auditor-lambda 0.10.2 → 0.10.7

package/dist/types.d.ts

@@ -1,10 +1,25 @@
 import type { Finding as SharedFinding } from "@audit-tools/shared";
 export type Lens = "correctness" | "architecture" | "maintainability" | "security" | "reliability" | "performance" | "data_integrity" | "tests" | "operability" | "config_deployment" | "observability";
-/** Canonical list of every valid {@link Lens}. Single source of truth — import
- * {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into local
- * guards, which drift (a copy omitting "observability" caused it to be wrongly
- * rejected in flow requeue). */
+/** Single authoritative record for one audit lens. `order_weight` governs task
+ * priority ordering — lower values sort earlier (higher urgency). */
+export interface LensDefinition {
+    id: Lens;
+    display_name: string;
+    /** Lower = higher priority in task ordering. */
+    order_weight: number;
+    default_enabled: boolean;
+}
+/** Single source of truth for all lens metadata. Adding or renaming a lens
+ * requires a single edit here; `ALL_LENSES`, `ENABLED_LENSES`, and
+ * `LENS_ORDER` (in auditTaskUtils) are all derived from this registry. */
+export declare const LENS_REGISTRY: readonly LensDefinition[];
+/** Canonical list of every valid {@link Lens}. Derived from {@link LENS_REGISTRY}
+ * — import {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into
+ * local guards, which drift (a copy omitting "observability" caused it to be
+ * wrongly rejected in flow requeue). */
 export declare const ALL_LENSES: readonly Lens[];
+/** Lenses enabled by default (all entries in the registry with default_enabled true). */
+export declare const ENABLED_LENSES: readonly Lens[];
 export declare function isLens(value: unknown): value is Lens;
 export interface FileRecord {
     path: string;
@@ -100,4 +115,6 @@ export interface AuditResult {
     requires_followup?: boolean;
     followup_tasks?: string[];
     verification?: AuditVerification;
+    run_id?: string;
+    submitted_at?: string;
 }

package/dist/types.js

@@ -1,20 +1,28 @@
-/** Canonical list of every valid {@link Lens}. Single source of truth — import
- * {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into local
- * guards, which drift (a copy omitting "observability" caused it to be wrongly
- * rejected in flow requeue). */
-export const ALL_LENSES = [
-    "correctness",
-    "architecture",
-    "maintainability",
-    "security",
-    "reliability",
-    "performance",
-    "data_integrity",
-    "tests",
-    "operability",
-    "config_deployment",
-    "observability",
+/** Single source of truth for all lens metadata. Adding or renaming a lens
+ * requires a single edit here; `ALL_LENSES`, `ENABLED_LENSES`, and
+ * `LENS_ORDER` (in auditTaskUtils) are all derived from this registry. */
+export const LENS_REGISTRY = [
+    { id: "security", display_name: "Security", order_weight: 10, default_enabled: true },
+    { id: "correctness", display_name: "Correctness", order_weight: 20, default_enabled: true },
+    { id: "reliability", display_name: "Reliability", order_weight: 30, default_enabled: true },
+    { id: "data_integrity", display_name: "Data Integrity", order_weight: 40, default_enabled: true },
+    { id: "performance", display_name: "Performance", order_weight: 50, default_enabled: true },
+    { id: "architecture", display_name: "Architecture", order_weight: 60, default_enabled: true },
+    { id: "operability", display_name: "Operability", order_weight: 70, default_enabled: true },
+    { id: "config_deployment", display_name: "Config & Deployment", order_weight: 80, default_enabled: true },
+    { id: "observability", display_name: "Observability", order_weight: 90, default_enabled: true },
+    { id: "maintainability", display_name: "Maintainability", order_weight: 100, default_enabled: true },
+    { id: "tests", display_name: "Tests", order_weight: 110, default_enabled: true },
 ];
+/** Canonical list of every valid {@link Lens}. Derived from {@link LENS_REGISTRY}
+ * — import {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into
+ * local guards, which drift (a copy omitting "observability" caused it to be
+ * wrongly rejected in flow requeue). */
+export const ALL_LENSES = LENS_REGISTRY.map((d) => d.id);
+/** Lenses enabled by default (all entries in the registry with default_enabled true). */
+export const ENABLED_LENSES = LENS_REGISTRY
+    .filter((d) => d.default_enabled)
+    .map((d) => d.id);
 export function isLens(value) {
     return (typeof value === "string" && ALL_LENSES.includes(value));
 }

