auditor-lambda 0.10.2 → 0.10.7

package/dist/orchestrator/autoFixExecutor.js

@@ -4,7 +4,11 @@ import { isAuditExcludedStatus } from "../extractors/disposition.js";
 import { resolveNodeTool, runFirstAvailableCommand, } from "./localCommands.js";
 function tryRunConfiguredFormatter(root, candidates) {
     const result = runFirstAvailableCommand(root, candidates);
-    return result !== null && !result.error && result.exitCode === 0;
+    if (result === null)
+        return "not_found";
+    if (!result.error && result.exitCode === 0)
+        return "success";
+    return "failed";
 }
 const PRETTIER_CONFIG_FILES = [
     ".prettierrc",
@@ -43,6 +47,17 @@ async function hasPrettierConfig(root) {
         return false;
     }
 }
+function runFormatter(root, toolName, candidates, executedTools, failedTools, toolTimings) {
+    const start = Date.now();
+    const outcome = tryRunConfiguredFormatter(root, candidates);
+    if (outcome === "success") {
+        executedTools.push(toolName);
+        toolTimings.push({ tool: toolName, duration_ms: Date.now() - start });
+    }
+    else if (outcome === "failed") {
+        failedTools.push(toolName);
+    }
+}
 export async function runAutoFixExecutor(bundle, root) {
     if (!bundle.file_disposition) {
         throw new Error("Cannot run auto fix executor without file_disposition");
@@ -57,6 +72,7 @@ export async function runAutoFixExecutor(bundle, root) {
         }
     }
     const executedTools = [];
+    const failedTools = [];
     const toolTimings = [];
     // JS, TS, HTML, CSS, JSON, YAML, MD
     if ((await hasPrettierConfig(root)) &&
@@ -70,62 +86,60 @@ export async function runAutoFixExecutor(bundle, root) {
             extensions.has("yml") ||
             extensions.has("yaml") ||
             extensions.has("md"))) {
-        const prettierStart = Date.now();
-        if (tryRunConfiguredFormatter(root, [
+        runFormatter(root, "prettier", [
             ...resolveNodeTool(root, join("node_modules", "prettier", "bin", "prettier.cjs"), ["--write", "."], "prettier --write ."),
             { command: "prettier", args: ["--write", "."], display: "prettier --write ." },
             { command: "npx", args: ["--yes", "prettier", "--write", "."], display: "npx --yes prettier --write ." },
-        ])) {
-            executedTools.push("prettier");
-            toolTimings.push({ tool: "prettier", duration_ms: Date.now() - prettierStart });
-        }
+        ], executedTools, failedTools, toolTimings);
     }
     // Python
     if (extensions.has("py")) {
-        const blackStart = Date.now();
-        if (tryRunConfiguredFormatter(root, [
+        runFormatter(root, "black", [
             { command: "black", args: ["."], display: "black ." },
             { command: "python", args: ["-m", "black", "."], display: "python -m black ." },
             { command: "uvx", args: ["black", "."], display: "uvx black ." },
             { command: "pipx", args: ["run", "black", "."], display: "pipx run black ." },
-        ])) {
-            executedTools.push("black");
-            toolTimings.push({ tool: "black", duration_ms: Date.now() - blackStart });
-        }
+        ], executedTools, failedTools, toolTimings);
     }
     // SQL
     if (extensions.has("sql")) {
-        const sqlfluffStart = Date.now();
-        if (tryRunConfiguredFormatter(root, [
+        runFormatter(root, "sqlfluff", [
             { command: "sqlfluff", args: ["fix", "--force", "."], display: "sqlfluff fix --force ." },
             { command: "uvx", args: ["sqlfluff", "fix", "--force", "."], display: "uvx sqlfluff fix --force ." },
             { command: "pipx", args: ["run", "sqlfluff", "fix", "--force", "."], display: "pipx run sqlfluff fix --force ." },
-        ])) {
-            executedTools.push("sqlfluff");
-            toolTimings.push({ tool: "sqlfluff", duration_ms: Date.now() - sqlfluffStart });
-        }
+        ], executedTools, failedTools, toolTimings);
     }
     // Go
     if (extensions.has("go")) {
-        const gofmtStart = Date.now();
-        if (tryRunConfiguredFormatter(root, [
+        runFormatter(root, "gofmt", [
             { command: "gofmt", args: ["-w", "."], display: "gofmt -w ." },
-        ])) {
-            executedTools.push("gofmt");
-            toolTimings.push({ tool: "gofmt", duration_ms: Date.now() - gofmtStart });
-        }
+        ], executedTools, failedTools, toolTimings);
     }
     const resultsArtifact = {
         executed_tools: executedTools,
+        failed_tools: failedTools,
         tool_timings: toolTimings,
         timestamp: new Date().toISOString(),
     };
+    let progressDetail;
+    if (executedTools.length === 0 && failedTools.length === 0) {
+        progressDetail = "Formatters executed: None.";
+    }
+    else if (failedTools.length === 0) {
+        progressDetail = `Formatters executed: ${executedTools.join(", ")}.`;
+    }
+    else if (executedTools.length === 0) {
+        progressDetail = `Formatters executed: None. Formatters failed: ${failedTools.join(", ")}.`;
+    }
+    else {
+        progressDetail = `Formatters executed: ${executedTools.join(", ")}. Formatters failed: ${failedTools.join(", ")}.`;
+    }
     return {
         updated: {
             ...bundle,
             auto_fixes_applied: resultsArtifact,
         },
         artifacts_written: ["auto_fixes_applied.json"],
-        progress_summary: `Phase 1 Deterministic Auto-Fix complete. Formatters executed: ${executedTools.length > 0 ? executedTools.join(", ") : "None"}.`,
+        progress_summary: `Phase 1 Deterministic Auto-Fix complete. ${progressDetail}`,
     };
 }

