auditor-lambda 0.1.0 → 0.2.2

package/README.md

@@ -78,6 +78,7 @@ This wrapper:
 - creates that directory automatically
 - auto-builds `dist/` if it is missing
 - advances fresh worker sessions automatically until the audit completes or the remaining work requires imported results or an interactive provider
+- continues through provider-assisted audit review automatically when `.audit-artifacts/session-config.json` selects an interactive provider bridge
 - emits `contract_version: "audit-code/v1alpha1"`
 - refreshes `.audit-artifacts/operator-handoff.json` and `.audit-artifacts/operator-handoff.md` with suggested evidence-import paths and continuation hints
 
@@ -145,7 +146,7 @@ The short version is:
 
 - reduce prompt-import friction in the conversation setup flow
 - make the conversation route feel more native in the first target hosts
-- improve continuation when assisted or interactive review is needed
+- polish provider-assisted continuation and failure guidance
 - finish publish and release hardening for packaged installs
 
 ## Build And Test

package/audit-code-wrapper-lib.mjs

@@ -3,7 +3,7 @@ import { constants } from 'node:fs';
 import { spawn } from 'node:child_process';
 import { dirname, join, relative, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
-
+
 const repoRoot = dirname(fileURLToPath(import.meta.url));
 const distEntry = join(repoRoot, 'dist', 'index.js');
 const packageJsonPath = join(repoRoot, 'package.json');
@@ -19,18 +19,19 @@ const INSTALL_MARKER_START = '<!-- audit-code:begin -->';
 const INSTALL_MARKER_END = '<!-- audit-code:end -->';
 const INSTALL_GUIDE_FILENAME = 'GETTING-STARTED.md';
 const DEFAULT_INSTALL_HOST = 'all';
+const INSTALLED_PROMPT_FILENAME = 'audit-code.import.md';
 const packageVersion = JSON.parse(await readFile(packageJsonPath, 'utf8')).version;
-
-function hasFlag(argv, name) {
-  return argv.includes(name);
-}
-
-function getFlag(argv, name) {
-  const index = argv.indexOf(name);
-  if (index < 0) return undefined;
-  return argv[index + 1];
-}
-
+
+function hasFlag(argv, name) {
+  return argv.includes(name);
+}
+
+function getFlag(argv, name) {
+  const index = argv.indexOf(name);
+  if (index < 0) return undefined;
+  return argv[index + 1];
+}
+
 function setDefaultFlag(argv, name, value) {
   if (!hasFlag(argv, name)) {
     argv.push(name, value);
@@ -44,11 +45,11 @@ function requireFlagValue(argv, name) {
   }
   return value;
 }
-
-function npmExecutable() {
-  return process.platform === 'win32' ? 'npm.cmd' : 'npm';
-}
-
+
+function npmExecutable() {
+  return process.platform === 'win32' ? 'npm.cmd' : 'npm';
+}
+
 function nodeExecutable() {
   return process.execPath;
 }
@@ -78,64 +79,64 @@ function run(command, args, options = {}) {
       stdio: options.capture ? ['ignore', 'pipe', 'pipe'] : 'inherit',
       env: process.env
     });
-
-    let stdout = '';
-    let stderr = '';
-
-    if (options.capture) {
-      child.stdout?.on('data', (chunk) => {
-        stdout += String(chunk);
-      });
-      child.stderr?.on('data', (chunk) => {
-        stderr += String(chunk);
-      });
-    }
-
-    child.on('error', rejectPromise);
-    child.on('exit', (code) => {
-      if (code === 0) {
-        resolvePromise({ stdout, stderr });
-        return;
-      }
-      rejectPromise(new Error(options.capture ? stderr || `Command failed with exit code ${code}.` : `Command failed with exit code ${code}.`));
-    });
-  });
-}
-
-async function sleep(ms) {
-  await new Promise((resolvePromise) => setTimeout(resolvePromise, ms));
-}
-
+
+    let stdout = '';
+    let stderr = '';
+
+    if (options.capture) {
+      child.stdout?.on('data', (chunk) => {
+        stdout += String(chunk);
+      });
+      child.stderr?.on('data', (chunk) => {
+        stderr += String(chunk);
+      });
+    }
+
+    child.on('error', rejectPromise);
+    child.on('exit', (code) => {
+      if (code === 0) {
+        resolvePromise({ stdout, stderr });
+        return;
+      }
+      rejectPromise(new Error(options.capture ? stderr || `Command failed with exit code ${code}.` : `Command failed with exit code ${code}.`));
+    });
+  });
+}
+
+async function sleep(ms) {
+  await new Promise((resolvePromise) => setTimeout(resolvePromise, ms));
+}
+
 async function fileExists(path) {
   try {
     await access(path, constants.F_OK);
     return true;
   } catch {
-    return false;
-  }
-}
-
-async function newestMtimeMs(path) {
-  const stats = await stat(path);
-  if (!stats.isDirectory()) {
-    return stats.mtimeMs;
-  }
-
-  let newest = stats.mtimeMs;
-  const entries = await readdir(path, { withFileTypes: true });
-  for (const entry of entries) {
-    const childPath = join(path, entry.name);
-    if (entry.isDirectory()) {
-      newest = Math.max(newest, await newestMtimeMs(childPath));
-      continue;
-    }
-    if (entry.isFile()) {
-      newest = Math.max(newest, (await stat(childPath)).mtimeMs);
-    }
-  }
-  return newest;
-}
-
+    return false;
+  }
+}
+
+async function newestMtimeMs(path) {
+  const stats = await stat(path);
+  if (!stats.isDirectory()) {
+    return stats.mtimeMs;
+  }
+
+  let newest = stats.mtimeMs;
+  const entries = await readdir(path, { withFileTypes: true });
+  for (const entry of entries) {
+    const childPath = join(path, entry.name);
+    if (entry.isDirectory()) {
+      newest = Math.max(newest, await newestMtimeMs(childPath));
+      continue;
+    }
+    if (entry.isFile()) {
+      newest = Math.max(newest, (await stat(childPath)).mtimeMs);
+    }
+  }
+  return newest;
+}
+
 async function shouldBuildDist() {
   if (!(await fileExists(distEntry))) {
     if (!(await fileExists(sourceRoot)) || !(await fileExists(tsconfigPath))) {
@@ -152,85 +153,85 @@ async function shouldBuildDist() {
 
