auditor-lambda 0.10.3 → 0.10.7

package/audit-code-wrapper-io.mjs

@@ -0,0 +1,155 @@
+import { access, mkdir, readFile, readdir, stat, writeFile } from 'node:fs/promises';
+import { constants } from 'node:fs';
+import { dirname } from 'node:path';
+
+export async function fileExists(path) {
+  try {
+    await access(path, constants.F_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function newestMtimeMs(path) {
+  const stats = await stat(path);
+  if (!stats.isDirectory()) {
+    return stats.mtimeMs;
+  }
+
+  let newest = stats.mtimeMs;
+  const entries = await readdir(path, { withFileTypes: true });
+  for (const entry of entries) {
+    const childPath = `${path}/${entry.name}`;
+    if (entry.isDirectory()) {
+      newest = Math.max(newest, await newestMtimeMs(childPath));
+      continue;
+    }
+    if (entry.isFile()) {
+      newest = Math.max(newest, (await stat(childPath)).mtimeMs);
+    }
+  }
+  return newest;
+}
+
+export async function readTextIfExists(path) {
+  try {
+    return await readFile(path, 'utf8');
+  } catch {
+    return null;
+  }
+}
+
+export async function readJson(path, description) {
+  const content = await readFile(path, 'utf8');
+  try {
+    return JSON.parse(content);
+  } catch (error) {
+    throw new Error(
+      `${description} is not valid JSON: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+}
+
+export async function writeGeneratedMarkdown(targetPath, content) {
+  const existed = await fileExists(targetPath);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(targetPath, content, 'utf8');
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}
+
+export async function writeGeneratedJson(targetPath, value) {
+  const existed = await fileExists(targetPath);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(targetPath, JSON.stringify(value, null, 2) + '\n', 'utf8');
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}
+
+async function readJsonObjectIfExists(targetPath, description) {
+  if (!(await fileExists(targetPath))) {
+    return {};
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(await readFile(targetPath, 'utf8'));
+  } catch (error) {
+    throw new Error(
+      `${description} exists but is not valid JSON: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+
+  if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+    throw new Error(`${description} must be a JSON object when it already exists.`);
+  }
+
+  return parsed;
+}
+
+export async function writeMergedGeneratedJson(targetPath, description, buildValue) {
+  const existed = await fileExists(targetPath);
+  const existing = await readJsonObjectIfExists(targetPath, description);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(
+    targetPath,
+    JSON.stringify(buildValue(existing), null, 2) + '\n',
+    'utf8',
+  );
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}
+
+export async function writeGeneratedBinary(targetPath, content) {
+  const existed = await fileExists(targetPath);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(targetPath, content);
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}
+
+const INSTALL_MARKER_START = '<!-- audit-code:begin -->';
+const INSTALL_MARKER_END = '<!-- audit-code:end -->';
+
+function normalizeNewlines(value) {
+  return value.replace(/\r\n/g, '\n');
+}
+
+function upsertManagedBlock(existingContent, blockContent) {
+  const normalized = normalizeNewlines(existingContent);
+  const blockPattern = new RegExp(
+    `${INSTALL_MARKER_START}[\\s\\S]*?${INSTALL_MARKER_END}`,
+    'u',
+  );
+
+  if (blockPattern.test(normalized)) {
+    return normalized.replace(blockPattern, blockContent);
+  }
+
+  if (normalized.trim().length === 0) {
+    return `${blockContent}\n`;
+  }
+
+  return `${normalized.replace(/\s+$/u, '')}\n\n${blockContent}\n`;
+}
+
+export async function writeManagedMarkdown(targetPath, blockContent) {
+  const existed = await fileExists(targetPath);
+  const existingContent = existed ? await readFile(targetPath, 'utf8') : '';
+  const nextContent = upsertManagedBlock(existingContent, blockContent);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(targetPath, nextContent, 'utf8');
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}

package/audit-code-wrapper-legacy.mjs

@@ -0,0 +1,125 @@
+import { readdir, unlink } from 'node:fs/promises';
+import { join } from 'node:path';
+import { readTextIfExists } from './audit-code-wrapper-io.mjs';
+
+function normalizeNewlines(value) {
+  return value.replace(/\r\n/g, '\n');
+}
+
+function looksLikeAuditCodeSkill(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    /^name:\s*audit-code\b/mu.test(normalized)
+    || normalized.includes('Conversation-first autonomous code auditing workflow for the /audit-code command.')
+    || normalized.includes('The canonical entrypoint is `/audit-code` in conversation.')
+  );
+}
+
+function looksLikeAuditCodePrompt(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    normalized.includes('# `/audit-code`')
+    && (
+      normalized.includes('audit-code orchestrator')
+      || normalized.includes('Autonomous local loop code auditing')
+      || normalized.includes('Conversation-first autonomous code auditing workflow')
+    )
+  );
+}
+
+function looksLikeAuditCodeInterfaceMetadata(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    normalized.includes('audit-code')
+    && (
+      normalized.includes('display_name:')
+      || normalized.includes('short_description:')
+      || normalized.includes('default_prompt:')
+    )
+    && (
+      normalized.includes('/audit-code')
+      || normalized.includes('Start /audit-code')
+    )
+  );
+}
+
+export async function buildLegacyAuditCodeSurfaceTargets(root) {
+  const targets = [
+    {
+      host: 'codex',
+      surface: 'skill',
+      path: join(root, '.codex', 'skills', 'audit-code', 'SKILL.md'),
+      matches: looksLikeAuditCodeSkill,
+    },
+    {
+      host: 'codex',
+      surface: 'prompt',
+      path: join(root, '.codex', 'skills', 'audit-code', 'audit-code.prompt.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'opencode',
+      surface: 'command',
+      path: join(root, '.opencode', 'commands', 'audit-code.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'opencode',
+      surface: 'skill',
+      path: join(root, '.opencode', 'skills', 'audit-code', 'SKILL.md'),
+      matches: looksLikeAuditCodeSkill,
+    },
+    {
+      host: 'opencode',
+      surface: 'prompt',
+      path: join(root, '.opencode', 'skills', 'audit-code', 'audit-code.prompt.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'claude',
+      surface: 'command',
+      path: join(root, '.claude', 'commands', 'audit-code.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+  ];
+
+  const codexAgentDir = join(root, '.codex', 'skills', 'audit-code', 'agents');
+  const codexAgentEntries = await readdir(codexAgentDir).catch(() => []);
+  for (const entry of codexAgentEntries) {
+    targets.push({
+      host: 'codex',
+      surface: 'interface-metadata',
+      path: join(codexAgentDir, entry),
+      matches: looksLikeAuditCodeInterfaceMetadata,
+    });
+  }
+
+  return targets;
+}
+
+export async function findLegacyAuditCodeSurfaceFiles(root) {
+  const matches = [];
+  for (const target of await buildLegacyAuditCodeSurfaceTargets(root)) {
+    const existing = await readTextIfExists(target.path);
+    if (existing !== null && target.matches(existing)) {
+      matches.push(target.path);
+    }
+  }
+  return matches;
+}
+
+export async function removeLegacyAuditCodeSurfaceFiles(root) {
+  const removed = [];
+  for (const target of await buildLegacyAuditCodeSurfaceTargets(root)) {
+    const existing = await readTextIfExists(target.path);
+    if (existing === null || !target.matches(existing)) {
+      continue;
+    }
+    await unlink(target.path);
+    removed.push({
+      path: target.path,
+      mode: 'removed',
+    });
+  }
+  return removed;
+}