auditor-lambda 0.10.8 → 0.11.0

package/README.md

@@ -212,11 +212,16 @@ Optional backend config:
 
 ```bash
 npm install
+npm run test:single -- tests/next-step.test.mjs
 npm run verify:release
 npm run release:patch
 npm run release:patch:publish
 ```
 
+When developing from a fresh clone or git worktree, run repo-root `npm install`
+before package checks. Missing workspace links can look like stale
+`@audit-tools/shared` export or type errors.
+
 For GitHub Actions publication and npm Trusted Publishing setup, see `docs/release.md`.
 
 ## Key Docs

package/dist/cli/args.d.ts

@@ -1,4 +1,4 @@
-import type { SessionConfig } from "@audit-tools/shared";
+import { toPromptPathToken, quotePromptCommandArg, type SessionConfig } from "@audit-tools/shared";
 export type UiMode = "visible" | "headless";
 export declare const DIRECT_CLI_DEFAULTS: {
     rootDir: string;
@@ -23,7 +23,7 @@ export declare function fromBase64Url(value: string): string;
 export declare function digestId(value: string): string;
 export declare function safeArtifactStem(value: string): string;
 export declare function artifactNameForId(value: string, extension: string): string;
-export declare function quoteCommandArg(value: string): string;
+export declare const quoteCommandArg: typeof quotePromptCommandArg;
 /**
  * Normalize a generated command token to POSIX path separators. These command
  * strings are embedded in step prompts and `allowed_commands` and run by the
@@ -34,7 +34,7 @@ export declare function quoteCommandArg(value: string): string;
  * are touched, and no non-path argument in this CLI contains one, so this is a
  * targeted normalization rather than a blanket rewrite.
  */
-export declare function toPosixCommandToken(value: string): string;
+export declare const toPosixCommandToken: typeof toPromptPathToken;
 export declare function renderCommand(argv: string[]): string;
 export declare function summarizeLaunchExit(result: {
     accepted?: boolean;

package/dist/cli/args.js

@@ -3,6 +3,7 @@ import { readdir } from "node:fs/promises";
 import { Buffer } from "node:buffer";
 import { createHash } from "node:crypto";
 import { join, resolve } from "node:path";
+import { renderPromptCommand, toPromptPathToken, quotePromptCommandArg, } from "@audit-tools/shared";
 import { resolveFreshSessionProviderName } from "../providers/index.js";
 export const DIRECT_CLI_DEFAULTS = {
     rootDir: ".",
@@ -76,9 +77,7 @@ export function safeArtifactStem(value) {
 export function artifactNameForId(value, extension) {
     return `${safeArtifactStem(value)}_${digestId(value)}.${extension}`;
 }
-export function quoteCommandArg(value) {
-    return /[\s"]/u.test(value) ? `"${value.replace(/"/g, '\\"')}"` : value;
-}
+export const quoteCommandArg = quotePromptCommandArg;
 /**
  * Normalize a generated command token to POSIX path separators. These command
  * strings are embedded in step prompts and `allowed_commands` and run by the
@@ -89,11 +88,9 @@ export function quoteCommandArg(value) {
  * are touched, and no non-path argument in this CLI contains one, so this is a
  * targeted normalization rather than a blanket rewrite.
  */
-export function toPosixCommandToken(value) {
-    return value.includes("\\") ? value.replace(/\\/g, "/") : value;
-}
+export const toPosixCommandToken = toPromptPathToken;
 export function renderCommand(argv) {
-    return argv.map((item) => quoteCommandArg(toPosixCommandToken(item))).join(" ");
+    return renderPromptCommand(argv);
 }
 export function summarizeLaunchExit(result) {
     if (result.accepted !== false && !result.error) {

package/dist/cli/dispatch.d.ts

@@ -123,6 +123,7 @@ export declare function buildPacketPrompt(params: {
     largeFileSection: string[];
     taskSections: string[];
     submitCommand: string;
+    repoRoot?: string;
 }): string;
 /**
  * Extracts the context-budget warning loop.

package/dist/cli/dispatch.js

@@ -10,7 +10,7 @@ import { orderTasksForPacketReview, buildReviewPackets, sizeIndexFromManifest, }
 import { buildFileAnchorSummary } from "../orchestrator/fileAnchors.js";
 import { resolveFreshSessionProviderName } from "../providers/index.js";
 import { loadSessionConfig } from "../supervisor/sessionConfig.js";
-import { computeDispatchCapacity, buildProviderModelKey, resolveHostModel, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, mergeDiscoveredLimits, } from "../quota/index.js";
+import { computeDispatchCapacity, buildProviderModelKey, resolveHostModel, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, mergeDiscoveredLimits, summarizeDispatchCapacityPools, } from "../quota/index.js";
 import { taskResultPath, packetPromptPath, artifactNameForId, toBase64Url, fromBase64Url, getFlag, } from "./args.js";
 export const LARGE_FILE_PACKET_TARGET_LINES = 2500;
 export const SMALL_MODEL_HINT_MAX_LINES = 500;
@@ -303,10 +303,12 @@ export function buildTaskSections(packetTasks, lensDefs, lineIndex) {
  * Wraps the 75-line array-join block and returns the assembled prompt string.
  */
 export function buildPacketPrompt(params) {
-    const { packet, fileList, largeFileSection, taskSections, submitCommand } = params;
+    const { packet, fileList, largeFileSection, taskSections, submitCommand, repoRoot } = params;
     const largeFileMode = isIsolatedLargeFilePacket(packet);
     return [
         "You are a code auditor. Review this packet once, then submit exactly one result per listed task.",
+        repoRoot ? `Repository root: ${repoRoot}` : "Repository root: use the root from the step contract.",
+        "Set the shell/tool workdir to the repository root when running backend commands.",
         "",
         "## Packet",
         `packet_id: ${packet.packet_id}`,
@@ -316,8 +318,8 @@ export function buildPacketPrompt(params) {
         "",
         "## Files to read",
         largeFileMode
-            ? "Use targeted Read/Grep calls. Paths are repo-relative from the current working directory."
-            : "Use your Read tool. Paths are repo-relative from the current working directory.",
+            ? "Use targeted Read/Grep calls. Paths are repo-relative to the repository root above."
+            : "Use your Read tool. Paths are repo-relative to the repository root above.",
         "Use host Read and Grep tools for source inspection. Do not use shell search commands.",
         fileList,
         "",
@@ -331,6 +333,8 @@ export function buildPacketPrompt(params) {
         "packet-*-result.json / audit_result_*.json) — the submit-packet command below is the only",
         "way to record results, and it writes them inside the artifacts directory for you.",
         "Produce one JSON array containing exactly one AuditResult object for each listed task.",
+        "Windows PowerShell: do not pipe an inline foreach statement directly into ConvertTo-Json.",
+        "Assign the foreach output to a variable first, then pipe that variable to ConvertTo-Json.",
         "",
         "Schema file (resolve relative to this prompt's directory): audit_result.schema.json",
         "  $refs resolved from the same directory: finding.schema.json, audit_task.schema.json",
@@ -437,6 +441,8 @@ async function computeDispatchQuota(params) {
         wave_size: dispatchCapacity.total_slots,
         estimated_wave_tokens: dispatchCapacity.estimated_wave_tokens,
         cooldown_until: dispatchCapacity.cooldown_until,
+        binding_cap: dispatchCapacity.binding_cap,
+        capacity_pools: summarizeDispatchCapacityPools(dispatchCapacity),
         quota_source_snapshot: waveSchedule.quota_source_snapshot ?? null,
         backoff_state: null,
     };
@@ -633,8 +639,11 @@ export async function prepareDispatchArtifacts(params) {
                 result_path: resultPathByTaskId.get(task.task_id),
             });
         }
-        const prompt = buildPacketPrompt({ packet, packetTasks, fileList, largeFileSection, taskSections, submitCommand });
+        const prompt = buildPacketPrompt({ packet, packetTasks, fileList, largeFileSection, taskSections, submitCommand, repoRoot: reviewRoot });
         await writeFile(promptPath, prompt, "utf8");
+        const packetWritePaths = packetTasks
+            .map((task) => resultPathByTaskId.get(task.task_id))
+            .filter((p) => p !== undefined);
         plan.push({
             packet_id: packet.packet_id,
             description: `Audit ${packet.file_paths.length} file(s), ${packet.task_ids.length} task(s), ${packet.lenses.length} lens(es) (~${packet.total_lines} lines)` +
@@ -642,6 +651,16 @@ export async function prepareDispatchArtifacts(params) {
             prompt_path: promptPath,
             complexity,
             model_hint: buildDispatchModelHint(complexity),
+            access: {
+                read_paths: [
+                    promptPath,
+                    ...(reviewRoot
+                        ? packet.file_paths.map((p) => join(reviewRoot, p))
+                        : packet.file_paths),
+                ],
+                write_paths: packetWritePaths,
+                forbidden_patterns: ["packet-*-result.json", "audit_result_*.json"],
+            },
         });
     }
     await writeJsonFile(dispatchPlanPath, plan);

