auditor-lambda 0.2.11 → 0.2.13

package/dist/cli.js

@@ -24,7 +24,7 @@ import { createFreshSessionProvider, resolveFreshSessionProviderName, } from "./
 import { appendRunLedgerEntry } from "./supervisor/runLedger.js";
 import { buildAuditCodeHandoff, writeAuditCodeHandoffArtifacts, } from "./supervisor/operatorHandoff.js";
 import { getSessionConfigPath, loadSessionConfig, readSessionConfigFile, } from "./supervisor/sessionConfig.js";
-import { clearDispatchFiles, buildRunId, ensureSupervisorDirs, getRunPaths, writeWorkerTaskFiles, } from "./io/runArtifacts.js";
+import { clearDispatchFiles, buildRunId, ensureSupervisorDirs, getRunPaths, writeDispatchBatchFiles, writeWorkerTaskFiles, } from "./io/runArtifacts.js";
 import { renderWorkerPrompt } from "./prompts/renderWorkerPrompt.js";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "./providers/constants.js";
 import { runAuditCodeMcpServer } from "./mcp/server.js";
@@ -154,6 +154,7 @@ async function emitEnvelope(params) {
         providerName: params.providerName,
         progressSummary: params.progress_summary,
         isConfigError: params.isConfigError,
+        activeReviewRun: params.activeReviewRun,
     });
     await writeAuditCodeHandoffArtifacts(handoff);
     console.log(JSON.stringify(buildEnvelope({
@@ -169,7 +170,7 @@ async function emitEnvelope(params) {
 }
 function buildManualReviewBlocker(providerName) {
     return providerName === LOCAL_SUBPROCESS_PROVIDER_NAME
-        ? "Automatic backend steps are exhausted. Remaining semantic review now belongs to the active conversation agent. Review the dispatched files, write structured audit results, and ingest them with audit-code --results <file> or audit-code --batch-results <dir>. If you intentionally want a backend bridge instead, re-run audit-code with --provider auto, --provider claude-code, --provider opencode, --provider subprocess-template, or --provider vscode-task."
+        ? "Automatic backend steps are exhausted. Remaining semantic review now belongs to the active conversation agent. Review the dispatched files, write structured audit results to the run-scoped audit_results_path, and execute the worker_command from current-task.json exactly as written. If you intentionally want a backend bridge instead, re-run audit-code with --provider auto, --provider claude-code, --provider opencode, --provider subprocess-template, or --provider vscode-task."
         : "Automatic work is exhausted. Remaining audit tasks require explicit audit results or an interactive provider.";
 }
 function shouldRunInlineExecutor(selectedExecutor) {
@@ -399,7 +400,7 @@ async function ingestBatchAuditResults(options) {
     }
     const bundle = lastStep?.updated_bundle ??
         (await loadArtifactBundle(options.artifactsDir));
-    const state = lastStep?.audit_state ?? deriveAuditState(bundle);
+    const state = deriveAuditState(bundle);
     const decision = decideNextStep(bundle);
     return {
         batchFiles,
@@ -416,6 +417,51 @@ async function ingestBatchAuditResults(options) {
         next_likely_step: state.status === "complete" ? null : decision.selected_obligation,
     };
 }
+function buildWorkerResult(params) {
+    return {
+        contract_version: WORKER_RESULT_CONTRACT_VERSION,
+        run_id: params.runId,
+        obligation_id: params.obligationId,
+        status: params.status,
+        progress_made: params.progressMade,
+        selected_executor: params.selectedExecutor,
+        artifacts_written: params.artifactsWritten,
+        summary: params.summary,
+        next_likely_step: params.nextLikelyStep,
+        errors: params.errors,
+    };
+}
+async function persistWorkerRunArtifacts(paths, workerResult, executionMode) {
+    await writeJsonFile(paths.resultPath, workerResult);
+    await writeJsonFile(paths.statusPath, {
+        run_id: workerResult.run_id,
+        status: workerResult.status,
+        execution_mode: executionMode,
+        result_path: paths.resultPath,
+    });
+}
+async function persistConfigErrorHandoff(params) {
+    const bundle = await loadArtifactBundle(params.artifactsDir);
+    const blockedState = buildBlockedAuditState({
+        state: bundle.audit_state ?? deriveAuditState(bundle),
+        obligationId: null,
+        executor: null,
+        blocker: params.progressSummary,
+    });
+    await writeCoreArtifacts(params.artifactsDir, {
+        ...bundle,
+        audit_state: blockedState,
+    });
+    const handoff = buildAuditCodeHandoff({
+        root: params.root,
+        artifactsDir: params.artifactsDir,
+        state: blockedState,
+        bundle: { ...bundle, audit_state: blockedState },
+        progressSummary: params.progressSummary,
+        isConfigError: true,
+    });
+    await writeAuditCodeHandoffArtifacts(handoff);
+}
 function isWorkerResult(value) {
     return (typeof value === "object" &&
         value !== null &&
@@ -499,7 +545,20 @@ export async function runSample(argv = process.argv) {
 async function cmdAdvanceAudit(argv) {
     const root = getRootDir(argv);
     const artifactsDir = getArtifactsDir(argv);
-    const sessionConfig = await loadSessionConfig(artifactsDir);
+    await mkdir(artifactsDir, { recursive: true });
+    await ensureSupervisorDirs(artifactsDir);
+    let sessionConfig;
+    try {
+        sessionConfig = await loadSessionConfig(artifactsDir);
+    }
+    catch (error) {
+        await persistConfigErrorHandoff({
+            root,
+            artifactsDir,
+            progressSummary: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+    }
     const providerName = resolveRunProviderName(argv, sessionConfig);
     const batchResultsDir = getBatchResultsDir(argv);
     if (batchResultsDir && getFlag(argv, "--results")) {
@@ -565,7 +624,20 @@ async function cmdAdvanceAudit(argv) {
 async function cmdRunToCompletion(argv) {
     const root = getRootDir(argv);
     const artifactsDir = getArtifactsDir(argv);
-    const sessionConfig = await loadSessionConfig(artifactsDir);
+    await mkdir(artifactsDir, { recursive: true });
+    await ensureSupervisorDirs(artifactsDir);
+    let sessionConfig;
+    try {
+        sessionConfig = await loadSessionConfig(artifactsDir);
+    }
+    catch (error) {
+        await persistConfigErrorHandoff({
+            root,
+            artifactsDir,
+            progressSummary: error instanceof Error ? error.message : String(error),
+        });
+        throw error;
+    }
     const explicitProvider = getExplicitProvider(argv);
     const provider = createFreshSessionProvider(explicitProvider ?? LOCAL_SUBPROCESS_PROVIDER_NAME, sessionConfig);
     const uiMode = getUiMode(argv, sessionConfig.ui_mode ?? "headless");
@@ -574,8 +646,6 @@ async function cmdRunToCompletion(argv) {
     const parallelWorkers = getParallelWorkers(argv, sessionConfig);
     const timeoutMs = getTimeoutMs(argv, sessionConfig);
     const selfCliPath = resolve(argv[1] ?? process.argv[1] ?? "");
-    await mkdir(artifactsDir, { recursive: true });
-    await ensureSupervisorDirs(artifactsDir);
     const batchResultsDir = getBatchResultsDir(argv);
     if (batchResultsDir && getFlag(argv, "--results")) {
         throw new Error("Use either --results <file> or --batch-results <dir>, not both.");
@@ -650,7 +720,7 @@ async function cmdRunToCompletion(argv) {
         if (preferredExecutor === "agent" && provider.name === LOCAL_SUBPROCESS_PROVIDER_NAME) {
             const blocker = buildManualReviewBlocker(provider.name);
             const blockedState = buildBlockedAuditState({
-                state: bundle.audit_state ?? decision.state,
+                state: decision.state,
                 obligationId,
                 executor: preferredExecutor,
                 blocker,
@@ -702,11 +772,19 @@ async function cmdRunToCompletion(argv) {
                 progress_summary: blocker,
                 next_likely_step: null,
                 providerName: provider.name,
+                activeReviewRun: {
