npm - auditor-lambda - Versions diffs - 0.1.0 - Mend

auditor-lambda 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

package/README.md +173 -0
package/audit-code-wrapper-lib.mjs +905 -0
package/audit-code.mjs +13 -0
package/dist/adapters/coverageSummary.d.ts +8 -0
package/dist/adapters/coverageSummary.js +13 -0
package/dist/adapters/eslint.d.ts +13 -0
package/dist/adapters/eslint.js +21 -0
package/dist/adapters/normalizeExternal.d.ts +12 -0
package/dist/adapters/normalizeExternal.js +19 -0
package/dist/adapters/npmAudit.d.ts +15 -0
package/dist/adapters/npmAudit.js +12 -0
package/dist/adapters/semgrep.d.ts +22 -0
package/dist/adapters/semgrep.js +14 -0
package/dist/cli.d.ts +1 -0
package/dist/cli.js +724 -0
package/dist/coverage.d.ts +11 -0
package/dist/coverage.js +102 -0
package/dist/extractors/bucketing.d.ts +7 -0
package/dist/extractors/bucketing.js +72 -0
package/dist/extractors/disposition.d.ts +4 -0
package/dist/extractors/disposition.js +41 -0
package/dist/extractors/fileInventory.d.ts +7 -0
package/dist/extractors/fileInventory.js +44 -0
package/dist/extractors/flows.d.ts +5 -0
package/dist/extractors/flows.js +125 -0
package/dist/extractors/fsIntake.d.ts +8 -0
package/dist/extractors/fsIntake.js +66 -0
package/dist/extractors/graph.d.ts +4 -0
package/dist/extractors/graph.js +46 -0
package/dist/extractors/ignore.d.ts +1 -0
package/dist/extractors/ignore.js +17 -0
package/dist/extractors/risk.d.ts +5 -0
package/dist/extractors/risk.js +45 -0
package/dist/extractors/surfaces.d.ts +4 -0
package/dist/extractors/surfaces.js +40 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +1 -0
package/dist/io/artifacts.d.ts +38 -0
package/dist/io/artifacts.js +100 -0
package/dist/io/json.d.ts +8 -0
package/dist/io/json.js +96 -0
package/dist/io/runArtifacts.d.ts +14 -0
package/dist/io/runArtifacts.js +37 -0
package/dist/orchestrator/advance.d.ts +24 -0
package/dist/orchestrator/advance.js +104 -0
package/dist/orchestrator/artifactMetadata.d.ts +4 -0
package/dist/orchestrator/artifactMetadata.js +111 -0
package/dist/orchestrator/autoFixExecutor.d.ts +3 -0
package/dist/orchestrator/autoFixExecutor.js +63 -0
package/dist/orchestrator/chunking.d.ts +5 -0
package/dist/orchestrator/chunking.js +13 -0
package/dist/orchestrator/dependencyMap.d.ts +1 -0
package/dist/orchestrator/dependencyMap.js +82 -0
package/dist/orchestrator/executors.d.ts +6 -0
package/dist/orchestrator/executors.js +52 -0
package/dist/orchestrator/flowCoverage.d.ts +4 -0
package/dist/orchestrator/flowCoverage.js +44 -0
package/dist/orchestrator/flowPlanning.d.ts +3 -0
package/dist/orchestrator/flowPlanning.js +42 -0
package/dist/orchestrator/flowRequeue.d.ts +5 -0
package/dist/orchestrator/flowRequeue.js +58 -0
package/dist/orchestrator/internalExecutors.d.ts +16 -0
package/dist/orchestrator/internalExecutors.js +212 -0
package/dist/orchestrator/nextStep.d.ts +9 -0
package/dist/orchestrator/nextStep.js +44 -0
package/dist/orchestrator/planning.d.ts +4 -0
package/dist/orchestrator/planning.js +62 -0
package/dist/orchestrator/requeue.d.ts +3 -0
package/dist/orchestrator/requeue.js +25 -0
package/dist/orchestrator/requeueCommand.d.ts +10 -0
package/dist/orchestrator/requeueCommand.js +27 -0
package/dist/orchestrator/resultIngestion.d.ts +2 -0
package/dist/orchestrator/resultIngestion.js +13 -0
package/dist/orchestrator/runtimeValidation.d.ts +7 -0
package/dist/orchestrator/runtimeValidation.js +103 -0
package/dist/orchestrator/runtimeValidationUpdate.d.ts +2 -0
package/dist/orchestrator/runtimeValidationUpdate.js +52 -0
package/dist/orchestrator/staleness.d.ts +2 -0
package/dist/orchestrator/staleness.js +83 -0
package/dist/orchestrator/state.d.ts +3 -0
package/dist/orchestrator/state.js +85 -0
package/dist/orchestrator/syntaxResolutionExecutor.d.ts +3 -0
package/dist/orchestrator/syntaxResolutionExecutor.js +99 -0
package/dist/orchestrator/taskBuilder.d.ts +12 -0
package/dist/orchestrator/taskBuilder.js +154 -0
package/dist/orchestrator/unitBuilder.d.ts +3 -0
package/dist/orchestrator/unitBuilder.js +145 -0
package/dist/orchestrator.d.ts +6 -0
package/dist/orchestrator.js +33 -0
package/dist/prompts/renderWorkerPrompt.d.ts +2 -0
package/dist/prompts/renderWorkerPrompt.js +19 -0
package/dist/providers/claudeCodeProvider.d.ts +8 -0
package/dist/providers/claudeCodeProvider.js +20 -0
package/dist/providers/index.d.ts +7 -0
package/dist/providers/index.js +77 -0
package/dist/providers/localSubprocessProvider.d.ts +5 -0
package/dist/providers/localSubprocessProvider.js +13 -0