   const distMtime = (await stat(distEntry)).mtimeMs;
   const sourceMtime = await newestMtimeMs(sourceRoot);
-  const tsconfigMtime = (await stat(tsconfigPath)).mtimeMs;
-  const packageJsonMtime = (await stat(packageJsonPath)).mtimeMs;
-  const newestInput = Math.max(sourceMtime, tsconfigMtime, packageJsonMtime);
-  return distMtime < newestInput;
-}
-
-async function releaseBuildLock(handle) {
-  try {
-    await handle?.close();
-  } finally {
-    await unlink(buildLockPath).catch(() => {});
-  }
-}
-
-async function waitForPeerBuild() {
-  const start = Date.now();
-
-  while (true) {
-    if (!(await fileExists(buildLockPath))) {
-      return;
-    }
-
-    if (Date.now() - start > BUILD_LOCK_WAIT_TIMEOUT_MS) {
-      throw new Error(`Timed out waiting for build lock ${buildLockPath}.`);
-    }
-
-    await sleep(BUILD_LOCK_WAIT_INTERVAL_MS);
-  }
-}
-
-async function acquireBuildLock() {
-  while (true) {
-    try {
-      const handle = await open(buildLockPath, 'wx');
-      await handle.writeFile(JSON.stringify({ pid: process.pid, acquired_at: new Date().toISOString() }));
-      return handle;
-    } catch (error) {
-      if (error && error.code === 'EEXIST') {
-        try {
-          const lockStats = await stat(buildLockPath);
-          if (Date.now() - lockStats.mtimeMs > BUILD_LOCK_MAX_AGE_MS) {
-            await unlink(buildLockPath).catch(() => {});
-            continue;
-          }
-        } catch {
-          continue;
-        }
-
-        await waitForPeerBuild();
-        if (!(await shouldBuildDist())) {
-          return null;
-        }
-        continue;
-      }
-      throw error;
-    }
-  }
-}
-
-async function ensureBuilt() {
-  if (!(await shouldBuildDist())) {
-    return;
-  }
-
-  const lockHandle = await acquireBuildLock();
-  if (!lockHandle) {
-    return;
-  }
-
-  try {
-    if (!(await shouldBuildDist())) {
-      return;
-    }
-    await run(npmExecutable(), ['run', 'build']);
-  } finally {
-    await releaseBuildLock(lockHandle);
-  }
-}
-
+  const tsconfigMtime = (await stat(tsconfigPath)).mtimeMs;
+  const packageJsonMtime = (await stat(packageJsonPath)).mtimeMs;
+  const newestInput = Math.max(sourceMtime, tsconfigMtime, packageJsonMtime);
+  return distMtime < newestInput;
+}
+
+async function releaseBuildLock(handle) {
+  try {
+    await handle?.close();
+  } finally {
+    await unlink(buildLockPath).catch(() => {});
+  }
+}
+
+async function waitForPeerBuild() {
+  const start = Date.now();
+
+  while (true) {
+    if (!(await fileExists(buildLockPath))) {
+      return;
+    }
+
+    if (Date.now() - start > BUILD_LOCK_WAIT_TIMEOUT_MS) {
+      throw new Error(`Timed out waiting for build lock ${buildLockPath}.`);
+    }
+
+    await sleep(BUILD_LOCK_WAIT_INTERVAL_MS);
+  }
+}
+
+async function acquireBuildLock() {
+  while (true) {
+    try {
+      const handle = await open(buildLockPath, 'wx');
+      await handle.writeFile(JSON.stringify({ pid: process.pid, acquired_at: new Date().toISOString() }));
+      return handle;
+    } catch (error) {
+      if (error && error.code === 'EEXIST') {
+        try {
+          const lockStats = await stat(buildLockPath);
+          if (Date.now() - lockStats.mtimeMs > BUILD_LOCK_MAX_AGE_MS) {
+            await unlink(buildLockPath).catch(() => {});
+            continue;
+          }
+        } catch {
+          continue;
+        }
+
+        await waitForPeerBuild();
+        if (!(await shouldBuildDist())) {
+          return null;
+        }
+        continue;
+      }
+      throw error;
+    }
+  }
+}
+
+async function ensureBuilt() {
+  if (!(await shouldBuildDist())) {
+    return;
+  }
+
+  const lockHandle = await acquireBuildLock();
+  if (!lockHandle) {
+    return;
+  }
+
+  try {
+    if (!(await shouldBuildDist())) {
+      return;
+    }
+    await run(npmExecutable(), ['run', 'build']);
+  } finally {
+    await releaseBuildLock(lockHandle);
+  }
+}
+
 function printHelp({ usageName, preferredEntrypoint }) {
   const lines = [
     `Usage: node ${usageName} [--single-step] [--root PATH] [--artifacts-dir PATH] [--results FILE] [--updates FILE] [--external-analyzer-results FILE]`,
@@ -246,20 +247,20 @@ function printHelp({ usageName, preferredEntrypoint }) {
     '- default behavior advances the audit automatically until it completes or no further automatic progress is possible',
     '- each wrapper response refreshes operator-handoff.json and operator-handoff.md under the artifacts directory',
     '- use --single-step only for debugging or bounded-step testing',
-    '',
-    'Defaults:',
-    '- --root .',
-    '- --artifacts-dir <root>/.audit-artifacts',
-    '',
-    'Completion signals:',
-    '- done: audit_state.status is complete',
-    '- blocked/no further automatic progress: progress_made is false and next_likely_step is null'
-  ];
-
-  if (preferredEntrypoint && preferredEntrypoint !== usageName) {
-    lines.push('', `Preferred entrypoint: node ${preferredEntrypoint}`);
-  }
-
+    '',
+    'Defaults:',
+    '- --root .',
+    '- --artifacts-dir <root>/.audit-artifacts',
+    '',
+    'Completion signals:',
+    '- done: audit_state.status is complete',
+    '- blocked/no further automatic progress: progress_made is false and next_likely_step is null'
+  ];
+
+  if (preferredEntrypoint && preferredEntrypoint !== usageName) {
+    lines.push('', `Preferred entrypoint: node ${preferredEntrypoint}`);
+  }
+
   console.log(lines.join('\n'));
 }
 
