auditor-lambda 0.2.3 → 0.2.4

package/dist/cli.js

@@ -9,7 +9,7 @@ import { buildUnitManifest } from "./orchestrator/unitBuilder.js";
 import { buildFlowCoverage } from "./orchestrator/flowCoverage.js";
 import { buildRuntimeValidationTasks, buildPlaceholderRuntimeValidationReport, } from "./orchestrator/runtimeValidation.js";
 import { initializeCoverageFromPlan } from "./orchestrator/planning.js";
-import { loadArtifactBundle, writeCoreArtifacts, } from "./io/artifacts.js";
+import { loadArtifactBundle, writeCoreArtifacts, cleanupIntermediateArtifacts, } from "./io/artifacts.js";
 import { readJsonFile, writeJsonFile } from "./io/json.js";
 import { validateArtifactBundle } from "./validation/artifacts.js";
 import { validateAuditResults, formatAuditResultIssues, } from "./validation/auditResults.js";
@@ -345,6 +345,9 @@ async function cmdAdvanceAudit(argv) {
         next_likely_step: result.next_likely_step,
         providerName,
     });
+    if (result.audit_state.status === "complete") {
+        await cleanupIntermediateArtifacts(artifactsDir);
+    }
 }
 async function cmdRunToCompletion(argv) {
     const root = getRootDir(argv);
@@ -495,6 +498,9 @@ async function cmdRunToCompletion(argv) {
                 next_likely_step: state.status === "complete" ? null : decision.selected_obligation,
                 providerName: provider.name,
             });
+            if (state.status === "complete") {
+                await cleanupIntermediateArtifacts(artifactsDir);
+            }
             return;
         }
         if (preferredExecutor === "agent" && parallelWorkers > 1) {

package/dist/extractors/pathPatterns.js

@@ -4,14 +4,8 @@
  * already-lower-cased form of the path.
  */
 export function isNodeModulesOrGit(normalized) {
-    return (normalized === "node_modules" ||
-        normalized.startsWith("node_modules/") ||
-        normalized.includes("/node_modules/") ||
-        normalized.endsWith("/node_modules") ||
-        normalized === ".git" ||
-        normalized.startsWith(".git/") ||
-        normalized.includes("/.git/") ||
-        normalized.endsWith("/.git"));
+    const segments = normalized.split(/[/\\]/);
+    return segments.includes("node_modules") || segments.includes(".git");
 }
 export function isBuildOutput(normalized) {
     return normalized.startsWith("dist/") || normalized.startsWith("build/");

package/dist/io/artifacts.d.ts

@@ -58,3 +58,4 @@ export declare const ARTIFACT_FILE_TO_BUNDLE_KEY: {
 export declare function getArtifactValue(bundle: ArtifactBundle, artifactName: string): unknown;
 export declare function loadArtifactBundle(root: string): Promise<ArtifactBundle>;
 export declare function writeCoreArtifacts(root: string, bundle: ArtifactBundle): Promise<void>;
+export declare function cleanupIntermediateArtifacts(root: string): Promise<string[]>;

package/dist/io/artifacts.js

@@ -1,3 +1,5 @@
+import { unlink } from "node:fs/promises";
+import { join } from "node:path";
 import { writeJsonFile, readOptionalJsonFile, readOptionalNdjsonFile, writeNdjsonFile, } from "./json.js";
 export const ARTIFACT_FILE_TO_BUNDLE_KEY = {
     "repo_manifest.json": "repo_manifest",
@@ -100,3 +102,38 @@ export async function writeCoreArtifacts(root, bundle) {
     if (bundle.artifact_metadata)
         await writeJsonFile(`${root}/artifact_metadata.json`, bundle.artifact_metadata);
 }
+// Intermediate files deleted after synthesis completes. The final outputs
+// (synthesis_report.json, merged_findings.json, root_cause_clusters.json,
+// audit_state.json) are retained.
+const INTERMEDIATE_ARTIFACTS = [
+    "repo_manifest.json",
+    "file_disposition.json",
+    "auto_fixes_applied.json",
+    "unit_manifest.json",
+    "graph_bundle.json",
+    "surface_manifest.json",
+    "critical_flows.json",
+    "flow_coverage.json",
+    "risk_register.json",
+    "coverage_matrix.json",
+    "runtime_validation_tasks.json",
+    "runtime_validation_report.json",
+    "external_analyzer_results.json",
+    "audit_results.jsonl",
+    "audit_tasks.json",
+    "requeue_tasks.json",
+    "artifact_metadata.json",
+];
+export async function cleanupIntermediateArtifacts(root) {
+    const deleted = [];
+    for (const name of INTERMEDIATE_ARTIFACTS) {
+        try {
+            await unlink(join(root, name));
+            deleted.push(name);
+        }
+        catch {
+            // file absent — nothing to delete
+        }
+    }
+    return deleted;
+}