package/dist/orchestrator/dependencyMap.js

@@ -1,7 +1,7 @@
 // Invalidation map keyed by UPSTREAM artifact → the list of DOWNSTREAM
 // artifacts that depend on it (and so become stale when it changes). The name
 // reflects the actual direction: each entry's value is that key's *dependents*.
-// `buildReverseDependencyMap` flips this to the "X depends on Y" view used by
+// `buildArtifactDependenciesMap` flips this to the "X depends on Y" view used by
 // computeArtifactMetadata. (Renamed from the misleading ARTIFACT_DEPENDENCY_MAP,
 // which read as "X's dependencies" — the opposite of what it stores.)
 export const ARTIFACT_DEPENDENTS_MAP = {

package/dist/orchestrator/executorResult.d.ts

@@ -1,4 +1,16 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
+/**
+ * Structured log event emitted during an executor step. Machine consumers should
+ * read `log_entries` and `degraded` on `ExecutorRunResult` rather than parsing
+ * `progress_summary`.
+ */
+export interface LogEntry {
+    severity: "debug" | "info" | "warn" | "error";
+    message: string;
+    timestamp_ms: number;
+    /** Contextual key/value pairs such as task_id, run_id, analyzer name, file path. */
+    context?: Record<string, unknown>;
+}
 /**
  * Resolved audit scope, emitted by the intake executor so the conversation-first
  * loader can echo what is about to be audited (and gate on confirmation when a
@@ -23,6 +35,9 @@ export interface ScopeSummary {
  * artifact filenames it wrote (which drive metadata/staleness bookkeeping in
  * advanceAudit), and a one-line human progress summary. Shared by every executor
  * module so they need not depend on the internalExecutors barrel.
+ *
+ * `progress_summary` is a human-readable one-liner for UI display only. Machine
+ * consumers should read `log_entries` and `degraded` instead of parsing it.
  */
 export interface ExecutorRunResult {
     updated: ArtifactBundle;
@@ -34,4 +49,22 @@ export interface ExecutorRunResult {
      * `mis_scope_smells` is non-empty.
      */
     scope_summary?: ScopeSummary;
+    /**
+     * Structured log events emitted during the step (errors, warnings, partial
+     * failures, analyzer skips). Machine consumers should read this instead of
+     * parsing `progress_summary`.
+     */
+    log_entries?: LogEntry[];
+    /**
+     * Wall-clock milliseconds from executor entry to return, enabling step-latency
+     * tracking without string-parsing.
+     */
+    step_duration_ms?: number;
+    /**
+     * Set to `true` when the step completed but encountered at least one non-fatal
+     * error (e.g. a language-analyzer failure, a line-count error, a missing task
+     * artifact). Lets callers detect partial failure without scanning
+     * `progress_summary`.
+     */
+    degraded?: boolean;
 }

