auditor-lambda 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/audit-code-wrapper-lib.mjs +229 -289
- package/dist/adapters/eslint.js +4 -2
- package/dist/adapters/npmAudit.js +1 -1
- package/dist/cli.js +82 -45
- package/dist/extractors/bucketing.js +14 -35
- package/dist/extractors/disposition.js +8 -9
- package/dist/extractors/fileInventory.js +0 -2
- package/dist/extractors/flows.js +14 -23
- package/dist/extractors/pathPatterns.d.ts +19 -0
- package/dist/extractors/pathPatterns.js +87 -0
- package/dist/extractors/surfaces.js +2 -7
- package/dist/io/artifacts.d.ts +23 -1
- package/dist/io/artifacts.js +4 -3
- package/dist/io/runArtifacts.js +1 -1
- package/dist/orchestrator/advance.js +53 -71
- package/dist/orchestrator/flowCoverage.js +1 -2
- package/dist/orchestrator/internalExecutors.js +4 -6
- package/dist/orchestrator/planning.js +12 -20
- package/dist/orchestrator/resultIngestion.js +3 -2
- package/dist/orchestrator/runtimeValidation.js +5 -0
- package/dist/orchestrator/syntaxResolutionExecutor.js +10 -2
- package/dist/orchestrator/taskBuilder.js +15 -28
- package/dist/prompts/renderWorkerPrompt.js +2 -1
- package/dist/providers/claudeCodeProvider.js +1 -2
- package/dist/providers/constants.d.ts +1 -0
- package/dist/providers/constants.js +1 -0
- package/dist/providers/index.js +7 -3
- package/dist/providers/opencodeProvider.js +1 -6
- package/dist/providers/spawnLoggedCommand.js +4 -0
- package/dist/providers/types.d.ts +0 -1
- package/dist/supervisor/operatorHandoff.d.ts +2 -0
- package/dist/supervisor/operatorHandoff.js +21 -9
- package/dist/supervisor/runLedger.js +7 -8
- package/dist/supervisor/sessionConfig.js +1 -0
- package/dist/types/flowCoverage.d.ts +1 -1
- package/dist/types/runLedger.d.ts +1 -1
- package/dist/types/runtimeValidation.d.ts +2 -1
- package/dist/types/sessionConfig.d.ts +0 -6
- package/dist/types/surfaces.d.ts +2 -1
- package/dist/types/workerSession.d.ts +2 -0
- package/dist/types.d.ts +0 -1
- package/dist/validation/sessionConfig.js +1 -15
- package/package.json +1 -1
- package/schemas/audit-code-v1alpha1.schema.json +4 -0
- package/schemas/audit_result.schema.json +9 -3
- package/schemas/audit_state.schema.json +2 -2
- package/schemas/audit_task.schema.json +14 -3
- package/schemas/blind_spot_register.schema.json +13 -3
- package/schemas/coverage_matrix.schema.json +16 -4
- package/schemas/critical_flows.schema.json +6 -3
- package/schemas/external_analyzer_results.schema.json +10 -4
- package/schemas/finding.schema.json +31 -3
- package/schemas/flow_coverage.schema.json +12 -3
- package/schemas/graph_bundle.schema.json +12 -6
- package/schemas/merged_findings.schema.json +7 -2
- package/schemas/risk_register.schema.json +5 -1
- package/schemas/root_cause_clusters.schema.json +2 -1
- package/schemas/runtime_validation_tasks.schema.json +4 -1
- package/schemas/surface_manifest.schema.json +4 -1
- package/schemas/unit_manifest.schema.json +10 -3