package/dist/validation/artifacts.js

@@ -261,5 +261,8 @@ export function validateArtifactBundle(bundle) {
             }
         }
     }
+    if (issues.length > 0) {
+        process.stderr.write(`[artifact-bundle validation] ${issues.length} issue(s)\n`);
+    }
     return issues;
 }

package/dist/validation/auditResults.js

@@ -589,7 +589,8 @@ export function validateAuditResults(results, tasks, options = {}) {
                 if (!isRecord(affected) || !isNonEmptyString(affected.path)) {
                     continue;
                 }
-                if (!declaredAssignedCoveragePaths.has(affected.path)) {
+                const affectedPathNorm = normalizeCoveragePath(affected.path);
+                if (!declaredAssignedCoveragePaths.has(affectedPathNorm)) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
@@ -605,7 +606,7 @@ export function validateAuditResults(results, tasks, options = {}) {
                 const end = Number.isInteger(affected.line_end)
                     ? Number(affected.line_end)
                     : start;
-                if (!coversAffectedSpan(normalizedFileCoverage, affected.path, start, end)) {
+                if (!coversAffectedSpan(normalizedFileCoverage, affectedPathNorm, start, end)) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
@@ -618,6 +619,11 @@ export function validateAuditResults(results, tasks, options = {}) {
         }
         validateVerification(result.verification, result, task, normalizedFileCoverage, taskId, i, issues);
     }
+    if (issues.length > 0) {
+        const errors = issues.filter((i) => i.severity === "error").length;
+        const warnings = issues.filter((i) => i.severity === "warning").length;
+        process.stderr.write(`[audit-results validation] ${errors} error(s), ${warnings} warning(s) across ${results.length} result(s)\n`);
+    }
     return issues;
 }
 export function formatAuditResultIssues(issues) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.10.2",
+  "version": "0.10.7",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",
@@ -10,7 +10,7 @@
   "files": [
     "dist/**",
     "audit-code.mjs",
-    "audit-code-wrapper-lib.mjs",
+    "audit-code-wrapper-*.mjs",
     "dispatch/**",
     "schemas/**",
     "skills/audit-code/**",

package/schemas/audit_findings.schema.json

@@ -24,6 +24,10 @@
           "type": "object",
           "additionalProperties": { "type": "integer", "minimum": 0 }
         },
+        "lens_breakdown": {
+          "type": "object",
+          "additionalProperties": { "type": "integer", "minimum": 0 }
+        },
         "audited_file_count": { "type": "integer", "minimum": 0 },
         "excluded_file_count": { "type": "integer", "minimum": 0 },
         "budget_deferred_task_count": { "type": "integer", "minimum": 0 },
@@ -58,7 +62,7 @@
             "enum": ["critical", "high", "medium", "low", "info"]
           },
           "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
-          "lens": { "type": "string", "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"] },
+          "lens": { "$ref": "lens.schema.json" },
           "summary": { "type": "string" },
           "affected_files": {
             "type": "array",

package/schemas/audit_plan_metrics.schema.json

@@ -341,7 +341,7 @@
           "minimum": 0
         }
       },
-      "additionalProperties": false
+      "additionalProperties": { "type": "integer", "minimum": 0 }
     }
   }
 }

package/schemas/audit_result.schema.json

@@ -23,10 +23,7 @@
     "task_id": { "type": "string" },
     "unit_id": { "type": "string" },
     "pass_id": { "type": "string" },
-    "lens": {
-      "type": "string",
-      "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-    },
+    "lens": { "$ref": "lens.schema.json" },
     "agent_role": { "type": "string" },
     "file_coverage": {
       "type": "array",
@@ -52,7 +49,7 @@
     "requires_followup": { "type": "boolean" },
     "followup_tasks": {
       "type": "array",
-      "items": { "type": "string" }
+      "items": { "$ref": "#/$defs/AuditTask" }
     },
     "verification": {
       "type": "object",
@@ -78,7 +75,9 @@
         }
       },
       "additionalProperties": false
-    }
+    },
+    "run_id": { "type": "string" },
+    "submitted_at": { "type": "string", "format": "date-time" }
   },
   "additionalProperties": false
 }

