auditor-lambda 0.2.6 → 0.2.8

package/dist/orchestrator/executors.js

@@ -20,14 +20,19 @@ export const EXECUTOR_REGISTRY = [
         description: "Ingest available audit result artifacts and refresh dependent coverage artifacts.",
     },
     {
-        id: "runtime_validation_update_executor",
+        id: "runtime_validation_executor",
         obligation_ids: ["runtime_validation_current"],
         description: "Merge runtime validation evidence updates when provided.",
     },
+    {
+        id: "runtime_validation_update_executor",
+        obligation_ids: [],
+        description: "Merge imported runtime validation evidence updates.",
+    },
     {
         id: "synthesis_executor",
         obligation_ids: ["synthesis_current"],
-        description: "Refresh merged findings, clusters, and synthesis outputs.",
+        description: "Render the final deterministic Markdown audit report.",
     },
     {
         id: "external_analyzer_import_executor",

package/dist/orchestrator/flowRequeue.js

@@ -57,7 +57,7 @@ export function buildFlowRequeueTasks(criticalFlows, flowCoverage, coverageMatri
                     pass_id: `flow-requeue:${lensName}`,
                     lens: lensName,
                     file_paths: [path],
-                    rationale: `Requeue ${path} because critical flow ${flow.id} is still missing the ${lensName} lens.${hasExternalSignal ? " External analyzer signals make this follow-up higher priority." : ""}`,
+                    rationale: `Mandatory audit coverage is still missing for critical flow ${flow.id} at ${path} under the ${lensName} lens.`,
                     priority: taskPriority(hasExternalSignal, lensName),
                     tags: hasExternalSignal
                         ? ["critical_flow_followup", "external_analyzer_signal"]

package/dist/orchestrator/internalExecutors.d.ts

@@ -9,8 +9,9 @@ export interface ExecutorRunResult {
 }
 export declare function runIntakeExecutor(bundle: ArtifactBundle, root: string): Promise<ExecutorRunResult>;
 export declare function runStructureExecutor(bundle: ArtifactBundle): ExecutorRunResult;
-export declare function runPlanningExecutor(bundle: ArtifactBundle, lineIndex?: Record<string, number>): ExecutorRunResult;
+export declare function runPlanningExecutor(bundle: ArtifactBundle, root: string, lineIndex?: Record<string, number>): Promise<ExecutorRunResult>;
 export declare function runResultIngestionExecutor(bundle: ArtifactBundle, results: AuditResult[]): ExecutorRunResult;
+export declare function runRuntimeValidationExecutor(bundle: ArtifactBundle, root: string): Promise<ExecutorRunResult>;
 export declare function runRuntimeValidationUpdateExecutor(bundle: ArtifactBundle, updates: RuntimeValidationReport): ExecutorRunResult;
 export declare function runSynthesisExecutor(bundle: ArtifactBundle, results?: AuditResult[]): ExecutorRunResult;
 export declare function runExternalAnalyzerImportExecutor(bundle: ArtifactBundle, externalResults: ExternalAnalyzerResults): ExecutorRunResult;

