auditor-lambda 0.1.0

package/README.md

@@ -0,0 +1,173 @@
+# auditor-lambda
+
+Skill-first audit orchestration backend for the `/audit-code` product surface.
+
+## Canonical Product Route
+
+The primary product is `/audit-code` in conversation.
+
+Normal product usage should:
+
+- use the active conversation model by default
+- use project files and attached repository context by default
+- avoid manual paths, provider flags, and model-selection arguments
+- advance the audit automatically until it completes or no further automatic progress is possible
+
+## Conversation Setup
+
+The canonical asset for editor and conversation integrations is:
+
+`skills/audit-code/audit-code.prompt.md`
+
+Packaged installs and repository checkouts both ship that prompt asset.
+
+The recommended zero-guess setup path is now:
+
+```bash
+audit-code install
+```
+
+That bootstraps repo-local `/audit-code` surfaces for the hosts we can automate today, including:
+
+- VS Code / GitHub Copilot prompt files
+- OpenCode custom commands
+- Claude Code custom slash commands
+- compatibility instruction files such as `AGENTS.md` and `CLAUDE.md`
+
+After that, open a supported conversation surface in the repository and invoke `/audit-code`.
+
+If a host still needs manual prompt import after bootstrap, open:
+
+```text
+.audit-code/install/GETTING-STARTED.md
+```
+
+That repo-local guide now includes dedicated quick-start sections for VS Code, OpenCode, Claude Code, Claude Desktop, and Antigravity, plus the installed canonical prompt asset path for manual-import hosts.
+
+For narrower compatibility, `audit-code install-host --host copilot` still exists.
+
+For hosts that still need manual import after bootstrap, or for environments with no repo-local install surface, after installing the package or checking out the repository, use:
+
+```bash
+audit-code prompt-path
+```
+
+Import the reported file into your editor or conversation environment's custom prompt configuration, then invoke `/audit-code` in conversation.
+
+Typical examples include custom instructions, `.cursorrules`, prompt libraries, or comparable editor-specific prompt surfaces.
+
+## Repo-Local Backend Fallback
+
+The CLI in this repository is backend infrastructure and a repo-local fallback surface.
+
+From the target repository root:
+
+```bash
+audit-code
+```
+
+Repository-local equivalent:
+
+```bash
+node /path/to/auditor-lambda/audit-code.mjs
+```
+
+This wrapper:
+
+- defaults artifacts to `<repo-root>/.audit-artifacts`
+- creates that directory automatically
+- auto-builds `dist/` if it is missing
+- advances fresh worker sessions automatically until the audit completes or the remaining work requires imported results or an interactive provider
+- emits `contract_version: "audit-code/v1alpha1"`
+- refreshes `.audit-artifacts/operator-handoff.json` and `.audit-artifacts/operator-handoff.md` with suggested evidence-import paths and continuation hints
+
+Explicit root override still exists for callers running from outside the target repository:
+
+```bash
+audit-code --root /path/to/repo
+```
+
+For one bounded debug step instead of run-to-completion:
+
+```bash
+audit-code --single-step
+```
+
+For an operator-side artifact consistency check:
+
+```bash
+audit-code validate
+```
+
+That check now covers the artifact bundle plus `session-config.json` and explicit provider readiness.
+
+The backend wrapper response schema is `schemas/audit-code-v1alpha1.schema.json`.
+
+## Backend Provider Modes
+
+If `provider` is omitted, the backend defaults to the safest mode:
+
+```json
+{
+  "provider": "local-subprocess"
+}
+```
+
+If you want best-effort cross-editor or provider routing, opt into:
+
+```json
+{
+  "provider": "auto",
+  "ui_mode": "visible"
+}
+```
+
+Optional backend config:
+
+`.audit-artifacts/session-config.json`
+
+## Practical Guidance
+
+- use `/audit-code` in conversation as the canonical product surface
+- use `audit-code install` first when you want the lowest-friction repo bootstrap
+- use `audit-code prompt-path` to locate the packaged prompt asset
+- use `audit-code` from the repository root only when you need the repo-local backend fallback
+- use omitted provider or `local-subprocess` for the safest deterministic fallback behavior
+- use `provider: "auto"` only when you want best-effort routing across installed backends
+
+## Implementation Next Steps
+
+The next implementation work is tracked in:
+
+- `docs/next-steps.md`
+
+The short version is:
+
+- reduce prompt-import friction in the conversation setup flow
+- make the conversation route feel more native in the first target hosts
+- improve continuation when assisted or interactive review is needed
+- finish publish and release hardening for packaged installs
+
+## Build And Test
+
+```bash
+npm install
+npm run verify:release
+```
+
+## Key Docs
+
+- `docs/product-direction.md`
+- `docs/production-readiness.md`
+- `docs/production-launch-bar.md`
+- `docs/next-steps.md`
+- `skills/audit-code/SKILL.md`
+- `docs/bootstrap-install.md`
+- `docs/agent-integrations.md`
+- `docs/github-copilot.md`
+- `docs/contract.md`
+- `docs/model-selection.md`
+- `docs/packaging.md`
+- `docs/session-config.md`
+- `docs/supervisor.md`
+- `docs/windows-setup.md`