auditor-lambda 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (58) hide show
  1. package/README.md +2 -1
  2. package/audit-code-wrapper-lib.mjs +458 -380
  3. package/dist/cli.js +258 -11
  4. package/dist/coverage.d.ts +0 -1
  5. package/dist/coverage.js +3 -34
  6. package/dist/extractors/fileInventory.js +2 -0
  7. package/dist/io/artifacts.js +2 -1
  8. package/dist/orchestrator/advance.js +70 -52
  9. package/dist/orchestrator/flowCoverage.js +2 -1
  10. package/dist/orchestrator/flowPlanning.d.ts +1 -1
  11. package/dist/orchestrator/flowPlanning.js +21 -28
  12. package/dist/orchestrator/internalExecutors.js +0 -1
  13. package/dist/orchestrator/taskBuilder.d.ts +7 -2
  14. package/dist/orchestrator/taskBuilder.js +55 -47
  15. package/dist/prompts/renderWorkerPrompt.js +32 -0
  16. package/dist/providers/claudeCodeProvider.js +6 -0
  17. package/dist/providers/index.js +5 -2
  18. package/dist/providers/opencodeProvider.js +6 -1
  19. package/dist/providers/types.d.ts +1 -0
  20. package/dist/reporting/mergeFindings.js +0 -7
  21. package/dist/reporting/rootCause.d.ts +0 -1
  22. package/dist/reporting/rootCause.js +0 -6
  23. package/dist/reporting/synthesis.js +18 -0
  24. package/dist/supervisor/runLedger.js +6 -2
  25. package/dist/types/sessionConfig.d.ts +8 -0
  26. package/dist/types/workerSession.d.ts +2 -0
  27. package/dist/types.d.ts +1 -2
  28. package/dist/validation/auditResults.d.ts +11 -0
  29. package/dist/validation/auditResults.js +118 -0
  30. package/dist/validation/sessionConfig.js +15 -1
  31. package/docs/agent-integrations.md +61 -56
  32. package/docs/agent-roles.md +69 -69
  33. package/docs/architecture.md +90 -90
  34. package/docs/artifacts.md +69 -69
  35. package/docs/bootstrap-install.md +1 -1
  36. package/docs/model-selection.md +86 -86
  37. package/docs/next-steps.md +11 -9
  38. package/docs/packaging.md +3 -3
  39. package/docs/pipeline.md +152 -152
  40. package/docs/production-readiness.md +6 -5
  41. package/docs/repo-layout.md +18 -18
  42. package/docs/run-flow.md +5 -5
  43. package/docs/session-config.md +216 -210
  44. package/docs/supervisor.md +70 -70
  45. package/docs/windows-setup.md +139 -139
  46. package/package.json +56 -56
  47. package/schemas/audit-code-v1alpha1.schema.json +76 -76
  48. package/schemas/audit_result.schema.json +48 -48
  49. package/schemas/audit_task.schema.json +49 -49
  50. package/schemas/coverage_matrix.schema.json +0 -15
  51. package/schemas/file_disposition.schema.json +33 -33
  52. package/schemas/finding.schema.json +58 -62
  53. package/schemas/flow_coverage.schema.json +44 -44
  54. package/schemas/root_cause_clusters.schema.json +0 -4
  55. package/schemas/runtime_validation_report.schema.json +34 -34
  56. package/schemas/synthesis_report.schema.json +61 -61
  57. package/skills/audit-code/SKILL.md +37 -37
  58. package/skills/audit-code/audit-code.prompt.md +56 -54
package/schemas/audit_task.schema.json CHANGED
@@ -1,49 +1,49 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "audit_task.schema.json",
4
- "title": "Audit Task",
5
- "type": "object",
6
- "required": [
7
- "task_id",
8
- "unit_id",
9
- "pass_id",
10
- "lens",
11
- "file_paths",
12
- "rationale"
13
- ],
14
- "properties": {
15
- "task_id": { "type": "string" },
16
- "unit_id": { "type": "string" },
17
- "pass_id": { "type": "string" },
18
- "lens": { "type": "string" },
19
- "file_paths": {
20
- "type": "array",
21
- "items": { "type": "string" }
22
- },
23
- "line_ranges": {
24