package/dist/cli/prompts.js

@@ -1,4 +1,4 @@
-import { DO_NOT_TOKEN_WRAP_NOTE } from "@audit-tools/shared";
+import { DO_NOT_TOKEN_WRAP_NOTE, DISPATCH_PROMPT_HANDOFF_NOTE } from "@audit-tools/shared";
 import { renderCommand } from "./args.js";
 /**
  * Token prefix the host should use to re-invoke the backend in generated
@@ -93,7 +93,7 @@ export function renderDispatchReviewPrompt(params) {
         ...dispatchDataLines,
         ...canaryLines,
         "",
-        "Pass each `entry.prompt_path` literally to its subagent; do not load packet prompt files into this orchestrator context.",
+        DISPATCH_PROMPT_HANDOFF_NOTE,
         "",
         "Subagent prompt shape:",
         "",
@@ -104,7 +104,7 @@ export function renderDispatchReviewPrompt(params) {
         "",
         "Each subagent must submit its packet through the submit command printed in its packet prompt and stop after successful submission.",
         "",
-        "**File access pre-approval:** Each dispatch plan entry includes an `access` object with `read_paths` and `write_paths`. If your host supports per-subagent file access restrictions, pre-approve those paths before launching each subagent. Workers should not access files outside their declared paths.",
+        "**File access pre-approval:** Each dispatch plan entry includes an `access` object with `read_paths`, `write_paths`, and `forbidden_patterns`. If your host supports per-subagent file access restrictions, pre-approve exactly `entry.access.read_paths` and `entry.access.write_paths` for each subagent. Do not grant broad workspace or task-results directory write access. Workers should not access files outside their declared paths.",
         "",
         "**After all waves complete:**",
         "",
@@ -172,10 +172,11 @@ export function renderEdgeReasoningDispatchPrompt(params) {
         "optional pass: it only rewrites the `reason` string of those edges — it never",
         "adds, removes, re-targets, or re-weights an edge.",
         "",
-        "Dispatch exactly ONE subagent (via the `task` tool or equivalent). Hand it this",
-        "prompt file path; do not load the file into this orchestrator context:",
+        "Dispatch exactly ONE subagent (via the `task` tool or equivalent).",
         "",
-        `  ${params.promptPath}`,
+        DISPATCH_PROMPT_HANDOFF_NOTE,
+        "",
+        `  Prompt path: ${params.promptPath}`,
         "",
         "Subagent prompt shape:",
         "",

package/dist/cli/resynthesizeCommand.d.ts

@@ -0,0 +1 @@
+export declare function cmdResynthesize(argv: string[]): Promise<void>;

package/dist/cli/resynthesizeCommand.js

@@ -0,0 +1,50 @@
+import { join } from "node:path";
+import { existsSync } from "node:fs";
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { getRootDir } from "./args.js";
+import { normalizeExistingFindingsReport, renderAuditReportMarkdown, } from "../reporting/synthesis.js";
+const AUDIT_TOOLS_DIR = ".audit-tools";
+const FINDINGS_FILENAME = "audit-findings.json";
+const REPORT_FILENAME = "audit-report.md";
+function getFlagValue(argv, flag) {
+    const idx = argv.indexOf(flag);
+    return idx >= 0 && idx + 1 < argv.length ? argv[idx + 1] : undefined;
+}
+export async function cmdResynthesize(argv) {
+    const root = getRootDir(argv);
+    const auditToolsDir = join(root, AUDIT_TOOLS_DIR);
+    const defaultInput = join(auditToolsDir, FINDINGS_FILENAME);
+    const inputPath = getFlagValue(argv, "--input") ?? defaultInput;
+    if (!existsSync(inputPath)) {
+        console.error(`resynthesize: ${FINDINGS_FILENAME} not found at ${inputPath}. ` +
+            `Run the full audit first, or supply --input <path>.`);
+        process.exitCode = 1;
+        return;
+    }
+    const raw = await readFile(inputPath, "utf8");
+    let report;
+    try {
+        report = JSON.parse(raw);
+    }
+    catch (error) {
+        const msg = error instanceof Error ? error.message : String(error);
+        console.error(`resynthesize: could not parse ${inputPath}: ${msg}`);
+        process.exitCode = 1;
+        return;
+    }
+    const normalized = normalizeExistingFindingsReport(report);
+    const markdown = renderAuditReportMarkdown(normalized);
+    await mkdir(auditToolsDir, { recursive: true });
+    const outputFindingsPath = join(auditToolsDir, FINDINGS_FILENAME);
+    const outputReportPath = join(auditToolsDir, REPORT_FILENAME);
+    await writeFile(outputFindingsPath, JSON.stringify(normalized, null, 2), "utf8");
+    await writeFile(outputReportPath, markdown, "utf8");
+    console.log(JSON.stringify({
+        source: inputPath,
+        findings_output: outputFindingsPath,
+        report_output: outputReportPath,
+        finding_count: normalized.summary.finding_count,
+        work_block_count: normalized.summary.work_block_count,
+        contract_version: normalized.contract_version,
+    }, null, 2));
+}