package/dist/orchestrator/nextStep.js

@@ -22,6 +22,16 @@ function findObligation(obligations) {
     return undefined;
 }
 export function decideNextStep(bundle) {
+    // After intermediate artifacts are cleaned up, trust the persisted complete
+    // state so re-runs don't attempt to rebuild from an empty bundle.
+    if (bundle.audit_state?.status === "complete") {
+        return {
+            state: bundle.audit_state,
+            selected_obligation: null,
+            selected_executor: null,
+            reason: "All known obligations are currently satisfied.",
+        };
+    }
     const state = deriveAuditState(bundle);
     const next = findObligation(state.obligations);
     if (!next) {

package/dist/reporting/synthesis.d.ts

@@ -3,10 +3,12 @@ import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
 import { mergeFindings } from "./mergeFindings.js";
 import { buildRootCauseClusters } from "./rootCause.js";
+import { buildWorkBlocks } from "./workBlocks.js";
 export interface SynthesisReport {
     summary: {
         finding_count: number;
         cluster_count: number;
+        work_block_count: number;
         runtime_validation_status_breakdown: Record<string, number>;
         notes: string[];
         severity_breakdown: Record<string, number>;
@@ -17,5 +19,6 @@ export interface SynthesisReport {
     };
     merged_findings: ReturnType<typeof mergeFindings>;
     root_cause_clusters: ReturnType<typeof buildRootCauseClusters>;
+    work_blocks: ReturnType<typeof buildWorkBlocks>;
 }
 export declare function buildSynthesisReport(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): SynthesisReport;

package/dist/reporting/synthesis.js

@@ -1,5 +1,6 @@
 import { mergeFindings } from "./mergeFindings.js";
 import { buildRootCauseClusters } from "./rootCause.js";
+import { buildWorkBlocks } from "./workBlocks.js";
 function statusBreakdown(report) {
     const breakdown = {};
     for (const result of report?.results ?? []) {
@@ -43,6 +44,7 @@ function externalSummary(results) {
 export function buildSynthesisReport(results, runtimeReport, externalAnalyzerResults) {
     const merged_findings = mergeFindings(results, runtimeReport, externalAnalyzerResults);
     const root_cause_clusters = buildRootCauseClusters(merged_findings, runtimeReport, externalAnalyzerResults);
+    const work_blocks = buildWorkBlocks(merged_findings);
     const runtimeBreakdown = statusBreakdown(runtimeReport);
     const sevBreakdown = severityBreakdown(merged_findings);
     const extSummary = externalSummary(externalAnalyzerResults);
@@ -50,6 +52,7 @@ export function buildSynthesisReport(results, runtimeReport, externalAnalyzerRes
         summary: {
             finding_count: merged_findings.length,
             cluster_count: root_cause_clusters.length,
+            work_block_count: work_blocks.length,
             runtime_validation_status_breakdown: runtimeBreakdown,
             severity_breakdown: sevBreakdown,
             external_analyzer_summary: extSummary,
@@ -69,5 +72,6 @@ export function buildSynthesisReport(results, runtimeReport, externalAnalyzerRes
         },
         merged_findings,
         root_cause_clusters,
+        work_blocks,
     };
 }

