auditor-lambda 0.1.0

package/dist/orchestrator/taskBuilder.js

@@ -0,0 +1,154 @@
+function chunkRanges(totalLines, chunkSize) {
+    const ranges = [];
+    let start = 1;
+    while (start <= totalLines) {
+        const end = Math.min(start + chunkSize - 1, totalLines);
+        ranges.push({ start, end });
+        start = end + 1;
+    }
+    return ranges;
+}
+function taskPriority(hasExternalSignal, lens) {
+    if (hasExternalSignal &&
+        (lens === "security" || lens === "data_integrity" || lens === "reliability")) {
+        return "high";
+    }
+    if (hasExternalSignal) {
+        return "medium";
+    }
+    return lens === "security" || lens === "data_integrity" ? "medium" : "low";
+}
+function priorityRank(priority) {
+    switch (priority) {
+        case "high":
+            return 3;
+        case "medium":
+            return 2;
+        case "low":
+        default:
+            return 1;
+    }
+}
+function pickAnalyzerLens(category) {
+    const normalized = category.toLowerCase();
+    if (normalized.includes("security") ||
+        normalized.includes("secret") ||
+        normalized.includes("dependency"))
+        return "security";
+    if (normalized.includes("data"))
+        return "data_integrity";
+    if (normalized.includes("tests") || normalized.includes("coverage"))
+        return "tests";
+    if (normalized.includes("reliability") || normalized.includes("concurrency"))
+        return "reliability";
+    if (normalized.includes("maintainability") ||
+        normalized.includes("lint") ||
+        normalized.includes("style"))
+        return "maintainability";
+    return "correctness";
+}
+export function buildChunkedAuditTasks(unitManifest, unitLineIndex, options = {}) {
+    const chunkSize = options.chunk_size ?? 200;
+    const allowed = new Set(options.limit_lenses ?? []);
+    const enforceLensFilter = allowed.size > 0;
+    const tasks = [];
+    const seen = new Set();
+    const externalPaths = new Set((options.external_analyzer_results?.results ?? []).map((item) => item.path));
+    for (const unit of unitManifest.units) {
+        const minimumLenses = ["correctness", "security"];
+        const lensesToRun = Array.isArray(unit.required_lenses) && unit.required_lenses.length >= 2
+            ? unit.required_lenses
+            : minimumLenses;
+        for (const lens of lensesToRun) {
+            if (enforceLensFilter && !allowed.has(lens)) {
+                continue;
+            }
+            for (const filePath of unit.files) {
+                const hasExternalSignal = externalPaths.has(filePath);
+                const priority = taskPriority(hasExternalSignal, lens);
+                const tags = hasExternalSignal ? ["external_analyzer_signal"] : [];
+                const lineCount = unitLineIndex[filePath] ?? 0;
+                const ranges = chunkRanges(lineCount, chunkSize);
+                if (ranges.length === 0) {
+                    const id = `${unit.unit_id}:${lens}:${filePath}:full`;
+                    if (seen.has(id))
+                        continue;
+                    seen.add(id);
+                    tasks.push({
+                        task_id: id,
+                        unit_id: unit.unit_id,
+                        pass_id: `pass:${lens}`,
+                        lens,
+                        file_paths: [filePath],
+                        rationale: `Audit ${filePath} under the ${lens} lens.${hasExternalSignal ? " External analyzer signals raise priority for this path." : ""}`,
+                        priority,
+                        tags,
+                    });
+                    continue;
+                }
+                for (const range of ranges) {
+                    const id = `${unit.unit_id}:${lens}:${filePath}:${range.start}-${range.end}`;
+                    if (seen.has(id))
+                        continue;
+                    seen.add(id);
+                    tasks.push({
+                        task_id: id,
+                        unit_id: unit.unit_id,
+                        pass_id: `pass:${lens}`,
+                        lens,
+                        file_paths: [filePath],
+                        line_ranges: [
+                            { path: filePath, start: range.start, end: range.end },
+                        ],
+                        rationale: `Audit ${filePath} lines ${range.start}-${range.end} under the ${lens} lens.${hasExternalSignal ? " External analyzer signals raise priority for this path." : ""}`,
+                        priority,
+                        tags,
+                    });
+                }
+            }
+        }
+    }
+    return tasks.sort((a, b) => {
+        const priorityDelta = priorityRank(b.priority) - priorityRank(a.priority);
+        if (priorityDelta !== 0)
+            return priorityDelta;
+        return a.task_id.localeCompare(b.task_id);
+    });
+}
+export function buildExternalSignalTasks(coverageMatrix, unitLineIndex, externalAnalyzerResults) {
+    if (!externalAnalyzerResults) {
+        return [];
+    }
+    const tasks = [];
+    const seen = new Set();
+    for (const result of externalAnalyzerResults.results) {
+        const lens = pickAnalyzerLens(result.category);
+        const coverage = coverageMatrix.files.find((file) => file.path === result.path);
+        if (!coverage || coverage.audit_status === "excluded") {
+            continue;
+        }
+        const lineCount = unitLineIndex[result.path] ?? 0;
+        const id = `analyzer:${externalAnalyzerResults.tool}:${lens}:${result.path}:${result.id}`;
+        if (seen.has(id)) {
+            continue;
+        }
+        seen.add(id);
+        tasks.push({
+            task_id: id,
+            unit_id: coverage.unit_ids[0] ?? `analyzer:${result.path}`,
+            pass_id: `analyzer:${externalAnalyzerResults.tool}:${lens}`,
+            lens,
+            file_paths: [result.path],
+            line_ranges: lineCount > 0
+                ? [{ path: result.path, start: 1, end: lineCount }]
+                : undefined,
+            rationale: `Analyzer follow-up for ${result.path} under the ${lens} lens because ${externalAnalyzerResults.tool} reported: ${result.summary}`,
+            priority: "high",
+            tags: [
+                "external_analyzer_signal",
+                `external_tool:${externalAnalyzerResults.tool}`,
+            ],
+        });
+    }
+    return tasks.sort((a, b) => a.task_id.localeCompare(b.task_id));
+}