- "type": "array",
25
- "items": {
26
- "type": "object",
27
- "required": ["path", "start", "end"],
28
- "properties": {
29
- "path": { "type": "string" },
30
- "start": { "type": "integer" },
31
- "end": { "type": "integer" }
32
- },
33
- "additionalProperties": false
34
- }
35
- },
36
- "inputs": {
37
- "type": "object",
38
- "properties": {
39
- "unit_manifest_ref": { "type": "string" },
40
- "graph_bundle_ref": { "type": "string" },
41
- "mechanical_results_ref": { "type": "string" },
42
- "risk_register_ref": { "type": "string" }
43
- },
44
- "additionalProperties": true
45
- },
46
- "rationale": { "type": "string" }
47
- },
48
- "additionalProperties": true
49
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "audit_task.schema.json",
4
+ "title": "Audit Task",
5
+ "type": "object",
6
+ "required": [
7
+ "task_id",
8
+ "unit_id",
9
+ "pass_id",
10
+ "lens",
11
+ "file_paths",
12
+ "rationale"
13
+ ],
14
+ "properties": {
15
+ "task_id": { "type": "string" },
16
+ "unit_id": { "type": "string" },
17
+ "pass_id": { "type": "string" },
18
+ "lens": { "type": "string", "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"] },
19
+ "file_paths": {
20
+ "type": "array",
21
+ "items": { "type": "string" }
22
+ },
23
+ "line_ranges": {
24
+ "type": "array",
25
+ "items": {
26
+ "type": "object",
27
+ "required": ["path", "start", "end"],
28
+ "properties": {
29
+ "path": { "type": "string" },
30
+ "start": { "type": "integer" },
31
+ "end": { "type": "integer" }
32
+ },
33
+ "additionalProperties": false
34
+ }
35
+ },
36
+ "inputs": {
37
+ "type": "object",
38
+ "properties": {
39
+ "unit_manifest_ref": { "type": "string" },
40
+ "graph_bundle_ref": { "type": "string" },
41
+ "mechanical_results_ref": { "type": "string" },
42
+ "risk_register_ref": { "type": "string" }
43
+ },
44
+ "additionalProperties": true
45
+ },
46
+ "rationale": { "type": "string" }
47
+ },
48
+ "additionalProperties": true
49
+ }
package/schemas/coverage_matrix.schema.json CHANGED
@@ -25,21 +25,6 @@
25
25
  "completed_lenses": {
26
26
  "type": "array",
27
27
  "items": { "type": "string" }
28
- },
29
- "reviewed_line_ranges": {
30
- "type": "array",
31
- "items": {
32
- "type": "object",
33
- "required": ["start", "end", "pass_id"],
34
- "properties": {
35
- "start": { "type": "integer" },
36
- "end": { "type": "integer" },
37
- "pass_id": { "type": "string" },
38
- "lens": { "type": "string" },
39
- "agent_role": { "type": "string" }
40
- },
41
- "additionalProperties": true
42
- }
43
28
  }
44
29
  },
45
30
  "additionalProperties": true
package/schemas/file_disposition.schema.json CHANGED
@@ -1,33 +1,33 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "file_disposition.schema.json",
4
- "title": "File Disposition",
5
- "type": "object",
6
- "required": ["files"],
7
- "properties": {
8
- "files": {
9
- "type": "array",
10
- "items": {
11
- "type": "object",
12
- "required": ["path", "status"],
13
- "properties": {
14
- "path": { "type": "string" },
15
- "status": {
16
- "type": "string",
17
- "enum": [
18
- "included",
19
- "excluded",
20
- "generated",
21
- "vendor",
22
- "binary",
23
- "doc_only"
24
- ]
25
- },
26
- "reason": { "type": "string" }
27
- },
28
- "additionalProperties": true
29
- }
30
- }
31
- },
32
- "additionalProperties": true
33
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "file_disposition.schema.json",
4
+ "title": "File Disposition",
5
+ "type": "object",
6
+ "required": ["files"],
7
+ "properties": {
8
+ "files": {
9
+ "type": "array",