package/schemas/audit_task.schema.json

@@ -15,10 +15,7 @@
     "task_id": { "type": "string" },
     "unit_id": { "type": "string" },
     "pass_id": { "type": "string" },
-    "lens": {
-      "type": "string",
-      "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-    },
+    "lens": { "$ref": "lens.schema.json" },
     "file_paths": {
       "type": "array",
       "minItems": 1,

package/schemas/blind_spot_register.schema.json

@@ -35,7 +35,7 @@
           },
           "suggested_lenses": {
             "type": "array",
-            "items": { "type": "string" }
+            "items": { "$ref": "lens.schema.json" }
           },
           "suggested_runtime_checks": {
             "type": "array",

package/schemas/coverage_matrix.schema.json

@@ -26,17 +26,11 @@
           },
           "required_lenses": {
             "type": "array",
-            "items": {
-              "type": "string",
-              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-            }
+            "items": { "$ref": "lens.schema.json" }
           },
           "completed_lenses": {
             "type": "array",
-            "items": {
-              "type": "string",
-              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-            }
+            "items": { "$ref": "lens.schema.json" }
           }
         },
         "additionalProperties": false

package/schemas/finding.schema.json

@@ -23,22 +23,7 @@
       "enum": ["critical", "high", "medium", "low", "info"]
     },
     "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
-    "lens": {
-      "type": "string",
-      "enum": [
-        "correctness",
-        "architecture",
-        "maintainability",
-        "security",
-        "reliability",
-        "performance",
-        "data_integrity",
-        "tests",
-        "operability",
-        "config_deployment",
-        "observability"
-      ]
-    },
+    "lens": { "$ref": "lens.schema.json" },
     "summary": { "type": "string" },
     "affected_files": {
       "type": "array",
@@ -50,7 +35,8 @@
           "path": { "type": "string" },
           "line_start": { "type": "integer", "minimum": 1 },
           "line_end": { "type": "integer", "minimum": 1 },
-          "symbol": { "type": "string" }
+          "symbol": { "type": "string" },
+          "hash_at_plan_time": { "type": "string" }
         },
         "additionalProperties": false
       }

package/schemas/flow_coverage.schema.json

@@ -24,17 +24,11 @@
           },
           "required_lenses": {
             "type": "array",
-            "items": {
-              "type": "string",
-              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-            }
+            "items": { "$ref": "lens.schema.json" }
           },
           "completed_lenses": {
             "type": "array",
-            "items": {
-              "type": "string",
-              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-            }
+            "items": { "$ref": "lens.schema.json" }
           },
           "status": {
             "type": "string",

package/schemas/graph_bundle.schema.json

@@ -113,6 +113,37 @@
             },
             "additionalProperties": false
           }
+        },
+        "heuristics": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "required": ["from", "to"],
+            "properties": {
+              "from": { "type": "string" },
+              "to": { "type": "string" },
+              "kind": {
+                "type": "string",
+                "description": "Heuristic edge kind from path/co-location analysis (e.g. 'heuristic-container-edge', 'heuristic-auth-session-link')."
+              },
+              "direction": {
+                "type": "string",
+                "enum": ["directed", "undirected"],
+                "description": "Whether the edge should be interpreted as directional."
+              },
+              "confidence": {
+                "type": "number",
+                "minimum": 0,
+                "maximum": 1,
+                "description": "Extractor confidence for graph-informed planning."
+              },
+              "reason": {
+                "type": "string",
+                "description": "Short explanation of why the edge exists."
+              }
+            },
+            "additionalProperties": false
+          }
         }
       },
       "additionalProperties": false

package/schemas/lens.schema.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "lens.schema.json",
+  "title": "Lens",
+  "type": "string",
+  "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
+}

package/schemas/review_packets.schema.json

@@ -7,22 +7,6 @@
     "$ref": "#/$defs/reviewPacket"
   },
   "$defs": {
-    "lens": {
-      "type": "string",
-      "enum": [
-        "correctness",
-        "architecture",
-        "maintainability",
-        "security",
-        "reliability",
-        "performance",
-        "data_integrity",
-        "tests",
-        "operability",
-        "config_deployment",
-        "observability"
-      ]
-    },
     "priority": {
       "type": "string",
       "enum": ["high", "medium", "low"]
@@ -34,6 +18,11 @@
         "from": { "type": "string" },
         "to": { "type": "string" },
         "kind": { "type": "string" },
+        "direction": {
+          "type": "string",
+          "enum": ["directed", "undirected"],
+          "description": "Whether the edge should be interpreted as directional."
+        },
         "confidence": {
           "type": "number",
           "minimum": 0,
@@ -108,7 +97,7 @@
         "lenses": {
           "type": "array",
           "minItems": 1,
-          "items": { "$ref": "#/$defs/lens" }
+          "items": { "$ref": "lens.schema.json" }
         },
         "file_paths": {
           "type": "array",