package/dist/orchestrator/internalExecutors.js

@@ -1,3 +1,4 @@
+import { spawn } from "node:child_process";
 import { buildFileDisposition } from "../extractors/disposition.js";
 import { buildGraphBundle } from "../extractors/graph.js";
 import { buildCriticalFlowManifest } from "../extractors/flows.js";
@@ -7,26 +8,48 @@ import { initializeCoverageFromPlan } from "./planning.js";
 import { buildFlowCoverage } from "./flowCoverage.js";
 import { buildFlowAwareTaskAugmentations } from "./flowPlanning.js";
 import { buildRequeuePayload } from "./requeueCommand.js";
-import { buildRuntimeValidationTasks, buildPlaceholderRuntimeValidationReport, mergeRuntimeValidationReport, } from "./runtimeValidation.js";
-import { buildSynthesisReport } from "../reporting/synthesis.js";
+import { buildRuntimeValidationTasks, discoverRuntimeValidationCommand, mergeRuntimeValidationReport, } from "./runtimeValidation.js";
+import { buildAuditReportModel, renderAuditReportMarkdown, } from "../reporting/synthesis.js";
 import { buildChunkedAuditTasks, buildExternalSignalTasks, } from "./taskBuilder.js";
 import { buildUnitManifest } from "./unitBuilder.js";
 import { buildRepoManifestFromFs } from "../extractors/fsIntake.js";
 import { loadIgnoreFile } from "../extractors/ignore.js";
 import { ingestAuditResults, updateAuditTaskStatuses, } from "./resultIngestion.js";
 import { updateRuntimeValidationReport } from "./runtimeValidationUpdate.js";
-import { autoCompleteTrivialCoverage } from "./trivialAudit.js";
-function buildSynthesisArtifacts(synthesisReport) {
-    return {
-        synthesis_report: synthesisReport,
-        merged_findings: { findings: synthesisReport.merged_findings },
-        root_cause_clusters: { clusters: synthesisReport.root_cause_clusters },
-    };
-}
-function preserveOrPlaceholder(tasks, existing) {
-    return existing
-        ? mergeRuntimeValidationReport(tasks, existing)
-        : buildPlaceholderRuntimeValidationReport(tasks);
+async function runCommand(command, cwd) {
+    return await new Promise((resolve) => {
+        const child = spawn(command[0], command.slice(1), {
+            cwd,
+            env: process.env,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.on("data", (chunk) => {
+            stdout += String(chunk);
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += String(chunk);
+        });
+        child.on("error", (error) => {
+            resolve({
+                status: "inconclusive",
+                summary: `Failed to execute ${command.join(" ")}: ${error.message}`,
+                evidence: [],
+            });
+        });
+        child.on("exit", (code) => {
+            const output = `${stdout}\n${stderr}`.trim();
+            const evidence = output.length > 0 ? output.split(/\r?\n/).slice(-10) : [];
+            resolve({
+                status: code === 0 ? "confirmed" : "not_confirmed",
+                summary: code === 0
+                    ? `Deterministic runtime command succeeded: ${command.join(" ")}`
+                    : `Deterministic runtime command failed with exit code ${code}: ${command.join(" ")}`,
+                evidence,
+            });
+        });
+    });
 }
 export async function runIntakeExecutor(bundle, root) {
     const ignore = await loadIgnoreFile(root);
@@ -54,8 +77,8 @@ export function runStructureExecutor(bundle) {
     const disposition = bundle.file_disposition ?? buildFileDisposition(bundle.repo_manifest);
     const unitManifest = buildUnitManifest(bundle.repo_manifest, disposition);
     const surfaceManifest = buildSurfaceManifest(bundle.repo_manifest, disposition);
-    const criticalFlows = buildCriticalFlowManifest(bundle.repo_manifest, surfaceManifest, disposition);
     const graphBundle = buildGraphBundle(bundle.repo_manifest, disposition);
+    const criticalFlows = buildCriticalFlowManifest(bundle.repo_manifest, surfaceManifest, disposition);
     const riskRegister = buildRiskRegister(unitManifest, criticalFlows, externalAnalyzerResults);
     return {
         updated: {
@@ -75,10 +98,13 @@ export function runStructureExecutor(bundle) {
             "critical_flows.json",
             "risk_register.json",
         ],
-        progress_summary: `Built structure artifacts for ${unitManifest.units.length} units and ${criticalFlows.flows.length} critical flows.`,
+        progress_summary: `Built structure artifacts for ${unitManifest.units.length} units and ${criticalFlows.flows.length} critical flows.` +
+            (criticalFlows.fallback_required
+                ? " Deterministic flow inference did not fully meet the confidence bar."
+                : ""),
     };
 }
-export function runPlanningExecutor(bundle, lineIndex = {}) {
+export async function runPlanningExecutor(bundle, root, lineIndex = {}) {
     if (!bundle.repo_manifest) {
         throw new Error("Cannot run planning executor without repo_manifest");
     }
@@ -91,10 +117,17 @@ export function runPlanningExecutor(bundle, lineIndex = {}) {
     }