10
+ "items": {
11
+ "type": "object",
12
+ "required": ["path", "status"],
13
+ "properties": {
14
+ "path": { "type": "string" },
15
+ "status": {
16
+ "type": "string",
17
+ "enum": [
18
+ "included",
19
+ "excluded",
20
+ "generated",
21
+ "vendor",
22
+ "binary",
23
+ "doc_only"
24
+ ]
25
+ },
26
+ "reason": { "type": "string" }
27
+ },
28
+ "additionalProperties": true
29
+ }
30
+ }
31
+ },
32
+ "additionalProperties": true
33
+ }
package/schemas/finding.schema.json CHANGED
@@ -1,62 +1,58 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "finding.schema.json",
4
- "title": "Audit Finding",
5
- "type": "object",
6
- "required": [
7
- "id",
8
- "title",
9
- "category",
10
- "severity",
11
- "confidence",
12
- "lens",
13
- "affected_files",
14
- "summary"
15
- ],
16
- "properties": {
17
- "id": { "type": "string" },
18
- "title": { "type": "string" },
19
- "category": { "type": "string" },
20
- "severity": {
21
- "type": "string",
22
- "enum": ["critical", "high", "medium", "low", "info"]
23
- },
24
- "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
25
- "lens": { "type": "string" },
26
- "summary": { "type": "string" },
27
- "affected_files": {
28
- "type": "array",
29
- "items": {
30
- "type": "object",
31
- "required": ["path"],
32
- "properties": {
33
- "path": { "type": "string" },
34
- "line_start": { "type": "integer" },
35
- "line_end": { "type": "integer" },
36
- "symbol": { "type": "string" }
37
- },
38
- "additionalProperties": true
39
- }
40
- },
41
- "impact": { "type": "string" },
42
- "likelihood": { "type": "string" },
43
- "evidence": {
44
- "type": "array",
45
- "items": { "type": "string" }
46
- },
47
- "reproduction": {
48
- "type": "array",
49
- "items": { "type": "string" }
50
- },
51
- "remediation": {
52
- "type": "array",
53
- "items": { "type": "string" }
54
- },
55
- "systemic": { "type": "boolean" },
56
- "related_findings": {
57
- "type": "array",
58
- "items": { "type": "string" }
59
- }
60
- },
61
- "additionalProperties": true
62
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "finding.schema.json",
4
+ "title": "Audit Finding",
5
+ "type": "object",
6
+ "required": [
7
+ "id",
8
+ "title",
9
+ "category",
10
+ "severity",
11
+ "confidence",
12
+ "lens",
13
+ "affected_files",
14
+ "summary"
15
+ ],
16
+ "properties": {
17
+ "id": { "type": "string" },
18
+ "title": { "type": "string" },
19
+ "category": { "type": "string" },
20
+ "severity": {
21
+ "type": "string",
22
+ "enum": ["critical", "high", "medium", "low", "info"]
23
+ },
24
+ "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
25
+ "lens": { "type": "string", "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"] },
26
+ "summary": { "type": "string" },
27
+ "affected_files": {
28
+ "type": "array",
29
+ "items": {
30
+ "type": "object",
31
+ "required": ["path"],
32
+ "properties": {
33
+ "path": { "type": "string" },
34
+ "line_start": { "type": "integer" },
35
+ "line_end": { "type": "integer" },
36
+ "symbol": { "type": "string" }
37
+ },
38
+ "additionalProperties": true
39
+ }
40
+ },
41
+ "impact": { "type": "string" },
42
+ "likelihood": { "type": "string" },
43
+ "evidence": {
44
+ "type": "array",
45
+ "items": { "type": "string" }
46
+ },
47
+ "reproduction": {
48
+ "type": "array",
49
+ "items": { "type": "string" }
50
+ },
51
+ "systemic": { "type": "boolean" },
52
+ "related_findings": {
53
+ "type": "array",
54
+ "items": { "type": "string" }
55
+ }
56
+ },
57
+ "additionalProperties": true
58
+ }
