auditor-lambda 0.2.5 → 0.2.8

package/dist/reporting/workBlocks.js

@@ -12,98 +12,152 @@ function severityRank(severity) {
             return 1;
     }
 }
-export function buildWorkBlocks(findings) {
-    if (findings.length === 0)
+function buildFileUnitMap(unitManifest) {
+    const map = new Map();
+    for (const unit of unitManifest?.units ?? []) {
+        for (const path of unit.files) {
+            if (!map.has(path)) {
+                map.set(path, unit.unit_id);
+            }
+        }
+    }
+    return map;
+}
+function normalizeOwnedUnits(finding, fileUnitMap) {
+    const unitIds = new Set();
+    for (const file of finding.affected_files) {
+        const mapped = fileUnitMap.get(file.path);
+        unitIds.add(mapped ?? `file:${file.path}`);
+    }
+    return [...unitIds].sort();
+}
+function computeDependencies(params) {
+    const blockByFile = new Map();
+    for (const block of params.blocks) {
+        for (const path of block.owned_files) {
+            blockByFile.set(path, block.id);
+        }
+    }
+    const dependsOn = new Map();
+    for (const block of params.blocks) {
+        dependsOn.set(block.id, new Set());
+    }
+    const graphEdges = [
+        ...(params.graphBundle?.graphs.imports ?? []),
+        ...(params.graphBundle?.graphs.calls ?? []),
+    ];
+    for (const edge of graphEdges) {
+        const fromBlock = blockByFile.get(edge.from);
+        const toBlock = blockByFile.get(edge.to);
+        if (fromBlock && toBlock && fromBlock !== toBlock) {
+            dependsOn.get(fromBlock)?.add(toBlock);
+        }
+    }
+    for (const flow of params.criticalFlows?.flows ?? []) {
+        const flowBlocks = new Set();
+        for (const path of flow.paths) {
+            const blockId = blockByFile.get(path);
+            if (blockId) {
+                flowBlocks.add(blockId);
+            }
+        }
+        const ordered = [...flowBlocks].sort();
+        for (let i = 1; i < ordered.length; i++) {
+            dependsOn.get(ordered[i - 1])?.add(ordered[i]);
+        }
+    }
+    return params.blocks.map((block) => ({
+        ...block,
+        depends_on: [...(dependsOn.get(block.id) ?? [])].sort(),
+    }));
+}
+export function buildWorkBlocks(params) {
+    if (params.findings.length === 0) {
         return [];
+    }
+    const fileUnitMap = buildFileUnitMap(params.unitManifest);
     const parent = new Map();
+    const findingUnits = new Map();
     function find(id) {
         if (!parent.has(id))
             parent.set(id, id);
-        const p = parent.get(id);
-        if (p === id)
+        const current = parent.get(id);
+        if (current === id)
             return id;
-        const root = find(p);
+        const root = find(current);
         parent.set(id, root);
         return root;
     }
     function union(a, b) {
-        const ra = find(a);
-        const rb = find(b);
-        if (ra !== rb)
-            parent.set(ra, rb);
-    }
-    for (const finding of findings)
-        find(finding.id);
-    // Union findings that share affected files
-    const fileToIds = new Map();
-    for (const finding of findings) {
-        for (const af of finding.affected_files) {
-            const ids = fileToIds.get(af.path) ?? [];
-            ids.push(finding.id);
-            fileToIds.set(af.path, ids);
+        const rootA = find(a);
+        const rootB = find(b);
+        if (rootA !== rootB) {
+            parent.set(rootA, rootB);
         }
     }
-    for (const ids of fileToIds.values()) {
-        for (let i = 1; i < ids.length; i++) {
-            union(ids[0], ids[i]);
+    const unitToFindingIds = new Map();
+    for (const finding of params.findings) {
+        parent.set(finding.id, finding.id);
+        const ownedUnits = normalizeOwnedUnits(finding, fileUnitMap);
+        findingUnits.set(finding.id, ownedUnits);
+        for (const unitId of ownedUnits) {
+            const ids = unitToFindingIds.get(unitId) ?? [];
+            ids.push(finding.id);
+            unitToFindingIds.set(unitId, ids);
         }
     }
-    // Union findings explicitly linked via related_findings
-    const knownIds = new Set(findings.map((f) => f.id));
-    for (const finding of findings) {
-        for (const relId of finding.related_findings ?? []) {
-            if (knownIds.has(relId))