+                    run_id: blockRunId,
+                    task_path: blockPaths.taskPath,
+                    prompt_path: blockPaths.promptPath,
+                    pending_audit_tasks_path: blockPendingTasksPath,
+                    audit_results_path: blockAuditResultsPath,
+                    worker_command: blockTask.worker_command,
+                },
             });
             return;
         }
         if (!preferredExecutor) {
-            const state = bundle.audit_state ?? decision.state;
+            const state = decision.state;
             await clearDispatchFiles(artifactsDir);
             await emitEnvelope({
                 root,
@@ -758,10 +836,19 @@ async function cmdRunToCompletion(argv) {
                     max_retries: 0,
                 };
                 const slotPrompt = renderWorkerPrompt(slotTask);
-                await writeWorkerTaskFiles(slotTask, slotPrompt, slotPaths, artifactsDir, group);
+                await writeWorkerTaskFiles(slotTask, slotPrompt, slotPaths, artifactsDir, group, { updateDispatch: false });
                 await writeJsonFile(slotPendingTasksPath, group);
                 workerSlots.push({ runId: slotRunId, paths: slotPaths, auditResultsPath: slotAuditResultsPath, pendingTasksPath: slotPendingTasksPath, group });
             }
+            await writeDispatchBatchFiles(artifactsDir, workerSlots.map((slot) => ({
+                run_id: slot.runId,
+                task_path: slot.paths.taskPath,
+                prompt_path: slot.paths.promptPath,
+                result_path: slot.paths.resultPath,
+                status_path: slot.paths.statusPath,
+                audit_results_path: slot.auditResultsPath,
+                pending_audit_tasks_path: slot.pendingTasksPath,
+            })), workerSlots.flatMap((slot) => slot.group));
             const parallelStartedAt = new Date().toISOString();
             const launchResults = await Promise.allSettled(workerSlots.map((slot) => provider.launch({
                 repoRoot: root,
@@ -791,7 +878,17 @@ async function cmdRunToCompletion(argv) {
             const batchErrors = [];
             for (const slot of workerSlots) {
                 const parallelEndedAt = new Date().toISOString();
-                let slotStatus = "no_progress";
+                let workerResult = buildWorkerResult({
+                    runId: slot.runId,
+                    obligationId,
+                    status: "no_progress",
+                    progressMade: false,
+                    selectedExecutor: "agent",
+                    artifactsWritten: [],
+                    summary: "Parallel worker batch made no progress.",
+                    nextLikelyStep: obligationId,
+                    errors: [],
+                });
                 try {
                     const launchError = launchErrorsByRunId.get(slot.runId);
                     if (launchError) {
@@ -822,7 +919,17 @@ async function cmdRunToCompletion(argv) {
                         preferredExecutor: "result_ingestion_executor",
                         auditResultsPath: slot.auditResultsPath,
                     });
-                    slotStatus = stepResult.progress_made ? "completed" : "no_progress";
+                    workerResult = buildWorkerResult({
+                        runId: slot.runId,
+                        obligationId,
+                        status: stepResult.progress_made ? "completed" : "no_progress",
+                        progressMade: stepResult.progress_made,
+                        selectedExecutor: stepResult.selected_executor,
+                        artifactsWritten: stepResult.artifacts_written,
+                        summary: stepResult.progress_summary,
+                        nextLikelyStep: stepResult.next_likely_step,
+                        errors: [],
+                    });
                     batchProgress ||= stepResult.progress_made;
                     if (stepResult.progress_made)
                         anyProgress = true;
@@ -830,17 +937,28 @@ async function cmdRunToCompletion(argv) {
                         artifactsWritten.add(a);
                 }
                 catch (error) {
-                    slotStatus = "failed";
                     const message = error instanceof Error ? error.message : String(error);
                     batchErrors.push(`${slot.runId}: ${message}`);
+                    workerResult = buildWorkerResult({
+                        runId: slot.runId,
+                        obligationId,
+                        status: "failed",
+                        progressMade: false,
+                        selectedExecutor: "agent",
+                        artifactsWritten: [],
+                        summary: `Worker failed for executor agent: ${message}`,
+                        nextLikelyStep: obligationId,
+                        errors: [message],
+                    });
                     process.stderr.write(`[agent-batch] ${slot.runId} failed: ${message}\n`);
                 }
+                await persistWorkerRunArtifacts(slot.paths, workerResult, "parallel-deferred-agent");
                 await appendRunLedgerEntry(artifactsDir, {
                     run_id: slot.runId,
                     provider: provider.name,
                     obligation_id: obligationId,
-                    selected_executor: "agent",
-                    status: slotStatus,
+                    selected_executor: workerResult.selected_executor,
+                    status: workerResult.status,
                     started_at: parallelStartedAt,
                     ended_at: parallelEndedAt,
                     result_path: slot.paths.resultPath,
@@ -940,12 +1058,7 @@ async function cmdRunToCompletion(argv) {
                     errors: [message],
                 };
             }
-            await writeJsonFile(paths.resultPath, workerResult);
-            await writeJsonFile(paths.statusPath, {
-                run_id: runId,
-                status: workerResult.status,
-                execution_mode: "inline",
-            });
+            await persistWorkerRunArtifacts(paths, workerResult, "inline");
             await appendRunLedgerEntry(artifactsDir, {
                 run_id: runId,
                 provider: provider.name,
@@ -1098,7 +1211,7 @@ async function cmdRunToCompletion(argv) {
                 next_likely_step: decision.selected_obligation,
                 errors: [message],
             };
-            await writeJsonFile(paths.resultPath, workerResult);
+            await persistWorkerRunArtifacts(paths, workerResult, "provider-launch");
         }
         await appendRunLedgerEntry(artifactsDir, {
             run_id: runId,
@@ -1138,12 +1251,12 @@ async function cmdRunToCompletion(argv) {
             const shouldBlock = workerResult.status === "failed" || workerResult.status === "blocked";
             const state = shouldBlock
                 ? buildBlockedAuditState({
-                    state: bundleAfter.audit_state ?? deriveAuditState(bundleAfter),
+                    state: deriveAuditState(bundleAfter),
                     obligationId: workerResult.obligation_id,
                     executor: workerResult.selected_executor,
                     blocker: buildWorkerFailureBlocker(workerResult),
                 })
-                : bundleAfter.audit_state ?? deriveAuditState(bundleAfter);
+                : deriveAuditState(bundleAfter);
             if (shouldBlock) {
                 await writeCoreArtifacts(artifactsDir, {
                     ...bundleAfter,
@@ -1172,7 +1285,7 @@ async function cmdRunToCompletion(argv) {
     }
     const bundle = await loadArtifactBundle(artifactsDir);
     const decision = decideNextStep(bundle);
-    const state = bundle.audit_state ?? decision.state;
+    const state = decision.state;
     if (state.status === "complete") {
         await clearDispatchFiles(artifactsDir);
     }