     const externalAnalyzerResults = bundle.external_analyzer_results;
     const coverage = initializeCoverageFromPlan(bundle.repo_manifest, bundle.unit_manifest, bundle.file_disposition, externalAnalyzerResults);
-    const autoSkippedTrivialFiles = autoCompleteTrivialCoverage(coverage, lineIndex, externalAnalyzerResults);
     const flowCoverage = buildFlowCoverage(bundle.critical_flows, coverage);
-    const runtimeValidationTasks = buildRuntimeValidationTasks(bundle.unit_manifest, bundle.critical_flows, flowCoverage);
-    const runtimeValidationReport = preserveOrPlaceholder(runtimeValidationTasks, bundle.runtime_validation_report);
+    const runtimeCommand = await discoverRuntimeValidationCommand(root);
+    const runtimeValidationTasks = buildRuntimeValidationTasks({
+        unitManifest: bundle.unit_manifest,
+        criticalFlows: bundle.critical_flows,
+        flowCoverage,
+        command: runtimeCommand,
+    });
+    const runtimeValidationReport = runtimeValidationTasks.tasks.length > 0
+        ? mergeRuntimeValidationReport(runtimeValidationTasks, bundle.runtime_validation_report)
+        : undefined;
     const baseTasks = buildChunkedAuditTasks(bundle.unit_manifest, lineIndex, {
         external_analyzer_results: externalAnalyzerResults,
     });
@@ -114,22 +147,20 @@ export function runPlanningExecutor(bundle, lineIndex = {}) {
             runtime_validation_report: runtimeValidationReport,
             audit_tasks: auditTasks,
             requeue_tasks: requeuePayload.tasks,
+            audit_report: undefined,
         },
         artifacts_written: [
             "coverage_matrix.json",
             "flow_coverage.json",
             "runtime_validation_tasks.json",
-            "runtime_validation_report.json",
+            ...(runtimeValidationReport ? ["runtime_validation_report.json"] : []),
             "audit_tasks.json",
             "requeue_tasks.json",
         ],
         progress_summary: `Built planning artifacts; generated ${auditTasks.length} tasks and ${requeuePayload.task_count} requeue tasks.` +
-            (autoSkippedTrivialFiles.length > 0
-                ? ` Auto-completed ${autoSkippedTrivialFiles.length} trivial file${autoSkippedTrivialFiles.length === 1 ? "" : "s"} without dispatch.`
-                : "") +
-            (externalAnalyzerResults?.results.length
-                ? ` External analyzer signals influenced lenses and produced ${analyzerTasks.length} dedicated follow-up task(s).`
-                : ""),
+            (runtimeCommand
+                ? ` Runtime validation will use: ${runtimeCommand.join(" ")}.`
+                : " No deterministic runtime validation command was discovered."),
     };
 }
 export function runResultIngestionExecutor(bundle, results) {
@@ -140,84 +171,109 @@ export function runResultIngestionExecutor(bundle, results) {
     const flowCoverage = bundle.critical_flows
         ? buildFlowCoverage(bundle.critical_flows, updatedCoverageMatrix)
         : bundle.flow_coverage;
-    const runtimeValidationTasks = bundle.unit_manifest
-        ? buildRuntimeValidationTasks(bundle.unit_manifest, bundle.critical_flows, flowCoverage)
-        : bundle.runtime_validation_tasks;
-    const runtimeValidationReport = runtimeValidationTasks
-        ? preserveOrPlaceholder(runtimeValidationTasks, bundle.runtime_validation_report)
-        : bundle.runtime_validation_report;
     const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, bundle.critical_flows, flowCoverage, bundle.external_analyzer_results);
     const mergedResults = [...(bundle.audit_results ?? []), ...results];
     const updatedAuditTasks = updateAuditTaskStatuses(bundle.audit_tasks, mergedResults);
-    const synthesisReport = buildSynthesisReport(mergedResults, runtimeValidationReport, bundle.external_analyzer_results);
-    const synthesisArtifacts = buildSynthesisArtifacts(synthesisReport);
     return {
         updated: {
             ...bundle,
             coverage_matrix: updatedCoverageMatrix,
             flow_coverage: flowCoverage,
-            runtime_validation_tasks: runtimeValidationTasks,
-            runtime_validation_report: runtimeValidationReport,
             audit_results: mergedResults,
             audit_tasks: updatedAuditTasks,
             requeue_tasks: requeuePayload.tasks,
-            ...synthesisArtifacts,
+            audit_report: undefined,
         },
         artifacts_written: [
             "coverage_matrix.json",
             "flow_coverage.json",
-            "runtime_validation_tasks.json",
-            "runtime_validation_report.json",
             "audit_results.jsonl",
             "audit_tasks.json",
             "requeue_tasks.json",
-            "merged_findings.json",
-            "root_cause_clusters.json",
-            "synthesis_report.json",
         ],
         progress_summary: `Ingested ${results.length} audit result entries and refreshed dependent artifacts.`,
     };
 }
+export async function runRuntimeValidationExecutor(bundle, root) {