- package/skills/audit-code/audit-code.prompt.md +0 -2
|
@@ -1,5 +1,4 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { readJsonFile } from "../io/json.js";
|
|
1
|
+
import { isFileMissingError, readJsonFile, writeJsonFile } from "../io/json.js";
|
|
3
2
|
function ledgerPath(artifactsDir) {
|
|
4
3
|
return `${artifactsDir}/run-ledger.json`;
|
|
5
4
|
}
|
|
@@ -7,15 +6,15 @@ export async function loadRunLedger(artifactsDir) {
|
|
|
7
6
|
try {
|
|
8
7
|
return await readJsonFile(ledgerPath(artifactsDir));
|
|
9
8
|
}
|
|
10
|
-
catch {
|
|
11
|
-
|
|
9
|
+
catch (error) {
|
|
10
|
+
if (isFileMissingError(error)) {
|
|
11
|
+
return { runs: [] };
|
|
12
|
+
}
|
|
13
|
+
throw error;
|
|
12
14
|
}
|
|
13
15
|
}
|
|
14
16
|
export async function appendRunLedgerEntry(artifactsDir, entry) {
|
|
15
17
|
const ledger = await loadRunLedger(artifactsDir);
|
|
16
18
|
ledger.runs.push(entry);
|
|
17
|
-
|
|
18
|
-
const tmp = `${target}.tmp`;
|
|
19
|
-
await writeFile(tmp, JSON.stringify(ledger, null, 2) + "\n", "utf8");
|
|
20
|
-
await rename(tmp, target);
|
|
19
|
+
await writeJsonFile(ledgerPath(artifactsDir), ledger);
|
|
21
20
|
}
|
|
@@ -16,6 +16,7 @@ export async function loadSessionConfig(artifactsDir) {
|
|
|
16
16
|
const configPath = getSessionConfigPath(artifactsDir);
|
|
17
17
|
const rawConfig = await readOptionalJsonFile(configPath);
|
|
18
18
|
if (rawConfig === undefined) {
|
|
19
|
+
process.stderr.write(`[session-config] no session-config.json found at ${configPath}; using empty defaults\n`);
|
|
19
20
|
return {};
|
|
20
21
|
}
|
|
21
22
|
const issues = validateSessionConfig(rawConfig);
|
|
@@ -16,11 +16,6 @@ export interface VSCodeTaskConfig {
|
|
|
16
16
|
command_template: string[];
|
|
17
17
|
env?: Record<string, string>;
|
|
18
18
|
}
|
|
19
|
-
export interface ModelTiersConfig {
|
|
20
|
-
fast?: string;
|
|
21
|
-
balanced?: string;
|
|
22
|
-
capable?: string;
|
|
23
|
-
}
|
|
24
19
|
export interface SessionConfig {
|
|
25
20
|
provider?: ProviderName;
|
|
26
21
|
timeout_ms?: number;
|
|
@@ -31,5 +26,4 @@ export interface SessionConfig {
|
|
|
31
26
|
vscode_task?: VSCodeTaskConfig;
|
|
32
27
|
agent_task_batch_size?: number;
|
|
33
28
|
parallel_workers?: number;
|
|
34
|
-
model_tiers?: ModelTiersConfig;
|
|
35
29
|
}
|
package/dist/types/surfaces.d.ts
CHANGED
package/dist/types.d.ts
CHANGED
|
@@ -71,8 +71,7 @@ function validateAgentProviderSection(value, path, issues) {
|
|
|
71
71
|
return;
|
|
72
72
|
}
|
|
73
73
|
if (value.command !== undefined) {
|
|
74
|
-
if (typeof value.command !== "string" ||
|
|
75
|
-
value.command.trim().length === 0) {
|
|
74
|
+
if (typeof value.command !== "string" || value.command.trim().length === 0) {
|
|
76
75
|
pushIssue(issues, `${path}.command`, "command must be a non-empty string when provided.");
|
|
77
76
|
}
|
|
78
77
|
}
|
|
@@ -118,19 +117,6 @@ export function validateSessionConfig(value) {
|