package/dist/orchestrator/executors.d.ts

@@ -1,6 +1,13 @@
 export interface ExecutorDefinition {
     id: string;
+    kind: "deterministic" | "host_delegation";
     obligation_ids: string[];
     description: string;
 }
+/**
+ * Returns true when the executor identified by `id` is a host-delegation point
+ * (i.e. it pauses the deterministic pipeline and asks the active LLM agent to
+ * perform work) rather than a deterministic executor.
+ */
+export declare function isHostDelegationExecutor(id: string): boolean;
 export declare const EXECUTOR_REGISTRY: ExecutorDefinition[];

package/dist/orchestrator/executors.js

@@ -1,76 +1,100 @@
+/**
+ * Returns true when the executor identified by `id` is a host-delegation point
+ * (i.e. it pauses the deterministic pipeline and asks the active LLM agent to
+ * perform work) rather than a deterministic executor.
+ */
+export function isHostDelegationExecutor(id) {
+    const entry = EXECUTOR_REGISTRY.find((e) => e.id === id);
+    return entry?.kind === "host_delegation";
+}
 export const EXECUTOR_REGISTRY = [
     {
         id: "intake_executor",
+        kind: "deterministic",
         obligation_ids: ["repo_manifest", "file_disposition"],
         description: "Create intake artifacts for repository discovery and disposition.",
     },
     {
         id: "structure_executor",
+        kind: "deterministic",
         obligation_ids: ["structure_artifacts"],
         description: "Build structure artifacts such as units, surfaces, graphs, flows, and risk.",
     },
     {
         id: "graph_enrichment_executor",
+        kind: "deterministic",
         obligation_ids: ["graph_enrichment_current"],
         description: "Layer optional language-analyzer edges onto the deterministic graph (regex floor preserved); record analyzer provenance.",
     },
     {
         id: "design_assessment_executor",
+        kind: "deterministic",
         obligation_ids: ["design_assessment_current"],
         description: "Run deterministic structural analysis to assess overall project design.",
     },
     {
         id: "design_review",
+        kind: "host_delegation",
         obligation_ids: ["design_review_completed"],
         description: "Pause the pipeline and delegate a holistic project design review to the active LLM agent.",
     },
     {
         id: "planning_executor",
+        kind: "deterministic",
         obligation_ids: ["planning_artifacts"],
         description: "Build coverage, tasks, runtime validation planning artifacts, and related planning outputs.",
     },
     {
         id: "result_ingestion_executor",
+        kind: "deterministic",
         obligation_ids: ["audit_results_ingested"],
         description: "Ingest available audit result artifacts and refresh dependent coverage artifacts.",
     },
     {
         id: "runtime_validation_executor",
+        kind: "deterministic",
         obligation_ids: ["runtime_validation_current"],
         description: "Merge runtime validation evidence updates when provided.",
     },
     {
         id: "runtime_validation_update_executor",
+        kind: "deterministic",
         obligation_ids: [],
         description: "Merge imported runtime validation evidence updates.",
     },
     {
         id: "synthesis_executor",
+        kind: "deterministic",
         obligation_ids: ["synthesis_current"],
         description: "Emit the canonical audit-findings.json and render the deterministic Markdown audit report.",
     },
     {
         id: "synthesis_narrative_executor",
+        kind: "deterministic",
         obligation_ids: ["synthesis_narrative_current"],
         description: "Resolve the optional synthesis narrative (themes, executive summary, top risks); omit deterministically without a provider.",
     },
     {
         id: "external_analyzer_import_executor",
+        kind: "deterministic",
         obligation_ids: [],
         description: "Import normalized external analyzer results into the artifact set.",
     },
     {
         id: "auto_fix_executor",
+        kind: "deterministic",
         obligation_ids: ["auto_fixes_applied"],
         description: "Run configured deterministic code formatters to apply surface-level fixes automatically.",
     },
     {
         id: "syntax_resolution_executor",
+        kind: "deterministic",
         obligation_ids: ["syntax_resolved"],
         description: "Run deterministic static analysis/compilers and extract any remaining unfixable syntactical errors into external signals.",
     },
     {
         id: "agent",
+        kind: "host_delegation",
         obligation_ids: ["audit_tasks_completed"],
         description: "Pause the pipeline and delegate pending codebase review tasks or syntax resolutions to the active LLM agent.",
     },