package/dist/orchestrator/unitBuilder.d.ts

@@ -0,0 +1,3 @@
+import type { RepoManifest, UnitManifest } from "../types.js";
+import type { FileDisposition } from "../types/disposition.js";
+export declare function buildUnitManifest(repoManifest: RepoManifest, disposition?: FileDisposition): UnitManifest;

package/dist/orchestrator/unitBuilder.js

@@ -0,0 +1,145 @@
+import { bucketFile } from "../extractors/bucketing.js";
+import { isAuditExcludedStatus } from "../extractors/disposition.js";
+const LENS_MAP = {
+    runtime: ["correctness", "maintainability", "tests"],
+    interface: ["correctness", "security", "reliability", "tests"],
+    data_layer: ["correctness", "data_integrity", "reliability", "tests"],
+    security_sensitive: ["security", "correctness", "reliability", "tests"],
+    concurrency_state: ["reliability", "performance", "correctness", "tests"],
+    tests: ["tests", "maintainability"],
+    tooling_scripts: ["correctness", "operability", "config_deployment"],
+    config_deployment: ["config_deployment", "reliability", "operability"],
+    docs_specs: ["maintainability"],
+    generated_vendor: ["maintainability"],
+    unknown: ["correctness"],
+};
+function inferUnitKind(path) {
+    const normalized = path.toLowerCase();
+    if (normalized.startsWith("apps/") || normalized.startsWith("services/"))
+        return "service";
+    if (normalized.startsWith("packages/"))
+        return "package";
+    if (normalized.startsWith("infra/"))
+        return "infrastructure";
+    if (normalized.startsWith("scripts/") || normalized.startsWith("bin/"))
+        return "script";
+    if (normalized.includes("test") || normalized.includes("spec"))
+        return "test";
+    if (normalized.includes("api/") ||
+        normalized.includes("route") ||
+        normalized.includes("controller"))
+        return "interface";
+    if (normalized.includes("model") ||
+        normalized.includes("schema") ||
+        normalized.includes("migration") ||
+        normalized.includes("db/"))
+        return "data";
+    return "module";
+}
+function inferUnitId(path, kind) {
+    const parts = path.split("/");
+    const normalized = path.toLowerCase();
+    if ((parts[0] === "src" || parts[0] === "lib") && parts.length >= 3) {
+        if (["api", "routes", "controllers", "models", "db", "services"].includes(parts[1])) {
+            return `${parts[0]}-${parts[1]}-${parts[2]}`.replace(/[^a-zA-Z0-9_-]/g, "-");
+        }
+    }
+    if ((parts[0] === "src" || parts[0] === "lib") && parts.length >= 2) {
+        return `${parts[0]}-${parts[1]}`.replace(/[^a-zA-Z0-9_-]/g, "-");
+    }
+    if ((parts[0] === "tests" || parts[0] === "test") && parts.length >= 2) {
+        return `tests-${parts[1]}`.replace(/[^a-zA-Z0-9_-]/g, "-");
+    }
+    if (parts.length >= 2) {
+        return `${parts[0]}-${parts[1]}`.replace(/[^a-zA-Z0-9_-]/g, "-");
+    }
+    if (normalized.includes("docker") ||
+        normalized.endsWith(".yml") ||
+        normalized.endsWith(".yaml")) {
+        return "infra-config";
+    }
+    return `${kind}-${path.replace(/[^a-zA-Z0-9_-]/g, "-")}`;