@@ -647,9 +648,10 @@ async function installBootstrap(argv) {
   await assertDirectoryExists(root, 'Target repository root');
   const profile = getInstallProfile(host);
   const promptSource = await readFile(promptAssetPath, 'utf8');
-  const skillSource = await readFile(skillAssetPath, 'utf8');
+  const skillSource = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
   const { body: promptBody } = splitFrontmatter(promptSource);
-  const installedPromptPath = join(root, '.audit-code', 'install', 'audit-code.prompt.md');
+  const installedPromptPath = join(root, '.audit-code', 'install', INSTALLED_PROMPT_FILENAME);
+  const legacyInstalledPromptPath = join(root, '.audit-code', 'install', 'audit-code.prompt.md');
   const installedSkillPath = join(root, '.audit-code', 'install', 'SKILL.md');
   const installGuidePath = join(root, '.audit-code', 'install', INSTALL_GUIDE_FILENAME);
   const slashCommandSurfaces = {
@@ -691,6 +693,9 @@ async function installBootstrap(argv) {
   });
 
   const results = [];
+  if (await fileExists(legacyInstalledPromptPath)) {
+    await unlink(legacyInstalledPromptPath).catch(() => {});
+  }
   results.push(
     await writeGeneratedMarkdown(
       installedPromptPath,
@@ -752,7 +757,7 @@ async function installBootstrap(argv) {
       await writeManagedMarkdown(
         targetPath,
         buildInstallDirective(
-          relative(dirname(targetPath), installedPromptPath) || './.audit-code/install/audit-code.prompt.md',
+          relative(dirname(targetPath), installedPromptPath) || `./.audit-code/install/${INSTALLED_PROMPT_FILENAME}`,
         ),
       ),
     );
@@ -794,6 +799,19 @@ async function installBootstrap(argv) {
     ),
   );
 