package/schemas/flow_coverage.schema.json CHANGED
@@ -1,44 +1,44 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "flow_coverage.schema.json",
4
- "title": "Flow Coverage",
5
- "type": "object",
6
- "required": ["flows"],
7
- "properties": {
8
- "flows": {
9
- "type": "array",
10
- "items": {
11
- "type": "object",
12
- "required": [
13
- "flow_id",
14
- "paths",
15
- "required_lenses",
16
- "completed_lenses",
17
- "status"
18
- ],
19
- "properties": {
20
- "flow_id": { "type": "string" },
21
- "paths": {
22
- "type": "array",
23
- "items": { "type": "string" }
24
- },
25
- "required_lenses": {
26
- "type": "array",
27
- "items": { "type": "string" }
28
- },
29
- "completed_lenses": {
30
- "type": "array",
31
- "items": { "type": "string" }
32
- },
33
- "status": { "type": "string" },
34
- "notes": {
35
- "type": "array",
36
- "items": { "type": "string" }
37
- }
38
- },
39
- "additionalProperties": true
40
- }
41
- }
42
- },
43
- "additionalProperties": true
44
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "flow_coverage.schema.json",
4
+ "title": "Flow Coverage",
5
+ "type": "object",
6
+ "required": ["flows"],
7
+ "properties": {
8
+ "flows": {
9
+ "type": "array",
10
+ "items": {
11
+ "type": "object",
12
+ "required": [
13
+ "flow_id",
14
+ "paths",
15
+ "required_lenses",
16
+ "completed_lenses",
17
+ "status"
18
+ ],
19
+ "properties": {
20
+ "flow_id": { "type": "string" },
21
+ "paths": {
22
+ "type": "array",
23
+ "items": { "type": "string" }
24
+ },
25
+ "required_lenses": {
26
+ "type": "array",
27
+ "items": { "type": "string" }
28
+ },
29
+ "completed_lenses": {
30
+ "type": "array",
31
+ "items": { "type": "string" }
32
+ },
33
+ "status": { "type": "string" },
34
+ "notes": {
35
+ "type": "array",
36
+ "items": { "type": "string" }
37
+ }
38
+ },
39
+ "additionalProperties": true
40
+ }
41
+ }
42
+ },
43
+ "additionalProperties": true
44
+ }
package/schemas/root_cause_clusters.schema.json CHANGED
@@ -17,10 +17,6 @@
17
17
  "finding_ids": {
18
18
  "type": "array",
19
19
  "items": { "type": "string" }
20
- },
21
- "recommended_actions": {
22
- "type": "array",
23
- "items": { "type": "string" }
24
20
  }
25
21
  },
26
22
  "additionalProperties": true
package/schemas/runtime_validation_report.schema.json CHANGED
@@ -1,34 +1,34 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "runtime_validation_report.schema.json",
4
- "title": "Runtime Validation Report",
5
- "type": "object",
6
- "required": ["results"],
7
- "properties": {
8
- "results": {
9
- "type": "array",
10
- "items": {
11
- "type": "object",
12
- "required": ["task_id", "status", "summary"],
13
- "properties": {
14
- "task_id": { "type": "string" },
15
- "status": {
16
- "type": "string",
17
- "enum": ["pending", "confirmed", "not_confirmed", "inconclusive"]
18
- },
19
- "summary": { "type": "string" },
20
- "evidence": {
21
- "type": "array",
22
- "items": { "type": "string" }
23
- },
24
- "notes": {
25
- "type": "array",
26
- "items": { "type": "string" }
27
- }
28
- },
29
- "additionalProperties": true
30
- }
31
- }
32
- },
33
- "additionalProperties": true
34
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "runtime_validation_report.schema.json",
4
+ "title": "Runtime Validation Report",
5
+ "type": "object",
6
+ "required": ["results"],
7
+ "properties": {
8
+ "results": {
9
+ "type": "array",
10
+ "items": {
11
+ "type": "object",
12
+ "required": ["task_id", "status", "summary"],
13
+ "properties": {
14
+ "task_id": { "type": "string" },
15
+ "status": {
16
