auditor-lambda 0.1.0 → 0.2.2

package/schemas/root_cause_clusters.schema.json

@@ -16,11 +16,8 @@
           "summary": { "type": "string" },
           "finding_ids": {
             "type": "array",
-            "items": { "type": "string" }
-          },
-          "recommended_actions": {
-            "type": "array",
-            "items": { "type": "string" }
+            "items": { "type": "string" },
+            "minItems": 1
           }
         },
         "additionalProperties": true

package/schemas/runtime_validation_report.schema.json

@@ -1,34 +1,34 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "runtime_validation_report.schema.json",
-  "title": "Runtime Validation Report",
-  "type": "object",
-  "required": ["results"],
-  "properties": {
-    "results": {
-      "type": "array",
-      "items": {
-        "type": "object",
-        "required": ["task_id", "status", "summary"],
-        "properties": {
-          "task_id": { "type": "string" },
-          "status": {
-            "type": "string",
-            "enum": ["pending", "confirmed", "not_confirmed", "inconclusive"]
-          },
-          "summary": { "type": "string" },
-          "evidence": {
-            "type": "array",
-            "items": { "type": "string" }
-          },
-          "notes": {
-            "type": "array",
-            "items": { "type": "string" }
-          }
-        },
-        "additionalProperties": true
-      }
-    }
-  },
-  "additionalProperties": true
-}
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "runtime_validation_report.schema.json",
+  "title": "Runtime Validation Report",
+  "type": "object",
+  "required": ["results"],
+  "properties": {
+    "results": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["task_id", "status", "summary"],
+        "properties": {
+          "task_id": { "type": "string" },
+          "status": {
+            "type": "string",
+            "enum": ["pending", "confirmed", "not_confirmed", "inconclusive"]
+          },
+          "summary": { "type": "string" },
+          "evidence": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "notes": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/runtime_validation_tasks.schema.json

@@ -12,7 +12,10 @@
         "required": ["id", "kind", "target_paths", "reason", "priority"],
         "properties": {
           "id": { "type": "string" },
-          "kind": { "type": "string" },
+          "kind": {
+            "type": "string",
+            "enum": ["unit-risk-check", "critical-flow-check"]
+          },
           "target_paths": {
             "type": "array",
             "items": { "type": "string" }

package/schemas/surface_manifest.schema.json

@@ -12,7 +12,10 @@
         "required": ["id", "kind", "entrypoint"],
         "properties": {
           "id": { "type": "string" },
-          "kind": { "type": "string" },
+          "kind": {
+            "type": "string",
+            "enum": ["interface", "background"]
+          },
           "entrypoint": { "type": "string" },
           "exposure": { "type": "string" },
           "methods": {

package/schemas/synthesis_report.schema.json

@@ -1,61 +1,61 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "synthesis_report.schema.json",
-  "title": "Synthesis Report",
-  "type": "object",
-  "required": ["summary", "merged_findings", "root_cause_clusters"],
-  "properties": {
-    "summary": {
-      "type": "object",
-      "required": [
-        "finding_count",
-        "cluster_count",
-        "runtime_validation_status_breakdown"
-      ],
-      "properties": {
-        "finding_count": { "type": "integer" },
-        "cluster_count": { "type": "integer" },
-        "runtime_validation_status_breakdown": {
-          "type": "object",
-          "additionalProperties": { "type": "integer" }
-        },
-        "notes": {
-          "type": "array",
-          "items": { "type": "string" }
-        }
-      },
-      "additionalProperties": true
-    },
-    "merged_findings": {
-      "type": "array",
-      "items": { "$ref": "finding.schema.json" }
-    },
-    "root_cause_clusters": {
-      "type": "array",
-      "items": {
-        "$ref": "root_cause_clusters.schema.json#/$defs/cluster"
-      }
-    }
-  },
-  "$defs": {
-    "cluster": {
-      "type": "object",
-      "required": ["id", "title", "finding_ids"],
-      "properties": {
-        "id": { "type": "string" },
-        "title": { "type": "string" },
-        "summary": { "type": "string" },
-        "finding_ids": {
-          "type": "array",
-          "items": { "type": "string" }
-        },
-        "recommended_actions": {
-          "type": "array",
-          "items": { "type": "string" }
-        }
-      },
-      "additionalProperties": true
-    }
-  },
-  "additionalProperties": true
-}
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "synthesis_report.schema.json",
+  "title": "Synthesis Report",
+  "type": "object",
+  "required": ["summary", "merged_findings", "root_cause_clusters"],
+  "properties": {
+    "summary": {
+      "type": "object",
+      "required": [
+        "finding_count",
+        "cluster_count",
+        "runtime_validation_status_breakdown"
+      ],
+      "properties": {
+        "finding_count": { "type": "integer" },
+        "cluster_count": { "type": "integer" },
+        "runtime_validation_status_breakdown": {
+          "type": "object",
+          "additionalProperties": { "type": "integer" }
+        },
+        "notes": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      },
+      "additionalProperties": true
+    },
+    "merged_findings": {
+      "type": "array",
+      "items": { "$ref": "finding.schema.json" }
+    },
+    "root_cause_clusters": {
+      "type": "array",
+      "items": {
+        "$ref": "#/$defs/cluster"
+      }
+    }
+  },
+  "$defs": {
+    "cluster": {
+      "type": "object",
+      "required": ["id", "title", "finding_ids"],
+      "properties": {
+        "id": { "type": "string" },
+        "title": { "type": "string" },
+        "summary": { "type": "string" },
+        "finding_ids": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "recommended_actions": {
+          "type": "array",
+          "items": { "type": "string" }
+        }
+      },
+      "additionalProperties": true
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/unit_manifest.schema.json

