auditor-lambda 0.2.6 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (125) hide show
  1. package/README.md +29 -7
  2. package/audit-code-wrapper-lib.mjs +1605 -330
  3. package/dist/adapters/eslint.js +9 -5
  4. package/dist/cli.d.ts +42 -1
  5. package/dist/cli.js +192 -80
  6. package/dist/coverage.d.ts +2 -2
  7. package/dist/coverage.js +5 -5
  8. package/dist/extractors/bucketing.d.ts +4 -0
  9. package/dist/extractors/bucketing.js +6 -2
  10. package/dist/extractors/disposition.d.ts +4 -0
  11. package/dist/extractors/disposition.js +15 -2
  12. package/dist/extractors/fileInventory.js +24 -28
  13. package/dist/extractors/flows.d.ts +5 -0
  14. package/dist/extractors/flows.js +25 -39
  15. package/dist/extractors/pathPatterns.d.ts +13 -3
  16. package/dist/extractors/pathPatterns.js +116 -53
  17. package/dist/extractors/risk.js +7 -1
  18. package/dist/extractors/surfaces.d.ts +4 -0
  19. package/dist/extractors/surfaces.js +11 -11
  20. package/dist/index.d.ts +1 -1
  21. package/dist/index.js +2 -1
  22. package/dist/io/artifacts.d.ts +59 -44
  23. package/dist/io/artifacts.js +80 -120
  24. package/dist/io/json.d.ts +2 -0
  25. package/dist/io/json.js +65 -19
  26. package/dist/io/runArtifacts.d.ts +2 -1
  27. package/dist/io/runArtifacts.js +44 -7
  28. package/dist/mcp/server.d.ts +1 -0
  29. package/dist/mcp/server.js +579 -0
  30. package/dist/orchestrator/advance.js +84 -56
  31. package/dist/orchestrator/dependencyMap.js +9 -13
  32. package/dist/orchestrator/executors.js +7 -2
  33. package/dist/orchestrator/flowCoverage.js +11 -5
  34. package/dist/orchestrator/flowPlanning.d.ts +7 -2
  35. package/dist/orchestrator/flowPlanning.js +46 -21
  36. package/dist/orchestrator/flowRequeue.js +29 -9
  37. package/dist/orchestrator/internalExecutors.d.ts +2 -1
  38. package/dist/orchestrator/internalExecutors.js +130 -69
  39. package/dist/orchestrator/planning.js +25 -3
  40. package/dist/orchestrator/requeue.js +20 -5
  41. package/dist/orchestrator/resultIngestion.js +5 -6
  42. package/dist/orchestrator/runtimeValidation.d.ts +7 -2
  43. package/dist/orchestrator/runtimeValidation.js +61 -49
  44. package/dist/orchestrator/runtimeValidationUpdate.js +2 -4
  45. package/dist/orchestrator/state.js +18 -13
  46. package/dist/orchestrator/taskBuilder.d.ts +4 -2
  47. package/dist/orchestrator/taskBuilder.js +153 -52
  48. package/dist/orchestrator/trivialAudit.js +8 -5
  49. package/dist/orchestrator/unitBuilder.d.ts +3 -1
  50. package/dist/orchestrator/unitBuilder.js +24 -16
  51. package/dist/prompts/renderWorkerPrompt.d.ts +1 -1
  52. package/dist/prompts/renderWorkerPrompt.js +19 -10
  53. package/dist/providers/claudeCodeProvider.d.ts +4 -1
  54. package/dist/providers/claudeCodeProvider.js +8 -5
  55. package/dist/providers/localSubprocessProvider.d.ts +4 -0
  56. package/dist/providers/localSubprocessProvider.js +7 -2
  57. package/dist/providers/spawnLoggedCommand.d.ts +9 -1
  58. package/dist/providers/spawnLoggedCommand.js +77 -29
  59. package/dist/reporting/mergeFindings.js +0 -11
  60. package/dist/reporting/synthesis.d.ts +26 -21
  61. package/dist/reporting/synthesis.js +97 -61
  62. package/dist/reporting/workBlocks.d.ts +12 -3
  63. package/dist/reporting/workBlocks.js +124 -70
  64. package/dist/supervisor/operatorHandoff.js +48 -18
  65. package/dist/supervisor/runLedger.d.ts +1 -1
  66. package/dist/supervisor/runLedger.js +112 -5
