npm - auditor-lambda - Versions diffs - 0.1.0 → 0.2.2 - Mend

auditor-lambda 0.1.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/README.md +2 -1
package/audit-code-wrapper-lib.mjs +205 -187
package/dist/adapters/eslint.js +4 -2
package/dist/adapters/npmAudit.js +1 -1
package/dist/cli.js +296 -12
package/dist/coverage.d.ts +0 -1
package/dist/coverage.js +3 -34
package/dist/extractors/bucketing.js +14 -35
package/dist/extractors/disposition.js +8 -9
package/dist/extractors/flows.js +14 -23
package/dist/extractors/pathPatterns.d.ts +19 -0
package/dist/extractors/pathPatterns.js +87 -0
package/dist/extractors/surfaces.js +2 -7
package/dist/io/artifacts.d.ts +23 -1
package/dist/io/artifacts.js +3 -1
package/dist/io/runArtifacts.js +1 -1
package/dist/orchestrator/advance.js +1 -1
package/dist/orchestrator/flowPlanning.d.ts +1 -1
package/dist/orchestrator/flowPlanning.js +21 -28
package/dist/orchestrator/internalExecutors.js +4 -7
package/dist/orchestrator/planning.js +12 -20
package/dist/orchestrator/resultIngestion.js +3 -2
package/dist/orchestrator/runtimeValidation.js +5 -0
package/dist/orchestrator/syntaxResolutionExecutor.js +10 -2
package/dist/orchestrator/taskBuilder.d.ts +7 -2
package/dist/orchestrator/taskBuilder.js +47 -52
package/dist/prompts/renderWorkerPrompt.js +33 -0
package/dist/providers/claudeCodeProvider.js +5 -0
package/dist/providers/constants.d.ts +1 -0
package/dist/providers/constants.js +1 -0
package/dist/providers/index.js +9 -2
package/dist/providers/spawnLoggedCommand.js +4 -0
package/dist/reporting/mergeFindings.js +0 -7
package/dist/reporting/rootCause.d.ts +0 -1
package/dist/reporting/rootCause.js +0 -6
package/dist/reporting/synthesis.js +18 -0
package/dist/supervisor/operatorHandoff.d.ts +2 -0
package/dist/supervisor/operatorHandoff.js +21 -9
package/dist/supervisor/runLedger.js +6 -3
package/dist/supervisor/sessionConfig.js +1 -0
package/dist/types/flowCoverage.d.ts +1 -1
package/dist/types/runLedger.d.ts +1 -1
package/dist/types/runtimeValidation.d.ts +2 -1
package/dist/types/sessionConfig.d.ts +2 -0
package/dist/types/surfaces.d.ts +2 -1
package/dist/types/workerSession.d.ts +4 -0
package/dist/types.d.ts +0 -2
package/dist/validation/auditResults.d.ts +11 -0
package/dist/validation/auditResults.js +118 -0
package/docs/agent-integrations.md +61 -56
package/docs/agent-roles.md +69 -69
package/docs/architecture.md +90 -90
package/docs/artifacts.md +69 -69
package/docs/bootstrap-install.md +1 -1
package/docs/model-selection.md +86 -86
package/docs/next-steps.md +11 -9
package/docs/packaging.md +3 -3
package/docs/pipeline.md +152 -152
package/docs/production-readiness.md +6 -5
package/docs/repo-layout.md +18 -18
package/docs/run-flow.md +5 -5
package/docs/session-config.md +216 -210
package/docs/supervisor.md +70 -70
package/docs/windows-setup.md +139 -139
package/package.json +56 -56
package/schemas/audit-code-v1alpha1.schema.json +80 -76
package/schemas/audit_result.schema.json +54 -48
package/schemas/audit_state.schema.json +2 -2
package/schemas/audit_task.schema.json +60 -49
package/schemas/blind_spot_register.schema.json +13 -3
package/schemas/coverage_matrix.schema.json +14 -17
package/schemas/critical_flows.schema.json +6 -3
package/schemas/external_analyzer_results.schema.json +10 -4
package/schemas/file_disposition.schema.json +33 -33
package/schemas/finding.schema.json +86 -62
package/schemas/flow_coverage.schema.json +53 -44
package/schemas/graph_bundle.schema.json +12 -6
package/schemas/merged_findings.schema.json +7 -2
package/schemas/risk_register.schema.json +5 -1
package/schemas/root_cause_clusters.schema.json +2 -5
package/schemas/runtime_validation_report.schema.json +34 -34
package/schemas/runtime_validation_tasks.schema.json +4 -1
package/schemas/surface_manifest.schema.json +4 -1
package/schemas/synthesis_report.schema.json +61 -61
package/schemas/unit_manifest.schema.json +10 -3
package/skills/audit-code/SKILL.md +37 -37
package/skills/audit-code/audit-code.prompt.md +54 -54