+}
+function sortLenses(lenses) {
+    const order = [
+        "security",
+        "correctness",
+        "reliability",
+        "data_integrity",
+        "performance",
+        "operability",
+        "config_deployment",
+        "maintainability",
+        "tests",
+    ];
+    const set = new Set(lenses);
+    return order.filter((lens) => set.has(lens));
+}
+function inferCriticalFlows(files, requiredLenses) {
+    const flows = new Set();
+    const combined = files.join(" ").toLowerCase();
+    if (combined.includes("auth") ||
+        combined.includes("session") ||
+        combined.includes("token")) {
+        flows.add("auth-session");
+    }
+    if (combined.includes("billing") ||
+        combined.includes("invoice") ||
+        combined.includes("payment")) {
+        flows.add("billing-payment");
+    }
+    if (combined.includes("queue") ||
+        combined.includes("worker") ||
+        combined.includes("job") ||
+        requiredLenses.includes("reliability")) {
+        flows.add("async-processing");
+    }
+    if (combined.includes("deploy") ||
+        combined.includes("docker") ||
+        requiredLenses.includes("config_deployment")) {
+        flows.add("deployment-config");
+    }
+    return [...flows];
+}
+export function buildUnitManifest(repoManifest, disposition) {
+    const units = new Map();
+    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    for (const file of repoManifest.files) {
+        const status = dispositionMap.get(file.path);
+        if (file.excluded || (status && isAuditExcludedStatus(status))) {
+            continue;
+        }
+        const kind = inferUnitKind(file.path);
+        const unitId = inferUnitId(file.path, kind);
+        const existing = units.get(unitId) ?? {
+            unit_id: unitId,
+            name: unitId,
+            kind,
+            files: [],
+            required_lenses: [],
+        };
+        if (!existing.files.includes(file.path)) {
+            existing.files.push(file.path);
+        }
+        const assignment = bucketFile(file.path);
+        const required = new Set(existing.required_lenses);
+        for (const bucket of assignment.buckets) {
+            for (const lens of LENS_MAP[bucket]) {
+                required.add(lens);
+            }
+        }
+        existing.required_lenses = sortLenses(required);
+        const riskScore = new Set(assignment.buckets).size +
+            (assignment.buckets.includes("security_sensitive") ? 3 : 0) +
+            (assignment.buckets.includes("interface") ? 1 : 0) +
+            (assignment.buckets.includes("data_layer") ? 1 : 0);
+        existing.risk_score = Math.max(existing.risk_score ?? 0, riskScore);
+        existing.files = existing.files.sort((a, b) => a.localeCompare(b));
+        existing.critical_flows = inferCriticalFlows(existing.files, existing.required_lenses);
+        units.set(unitId, existing);
+    }
+    return {
+        units: [...units.values()].sort((a, b) => (b.risk_score ?? 0) - (a.risk_score ?? 0) ||
+            a.unit_id.localeCompare(b.unit_id)),
+    };
+}