@@ -16,12 +16,19 @@
           "kind": { "type": "string" },
           "files": {
             "type": "array",
-            "items": { "type": "string" }
+            "items": { "type": "string" },
+            "minItems": 1
+          },
+          "risk_score": {
+            "type": "number",
+            "minimum": 0
           },
-          "risk_score": { "type": "number" },
           "required_lenses": {
             "type": "array",
-            "items": { "type": "string" }
+            "items": {
+              "type": "string",
+              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
+            }
           },
           "critical_flows": {
             "type": "array",

package/skills/audit-code/SKILL.md

@@ -4,51 +4,51 @@ description: Conversation-first autonomous code auditing workflow for the /audit
 ---
 
 # audit-code skill
-
-The canonical entrypoint is `/audit-code` in conversation.
-
-This skill should be treated as a conversational product surface first.
-
-## Primary contract
-
+
+The canonical entrypoint is `/audit-code` in conversation.
+
+This skill should be treated as a conversational product surface first.
+
+## Primary contract
+
 Normal usage should:
 
 - run from conversation, not from manual shell arguments
 - avoid manual paths, provider flags, and model-selection arguments
 - advance the audit automatically until it completes or no further automatic progress is possible
-
-Bounded steps are a backend implementation detail, not the intended user experience.
-
-## Embedded Prompt Payload
-
-For IDE-based LLMs (Antigravity, Copilot, Cursor), you can initialize the skill natively by importing the prompt payload defined in `audit-code.prompt.md`.
-This provides the LLM an exact instruction set required to natively intercept the state machine blocking phases securely and assume the responsibilities of the execution "worker".
-
-## Repo-local fallback
-
-The repository still exposes a backend CLI wrapper:
-
-```bash
-audit-code
-```
-
-from the target repository root.
-
-Debug one-step mode:
-
-```bash
-audit-code --single-step
-```
-
-## Backend mode note
-
+
+Bounded steps are a backend implementation detail, not the intended user experience.
+
+## Embedded Prompt Payload
+
+For IDE-based LLMs (Antigravity, Copilot, Cursor), you can initialize the skill natively by importing the prompt payload defined in `audit-code.prompt.md`.
+This provides the LLM an exact instruction set required to natively intercept the state machine blocking phases securely and assume the responsibilities of the execution "worker".
+
+## Repo-local fallback
+
+The repository still exposes a backend CLI wrapper:
+
+```bash
+audit-code
+```
+
+from the target repository root.
+
+Debug one-step mode:
+
+```bash
+audit-code --single-step
+```
+
+## Backend mode note
+
 For repo-local backend usage:
 
 - omitted provider remains `local-subprocess`
 - `local-subprocess` should stop cleanly once only manual or provider-assisted review remains
 - `provider: "auto"` is the explicit opt-in best-effort routing mode
 - explicit provider names remain available when an operator wants a specific backend
-
-## Development rule
-
-Prefer the skill-first conversational contract over the CLI-first backend shape.
+
+## Development rule
+
+Prefer the skill-first conversational contract over the CLI-first backend shape.

package/skills/audit-code/audit-code.prompt.md

@@ -1,17 +1,17 @@
----
-name: Code Auditing Skill
-command: /audit-code
-description: Autonomous local loop code auditing
----
-
-# `/audit-code` Execution Directive
-
-**SYSTEM DIRECTIVE:** When the user enters `/audit-code` in the chat, you are to assume the role of an autonomous code auditor. You are no longer just a conversational assistant; you must use your local terminal and file-editing tools to act as the "LLM Thinking Worker" for the `auditor-lambda` framework.
-
-Follow this execution loop rigidly:
-
-## Step 1: Step the Orchestrator
-
+---
+name: Code Auditing Skill
+command: /audit-code
+description: Autonomous local loop code auditing
+---
+
+# `/audit-code` Execution Directive
+
+**SYSTEM DIRECTIVE:** When the user enters `/audit-code` in the chat, you are to assume the role of an autonomous code auditor. You are no longer just a conversational assistant; you must use your local terminal and file-editing tools to act as the "LLM Thinking Worker" for the `auditor-lambda` framework.
+
+Follow this execution loop rigidly:
+
+## Step 1: Step the Orchestrator
+
 To move the state machine forward, execute the backend framework using your terminal tool:
 
 ```bash
@@ -19,48 +19,48 @@ audit-code
 ```
 