package/dist/extractors/disposition.js

@@ -1,4 +1,4 @@
-import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, normalizeExtractorPath, } from "./pathPatterns.js";
+import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, isAuditArtifactPath, isGeneratedInstallArtifactPath, normalizeExtractorPath, } from "./pathPatterns.js";
 function inferDisposition(path) {
     const normalized = normalizeExtractorPath(path);
     if (isNodeModulesOrGit(normalized)) {
@@ -26,9 +26,23 @@ function inferDisposition(path) {
     if (isLockfilePath(normalized)) {
         return { path, status: "generated", reason: "Lockfile excluded from code audit scope." };
     }
+    if (isAuditArtifactPath(normalized)) {
+        return {
+            path,
+            status: "generated",
+            reason: "Generated audit artifact.",
+        };
+    }
     if (isDocPath(normalized)) {
         return { path, status: "doc_only", reason: "Documentation artifact." };
     }
+    if (isGeneratedInstallArtifactPath(normalized)) {
+        return {
+            path,
+            status: "generated",
+            reason: "Generated install/bootstrap artifact.",
+        };
+    }
     return {
         path,
         status: "included",

package/dist/extractors/pathPatterns.d.ts

@@ -13,6 +13,8 @@ export declare function isLogPath(normalized: string): boolean;
 export declare function isLicensePath(normalized: string): boolean;
 export declare function isLockfilePath(normalized: string): boolean;
 export declare function isDocPath(normalized: string): boolean;
+export declare function isGeneratedInstallArtifactPath(normalized: string): boolean;
+export declare function isAuditArtifactPath(normalized: string): boolean;
 export declare function isTestPath(normalized: string): boolean;
 export declare function isInterfacePath(normalized: string): boolean;
 export declare function isDataLayerPath(normalized: string): boolean;

package/dist/extractors/pathPatterns.js

@@ -100,6 +100,12 @@ export function isLockfilePath(normalized) {
 export function isDocPath(normalized) {
     return normalized.endsWith(".md") || hasSegment(normalized, "docs");
 }
+export function isGeneratedInstallArtifactPath(normalized) {
+    return normalized.startsWith(".audit-code/install/");
+}
+export function isAuditArtifactPath(normalized) {
+    return splitSegments(normalized).some((segment) => segment.startsWith(".audit-artifacts"));
+}
 export function isTestPath(normalized) {
     return includesAny(normalized, TEST_KEYWORDS);
 }

package/dist/io/artifacts.d.ts

@@ -9,6 +9,7 @@ import type { GraphBundle } from "../types/graph.js";
 import type { RiskRegister } from "../types/risk.js";
 import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
 import type { SurfaceManifest } from "../types/surfaces.js";
+import type { ToolingManifest } from "../types/toolingManifest.js";
 type ArtifactPayloadMap = {
     repo_manifest: RepoManifest;
     file_disposition: FileDisposition;
@@ -29,6 +30,7 @@ type ArtifactPayloadMap = {
     audit_report: string;
     audit_state: AuditState;
     artifact_metadata: ArtifactMetadataManifest;
+    tooling_manifest: ToolingManifest;
 };
 /**
  * Audit artifacts accumulate phase-by-phase as the orchestrator advances.
@@ -63,6 +65,7 @@ export declare const ARTIFACT_DEFINITIONS: {
     readonly audit_report: ArtifactDefinition<"audit_report">;
     readonly audit_state: ArtifactDefinition<"audit_state">;
     readonly artifact_metadata: ArtifactDefinition<"artifact_metadata">;
+    readonly tooling_manifest: ArtifactDefinition<"tooling_manifest">;
 };
 export declare const ARTIFACT_FILE_TO_BUNDLE_KEY: Record<string, ArtifactBundleKey>;
 export declare function getArtifactValue(bundle: ArtifactBundle, artifactName: string): unknown;

