACZ,GAAG,YAAY,GAAG;;;;;;;;GAQlB,GAAG,SAAS,GAAG;GACf,GAAG,YAAY,GAAG;;GAElB,GAAG,cAAc,GAAG;GACpB,GAAG,sBAAsB,GAAG;;;;;;;;wCAQS,GAAG,MAAM,GAAG;2CACT,GAAG,SAAS,GAAG;CACzD,CAAC,IAAI,EAAE,CAAC;AAET,SAAS,WAAW,CAAC,IAAY,EAAE,YAAoB,EAAE,GAAkB;IACzE,OAAO,uBAAuB,IAAI;;uBAEb,IAAI;;EAEzB,GAAG,CAAC,KAAK;;;;EAIT,YAAY;;;;EAIZ,GAAG,CAAC,YAAY;;EAEhB,eAAe,EAAE,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAkB;IACxD,OAAO,WAAW,CAChB,OAAO,EACP,0IAA0I,EAC1I,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAkB;IACzD,OAAO,WAAW,CAChB,aAAa,EACb,0IAA0I,EAC1I,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,GAAkB;IACzD,OAAO,WAAW,CAChB,qBAAqB,EACrB,uOAAuO,EACvO,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,GAAkB;IAC9D,OAAO,WAAW,CAChB,wBAAwB,EACxB,gRAAgR,EAChR,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAkB;IACxD,OAAO,WAAW,CAChB,sBAAsB,EACtB,yNAAyN,EACzN,GAAG,CACJ,CAAC;AACJ,CAAC"}