  67. package/dist/supervisor/sessionConfig.js +10 -10
  68. package/dist/types/externalAnalyzer.d.ts +3 -0
  69. package/dist/types/flowCoverage.d.ts +5 -1
  70. package/dist/types/flowCoverage.js +5 -1
  71. package/dist/types/flows.d.ts +6 -0
  72. package/dist/types/flows.js +1 -1
  73. package/dist/types/runLedger.d.ts +5 -1
  74. package/dist/types/runLedger.js +6 -1
  75. package/dist/types/runtimeValidation.d.ts +13 -3
  76. package/dist/types/runtimeValidation.js +16 -1
  77. package/dist/types/sessionConfig.d.ts +15 -2
  78. package/dist/types/sessionConfig.js +15 -1
  79. package/dist/types/surfaces.d.ts +4 -1
  80. package/dist/types/surfaces.js +1 -1
  81. package/dist/types/workerSession.d.ts +9 -0
  82. package/dist/types/workerSession.js +5 -1
  83. package/dist/types.d.ts +4 -7
  84. package/dist/validation/artifacts.d.ts +1 -1
  85. package/dist/validation/artifacts.js +33 -20
  86. package/dist/validation/auditResults.d.ts +2 -2
  87. package/dist/validation/auditResults.js +71 -114
  88. package/dist/validation/basic.d.ts +9 -1
  89. package/dist/validation/basic.js +40 -3
  90. package/dist/validation/sessionConfig.d.ts +4 -2
  91. package/dist/validation/sessionConfig.js +62 -15
  92. package/docs/agent-integrations.md +67 -38
  93. package/docs/artifacts.md +16 -56
  94. package/docs/bootstrap-install.md +60 -30
  95. package/docs/contract.md +22 -205
  96. package/docs/next-steps.md +76 -44
  97. package/docs/packaging.md +27 -3
  98. package/docs/product-direction.md +22 -0
  99. package/docs/production-launch-bar.md +4 -2
  100. package/docs/production-readiness.md +9 -5
  101. package/docs/releasing.md +98 -0
  102. package/docs/remediation-baseline.md +75 -0
  103. package/docs/run-flow.md +23 -11
  104. package/docs/session-config.md +50 -5
  105. package/docs/supervisor.md +7 -0
  106. package/docs/workflow-refactor-brief.md +177 -0
  107. package/package.json +4 -1
  108. package/schemas/audit_result.schema.json +8 -7
  109. package/schemas/audit_task.schema.json +3 -1
  110. package/schemas/coverage_matrix.schema.json +3 -3
  111. package/schemas/critical_flows.schema.json +6 -2
  112. package/schemas/file_disposition.schema.json +2 -2
  113. package/schemas/finding.schema.json +9 -4
  114. package/schemas/flow_coverage.schema.json +2 -2
  115. package/schemas/repo_manifest.schema.json +4 -4
  116. package/schemas/risk_register.schema.json +2 -2
  117. package/schemas/runtime_validation_report.schema.json +3 -3
  118. package/schemas/runtime_validation_tasks.schema.json +8 -2
  119. package/schemas/surface_manifest.schema.json +6 -3
  120. package/schemas/unit_manifest.schema.json +3 -2
  121. package/skills/audit-code/SKILL.md +16 -2
  122. package/skills/audit-code/audit-code.prompt.md +5 -8
  123. package/schemas/merged_findings.schema.json +0 -19
  124. package/schemas/root_cause_clusters.schema.json +0 -28
  125. package/schemas/synthesis_report.schema.json +0 -61
package/README.md CHANGED
@@ -11,6 +11,7 @@ Normal product usage should:
11
11
  - use the active conversation model by default
12
12
  - use project files and attached repository context by default
13
13
  - avoid manual paths, provider flags, and model-selection arguments
14
+ - keep semantic review with the active conversation agent by default
14
15
  - advance the audit automatically until it completes or no further automatic progress is possible
15
16
 