package/dist/io/artifacts.js

@@ -1,6 +1,7 @@
 import { cp, rm, unlink } from "node:fs/promises";
 import { join } from "node:path";
 import { isFileMissingError, readOptionalJsonFile, readOptionalNdjsonFile, readOptionalTextFile, writeJsonFile, writeNdjsonFile, writeTextFile, } from "./json.js";
+import { buildToolingManifest } from "./toolingManifest.js";
 function jsonArtifact(fileName, phase) {
     return {
         fileName,
@@ -45,6 +46,7 @@ export const ARTIFACT_DEFINITIONS = {
     audit_report: textArtifact("audit-report.md", "reporting"),
     audit_state: jsonArtifact("audit_state.json", "supervisor"),
     artifact_metadata: jsonArtifact("artifact_metadata.json", "supervisor"),
+    tooling_manifest: jsonArtifact("tooling_manifest.json", "supervisor"),
 };
 const ARTIFACT_ENTRIES = Object.entries(ARTIFACT_DEFINITIONS);
 export const ARTIFACT_FILE_TO_BUNDLE_KEY = Object.fromEntries(ARTIFACT_ENTRIES.map(([key, definition]) => [definition.fileName, key]));
@@ -62,6 +64,7 @@ export async function loadArtifactBundle(root) {
             bundleRecord[key] = value;
         }
     }
+    bundle.tooling_manifest = await buildToolingManifest();
     return bundle;
 }
 export async function writeCoreArtifacts(root, bundle) {

package/dist/io/runArtifacts.d.ts

@@ -9,8 +9,20 @@ export interface RunPaths {
     stderrPath: string;
     statusPath: string;
 }
+export interface DispatchBatchRun {
+    run_id: string;
+    task_path: string;
+    prompt_path: string;
+    result_path: string;
+    status_path: string;
+    audit_results_path?: string;
+    pending_audit_tasks_path?: string;
+}
 export declare function buildRunId(obligationId: string | null, index: number, now?: Date): string;
 export declare function getRunPaths(artifactsDir: string, runId: string): RunPaths;
 export declare function ensureSupervisorDirs(artifactsDir: string): Promise<void>;
-export declare function writeWorkerTaskFiles(task: WorkerTask, prompt: string, paths: RunPaths, artifactsDir: string, currentTasks?: AuditTask[]): Promise<void>;
+export declare function writeWorkerTaskFiles(task: WorkerTask, prompt: string, paths: RunPaths, artifactsDir: string, currentTasks?: AuditTask[], options?: {
+    updateDispatch?: boolean;
+}): Promise<void>;
+export declare function writeDispatchBatchFiles(artifactsDir: string, runs: DispatchBatchRun[], currentTasks: AuditTask[]): Promise<void>;
 export declare function clearDispatchFiles(artifactsDir: string): Promise<void>;

package/dist/io/runArtifacts.js

@@ -5,6 +5,10 @@ import { writeJsonFile } from "./json.js";
 const moduleDir = dirname(fileURLToPath(import.meta.url));
 const packageRoot = resolve(moduleDir, "..", "..");
 const auditResultSchemaPath = join(packageRoot, "schemas", "audit_result.schema.json");
+const CURRENT_TASK_FILENAME = "current-task.json";
+const CURRENT_PROMPT_FILENAME = "current-prompt.md";
+const CURRENT_TASKS_FILENAME = "current-tasks.json";
+const CURRENT_SCHEMA_FILENAME = "audit-result.schema.json";
 function pad(value, size = 2) {
     return String(value).padStart(size, "0");
 }
@@ -49,7 +53,7 @@ export async function ensureSupervisorDirs(artifactsDir) {
     await mkdir(join(artifactsDir, "dispatch"), { recursive: true });
     await mkdir(join(artifactsDir, "runs"), { recursive: true });
 }
-export async function writeWorkerTaskFiles(task, prompt, paths, artifactsDir, currentTasks) {
+export async function writeWorkerTaskFiles(task, prompt, paths, artifactsDir, currentTasks, options = {}) {
     await mkdir(paths.runDir, { recursive: true });
     await writeJsonFile(paths.taskPath, task);
     await writeFile(paths.promptPath, prompt, "utf8");
@@ -57,17 +61,57 @@ export async function writeWorkerTaskFiles(task, prompt, paths, artifactsDir, cu
         run_id: task.run_id,
         status: "dispatched",
     });
-    await writeJsonFile(join(artifactsDir, "dispatch", "current-task.json"), task);
-    await writeFile(join(artifactsDir, "dispatch", "current-prompt.md"), prompt, "utf8");
-    await writeJsonFile(join(artifactsDir, "dispatch", "current-tasks.json"), currentTasks ?? []);
-    await writeFile(join(artifactsDir, "dispatch", "audit-result.schema.json"), await readFile(auditResultSchemaPath, "utf8"), "utf8");
+    if (options.updateDispatch === false) {
+        await writeFile(join(artifactsDir, "dispatch", CURRENT_SCHEMA_FILENAME), await readFile(auditResultSchemaPath, "utf8"), "utf8");
+        return;
+    }
+    await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASK_FILENAME), task);
+    await writeFile(join(artifactsDir, "dispatch", CURRENT_PROMPT_FILENAME), prompt, "utf8");
+    await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASKS_FILENAME), currentTasks ?? []);
+    await writeFile(join(artifactsDir, "dispatch", CURRENT_SCHEMA_FILENAME), await readFile(auditResultSchemaPath, "utf8"), "utf8");
+}
+export async function writeDispatchBatchFiles(artifactsDir, runs, currentTasks) {
+    const summary = {
+        contract_version: "audit-code-dispatch/v1alpha1",
+        mode: "parallel-batch",
+        run_count: runs.length,
+        current_tasks_path: join(artifactsDir, "dispatch", CURRENT_TASKS_FILENAME),
+        runs,
+    };
+    const promptLines = [
+        "# audit-code parallel dispatch",
+        "",
+        `This batch launched ${runs.length} deferred review run(s).`,
+        "Each run keeps its own task.json, prompt.md, result.json, and status.json under .audit-artifacts/runs/<run_id>/.",
+        "Use current-tasks.json for the combined task list, then inspect the per-run files below when you need exact prompts or result paths.",
+        "",
+        "Runs:",
+        ...runs.flatMap((run) => [
+            `- ${run.run_id}`,
+            `  task: ${run.task_path}`,
+            `  prompt: ${run.prompt_path}`,
+            `  result: ${run.result_path}`,
+            `  status: ${run.status_path}`,
+            ...(run.audit_results_path
+                ? [`  audit results: ${run.audit_results_path}`]
+                : []),
+            ...(run.pending_audit_tasks_path
+                ? [`  pending tasks: ${run.pending_audit_tasks_path}`]
+                : []),
+        ]),
+        "",
+    ];
+    await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASK_FILENAME), summary);
+    await writeFile(join(artifactsDir, "dispatch", CURRENT_PROMPT_FILENAME), promptLines.join("\n"), "utf8");
+    await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASKS_FILENAME), currentTasks);
+    await writeFile(join(artifactsDir, "dispatch", CURRENT_SCHEMA_FILENAME), await readFile(auditResultSchemaPath, "utf8"), "utf8");
 }
 export async function clearDispatchFiles(artifactsDir) {
     const targets = [
-        "current-task.json",
-        "current-prompt.md",
-        "current-tasks.json",
-        "audit-result.schema.json",
+        CURRENT_TASK_FILENAME,
+        CURRENT_PROMPT_FILENAME,
+        CURRENT_TASKS_FILENAME,
+        CURRENT_SCHEMA_FILENAME,
     ];
     for (const name of targets) {
         await rm(join(artifactsDir, "dispatch", name), { force: true });