-                union(finding.id, relId);
+    for (const ids of unitToFindingIds.values()) {
+        for (let index = 1; index < ids.length; index++) {
+            union(ids[0], ids[index]);
         }
     }
-    // Collect connected components
-    const groups = new Map();
-    for (const finding of findings) {
+    const grouped = new Map();
+    for (const finding of params.findings) {
         const root = find(finding.id);
-        const group = groups.get(root) ?? [];
+        const group = grouped.get(root) ?? [];
         group.push(finding);
-        groups.set(root, group);
+        grouped.set(root, group);
     }
-    const blocks = [];
-    for (const group of groups.values()) {
-        // Within a block: severity desc, systemic first, then title
-        const sorted = [...group].sort((a, b) => {
-            const sevDelta = severityRank(b.severity) - severityRank(a.severity);
-            if (sevDelta !== 0)
-                return sevDelta;
-            const sysA = a.systemic ? 1 : 0;
-            const sysB = b.systemic ? 1 : 0;
-            if (sysA !== sysB)
-                return sysB - sysA;
-            return a.title.localeCompare(b.title);
+    const blocks = [...grouped.values()].map((group, index) => {
+        const orderedFindings = [...group].sort((a, b) => {
+            const severityDelta = severityRank(b.severity) - severityRank(a.severity);
+            if (severityDelta !== 0)
+                return severityDelta;
+            return a.id.localeCompare(b.id);
         });
-        const affectedFiles = [
-            ...new Set(sorted.flatMap((f) => f.affected_files.map((af) => af.path))),
+        const unitIds = [
+            ...new Set(group.flatMap((finding) => findingUnits.get(finding.id) ?? [])),
         ].sort();
-        const maxSeverity = sorted[0].severity;
-        const rationale = affectedFiles.length === 1
-            ? `${sorted.length} finding(s) affect the same file — fix together to avoid conflicts.`
-            : `${sorted.length} finding(s) share ${affectedFiles.length} file(s) or are linked via related_findings — fix as a unit so one change does not invalidate another.`;
-        blocks.push({
-            id: "",
-            finding_ids: sorted.map((f) => f.id),
-            affected_files: affectedFiles,
-            max_severity: maxSeverity,
-            rationale,
-        });
-    }
-    // Sort blocks: highest severity first, then largest group, then stable by first finding id
+        const ownedFiles = [
+            ...new Set(group.flatMap((finding) => finding.affected_files.map((file) => file.path))),
+        ].sort();
+        return {
+            id: `block-${index + 1}`,
+            finding_ids: orderedFindings.map((finding) => finding.id),
+            unit_ids: unitIds,
+            owned_files: ownedFiles,
+            max_severity: orderedFindings[0].severity,
+            rationale: unitIds.length === 1
+                ? "All findings map to the same owned unit and should be remediated together."
+                : "Findings share owned units transitively and should remain one non-overlapping remediation block.",
+            depends_on: [],
+        };
+    });
     blocks.sort((a, b) => {
-        const sevDelta = severityRank(b.max_severity) - severityRank(a.max_severity);
-        if (sevDelta !== 0)
-            return sevDelta;
-        const lenDelta = b.finding_ids.length - a.finding_ids.length;
-        if (lenDelta !== 0)
-            return lenDelta;
-        return (a.finding_ids[0] ?? "").localeCompare(b.finding_ids[0] ?? "");
+        const severityDelta = severityRank(b.max_severity) - severityRank(a.max_severity);
+        if (severityDelta !== 0)
+            return severityDelta;
+        const findingDelta = b.finding_ids.length - a.finding_ids.length;
+        if (findingDelta !== 0)
+            return findingDelta;
+        return a.id.localeCompare(b.id);
     });
-    for (let i = 0; i < blocks.length; i++) {
-        blocks[i].id = `block-${i + 1}`;
+    for (let index = 0; index < blocks.length; index++) {
+        blocks[index].id = `block-${index + 1}`;
     }
-    return blocks;
+    return computeDependencies({
+        blocks,
+        graphBundle: params.graphBundle,
+        criticalFlows: params.criticalFlows,
+    });
 }