package/dist/cli.js

@@ -23,6 +23,7 @@ import { cmdValidate } from "./cli/validateCommand.js";
 import { cmdValidateResults } from "./cli/validateResultsCommand.js";
 import { cmdRequeue } from "./cli/requeueCommand.js";
 import { cmdSynthesize } from "./cli/synthesizeCommand.js";
+import { cmdResynthesize } from "./cli/resynthesizeCommand.js";
 import { cmdCleanup } from "./cli/cleanupCommand.js";
 import { cmdQuota } from "./cli/quotaCommand.js";
 import { cmdDispatchStatus } from "./cli/dispatchStatusCommand.js";
@@ -93,6 +94,9 @@ async function main(argv) {
         case "synthesize":
             await cmdSynthesize(argv);
             return;
+        case "resynthesize":
+            await cmdResynthesize(argv);
+            return;
         case "cleanup":
             await cmdCleanup(argv);
             return;
@@ -119,7 +123,7 @@ async function main(argv) {
             return;
         default:
             console.error(`Unknown command: ${command}`);
-            console.error("Available commands: sample-run, advance-audit, next-step, run-to-completion, worker-run, import-external-analyzer, intake, plan, ingest-results, explain-task, update-runtime-validation, validate, validate-results, requeue, synthesize, cleanup, prepare-dispatch, merge-and-ingest, submit-packet, validate-result, quota, status, dispatch-status");
+            console.error("Available commands: sample-run, advance-audit, next-step, run-to-completion, worker-run, import-external-analyzer, intake, plan, ingest-results, explain-task, update-runtime-validation, validate, validate-results, requeue, synthesize, resynthesize, cleanup, prepare-dispatch, merge-and-ingest, submit-packet, validate-result, quota, status, dispatch-status");
             process.exitCode = 1;
     }
 }

package/dist/io/artifacts.d.ts

@@ -2,7 +2,7 @@ import { cp, rm } from "node:fs/promises";
 import type { AuditResult, AuditTask, CoverageMatrix, RepoManifest, UnitManifest } from "../types.js";
 import type { AuditState } from "../types/auditState.js";
 import type { ArtifactMetadataManifest } from "../types/artifactMetadata.js";
-import type { AuditFindingsReport, FileDisposition, CriticalFlowManifest, GraphBundle, RiskRegister, SurfaceManifest } from "@audit-tools/shared";
+import type { AuditFindingsReport, FileDisposition, CriticalFlowManifest, GraphBundle, RiskRegister, SurfaceManifest, IntentCheckpoint } from "@audit-tools/shared";
 import type { SynthesisNarrativeRecord } from "../types/synthesisNarrative.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { FlowCoverageManifest } from "../types/flowCoverage.js";
@@ -17,6 +17,7 @@ type ArtifactPayloadMap = {
     repo_manifest: RepoManifest;
     file_disposition: FileDisposition;
     auto_fixes_applied: unknown;
+    intent_checkpoint: IntentCheckpoint;
     unit_manifest: UnitManifest;
     graph_bundle: GraphBundle;
     surface_manifest: SurfaceManifest;
@@ -68,6 +69,7 @@ export declare const ARTIFACT_DEFINITIONS: {
     readonly repo_manifest: ArtifactDefinition<"repo_manifest">;
     readonly file_disposition: ArtifactDefinition<"file_disposition">;
     readonly auto_fixes_applied: ArtifactDefinition<"auto_fixes_applied">;
+    readonly intent_checkpoint: ArtifactDefinition<"intent_checkpoint">;
     readonly unit_manifest: ArtifactDefinition<"unit_manifest">;
     readonly graph_bundle: ArtifactDefinition<"graph_bundle">;
     readonly surface_manifest: ArtifactDefinition<"surface_manifest">;

package/dist/io/artifacts.js

@@ -34,6 +34,7 @@ export const ARTIFACT_DEFINITIONS = {
     repo_manifest: jsonArtifact("repo_manifest.json", "intake"),
     file_disposition: jsonArtifact("file_disposition.json", "intake"),
     auto_fixes_applied: jsonArtifact("auto_fixes_applied.json", "intake"),
+    intent_checkpoint: jsonArtifact("intent_checkpoint.json", "intake"),
     unit_manifest: jsonArtifact("unit_manifest.json", "analysis"),
     graph_bundle: jsonArtifact("graph_bundle.json", "analysis"),
     surface_manifest: jsonArtifact("surface_manifest.json", "analysis"),

package/dist/orchestrator/advance.js

@@ -3,6 +3,7 @@ import { decideNextStep, findObligation } from "./nextStep.js";
 import { deriveAuditState } from "./state.js";
 import { computeArtifactMetadata } from "./artifactMetadata.js";
 import { runIntakeExecutor } from "./intakeExecutors.js";
+import { runIntentCheckpointExecutor } from "./intentCheckpointExecutor.js";
 import { runStructureExecutor, runDesignAssessmentExecutor, runDesignReviewAutoComplete, } from "./structureExecutors.js";
 import { runPlanningExecutor } from "./planningExecutors.js";
 import { runResultIngestionExecutor, runRuntimeValidationExecutor, runRuntimeValidationUpdateExecutor, runExternalAnalyzerImportExecutor, } from "./ingestionExecutors.js";
@@ -91,6 +92,11 @@ export async function advanceAudit(bundle, options = {}) {
                 run = await runIntakeExecutor(bundle, root);
                 break;
             }
+            case "intent_checkpoint_executor": {
+                const root = requireRoot(options.root, "intent_checkpoint_executor");
+                run = await runIntentCheckpointExecutor(bundle, root, options.since);
+                break;
+            }
             case "structure_executor":
                 // root is intentionally optional: present → buildGraphBundleFromFs, absent → manifest-only buildGraphBundle
                 run = await runStructureExecutor(bundle, options.root);

package/dist/orchestrator/dependencyMap.js

@@ -8,6 +8,13 @@ export const ARTIFACT_DEPENDENTS_MAP = {
     "tooling_manifest.json": [
         "repo_manifest.json",
     ],
+    "intent_checkpoint.json": [
+        "coverage_matrix.json",
+        "audit_tasks.json",
+        "audit_plan_metrics.json",
+        "review_packets.json",
+        "requeue_tasks.json",
+    ],
     "repo_manifest.json": [
         "file_disposition.json",
         "unit_manifest.json",