package/dist/io/toolingManifest.d.ts

@@ -0,0 +1,2 @@
+import type { ToolingManifest } from "../types/toolingManifest.js";
+export declare function buildToolingManifest(): Promise<ToolingManifest>;

package/dist/io/toolingManifest.js

@@ -0,0 +1,75 @@
+import { createHash } from "node:crypto";
+import { readdir, readFile, stat } from "node:fs/promises";
+import { dirname, join, relative, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+const PACKAGE_ROOT = resolve(dirname(fileURLToPath(import.meta.url)), "..", "..");
+const TOOLING_INPUTS = [
+    "audit-code.mjs",
+    "audit-code-wrapper-lib.mjs",
+    "package.json",
+    "dist",
+    "schemas",
+    "skills/audit-code",
+];
+async function pathExists(path) {
+    try {
+        await stat(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function collectFiles(path) {
+    const info = await stat(path);
+    if (info.isFile()) {
+        return [path];
+    }
+    if (!info.isDirectory()) {
+        return [];
+    }
+    const entries = await readdir(path, { withFileTypes: true });
+    const files = [];
+    for (const entry of entries.sort((a, b) => a.name.localeCompare(b.name))) {
+        files.push(...(await collectFiles(join(path, entry.name))));
+    }
+    return files;
+}
+async function readPackageVersion() {
+    const packageJsonPath = join(PACKAGE_ROOT, "package.json");
+    if (!(await pathExists(packageJsonPath))) {
+        return null;
+    }
+    try {
+        const packageJson = JSON.parse(await readFile(packageJsonPath, "utf8"));
+        return typeof packageJson.version === "string" ? packageJson.version : null;
+    }
+    catch {
+        return null;
+    }
+}
+export async function buildToolingManifest() {
+    const hash = createHash("sha256");
+    const existingInputs = [];
+    for (const input of TOOLING_INPUTS) {
+        const absolute = join(PACKAGE_ROOT, input);
+        if (!(await pathExists(absolute))) {
+            continue;
+        }
+        existingInputs.push(input);
+        const files = await collectFiles(absolute);
+        for (const file of files.sort((a, b) => a.localeCompare(b))) {
+            hash.update(relative(PACKAGE_ROOT, file).replace(/\\/g, "/"));
+            hash.update("\n");
+            hash.update(await readFile(file));
+            hash.update("\n");
+        }
+    }
+    return {
+        generated_at: new Date().toISOString(),
+        package_root: PACKAGE_ROOT,
+        package_version: await readPackageVersion(),
+        implementation_hash: hash.digest("hex"),
+        inputs: existingInputs,
+    };
+}

package/dist/orchestrator/advance.js

@@ -108,8 +108,12 @@ export async function advanceAudit(bundle, options = {}) {
     catch (error) {
         throw formatExecutorFailure(selectedExecutor, selectedObligation, error);
     }
-    const metadata = computeArtifactMetadata(run.updated, bundle.artifact_metadata);
-    const metadataBundle = { ...run.updated, artifact_metadata: metadata };
+    const metadata = computeArtifactMetadata(run.updated, bundle.artifact_metadata, [...run.artifacts_written, "tooling_manifest.json"]);
+    const metadataBundle = {
+        ...run.updated,
+        tooling_manifest: bundle.tooling_manifest,
+        artifact_metadata: metadata,
+    };
     const updatedState = deriveAuditState(metadataBundle);
     updatedState.last_executor = selectedExecutor;
     updatedState.last_obligation = selectedObligation ?? undefined;

package/dist/orchestrator/artifactMetadata.d.ts

@@ -1,4 +1,4 @@
 import type { ArtifactMetadataManifest } from "../types/artifactMetadata.js";
 import type { ArtifactBundle } from "../io/artifacts.js";
 export declare function present(bundle: ArtifactBundle, artifactName: string): boolean;
-export declare function computeArtifactMetadata(bundle: ArtifactBundle, previous?: ArtifactMetadataManifest): ArtifactMetadataManifest;
+export declare function computeArtifactMetadata(bundle: ArtifactBundle, previous?: ArtifactMetadataManifest, updatedArtifacts?: Iterable<string>): ArtifactMetadataManifest;