package/docs/windows-setup.md CHANGED Viewed

@@ -5,142 +5,142 @@ This document covers Windows setup for the backend fallback `audit-code` wrapper
 The canonical product route is still `/audit-code` in conversation.
 ## Simplest path
-From the target repository root in PowerShell:
-```powershell
-audit-code
-```
-This is the lowest-friction path.
-Use it with the default backend:
-```json
-{
-  "provider": "local-subprocess",
-  "ui_mode": "visible"
-}
-```
-## Claude Code on Windows
-If `claude` is on `PATH`, use:
-```json
-{
-  "provider": "claude-code",
-  "ui_mode": "visible",
-  "claude_code": {
-    "command": "claude",
-    "extra_args": []
-  }
-}
-```
-If you want to force a model:
-```json
-{
-  "provider": "claude-code",
-  "ui_mode": "visible",
-  "claude_code": {
-    "command": "claude",
-    "extra_args": ["--model", "sonnet"]
-  }
-}
-```
-## OpenCode on Windows
-If `opencode` is on `PATH`, use:
-```json
-{
-  "provider": "opencode",
-  "ui_mode": "visible",
-  "opencode": {
-    "command": "opencode",
-    "extra_args": []
-  }
-}
-```
-If you want to force a provider/model pair:
-```json
-{
-  "provider": "opencode",
-  "ui_mode": "visible",
-  "opencode": {
-    "command": "opencode",
-    "extra_args": ["--model", "anthropic/claude-sonnet-4.5"]
-  }
-}
-```
-## Generic PowerShell bridge
-When you need a provider-neutral launcher from Windows, use a PowerShell template bridge.
-Example:
-```json
-{
-  "provider": "subprocess-template",
-  "ui_mode": "visible",
-  "subprocess_template": {
-    "command_template": [
-      "pwsh",
-      "-NoProfile",
-      "-ExecutionPolicy",
-      "Bypass",
-      "-Command",
-      "& { {workerCommandShell} }"
-    ]
-  }
-}
-```
-If `pwsh` is not installed, replace it with `powershell`.
-## VS Code on Windows
-The simplest VS Code path is still the integrated terminal.
-Open the target repository in VS Code and run:
-```powershell
-audit-code
-```
-Use a `vscode-task` template only if you specifically need a task-oriented launcher boundary.
-Example:
-```json
-{
-  "provider": "vscode-task",
-  "ui_mode": "visible",
-  "vscode_task": {
-    "command_template": [
-      "pwsh",
-      "-NoProfile",
-      "-ExecutionPolicy",
-      "Bypass",
-      "-Command",
-      "& { {workerCommandShell} }"
-    ]
-  }
-}
-```
-## Antigravity on Windows
-There is no dedicated Antigravity provider adapter in this repository today.
-The recommended practical path is:
-- run `audit-code` from an Antigravity terminal
-- use `local-subprocess` first
-- move to `subprocess-template` only if a launcher bridge is actually needed
+From the target repository root in PowerShell:
+```powershell
+audit-code
+```
+This is the lowest-friction path.
+Use it with the default backend:
+```json
+{
+  "provider": "local-subprocess",
+  "ui_mode": "visible"
+}
+```
+## Claude Code on Windows
+If `claude` is on `PATH`, use:
+```json
+{
+  "provider": "claude-code",
+  "ui_mode": "visible",
+  "claude_code": {
+    "command": "claude",
+    "extra_args": []
+  }
+}
+```
+If you want to force a model:
+```json
+{
+  "provider": "claude-code",
+  "ui_mode": "visible",
+  "claude_code": {
+    "command": "claude",
+    "extra_args": ["--model", "sonnet"]
+  }
+}
+```
+## OpenCode on Windows
+If `opencode` is on `PATH`, use:
+```json
+{
+  "provider": "opencode",
+  "ui_mode": "visible",
+  "opencode": {
+    "command": "opencode",
+    "extra_args": []
+  }
+}
+```
+If you want to force a provider/model pair:
+```json
+{
+  "provider": "opencode",
+  "ui_mode": "visible",
+  "opencode": {
+    "command": "opencode",
+    "extra_args": ["--model", "anthropic/claude-sonnet-4.5"]
+  }
+}
+```
+## Generic PowerShell bridge
+When you need a provider-neutral launcher from Windows, use a PowerShell template bridge.
+Example:
+```json
+{
+  "provider": "subprocess-template",
+  "ui_mode": "visible",
+  "subprocess_template": {
+    "command_template": [
+      "pwsh",
+      "-NoProfile",
+      "-ExecutionPolicy",
+      "Bypass",
+      "-Command",
+      "& { {workerCommandShell} }"
+    ]
+  }
+}
+```
+If `pwsh` is not installed, replace it with `powershell`.
+## VS Code on Windows
+The simplest VS Code path is still the integrated terminal.
+Open the target repository in VS Code and run:
+```powershell
+audit-code
+```
+Use a `vscode-task` template only if you specifically need a task-oriented launcher boundary.
+Example:
+```json
+{
+  "provider": "vscode-task",
+  "ui_mode": "visible",
+  "vscode_task": {
+    "command_template": [
+      "pwsh",
+      "-NoProfile",
+      "-ExecutionPolicy",
+      "Bypass",
+      "-Command",
+      "& { {workerCommandShell} }"
+    ]
+  }
+}
+```
+## Antigravity on Windows
+There is no dedicated Antigravity provider adapter in this repository today.
+The recommended practical path is:
+- run `audit-code` from an Antigravity terminal
+- use `local-subprocess` first
+- move to `subprocess-template` only if a launcher bridge is actually needed