|
|
118
117
|
validateTemplateProviderSection(value.vscode_task, "vscode_task", issues, provider === "vscode-task");
|
|
119
118
|
validateAgentProviderSection(value.claude_code, "claude_code", issues);
|
|
120
119
|
validateAgentProviderSection(value.opencode, "opencode", issues);
|
|
121
|
-
if (value.model_tiers !== undefined) {
|
|
122
|
-
if (!isRecord(value.model_tiers)) {
|
|
123
|
-
pushIssue(issues, "model_tiers", "model_tiers must be a JSON object.");
|
|
124
|
-
}
|
|
125
|
-
else {
|
|
126
|
-
for (const tier of ["fast", "balanced", "capable"]) {
|
|
127
|
-
const v = value.model_tiers[tier];
|
|
128
|
-
if (v !== undefined && (typeof v !== "string" || v.trim().length === 0)) {
|
|
129
|
-
pushIssue(issues, `model_tiers.${tier}`, `model_tiers.${tier} must be a non-empty string when provided.`);
|
|
130
|
-
}
|
|
131
|
-
}
|
|
132
|
-
}
|
|
133
|
-
}
|
|
134
120
|
return issues;
|
|
135
121
|
}
|
|
136
122
|
export function validateConfiguredProviderEnvironment(sessionConfig, options = {}) {
|
package/package.json
CHANGED
|
@@ -24,6 +24,7 @@
|
|
|
24
24
|
"required": ["status", "obligations"],
|
|
25
25
|
"properties": {
|
|
26
26
|
"status": {
|
|
27
|
+
"type": "string",
|
|
27
28
|
"enum": ["not_started", "active", "blocked", "complete"]
|
|
28
29
|
},
|
|
29
30
|
"last_executor": {
|
|
@@ -49,6 +50,7 @@
|
|
|
49
50
|
"type": "string"
|
|
50
51
|
},
|
|
51
52
|
"state": {
|
|
53
|
+
"type": "string",
|
|
52
54
|
"enum": ["missing", "present", "stale", "blocked", "satisfied"]
|
|
53
55
|
},
|
|
54
56
|
"reason": {
|
|
@@ -97,6 +99,7 @@
|
|
|
97
99
|
],
|
|
98
100
|
"properties": {
|
|
99
101
|
"status": {
|
|
102
|
+
"type": "string",
|
|
100
103
|
"enum": ["not_started", "active", "blocked", "complete"]
|
|
101
104
|
},
|
|
102
105
|
"repo_root": {
|
|
@@ -125,6 +128,7 @@
|
|
|
125
128
|
"required": ["flag", "suggested_path", "description"],
|
|
126
129
|
"properties": {
|
|
127
130
|
"flag": {
|
|
131
|
+
"type": "string",
|
|
128
132
|
"enum": [
|
|
129
133
|
"--results",
|
|
130
134
|
"--updates",
|
|
@@ -11,14 +11,20 @@
|
|
|
11
11
|
"reviewed_ranges",
|
|
12
12
|
"findings"
|
|
13
13
|
],
|
|
14
|
+
"$defs": {
|
|
15
|
+
"Finding": {
|
|
16
|
+
"$ref": "finding.schema.json"
|
|
17
|
+
}
|
|
18
|
+
},
|
|
14
19
|
"properties": {
|
|
15
20
|
"task_id": { "type": "string" },
|
|
16
21
|
"unit_id": { "type": "string" },
|
|
17
22
|
"pass_id": { "type": "string" },
|
|
18
|
-
"lens": { "type": "string"
|
|
23
|
+
"lens": { "type": "string" },
|
|
19
24
|
"agent_role": { "type": "string" },
|
|
20
25
|
"reviewed_ranges": {
|
|
21
26
|
"type": "array",
|
|
27
|
+
"minItems": 1,
|
|
22
28
|
"items": {
|
|
23
29
|
"type": "object",
|
|
24
30
|
"required": ["path", "start", "end"],
|
|
@@ -32,7 +38,7 @@
|
|
|
32
38
|
},
|
|
33
39
|
"findings": {
|
|
34
40
|
"type": "array",
|
|
35
|
-
"items": { "$ref": "
|
|
41
|
+
"items": { "$ref": "#/$defs/Finding" }
|
|
36
42
|
},
|
|