package/dist/orchestrator/artifactMetadata.js

@@ -28,6 +28,14 @@ function normalizeForMetadataHash(artifactName, value) {
         const { generated_at: _generatedAt, ...rest } = record;
         return rest;
     }
+    if (artifactName === "tooling_manifest.json" &&
+        value &&
+        typeof value === "object" &&
+        !Array.isArray(value)) {
+        const record = value;
+        const { generated_at: _generatedAt, ...rest } = record;
+        return rest;
+    }
     return value;
 }
 function buildReverseDependencyMap() {
@@ -72,8 +80,9 @@ export function present(bundle, artifactName) {
     const value = getArtifactValue(bundle, artifactName);
     return value !== undefined && value !== null;
 }
-export function computeArtifactMetadata(bundle, previous) {
+export function computeArtifactMetadata(bundle, previous, updatedArtifacts = []) {
     const artifacts = {};
+    const updated = new Set(updatedArtifacts);
     const presentArtifacts = Object.keys(REVERSE_DEPENDENCY_MAP).filter((artifactName) => artifactName !== "artifact_metadata.json" &&
         present(bundle, artifactName));
     const orderedArtifacts = computeDependencyFirstOrder(presentArtifacts);
@@ -83,8 +92,12 @@ export function computeArtifactMetadata(bundle, previous) {
         const value = getArtifactValue(bundle, artifactName);
         if (value === undefined || value === null)
             continue;
-        const contentHash = hashValue(normalizeForMetadataHash(artifactName, value));
         const previousEntry = previous?.artifacts[artifactName];
+        if (previousEntry && !updated.has(artifactName)) {
+            artifacts[artifactName] = previousEntry;
+            continue;
+        }
+        const contentHash = hashValue(normalizeForMetadataHash(artifactName, value));
         const dependencyRevisions = Object.fromEntries((REVERSE_DEPENDENCY_MAP[artifactName] ?? [])
             .filter((dependencyName) => dependencyName !== "artifact_metadata.json")
             .sort()

package/dist/orchestrator/dependencyMap.js

@@ -1,4 +1,7 @@
 export const ARTIFACT_DEPENDENCY_MAP = {
+    "tooling_manifest.json": [
+        "repo_manifest.json",
+    ],
     "repo_manifest.json": [
         "file_disposition.json",
         "unit_manifest.json",

package/dist/orchestrator/internalExecutors.js

@@ -174,6 +174,18 @@ export function runResultIngestionExecutor(bundle, results) {
     const flowCoverage = bundle.critical_flows
         ? buildFlowCoverage(bundle.critical_flows, updatedCoverageMatrix)
         : bundle.flow_coverage;
+    const runtimeCommand = bundle.runtime_validation_tasks?.tasks.find((task) => task.command && task.command.length > 0)?.command;
+    const runtimeValidationTasks = bundle.unit_manifest && flowCoverage
+        ? buildRuntimeValidationTasks({
+            unitManifest: bundle.unit_manifest,
+            criticalFlows: bundle.critical_flows,
+            flowCoverage,
+            command: runtimeCommand,
+        })
+        : bundle.runtime_validation_tasks;
+    const runtimeValidationReport = runtimeValidationTasks
+        ? mergeRuntimeValidationReport(runtimeValidationTasks, bundle.runtime_validation_report)
+        : bundle.runtime_validation_report;
     const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, bundle.critical_flows, flowCoverage, bundle.external_analyzer_results);
     const mergedResults = [...(bundle.audit_results ?? []), ...results];
     const updatedAuditTasks = updateAuditTaskStatuses(bundle.audit_tasks, mergedResults);
@@ -182,6 +194,8 @@ export function runResultIngestionExecutor(bundle, results) {
             ...bundle,
             coverage_matrix: updatedCoverageMatrix,
             flow_coverage: flowCoverage,
+            runtime_validation_tasks: runtimeValidationTasks,
+            runtime_validation_report: runtimeValidationReport,
             audit_results: mergedResults,
             audit_tasks: updatedAuditTasks,
             requeue_tasks: requeuePayload.tasks,
@@ -190,6 +204,8 @@ export function runResultIngestionExecutor(bundle, results) {
         artifacts_written: [
             "coverage_matrix.json",
             "flow_coverage.json",
+            ...(runtimeValidationTasks ? ["runtime_validation_tasks.json"] : []),
+            ...(runtimeValidationReport ? ["runtime_validation_report.json"] : []),
             "audit_results.jsonl",
             "audit_tasks.json",
             "requeue_tasks.json",

package/dist/orchestrator/staleness.js

@@ -23,6 +23,14 @@ function normalizeForMetadataHash(artifactName, value) {
         const { generated_at: _generatedAt, ...rest } = record;
         return rest;
     }
+    if (artifactName === "tooling_manifest.json" &&
+        value &&
+        typeof value === "object" &&
+        !Array.isArray(value)) {
+        const record = value;
+        const { generated_at: _generatedAt, ...rest } = record;
+        return rest;
+    }
     return value;
 }
 function computeContentHash(artifactName, bundle) {
@@ -33,6 +41,18 @@ function computeContentHash(artifactName, bundle) {
         .update(stableStringify(normalizeForMetadataHash(artifactName, value)))
         .digest("hex");
 }
+function buildReverseDependencyMap() {
+    const reverse = {};
+    for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENCY_MAP)) {
+        reverse[upstream] ??= [];
+        for (const downstream of downstreamList) {
+            reverse[downstream] ??= [];
+            reverse[downstream].push(upstream);
+        }
+    }
+    return reverse;
+}
+const REVERSE_DEPENDENCY_MAP = buildReverseDependencyMap();
 export function computeStaleArtifacts(bundle) {
     const stale = new Set();
     const metadata = bundle.artifact_metadata;
@@ -40,6 +60,15 @@ export function computeStaleArtifacts(bundle) {
         for (const [artifactName, entry] of Object.entries(metadata.artifacts)) {
             if (!present(bundle, artifactName))
                 continue;
+            const expectedDependencies = [...(REVERSE_DEPENDENCY_MAP[artifactName] ?? [])]
+                .filter((dependencyName) => dependencyName !== "artifact_metadata.json")
+                .sort();
+            const recordedDependencies = Object.keys(entry.dependency_revisions).sort();
+            if (stableStringify(expectedDependencies) !==
+                stableStringify(recordedDependencies)) {
+                stale.add(artifactName);
+                continue;
+            }
             let isStale = false;
             for (const [dependencyName, recordedRevision] of Object.entries(entry.dependency_revisions)) {
                 if (!present(bundle, dependencyName)) {
@@ -51,7 +80,7 @@ export function computeStaleArtifacts(bundle) {
                 }
                 const dependencyEntry = metadata.artifacts[dependencyName];
                 if (!dependencyEntry) {
-                    if (recordedRevision > 0) {
+                    if (present(bundle, dependencyName) || recordedRevision > 0) {
                         isStale = true;
                         break;
                     }
@@ -70,6 +99,9 @@ export function computeStaleArtifacts(bundle) {
         }
     }
     for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENCY_MAP)) {
+        if (upstream === "tooling_manifest.json" && !present(bundle, upstream)) {
+            continue;
+        }
         if (!present(bundle, upstream)) {
             for (const downstream of downstreamList) {
                 const hasMetadataEntry = Boolean(metadata?.artifacts[downstream]);
@@ -79,5 +111,20 @@ export function computeStaleArtifacts(bundle) {
             }
         }
     }
+    let changed = true;
+    while (changed) {
+        changed = false;
+        for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENCY_MAP)) {
+            if (!stale.has(upstream)) {
+                continue;
+            }
+            for (const downstream of downstreamList) {
+                if (present(bundle, downstream) && !stale.has(downstream)) {
+                    stale.add(downstream);
+                    changed = true;
+                }
+            }
+        }
+    }
     return stale;
 }