+    if (!bundle.runtime_validation_tasks) {
+        throw new Error("Cannot execute runtime validation without runtime_validation_tasks");
+    }
+    const existing = bundle.runtime_validation_report ?? { results: [] };
+    const byTaskId = new Map(existing.results.map((result) => [result.task_id, result]));
+    const byCommand = new Map();
+    for (const task of bundle.runtime_validation_tasks.tasks) {
+        const prior = byTaskId.get(task.id);
+        if (prior &&
+            ["confirmed", "not_confirmed", "inconclusive", "not_required"].includes(prior.status)) {
+            continue;
+        }
+        if (!task.command || task.command.length === 0) {
+            byTaskId.set(task.id, {
+                task_id: task.id,
+                status: "not_required",
+                summary: `No deterministic runtime command was available for ${task.id}.`,
+                evidence: [],
+                notes: ["Runtime validation was not planned for this task."],
+            });
+            continue;
+        }
+        const signature = task.command.join("\0");
+        const outcome = byCommand.get(signature) ?? (await runCommand(task.command, root));
+        byCommand.set(signature, outcome);
+        byTaskId.set(task.id, {
+            task_id: task.id,
+            status: outcome.status,
+            summary: outcome.summary,
+            evidence: outcome.evidence,
+            notes: [`Target paths: ${task.target_paths.join(", ")}`],
+        });
+    }
+    return {
+        updated: {
+            ...bundle,
+            runtime_validation_report: {
+                results: [...byTaskId.values()].sort((a, b) => a.task_id.localeCompare(b.task_id)),
+            },
+            audit_report: undefined,
+        },
+        artifacts_written: ["runtime_validation_report.json"],
+        progress_summary: `Executed deterministic runtime validation for ${bundle.runtime_validation_tasks.tasks.length} task(s).`,
+    };
+}
 export function runRuntimeValidationUpdateExecutor(bundle, updates) {
     if (!bundle.runtime_validation_tasks) {
         throw new Error("Cannot update runtime validation without runtime_validation_tasks");
     }
-    const existingReport = bundle.runtime_validation_report ??
-        buildPlaceholderRuntimeValidationReport(bundle.runtime_validation_tasks);
+    const existingReport = bundle.runtime_validation_report ?? { results: [] };
     const mergedReport = updateRuntimeValidationReport(bundle.runtime_validation_tasks, existingReport, updates);
-    const synthesisReport = buildSynthesisReport(bundle.audit_results ?? [], mergedReport, bundle.external_analyzer_results);
-    const synthesisArtifacts = buildSynthesisArtifacts(synthesisReport);
     return {
         updated: {
             ...bundle,
             runtime_validation_report: mergedReport,
-            ...synthesisArtifacts,
+            audit_report: undefined,
         },
-        artifacts_written: [
-            "runtime_validation_report.json",
-            "merged_findings.json",
-            "root_cause_clusters.json",
-            "synthesis_report.json",
-        ],
+        artifacts_written: ["runtime_validation_report.json"],
         progress_summary: `Merged ${updates.results.length} runtime validation updates.`,
     };
 }
 export function runSynthesisExecutor(bundle, results) {
     const finalResults = results ?? bundle.audit_results ?? [];
-    const synthesisReport = buildSynthesisReport(finalResults, bundle.runtime_validation_report, bundle.external_analyzer_results);
-    const synthesisArtifacts = buildSynthesisArtifacts(synthesisReport);
+    const model = buildAuditReportModel({
+        results: finalResults,
+        unitManifest: bundle.unit_manifest,
+        graphBundle: bundle.graph_bundle,
+        criticalFlows: bundle.critical_flows,
+        coverageMatrix: bundle.coverage_matrix,
+        runtimeValidationReport: bundle.runtime_validation_report,
+    });
     return {
         updated: {
             ...bundle,
             audit_results: finalResults,
-            ...synthesisArtifacts,
+            audit_report: renderAuditReportMarkdown(model),
         },
-        artifacts_written: [
-            "merged_findings.json",
-            "root_cause_clusters.json",
-            "synthesis_report.json",
-        ],
-        progress_summary: `Refreshed synthesis for ${finalResults.length} audit result entries.`,
+        artifacts_written: ["audit-report.md"],
+        progress_summary: `Rendered deterministic audit report for ${finalResults.length} audit result entries.`,
     };
 }
 export function runExternalAnalyzerImportExecutor(bundle, externalResults) {
@@ -226,6 +282,7 @@ export function runExternalAnalyzerImportExecutor(bundle, externalResults) {
         updated: {
             ...bundle,
             external_analyzer_results: externalResults,
+            audit_report: undefined,
         },
         artifacts_written: ["external_analyzer_results.json"],
         progress_summary: summary,