37
43
|
"notes": {
|
|
38
44
|
"type": "array",
|
|
@@ -44,5 +50,5 @@
|
|
|
44
50
|
"items": { "type": "string" }
|
|
45
51
|
}
|
|
46
52
|
},
|
|
47
|
-
"additionalProperties":
|
|
53
|
+
"additionalProperties": false
|
|
48
54
|
}
|
|
@@ -15,7 +15,10 @@
|
|
|
15
15
|
"task_id": { "type": "string" },
|
|
16
16
|
"unit_id": { "type": "string" },
|
|
17
17
|
"pass_id": { "type": "string" },
|
|
18
|
-
"lens": {
|
|
18
|
+
"lens": {
|
|
19
|
+
"type": "string",
|
|
20
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
21
|
+
},
|
|
19
22
|
"file_paths": {
|
|
20
23
|
"type": "array",
|
|
21
24
|
"items": { "type": "string" }
|
|
@@ -43,7 +46,15 @@
|
|
|
43
46
|
},
|
|
44
47
|
"additionalProperties": true
|
|
45
48
|
},
|
|
46
|
-
"rationale": { "type": "string" }
|
|
49
|
+
"rationale": { "type": "string" },
|
|
50
|
+
"priority": {
|
|
51
|
+
"type": "string",
|
|
52
|
+
"enum": ["high", "medium", "low"]
|
|
53
|
+
},
|
|
54
|
+
"tags": {
|
|
55
|
+
"type": "array",
|
|
56
|
+
"items": { "type": "string" }
|
|
57
|
+
}
|
|
47
58
|
},
|
|
48
|
-
"additionalProperties":
|
|
59
|
+
"additionalProperties": false
|
|
49
60
|
}
|
|
@@ -13,7 +13,17 @@
|
|
|
13
13
|
"properties": {
|
|
14
14
|
"id": { "type": "string" },
|
|
15
15
|
"title": { "type": "string" },
|
|
16
|
-
"kind": {
|
|
16
|
+
"kind": {
|
|
17
|
+
"type": "string",
|
|
18
|
+
"enum": [
|
|
19
|
+
"coverage-gap",
|
|
20
|
+
"trust-boundary",
|
|
21
|
+
"dynamic-behavior",
|
|
22
|
+
"operational-risk",
|
|
23
|
+
"documentation-drift",
|
|
24
|
+
"external-dependency"
|
|
25
|
+
]
|
|
26
|
+
},
|
|
17
27
|
"summary": { "type": "string" },
|
|
18
28
|
"affected_paths": {
|
|
19
29
|
"type": "array",
|
|
@@ -32,9 +42,9 @@
|
|
|
32
42
|
"items": { "type": "string" }
|
|
33
43
|
}
|
|
34
44
|
},
|
|
35
|
-
"additionalProperties":
|
|
45
|
+
"additionalProperties": false
|
|
36
46
|
}
|
|
37
47
|
}
|
|
38
48
|
},
|
|
39
|
-
"additionalProperties":
|
|
49
|
+
"additionalProperties": false
|
|
40
50
|
}
|
|
@@ -16,15 +16,27 @@
|
|
|
16
16
|
"type": "array",
|
|
17
17
|
"items": { "type": "string" }
|
|
18
18
|
},
|
|
19
|
-
"classification_status": {
|
|
20
|
-
|
|
19
|
+
"classification_status": {
|
|
20
|
+
"type": "string",
|
|
21
|
+
"enum": ["unclassified", "classified", "excluded", "generated", "vendor", "binary", "doc_only"]
|
|
22
|
+
},
|
|
23
|
+
"audit_status": {
|
|
24
|
+
"type": "string",
|
|
25
|
+
"enum": ["pending", "partial", "complete", "excluded"]
|
|
26
|
+
},
|
|
21
27
|
"required_lenses": {
|
|
22
28
|
"type": "array",
|
|
23
|
-
"items": {
|
|
29
|
+
"items": {
|
|
30
|
+
"type": "string",
|
|
31
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
32
|
+
}
|
|
24
33
|
},
|
|
25
34
|
"completed_lenses": {
|
|
26
35
|
"type": "array",
|
|
27
|
-
"items": {
|
|
36
|
+
"items": {
|
|
37
|
+
"type": "string",
|
|
38
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
39
|
+
}
|
|
28
40
|
}
|
|
29
41
|
},