package/dist/supervisor/operatorHandoff.d.ts

@@ -11,9 +11,20 @@ export interface AuditCodeHandoffArtifactPaths {
     operator_handoff_markdown: string;
     session_config: string;
     run_ledger: string;
+    current_task: string | null;
+    current_prompt: string | null;
+    current_tasks: string | null;
     audit_tasks: string | null;
     runtime_validation_tasks: string | null;
 }
+export interface ActiveReviewRun {
+    run_id: string;
+    task_path: string;
+    prompt_path: string;
+    pending_audit_tasks_path?: string;
+    audit_results_path: string;
+    worker_command: string[];
+}
 export declare const CONFIG_ERROR_BLOCKER_PREFIX = "config-error:";
 export interface AuditCodeHandoff {
     status: AuditTopLevelStatus;
@@ -26,6 +37,7 @@ export interface AuditCodeHandoff {
     suggested_commands: string[];
     interactive_provider_hint: string | null;
     artifact_paths: AuditCodeHandoffArtifactPaths;
+    active_review_run?: ActiveReviewRun;
 }
 export declare function buildAuditCodeHandoff(params: {
     root: string;
@@ -35,5 +47,6 @@ export declare function buildAuditCodeHandoff(params: {
     providerName?: string | null;
     progressSummary: string;
     isConfigError?: boolean;
+    activeReviewRun?: ActiveReviewRun;
 }): AuditCodeHandoff;
 export declare function writeAuditCodeHandoffArtifacts(handoff: AuditCodeHandoff): Promise<void>;

package/dist/supervisor/operatorHandoff.js

@@ -8,6 +8,9 @@ const OPERATOR_HANDOFF_JSON_FILENAME = "operator-handoff.json";
 const OPERATOR_HANDOFF_MARKDOWN_FILENAME = "operator-handoff.md";
 const SESSION_CONFIG_FILENAME = "session-config.json";
 const RUN_LEDGER_FILENAME = "run-ledger.json";
+const CURRENT_TASK_FILENAME = "current-task.json";
+const CURRENT_PROMPT_FILENAME = "current-prompt.md";
+const CURRENT_TASKS_FILENAME = "current-tasks.json";
 const AUDIT_TASKS_FILENAME = "audit_tasks.json";
 const RUNTIME_VALIDATION_TASKS_FILENAME = "runtime_validation_tasks.json";
 const BLOCKED_STATUS = "blocked";
@@ -29,6 +32,12 @@ function quoteShellPath(filePath) {
     // double-quote wrapping plus escaping embedded double quotes.
     return `"${filePath.replace(/"/g, '\\"')}"`;
 }
+function quoteShellArg(value) {
+    return quoteShellPath(value);
+}
+function renderShellCommand(argv) {
+    return argv.map((item) => quoteShellArg(item)).join(" ");
+}
 function buildPendingObligations(state) {
     return state.obligations
         .filter((item) => !NON_PENDING_OBLIGATION_STATES.has(item.state))
@@ -55,10 +64,19 @@ function buildSummary(status, providerName, fallbackSummary) {
         ? `Automatic work can continue under ${providerName}. Re-run the same wrapper or inspect the listed artifacts if you need operator context.`
         : "Automatic work can continue. Re-run the same wrapper or inspect the listed artifacts if you need operator context.";
 }
-function buildSuggestedInputs(artifactsDir, status, isConfigError) {
+function buildSuggestedInputs(artifactsDir, status, isConfigError, activeReviewRun) {
     if (status !== BLOCKED_STATUS || isConfigError) {
         return [];
     }
+    if (activeReviewRun) {
+        return [
+            {
+                flag: "--results",
+                suggested_path: activeReviewRun.audit_results_path,
+                description: "Write structured audit-review results for the currently dispatched run, then execute the exact worker command below to ingest them.",
+            },
+        ];
+    }
     const incomingDir = join(artifactsDir, INCOMING_DIRNAME);
     return [
         {
@@ -83,10 +101,13 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError) {
         },
     ];
 }
-function buildSuggestedCommands(suggestedInputs, status) {
+function buildSuggestedCommands(suggestedInputs, status, activeReviewRun) {
     if (status !== BLOCKED_STATUS) {
         return [];
     }
+    if (activeReviewRun) {
+        return [renderShellCommand(activeReviewRun.worker_command)];
+    }
     return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
 }
 function buildInteractiveProviderHint(status, providerName, sessionConfigPath, isConfigError) {
@@ -126,6 +147,9 @@ function renderMarkdown(handoff) {
     lines.push(`- incoming dir: ${handoff.artifact_paths.incoming_dir}`);
     lines.push(`- session config: ${handoff.artifact_paths.session_config}`);
     lines.push(`- run ledger: ${handoff.artifact_paths.run_ledger}`);
+    lines.push(`- current task: ${handoff.artifact_paths.current_task ?? "not available"}`);
+    lines.push(`- current prompt: ${handoff.artifact_paths.current_prompt ?? "not available"}`);
+    lines.push(`- current tasks: ${handoff.artifact_paths.current_tasks ?? "not available"}`);
     lines.push(`- audit tasks: ${handoff.artifact_paths.audit_tasks ?? "not available yet"}`);
     lines.push(`- runtime validation tasks: ${handoff.artifact_paths.runtime_validation_tasks ?? "not available yet"}`);
     if (handoff.suggested_inputs.length > 0) {
@@ -141,6 +165,16 @@ function renderMarkdown(handoff) {
             lines.push(`- ${command}`);
         }
     }
+    if (handoff.active_review_run) {
+        lines.push("", "Active review run:");
+        lines.push(`- run id: ${handoff.active_review_run.run_id}`);
+        lines.push(`- task file: ${handoff.active_review_run.task_path}`);
+        lines.push(`- prompt file: ${handoff.active_review_run.prompt_path}`);
+        if (handoff.active_review_run.pending_audit_tasks_path) {
+            lines.push(`- pending tasks: ${handoff.active_review_run.pending_audit_tasks_path}`);
+        }
+        lines.push(`- audit results: ${handoff.active_review_run.audit_results_path}`);
+    }
     if (handoff.interactive_provider_hint) {
         lines.push("", "Interactive provider hint:");
         lines.push(`- ${handoff.interactive_provider_hint}`);
@@ -157,6 +191,15 @@ export function buildAuditCodeHandoff(params) {
         operator_handoff_markdown: join(params.artifactsDir, OPERATOR_HANDOFF_MARKDOWN_FILENAME),
         session_config: join(params.artifactsDir, SESSION_CONFIG_FILENAME),
         run_ledger: join(params.artifactsDir, RUN_LEDGER_FILENAME),
+        current_task: params.state.status === BLOCKED_STATUS
+            ? join(params.artifactsDir, "dispatch", CURRENT_TASK_FILENAME)
+            : null,
+        current_prompt: params.state.status === BLOCKED_STATUS
+            ? join(params.artifactsDir, "dispatch", CURRENT_PROMPT_FILENAME)
+            : null,
+        current_tasks: params.state.status === BLOCKED_STATUS
+            ? join(params.artifactsDir, "dispatch", CURRENT_TASKS_FILENAME)
+            : null,
         audit_tasks: params.bundle.audit_tasks
             ? join(params.artifactsDir, AUDIT_TASKS_FILENAME)
             : null,
@@ -164,7 +207,7 @@ export function buildAuditCodeHandoff(params) {
             ? join(params.artifactsDir, RUNTIME_VALIDATION_TASKS_FILENAME)
             : null,
     };
-    const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status, isConfigError);
+    const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status, isConfigError, params.activeReviewRun);
     return {
         status: params.state.status,
         repo_root: params.root,
@@ -173,9 +216,10 @@ export function buildAuditCodeHandoff(params) {
         summary: buildSummary(params.state.status, params.providerName ?? null, params.progressSummary),
         pending_obligations: buildPendingObligations(params.state),
         suggested_inputs: suggestedInputs,
-        suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status),
+        suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status, params.activeReviewRun),
         interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config, isConfigError),
         artifact_paths: artifactPaths,
+        active_review_run: params.activeReviewRun,
     };
 }
 export async function writeAuditCodeHandoffArtifacts(handoff) {