package/dist/orchestrator/requeue.js

@@ -1,6 +1,11 @@
 import { buildRequeueTargets } from "../coverage.js";
-function taskPriority(hasExternalSignal) {
-    return hasExternalSignal ? "high" : "medium";
+function taskPriority(hasExternalSignal, lens) {
+    if (hasExternalSignal)
+        return "high";
+    if (lens === "security" || lens === "data_integrity" || lens === "reliability") {
+        return "medium";
+    }
+    return "low";
 }
 export function buildRequeueTasks(matrix, externalAnalyzerResults) {
     const targets = buildRequeueTargets(matrix);
@@ -15,8 +20,8 @@ export function buildRequeueTasks(matrix, externalAnalyzerResults) {
                 pass_id: `requeue:${lens}`,
                 lens,
                 file_paths: [target.path],
-                rationale: `Requeue ${target.path} because the ${lens} lens is still missing.${hasExternalSignal ? " External analyzer signals make this follow-up higher priority." : ""}`,
-                priority: taskPriority(hasExternalSignal),
+                rationale: `Mandatory audit coverage is still missing for ${target.path} under the ${lens} lens.`,
+                priority: taskPriority(hasExternalSignal, lens),
                 tags: hasExternalSignal ? ["external_analyzer_signal"] : [],
                 status: "pending",
             });

package/dist/orchestrator/resultIngestion.js

@@ -1,15 +1,14 @@
-import { applyReviewedRanges } from "../coverage.js";
+import { applyFileCoverage } from "../coverage.js";
 export function ingestAuditResults(coverageMatrix, results) {
     const matrix = JSON.parse(JSON.stringify(coverageMatrix));
-    const reviewedRanges = results.flatMap((result) => result.reviewed_ranges.map((range) => ({
-        path: range.path,
-        start: range.start,
-        end: range.end,
+    const fileCoverage = results.flatMap((result) => result.file_coverage.map((coverage) => ({
+        path: coverage.path,
+        total_lines: coverage.total_lines,
         pass_id: result.pass_id,
         lens: result.lens,
         agent_role: result.agent_role,
     })));
-    applyReviewedRanges(matrix, reviewedRanges);
+    applyFileCoverage(matrix, fileCoverage);
     return matrix;
 }
 export function updateAuditTaskStatuses(tasks, results) {