package/dist/supervisor/sessionConfig.js

@@ -1,5 +1,6 @@
 import { readOptionalJsonFile } from "../io/json.js";
 import { validateSessionConfig } from "../validation/sessionConfig.js";
+import { writeJsonFile } from "../io/json.js";
 export function getSessionConfigPath(artifactsDir) {
     return `${artifactsDir}/session-config.json`;
 }
@@ -16,8 +17,9 @@ export async function loadSessionConfig(artifactsDir) {
     const configPath = getSessionConfigPath(artifactsDir);
     const rawConfig = await readOptionalJsonFile(configPath);
     if (rawConfig === undefined) {
-        process.stderr.write(`[session-config] no session-config.json found at ${configPath}; using empty defaults\n`);
-        return {};
+        const defaultConfig = { provider: "local-subprocess" };
+        await writeJsonFile(configPath, defaultConfig);
+        return defaultConfig;
     }
     const issues = validateSessionConfig(rawConfig);
     if (issues.length > 0) {

package/dist/types/flows.d.ts

@@ -4,8 +4,10 @@ export interface CriticalFlow {
     entrypoints: string[];
     paths: string[];
     concerns: string[];
+    confidence?: "high" | "low";
     notes?: string[];
 }
 export interface CriticalFlowManifest {
     flows: CriticalFlow[];
+    fallback_required?: boolean;
 }

package/dist/types/runtimeValidation.d.ts

@@ -5,6 +5,7 @@ export interface RuntimeValidationTask {
     target_paths: string[];
     reason: string;
     priority: "high" | "medium" | "low";
+    command?: string[];
     suggested_checks?: string[];
     source_artifacts?: string[];
 }
@@ -13,7 +14,7 @@ export interface RuntimeValidationTaskManifest {
 }
 export interface RuntimeValidationResult {
     task_id: string;
-    status: "pending" | "confirmed" | "not_confirmed" | "inconclusive";
+    status: "pending" | "confirmed" | "not_confirmed" | "inconclusive" | "not_required";
     summary: string;
     evidence?: string[];
     notes?: string[];

package/dist/types.d.ts

@@ -28,10 +28,9 @@ export interface AuditUnit {
 export interface UnitManifest {
     units: AuditUnit[];
 }
-export interface ReviewedLineRange {
+export interface FileCoverageRecord {
     path: string;
-    start: number;
-    end: number;
+    total_lines: number;
     pass_id: string;
     lens?: Lens;
     agent_role?: string;
@@ -47,6 +46,7 @@ export interface CoverageFileRecord {
 export interface CoverageMatrix {
     files: CoverageFileRecord[];
 }
+export type AuditTaskStatus = "pending" | "complete";
 export interface AuditTask {
     task_id: string;
     unit_id: string;
@@ -62,6 +62,9 @@ export interface AuditTask {
     rationale: string;
     priority?: "high" | "medium" | "low";
     tags?: string[];
+    status?: AuditTaskStatus;
+    completed_at?: string;
+    completion_reason?: string;
 }
 export interface Finding {
     id: string;
@@ -90,10 +93,9 @@ export interface AuditResult {
     pass_id: string;
     lens: Lens;
     agent_role?: string;
-    reviewed_ranges: Array<{
+    file_coverage: Array<{
         path: string;
-        start: number;
-        end: number;
+        total_lines: number;
     }>;
     findings: Finding[];
     notes?: string[];

package/dist/validation/auditResults.d.ts

@@ -1,4 +1,4 @@
-import type { AuditResult, AuditTask } from "../types.js";
+import type { AuditTask } from "../types.js";
 export type IssueSeverity = "error" | "warning";
 export interface AuditResultIssue {
     result_index: number;
@@ -7,5 +7,8 @@ export interface AuditResultIssue {
     field: string;
     message: string;
 }
-export declare function validateAuditResults(results: AuditResult[], tasks: AuditTask[]): AuditResultIssue[];
+export interface ValidateAuditResultOptions {
+    lineIndex?: Record<string, number>;
+}
+export declare function validateAuditResults(results: unknown, tasks: AuditTask[], options?: ValidateAuditResultOptions): AuditResultIssue[];
 export declare function formatAuditResultIssues(issues: AuditResultIssue[]): string;