package/dist/providers/opencodeProvider.d.ts +8 -0
package/dist/providers/opencodeProvider.js +15 -0
package/dist/providers/spawnLoggedCommand.d.ts +2 -0
package/dist/providers/spawnLoggedCommand.js +48 -0
package/dist/providers/subprocessTemplateProvider.d.ts +8 -0
package/dist/providers/subprocessTemplateProvider.js +41 -0
package/dist/providers/types.d.ts +22 -0
package/dist/providers/types.js +1 -0
package/dist/providers/vscodeTaskProvider.d.ts +8 -0
package/dist/providers/vscodeTaskProvider.js +14 -0
package/dist/reporting/mergeFindings.d.ts +4 -0
package/dist/reporting/mergeFindings.js +136 -0
package/dist/reporting/rootCause.d.ts +11 -0
package/dist/reporting/rootCause.js +69 -0
package/dist/reporting/synthesis.d.ts +21 -0
package/dist/reporting/synthesis.js +55 -0
package/dist/supervisor/operatorHandoff.d.ts +37 -0
package/dist/supervisor/operatorHandoff.js +144 -0
package/dist/supervisor/runLedger.d.ts +3 -0
package/dist/supervisor/runLedger.js +17 -0
package/dist/supervisor/sessionConfig.d.ts +4 -0
package/dist/supervisor/sessionConfig.js +26 -0
package/dist/types/artifactMetadata.d.ts +8 -0
package/dist/types/artifactMetadata.js +1 -0
package/dist/types/auditState.d.ts +14 -0
package/dist/types/auditState.js +1 -0
package/dist/types/disposition.d.ts +9 -0
package/dist/types/disposition.js +1 -0
package/dist/types/externalAnalyzer.d.ts +16 -0
package/dist/types/externalAnalyzer.js +1 -0
package/dist/types/flowCoverage.d.ts +11 -0
package/dist/types/flowCoverage.js +1 -0
package/dist/types/flows.d.ts +11 -0
package/dist/types/flows.js +1 -0
package/dist/types/graph.d.ts +18 -0
package/dist/types/graph.js +1 -0
package/dist/types/risk.d.ts +9 -0
package/dist/types/risk.js +1 -0
package/dist/types/runLedger.d.ts +13 -0
package/dist/types/runLedger.js +1 -0
package/dist/types/runtimeValidation.d.ts +22 -0
package/dist/types/runtimeValidation.js +1 -0
package/dist/types/sessionConfig.d.ts +27 -0
package/dist/types/sessionConfig.js +1 -0
package/dist/types/surfaces.d.ts +11 -0
package/dist/types/surfaces.js +1 -0
package/dist/types/workerResult.d.ts +13 -0
package/dist/types/workerResult.js +1 -0
package/dist/types/workerSession.d.ts +13 -0
package/dist/types/workerSession.js +1 -0
package/dist/types.d.ts +104 -0
package/dist/types.js +1 -0
package/dist/validation/artifacts.d.ts +3 -0
package/dist/validation/artifacts.js +191 -0
package/dist/validation/basic.d.ts +5 -0
package/dist/validation/basic.js +9 -0
package/dist/validation/sessionConfig.d.ts +6 -0
package/dist/validation/sessionConfig.js +139 -0
package/docs/agent-integrations.md +237 -0
package/docs/agent-roles.md +69 -0
package/docs/architecture.md +90 -0
package/docs/artifacts.md +69 -0
package/docs/bootstrap-install.md +79 -0
package/docs/contract.md +140 -0
package/docs/github-copilot.md +50 -0
package/docs/model-selection.md +86 -0
package/docs/next-steps.md +161 -0
package/docs/packaging.md +88 -0
package/docs/pipeline.md +152 -0
package/docs/product-direction.md +111 -0
package/docs/production-launch-bar.md +83 -0
package/docs/production-readiness.md +52 -0
package/docs/repo-layout.md +30 -0
package/docs/run-flow.md +49 -0
package/docs/session-config.md +232 -0
package/docs/supervisor.md +83 -0
package/docs/usage.md +172 -0
package/docs/windows-setup.md +146 -0
package/package.json +56 -0
package/schemas/audit-code-v1alpha1.schema.json +191 -0
package/schemas/audit_result.schema.json +48 -0
package/schemas/audit_state.schema.json +36 -0
package/schemas/audit_task.schema.json +49 -0
package/schemas/blind_spot_register.schema.json +40 -0
package/schemas/coverage_matrix.schema.json +50 -0
package/schemas/critical_flows.schema.json +38 -0
package/schemas/external_analyzer_results.schema.json +31 -0
package/schemas/file_disposition.schema.json +33 -0
package/schemas/finding.schema.json +62 -0
package/schemas/flow_coverage.schema.json +44 -0
package/schemas/graph_bundle.schema.json +55 -0
package/schemas/merged_findings.schema.json +14 -0
package/schemas/repo_manifest.schema.json +37 -0
package/schemas/risk_register.schema.json +30 -0
package/schemas/root_cause_clusters.schema.json +31 -0
package/schemas/runtime_validation_report.schema.json +34 -0
package/schemas/runtime_validation_tasks.schema.json +36 -0
package/schemas/surface_manifest.schema.json +32 -0
package/schemas/synthesis_report.schema.json +61 -0
package/schemas/unit_manifest.schema.json +36 -0
package/skills/audit-code/SKILL.md +54 -0
package/skills/audit-code/audit-code.prompt.md +66 -0