package/dist/reporting/workBlocks.d.ts

@@ -0,0 +1,9 @@
+import type { Finding } from "../types.js";
+export interface WorkBlock {
+    id: string;
+    finding_ids: string[];
+    affected_files: string[];
+    max_severity: Finding["severity"];
+    rationale: string;
+}
+export declare function buildWorkBlocks(findings: Finding[]): WorkBlock[];

package/dist/reporting/workBlocks.js

@@ -0,0 +1,109 @@
+function severityRank(severity) {
+    switch (severity) {
+        case "critical":
+            return 5;
+        case "high":
+            return 4;
+        case "medium":
+            return 3;
+        case "low":
+            return 2;
+        case "info":
+            return 1;
+    }
+}
+export function buildWorkBlocks(findings) {
+    if (findings.length === 0)
+        return [];
+    const parent = new Map();
+    function find(id) {
+        if (!parent.has(id))
+            parent.set(id, id);
+        const p = parent.get(id);
+        if (p === id)
+            return id;
+        const root = find(p);
+        parent.set(id, root);
+        return root;
+    }
+    function union(a, b) {
+        const ra = find(a);
+        const rb = find(b);
+        if (ra !== rb)
+            parent.set(ra, rb);
+    }
+    for (const finding of findings)
+        find(finding.id);
+    // Union findings that share affected files
+    const fileToIds = new Map();
+    for (const finding of findings) {
+        for (const af of finding.affected_files) {
+            const ids = fileToIds.get(af.path) ?? [];
+            ids.push(finding.id);
+            fileToIds.set(af.path, ids);
+        }
+    }
+    for (const ids of fileToIds.values()) {
+        for (let i = 1; i < ids.length; i++) {
+            union(ids[0], ids[i]);
+        }
+    }
+    // Union findings explicitly linked via related_findings
+    const knownIds = new Set(findings.map((f) => f.id));
+    for (const finding of findings) {
+        for (const relId of finding.related_findings ?? []) {
+            if (knownIds.has(relId))
+                union(finding.id, relId);
+        }
+    }
+    // Collect connected components
+    const groups = new Map();
+    for (const finding of findings) {
+        const root = find(finding.id);
+        const group = groups.get(root) ?? [];
+        group.push(finding);
+        groups.set(root, group);
+    }
+    const blocks = [];
+    for (const group of groups.values()) {
+        // Within a block: severity desc, systemic first, then title
+        const sorted = [...group].sort((a, b) => {
+            const sevDelta = severityRank(b.severity) - severityRank(a.severity);
+            if (sevDelta !== 0)
+                return sevDelta;
+            const sysA = a.systemic ? 1 : 0;
+            const sysB = b.systemic ? 1 : 0;
+            if (sysA !== sysB)
+                return sysB - sysA;
+            return a.title.localeCompare(b.title);
+        });
+        const affectedFiles = [
+            ...new Set(sorted.flatMap((f) => f.affected_files.map((af) => af.path))),
+        ].sort();
+        const maxSeverity = sorted[0].severity;
+        const rationale = affectedFiles.length === 1
+            ? `${sorted.length} finding(s) affect the same file — fix together to avoid conflicts.`
+            : `${sorted.length} finding(s) share ${affectedFiles.length} file(s) or are linked via related_findings — fix as a unit so one change does not invalidate another.`;
+        blocks.push({
+            id: "",
+            finding_ids: sorted.map((f) => f.id),
+            affected_files: affectedFiles,
+            max_severity: maxSeverity,
+            rationale,
+        });
+    }
+    // Sort blocks: highest severity first, then largest group, then stable by first finding id
+    blocks.sort((a, b) => {
+        const sevDelta = severityRank(b.max_severity) - severityRank(a.max_severity);
+        if (sevDelta !== 0)
+            return sevDelta;
+        const lenDelta = b.finding_ids.length - a.finding_ids.length;
+        if (lenDelta !== 0)
+            return lenDelta;
+        return (a.finding_ids[0] ?? "").localeCompare(b.finding_ids[0] ?? "");
+    });
+    for (let i = 0; i < blocks.length; i++) {
+        blocks[i].id = `block-${i + 1}`;
+    }
+    return blocks;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",