package/dist/orchestrator.d.ts

@@ -0,0 +1,6 @@
+import type { AuditTask, Lens, UnitManifest } from "./types.js";
+export interface TaskBuildOptions {
+    pass_prefix?: string;
+    limit_lenses?: Lens[];
+}
+export declare function buildAuditTasks(unitManifest: UnitManifest, options?: TaskBuildOptions): AuditTask[];

package/dist/orchestrator.js

@@ -0,0 +1,33 @@
+const DEFAULT_LENS_ORDER = [
+    "correctness",
+    "architecture",
+    "maintainability",
+    "security",
+    "reliability",
+    "performance",
+    "data_integrity",
+    "tests",
+    "operability",
+    "config_deployment",
+];
+export function buildAuditTasks(unitManifest, options = {}) {
+    const allowed = new Set(options.limit_lenses ?? DEFAULT_LENS_ORDER);
+    const passPrefix = options.pass_prefix ?? "pass";
+    const tasks = [];
+    for (const unit of unitManifest.units) {
+        for (const lens of unit.required_lenses) {
+            if (!allowed.has(lens)) {
+                continue;
+            }
+            tasks.push({
+                task_id: `${unit.unit_id}:${lens}`,
+                unit_id: unit.unit_id,
+                pass_id: `${passPrefix}:${lens}`,
+                lens,
+                file_paths: unit.files,
+                rationale: `Audit ${unit.name} under the ${lens} lens.`,
+            });
+        }
+    }
+    return tasks;
+}

package/dist/prompts/renderWorkerPrompt.d.ts

@@ -0,0 +1,2 @@
+import type { WorkerTask } from "../types/workerSession.js";
+export declare function renderWorkerPrompt(task: WorkerTask): string;

package/dist/prompts/renderWorkerPrompt.js

@@ -0,0 +1,19 @@
+function shellQuote(arg) {
+    return JSON.stringify(arg);
+}
+export function renderWorkerPrompt(task) {
+    const command = task.worker_command.map(shellQuote).join(" ");
+    return [
+        "You are executing one bounded audit step for audit-code.",
+        `Run ID: ${task.run_id}`,
+        `Repository root: ${task.repo_root}`,
+        `Obligation: ${task.obligation_id ?? "unknown"}`,
+        `Executor: ${task.preferred_executor}`,
+        "Execute the following command exactly, without modification:",
+        command,
+        "Do not continue the audit recursively.",
+        "Do not choose another task.",
+        `The command must write the worker result JSON to: ${task.result_path}`,
+        "After the command completes, stop.",
+    ].join("\n");
+}

package/dist/providers/claudeCodeProvider.d.ts

@@ -0,0 +1,8 @@
+import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
+import type { ClaudeCodeConfig } from "../types/sessionConfig.js";
+export declare class ClaudeCodeProvider implements FreshSessionProvider {
+    name: string;
+    private readonly config;
+    constructor(config?: ClaudeCodeConfig);
+    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+}