package/dist/types/toolingManifest.d.ts

@@ -0,0 +1,7 @@
+export interface ToolingManifest {
+    generated_at: string;
+    package_root: string;
+    package_version: string | null;
+    implementation_hash: string;
+    inputs: string[];
+}

package/dist/types/toolingManifest.js

@@ -0,0 +1 @@
+export {};

package/dist/validation/artifacts.js

@@ -40,6 +40,9 @@ export function validateArtifactBundle(bundle) {
     if (bundle.external_analyzer_results) {
         issues.push(...requireKeys(bundle.external_analyzer_results, "external_analyzer_results", ["tool", "results"]));
     }
+    if (bundle.tooling_manifest) {
+        issues.push(...requireKeys(bundle.tooling_manifest, "tooling_manifest", ["generated_at", "package_root", "implementation_hash", "inputs"]));
+    }
     const repoManifestFiles = asArray(bundle.repo_manifest?.files);
     const fileDispositionEntries = asArray(bundle.file_disposition?.files);
     const unitManifestUnits = asArray(bundle.unit_manifest?.units);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.2.11",
+  "version": "0.2.13",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/schemas/audit-code-v1alpha1.schema.json

@@ -154,6 +154,41 @@
         "interactive_provider_hint": {
           "type": ["string", "null"]
         },
+        "active_review_run": {
+          "type": "object",
+          "additionalProperties": false,
+          "required": [
+            "run_id",
+            "task_path",
+            "prompt_path",
+            "audit_results_path",
+            "worker_command"
+          ],
+          "properties": {
+            "run_id": {
+              "type": "string"
+            },
+            "task_path": {
+              "type": "string"
+            },
+            "prompt_path": {
+              "type": "string"
+            },
+            "pending_audit_tasks_path": {
+              "type": "string"
+            },
+            "audit_results_path": {
+              "type": "string"
+            },
+            "worker_command": {
+              "type": "array",
+              "minItems": 1,
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        },
         "artifact_paths": {
           "type": "object",
           "additionalProperties": false,
@@ -163,6 +198,9 @@
             "operator_handoff_markdown",
             "session_config",
             "run_ledger",
+            "current_task",
+            "current_prompt",
+            "current_tasks",
             "audit_tasks",
             "runtime_validation_tasks"
           ],
@@ -182,6 +220,15 @@
             "run_ledger": {
               "type": "string"
             },
+            "current_task": {
+              "type": ["string", "null"]
+            },
+            "current_prompt": {
+              "type": ["string", "null"]
+            },
+            "current_tasks": {
+              "type": ["string", "null"]
+            },
             "audit_tasks": {
               "type": ["string", "null"]
             },

package/skills/audit-code/SKILL.md

@@ -46,6 +46,15 @@ audit-code
 
 from the target repository root.
 
+When developing inside the `auditor-lambda` repository itself, prefer:
+
+```bash
+node audit-code.mjs
+```
+
+That keeps the run pinned to the local wrapper and local `dist/` output instead
+of whichever global `audit-code` binary happens to be on `PATH`.
+
 Debug one-step mode:
 
 ```bash

package/skills/audit-code/audit-code.prompt.md

@@ -18,7 +18,7 @@ To move the state machine forward, execute the backend framework using your term
 audit-code
 ```
 
-_(If the wrapper is only available as a package dependency in the current repository, `npx audit-code` is equivalent. If developing locally against this repository, run `node audit-code.mjs`.)_
+_(If the wrapper is only available as a package dependency in the current repository, `npx audit-code` is equivalent. If you are developing inside the `auditor-lambda` repository itself, prefer `node audit-code.mjs` so the run uses the local wrapper and local `dist/` output instead of a potentially stale global install.)_
 
 ## Step 2: Handle Blockages (The "Thinking" Phase)