auditor-lambda 0.1.0

package/docs/windows-setup.md

@@ -0,0 +1,146 @@
+# Windows setup
+
+This document covers Windows setup for the backend fallback `audit-code` wrapper.
+
+The canonical product route is still `/audit-code` in conversation.
+
+## Simplest path
+
+From the target repository root in PowerShell:
+
+```powershell
+audit-code
+```
+
+This is the lowest-friction path.
+
+Use it with the default backend:
+
+```json
+{
+  "provider": "local-subprocess",
+  "ui_mode": "visible"
+}
+```
+
+## Claude Code on Windows
+
+If `claude` is on `PATH`, use:
+
+```json
+{
+  "provider": "claude-code",
+  "ui_mode": "visible",
+  "claude_code": {
+    "command": "claude",
+    "extra_args": []
+  }
+}
+```
+
+If you want to force a model:
+
+```json
+{
+  "provider": "claude-code",
+  "ui_mode": "visible",
+  "claude_code": {
+    "command": "claude",
+    "extra_args": ["--model", "sonnet"]
+  }
+}
+```
+
+## OpenCode on Windows
+
+If `opencode` is on `PATH`, use:
+
+```json
+{
+  "provider": "opencode",
+  "ui_mode": "visible",
+  "opencode": {
+    "command": "opencode",
+    "extra_args": []
+  }
+}
+```
+
+If you want to force a provider/model pair:
+
+```json
+{
+  "provider": "opencode",
+  "ui_mode": "visible",
+  "opencode": {
+    "command": "opencode",
+    "extra_args": ["--model", "anthropic/claude-sonnet-4.5"]
+  }
+}
+```
+
+## Generic PowerShell bridge
+
+When you need a provider-neutral launcher from Windows, use a PowerShell template bridge.
+
+Example:
+
+```json
+{
+  "provider": "subprocess-template",
+  "ui_mode": "visible",
+  "subprocess_template": {
+    "command_template": [
+      "pwsh",
+      "-NoProfile",
+      "-ExecutionPolicy",
+      "Bypass",
+      "-Command",
+      "& { {workerCommandShell} }"
+    ]
+  }
+}
+```
+
+If `pwsh` is not installed, replace it with `powershell`.
+
+## VS Code on Windows
+
+The simplest VS Code path is still the integrated terminal.
+
+Open the target repository in VS Code and run:
+
+```powershell
+audit-code
+```
+
+Use a `vscode-task` template only if you specifically need a task-oriented launcher boundary.
+
+Example:
+
+```json
+{
+  "provider": "vscode-task",
+  "ui_mode": "visible",
+  "vscode_task": {
+    "command_template": [
+      "pwsh",
+      "-NoProfile",
+      "-ExecutionPolicy",
+      "Bypass",
+      "-Command",
+      "& { {workerCommandShell} }"
+    ]
+  }
+}
+```
+
+## Antigravity on Windows
+
+There is no dedicated Antigravity provider adapter in this repository today.
+
+The recommended practical path is:
+
+- run `audit-code` from an Antigravity terminal
+- use `local-subprocess` first
+- move to `subprocess-template` only if a launcher bridge is actually needed

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "auditor-lambda",
+  "version": "0.1.0",
+  "private": false,
+  "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
+  "type": "module",
+  "bin": {
+    "audit-code": "audit-code.mjs"
+  },
+  "files": [
+    "dist/**",
+    "audit-code.mjs",
+    "audit-code-wrapper-lib.mjs",
+    "schemas/**",
+    "skills/audit-code/**",
+    "README.md",
+    "docs/**"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "check": "tsc -p tsconfig.json --noEmit",
+    "test": "npm run build && node --test tests/*.test.mjs",
+    "verify:release": "npm run check && npm test && npm run smoke:linked-audit-code && npm run smoke:packaged-audit-code",
+    "smoke:linked-audit-code": "node scripts/smoke-linked-audit-code.mjs",
+    "smoke:packaged-audit-code": "node scripts/smoke-packaged-audit-code.mjs",
+    "prepack": "npm run build",
+    "prepare": "npm run build",
+    "prepublishOnly": "npm run verify:release",
+    "start": "node dist/index.js",
+    "audit-code": "node audit-code.mjs",
+    "sample-run": "node dist/index.js sample-run"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/EthanBerlant/auditor-lambda.git"
+  },
+  "homepage": "https://github.com/EthanBerlant/auditor-lambda#readme",
+  "bugs": {
+    "url": "https://github.com/EthanBerlant/auditor-lambda/issues"
+  },
+  "keywords": [
+    "audit",
+    "cli",
+    "code-audit",
+    "static-analysis",
+    "orchestration",
+    "agents"
+  ],
+  "devDependencies": {
+    "@types/node": "^24.3.0",
+    "typescript": "^5.9.2"
+  }
+}

package/schemas/audit-code-v1alpha1.schema.json

@@ -0,0 +1,191 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://example.invalid/schemas/audit-code-v1alpha1.schema.json",
+  "title": "audit-code wrapper output v1alpha1",
+  "type": "object",
+  "additionalProperties": false,
+  "required": [
+    "contract_version",
+    "audit_state",
+    "selected_obligation",
+    "selected_executor",
+    "progress_made",
+    "artifacts_written",
+    "progress_summary",
+    "next_likely_step"
+  ],
+  "properties": {
+    "contract_version": {
+      "const": "audit-code/v1alpha1"
+    },
+    "audit_state": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": ["status", "obligations"],
+      "properties": {
+        "status": {
+          "enum": ["not_started", "active", "blocked", "complete"]
+        },
+        "last_executor": {
+          "type": "string"
+        },
+        "last_obligation": {
+          "type": "string"
+        },
+        "blockers": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "obligations": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["id", "state"],
+            "properties": {
+              "id": {
+                "type": "string"
+              },
+              "state": {
+                "enum": ["missing", "present", "stale", "blocked", "satisfied"]
+              },
+              "reason": {
+                "type": "string"
+              }
+            }
+          }
+        }
+      }
+    },
+    "selected_obligation": {
+      "type": ["string", "null"]
+    },
+    "selected_executor": {
+      "type": ["string", "null"]
+    },
+    "progress_made": {
+      "type": "boolean"
+    },
+    "artifacts_written": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "progress_summary": {
+      "type": "string"
+    },
+    "next_likely_step": {
+      "type": ["string", "null"]
+    },
+    "handoff": {
+      "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "status",
+        "repo_root",
+        "artifacts_dir",
+        "provider",
+        "summary",
+        "pending_obligations",
+        "suggested_inputs",
+        "suggested_commands",
+        "interactive_provider_hint",
+        "artifact_paths"
+      ],
+      "properties": {
+        "status": {
+          "enum": ["not_started", "active", "blocked", "complete"]
+        },
+        "repo_root": {
+          "type": "string"
+        },
+        "artifacts_dir": {
+          "type": "string"
+        },
+        "provider": {
+          "type": ["string", "null"]
+        },
+        "summary": {
+          "type": "string"
+        },
+        "pending_obligations": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "suggested_inputs": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "additionalProperties": false,
+            "required": ["flag", "suggested_path", "description"],
+            "properties": {
+              "flag": {
+                "enum": [
+                  "--results",
+                  "--updates",
+                  "--external-analyzer-results"
+                ]
+              },
+              "suggested_path": {
+                "type": "string"
+              },
+              "description": {
+                "type": "string"
+              }
+            }
+          }
+        },
+        "suggested_commands": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "interactive_provider_hint": {
+          "type": ["string", "null"]
+        },
+        "artifact_paths": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": [
+            "incoming_dir",
+            "operator_handoff_json",
+            "operator_handoff_markdown",
+            "session_config",
+            "run_ledger",
+            "audit_tasks",
+            "runtime_validation_tasks"
+          ],
+          "properties": {
+            "incoming_dir": {
+              "type": "string"
+            },
+            "operator_handoff_json": {
+              "type": "string"
+            },
+            "operator_handoff_markdown": {
+              "type": "string"
+            },
+            "session_config": {
+              "type": "string"
+            },
+            "run_ledger": {
+              "type": "string"
+            },
+            "audit_tasks": {
+              "type": ["string", "null"]
+            },
+            "runtime_validation_tasks": {
+              "type": ["string", "null"]
+            }
+          }
+        }
+      }
+    }
+  }
+}

package/schemas/audit_result.schema.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "audit_result.schema.json",
+  "title": "Audit Result",
+  "type": "object",
+  "required": [
+    "task_id",
+    "unit_id",
+    "pass_id",
+    "lens",
+    "reviewed_ranges",
+    "findings"
+  ],
+  "properties": {
+    "task_id": { "type": "string" },
+    "unit_id": { "type": "string" },
+    "pass_id": { "type": "string" },
+    "lens": { "type": "string" },
+    "agent_role": { "type": "string" },
+    "reviewed_ranges": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["path", "start", "end"],
+        "properties": {
+          "path": { "type": "string" },
+          "start": { "type": "integer" },
+          "end": { "type": "integer" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "findings": {
+      "type": "array",
+      "items": { "$ref": "finding.schema.json" }
+    },
+    "notes": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "requires_followup": { "type": "boolean" },
+    "followup_tasks": {
+      "type": "array",
+      "items": { "type": "string" }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/audit_state.schema.json

@@ -0,0 +1,36 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "audit_state.schema.json",
+  "title": "Audit State",
+  "type": "object",
+  "required": ["status", "obligations"],
+  "properties": {
+    "status": {
+      "type": "string",
+      "enum": ["not_started", "active", "blocked", "complete"]
+    },
+    "last_executor": { "type": "string" },
+    "last_obligation": { "type": "string" },
+    "blockers": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "obligations": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["id", "state"],
+        "properties": {
+          "id": { "type": "string" },
+          "state": {
+            "type": "string",
+            "enum": ["missing", "present", "stale", "blocked", "satisfied"]
+          },
+          "reason": { "type": "string" }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/audit_task.schema.json

@@ -0,0 +1,49 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "audit_task.schema.json",
+  "title": "Audit Task",
+  "type": "object",
+  "required": [
+    "task_id",
+    "unit_id",
+    "pass_id",
+    "lens",
+    "file_paths",
+    "rationale"
+  ],
+  "properties": {
+    "task_id": { "type": "string" },
+    "unit_id": { "type": "string" },
+    "pass_id": { "type": "string" },
+    "lens": { "type": "string" },
+    "file_paths": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "line_ranges": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["path", "start", "end"],
+        "properties": {
+          "path": { "type": "string" },
+          "start": { "type": "integer" },
+          "end": { "type": "integer" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "inputs": {
+      "type": "object",
+      "properties": {
+        "unit_manifest_ref": { "type": "string" },
+        "graph_bundle_ref": { "type": "string" },
+        "mechanical_results_ref": { "type": "string" },
+        "risk_register_ref": { "type": "string" }
+      },
+      "additionalProperties": true
+    },
+    "rationale": { "type": "string" }
+  },
+  "additionalProperties": true
+}

package/schemas/blind_spot_register.schema.json

@@ -0,0 +1,40 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "blind_spot_register.schema.json",
+  "title": "Blind Spot Register",
+  "type": "object",
+  "required": ["items"],
+  "properties": {
+    "items": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["id", "title", "kind", "summary", "evidence"],
+        "properties": {
+          "id": { "type": "string" },
+          "title": { "type": "string" },
+          "kind": { "type": "string" },
+          "summary": { "type": "string" },
+          "affected_paths": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "evidence": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "suggested_lenses": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "suggested_runtime_checks": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/coverage_matrix.schema.json

@@ -0,0 +1,50 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "coverage_matrix.schema.json",
+  "title": "Coverage Matrix",
+  "type": "object",
+  "required": ["files"],
+  "properties": {
+    "files": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["path", "classification_status", "audit_status"],
+        "properties": {
+          "path": { "type": "string" },
+          "unit_ids": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "classification_status": { "type": "string" },
+          "audit_status": { "type": "string" },
+          "required_lenses": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "completed_lenses": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "reviewed_line_ranges": {
+            "type": "array",
+            "items": {
+              "type": "object",
+              "required": ["start", "end", "pass_id"],
+              "properties": {
+                "start": { "type": "integer" },
+                "end": { "type": "integer" },
+                "pass_id": { "type": "string" },
+                "lens": { "type": "string" },
+                "agent_role": { "type": "string" }
+              },
+              "additionalProperties": true
+            }
+          }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/critical_flows.schema.json

@@ -0,0 +1,38 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "critical_flows.schema.json",
+  "title": "Critical Flows",
+  "type": "object",
+  "required": ["flows"],
+  "properties": {
+    "flows": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["id", "name", "entrypoints", "paths", "concerns"],
+        "properties": {
+          "id": { "type": "string" },
+          "name": { "type": "string" },
+          "entrypoints": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "paths": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "concerns": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "notes": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}

package/schemas/external_analyzer_results.schema.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "external_analyzer_results.schema.json",
+  "title": "External Analyzer Results",
+  "type": "object",
+  "required": ["tool", "results"],
+  "properties": {
+    "tool": { "type": "string" },
+    "generated_at": { "type": "string" },
+    "results": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": ["id", "category", "severity", "path", "summary"],
+        "properties": {
+          "id": { "type": "string" },
+          "category": { "type": "string" },
+          "severity": { "type": "string" },
+          "path": { "type": "string" },
+          "line_start": { "type": "integer" },
+          "line_end": { "type": "integer" },
+          "summary": { "type": "string" },
+          "rule": { "type": "string" },
+          "raw": {}
+        },
+        "additionalProperties": true
+      }
+    }
+  },
+  "additionalProperties": true
+}