package/dist/providers/claudeCodeProvider.js

@@ -0,0 +1,20 @@
+import { readFile } from "node:fs/promises";
+import { spawnLoggedCommand } from "./spawnLoggedCommand.js";
+export class ClaudeCodeProvider {
+    name = "claude-code";
+    config;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    async launch(input) {
+        const prompt = await readFile(input.promptPath, "utf8");
+        const command = this.config.command ?? "claude";
+        const args = [
+            "-p",
+            prompt,
+            ...(this.config.extra_args ?? []),
+            "--dangerously-skip-permissions",
+        ];
+        return await spawnLoggedCommand(command, args, input);
+    }
+}

package/dist/providers/index.d.ts

@@ -0,0 +1,7 @@
+import type { FreshSessionProvider } from "./types.js";
+import type { ResolvedProviderName, SessionConfig } from "../types/sessionConfig.js";
+export declare function resolveFreshSessionProviderName(name: string | undefined, sessionConfig?: SessionConfig, options?: {
+    env?: NodeJS.ProcessEnv;
+    commandExists?: (command: string) => boolean;
+}): ResolvedProviderName;
+export declare function createFreshSessionProvider(name: string | undefined, sessionConfig?: SessionConfig): FreshSessionProvider;

package/dist/providers/index.js

@@ -0,0 +1,77 @@
+import { spawnSync } from "node:child_process";
+import { LocalSubprocessProvider } from "./localSubprocessProvider.js";
+import { SubprocessTemplateProvider } from "./subprocessTemplateProvider.js";
+import { ClaudeCodeProvider } from "./claudeCodeProvider.js";
+import { OpenCodeProvider } from "./opencodeProvider.js";
+import { VSCodeTaskProvider } from "./vscodeTaskProvider.js";
+function hasEntries(values) {
+    return (values?.length ?? 0) > 0;
+}
+function hasConfiguredClaudeCode(sessionConfig) {
+    return (Boolean(sessionConfig.claude_code?.command?.trim()) ||
+        hasEntries(sessionConfig.claude_code?.extra_args));
+}
+function hasConfiguredOpenCode(sessionConfig) {
+    return (Boolean(sessionConfig.opencode?.command?.trim()) ||
+        hasEntries(sessionConfig.opencode?.extra_args));
+}
+function commandExists(command) {
+    const lookupCommand = process.platform === "win32" ? "where" : "which";
+    const result = spawnSync(lookupCommand, [command], { stdio: "ignore" });
+    return result.status === 0;
+}
+export function resolveFreshSessionProviderName(name, sessionConfig = {}, options = {}) {
+    const requestedProvider = name ?? sessionConfig.provider ?? "local-subprocess";
+    if (requestedProvider !== "auto") {
+        return requestedProvider;
+    }
+    const env = options.env ?? process.env;
+    const lookupCommand = options.commandExists ?? commandExists;
+    const inVSCode = (env.TERM_PROGRAM ?? "").toLowerCase() === "vscode";
+    if (inVSCode && hasEntries(sessionConfig.vscode_task?.command_template)) {
+        return "vscode-task";
+    }
+    if (hasEntries(sessionConfig.subprocess_template?.command_template)) {
+        return "subprocess-template";
+    }
+    const claudeCommand = sessionConfig.claude_code?.command ?? "claude";
+    const opencodeCommand = sessionConfig.opencode?.command ?? "opencode";
+    const claudeAvailable = lookupCommand(claudeCommand);
+    const opencodeAvailable = lookupCommand(opencodeCommand);
+    if (hasConfiguredClaudeCode(sessionConfig) && claudeAvailable) {
+        return "claude-code";
+    }
+    if (hasConfiguredOpenCode(sessionConfig) && opencodeAvailable) {
+        return "opencode";
+    }
+    if (claudeAvailable && !opencodeAvailable) {
+        return "claude-code";
+    }
+    if (opencodeAvailable && !claudeAvailable) {
+        return "opencode";
+    }
+    return "local-subprocess";
+}
+export function createFreshSessionProvider(name, sessionConfig = {}) {
+    const providerName = resolveFreshSessionProviderName(name, sessionConfig);
+    switch (providerName) {
+        case "local-subprocess":
+            return new LocalSubprocessProvider();
+        case "subprocess-template":
+            if (!sessionConfig.subprocess_template?.command_template?.length) {
+                throw new Error("subprocess-template provider requires session-config.json with subprocess_template.command_template.");
+            }
+            return new SubprocessTemplateProvider(sessionConfig.subprocess_template);
+        case "claude-code":
+            return new ClaudeCodeProvider(sessionConfig.claude_code);
+        case "opencode":
+            return new OpenCodeProvider(sessionConfig.opencode);
+        case "vscode-task":
+            if (!sessionConfig.vscode_task?.command_template?.length) {
+                throw new Error("vscode-task provider requires session-config.json with vscode_task.command_template.");
+            }
+            return new VSCodeTaskProvider(sessionConfig.vscode_task);
+        default:
+            throw new Error(`Unknown provider: ${providerName}`);
+    }
+}

