auditor-lambda 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/audit-code-wrapper-lib.mjs +229 -289
  2. package/dist/adapters/eslint.js +4 -2
  3. package/dist/adapters/npmAudit.js +1 -1
  4. package/dist/cli.js +82 -45
  5. package/dist/extractors/bucketing.js +14 -35
  6. package/dist/extractors/disposition.js +8 -9
  7. package/dist/extractors/fileInventory.js +0 -2
  8. package/dist/extractors/flows.js +14 -23
  9. package/dist/extractors/fsIntake.js +4 -1
  10. package/dist/extractors/pathPatterns.d.ts +19 -0
  11. package/dist/extractors/pathPatterns.js +91 -0
  12. package/dist/extractors/surfaces.js +2 -7
  13. package/dist/io/artifacts.d.ts +23 -1
  14. package/dist/io/artifacts.js +4 -3
  15. package/dist/io/runArtifacts.js +1 -1
  16. package/dist/orchestrator/advance.js +53 -71
  17. package/dist/orchestrator/flowCoverage.js +1 -2
  18. package/dist/orchestrator/internalExecutors.js +4 -6
  19. package/dist/orchestrator/planning.js +12 -20
  20. package/dist/orchestrator/resultIngestion.js +3 -2
  21. package/dist/orchestrator/runtimeValidation.js +5 -0
  22. package/dist/orchestrator/syntaxResolutionExecutor.js +10 -2
  23. package/dist/orchestrator/taskBuilder.js +15 -28
  24. package/dist/prompts/renderWorkerPrompt.js +2 -1
  25. package/dist/providers/claudeCodeProvider.js +1 -2
  26. package/dist/providers/constants.d.ts +1 -0
  27. package/dist/providers/constants.js +1 -0
  28. package/dist/providers/index.js +7 -3
  29. package/dist/providers/opencodeProvider.js +1 -6
  30. package/dist/providers/spawnLoggedCommand.js +4 -0
  31. package/dist/providers/types.d.ts +0 -1
  32. package/dist/supervisor/operatorHandoff.d.ts +2 -0
  33. package/dist/supervisor/operatorHandoff.js +21 -9
  34. package/dist/supervisor/runLedger.js +7 -8
  35. package/dist/supervisor/sessionConfig.js +1 -0
  36. package/dist/types/flowCoverage.d.ts +1 -1
  37. package/dist/types/runLedger.d.ts +1 -1
  38. package/dist/types/runtimeValidation.d.ts +2 -1
  39. package/dist/types/sessionConfig.d.ts +0 -6
  40. package/dist/types/surfaces.d.ts +2 -1
  41. package/dist/types/workerSession.d.ts +2 -0
  42. package/dist/types.d.ts +0 -1
  43. package/dist/validation/sessionConfig.js +1 -15
  44. package/package.json +1 -1
  45. package/schemas/audit-code-v1alpha1.schema.json +4 -0
  46. package/schemas/audit_result.schema.json +9 -3
  47. package/schemas/audit_state.schema.json +2 -2
  48. package/schemas/audit_task.schema.json +14 -3
  49. package/schemas/blind_spot_register.schema.json +13 -3
  50. package/schemas/coverage_matrix.schema.json +16 -4
  51. package/schemas/critical_flows.schema.json +6 -3
  52. package/schemas/external_analyzer_results.schema.json +10 -4
  53. package/schemas/finding.schema.json +31 -3
  54. package/schemas/flow_coverage.schema.json +12 -3
  55. package/schemas/graph_bundle.schema.json +12 -6
  56. package/schemas/merged_findings.schema.json +7 -2
  57. package/schemas/risk_register.schema.json +5 -1
  58. package/schemas/root_cause_clusters.schema.json +2 -1
  59. package/schemas/runtime_validation_tasks.schema.json +4 -1
  60. package/schemas/surface_manifest.schema.json +4 -1
  61. package/schemas/unit_manifest.schema.json +10 -3
  62. package/skills/audit-code/audit-code.prompt.md +0 -2
package/schemas/surface_manifest.schema.json CHANGED
@@ -12,7 +12,10 @@
12
12
  "required": ["id", "kind", "entrypoint"],
13
13
  "properties": {
14
14
  "id": { "type": "string" },
15
- "kind": { "type": "string" },
15
+ "kind": {
16
+ "type": "string",
17
+ "enum": ["interface", "background"]
18
+ },
16
19
  "entrypoint": { "type": "string" },
17
20
  "exposure": { "type": "string" },
18
21
  "methods": {
package/schemas/unit_manifest.schema.json CHANGED
@@ -16,12 +16,19 @@
16
16
  "kind": { "type": "string" },
17
17
  "files": {
18
18
  "type": "array",
19
- "items": { "type": "string" }
19
+ "items": { "type": "string" },
20
+ "minItems": 1
21
+ },
22
+ "risk_score": {
23
+ "type": "number",
24
+ "minimum": 0
20
25
  },
21
- "risk_score": { "type": "number" },
22
26
  "required_lenses": {
23
27
  "type": "array",
24
- "items": { "type": "string" }
28
+ "items": {
29
+ "type": "string",
30
+ "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment"]
31
+ }
25
32
  },
26
33
  "critical_flows": {
27
34
  "type": "array",
package/skills/audit-code/audit-code.prompt.md CHANGED
@@ -36,8 +36,6 @@ To determine what task you have been assigned, use your file-reading tool to ins
36
36
  2. Use your file-reading tool to examine the specific source code files mentioned.
37
37
  3. Critically analyze the codebase. Use your deepest reasoning capabilities (e.g., chain of thought) to discover defects, logic errors, or systemic architectural issues requested in the prompt.
38
38
 
39
- > **Important:** Always read and analyze the files listed in the task's `file_paths` array directly. Do **not** infer which files belong to the task by searching for filename patterns or extensions (e.g. `.test.ts`, `.spec.js`) — the task already identifies the exact files for you. Searching by extension will miss files that use non-standard extensions (e.g. `.test.mjs`) and may produce false "no test files found" conclusions.
40
-
41
39
  ## Step 4: Write the Findings
42
40
 
43
41
  Produce your findings array matching exactly the `AuditResult` JSON schema described in the prompt.