package/dist/orchestrator/designReviewPrompt.js

@@ -26,12 +26,17 @@ function summarizeGraph(bundle) {
         return "Dependency graph is empty.";
     return `Dependency graph: ${counts.join(", ")}.`;
 }
-function summarizeFlows(bundle) {
+function summarizeFlows(bundle, max = 15) {
     const flows = bundle.critical_flows?.flows ?? [];
     if (flows.length === 0)
         return "No critical flows identified.";
-    const lines = flows.map((flow) => `- ${flow.name}: ${flow.paths.length} files, concerns: ${flow.concerns.join(", ") || "none"}`);
-    return [`${flows.length} critical flows:`, ...lines].join("\n");
+    const shown = flows.slice(0, max);
+    const lines = shown.map((flow) => `- ${flow.name}: ${flow.paths.length} files, concerns: ${flow.concerns.join(", ") || "none"}`);
+    return [
+        `${flows.length} critical flows:`,
+        ...lines,
+        ...(flows.length > max ? [`  ... and ${flows.length - max} more`] : []),
+    ].join("\n");
 }
 function summarizeRisk(bundle) {
     const items = bundle.risk_register?.items ?? [];
@@ -78,12 +83,17 @@ function buildPrioritizedReadingList(bundle, maxUnits) {
         ...lines,
     ].join("\n");
 }
-function summarizeSurfaces(bundle) {
+function summarizeSurfaces(bundle, max = 20) {
     const surfaces = bundle.surface_manifest?.surfaces ?? [];
     if (surfaces.length === 0)
         return "No externally reachable surfaces identified.";
-    const lines = surfaces.map((surface) => `- ${surface.id} (${surface.kind}): ${surface.entrypoint}${surface.methods?.length ? ` [${surface.methods.join(", ")}]` : ""}`);
-    return [`${surfaces.length} surfaces:`, ...lines].join("\n");
+    const shown = surfaces.slice(0, max);
+    const lines = shown.map((surface) => `- ${surface.id} (${surface.kind}): ${surface.entrypoint}${surface.methods?.length ? ` [${surface.methods.join(", ")}]` : ""}`);
+    return [
+        `${surfaces.length} surfaces:`,
+        ...lines,
+        ...(surfaces.length > max ? [`  ... and ${surfaces.length - max} more`] : []),
+    ].join("\n");
 }
 function summarizeFiles(bundle) {
     const files = bundle.repo_manifest?.files ?? [];
@@ -100,13 +110,15 @@ function summarizeFiles(bundle) {
         .join(", ");
     return `${files.length} files (${langSummary}).`;
 }
-function formatDeterministicFindings(findings) {
+function formatDeterministicFindings(findings, max = 20) {
     if (findings.length === 0)
         return "No structural issues detected by deterministic analysis.";
-    const lines = findings.map((finding) => `- [${finding.severity}] ${finding.title}: ${finding.summary}`);
+    const shown = findings.slice(0, max);
+    const lines = shown.map((finding) => `- [${finding.severity}] ${finding.title}: ${finding.summary}`);
     return [
         `${findings.length} structural findings from deterministic analysis:`,
         ...lines,
+        ...(findings.length > max ? [`  ... and ${findings.length - max} more`] : []),
     ].join("\n");
 }
 export function renderDesignReviewPrompt(bundle, options = {}) {
@@ -118,7 +130,7 @@ export function renderDesignReviewPrompt(bundle, options = {}) {
     return [
         "# Project design review",
         "",
-        "You are reviewing the overall design of this project. The deterministic audit pipeline has already analyzed the codebase structure. Your job is to provide qualitative, big-picture design observations that static analysis cannot produce.",
+        "You are reviewing the overall design of this project. The deterministic audit pipeline has already analyzed the codebase structure. Your job is to provide qualitative observations in two distinct modes: contract assessment for inferred or existing project contracts, and conceptual design critique for broader architecture ideas that static analysis cannot produce.",
         "",
         "## Project context",
         "",
@@ -160,6 +172,15 @@ export function renderDesignReviewPrompt(bundle, options = {}) {
         "",
         prioritizedReadingList,
         "",
+        "### Contract assessment",
+        "",
+        "- Infer existing contracts from the repository artifacts and code you inspect: invariants, trust boundaries, preconditions, postconditions, data lifecycle obligations, and critical-flow guarantees.",
+        "- Attack those inferred contracts with concrete counterexamples. Report evidenced gaps where the code appears to rely on an invariant or boundary that is missing, unenforced, unclear, or uncovered for a critical flow.",
+        "- Use contract-assessment categories such as inferred_contract_gap, trust_boundary_gap, invariant_counterexample, and critical_invariant_coverage_gap when those best describe the finding.",
+        "- Stay observational: do not invent a new contract DSL, write a remediation plan, remediate code, or turn the audit into an implementation pipeline.",
+        "",
+        "### Conceptual design critique",
+        "",
         "- **Tool and library opportunities**: third-party tools, libraries, or frameworks that would improve the project. Concrete suggestions with rationale, not generic advice.",
         "- **Architecture pattern improvements**: structural changes that would improve extensibility, testability, or maintainability. Consider whether the current abstractions match the problem domain.",
         "- **Design simplification**: areas where the design is over-engineered or where simpler alternatives would work. Conversely, areas that are under-designed for their importance.",
@@ -174,7 +195,7 @@ export function renderDesignReviewPrompt(bundle, options = {}) {
         "{",
         '  "id": "DR-001",',
         '  "title": "short descriptive title",',
-        '  "category": "one of: tool_opportunity, architecture_pattern, design_simplification, integration, missing_capability",',
+        '  "category": "one of: inferred_contract_gap, trust_boundary_gap, invariant_counterexample, critical_invariant_coverage_gap, tool_opportunity, architecture_pattern, design_simplification, integration, missing_capability",',
         '  "severity": "one of: critical, high, medium, low, info",',
         '  "confidence": "one of: high, medium, low",',
         '  "lens": "architecture",',

package/dist/orchestrator/executors.js

@@ -14,6 +14,12 @@ export const EXECUTOR_REGISTRY = [
         obligation_ids: ["repo_manifest", "file_disposition"],
         description: "Create intake artifacts for repository discovery and disposition.",
     },
+    {
+        id: "intent_checkpoint_executor",
+        kind: "deterministic",
+        obligation_ids: ["intent_checkpoint_current"],
+        description: "Write intent_checkpoint.json with confirmed scope and intent.",
+    },
     {
         id: "structure_executor",
         kind: "deterministic",