package/schemas/step_contract.schema.json

@@ -37,7 +37,7 @@
       "enum": ["ready", "blocked", "complete"]
     },
     "prompt_path": { "type": "string" },
-    "run_id": { "type": ["string", "null"] },
+    "run_id": { "type": ["string", "null"], "description": "Identifies the active dispatch run. Null when no dispatch run is in progress (e.g., blocked, present_report, intake, synthesis, and other non-dispatch step kinds)." },
     "progress": {
       "type": "object",
       "required": ["summary"],
@@ -46,7 +46,13 @@
         "pending_packets": { "type": "integer" },
         "pending_tasks": { "type": "integer" },
         "completed_tasks": { "type": "integer" },
-        "wave_size": { "type": "integer" }
+        "wave_size": { "type": "integer" },
+        "phase": { "type": "string", "enum": ["canary", "fan_out"] },
+        "canary_packet_id": { "type": ["string", "null"] },
+        "agent_count": { "type": "integer" },
+        "wave_count": { "type": "integer" },
+        "confirmation_recommended": { "type": "boolean" },
+        "dispatch_summary": { "type": "string" }
       },
       "additionalProperties": false
     },

package/schemas/unit_manifest.schema.json

@@ -27,10 +27,7 @@
           "required_lenses": {
             "type": "array",
             "minItems": 1,
-            "items": {
-              "type": "string",
-              "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"]
-            }
+            "items": { "$ref": "lens.schema.json" }
           },
           "critical_flows": {
             "type": "array",

package/scripts/postinstall.mjs

@@ -36,6 +36,8 @@ function writeGeneratedFile(path, content) {
   return action;
 }
 
+const OPENCODE_AUDIT_EXTERNAL_DIRECTORY_PERMISSION = { '*': 'allow' };
+
 const OPENCODE_AUDIT_EDIT_PERMISSION = {
   '*': 'ask',
   '.audit-code/**': 'allow',
@@ -143,7 +145,7 @@ function mergeOpenCodePermissionConfig(existingPermission, generatedPermission)
     external_directory: mergeOpenCodePermissionRule(
       existingPermission.external_directory,
       generatedPermission.external_directory,
-      generatedPermission.external_directory,
+      OPENCODE_AUDIT_EXTERNAL_DIRECTORY_PERMISSION,
     ),
     edit: mergeOpenCodePermissionRule(
       existingPermission.edit,

package/skills/audit-code/audit-code.prompt.md

@@ -59,9 +59,8 @@ If the returned step is a dispatch step, before launching subagents check
 
 After the **first** `next-step` (the intake step) completes, confirm the audit
 scope before proceeding. Read `scope_summary.json` from the `.audit-artifacts/`
-directory (if absent, extract the JSON that follows the `SCOPE_SUMMARY:` marker
-at the start of the step's `progress_summary`). It contains `repo_root`,
-`auditable_file_count`, `git_available`, and `mis_scope_smells`. Then:
+directory. It contains `repo_root`, `auditable_file_count`, `git_available`, and
+`mis_scope_smells`. Then:
 
 - Echo one informational line to the user:
   `Auditing <repo_root>, <auditable_file_count> files, git: <yes|no>`.

package/dist/extractors/graphManifestEdges.d.ts

@@ -1,12 +0,0 @@
-import type { GraphEdge } from "@audit-tools/shared";
-import { isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath } from "./graphPathUtils.js";
-export { isCargoManifestPath, isGoWorkspaceManifestPath, isMavenPomPath, isPyprojectPath, };
-export declare function extractPackageEntrypointEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractPackageScriptEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractWorkspacePackageEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractCargoWorkspaceMemberEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractTypescriptProjectReferenceEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractGoWorkspaceModuleEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractMavenModuleEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractPyprojectTestpathLinks(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];
-export declare function extractYamlPathReferenceEdges(fromPath: string, content: string, pathLookup: Map<string, string>): GraphEdge[];