package/dist/orchestrator/fileAnchors.js

@@ -7,7 +7,13 @@
  */
 const GRAPH_EDGE_BUCKETS = ["imports", "calls", "references"];
 const MAX_ANCHORS = 160;
-const KEYWORD_PATTERN = /\b(auth|token|password|secret|permission|role|sql|query|exec|spawn|eval|deserialize|encrypt|decrypt|cache|retry|timeout|transaction|lock|race|TODO|FIXME)\b/i;
+// Keywords that signal elevated-risk or review-worthy lines, grouped by concern:
+// auth/access:              auth, password, permission, role, secret, token
+// injection/execution:      deserialize, eval, exec, query, spawn, sql
+// crypto:                   decrypt, encrypt
+// concurrency/reliability:  cache, lock, race, retry, timeout, transaction
+// debt markers:             FIXME, TODO
+const KEYWORD_PATTERN = /\b(auth|password|permission|role|secret|token|deserialize|eval|exec|query|spawn|sql|decrypt|encrypt|cache|lock|race|retry|timeout|transaction|FIXME|TODO)\b/i;
 const SYMBOL_PATTERNS = [
     {
         kind: "import",
@@ -124,6 +130,35 @@ function collectGraphEdges(graphBundle, path) {
         a.from.localeCompare(b.from) ||
         a.to.localeCompare(b.to));
 }
+function scanSymbol(line, lineNumber, anchors, seen) {
+    for (const { kind, pattern, label } of SYMBOL_PATTERNS) {
+        const match = line.match(pattern);
+        if (!match) {
+            continue;
+        }
+        const name = match.slice(1).find((value) => value && value.trim().length > 0) ?? label;
+        addAnchor(anchors, seen, {
+            kind,
+            name: truncate(name, 80),
+            line: lineNumber,
+            detail: truncate(`${label}: ${line}`, 180),
+        });
+        return kind;
+    }
+    return null;
+}
+function scanKeyword(line, lineNumber, anchors, seen) {
+    if (!KEYWORD_PATTERN.test(line)) {
+        return false;
+    }
+    addAnchor(anchors, seen, {
+        kind: "keyword",
+        name: truncate(line.match(KEYWORD_PATTERN)?.[1] ?? "keyword", 80),
+        line: lineNumber,
+        detail: truncate(line, 180),
+    });
+    return true;
+}
 export function buildFileAnchorSummary(params) {
     const anchors = [];
     const seen = new Set();
@@ -148,35 +183,13 @@ export function buildFileAnchorSummary(params) {
     }
     lines.forEach((line, index) => {
         const lineNumber = index + 1;
-        for (const { kind, pattern, label } of SYMBOL_PATTERNS) {
-            const match = line.match(pattern);
-            if (!match) {
-                continue;
-            }
-            const name = match.slice(1).find((value) => value && value.trim().length > 0) ?? label;
-            if (kind === "route") {
-                routeCount += 1;
-            }
-            else if (kind === "symbol") {
-                symbolCount += 1;
-            }
-            addAnchor(anchors, seen, {
-                kind,
-                name: truncate(name, 80),
-                line: lineNumber,
-                detail: truncate(`${label}: ${line}`, 180),
-            });
-            break;
-        }
-        if (KEYWORD_PATTERN.test(line)) {
+        const symbolKind = scanSymbol(line, lineNumber, anchors, seen);
+        if (symbolKind === "route")
+            routeCount += 1;
+        else if (symbolKind === "symbol")
+            symbolCount += 1;
+        if (scanKeyword(line, lineNumber, anchors, seen))
             keywordCount += 1;
-            addAnchor(anchors, seen, {
-                kind: "keyword",
-                name: truncate(line.match(KEYWORD_PATTERN)?.[1] ?? "keyword", 80),
-                line: lineNumber,
-                detail: truncate(line, 180),
-            });
-        }
     });
     const graphEdges = collectGraphEdges(params.graphBundle, path);
     for (const edge of graphEdges) {