package/dist/orchestrator/ingestionExecutors.js

@@ -112,9 +112,36 @@ export function runResultIngestionExecutor(bundle, results) {
         excludeArtifacts: ["audit_tasks.json"],
     });
     const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, selectiveDeepening.bundle.critical_flows, selectiveDeepening.bundle.flow_coverage, selectiveDeepening.bundle.external_analyzer_results);
+    // Fold pending requeue tasks into the dispatch task list so mandatory
+    // coverage gaps produce actual dispatch packets. Enrich with line-count
+    // hints and dedupe against existing tasks by task_id.
+    const deepenedTasks = selectiveDeepening.bundle.audit_tasks ?? [];
+    const lineIndex = lineIndexFromTasks(deepenedTasks);
+    const sizeIndex = sizeIndexFromManifest(selectiveDeepening.bundle.repo_manifest);
+    const existingTaskIds = new Set(deepenedTasks.map((t) => t.task_id));
+    const pendingRequeueTasks = requeuePayload.tasks
+        .filter((t) => t.status === "pending")
+        .filter((t) => !existingTaskIds.has(t.task_id))
+        .map((t) => ({
+        ...t,
+        file_line_counts: Object.fromEntries(t.file_paths
+            .filter((p) => lineIndex[p] != null)
+            .map((p) => [p, lineIndex[p]])),
+    }));
+    const allDispatchTasks = [...deepenedTasks, ...pendingRequeueTasks];
     const finalBundle = {
         ...selectiveDeepening.bundle,
         requeue_tasks: requeuePayload.tasks,
+        audit_plan_metrics: buildAuditPlanMetrics(allDispatchTasks, {
+            graphBundle: selectiveDeepening.bundle.graph_bundle,
+            lineIndex,
+            sizeIndex,
+        }),
+        review_packets: buildReviewPackets(allDispatchTasks, {
+            graphBundle: selectiveDeepening.bundle.graph_bundle,
+            lineIndex,
+            sizeIndex,
+        }),
     };
     return {
         updated: finalBundle,
@@ -125,7 +152,8 @@ export function runResultIngestionExecutor(bundle, results) {
             ...(runtimeValidationReport ? ["runtime_validation_report.json"] : []),
             "audit_results.jsonl",
             "audit_tasks.json",
-            ...selectiveDeepening.artifacts,
+            "audit_plan_metrics.json",
+            "review_packets.json",
             "requeue_tasks.json",
         ],
         progress_summary: `Ingested ${results.length} audit result entries and refreshed dependent artifacts.` +

package/dist/orchestrator/intentCheckpointExecutor.d.ts

@@ -0,0 +1,3 @@
+import type { ArtifactBundle } from "../io/artifacts.js";
+import type { ExecutorRunResult } from "./executorResult.js";
+export declare function runIntentCheckpointExecutor(bundle: ArtifactBundle, root: string, since?: string): Promise<ExecutorRunResult>;

package/dist/orchestrator/intentCheckpointExecutor.js

@@ -0,0 +1,29 @@
+import { resolveAuditScope } from "./scope.js";
+import { isAuditExcludedStatus } from "../extractors/disposition.js";
+export async function runIntentCheckpointExecutor(bundle, root, since) {
+    const scope = resolveAuditScope({ root, since, bundle });
+    let filesInScope = 0;
+    if (scope.mode === "delta") {
+        filesInScope = scope.seed_files.length + scope.expanded_files.length;
+    }
+    else {
+        // Count auditable files in disposition. Fall back to manifest or 0.
+        const auditableCount = bundle.file_disposition?.files.filter((file) => !isAuditExcludedStatus(file.status)).length ?? (bundle.repo_manifest?.files.length ?? 0);
+        filesInScope = auditableCount;
+    }
+    const intent = {
+        schema_version: "intent-checkpoint/v1",
+        confirmed_at: new Date().toISOString(),
+        scope_summary: `Root: ${root}${scope.since ? ` (since ${scope.since})` : ""}, files in scope: ${filesInScope}`,
+        intent_summary: scope.mode === "delta" ? `delta-audit since ${scope.since}` : "full-audit",
+        confirmed_by: "host",
+    };
+    return {
+        updated: {
+            ...bundle,
+            intent_checkpoint: intent,
+        },
+        artifacts_written: ["intent_checkpoint.json"],
+        progress_summary: `Recorded scope/intent checkpoint: ${intent.scope_summary} (${intent.intent_summary}).`,
+    };
+}

package/dist/orchestrator/lensSelection.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Lens selection resolver for operator-selected audit lenses.
+ *
+ * Accepts the `lenses.selected` array from session-config, validates it,
+ * de-duplicates, sorts with the canonical LENSES registry order, and always
+ * unions in the mandatory base set required for cross-perspective coverage.
+ */
+import { type Lens } from "@audit-tools/shared";
+import type { ValidationIssue } from "@audit-tools/shared";
+/**
+ * The mandatory base lenses that are always included regardless of the
+ * operator's selection. These are required for cross-perspective obligations
+ * that every audit must satisfy.
+ */
+export declare const MANDATORY_LENSES: readonly Lens[];
+/**
+ * Validate the `lenses.selected` session-config value and return any errors.
+ * Returns an empty array when the value is undefined (meaning "all lenses").
+ */
+export declare function validateLensSelection(value: unknown, path?: string): ValidationIssue[];
+/**
+ * Resolve the effective lens set from the operator-selected lenses.
+ *
+ * - When `selected` is undefined/null, returns all lenses (current behavior).
+ * - When `selected` is an array of valid lens names, unions in the mandatory
+ *   base lenses, de-duplicates, and sorts to the canonical LENSES order.
+ */
+export declare function resolveEffectiveLenses(selected: string[] | undefined | null): Lens[];
+/** Returns true when the given lens is in the effective set. */
+export declare function isLensEffective(lens: Lens, effectiveLenses: Lens[]): boolean;
+/** Returns true when the given lens is in the mandatory base set. */
+export declare function isMandatoryLens(lens: Lens): boolean;