package/audit-code.mjs ADDED Viewed

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+import { runAuditCodeWrapper } from "./audit-code-wrapper-lib.mjs";
+try {
+  await runAuditCodeWrapper({
+    usageName: "audit-code.mjs",
+    ensureArtifactsDir: true,
+  });
+} catch (error) {
+  console.error(error instanceof Error ? error.message : String(error));
+  process.exitCode = 1;
+}

package/dist/adapters/coverageSummary.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+interface CoverageFileSummary {
+    path: string;
+    lines_pct: number;
+    branches_pct?: number;
+}
+export declare function normalizeCoverageSummary(files: CoverageFileSummary[]): ExternalAnalyzerResults;
+export {};

package/dist/adapters/coverageSummary.js ADDED Viewed

@@ -0,0 +1,13 @@
+import { normalizeGenericExternalResults } from "./normalizeExternal.js";
+export function normalizeCoverageSummary(files) {
+    return normalizeGenericExternalResults("coverage-summary", files
+        .filter((file) => file.lines_pct < 80)
+        .map((file, index) => ({
+        id: `coverage-${index + 1}`,
+        category: "tests",
+        severity: file.lines_pct < 50 ? "high" : "medium",
+        path: file.path,
+        summary: `Low line coverage: ${file.lines_pct}%${typeof file.branches_pct === "number" ? `, branch coverage ${file.branches_pct}%` : ""}.`,
+        raw: file,
+    })));
+}

package/dist/adapters/eslint.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+interface EslintResult {
+    filePath?: string;
+    messages?: Array<{
+        ruleId?: string | null;
+        severity?: number;
+        line?: number;
+        endLine?: number;
+        message?: string;
+    }>;
+}
+export declare function normalizeEslintJson(input: EslintResult[]): ExternalAnalyzerResults;
+export {};

