auditor-lambda 0.1.0 → 0.2.2

package/dist/orchestrator/taskBuilder.js

@@ -1,13 +1,3 @@
-function chunkRanges(totalLines, chunkSize) {
-    const ranges = [];
-    let start = 1;
-    while (start <= totalLines) {
-        const end = Math.min(start + chunkSize - 1, totalLines);
-        ranges.push({ start, end });
-        start = end + 1;
-    }
-    return ranges;
-}
 function taskPriority(hasExternalSignal, lens) {
     if (hasExternalSignal &&
         (lens === "security" || lens === "data_integrity" || lens === "reliability")) {
@@ -47,8 +37,9 @@ function pickAnalyzerLens(category) {
         return "maintainability";
     return "correctness";
 }
+const DEFAULT_FILE_SPLIT_THRESHOLD = 3000;
 export function buildChunkedAuditTasks(unitManifest, unitLineIndex, options = {}) {
-    const chunkSize = options.chunk_size ?? 200;
+    const fileSplitThreshold = options.file_split_threshold ?? DEFAULT_FILE_SPLIT_THRESHOLD;
     const allowed = new Set(options.limit_lenses ?? []);
     const enforceLensFilter = allowed.size > 0;
     const tasks = [];
@@ -63,49 +54,50 @@ export function buildChunkedAuditTasks(unitManifest, unitLineIndex, options = {}
             if (enforceLensFilter && !allowed.has(lens)) {
                 continue;
             }
-            for (const filePath of unit.files) {
-                const hasExternalSignal = externalPaths.has(filePath);
-                const priority = taskPriority(hasExternalSignal, lens);
-                const tags = hasExternalSignal ? ["external_analyzer_signal"] : [];
-                const lineCount = unitLineIndex[filePath] ?? 0;
-                const ranges = chunkRanges(lineCount, chunkSize);
-                if (ranges.length === 0) {
-                    const id = `${unit.unit_id}:${lens}:${filePath}:full`;
-                    if (seen.has(id))
-                        continue;
-                    seen.add(id);
-                    tasks.push({
-                        task_id: id,
-                        unit_id: unit.unit_id,
-                        pass_id: `pass:${lens}`,
-                        lens,
-                        file_paths: [filePath],
-                        rationale: `Audit ${filePath} under the ${lens} lens.${hasExternalSignal ? " External analyzer signals raise priority for this path." : ""}`,
-                        priority,
-                        tags,
-                    });
-                    continue;
-                }
-                for (const range of ranges) {
-                    const id = `${unit.unit_id}:${lens}:${filePath}:${range.start}-${range.end}`;
-                    if (seen.has(id))
-                        continue;
+            const hasExternalSignal = unit.files.some((f) => externalPaths.has(f));
+            const priority = taskPriority(hasExternalSignal, lens);
+            const tags = hasExternalSignal ? ["external_analyzer_signal"] : [];
+            // Split files that are individually too large to group; everything else
+            // goes into one task so the agent can reason across file boundaries.
+            const oversizedFiles = fileSplitThreshold > 0
+                ? unit.files.filter((f) => (unitLineIndex[f] ?? 0) > fileSplitThreshold)
+                : [];
+            const normalFiles = unit.files.filter((f) => !oversizedFiles.includes(f));
+            // One task for all normal-sized files in this unit under this lens.
+            if (normalFiles.length > 0) {
+                const id = `${unit.unit_id}:${lens}`;
+                if (!seen.has(id)) {
                     seen.add(id);
                     tasks.push({
                         task_id: id,
                         unit_id: unit.unit_id,
                         pass_id: `pass:${lens}`,
                         lens,
-                        file_paths: [filePath],
-                        line_ranges: [
-                            { path: filePath, start: range.start, end: range.end },
-                        ],