package/dist/orchestrator/lensSelection.js

@@ -0,0 +1,69 @@
+/**
+ * Lens selection resolver for operator-selected audit lenses.
+ *
+ * Accepts the `lenses.selected` array from session-config, validates it,
+ * de-duplicates, sorts with the canonical LENSES registry order, and always
+ * unions in the mandatory base set required for cross-perspective coverage.
+ */
+import { LENSES, VALID_LENSES } from "@audit-tools/shared";
+import { pushValidationIssue } from "@audit-tools/shared";
+/**
+ * The mandatory base lenses that are always included regardless of the
+ * operator's selection. These are required for cross-perspective obligations
+ * that every audit must satisfy.
+ */
+export const MANDATORY_LENSES = [
+    "security",
+    "correctness",
+    "reliability",
+    "data_integrity",
+];
+const MANDATORY_LENS_SET = new Set(MANDATORY_LENSES);
+/**
+ * Validate the `lenses.selected` session-config value and return any errors.
+ * Returns an empty array when the value is undefined (meaning "all lenses").
+ */
+export function validateLensSelection(value, path = "lenses.selected") {
+    const issues = [];
+    if (value === undefined || value === null) {
+        return issues;
+    }
+    if (!Array.isArray(value)) {
+        pushValidationIssue(issues, path, `${path} must be an array of lens names.`);
+        return issues;
+    }
+    for (const [index, item] of value.entries()) {
+        if (typeof item !== "string" || !VALID_LENSES.has(item)) {
+            pushValidationIssue(issues, `${path}[${index}]`, `${path}[${index}] "${String(item)}" is not a valid lens. Valid lenses: ${[...LENSES].join(", ")}.`);
+        }
+    }
+    return issues;
+}
+/**
+ * Resolve the effective lens set from the operator-selected lenses.
+ *
+ * - When `selected` is undefined/null, returns all lenses (current behavior).
+ * - When `selected` is an array of valid lens names, unions in the mandatory
+ *   base lenses, de-duplicates, and sorts to the canonical LENSES order.
+ */
+export function resolveEffectiveLenses(selected) {
+    if (selected === undefined || selected === null) {
+        // Default: all lenses.
+        return [...LENSES];
+    }
+    // Filter to valid lenses only (invalid ones are caught by validation; tolerate
+    // them here so the runtime path doesn't throw on a misconfigured file).
+    const validSelected = selected.filter((s) => VALID_LENSES.has(s));
+    // Union with mandatory base lenses.
+    const combined = new Set([...validSelected, ...MANDATORY_LENSES]);
+    // Sort to canonical registry order.
+    return LENSES.filter((lens) => combined.has(lens));
+}
+/** Returns true when the given lens is in the effective set. */
+export function isLensEffective(lens, effectiveLenses) {
+    return effectiveLenses.includes(lens);
+}
+/** Returns true when the given lens is in the mandatory base set. */
+export function isMandatoryLens(lens) {
+    return MANDATORY_LENS_SET.has(lens);
+}

package/dist/orchestrator/planningExecutors.js

@@ -44,17 +44,32 @@ export async function runPlanningExecutor(bundle, root, lineIndex = {}, sizeInde
         ...task,
         status: task.status ?? "pending",
     }));
-    const reviewPackets = buildReviewPackets(taggedAuditTasks, {
+    const requeuePayload = buildRequeuePayload(coverage, bundle.critical_flows, flowCoverage, externalAnalyzerResults);
+    // Fold pending requeue tasks into the dispatch task list so mandatory coverage
+    // gaps produce actual dispatch packets. Enrich with line-count hints from the
+    // index and dedupe against existing audit tasks by task_id so each task
+    // appears exactly once in the merged list.
+    const existingTaskIds = new Set(taggedAuditTasks.map((t) => t.task_id));
+    const pendingRequeueTasks = requeuePayload.tasks
+        .filter((t) => t.status === "pending")
+        .filter((t) => !existingTaskIds.has(t.task_id))
+        .map((t) => ({
+        ...t,
+        file_line_counts: Object.fromEntries(t.file_paths
+            .filter((p) => lineIndex[p] != null)
+            .map((p) => [p, lineIndex[p]])),
+    }));
+    const allDispatchTasks = [...taggedAuditTasks, ...pendingRequeueTasks];
+    const reviewPackets = buildReviewPackets(allDispatchTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
         sizeIndex: resolvedSizeIndex,
     });
-    const auditPlanMetrics = buildAuditPlanMetrics(taggedAuditTasks, {
+    const auditPlanMetrics = buildAuditPlanMetrics(allDispatchTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
         sizeIndex: resolvedSizeIndex,
     });
-    const requeuePayload = buildRequeuePayload(coverage, bundle.critical_flows, flowCoverage, externalAnalyzerResults);
     const scopeSummary = resolvedScope.mode === "delta"
         ? ` Delta scope since ${resolvedScope.since}: ${resolvedScope.seed_files.length} changed file(s) + ${resolvedScope.expanded_files.length} graph neighbour(s) queued; a full audit is advised before release.`
         : "";

package/dist/orchestrator.d.ts

@@ -3,4 +3,4 @@ export interface TaskBuildOptions {
     pass_prefix?: string;
     limit_lenses?: Lens[];
 }
-export declare function buildAuditTasks(unitManifest: UnitManifest, options?: TaskBuildOptions): AuditTask[];
+export declare function buildAuditTasks(unitManifest: UnitManifest, options?: TaskBuildOptions | string): AuditTask[];

package/dist/orchestrator.js

@@ -1,4 +1,5 @@
 import { isLens } from "./types.js";
+import { coerceJsonObjectArg } from "@audit-tools/shared";
 const DEFAULT_LENS_ORDER = [
     "correctness",
     "architecture",
@@ -43,10 +44,8 @@ function assertUnitManifest(value) {
         assertLensArray(unit.required_lenses, `${label}.required_lenses`);
     });
 }
-function normalizedOptions(options) {
-    if (!isRecord(options)) {
-        throw new TypeError("buildAuditTasks options must be an object.");
-    }
+function normalizedOptions(rawOptions) {
+    const options = coerceJsonObjectArg(rawOptions, "buildAuditTasks options");
     if (options.pass_prefix !== undefined && typeof options.pass_prefix !== "string") {
         throw new TypeError("buildAuditTasks options.pass_prefix must be a string.");
     }

package/dist/prompts/renderWorkerPrompt.js

@@ -23,6 +23,8 @@ export function renderWorkerPrompt(task) {
             `${task.artifacts_dir}/audit_tasks.json`;
         const lines = [
             `Audit run: ${task.run_id}`,
+            `Repository root: ${task.repo_root}`,
+            "Set the shell/tool workdir to the repository root before executing worker_command.",
             `Read: ${tasksPath}`,
             "Scope: review only the tasks listed in the Read file. Do not add tasks,",
             "edit source files, remediate findings, run unrelated audits, or write result_path.",
@@ -40,6 +42,8 @@ export function renderWorkerPrompt(task) {
             "  and include verification {verified, needs_followup, concerns, coverage_concerns,",
             "  confidence_concerns, followup_tasks}.",
             "Constraint: line_end must not exceed total_lines for that file.",
+            "Windows PowerShell: do not pipe an inline foreach statement directly into ConvertTo-Json.",
+            "Assign the foreach output to a variable first, then pipe that variable to ConvertTo-Json.",
             `Write only the JSON array of AuditResult objects to: ${task.audit_results_path}`,
         ];
         if (usesDeferredWorkerCommand(task)) {
@@ -56,6 +60,8 @@ export function renderWorkerPrompt(task) {
     return [
         `Task: ${task.run_id}`,
         `Executor: ${task.preferred_executor}`,
+        `Repository root: ${task.repo_root}`,
+        "Set the shell/tool workdir to the repository root before executing worker_command.",
         "Execute worker_command from task.json exactly.",
         `Command: ${commandArgv}`,
         "Write result to: " + task.result_path,