package/dist/orchestrator/fileIntegrity.js

@@ -36,7 +36,12 @@ export async function checkFileIntegrity(root, manifest, scope) {
                 missing.push(record.path);
             }
             else {
-                console.warn(`fileIntegrity: I/O error on ${record.path}: ${code ?? String(err)}`);
+                console.warn('fileIntegrity: I/O error', {
+                    root,
+                    scope_size: files.length,
+                    file: record.path,
+                    code: code ?? String(err),
+                });
                 ioErrors.push(record.path);
             }
         }

package/dist/orchestrator/flowCoverage.js

@@ -32,8 +32,7 @@ export function buildFlowCoverage(criticalFlows, coverageMatrix) {
             }
         }
         const completed_lenses = [...completed];
-        const status = required.length > 0 &&
-            required.every((lens) => completed_lenses.includes(lens))
+        const status = required.every((lens) => completed_lenses.includes(lens))
             ? "complete"
             : completed_lenses.length > 0
                 ? "partial"

package/dist/orchestrator/flowPlanning.js

@@ -1,21 +1,25 @@
-const DEFAULT_FLOW_LENS_PRIORITY = [
+const FLOW_REVIEW_LENSES = [
     "security",
     "reliability",
     "correctness",
+    "data_integrity",
+    "operability",
+    "performance",
+    "observability",
 ];
 function lensPathKey(lens, path) {
     return `${lens}:${path}`;
 }
 function flowLensPriority(lens) {
-    const index = DEFAULT_FLOW_LENS_PRIORITY.indexOf(lens);
-    return index >= 0 ? index : DEFAULT_FLOW_LENS_PRIORITY.length;
+    const index = FLOW_REVIEW_LENSES.indexOf(lens);
+    return index >= 0 ? index : FLOW_REVIEW_LENSES.length;
 }
 export function claimFlowReviewBlocks(criticalFlows, pendingByLens, assigned) {
     const candidates = [];
     for (const flow of criticalFlows.flows) {
         const flowPaths = [...new Set(flow.paths)].sort((a, b) => a.localeCompare(b));
         const desiredLenses = flow.concerns
-            .filter((concern) => DEFAULT_FLOW_LENS_PRIORITY.includes(concern))
+            .filter((concern) => FLOW_REVIEW_LENSES.includes(concern))
             .sort((a, b) => flowLensPriority(a) - flowLensPriority(b));
         for (const lens of desiredLenses) {
             const pendingPaths = pendingByLens.get(lens);