package/package.json CHANGED Viewed

@@ -1,56 +1,56 @@
-{
-  "name": "auditor-lambda",
-  "version": "0.1.0",
-  "private": false,
-  "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
-  "type": "module",
-  "bin": {
-    "audit-code": "audit-code.mjs"
-  },
-  "files": [
-    "dist/**",
-    "audit-code.mjs",
-    "audit-code-wrapper-lib.mjs",
-    "schemas/**",
-    "skills/audit-code/**",
-    "README.md",
-    "docs/**"
-  ],
-  "scripts": {
-    "build": "tsc -p tsconfig.json",
-    "check": "tsc -p tsconfig.json --noEmit",
-    "test": "npm run build && node --test tests/*.test.mjs",
-    "verify:release": "npm run check && npm test && npm run smoke:linked-audit-code && npm run smoke:packaged-audit-code",
-    "smoke:linked-audit-code": "node scripts/smoke-linked-audit-code.mjs",
-    "smoke:packaged-audit-code": "node scripts/smoke-packaged-audit-code.mjs",
-    "prepack": "npm run build",
-    "prepare": "npm run build",
-    "prepublishOnly": "npm run verify:release",
-    "start": "node dist/index.js",
-    "audit-code": "node audit-code.mjs",
-    "sample-run": "node dist/index.js sample-run"
-  },
-  "engines": {
-    "node": ">=20"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/EthanBerlant/auditor-lambda.git"
-  },
-  "homepage": "https://github.com/EthanBerlant/auditor-lambda#readme",
-  "bugs": {
-    "url": "https://github.com/EthanBerlant/auditor-lambda/issues"
-  },
-  "keywords": [
-    "audit",
-    "cli",
-    "code-audit",
-    "static-analysis",
-    "orchestration",
-    "agents"
-  ],
-  "devDependencies": {
-    "@types/node": "^24.3.0",
-    "typescript": "^5.9.2"
-  }
-}
+{
+  "name": "auditor-lambda",
+  "version": "0.2.2",
+  "private": false,
+  "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
+  "type": "module",
+  "bin": {
+    "audit-code": "audit-code.mjs"
+  },
+  "files": [
+    "dist/**",
+    "audit-code.mjs",
+    "audit-code-wrapper-lib.mjs",
+    "schemas/**",
+    "skills/audit-code/**",
+    "README.md",
+    "docs/**"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "check": "tsc -p tsconfig.json --noEmit",
+    "test": "npm run build && node --test tests/*.test.mjs",
+    "verify:release": "npm run check && npm test && npm run smoke:linked-audit-code && npm run smoke:packaged-audit-code",
+    "smoke:linked-audit-code": "node scripts/smoke-linked-audit-code.mjs",
+    "smoke:packaged-audit-code": "node scripts/smoke-packaged-audit-code.mjs",
+    "prepack": "npm run build",
+    "prepare": "npm run build",
+    "prepublishOnly": "npm run verify:release",
+    "start": "node dist/index.js",
+    "audit-code": "node audit-code.mjs",
+    "sample-run": "node dist/index.js sample-run"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/OhOkThisIsFine/auditor-lambda.git"
+  },
+  "homepage": "https://github.com/OhOkThisIsFine/auditor-lambda#readme",
+  "bugs": {
+    "url": "https://github.com/OhOkThisIsFine/auditor-lambda/issues"
+  },
+  "keywords": [
+    "audit",
+    "cli",
+    "code-audit",
+    "static-analysis",
+    "orchestration",
+    "agents"
+  ],
+  "devDependencies": {
+    "@types/node": "^24.3.0",
+    "typescript": "^5.9.2"
+  }
+}

package/schemas/audit-code-v1alpha1.schema.json CHANGED Viewed

@@ -1,79 +1,81 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "https://example.invalid/schemas/audit-code-v1alpha1.schema.json",
-  "title": "audit-code wrapper output v1alpha1",
-  "type": "object",
-  "additionalProperties": false,
-  "required": [
-    "contract_version",
-    "audit_state",
-    "selected_obligation",
-    "selected_executor",
-    "progress_made",
-    "artifacts_written",