|
|
30
42
|
"additionalProperties": true
|
|
@@ -15,15 +15,18 @@
|
|
|
15
15
|
"name": { "type": "string" },
|
|
16
16
|
"entrypoints": {
|
|
17
17
|
"type": "array",
|
|
18
|
-
"items": { "type": "string" }
|
|
18
|
+
"items": { "type": "string" },
|
|
19
|
+
"minItems": 1
|
|
19
20
|
},
|
|
20
21
|
"paths": {
|
|
21
22
|
"type": "array",
|
|
22
|
-
"items": { "type": "string" }
|
|
23
|
+
"items": { "type": "string" },
|
|
24
|
+
"minItems": 1
|
|
23
25
|
},
|
|
24
26
|
"concerns": {
|
|
25
27
|
"type": "array",
|
|
26
|
-
"items": { "type": "string" }
|
|
28
|
+
"items": { "type": "string" },
|
|
29
|
+
"minItems": 1
|
|
27
30
|
},
|
|
28
31
|
"notes": {
|
|
29
32
|
"type": "array",
|
|
@@ -14,8 +14,14 @@
|
|
|
14
14
|
"required": ["id", "category", "severity", "path", "summary"],
|
|
15
15
|
"properties": {
|
|
16
16
|
"id": { "type": "string" },
|
|
17
|
-
"category": {
|
|
18
|
-
|
|
17
|
+
"category": {
|
|
18
|
+
"type": "string",
|
|
19
|
+
"description": "Free-form category string from the originating tool (e.g. 'security/injection', 'style/lint'). Mapped to audit lenses by analyzerCategoryToLenses."
|
|
20
|
+
},
|
|
21
|
+
"severity": {
|
|
22
|
+
"type": "string",
|
|
23
|
+
"enum": ["critical", "high", "medium", "low", "info"]
|
|
24
|
+
},
|
|
19
25
|
"path": { "type": "string" },
|
|
20
26
|
"line_start": { "type": "integer" },
|
|
21
27
|
"line_end": { "type": "integer" },
|
|
@@ -23,9 +29,9 @@
|
|
|
23
29
|
"rule": { "type": "string" },
|
|
24
30
|
"raw": {}
|
|
25
31
|
},
|
|
26
|
-
"additionalProperties":
|
|
32
|
+
"additionalProperties": false
|
|
27
33
|
}
|
|
28
34
|
}
|
|
29
35
|
},
|
|
30
|
-
"additionalProperties":
|
|
36
|
+
"additionalProperties": false
|
|
31
37
|
}
|
|
@@ -16,13 +16,41 @@
|
|
|
16
16
|
"properties": {
|
|
17
17
|
"id": { "type": "string" },
|
|
18
18
|
"title": { "type": "string" },
|
|
19
|
-
"category": {
|
|
19
|
+
"category": {
|
|
20
|
+
"type": "string",
|
|
21
|
+
"enum": [
|
|
22
|
+
"correctness",
|
|
23
|
+
"architecture",
|
|
24
|
+
"maintainability",
|
|
25
|
+
"security",
|
|
26
|
+
"reliability",
|
|
27
|
+
"performance",
|
|
28
|
+
"data_integrity",
|
|
29
|
+
"tests",
|
|
30
|
+
"operability",
|
|
31
|
+
"config_deployment"
|
|
32
|
+
]
|
|
33
|
+
},
|
|
20
34
|
"severity": {
|
|
21
35
|
"type": "string",
|
|
22
36
|
"enum": ["critical", "high", "medium", "low", "info"]
|
|
23
37
|
},
|
|
24
38
|
"confidence": { "type": "string", "enum": ["high", "medium", "low"] },
|
|
25
|
-
"lens": {
|
|
39
|
+
"lens": {
|
|
40
|
+
"type": "string",
|
|
41
|
+
"enum": [
|
|
42
|
+
"correctness",
|
|
43
|
+
"architecture",
|
|
44
|
+
"maintainability",
|
|
45
|
+
"security",
|
|
46
|
+
"reliability",
|
|
47
|
+
"performance",
|
|
48
|
+
"data_integrity",
|
|
49
|
+
"tests",
|
|
50
|
+
"operability",
|
|
51
|
+
"config_deployment"
|
|
52
|
+
]
|
|
53
|
+
},
|
|
26
54
|
"summary": { "type": "string" },
|
|
27
55
|
"affected_files": {