package/dist/quota/index.d.ts

@@ -1,6 +1,6 @@
-import type { ResolvedLimits as _ResolvedLimits, LimitConfidence as _LimitConfidence, LimitSource as _LimitSource, HostConcurrencyLimit as _HostConcurrencyLimit, QuotaUsageSnapshot as _QuotaUsageSnapshot, BackoffState as _BackoffState } from "@audit-tools/shared";
-export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, } from "@audit-tools/shared";
-export type { LimitResolutionResult, ResolveLimitsOptions, ProviderType, ResolvedLimits, LimitSource, LimitConfidence, HostConcurrencyLimit, HostConcurrencyLimitSource, QuotaState, QuotaStateEntry, ConcurrencyBucket, WaveSchedule, BackoffState, ObservedWaveOutcome, RateLimitDetectionResult, SlidingWindowResult, QuotaSource, QuotaUsageSnapshot, ErrorParser, } from "@audit-tools/shared";
+import type { ResolvedLimits as _ResolvedLimits, LimitConfidence as _LimitConfidence, LimitSource as _LimitSource, HostConcurrencyLimit as _HostConcurrencyLimit, QuotaUsageSnapshot as _QuotaUsageSnapshot, BackoffState as _BackoffState, WaveBindingCap as _WaveBindingCap, DispatchCapacityPoolSummary as _DispatchCapacityPoolSummary } from "@audit-tools/shared";
+export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, summarizeDispatchCapacityPools, } from "@audit-tools/shared";
+export type { LimitResolutionResult, ResolveLimitsOptions, ProviderType, ResolvedLimits, LimitSource, LimitConfidence, HostConcurrencyLimit, HostConcurrencyLimitSource, QuotaState, QuotaStateEntry, ConcurrencyBucket, WaveSchedule, BackoffState, ObservedWaveOutcome, RateLimitDetectionResult, SlidingWindowResult, QuotaSource, QuotaUsageSnapshot, ErrorParser, WaveBindingCap, DispatchCapacityPoolSummary, } from "@audit-tools/shared";
 export { scheduleWave, buildProviderModelKey, resolveHostModel } from "@audit-tools/shared";
 export type { ScheduleWaveOptions } from "@audit-tools/shared";
 export { computeDispatchCapacity } from "@audit-tools/shared";
@@ -25,6 +25,8 @@ export interface DispatchQuota {
     wave_size: number;
     estimated_wave_tokens: number;
     cooldown_until: string | null;
+    binding_cap?: _WaveBindingCap;
+    capacity_pools?: _DispatchCapacityPoolSummary[];
     quota_source_snapshot?: _QuotaUsageSnapshot | null;
     backoff_state?: _BackoffState | null;
 }

package/dist/quota/index.js

@@ -1,5 +1,5 @@
 // Re-exported from @audit-tools/shared
-export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, } from "@audit-tools/shared";
+export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, summarizeDispatchCapacityPools, } from "@audit-tools/shared";
 // Wave scheduler now lives in @audit-tools/shared (single source of truth for
 // both orchestrators). Auditor passes its discovered-limits via the structural
 // DiscoveredRateLimitsInput the shared scheduler accepts.

package/dist/reporting/synthesis.d.ts

@@ -73,3 +73,13 @@ export interface RenderAuditReportOptions {
     scope?: AuditScopeManifest;
 }
 export declare function renderAuditReportMarkdown(report: RenderableAuditReport, options?: RenderAuditReportOptions): string;
+/**
+ * Re-derive the summary fields that can be computed from the existing findings
+ * and work_blocks, bump the contract_version to the current constant, and leave
+ * upstream-derived fields that cannot be reconstructed (audited/excluded counts,
+ * runtime validation breakdown) untouched.
+ *
+ * Safe to call on already-promoted `audit-findings.json` files without access to
+ * the pruned `.audit-tools/audit` working-bundle intermediates.
+ */
+export declare function normalizeExistingFindingsReport(report: AuditFindingsReport): AuditFindingsReport;

package/dist/reporting/synthesis.js

@@ -200,6 +200,7 @@ export function renderAuditReportMarkdown(report, options = {}) {
             lines.push(`- Severity: ${finding.severity}`);
             lines.push(`- Confidence: ${finding.confidence}`);
             lines.push(`- Lens: ${finding.lens}`);
+            lines.push(`- Category: ${finding.category}`);
             if (finding.theme_id) {
                 lines.push(`- Theme: ${finding.theme_id}`);
             }
@@ -236,3 +237,25 @@ export function renderAuditReportMarkdown(report, options = {}) {
     lines.push("");
     return lines.join("\n");
 }
+/**
+ * Re-derive the summary fields that can be computed from the existing findings
+ * and work_blocks, bump the contract_version to the current constant, and leave
+ * upstream-derived fields that cannot be reconstructed (audited/excluded counts,
+ * runtime validation breakdown) untouched.
+ *
+ * Safe to call on already-promoted `audit-findings.json` files without access to
+ * the pruned `.audit-tools/audit` working-bundle intermediates.
+ */
+export function normalizeExistingFindingsReport(report) {
+    return {
+        ...report,
+        contract_version: AUDIT_FINDINGS_CONTRACT_VERSION,
+        summary: {
+            ...report.summary,
+            finding_count: report.findings.length,
+            work_block_count: report.work_blocks.length,
+            severity_breakdown: severityBreakdown(report.findings),
+            lens_breakdown: lensBreakdown(report.findings),
+        },
+    };
+}

package/dist/reporting/synthesisNarrativePrompt.js

@@ -4,7 +4,7 @@ function summarizeFinding(finding) {
         .map((file) => file.path)
         .slice(0, 4)
         .join(", ");
-    return `- ${finding.id} [${finding.severity}/${finding.lens}] ${finding.title} — ${finding.summary}${files ? ` (files: ${files})` : ""}`;
+    return `- ${finding.id} [${finding.severity}/${finding.lens}/${finding.category}] ${finding.title} — ${finding.summary}${files ? ` (files: ${files})` : ""}`;
 }
 /**
  * Prompt for the optional synthesis-narrative pass. The host groups the
@@ -27,6 +27,8 @@ export function renderSynthesisNarrativePrompt(report) {
         "",
         "Do not re-audit the code, change severities, or invent new findings. Use only the findings below; reference them by their exact `id`.",
         "",
+        "When categories distinguish observational contract assessment findings from conceptual design critique findings, keep that distinction visible in themes and top risks instead of flattening them into one architecture bucket.",
+        "",
         "## Summary",
         "",
         `- Findings: ${report.summary.finding_count}`,