package/dist/orchestrator/runtimeValidation.d.ts

@@ -2,6 +2,11 @@ import type { UnitManifest } from "../types.js";
 import type { FlowCoverageManifest } from "../types/flowCoverage.js";
 import type { CriticalFlowManifest } from "../types/flows.js";
 import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
-export declare function buildRuntimeValidationTasks(unitManifest: UnitManifest, criticalFlows?: CriticalFlowManifest, flowCoverage?: FlowCoverageManifest): RuntimeValidationTaskManifest;
-export declare function buildPlaceholderRuntimeValidationReport(tasks: RuntimeValidationTaskManifest): RuntimeValidationReport;
+export declare function discoverRuntimeValidationCommand(root: string): Promise<string[] | undefined>;
+export declare function buildRuntimeValidationTasks(params: {
+    unitManifest: UnitManifest;
+    criticalFlows?: CriticalFlowManifest;
+    flowCoverage?: FlowCoverageManifest;
+    command?: string[];
+}): RuntimeValidationTaskManifest;
 export declare function mergeRuntimeValidationReport(tasks: RuntimeValidationTaskManifest, existing?: RuntimeValidationReport): RuntimeValidationReport;

package/dist/orchestrator/runtimeValidation.js

@@ -1,23 +1,59 @@
+import { access, readFile } from "node:fs/promises";
 function checksForFlow(requiredLenses) {
     const checks = [];
     if (requiredLenses.includes("security")) {
         checks.push("Exercise malformed or unauthorized inputs against the flow.");
     }
     if (requiredLenses.includes("reliability")) {
-        checks.push("Exercise retries, repeated submissions, or partial failure behavior.");
+        checks.push("Exercise retries or repeated submissions.");
     }
     if (requiredLenses.includes("correctness")) {
-        checks.push("Exercise representative success and edge-case paths end to end.");
+        checks.push("Exercise representative success and edge-case behavior.");
     }
     if (requiredLenses.includes("data_integrity")) {
-        checks.push("Verify state transitions and persistence invariants after execution.");
+        checks.push("Verify state transitions and persistence invariants.");
     }
     return checks;
 }
-export function buildRuntimeValidationTasks(unitManifest, criticalFlows, flowCoverage) {
+async function exists(path) {
+    try {
+        await access(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function discoverRuntimeValidationCommand(root) {
+    const packageJsonPath = `${root}/package.json`;
+    if (await exists(packageJsonPath)) {
+        try {
+            const packageJson = JSON.parse(await readFile(packageJsonPath, "utf8"));
+            const testScript = packageJson.scripts?.test?.trim();
+            if (testScript &&
+                !/no test specified/i.test(testScript)) {
+                return ["npm", "test"];
+            }
+        }
+        catch {
+            // ignore unreadable package.json for runtime discovery
+        }
+    }
+    if (await exists(`${root}/go.mod`)) {
+        return ["go", "test", "./..."];
+    }
+    if (await exists(`${root}/pyproject.toml`) || await exists(`${root}/pytest.ini`)) {
+        return ["python", "-m", "pytest"];
+    }
+    return undefined;
+}
+export function buildRuntimeValidationTasks(params) {
+    if (!params.command) {
+        return { tasks: [] };
+    }
     const tasks = [];
     const seen = new Set();
-    const highRiskUnits = unitManifest.units.filter((unit) => (unit.risk_score ?? 0) >= 5 ||
+    const highRiskUnits = params.unitManifest.units.filter((unit) => (unit.risk_score ?? 0) >= 5 ||
         unit.required_lenses.includes("security") ||
         unit.required_lenses.includes("data_integrity"));
     for (const unit of highRiskUnits) {
@@ -31,16 +67,17 @@ export function buildRuntimeValidationTasks(unitManifest, criticalFlows, flowCov
             target_paths: unit.files,
             reason: `Unit ${unit.unit_id} is high risk or touches sensitive concerns.`,