|
|
28
56
|
"type": "array",
|
|
@@ -35,7 +63,7 @@
|
|
|
35
63
|
"line_end": { "type": "integer" },
|
|
36
64
|
"symbol": { "type": "string" }
|
|
37
65
|
},
|
|
38
|
-
"additionalProperties":
|
|
66
|
+
"additionalProperties": false
|
|
39
67
|
}
|
|
40
68
|
},
|
|
41
69
|
"impact": { "type": "string" },
|
|
@@ -24,13 +24,22 @@
|
|
|
24
24
|
},
|
|
25
25
|
"required_lenses": {
|
|
26
26
|
"type": "array",
|
|
27
|
-
"items": {
|
|
27
|
+
"items": {
|
|
28
|
+
"type": "string",
|
|
29
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
30
|
+
}
|
|
28
31
|
},
|
|
29
32
|
"completed_lenses": {
|
|
30
33
|
"type": "array",
|
|
31
|
-
"items": {
|
|
34
|
+
"items": {
|
|
35
|
+
"type": "string",
|
|
36
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
37
|
+
}
|
|
38
|
+
},
|
|
39
|
+
"status": {
|
|
40
|
+
"type": "string",
|
|
41
|
+
"enum": ["pending", "partial", "complete"]
|
|
32
42
|
},
|
|
33
|
-
"status": { "type": "string" },
|
|
34
43
|
"notes": {
|
|
35
44
|
"type": "array",
|
|
36
45
|
"items": { "type": "string" }
|
|
@@ -16,9 +16,12 @@
|
|
|
16
16
|
"properties": {
|
|
17
17
|
"from": { "type": "string" },
|
|
18
18
|
"to": { "type": "string" },
|
|
19
|
-
"kind": {
|
|
19
|
+
"kind": {
|
|
20
|
+
"type": "string",
|
|
21
|
+
"description": "Import edge kind from the graph extractor (e.g. 'esm', 'commonjs', 'dynamic', 're-export')."
|
|
22
|
+
}
|
|
20
23
|
},
|
|
21
|
-
"additionalProperties":
|
|
24
|
+
"additionalProperties": false
|
|
22
25
|
}
|
|
23
26
|
},
|
|
24
27
|
"calls": {
|
|
@@ -29,9 +32,12 @@
|
|
|
29
32
|
"properties": {
|
|
30
33
|
"from": { "type": "string" },
|
|
31
34
|
"to": { "type": "string" },
|
|
32
|
-
"kind": {
|
|
35
|
+
"kind": {
|
|
36
|
+
"type": "string",
|
|
37
|
+
"description": "Call edge kind from the graph extractor (e.g. 'sync', 'async', 'constructor', 'callback')."
|
|
38
|
+
}
|
|
33
39
|
},
|
|
34
|
-
"additionalProperties":
|
|
40
|
+
"additionalProperties": false
|
|
35
41
|
}
|
|
36
42
|
},
|
|
37
43
|
"routes": {
|
|
@@ -44,12 +50,12 @@
|
|
|
44
50
|
"handler": { "type": "string" },
|
|
45
51
|
"method": { "type": "string" }
|
|
46
52
|
},
|
|
47
|
-
"additionalProperties":
|
|
53
|
+
"additionalProperties": false
|
|
48
54
|
}
|
|
49
55
|
}
|
|
50
56
|
},
|
|
51
57
|
"additionalProperties": true
|
|
52
58
|
}
|
|
53
59
|
},
|
|
54
|
-
"additionalProperties":
|
|
60
|
+
"additionalProperties": false
|
|
55
61
|
}
|
|
@@ -4,11 +4,16 @@
|
|
|
4
4
|
"title": "Merged Findings",
|
|
5
5
|
"type": "object",
|
|
6
6
|
"required": ["findings"],
|
|
7
|
+
"$defs": {
|
|
8
|
+
"Finding": {
|
|
9
|
+
"$ref": "finding.schema.json"
|
|
10
|
+
}
|
|
11
|
+
},
|
|
7
12
|
"properties": {
|
|
8
13
|
"findings": {
|
|
9
14
|
"type": "array",
|
|
10
|
-
"items": { "$ref": "
|
|
15
|
+
"items": { "$ref": "#/$defs/Finding" }
|
|
11
16
|
}
|
|
12
17
|
},
|
|
13
|
-
"additionalProperties":
|
|
18
|
+
"additionalProperties": false
|
|
14
19
|