package/dist/providers/localSubprocessProvider.d.ts

@@ -0,0 +1,5 @@
+import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
+export declare class LocalSubprocessProvider implements FreshSessionProvider {
+    name: string;
+    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+}

package/dist/providers/localSubprocessProvider.js

@@ -0,0 +1,13 @@
+import { readJsonFile } from "../io/json.js";
+import { spawnLoggedCommand } from "./spawnLoggedCommand.js";
+export class LocalSubprocessProvider {
+    name = "local-subprocess";
+    async launch(input) {
+        const task = await readJsonFile(input.taskPath);
+        if (!task.worker_command.length) {
+            throw new Error("local-subprocess provider requires task.worker_command.");
+        }
+        const [command, ...args] = task.worker_command;
+        return await spawnLoggedCommand(command, args, input);
+    }
+}

package/dist/providers/opencodeProvider.d.ts

@@ -0,0 +1,8 @@
+import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
+import type { OpenCodeConfig } from "../types/sessionConfig.js";
+export declare class OpenCodeProvider implements FreshSessionProvider {
+    name: string;
+    private readonly config;
+    constructor(config?: OpenCodeConfig);
+    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+}

package/dist/providers/opencodeProvider.js

@@ -0,0 +1,15 @@
+import { readFile } from "node:fs/promises";
+import { spawnLoggedCommand } from "./spawnLoggedCommand.js";
+export class OpenCodeProvider {
+    name = "opencode";
+    config;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    async launch(input) {
+        const prompt = await readFile(input.promptPath, "utf8");
+        const command = this.config.command ?? "opencode";
+        const args = ["run", prompt, ...(this.config.extra_args ?? [])];
+        return await spawnLoggedCommand(command, args, input);
+    }
+}

package/dist/providers/spawnLoggedCommand.d.ts

@@ -0,0 +1,2 @@
+import type { LaunchFreshSessionInput, LaunchFreshSessionResult } from "./types.js";
+export declare function spawnLoggedCommand(command: string, args: string[], input: LaunchFreshSessionInput, env?: Record<string, string>): Promise<LaunchFreshSessionResult>;