package/dist/adapters/eslint.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { normalizeGenericExternalResults } from "./normalizeExternal.js";
+function mapSeverity(value) {
+    if (value === 2)
+        return "medium";
+    if (value === 1)
+        return "low";
+    return "info";
+}
+export function normalizeEslintJson(input) {
+    return normalizeGenericExternalResults("eslint", input.flatMap((file) => (file.messages ?? []).map((message, index) => ({
+        id: `${file.filePath ?? "unknown"}:${index + 1}`,
+        category: "maintainability",
+        severity: mapSeverity(message.severity),
+        path: file.filePath,
+        line_start: message.line,
+        line_end: message.endLine,
+        summary: message.message,
+        rule: message.ruleId ?? undefined,
+        raw: message,
+    }))));
+}

package/dist/adapters/normalizeExternal.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+export declare function normalizeGenericExternalResults(tool: string, items: Array<{
+    id?: string;
+    category?: string;
+    severity?: string;
+    path?: string;
+    line_start?: number;
+    line_end?: number;
+    summary?: string;
+    rule?: string;
+    raw?: unknown;
+}>): ExternalAnalyzerResults;

package/dist/adapters/normalizeExternal.js ADDED Viewed

@@ -0,0 +1,19 @@
+export function normalizeGenericExternalResults(tool, items) {
+    return {
+        tool,
+        generated_at: new Date().toISOString(),
+        results: items
+            .filter((item) => item.path && item.summary)
+            .map((item, index) => ({
+            id: item.id ?? `${tool}-${index + 1}`,
+            category: item.category ?? "unknown",
+            severity: item.severity ?? "unknown",
+            path: item.path,
+            line_start: item.line_start,
+            line_end: item.line_end,
+            summary: item.summary,
+            rule: item.rule,
+            raw: item.raw,
+        })),
+    };
+}

package/dist/adapters/npmAudit.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+interface NpmAuditVuln {
+    name?: string;
+    severity?: string;
+    range?: string;
+    fixAvailable?: boolean | {
+        name?: string;
+        version?: string;
+    };
+}
+interface NpmAuditJson {
+    vulnerabilities?: Record<string, NpmAuditVuln>;
+}
+export declare function normalizeNpmAuditJson(input: NpmAuditJson): ExternalAnalyzerResults;
+export {};

package/dist/adapters/npmAudit.js ADDED Viewed

@@ -0,0 +1,12 @@
+import { normalizeGenericExternalResults } from "./normalizeExternal.js";
+export function normalizeNpmAuditJson(input) {
+    return normalizeGenericExternalResults("npm-audit", Object.entries(input.vulnerabilities ?? {}).map(([pkg, vuln], index) => ({
+        id: `npm-audit-${index + 1}`,
+        category: "dependency_risk",
+        severity: vuln.severity ?? "unknown",
+        path: "package-lock.json",
+        summary: `Package ${pkg} has a ${vuln.severity ?? "unknown"} severity vulnerability in range ${vuln.range ?? "unknown"}.`,
+        rule: pkg,
+        raw: vuln,
+    })));
+}

package/dist/adapters/semgrep.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+interface SemgrepJson {
+    results?: Array<{
+        check_id?: string;
+        path?: string;
+        start?: {
+            line?: number;
+        };
+        end?: {
+            line?: number;
+        };
+        extra?: {
+            severity?: string;
+            message?: string;
+            metadata?: {
+                category?: string;
+            };
+        };
+    }>;
+}
+export declare function normalizeSemgrepJson(input: SemgrepJson): ExternalAnalyzerResults;
+export {};

package/dist/adapters/semgrep.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { normalizeGenericExternalResults } from "./normalizeExternal.js";
+export function normalizeSemgrepJson(input) {
+    return normalizeGenericExternalResults("semgrep", (input.results ?? []).map((result) => ({
+        id: result.check_id,
+        category: result.extra?.metadata?.category ?? "security",
+        severity: result.extra?.severity,
+        path: result.path,
+        line_start: result.start?.line,
+        line_end: result.end?.line,
+        summary: result.extra?.message,
+        rule: result.check_id,
+        raw: result,
+    })));
+}

package/dist/cli.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function runSample(): Promise<void>;