+ "type": "string",
17
+ "enum": ["pending", "confirmed", "not_confirmed", "inconclusive"]
18
+ },
19
+ "summary": { "type": "string" },
20
+ "evidence": {
21
+ "type": "array",
22
+ "items": { "type": "string" }
23
+ },
24
+ "notes": {
25
+ "type": "array",
26
+ "items": { "type": "string" }
27
+ }
28
+ },
29
+ "additionalProperties": true
30
+ }
31
+ }
32
+ },
33
+ "additionalProperties": true
34
+ }
package/schemas/synthesis_report.schema.json CHANGED
@@ -1,61 +1,61 @@
1
- {
2
- "$schema": "https://json-schema.org/draft/2020-12/schema",
3
- "$id": "synthesis_report.schema.json",
4
- "title": "Synthesis Report",
5
- "type": "object",
6
- "required": ["summary", "merged_findings", "root_cause_clusters"],
7
- "properties": {
8
- "summary": {
9
- "type": "object",
10
- "required": [
11
- "finding_count",
12
- "cluster_count",
13
- "runtime_validation_status_breakdown"
14
- ],
15
- "properties": {
16
- "finding_count": { "type": "integer" },
17
- "cluster_count": { "type": "integer" },
18
- "runtime_validation_status_breakdown": {
19
- "type": "object",
20
- "additionalProperties": { "type": "integer" }
21
- },
22
- "notes": {
23
- "type": "array",
24
- "items": { "type": "string" }
25
- }
26
- },
27
- "additionalProperties": true
28
- },
29
- "merged_findings": {
30
- "type": "array",
31
- "items": { "$ref": "finding.schema.json" }
32
- },
33
- "root_cause_clusters": {
34
- "type": "array",
35
- "items": {
36
- "$ref": "root_cause_clusters.schema.json#/$defs/cluster"
37
- }
38
- }
39
- },
40
- "$defs": {
41
- "cluster": {
42
- "type": "object",
43
- "required": ["id", "title", "finding_ids"],
44
- "properties": {
45
- "id": { "type": "string" },
46
- "title": { "type": "string" },
47
- "summary": { "type": "string" },
48
- "finding_ids": {
49
- "type": "array",
50
- "items": { "type": "string" }
51
- },
52
- "recommended_actions": {
53
- "type": "array",
54
- "items": { "type": "string" }
55
- }
56
- },
57
- "additionalProperties": true
58
- }
59
- },
60
- "additionalProperties": true
61
- }
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "synthesis_report.schema.json",
4
+ "title": "Synthesis Report",
5
+ "type": "object",
6
+ "required": ["summary", "merged_findings", "root_cause_clusters"],
7
+ "properties": {
8
+ "summary": {
9
+ "type": "object",
10
+ "required": [
11
+ "finding_count",
12
+ "cluster_count",
13
+ "runtime_validation_status_breakdown"
14
+ ],
15
+ "properties": {
16
+ "finding_count": { "type": "integer" },
17
+ "cluster_count": { "type": "integer" },
18
+ "runtime_validation_status_breakdown": {
19
+ "type": "object",
20
+ "additionalProperties": { "type": "integer" }
21
+ },
22
+ "notes": {
23
+ "type": "array",
24
+ "items": { "type": "string" }
25
+ }
26
+ },
27
+ "additionalProperties": true
28
+ },
29
+ "merged_findings": {
30
+ "type": "array",
31
+ "items": { "$ref": "finding.schema.json" }
32
+ },
33
+ "root_cause_clusters": {
34
+ "type": "array",
35
+ "items": {
36
+ "$ref": "#/$defs/cluster"
37
+ }
38
+ }
39
+ },
40
+ "$defs": {
41
+ "cluster": {
42
+ "type": "object",
43
+ "required": ["id", "title", "finding_ids"],
44
+ "properties": {
45
+ "id": { "type": "string" },
46
+ "title": { "type": "string" },
47
+ "summary": { "type": "string" },
48
+ "finding_ids": {
49
+ "type": "array",
50
+ "items": { "type": "string" }
51
+ },
52
+ "recommended_actions": {
53
+ "type": "array",
54
+ "items": { "type": "string" }
55
+ }
56
+ },
57
+ "additionalProperties": true
58
+ }
59
+ },
60
+ "additionalProperties": true
61
+ }