}
|
|
@@ -12,7 +12,11 @@
|
|
|
12
12
|
"required": ["unit_id", "risk_score", "signals"],
|
|
13
13
|
"properties": {
|
|
14
14
|
"unit_id": { "type": "string" },
|
|
15
|
-
"risk_score": {
|
|
15
|
+
"risk_score": {
|
|
16
|
+
"type": "number",
|
|
17
|
+
"minimum": 0,
|
|
18
|
+
"maximum": 1
|
|
19
|
+
},
|
|
16
20
|
"signals": {
|
|
17
21
|
"type": "array",
|
|
18
22
|
"items": { "type": "string" }
|
|
@@ -12,7 +12,10 @@
|
|
|
12
12
|
"required": ["id", "kind", "target_paths", "reason", "priority"],
|
|
13
13
|
"properties": {
|
|
14
14
|
"id": { "type": "string" },
|
|
15
|
-
"kind": {
|
|
15
|
+
"kind": {
|
|
16
|
+
"type": "string",
|
|
17
|
+
"enum": ["unit-risk-check", "critical-flow-check"]
|
|
18
|
+
},
|
|
16
19
|
"target_paths": {
|
|
17
20
|
"type": "array",
|
|
18
21
|
"items": { "type": "string" }
|
|
@@ -12,7 +12,10 @@
|
|
|
12
12
|
"required": ["id", "kind", "entrypoint"],
|
|
13
13
|
"properties": {
|
|
14
14
|
"id": { "type": "string" },
|
|
15
|
-
"kind": {
|
|
15
|
+
"kind": {
|
|
16
|
+
"type": "string",
|
|
17
|
+
"enum": ["interface", "background"]
|
|
18
|
+
},
|
|
16
19
|
"entrypoint": { "type": "string" },
|
|
17
20
|
"exposure": { "type": "string" },
|
|
18
21
|
"methods": {
|
|
@@ -16,12 +16,19 @@
|
|
|
16
16
|
"kind": { "type": "string" },
|
|
17
17
|
"files": {
|
|
18
18
|
"type": "array",
|
|
19
|
-
"items": { "type": "string" }
|
|
19
|
+
"items": { "type": "string" },
|
|
20
|
+
"minItems": 1
|
|
21
|
+
},
|
|
22
|
+
"risk_score": {
|
|
23
|
+
"type": "number",
|
|
24
|
+
"minimum": 0
|
|
20
25
|
},
|
|
21
|
-
"risk_score": { "type": "number" },
|
|
22
26
|
"required_lenses": {
|
|
23
27
|
"type": "array",
|
|
24
|
-
"items": {
|
|
28
|
+
"items": {
|
|
29
|
+
"type": "string",
|
|
30
|
+
"enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
|
|
31
|
+
}
|
|
25
32
|
},
|
|
26
33
|
"critical_flows": {
|
|
27
34
|
"type": "array",
|
|
@@ -36,8 +36,6 @@ To determine what task you have been assigned, use your file-reading tool to ins
|
|
|
36
36
|
2. Use your file-reading tool to examine the specific source code files mentioned.
|
|
37
37
|
3. Critically analyze the codebase. Use your deepest reasoning capabilities (e.g., chain of thought) to discover defects, logic errors, or systemic architectural issues requested in the prompt.
|
|
38
38
|
|
|
39
|
-
> **Important:** Always read and analyze the files listed in the task's `file_paths` array directly. Do **not** infer which files belong to the task by searching for filename patterns or extensions (e.g. `.test.ts`, `.spec.js`) — the task already identifies the exact files for you. Searching by extension will miss files that use non-standard extensions (e.g. `.test.mjs`) and may produce false "no test files found" conclusions.
|
|
40
|
-
|
|
41
39
|
## Step 4: Write the Findings
|
|
42
40
|
|
|
43
41
|
Produce your findings array matching exactly the `AuditResult` JSON schema described in the prompt.
|