             priority: (unit.risk_score ?? 0) >= 7 ? "high" : "medium",
+            command: params.command,
             suggested_checks: [
-                "Run representative happy-path execution.",
-                "Run malformed-input or failure-path execution where feasible.",
+                "Run the deterministic runtime command for the repository.",
+                "Confirm the affected unit does not regress under the command output.",
             ],
             source_artifacts: ["unit_manifest.json", "risk_register.json"],
         });
     }
-    if (criticalFlows && flowCoverage) {
-        const flowMap = new Map(criticalFlows.flows.map((flow) => [flow.id, flow]));
-        for (const record of flowCoverage.flows) {
+    if (params.criticalFlows && params.flowCoverage) {
+        const flowMap = new Map(params.criticalFlows.flows.map((flow) => [flow.id, flow]));
+        for (const record of params.flowCoverage.flows) {
             if (record.status === "complete") {
                 continue;
             }
@@ -56,53 +93,28 @@ export function buildRuntimeValidationTasks(unitManifest, criticalFlows, flowCov
                 id,
                 kind: "critical-flow-check",
                 target_paths: flow.paths,
-                reason: `Critical flow ${record.flow_id} is still ${record.status} and should receive runtime validation.`,
+                reason: `Critical flow ${record.flow_id} is still ${record.status} and needs deterministic runtime validation.`,
                 priority: record.status === "pending" ? "high" : "medium",
+                command: params.command,
                 suggested_checks: checksForFlow(record.required_lenses),
                 source_artifacts: ["critical_flows.json", "flow_coverage.json"],
             });
         }
     }
-    const RUNTIME_TASK_CAP = 100;
-    if (tasks.length > RUNTIME_TASK_CAP) {
-        process.stderr.write(`[runtime-validation] generated ${tasks.length} tasks which exceeds the cap of ${RUNTIME_TASK_CAP}; truncating to avoid runaway expansion\n`);
-        tasks.splice(RUNTIME_TASK_CAP);
-    }
     return { tasks };
 }
-export function buildPlaceholderRuntimeValidationReport(tasks) {
-    return {
-        results: tasks.tasks.map((task) => ({
-            task_id: task.id,
-            status: "pending",
-            summary: `No runtime evidence recorded yet for ${task.id}.`,
-            evidence: [],
-            notes: ["Placeholder entry generated from runtime validation task list."],
-        })),
-    };
-}
 export function mergeRuntimeValidationReport(tasks, existing) {
     const existingMap = new Map((existing?.results ?? []).map((result) => [result.task_id, result]));
-    const mergedResults = tasks.tasks.map((task) => {
-        const prior = existingMap.get(task.id);
-        if (prior) {
-            return {
-                ...prior,
-                notes: [
-                    ...new Set([
-                        ...(prior.notes ?? []),
-                        "Preserved across runtime validation refresh.",
-                    ]),
-                ],
-            };
-        }
-        return {
-            task_id: task.id,
-            status: "pending",
-            summary: `No runtime evidence recorded yet for ${task.id}.`,
-            evidence: [],
-            notes: ["Placeholder entry generated from runtime validation task list."],
-        };
-    });
-    return { results: mergedResults };
+    return {
+        results: tasks.tasks.map((task) => {
+            const prior = existingMap.get(task.id);
+            return (prior ?? {
+                task_id: task.id,
+                status: "pending",
+                summary: `Deterministic runtime validation has not executed yet for ${task.id}.`,
+                evidence: [],
+                notes: [],
+            });
+        }),
+    };
 }