package/dist/orchestrator/graphEnrichmentExecutor.js

@@ -39,6 +39,58 @@ function mergeRoutes(floor, analyzer) {
         a.handler.localeCompare(b.handler) ||
         (a.method ?? "").localeCompare(b.method ?? ""));
 }
+/**
+ * Run one analyzer: resolve its dependency, invoke analyze(), and return a
+ * discriminated result. Early-exit guards (not_applicable / skip / absent-root)
+ * are handled by the caller; this helper starts from a confirmed runnable state.
+ */
+async function runSingleAnalyzer(analyzer, root, setting, bundle, pathLookup, includedFiles, disposition, cacheRoot) {
+    const run = resolveForRun(analyzer, root, setting, cacheRoot);
+    if (run.resolution === "absent") {
+        return { ok: false, note: run.note ?? "Dependency absent.", resolution: "absent" };
+    }
+    try {
+        const output = await analyzer.analyze(includedFiles.filter((f) => analyzer.supports(f)), {
+            root,
+            repoManifest: bundle.repo_manifest,
+            disposition,
+            includedFiles,
+            pathLookup,
+            dependencyPath: run.path,
+        });
+        return {
+            ok: true,
+            edges: output.edges ?? [],
+            routes: output.routes ?? [],
+            resolution: run.resolution,
+        };
+    }
+    catch (error) {
+        const note = error instanceof Error
+            ? `Analyzer failed [${error.name}]: ${error.message}${error.stack ? ` — stack: ${error.stack.split("\n").slice(0, 4).join(" | ")}` : ""}`
+            : `Analyzer failed: ${String(error)}.`;
+        return { ok: false, note, resolution: run.resolution };
+    }
+}
+/**
+ * Assemble the enriched GraphBundle from the regex floor plus per-bucket
+ * analyzer edges and merged route edges.
+ */
+function buildEnrichedGraph(floor, bucketEdges, routeEdges, analyzersUsed) {
+    return {
+        ...floor,
+        graphs: {
+            ...floor.graphs,
+            imports: mergeAnalyzerEdges(floor.graphs.imports ?? [], bucketEdges.imports),
+            calls: mergeAnalyzerEdges(floor.graphs.calls ?? [], bucketEdges.calls),
+            references: mergeAnalyzerEdges(floor.graphs.references ?? [], bucketEdges.references),
+            ...(routeEdges.length > 0
+                ? { routes: mergeRoutes(floor.graphs.routes ?? [], routeEdges) }
+                : {}),
+        },
+        analyzers_used: [...new Set(analyzersUsed)].sort(),
+    };
+}
 /**
  * Resolve a dependency for actual execution (may install for ephemeral/permanent).
  * `auto`/`repo` with an absent dependency falls back to the regex floor.
@@ -107,38 +159,16 @@ export async function runGraphEnrichmentExecutor(bundle, options = {}) {
             entries.push({ id: analyzer.id, resolution: "absent", setting, edges_added: 0, routes_added: 0, note: "No repository root available for analysis." });
             continue;
         }
-        const run = resolveForRun(analyzer, root, setting, options.cacheRoot);
-        if (run.resolution === "absent") {
-            entries.push({ id: analyzer.id, resolution: "absent", setting, edges_added: 0, routes_added: 0, note: run.note });
-            continue;
-        }
-        let edges = [];
-        let routes = [];
-        try {
-            const output = await analyzer.analyze(supportedFiles, {
-                root,
-                repoManifest: bundle.repo_manifest,
-                disposition,
-                includedFiles,
-                pathLookup,
-                dependencyPath: run.path,
-            });
-            edges = output.edges ?? [];
-            routes = output.routes ?? [];
-        }
-        catch (error) {
-            entries.push({
-                id: analyzer.id,
-                resolution: run.resolution,
-                setting,
-                edges_added: 0,
-                routes_added: 0,
-                note: error instanceof Error
-                    ? `Analyzer failed [${error.name}]: ${error.message}${error.stack ? ` — stack: ${error.stack.split("\n").slice(0, 4).join(" | ")}` : ""}`
-                    : `Analyzer failed: ${String(error)}.`,
-            });
+        const result = await runSingleAnalyzer(analyzer, root, setting, bundle, pathLookup, includedFiles, disposition, options.cacheRoot);
+        if (!result.ok) {
+            const entry = { id: analyzer.id, resolution: result.resolution, setting, edges_added: 0, routes_added: 0, note: result.note };
+            entries.push(entry);
+            if (entry.note?.startsWith("Analyzer failed")) {
+                console.warn(`[graph-enrichment] Analyzer '${analyzer.id}' failed: ${entry.note}`);
+            }
             continue;
         }
+        const { edges, routes, resolution } = result;
         for (const edge of edges) {
             bucketEdges[bucketForKind(edge.kind)].push(edge);
         }
@@ -146,7 +176,7 @@ export async function runGraphEnrichmentExecutor(bundle, options = {}) {
         if (edges.length + routes.length > 0) {
             analyzersUsed.push(analyzer.id);
         }
-        entries.push({ id: analyzer.id, resolution: run.resolution, setting, edges_added: edges.length, routes_added: routes.length });
+        entries.push({ id: analyzer.id, resolution, setting, edges_added: edges.length, routes_added: routes.length });
     }
     const applied = analyzersUsed.length > 0;
     const record = {
@@ -158,19 +188,7 @@ export async function runGraphEnrichmentExecutor(bundle, options = {}) {
     // reasons of low-confidence edges on whichever graph stands — the floor's
     // heuristic edges exist regardless of analyzers.
     const graphBundle = applied
-        ? {
-            ...floor,
-            graphs: {
-                ...floor.graphs,
-                imports: mergeAnalyzerEdges(floor.graphs.imports ?? [], bucketEdges.imports),
-                calls: mergeAnalyzerEdges(floor.graphs.calls ?? [], bucketEdges.calls),
-                references: mergeAnalyzerEdges(floor.graphs.references ?? [], bucketEdges.references),
-                ...(routeEdges.length > 0
-                    ? { routes: mergeRoutes(floor.graphs.routes ?? [], routeEdges) }
-                    : {}),
-            },
-            analyzers_used: [...new Set(analyzersUsed)].sort(),
-        }
+        ? buildEnrichedGraph(floor, bucketEdges, routeEdges, analyzersUsed)
         : floor;
     let reasoned = { rewritten: 0, candidates: 0 };
     if (options.llmEdgeReasoning === true && options.edgeReasoning) {
@@ -181,10 +199,14 @@ export async function runGraphEnrichmentExecutor(bundle, options = {}) {
         ? ` Edge reasoning rewrote ${reasoned.rewritten} reason(s).`
         : "";
     if (!graphChanged) {
+        const failedEntries = entries.filter((e) => e.note?.startsWith("Analyzer failed"));
+        const failureSuffix = failedEntries.length > 0
+            ? `; ${failedEntries.length} analyzer(s) failed: ${failedEntries.map((e) => e.id).join(", ")} (see analyzer_capability.json)`
+            : "";
         return {
             updated: { ...bundle, analyzer_capability: record },
             artifacts_written: ["analyzer_capability.json"],
-            progress_summary: "Graph enrichment omitted; deterministic regex graph retained.",
+            progress_summary: `Graph enrichment omitted; deterministic regex graph retained.${failureSuffix}`,
         };
     }
     const totalEdges = entries.reduce((sum, entry) => sum + entry.edges_added, 0);