-                        rationale: `Audit ${filePath} lines ${range.start}-${range.end} under the ${lens} lens.${hasExternalSignal ? " External analyzer signals raise priority for this path." : ""}`,
+                        file_paths: normalFiles,
+                        rationale: `Audit ${unit.unit_id} (${normalFiles.length} file${normalFiles.length === 1 ? "" : "s"}) under the ${lens} lens.${hasExternalSignal ? " External analyzer signals raise priority." : ""}`,
                         priority,
                         tags,
                     });
                 }
             }
+            // Oversized files each get their own task so the agent isn't overwhelmed.
+            for (const filePath of oversizedFiles) {
+                const id = `${unit.unit_id}:${lens}:${filePath}`;
+                if (seen.has(id))
+                    continue;
+                seen.add(id);
+                const fileHasSignal = externalPaths.has(filePath);
+                tasks.push({
+                    task_id: id,
+                    unit_id: unit.unit_id,
+                    pass_id: `pass:${lens}`,
+                    lens,
+                    file_paths: [filePath],
+                    rationale: `Audit ${filePath} (large file, split from unit) under the ${lens} lens.${fileHasSignal ? " External analyzer signals raise priority." : ""}`,
+                    priority: taskPriority(fileHasSignal, lens),
+                    tags: fileHasSignal ? ["external_analyzer_signal", "large_file"] : ["large_file"],
+                });
+            }
         }
     }
     return tasks.sort((a, b) => {
@@ -115,34 +107,37 @@ export function buildChunkedAuditTasks(unitManifest, unitLineIndex, options = {}
         return a.task_id.localeCompare(b.task_id);
     });
 }
-export function buildExternalSignalTasks(coverageMatrix, unitLineIndex, externalAnalyzerResults) {
+/** Strip control characters and newlines, then truncate to maxLen. */
+function sanitizeField(value, maxLen) {
+    return value.replace(/[\x00-\x1f\x7f]/g, " ").slice(0, maxLen).trimEnd();
+}
+export function buildExternalSignalTasks(coverageMatrix, _unitLineIndex, externalAnalyzerResults) {
     if (!externalAnalyzerResults) {
         return [];
     }
     const tasks = [];
     const seen = new Set();
     for (const result of externalAnalyzerResults.results) {
-        const lens = pickAnalyzerLens(result.category);
+        const safeCategory = sanitizeField(result.category, 80);
+        const safePath = sanitizeField(result.path ?? "", 260);
+        const safeSummary = sanitizeField(result.summary ?? "", 200);
+        const lens = pickAnalyzerLens(safeCategory);
         const coverage = coverageMatrix.files.find((file) => file.path === result.path);
         if (!coverage || coverage.audit_status === "excluded") {
             continue;
         }
-        const lineCount = unitLineIndex[result.path] ?? 0;
-        const id = `analyzer:${externalAnalyzerResults.tool}:${lens}:${result.path}:${result.id}`;
+        const id = `analyzer:${externalAnalyzerResults.tool}:${lens}:${safePath}:${result.id}`;
         if (seen.has(id)) {
             continue;
         }
         seen.add(id);
         tasks.push({
             task_id: id,
-            unit_id: coverage.unit_ids[0] ?? `analyzer:${result.path}`,
+            unit_id: coverage.unit_ids[0] ?? `analyzer:${safePath}`,
             pass_id: `analyzer:${externalAnalyzerResults.tool}:${lens}`,
             lens,
             file_paths: [result.path],
-            line_ranges: lineCount > 0
-                ? [{ path: result.path, start: 1, end: lineCount }]
-                : undefined,
-            rationale: `Analyzer follow-up for ${result.path} under the ${lens} lens because ${externalAnalyzerResults.tool} reported: ${result.summary}`,
+            rationale: `Analyzer follow-up for ${safePath} under the ${lens} lens because ${externalAnalyzerResults.tool} reported: ${safeSummary}`,
             priority: "high",
             tags: [
                 "external_analyzer_signal",

package/dist/prompts/renderWorkerPrompt.js

@@ -3,6 +3,39 @@ function shellQuote(arg) {
 }
 export function renderWorkerPrompt(task) {
     const command = task.worker_command.map(shellQuote).join(" ");
+    if (task.preferred_executor === "agent" && task.audit_results_path) {
+        const tasksPath = task.pending_audit_tasks_path ??
+            `${task.artifacts_dir}/audit_tasks.json`;
+        const lines = [
+            "You are executing one bounded audit task for audit-code.",
+            `Run ID: ${task.run_id}`,
+            `Repository root: ${task.repo_root}`,
+            "",
+            `Read the task file: ${tasksPath}`,
+            "It contains the task(s) assigned to this run.",
+            "",
+            "For each task:",
+            "  1. Read every file listed in file_paths in full using your file-reading tool.",
+            "     If line_ranges are present, they are a focus hint — still read the whole file.",
+            "  2. Review the content under the specified lens.",
+            "  3. Emit one AuditResult with:",
+            "       task_id, unit_id, pass_id, lens",
+            "       reviewed_ranges: [{path, start, end}] covering what you read",
+            "       findings: array (empty if nothing found)",
+            "     Each finding must include:",
+            "       id, title, category, severity, confidence, lens, summary, affected_files,",
+            "       evidence (at least one excerpt or line reference from the file you read)",
+            "     Optional finding fields: impact, likelihood, reproduction, systemic, related_findings",
+            `Write the AuditResult[] JSON array to: ${task.audit_results_path}`,
+        ];
+        if (task.skip_worker_command) {
+            lines.push("", "Stop after writing the results file.");
+        }
+        else {
+            lines.push("", "Then run this command exactly:", command, "Stop after the command completes.");
+        }
+        return lines.join("\n");
+    }
     return [
         "You are executing one bounded audit step for audit-code.",
         `Run ID: ${task.run_id}`,

package/dist/providers/claudeCodeProvider.js

@@ -7,6 +7,11 @@ export class ClaudeCodeProvider {
         this.config = config;
     }
     async launch(input) {
+        if (process.env.CLAUDECODE) {
+            throw new Error("claude-code provider cannot be used inside an active Claude Code session. " +
+                "Set provider to \"local-subprocess\" in .audit-artifacts/session-config.json, " +
+                "then run /audit-code conversationally and follow the dispatch prompts manually.");
+        }
         const prompt = await readFile(input.promptPath, "utf8");
         const command = this.config.command ?? "claude";
         const args = [

package/dist/providers/constants.d.ts

@@ -0,0 +1 @@
+export declare const LOCAL_SUBPROCESS_PROVIDER_NAME: "local-subprocess";

package/dist/providers/constants.js

@@ -0,0 +1 @@
+export const LOCAL_SUBPROCESS_PROVIDER_NAME = "local-subprocess";

package/dist/providers/index.js

@@ -28,6 +28,7 @@ export function resolveFreshSessionProviderName(name, sessionConfig = {}, option
     const env = options.env ?? process.env;
     const lookupCommand = options.commandExists ?? commandExists;
     const inVSCode = (env.TERM_PROGRAM ?? "").toLowerCase() === "vscode";
+    const insideClaudeCode = Boolean(env.CLAUDECODE);
     if (inVSCode && hasEntries(sessionConfig.vscode_task?.command_template)) {
         return "vscode-task";
     }
@@ -36,9 +37,9 @@ export function resolveFreshSessionProviderName(name, sessionConfig = {}, option
     }
     const claudeCommand = sessionConfig.claude_code?.command ?? "claude";
     const opencodeCommand = sessionConfig.opencode?.command ?? "opencode";
-    const claudeAvailable = lookupCommand(claudeCommand);
+    const claudeAvailable = !insideClaudeCode && lookupCommand(claudeCommand);
     const opencodeAvailable = lookupCommand(opencodeCommand);
-    if (hasConfiguredClaudeCode(sessionConfig) && claudeAvailable) {
+    if (!insideClaudeCode && hasConfiguredClaudeCode(sessionConfig) && claudeAvailable) {
         return "claude-code";
     }
     if (hasConfiguredOpenCode(sessionConfig) && opencodeAvailable) {
@@ -54,6 +55,12 @@ export function resolveFreshSessionProviderName(name, sessionConfig = {}, option
 }
 export function createFreshSessionProvider(name, sessionConfig = {}) {
     const providerName = resolveFreshSessionProviderName(name, sessionConfig);
+    if (providerName === "local-subprocess" &&
+        (name ?? sessionConfig.provider) === "auto") {
+        process.stderr.write("audit-code: auto provider resolved to local-subprocess — no capable agent provider detected. " +
+            "Agent tasks will require manual dispatch. Configure claude-code, opencode, or subprocess-template " +
+            "in session-config.json to automate them.\n");
+    }
     switch (providerName) {
         case "local-subprocess":
             return new LocalSubprocessProvider();

package/dist/providers/spawnLoggedCommand.js

@@ -3,6 +3,10 @@ import { spawn } from "node:child_process";
 function tee(write, chunk) {
     write.write(chunk);
 }
+// On Windows `command` must be the resolved .cmd / .exe path because `spawn`
+// does not consult PATH for executables without a shell. Callers should use
+// `platformCommand()` (scripts/smoke-packaged-audit-code.mjs) or similar to
+// supply the correct command form for the host OS.
 export async function spawnLoggedCommand(command, args, input, env) {
     return await new Promise((resolve, reject) => {
         const stdoutLog = createWriteStream(input.stdoutPath, { flags: "a" });

package/dist/reporting/mergeFindings.js

@@ -80,7 +80,6 @@ export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
                             ...analyzerEvidence,
                         ]),
                     ],
-                    remediation: [...new Set(finding.remediation ?? [])],
                     related_findings: [
                         ...new Set([...(finding.related_findings ?? []), finding.id]),
                     ],
@@ -109,12 +108,6 @@ export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
                     ...analyzerEvidence,
                 ]),
             ];
-            existing.remediation = [
-                ...new Set([
-                    ...(existing.remediation ?? []),
-                    ...(finding.remediation ?? []),
-                ]),
-            ];
             existing.related_findings = [
                 ...new Set([
                     ...(existing.related_findings ?? []),

package/dist/reporting/rootCause.d.ts

@@ -6,6 +6,5 @@ export interface RootCauseCluster {
     title: string;
     summary: string;
     finding_ids: string[];
-    recommended_actions: string[];
 }
 export declare function buildRootCauseClusters(findings: Finding[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): RootCauseCluster[];

package/dist/reporting/rootCause.js

@@ -52,17 +52,11 @@ export function buildRootCauseClusters(findings, runtimeReport, externalAnalyzer
         .map(([key, grouped], index) => {
         const highestSeverity = grouped.reduce((max, finding) => Math.max(max, severityRank(finding.severity)), 1);
         const systemicCount = grouped.filter((finding) => finding.systemic).length;
-        const uniqueRemediations = [
-            ...new Set(grouped.flatMap((finding) => finding.remediation ?? [])),
-        ].slice(0, 5);
         return {
             id: `cluster-${index + 1}`,
             title: titleForCluster(key),
             summary: `Grouped ${grouped.length} finding(s); highest severity ${highestSeverity}; systemic flags ${systemicCount}. Runtime validation status: ${runtimeSummary}. External analyzer summary: ${externalSummary}.`,
             finding_ids: grouped.map((finding) => finding.id),
-            recommended_actions: uniqueRemediations.length > 0
-                ? uniqueRemediations
-                : [`Review systemic causes behind ${titleForCluster(key)}.`],
         };
     })
         .sort((a, b) => a.title.localeCompare(b.title));

package/dist/reporting/synthesis.js

@@ -14,6 +14,23 @@ function severityBreakdown(findings) {
     }
     return breakdown;
 }
+function zeroFindingLensNotes(results) {
+    const tasksByLens = new Map();
+    const findingsByLens = new Map();
+    for (const result of results) {
+        tasksByLens.set(result.lens, (tasksByLens.get(result.lens) ?? 0) + 1);
+        findingsByLens.set(result.lens, (findingsByLens.get(result.lens) ?? 0) + result.findings.length);
+    }
+    const zeroLenses = [...tasksByLens.entries()]
+        .filter(([lens, count]) => count > 0 && (findingsByLens.get(lens) ?? 0) === 0)
+        .map(([lens]) => lens)
+        .sort();
+    if (zeroLenses.length === 0)
+        return [];
+    return [
+        `Zero findings across all reviewed tasks for lens(es): ${zeroLenses.join(", ")}. Verify these tasks were genuinely reviewed rather than batch-generated.`,
+    ];
+}
 function externalSummary(results) {
     if (!results) {
         return { tool_count: 0, result_count: 0 };
@@ -47,6 +64,7 @@ export function buildSynthesisReport(results, runtimeReport, externalAnalyzerRes
                         `External analyzer signals incorporated: ${extSummary.result_count} result(s) from ${externalAnalyzerResults?.tool}.`,
                     ]
                     : []),
+                ...zeroFindingLensNotes(results),
             ],
         },
         merged_findings,

package/dist/supervisor/operatorHandoff.d.ts

@@ -14,6 +14,7 @@ export interface AuditCodeHandoffArtifactPaths {
     audit_tasks: string | null;
     runtime_validation_tasks: string | null;
 }
+export declare const CONFIG_ERROR_BLOCKER_PREFIX = "config-error:";
 export interface AuditCodeHandoff {
     status: AuditTopLevelStatus;
     repo_root: string;
@@ -33,5 +34,6 @@ export declare function buildAuditCodeHandoff(params: {
     bundle: ArtifactBundle;
     providerName?: string | null;
     progressSummary: string;
+    isConfigError?: boolean;
 }): AuditCodeHandoff;
 export declare function writeAuditCodeHandoffArtifacts(handoff: AuditCodeHandoff): Promise<void>;

package/dist/supervisor/operatorHandoff.js

@@ -1,6 +1,8 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
 import { writeJsonFile } from "../io/json.js";
+import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "../providers/constants.js";
+export const CONFIG_ERROR_BLOCKER_PREFIX = "config-error:";
 function quoteShellPath(path) {
     return `"${path.replace(/"/g, '\\"')}"`;
 }
@@ -23,8 +25,8 @@ function buildSummary(status, providerName, fallbackSummary) {
         ? `Automatic work can continue under ${providerName}. Re-run the same wrapper or inspect the listed artifacts if you need operator context.`
         : "Automatic work can continue. Re-run the same wrapper or inspect the listed artifacts if you need operator context.";
 }
-function buildSuggestedInputs(artifactsDir, status) {
-    if (status !== "blocked") {
+function buildSuggestedInputs(artifactsDir, status, isConfigError) {
+    if (status !== "blocked" || isConfigError) {
         return [];
     }
     const incomingDir = join(artifactsDir, "incoming");
@@ -52,11 +54,14 @@ function buildSuggestedCommands(suggestedInputs, status) {
     }
     return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
 }
-function buildInteractiveProviderHint(status, providerName, sessionConfigPath) {
+function buildInteractiveProviderHint(status, providerName, sessionConfigPath, isConfigError) {
     if (status !== "blocked") {
         return null;
     }
-    const providerLabel = providerName ?? "local-subprocess";
+    if (isConfigError) {
+        return `A project configuration issue is blocking the audit. Verify that --root points to the repository root containing a project file (package.json, go.mod, etc.), then run audit-code again.`;
+    }
+    const providerLabel = providerName ?? LOCAL_SUBPROCESS_PROVIDER_NAME;
     return `Current provider is ${providerLabel}. If you want the backend to continue through an interactive provider instead of importing results manually, set "provider" in ${sessionConfigPath} to "auto", "claude-code", "opencode", "subprocess-template", or "vscode-task", then run audit-code again from the repository root.`;
 }
 function renderMarkdown(handoff) {
@@ -109,6 +114,7 @@ function renderMarkdown(handoff) {
     return lines.join("\n");
 }
 export function buildAuditCodeHandoff(params) {
+    const isConfigError = params.isConfigError ?? false;
     const incomingDir = join(params.artifactsDir, "incoming");
     const artifactPaths = {
         incoming_dir: incomingDir,
@@ -123,7 +129,7 @@ export function buildAuditCodeHandoff(params) {
             ? join(params.artifactsDir, "runtime_validation_tasks.json")
             : null,
     };
-    const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status);
+    const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status, isConfigError);
     return {
         status: params.state.status,
         repo_root: params.root,
@@ -133,12 +139,18 @@ export function buildAuditCodeHandoff(params) {
         pending_obligations: buildPendingObligations(params.state),
         suggested_inputs: suggestedInputs,
         suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status),
-        interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config),
+        interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config, isConfigError),
         artifact_paths: artifactPaths,
     };
 }
 export async function writeAuditCodeHandoffArtifacts(handoff) {
-    await mkdir(handoff.artifact_paths.incoming_dir, { recursive: true });
-    await writeJsonFile(handoff.artifact_paths.operator_handoff_json, handoff);
-    await writeFile(handoff.artifact_paths.operator_handoff_markdown, renderMarkdown(handoff), "utf8");
+    try {
+        await mkdir(handoff.artifact_paths.incoming_dir, { recursive: true });
+        await writeJsonFile(handoff.artifact_paths.operator_handoff_json, handoff);
+        await writeFile(handoff.artifact_paths.operator_handoff_markdown, renderMarkdown(handoff), "utf8");
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Failed to write operator handoff artifacts: ${message}`);
+    }
 }

package/dist/supervisor/runLedger.js

@@ -1,4 +1,4 @@
-import { readJsonFile, writeJsonFile } from "../io/json.js";
+import { isFileMissingError, readJsonFile, writeJsonFile } from "../io/json.js";
 function ledgerPath(artifactsDir) {
     return `${artifactsDir}/run-ledger.json`;
 }
@@ -6,8 +6,11 @@ export async function loadRunLedger(artifactsDir) {
     try {
         return await readJsonFile(ledgerPath(artifactsDir));
     }
-    catch {
-        return { runs: [] };
+    catch (error) {
+        if (isFileMissingError(error)) {
+            return { runs: [] };
+        }
+        throw error;
     }
 }
 export async function appendRunLedgerEntry(artifactsDir, entry) {

package/dist/supervisor/sessionConfig.js

@@ -16,6 +16,7 @@ export async function loadSessionConfig(artifactsDir) {
     const configPath = getSessionConfigPath(artifactsDir);
     const rawConfig = await readOptionalJsonFile(configPath);
     if (rawConfig === undefined) {
+        process.stderr.write(`[session-config] no session-config.json found at ${configPath}; using empty defaults\n`);
         return {};
     }
     const issues = validateSessionConfig(rawConfig);

package/dist/types/flowCoverage.d.ts

@@ -3,7 +3,7 @@ export interface FlowCoverageRecord {
     paths: string[];
     required_lenses: string[];
     completed_lenses: string[];
-    status: string;
+    status: "pending" | "partial" | "complete";
     notes?: string[];
 }
 export interface FlowCoverageManifest {

package/dist/types/runLedger.d.ts

@@ -3,7 +3,7 @@ export interface RunLedgerEntry {
     provider: string;
     obligation_id: string | null;
     selected_executor: string | null;
-    status: string;
+    status: "completed" | "blocked" | "failed" | "no_progress";
     started_at: string;
     ended_at: string;
     result_path: string;

package/dist/types/runtimeValidation.d.ts

@@ -1,6 +1,7 @@
+export type RuntimeValidationKind = "unit-risk-check" | "critical-flow-check";
 export interface RuntimeValidationTask {
     id: string;
-    kind: string;
+    kind: RuntimeValidationKind;
     target_paths: string[];
     reason: string;
     priority: "high" | "medium" | "low";

package/dist/types/sessionConfig.d.ts

@@ -24,4 +24,6 @@ export interface SessionConfig {
     claude_code?: ClaudeCodeConfig;
     opencode?: OpenCodeConfig;
     vscode_task?: VSCodeTaskConfig;
+    agent_task_batch_size?: number;
+    parallel_workers?: number;
 }

package/dist/types/surfaces.d.ts

@@ -1,6 +1,7 @@
+export type SurfaceKind = "interface" | "background";
 export interface SurfaceRecord {
     id: string;
-    kind: string;
+    kind: SurfaceKind;
     entrypoint: string;
     exposure?: string;
     methods?: string[];

package/dist/types/workerSession.d.ts

@@ -8,6 +8,10 @@ export interface WorkerTask {
     result_path: string;
     worker_command: string[];
     audit_results_path?: string;
+    pending_audit_tasks_path?: string;
     runtime_updates_path?: string;
     external_analyzer_results_path?: string;
+    skip_worker_command?: boolean;
+    timeout_ms?: number;
+    max_retries?: number;
 }

package/dist/types.d.ts

@@ -43,7 +43,6 @@ export interface CoverageFileRecord {
     audit_status: string;
     required_lenses: Lens[];
     completed_lenses: Lens[];
-    reviewed_line_ranges: ReviewedLineRange[];
 }
 export interface CoverageMatrix {
     files: CoverageFileRecord[];
@@ -82,7 +81,6 @@ export interface Finding {
     likelihood?: string;
     evidence?: string[];
     reproduction?: string[];
-    remediation?: string[];
     systemic?: boolean;
     related_findings?: string[];
 }

package/dist/validation/auditResults.d.ts

@@ -0,0 +1,11 @@
+import type { AuditResult, AuditTask } from "../types.js";
+export type IssueSeverity = "error" | "warning";
+export interface AuditResultIssue {
+    result_index: number;
+    task_id: string;
+    severity: IssueSeverity;
+    field: string;
+    message: string;
+}
+export declare function validateAuditResults(results: AuditResult[], tasks: AuditTask[]): AuditResultIssue[];
+export declare function formatAuditResultIssues(issues: AuditResultIssue[]): string;