-    "progress_summary",
-    "next_likely_step"
-  ],
-  "properties": {
-    "contract_version": {
-      "const": "audit-code/v1alpha1"
-    },
-    "audit_state": {
-      "type": "object",
-      "additionalProperties": false,
-      "required": ["status", "obligations"],
-      "properties": {
-        "status": {
-          "enum": ["not_started", "active", "blocked", "complete"]
-        },
-        "last_executor": {
-          "type": "string"
-        },
-        "last_obligation": {
-          "type": "string"
-        },
-        "blockers": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "obligations": {
-          "type": "array",
-          "items": {
-            "type": "object",
-            "additionalProperties": false,
-            "required": ["id", "state"],
-            "properties": {
-              "id": {
-                "type": "string"
-              },
-              "state": {
-                "enum": ["missing", "present", "stale", "blocked", "satisfied"]
-              },
-              "reason": {
-                "type": "string"
-              }
-            }
-          }
-        }
-      }
-    },
-    "selected_obligation": {
-      "type": ["string", "null"]
-    },
-    "selected_executor": {
-      "type": ["string", "null"]
-    },
-    "progress_made": {
-      "type": "boolean"
-    },
-    "artifacts_written": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
-    },
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://example.invalid/schemas/audit-code-v1alpha1.schema.json",
+  "title": "audit-code wrapper output v1alpha1",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "contract_version",
+    "audit_state",
+    "selected_obligation",
+    "selected_executor",
+    "progress_made",
+    "artifacts_written",
+    "progress_summary",
+    "next_likely_step"
+  ],
+  "properties": {
+    "contract_version": {
+      "const": "audit-code/v1alpha1"
+    },
+    "audit_state": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["status", "obligations"],
+      "properties": {
+        "status": {
+          "type": "string",
+          "enum": ["not_started", "active", "blocked", "complete"]
+        },
+        "last_executor": {
+          "type": "string"
+        },
+        "last_obligation": {
+          "type": "string"
+        },
+        "blockers": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "obligations": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["id", "state"],
+            "properties": {
+              "id": {
+                "type": "string"
+              },
+              "state": {
+                "type": "string",
+                "enum": ["missing", "present", "stale", "blocked", "satisfied"]
+              },
+              "reason": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      }
+    },
+    "selected_obligation": {
+      "type": ["string", "null"]
+    },
+    "selected_executor": {
+      "type": ["string", "null"]
+    },
+    "progress_made": {
+      "type": "boolean"
+    },
+    "artifacts_written": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "progress_summary": {
       "type": "string"
     },
@@ -97,6 +99,7 @@
       ],
       "properties": {
         "status": {
+          "type": "string",
           "enum": ["not_started", "active", "blocked", "complete"]
         },
         "repo_root": {
@@ -125,6 +128,7 @@
             "required": ["flag", "suggested_path", "description"],
             "properties": {
               "flag": {
+                "type": "string",
                 "enum": [
                   "--results",
                   "--updates",

package/schemas/audit_result.schema.json CHANGED Viewed

@@ -1,48 +1,54 @@
-{
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
-  "$id": "audit_result.schema.json",
-  "title": "Audit Result",
-  "type": "object",
-  "required": [
-    "task_id",
-    "unit_id",
-    "pass_id",
-    "lens",
-    "reviewed_ranges",
-    "findings"
-  ],
-  "properties": {
-    "task_id": { "type": "string" },
-    "unit_id": { "type": "string" },
-    "pass_id": { "type": "string" },
-    "lens": { "type": "string" },
-    "agent_role": { "type": "string" },
-    "reviewed_ranges": {
-      "type": "array",
-      "items": {
-        "type": "object",
-        "required": ["path", "start", "end"],
-        "properties": {
-          "path": { "type": "string" },
-          "start": { "type": "integer" },
-          "end": { "type": "integer" }
-        },
-        "additionalProperties": false
-      }
-    },
-    "findings": {
-      "type": "array",
-      "items": { "$ref": "finding.schema.json" }
-    },
-    "notes": {
-      "type": "array",
-      "items": { "type": "string" }
-    },
-    "requires_followup": { "type": "boolean" },
-    "followup_tasks": {
-      "type": "array",
-      "items": { "type": "string" }
-    }
-  },
-  "additionalProperties": true
-}
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "audit_result.schema.json",
+  "title": "Audit Result",
+  "type": "object",
+  "required": [
+    "task_id",
+    "unit_id",
+    "pass_id",
+    "lens",
+    "reviewed_ranges",
+    "findings"
+  ],
+  "$defs": {
+    "Finding": {
+      "$ref": "finding.schema.json"
+    }
+  },
+  "properties": {
+    "task_id": { "type": "string" },
+    "unit_id": { "type": "string" },
+    "pass_id": { "type": "string" },
+    "lens": { "type": "string" },
+    "agent_role": { "type": "string" },
+    "reviewed_ranges": {
+      "type": "array",
+      "minItems": 1,
+      "items": {
+        "type": "object",
+        "required": ["path", "start", "end"],
+        "properties": {
+          "path": { "type": "string" },
+          "start": { "type": "integer" },
+          "end": { "type": "integer" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "findings": {
+      "type": "array",
+      "items": { "$ref": "#/$defs/Finding" }
+    },
+    "notes": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "requires_followup": { "type": "boolean" },
+    "followup_tasks": {
+      "type": "array",
+      "items": { "type": "string" }
+    }
+  },
+  "additionalProperties": false
+}