 _(If the wrapper is only available as a package dependency in the current repository, `npx audit-code` is equivalent. If developing locally against this repository, run `node audit-code.mjs`.)_
-
-## Step 2: Handle Blockages (The "Thinking" Phase)
-
-Read the JSON output from the terminal.
-If the top-level status is `"blocked"`, it means the orchestrator needs your LLM "thinking" capabilities to evaluate code logic.
-
-To determine what task you have been assigned, use your file-reading tool to inspect:
-
-- `.audit-artifacts/dispatch/current-task.json`
-- `.audit-artifacts/dispatch/current-prompt.md`
-
-## Step 3: Audit the Code natively
-
-1. Read the specific goals and coverage rules laid out in `current-prompt.md`.
-2. Use your file-reading tool to examine the specific source code files mentioned.
-3. Critically analyze the codebase. Use your deepest reasoning capabilities (e.g., chain of thought) to discover defects, logic errors, or systemic architectural issues requested in the prompt.
-
-## Step 4: Write the Findings
-
-Produce your findings array matching exactly the `AuditResult` JSON schema described in the prompt.
-Do not use `echo` or generic terminal shell strings for large JSON structures to avoid breaking JSON escaping. Instead, use your raw **File Edit Tool** to reliably save your results entirely to:
-`.audit-artifacts/worker_results_pending.json`
-
-## Step 5: Feed the Loop
-
+
+## Step 2: Handle Blockages (The "Thinking" Phase)
+
+Read the JSON output from the terminal.
+If the top-level status is `"blocked"`, it means the orchestrator needs your LLM "thinking" capabilities to evaluate code logic.
+
+To determine what task you have been assigned, use your file-reading tool to inspect:
+
+- `.audit-artifacts/dispatch/current-task.json`
+- `.audit-artifacts/dispatch/current-prompt.md`
+
+## Step 3: Audit the Code natively
+
+1. Read the specific goals and coverage rules laid out in `current-prompt.md`.
+2. Use your file-reading tool to examine the specific source code files mentioned.
+3. Critically analyze the codebase. Use your deepest reasoning capabilities (e.g., chain of thought) to discover defects, logic errors, or systemic architectural issues requested in the prompt.
+
+## Step 4: Write the Findings
+
+Produce your findings array matching exactly the `AuditResult` JSON schema described in the prompt.
+Do not use `echo` or generic terminal shell strings for large JSON structures to avoid breaking JSON escaping. Instead, use your raw **File Edit Tool** to reliably save your results entirely to:
+`.audit-artifacts/worker_results_pending.json`
+
+## Step 5: Feed the Loop
+
 Return your results to the state machine by running the ingestion command in the terminal:
 
 ```bash
 audit-code --results .audit-artifacts/worker_results_pending.json
 ```
-
-## Step 6: Loop or Terminate
-
-Continue repeating Steps 1 through 5 as necessary. The state machine will iterate through structuring, planning, and tasking.
-
-**You must stop the loop when the terminal output has `"status": "complete"`.**
-
-## Step 7: Presentation
-
-Once the audit is officially complete, DO NOT run the orchestrator again.
-Instead, use your file reading tool to consume:
-
-- `.audit-artifacts/synthesis_report.json`
-
-Finally, read these synthesis findings and present them back to the user in a polished, highly readable **Markdown Summary Table** directly in the chat panel. Wait for the user to ask you to begin resolving or patching the root_cause_clusters you discovered.
+
+## Step 6: Loop or Terminate
+
+Continue repeating Steps 1 through 5 as necessary. The state machine will iterate through structuring, planning, and tasking.
+
+**You must stop the loop when the terminal output has `"status": "complete"`.**
+
+## Step 7: Presentation
+
+Once the audit is officially complete, DO NOT run the orchestrator again.
+Instead, use your file reading tool to consume:
+
+- `.audit-artifacts/synthesis_report.json`
+
+Finally, read these synthesis findings and present them back to the user in a polished, highly readable **Markdown Summary Table** directly in the chat panel. Wait for the user to ask you to begin resolving or patching the root_cause_clusters you discovered.