package/dist/orchestrator/runtimeValidationUpdate.js

@@ -38,11 +38,9 @@ export function updateRuntimeValidationReport(tasks, existing, updates) {
             merged.set(task.id, {
                 task_id: task.id,
                 status: "pending",
-                summary: `No runtime evidence recorded yet for ${task.id}.`,
+                summary: `Deterministic runtime validation has not executed yet for ${task.id}.`,
                 evidence: [],
-                notes: [
-                    "Placeholder entry generated from runtime validation task list.",
-                ],
+                notes: [],
             });
         }
     }

package/dist/orchestrator/state.js

@@ -60,15 +60,23 @@ export function deriveAuditState(bundle) {
         has(bundle.audit_tasks)) {
         obligations.push(obligation("audit_tasks_completed", "satisfied"));
     }
-    obligations.push(obligation("audit_results_ingested", has(bundle.audit_results) ? "present" : "missing"));
-    obligations.push(obligation("runtime_validation_current", staleOrSatisfied(staleArtifacts, ["runtime_validation_report.json"], has(bundle.runtime_validation_report))));
-    obligations.push(obligation("synthesis_current", staleOrSatisfied(staleArtifacts, [
-        "merged_findings.json",
-        "root_cause_clusters.json",
-        "synthesis_report.json",
-    ], has(bundle.merged_findings) &&
-        has(bundle.root_cause_clusters) &&
-        has(bundle.synthesis_report))));
+    obligations.push(obligation("audit_results_ingested", (bundle.audit_tasks?.length ?? 0) === 0 || has(bundle.audit_results)
+        ? "present"
+        : "missing"));
+    const runtimeTasks = bundle.runtime_validation_tasks?.tasks ?? [];
+    const runtimeResults = bundle.runtime_validation_report?.results ?? [];
+    const runtimeReady = runtimeTasks.length === 0 ||
+        (runtimeTasks.length > 0 &&
+            runtimeTasks.every((task) => runtimeResults.some((result) => result.task_id === task.id &&
+                result.status !== "pending")));
+    obligations.push(obligation("runtime_validation_current", runtimeReady
+        ? "satisfied"
+        : has(bundle.runtime_validation_report)
+            ? "missing"
+            : "missing", runtimeTasks.length === 0
+        ? "No deterministic runtime validation tasks were planned."
+        : undefined));
+    obligations.push(obligation("synthesis_current", staleOrSatisfied(staleArtifacts, ["audit-report.md"], has(bundle.audit_report))));
     let status = "not_started";
     if (!has(bundle.repo_manifest)) {
         status = "not_started";
@@ -80,10 +88,7 @@ export function deriveAuditState(bundle) {
         status = "active";
     }
     const incomplete = obligations.some((o) => o.state === "missing" || o.state === "stale");
-    if (!incomplete &&
-        has(bundle.synthesis_report) &&
-        has(bundle.merged_findings) &&
-        has(bundle.root_cause_clusters)) {
+    if (!incomplete && has(bundle.audit_report)) {
         status = "complete";
     }
     return {

package/dist/orchestrator/trivialAudit.js

@@ -20,6 +20,9 @@ export function isTrivialAuditPath(path, lineCount, hasExternalSignal = false) {
     if (name === "__init__.py" && lineCount <= 3) {
         return true;
     }
+    if (lineCount <= 1) {
+        return true;
+    }
     return false;
 }
 export function autoCompleteTrivialCoverage(coverage, lineIndex, externalAnalyzerResults) {
@@ -35,11 +38,11 @@ export function autoCompleteTrivialCoverage(coverage, lineIndex, externalAnalyze
         if (file.required_lenses.length === 0) {
             continue;
         }
-        file.completed_lenses = [...new Set(file.required_lenses)];
-        file.audit_status = "complete";
-        if (file.classification_status === "unclassified") {
-            file.classification_status = "classified";
-        }
+        file.completed_lenses = [];
+        file.required_lenses = [];
+        file.audit_status = "excluded";
+        file.classification_status = "excluded_trivial";
+        file.unit_ids = [];
         skipped.push(file.path);
     }
     return skipped.sort();