package/docs/development.md

@@ -23,9 +23,15 @@ once the work ships.
 npm install
 npm run check
 npm test
+npm run test:single -- tests/next-step.test.mjs
 npm run verify:release
 ```
 
+Run `npm install` from the repository root before running build, check, test, or
+package-scoped workflows in a fresh clone or git worktree. Missing
+`node_modules` can surface as misleading `@audit-tools/shared` export or type
+errors because dependents may resolve stale compiled `dist/` output.
+
 The test suite is intentionally contract-heavy. Update tests when changing
 schema shape, prompt contracts, dispatch behavior, installer output, or release
 workflow semantics.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.10.8",
+  "version": "0.11.0",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",
@@ -24,6 +24,7 @@
     "build": "tsc -p tsconfig.json",
     "check": "tsc -p tsconfig.json --noEmit",
     "test": "npm run build && node --import tsx/esm --test tests/*.test.mjs",
+    "test:single": "npm run build && node --import tsx/esm --test",
     "release:patch": "node scripts/release-and-publish.mjs patch --bump-only",
     "release:minor": "node scripts/release-and-publish.mjs minor --bump-only",
     "release:major": "node scripts/release-and-publish.mjs major --bump-only",

package/schemas/audit_findings.schema.json

@@ -86,7 +86,20 @@
           "reproduction": { "type": "array", "minItems": 1, "items": { "type": "string" } },
           "systemic": { "type": "boolean" },
           "related_findings": { "type": "array", "minItems": 1, "items": { "type": "string" } },
-          "theme_id": { "type": "string" }
+          "theme_id": { "type": "string" },
+          "contract_goal_id": { "type": "string" },
+          "contract_obligation_ids": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "verification_obligation_ids": {
+            "type": "array",
+            "items": { "type": "string" }
+          },
+          "targeted_commands": {
+            "type": "array",
+            "items": { "type": "string" }
+          }
         },
         "additionalProperties": false
       }

package/schemas/dispatch_quota.schema.json

@@ -56,7 +56,7 @@
     },
     "source": {
       "type": "string",
-      "enum": ["explicit_config", "cli_flags", "known_metadata", "learned", "default"],
+      "enum": ["explicit_config", "cli_flags", "known_metadata", "provider_default", "learned", "default"],
       "description": "Where the resolved limits came from."
     },
     "host_concurrency_limit": {
@@ -75,7 +75,7 @@
         },
         "source": {
           "type": "string",
-          "enum": ["cli_flags", "session_config", "environment"]
+          "enum": ["cli_flags", "host_reported", "session_config", "environment"]
         },
         "description": {
           "type": "string",
@@ -98,6 +98,90 @@
       "format": "date-time",
       "description": "If non-null, the host should wait until this timestamp before launching the next wave."
     },
+    "binding_cap": {
+      "type": "string",
+      "enum": ["rpm", "tpm", "learned", "fallback", "first_contact", "cooldown", "host_concurrency", "none"],
+      "description": "The most constraining cap across capacity pools."
+    },
+    "capacity_pools": {
+      "type": "array",
+      "description": "Per-pool allocation summaries when dispatch capacity was computed across one or more pools.",
+      "items": {
+        "type": "object",
+        "required": [
+          "pool_id",
+          "slots",
+          "model",
+          "confidence",
+          "source",
+          "resolved_limits",
+          "host_concurrency_limit",
+          "cooldown_until",
+          "estimated_wave_tokens",
+          "binding_cap"
+        ],
+        "additionalProperties": false,
+        "properties": {
+          "pool_id": { "type": "string", "minLength": 1 },
+          "slots": { "type": "integer", "minimum": 1 },
+          "model": { "type": ["string", "null"] },
+          "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
+          "source": {
+            "type": "string",
+            "enum": ["explicit_config", "cli_flags", "known_metadata", "provider_default", "learned", "default"]
+          },
+          "resolved_limits": {
+            "type": "object",
+            "required": [
+              "context_tokens",
+              "output_tokens",
+              "requests_per_minute",
+              "input_tokens_per_minute",
+              "output_tokens_per_minute"
+            ],
+            "additionalProperties": false,
+            "properties": {
+              "context_tokens": { "type": "integer", "minimum": 1 },
+              "output_tokens": { "type": "integer", "minimum": 1 },
+              "requests_per_minute": { "type": ["integer", "null"], "minimum": 1 },
+              "input_tokens_per_minute": { "type": ["integer", "null"], "minimum": 1 },
+              "output_tokens_per_minute": { "type": ["integer", "null"], "minimum": 1 }
+            }
+          },
+          "host_concurrency_limit": {
+            "type": ["object", "null"],
+            "required": ["active_subagents", "source", "description"],
+            "additionalProperties": false,
+            "properties": {
+              "active_subagents": { "type": "integer", "minimum": 1 },
+              "source": {
+                "type": "string",
+                "enum": ["cli_flags", "host_reported", "session_config", "environment"]
+              },
+              "description": { "type": "string", "minLength": 1 }
+            }
+          },
+          "cooldown_until": { "type": ["string", "null"], "format": "date-time" },
+          "estimated_wave_tokens": { "type": "integer", "minimum": 0 },
+          "binding_cap": {
+            "type": "string",
+            "enum": ["rpm", "tpm", "learned", "fallback", "first_contact", "cooldown", "host_concurrency", "none"]
+          },
+          "quota_source_snapshot": {
+            "type": ["object", "null"],
+            "additionalProperties": false,
+            "properties": {
+              "remaining_pct": { "type": ["number", "null"] },
+              "reset_at": { "type": ["string", "null"], "format": "date-time" },
+              "requests_remaining": { "type": ["integer", "null"] },
+              "tokens_remaining": { "type": ["integer", "null"] },
+              "captured_at": { "type": "string", "format": "date-time" },
+              "source": { "type": "string" }
+            }
+          }
+        }
+      }
+    },
     "quota_source_snapshot": {
       "type": ["object", "null"],
       "description": "Real-time usage snapshot from a QuotaSource, if available.",

package/schemas/finding.schema.json

@@ -59,7 +59,20 @@
       "minItems": 1,
       "items": { "type": "string" }
     },
-    "theme_id": { "type": "string" }
+    "theme_id": { "type": "string" },
+    "contract_goal_id": { "type": "string" },
+    "contract_obligation_ids": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "verification_obligation_ids": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "targeted_commands": {
+      "type": "array",
+      "items": { "type": "string" }
+    }
   },
   "additionalProperties": false
 }