package/dist/providers/spawnLoggedCommand.js

@@ -0,0 +1,48 @@
+import { createWriteStream } from "node:fs";
+import { spawn } from "node:child_process";
+function tee(write, chunk) {
+    write.write(chunk);
+}
+export async function spawnLoggedCommand(command, args, input, env) {
+    return await new Promise((resolve, reject) => {
+        const stdoutLog = createWriteStream(input.stdoutPath, { flags: "a" });
+        const stderrLog = createWriteStream(input.stderrPath, { flags: "a" });
+        const child = spawn(command, args, {
+            cwd: input.repoRoot,
+            env: { ...process.env, ...env },
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        const timer = setTimeout(() => {
+            child.kill("SIGTERM");
+        }, input.timeoutMs);
+        child.stdout.on("data", (chunk) => {
+            tee(stdoutLog, chunk);
+            if (input.uiMode === "visible") {
+                process.stdout.write(chunk);
+            }
+        });
+        child.stderr.on("data", (chunk) => {
+            tee(stderrLog, chunk);
+            if (input.uiMode === "visible") {
+                process.stderr.write(chunk);
+            }
+        });
+        child.on("error", (error) => {
+            clearTimeout(timer);
+            stdoutLog.end();
+            stderrLog.end();
+            reject(error);
+        });
+        child.on("exit", (code, signal) => {
+            clearTimeout(timer);
+            stdoutLog.end();
+            stderrLog.end();
+            resolve({
+                accepted: true,
+                processId: child.pid,
+                exitCode: code,
+                signal,
+            });
+        });
+    });
+}

package/dist/providers/subprocessTemplateProvider.d.ts

@@ -0,0 +1,8 @@
+import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
+import type { SubprocessTemplateConfig } from "../types/sessionConfig.js";
+export declare class SubprocessTemplateProvider implements FreshSessionProvider {
+    name: string;
+    private readonly config;
+    constructor(config: SubprocessTemplateConfig, name?: string);
+    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+}

package/dist/providers/subprocessTemplateProvider.js

@@ -0,0 +1,41 @@
+import { readJsonFile } from "../io/json.js";
+import { spawnLoggedCommand } from "./spawnLoggedCommand.js";
+function shellQuote(arg) {
+    return JSON.stringify(arg);
+}
+function applyTemplate(template, input, task) {
+    const workerCommandShell = task.worker_command.map(shellQuote).join(" ");
+    const workerCommandJson = JSON.stringify(task.worker_command);
+    const values = {
+        repoRoot: input.repoRoot,
+        runId: input.runId,
+        obligationId: input.obligationId ?? "",
+        promptPath: input.promptPath,
+        taskPath: input.taskPath,
+        resultPath: input.resultPath,
+        stdoutPath: input.stdoutPath,
+        stderrPath: input.stderrPath,
+        workerCommandShell,
+        workerCommandJson,
+        uiMode: input.uiMode,
+        timeoutMs: String(input.timeoutMs),
+    };
+    return template.replace(/\{([A-Za-z0-9_]+)\}/g, (_match, key) => values[key] ?? "");
+}
+export class SubprocessTemplateProvider {
+    name;
+    config;
+    constructor(config, name = "subprocess-template") {
+        this.config = config;
+        this.name = name;
+    }
+    async launch(input) {
+        const task = await readJsonFile(input.taskPath);
+        if (!this.config.command_template.length) {
+            throw new Error(`${this.name} provider requires a non-empty command_template.`);
+        }
+        const rendered = this.config.command_template.map((entry) => applyTemplate(entry, input, task));
+        const [command, ...args] = rendered;
+        return await spawnLoggedCommand(command, args, input, this.config.env);
+    }
+}

package/dist/providers/types.d.ts

@@ -0,0 +1,22 @@
+export interface LaunchFreshSessionInput {
+    repoRoot: string;
+    runId: string;
+    obligationId: string | null;
+    promptPath: string;
+    taskPath: string;
+    resultPath: string;
+    stdoutPath: string;
+    stderrPath: string;
+    uiMode: "visible" | "headless";
+    timeoutMs: number;
+}
+export interface LaunchFreshSessionResult {
+    accepted: boolean;
+    processId?: number;
+    exitCode?: number | null;
+    signal?: string | null;
+}
+export interface FreshSessionProvider {
+    name: string;
+    launch(input: LaunchFreshSessionInput): Promise<LaunchFreshSessionResult>;
+}

package/dist/providers/types.js

@@ -0,0 +1 @@
+export {};