package/dist/orchestrator/ingestionExecutors.js

@@ -139,6 +139,8 @@ export async function runRuntimeValidationExecutor(bundle, root, options = {}) {
     const existing = bundle.runtime_validation_report ?? { results: [] };
     const byTaskId = new Map(existing.results.map((result) => [result.task_id, result]));
     const byCommand = new Map();
+    let uniqueCommandsRun = 0;
+    let deduplicatedHits = 0;
     for (const task of bundle.runtime_validation_tasks.tasks) {
         const prior = byTaskId.get(task.id);
         if (prior &&
@@ -156,6 +158,12 @@ export async function runRuntimeValidationExecutor(bundle, root, options = {}) {
             continue;
         }
         const signature = task.command.join("\0");
+        if (byCommand.has(signature)) {
+            deduplicatedHits++;
+        }
+        else {
+            uniqueCommandsRun++;
+        }
         const outcome = byCommand.get(signature) ?? (await runCommand(task.command, root, { opentoken: options.opentoken }));
         byCommand.set(signature, outcome);
         byTaskId.set(task.id, {
@@ -185,7 +193,7 @@ export async function runRuntimeValidationExecutor(bundle, root, options = {}) {
             "runtime_validation_report.json",
             ...selectiveDeepening.artifacts,
         ],
-        progress_summary: `Executed deterministic runtime validation for ${bundle.runtime_validation_tasks.tasks.length} task(s).` +
+        progress_summary: `Executed deterministic runtime validation for ${bundle.runtime_validation_tasks.tasks.length} task(s) (${uniqueCommandsRun} unique command(s) run, ${deduplicatedHits} served from deduplication cache).` +
             selectiveDeepening.summarySuffix,
     };
 }

package/dist/orchestrator/intakeExecutors.d.ts

@@ -1,9 +1,5 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
 import type { ExecutorRunResult } from "./executorResult.js";
-/** Prefix used to carry the scope summary inside `progress_summary` for hosts
- *  that read the step's progress text rather than the `scope_summary.json`
- *  artifact. The loader extracts everything after this marker as JSON. */
-export declare const SCOPE_SUMMARY_PREFIX = "SCOPE_SUMMARY:";
 /**
  * Detect signals that the resolved audit root may be the *wrong* directory.
  * Two heuristics, returned as zero or more human-readable warnings: