auditor-lambda 0.1.0

package/dist/providers/vscodeTaskProvider.d.ts

@@ -0,0 +1,8 @@
+import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
+import type { VSCodeTaskConfig } from "../types/sessionConfig.js";
+export declare class VSCodeTaskProvider implements FreshSessionProvider {
+    name: string;
+    private readonly delegate;
+    constructor(config: VSCodeTaskConfig);
+    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+}

package/dist/providers/vscodeTaskProvider.js

@@ -0,0 +1,14 @@
+import { SubprocessTemplateProvider } from "./subprocessTemplateProvider.js";
+export class VSCodeTaskProvider {
+    name = "vscode-task";
+    delegate;
+    constructor(config) {
+        this.delegate = new SubprocessTemplateProvider({
+            command_template: config.command_template,
+            env: config.env,
+        }, "vscode-task");
+    }
+    async launch(input) {
+        return await this.delegate.launch(input);
+    }
+}

package/dist/reporting/mergeFindings.d.ts

@@ -0,0 +1,4 @@
+import type { AuditResult, Finding } from "../types.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
+export declare function mergeFindings(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): Finding[];

package/dist/reporting/mergeFindings.js

@@ -0,0 +1,136 @@
+function normalizeText(value) {
+    return (value ?? "").trim().toLowerCase();
+}
+function primaryPath(finding) {
+    return finding.affected_files[0]?.path ?? "";
+}
+function findingKey(finding) {
+    return [
+        normalizeText(finding.lens),
+        normalizeText(finding.category),
+        normalizeText(finding.title),
+        primaryPath(finding),
+        String(finding.affected_files[0]?.line_start ?? ""),
+        String(finding.affected_files[0]?.line_end ?? ""),
+    ].join("|");
+}
+function severityRank(severity) {
+    switch (severity) {
+        case "critical":
+            return 5;
+        case "high":
+            return 4;
+        case "medium":
+            return 3;
+        case "low":
+            return 2;
+        case "info":
+            return 1;
+    }
+}
+function confidenceRank(confidence) {
+    switch (confidence) {
+        case "high":
+            return 3;
+        case "medium":
+            return 2;
+        case "low":
+            return 1;
+    }
+}
+function runtimeSummary(report) {
+    if (!report) {
+        return [];
+    }
+    return report.results.map((result) => `${result.task_id}: ${result.status} — ${result.summary}`);
+}
+function externalSummary(results) {
+    if (!results) {
+        return [];
+    }
+    return results.results.map((item) => `external:${results.tool}:${item.path}:${item.summary}`);
+}
+function mergeAffectedFiles(existing, incoming) {
+    const seen = new Set(existing.affected_files.map((f) => `${f.path}:${f.line_start ?? ""}:${f.line_end ?? ""}:${f.symbol ?? ""}`));
+    for (const file of incoming.affected_files) {
+        const key = `${file.path}:${file.line_start ?? ""}:${file.line_end ?? ""}:${file.symbol ?? ""}`;
+        if (!seen.has(key)) {
+            existing.affected_files.push(file);
+            seen.add(key);
+        }
+    }
+    existing.affected_files.sort((a, b) => a.path.localeCompare(b.path) || (a.line_start ?? 0) - (b.line_start ?? 0));
+}
+export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
+    const merged = new Map();
+    const runtimeEvidence = runtimeSummary(runtimeReport);
+    const analyzerEvidence = externalSummary(externalAnalyzerResults);
+    for (const result of results) {
+        for (const finding of result.findings) {
+            const key = findingKey(finding);
+            const existing = merged.get(key);
+            if (!existing) {
+                merged.set(key, {
+                    ...finding,
+                    affected_files: [...finding.affected_files],
+                    evidence: [
+                        ...new Set([
+                            ...(finding.evidence ?? []),
+                            ...runtimeEvidence,
+                            ...analyzerEvidence,
+                        ]),
+                    ],
+                    remediation: [...new Set(finding.remediation ?? [])],
+                    related_findings: [
+                        ...new Set([...(finding.related_findings ?? []), finding.id]),
+                    ],
+                });
+                continue;
+            }
+            if (severityRank(finding.severity) > severityRank(existing.severity)) {
+                existing.severity = finding.severity;
+            }
+            if (confidenceRank(finding.confidence) > confidenceRank(existing.confidence)) {
+                existing.confidence = finding.confidence;
+            }
+            existing.systemic = Boolean(existing.systemic || finding.systemic);
+            existing.impact = existing.impact ?? finding.impact;
+            existing.likelihood = existing.likelihood ?? finding.likelihood;
+            existing.summary =
+                existing.summary.length >= finding.summary.length
+                    ? existing.summary
+                    : finding.summary;
+            mergeAffectedFiles(existing, finding);
+            existing.evidence = [
+                ...new Set([
+                    ...(existing.evidence ?? []),
+                    ...(finding.evidence ?? []),
+                    ...runtimeEvidence,
+                    ...analyzerEvidence,
+                ]),
+            ];
+            existing.remediation = [
+                ...new Set([
+                    ...(existing.remediation ?? []),
+                    ...(finding.remediation ?? []),
+                ]),
+            ];
+            existing.related_findings = [
+                ...new Set([
+                    ...(existing.related_findings ?? []),
+                    ...(finding.related_findings ?? []),
+                    finding.id,
+                ]),
+            ];
+        }
+    }
+    return [...merged.values()].sort((a, b) => {
+        const severityDelta = severityRank(b.severity) - severityRank(a.severity);
+        if (severityDelta !== 0)
+            return severityDelta;
+        const confidenceDelta = confidenceRank(b.confidence) - confidenceRank(a.confidence);
+        if (confidenceDelta !== 0)
+            return confidenceDelta;
+        return a.title.localeCompare(b.title);
+    });
+}

package/dist/reporting/rootCause.d.ts

@@ -0,0 +1,11 @@
+import type { Finding } from "../types.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
+export interface RootCauseCluster {
+    id: string;
+    title: string;
+    summary: string;
+    finding_ids: string[];
+    recommended_actions: string[];
+}
+export declare function buildRootCauseClusters(findings: Finding[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): RootCauseCluster[];

package/dist/reporting/rootCause.js

@@ -0,0 +1,69 @@
+function severityRank(severity) {
+    switch (severity) {
+        case "critical":
+            return 5;
+        case "high":
+            return 4;
+        case "medium":
+            return 3;
+        case "low":
+            return 2;
+        case "info":
+            return 1;
+    }
+}
+function summarizeRuntime(report) {
+    if (!report) {
+        return "No runtime validation evidence attached.";
+    }
+    const counts = new Map();
+    for (const result of report.results) {
+        counts.set(result.status, (counts.get(result.status) ?? 0) + 1);
+    }
+    return [...counts.entries()]
+        .map(([status, count]) => `${status}:${count}`)
+        .join(", ");
+}
+function summarizeExternal(results) {
+    if (!results)
+        return "No external analyzer signals attached.";
+    return `${results.tool}:${results.results.length}`;
+}
+function clusterKey(finding) {
+    const primaryPath = finding.affected_files[0]?.path ?? "";
+    const pathPrefix = primaryPath.split("/").slice(0, 2).join("/");
+    return `${finding.lens}:${finding.category}:${pathPrefix}`;
+}
+function titleForCluster(key) {
+    const [lens, category, scope] = key.split(":");
+    return `${lens}/${category}${scope ? ` in ${scope}` : ""}`;
+}
+export function buildRootCauseClusters(findings, runtimeReport, externalAnalyzerResults) {
+    const groups = new Map();
+    for (const finding of findings) {
+        const key = clusterKey(finding);
+        const existing = groups.get(key) ?? [];
+        existing.push(finding);
+        groups.set(key, existing);
+    }
+    const runtimeSummary = summarizeRuntime(runtimeReport);
+    const externalSummary = summarizeExternal(externalAnalyzerResults);
+    return [...groups.entries()]
+        .map(([key, grouped], index) => {
+        const highestSeverity = grouped.reduce((max, finding) => Math.max(max, severityRank(finding.severity)), 1);
+        const systemicCount = grouped.filter((finding) => finding.systemic).length;
+        const uniqueRemediations = [
+            ...new Set(grouped.flatMap((finding) => finding.remediation ?? [])),
+        ].slice(0, 5);
+        return {
+            id: `cluster-${index + 1}`,
+            title: titleForCluster(key),
+            summary: `Grouped ${grouped.length} finding(s); highest severity ${highestSeverity}; systemic flags ${systemicCount}. Runtime validation status: ${runtimeSummary}. External analyzer summary: ${externalSummary}.`,
+            finding_ids: grouped.map((finding) => finding.id),
+            recommended_actions: uniqueRemediations.length > 0
+                ? uniqueRemediations
+                : [`Review systemic causes behind ${titleForCluster(key)}.`],
+        };
+    })
+        .sort((a, b) => a.title.localeCompare(b.title));
+}

package/dist/reporting/synthesis.d.ts

@@ -0,0 +1,21 @@
+import type { AuditResult } from "../types.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
+import { mergeFindings } from "./mergeFindings.js";
+import { buildRootCauseClusters } from "./rootCause.js";
+export interface SynthesisReport {
+    summary: {
+        finding_count: number;
+        cluster_count: number;
+        runtime_validation_status_breakdown: Record<string, number>;
+        notes: string[];
+        severity_breakdown: Record<string, number>;
+        external_analyzer_summary: {
+            tool_count: number;
+            result_count: number;
+        };
+    };
+    merged_findings: ReturnType<typeof mergeFindings>;
+    root_cause_clusters: ReturnType<typeof buildRootCauseClusters>;
+}
+export declare function buildSynthesisReport(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): SynthesisReport;

package/dist/reporting/synthesis.js

@@ -0,0 +1,55 @@
+import { mergeFindings } from "./mergeFindings.js";
+import { buildRootCauseClusters } from "./rootCause.js";
+function statusBreakdown(report) {
+    const breakdown = {};
+    for (const result of report?.results ?? []) {
+        breakdown[result.status] = (breakdown[result.status] ?? 0) + 1;
+    }
+    return breakdown;
+}
+function severityBreakdown(findings) {
+    const breakdown = {};
+    for (const finding of findings) {
+        breakdown[finding.severity] = (breakdown[finding.severity] ?? 0) + 1;
+    }
+    return breakdown;
+}
+function externalSummary(results) {
+    if (!results) {
+        return { tool_count: 0, result_count: 0 };
+    }
+    return {
+        tool_count: results.tool ? 1 : 0,
+        result_count: results.results.length,
+    };
+}
+export function buildSynthesisReport(results, runtimeReport, externalAnalyzerResults) {
+    const merged_findings = mergeFindings(results, runtimeReport, externalAnalyzerResults);
+    const root_cause_clusters = buildRootCauseClusters(merged_findings, runtimeReport, externalAnalyzerResults);
+    const runtimeBreakdown = statusBreakdown(runtimeReport);
+    const sevBreakdown = severityBreakdown(merged_findings);
+    const extSummary = externalSummary(externalAnalyzerResults);
+    return {
+        summary: {
+            finding_count: merged_findings.length,
+            cluster_count: root_cause_clusters.length,
+            runtime_validation_status_breakdown: runtimeBreakdown,
+            severity_breakdown: sevBreakdown,
+            external_analyzer_summary: extSummary,
+            notes: [
+                ...(Object.keys(runtimeBreakdown).length === 0
+                    ? ["No runtime validation evidence attached."]
+                    : [
+                        "Runtime validation evidence has been incorporated into synthesis.",
+                    ]),
+                ...(extSummary.result_count > 0
+                    ? [
+                        `External analyzer signals incorporated: ${extSummary.result_count} result(s) from ${externalAnalyzerResults?.tool}.`,
+                    ]
+                    : []),
+            ],
+        },
+        merged_findings,
+        root_cause_clusters,
+    };
+}

package/dist/supervisor/operatorHandoff.d.ts

@@ -0,0 +1,37 @@
+import type { ArtifactBundle } from "../io/artifacts.js";
+import type { AuditState, AuditTopLevelStatus } from "../types/auditState.js";
+export interface AuditCodeHandoffInput {
+    flag: "--results" | "--updates" | "--external-analyzer-results";
+    suggested_path: string;
+    description: string;
+}
+export interface AuditCodeHandoffArtifactPaths {
+    incoming_dir: string;
+    operator_handoff_json: string;
+    operator_handoff_markdown: string;
+    session_config: string;
+    run_ledger: string;
+    audit_tasks: string | null;
+    runtime_validation_tasks: string | null;
+}
+export interface AuditCodeHandoff {
+    status: AuditTopLevelStatus;
+    repo_root: string;
+    artifacts_dir: string;
+    provider: string | null;
+    summary: string;
+    pending_obligations: string[];
+    suggested_inputs: AuditCodeHandoffInput[];
+    suggested_commands: string[];
+    interactive_provider_hint: string | null;
+    artifact_paths: AuditCodeHandoffArtifactPaths;
+}
+export declare function buildAuditCodeHandoff(params: {
+    root: string;
+    artifactsDir: string;
+    state: AuditState;
+    bundle: ArtifactBundle;
+    providerName?: string | null;
+    progressSummary: string;
+}): AuditCodeHandoff;
+export declare function writeAuditCodeHandoffArtifacts(handoff: AuditCodeHandoff): Promise<void>;

package/dist/supervisor/operatorHandoff.js

@@ -0,0 +1,144 @@
+import { mkdir, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { writeJsonFile } from "../io/json.js";
+function quoteShellPath(path) {
+    return `"${path.replace(/"/g, '\\"')}"`;
+}
+function buildPendingObligations(state) {
+    return state.obligations
+        .filter((item) => item.state !== "satisfied" && item.state !== "present")
+        .map((item) => item.id);
+}
+function buildSummary(status, providerName, fallbackSummary) {
+    if (status === "complete") {
+        return "No operator handoff is required. All known obligations are currently satisfied.";
+    }
+    if (status === "blocked") {
+        return fallbackSummary;
+    }
+    if (status === "not_started") {
+        return "The artifact bundle is not initialized yet. Run the wrapper from the repository root to create the initial audit artifacts.";
+    }
+    return providerName
+        ? `Automatic work can continue under ${providerName}. Re-run the same wrapper or inspect the listed artifacts if you need operator context.`
+        : "Automatic work can continue. Re-run the same wrapper or inspect the listed artifacts if you need operator context.";
+}
+function buildSuggestedInputs(artifactsDir, status) {
+    if (status !== "blocked") {
+        return [];
+    }
+    const incomingDir = join(artifactsDir, "incoming");
+    return [
+        {
+            flag: "--results",
+            suggested_path: join(incomingDir, "audit-results.json"),
+            description: "Import structured audit-review results after manual or provider-assisted review finishes.",
+        },
+        {
+            flag: "--updates",
+            suggested_path: join(incomingDir, "runtime-validation-updates.json"),
+            description: "Merge runtime validation evidence updates gathered outside the wrapper.",
+        },
+        {
+            flag: "--external-analyzer-results",
+            suggested_path: join(incomingDir, "external-analyzer-results.json"),
+            description: "Import normalized external analyzer results such as Semgrep findings.",
+        },
+    ];
+}
+function buildSuggestedCommands(suggestedInputs, status) {
+    if (status !== "blocked") {
+        return [];
+    }
+    return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
+}
+function buildInteractiveProviderHint(status, providerName, sessionConfigPath) {
+    if (status !== "blocked") {
+        return null;
+    }
+    const providerLabel = providerName ?? "local-subprocess";
+    return `Current provider is ${providerLabel}. If you want the backend to continue through an interactive provider instead of importing results manually, set "provider" in ${sessionConfigPath} to "auto", "claude-code", "opencode", "subprocess-template", or "vscode-task", then run audit-code again from the repository root.`;
+}
+function renderMarkdown(handoff) {
+    const lines = [
+        "# audit-code operator handoff",
+        "",
+        `Status: ${handoff.status}`,
+        `Provider: ${handoff.provider ?? "n/a"}`,
+        `Repo root: ${handoff.repo_root}`,
+        `Artifacts dir: ${handoff.artifacts_dir}`,
+        "",
+        `Summary: ${handoff.summary}`,
+        "",
+        "Pending obligations:",
+    ];
+    if (handoff.pending_obligations.length === 0) {
+        lines.push("- none");
+    }
+    else {
+        for (const obligation of handoff.pending_obligations) {
+            lines.push(`- ${obligation}`);
+        }
+    }
+    lines.push("", "Useful artifact paths:");
+    lines.push(`- operator handoff json: ${handoff.artifact_paths.operator_handoff_json}`);
+    lines.push(`- operator handoff markdown: ${handoff.artifact_paths.operator_handoff_markdown}`);
+    lines.push(`- incoming dir: ${handoff.artifact_paths.incoming_dir}`);
+    lines.push(`- session config: ${handoff.artifact_paths.session_config}`);
+    lines.push(`- run ledger: ${handoff.artifact_paths.run_ledger}`);
+    lines.push(`- audit tasks: ${handoff.artifact_paths.audit_tasks ?? "not available yet"}`);
+    lines.push(`- runtime validation tasks: ${handoff.artifact_paths.runtime_validation_tasks ?? "not available yet"}`);
+    if (handoff.suggested_inputs.length > 0) {
+        lines.push("", "Suggested evidence inputs:");
+        for (const item of handoff.suggested_inputs) {
+            lines.push(`- ${item.flag} -> ${item.suggested_path}`);
+            lines.push(`  ${item.description}`);
+        }
+    }
+    if (handoff.suggested_commands.length > 0) {
+        lines.push("", "Suggested commands:");
+        for (const command of handoff.suggested_commands) {
+            lines.push(`- ${command}`);
+        }
+    }
+    if (handoff.interactive_provider_hint) {
+        lines.push("", "Interactive provider hint:");
+        lines.push(`- ${handoff.interactive_provider_hint}`);
+    }
+    lines.push("");
+    return lines.join("\n");
+}
+export function buildAuditCodeHandoff(params) {
+    const incomingDir = join(params.artifactsDir, "incoming");
+    const artifactPaths = {
+        incoming_dir: incomingDir,
+        operator_handoff_json: join(params.artifactsDir, "operator-handoff.json"),
+        operator_handoff_markdown: join(params.artifactsDir, "operator-handoff.md"),
+        session_config: join(params.artifactsDir, "session-config.json"),
+        run_ledger: join(params.artifactsDir, "run-ledger.json"),
+        audit_tasks: params.bundle.audit_tasks
+            ? join(params.artifactsDir, "audit_tasks.json")
+            : null,
+        runtime_validation_tasks: params.bundle.runtime_validation_tasks
+            ? join(params.artifactsDir, "runtime_validation_tasks.json")
+            : null,
+    };
+    const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status);
+    return {
+        status: params.state.status,
+        repo_root: params.root,
+        artifacts_dir: params.artifactsDir,
+        provider: params.providerName ?? null,
+        summary: buildSummary(params.state.status, params.providerName ?? null, params.progressSummary),
+        pending_obligations: buildPendingObligations(params.state),
+        suggested_inputs: suggestedInputs,
+        suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status),
+        interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config),
+        artifact_paths: artifactPaths,
+    };
+}
+export async function writeAuditCodeHandoffArtifacts(handoff) {
+    await mkdir(handoff.artifact_paths.incoming_dir, { recursive: true });
+    await writeJsonFile(handoff.artifact_paths.operator_handoff_json, handoff);
+    await writeFile(handoff.artifact_paths.operator_handoff_markdown, renderMarkdown(handoff), "utf8");
+}

package/dist/supervisor/runLedger.d.ts

@@ -0,0 +1,3 @@
+import type { RunLedger, RunLedgerEntry } from "../types/runLedger.js";
+export declare function loadRunLedger(artifactsDir: string): Promise<RunLedger>;
+export declare function appendRunLedgerEntry(artifactsDir: string, entry: RunLedgerEntry): Promise<void>;

package/dist/supervisor/runLedger.js

@@ -0,0 +1,17 @@
+import { readJsonFile, writeJsonFile } from "../io/json.js";
+function ledgerPath(artifactsDir) {
+    return `${artifactsDir}/run-ledger.json`;
+}
+export async function loadRunLedger(artifactsDir) {
+    try {
+        return await readJsonFile(ledgerPath(artifactsDir));
+    }
+    catch {
+        return { runs: [] };
+    }
+}
+export async function appendRunLedgerEntry(artifactsDir, entry) {
+    const ledger = await loadRunLedger(artifactsDir);
+    ledger.runs.push(entry);
+    await writeJsonFile(ledgerPath(artifactsDir), ledger);
+}

package/dist/supervisor/sessionConfig.d.ts

@@ -0,0 +1,4 @@
+import type { SessionConfig } from "../types/sessionConfig.js";
+export declare function getSessionConfigPath(artifactsDir: string): string;
+export declare function readSessionConfigFile(artifactsDir: string): Promise<unknown | undefined>;
+export declare function loadSessionConfig(artifactsDir: string): Promise<SessionConfig>;

package/dist/supervisor/sessionConfig.js

@@ -0,0 +1,26 @@
+import { readOptionalJsonFile } from "../io/json.js";
+import { validateSessionConfig } from "../validation/sessionConfig.js";
+export function getSessionConfigPath(artifactsDir) {
+    return `${artifactsDir}/session-config.json`;
+}
+export async function readSessionConfigFile(artifactsDir) {
+    return await readOptionalJsonFile(getSessionConfigPath(artifactsDir));
+}
+function formatValidationIssues(configPath, issues) {
+    const details = issues
+        .map((issue) => `- ${issue.path}: ${issue.message}`)
+        .join("\n");
+    return `Invalid ${configPath}:\n${details}`;
+}
+export async function loadSessionConfig(artifactsDir) {
+    const configPath = getSessionConfigPath(artifactsDir);
+    const rawConfig = await readOptionalJsonFile(configPath);
+    if (rawConfig === undefined) {
+        return {};
+    }
+    const issues = validateSessionConfig(rawConfig);
+    if (issues.length > 0) {
+        throw new Error(formatValidationIssues(configPath, issues));
+    }
+    return rawConfig;
+}

package/dist/types/artifactMetadata.d.ts

@@ -0,0 +1,8 @@
+export interface ArtifactMetadataEntry {
+    revision: number;
+    content_hash: string;
+    dependency_revisions: Record<string, number>;
+}
+export interface ArtifactMetadataManifest {
+    artifacts: Record<string, ArtifactMetadataEntry>;
+}

package/dist/types/artifactMetadata.js

@@ -0,0 +1 @@
+export {};

package/dist/types/auditState.d.ts

@@ -0,0 +1,14 @@
+export type AuditTopLevelStatus = "not_started" | "active" | "blocked" | "complete";
+export type ObligationState = "missing" | "present" | "stale" | "blocked" | "satisfied";
+export interface AuditObligation {
+    id: string;
+    state: ObligationState;
+    reason?: string;
+}
+export interface AuditState {
+    status: AuditTopLevelStatus;
+    last_executor?: string;
+    last_obligation?: string;
+    blockers?: string[];
+    obligations: AuditObligation[];
+}

package/dist/types/auditState.js

@@ -0,0 +1 @@
+export {};

package/dist/types/disposition.d.ts

@@ -0,0 +1,9 @@
+export type FileDispositionStatus = "included" | "excluded" | "generated" | "vendor" | "binary" | "doc_only";
+export interface FileDispositionItem {
+    path: string;
+    status: FileDispositionStatus;
+    reason?: string;
+}
+export interface FileDisposition {
+    files: FileDispositionItem[];
+}

package/dist/types/disposition.js

@@ -0,0 +1 @@
+export {};

package/dist/types/externalAnalyzer.d.ts

@@ -0,0 +1,16 @@
+export interface ExternalAnalyzerResultItem {
+    id: string;
+    category: string;
+    severity: string;
+    path: string;
+    line_start?: number;
+    line_end?: number;
+    summary: string;
+    rule?: string;
+    raw?: unknown;
+}
+export interface ExternalAnalyzerResults {
+    tool: string;
+    generated_at?: string;
+    results: ExternalAnalyzerResultItem[];
+}

package/dist/types/externalAnalyzer.js

@@ -0,0 +1 @@
+export {};

package/dist/types/flowCoverage.d.ts

@@ -0,0 +1,11 @@
+export interface FlowCoverageRecord {
+    flow_id: string;
+    paths: string[];
+    required_lenses: string[];
+    completed_lenses: string[];
+    status: string;
+    notes?: string[];
+}
+export interface FlowCoverageManifest {
+    flows: FlowCoverageRecord[];
+}

package/dist/types/flowCoverage.js

@@ -0,0 +1 @@
+export {};

package/dist/types/flows.d.ts

@@ -0,0 +1,11 @@
+export interface CriticalFlow {
+    id: string;
+    name: string;
+    entrypoints: string[];
+    paths: string[];
+    concerns: string[];
+    notes?: string[];
+}
+export interface CriticalFlowManifest {
+    flows: CriticalFlow[];
+}

package/dist/types/flows.js

@@ -0,0 +1 @@
+export {};