+  const sessionConfigPath = join(root, '.audit-artifacts', 'session-config.json');
+  let sessionConfigWritten = false;
+  if (!(await fileExists(sessionConfigPath))) {
+    const insideClaudeCode = Boolean(process.env.CLAUDECODE);
+    const defaultConfig = insideClaudeCode
+      ? { provider: 'local-subprocess' }
+      : { provider: 'auto' };
+    await mkdir(dirname(sessionConfigPath), { recursive: true });
+    await writeFile(sessionConfigPath, JSON.stringify(defaultConfig, null, 2) + '\n', 'utf8');
+    results.push({ path: sessionConfigPath, mode: 'created' });
+    sessionConfigWritten = true;
+  }
+
   console.log(
     JSON.stringify(
       {
@@ -852,14 +870,14 @@ export async function runAuditCodeWrapper({
   usageName,
   argv = process.argv.slice(2),
   ensureArtifactsDir = true,
-  preferredEntrypoint,
-  defaultSingleStep = false
-}) {
-  if (hasFlag(argv, '--help') || hasFlag(argv, '-h')) {
-    printHelp({ usageName, preferredEntrypoint });
-    return;
-  }
-
+  preferredEntrypoint,
+  defaultSingleStep = false
+}) {
+  if (hasFlag(argv, '--help') || hasFlag(argv, '-h')) {
+    printHelp({ usageName, preferredEntrypoint });
+    return;
+  }
+
   if (hasFlag(argv, '--version') || hasFlag(argv, '-v')) {
     console.log(packageVersion);
     return;
@@ -890,16 +908,16 @@ export async function runAuditCodeWrapper({
     wrapperArgs.push('--single-step');
   }
   const rootValue = resolve(getFlag(wrapperArgs, '--root') ?? '.');
-  const artifactsDir = resolve(getFlag(wrapperArgs, '--artifacts-dir') ?? join(rootValue, '.audit-artifacts'));
-
-  setDefaultFlag(wrapperArgs, '--root', rootValue);
-  setDefaultFlag(wrapperArgs, '--artifacts-dir', artifactsDir);
-
-  if (ensureArtifactsDir) {
-    await mkdir(artifactsDir, { recursive: true });
-  }
-
-  await ensureBuilt();
-  const command = hasFlag(wrapperArgs, '--single-step') ? 'advance-audit' : 'run-to-completion';
-  await run(nodeExecutable(), [distEntry, command, ...wrapperArgs]);
-}
+  const artifactsDir = resolve(getFlag(wrapperArgs, '--artifacts-dir') ?? join(rootValue, '.audit-artifacts'));
+
+  setDefaultFlag(wrapperArgs, '--root', rootValue);
+  setDefaultFlag(wrapperArgs, '--artifacts-dir', artifactsDir);
+
+  if (ensureArtifactsDir) {
+    await mkdir(artifactsDir, { recursive: true });
+  }
+
+  await ensureBuilt();
+  const command = hasFlag(wrapperArgs, '--single-step') ? 'advance-audit' : 'run-to-completion';
+  await run(nodeExecutable(), [distEntry, command, ...wrapperArgs]);
+}

package/dist/adapters/eslint.js

@@ -1,8 +1,10 @@
 import { normalizeGenericExternalResults } from "./normalizeExternal.js";
+const ESLINT_SEVERITY_ERROR = 2;
+const ESLINT_SEVERITY_WARNING = 1;
 function mapSeverity(value) {
-    if (value === 2)
+    if (value === ESLINT_SEVERITY_ERROR)
         return "medium";
-    if (value === 1)
+    if (value === ESLINT_SEVERITY_WARNING)
         return "low";
     return "info";
 }

package/dist/adapters/npmAudit.js

@@ -1,7 +1,7 @@
 import { normalizeGenericExternalResults } from "./normalizeExternal.js";
 export function normalizeNpmAuditJson(input) {
     return normalizeGenericExternalResults("npm-audit", Object.entries(input.vulnerabilities ?? {}).map(([pkg, vuln], index) => ({
-        id: `npm-audit-${index + 1}`,
+        id: `npm-audit-${index}`,
         category: "dependency_risk",
         severity: vuln.severity ?? "unknown",
         path: "package-lock.json",