16
17
  ## Conversation Setup
@@ -29,10 +30,17 @@ audit-code install
29
30
 
30
31
  That bootstraps repo-local `/audit-code` surfaces for the hosts we can automate today, including:
31
32
 
32
- - VS Code / GitHub Copilot prompt files
33
- - OpenCode custom commands
34
- - Claude Code custom slash commands
35
- - compatibility instruction files such as `AGENTS.md` and `CLAUDE.md`
33
+ - Codex skill bundle, `AGENTS.md` guidance, and MCP setup notes
34
+ - Claude Desktop local MCP bundle artifacts and project template guidance
35
+ - OpenCode command, skill, and `opencode.json` surfaces
36
+ - VS Code prompt, custom agent, Copilot instructions, and `.vscode/mcp.json`
37
+ - Antigravity planning-mode guidance plus the shared repo-local MCP launcher
38
+
39
+ After bootstrap, you can smoke-test the generated host assets and launcher from the repository root:
40
+
41
+ ```bash
42
+ audit-code verify-install
43
+ ```
36
44
 
37
45
  After that, open a supported conversation surface in the repository and invoke `/audit-code`.
38
46
 
@@ -42,7 +50,7 @@ If a host still needs manual prompt import after bootstrap, open:
42
50
  .audit-code/install/GETTING-STARTED.md
43
51
  ```
44
52
 
45
- That repo-local guide now includes dedicated quick-start sections for VS Code, OpenCode, Claude Code, Claude Desktop, and Antigravity, plus the installed canonical prompt asset path for manual-import hosts.
53
+ That repo-local guide now includes dedicated quick-start sections for Codex, Claude Desktop, OpenCode, VS Code, and Antigravity, plus the installed canonical prompt asset path for prompt-import fallback flows.
46
54
 
47
55
  For narrower compatibility, `audit-code install-host --host copilot` still exists.
48
56
 
@@ -79,6 +87,7 @@ This wrapper:
79
87
  - auto-builds `dist/` if it is missing
80
88
  - advances fresh worker sessions automatically until the audit completes or the remaining work requires imported results or an interactive provider
81
89
  - continues through provider-assisted audit review automatically when `.audit-artifacts/session-config.json` selects an interactive provider bridge
90
+ - keeps those provider bridges as fallback compatibility modes rather than the primary product path
82
91
  - emits `contract_version: "audit-code/v1alpha1"`
83
92
  - refreshes `.audit-artifacts/operator-handoff.json` and `.audit-artifacts/operator-handoff.md` with suggested evidence-import paths and continuation hints
84
93
 
@@ -114,6 +123,12 @@ For task-to-coverage inspection without reverse-engineering multiple artifacts:
114
123
  audit-code explain-task <task_id>
115
124
  ```
116
125
 
126
+ For a local stdio MCP server entrypoint:
127
+
128
+ ```bash
129
+ audit-code mcp
130
+ ```
131
+
117
132
  The backend wrapper response schema is `schemas/audit-code-v1alpha1.schema.json`.
118
133
 
119
134
  ## Backend Provider Modes
@@ -147,6 +162,7 @@ Optional backend config:
147
162
  - use `audit-code` from the repository root only when you need the repo-local backend fallback
148
163
  - use omitted provider or `local-subprocess` for the safest deterministic fallback behavior
149
164
  - use `provider: "auto"` only when you want best-effort routing across installed backends
165
+ - treat explicit provider bridges as compatibility fallback, not as the intended owner of semantic review
150
166
 
151
167
  ## Implementation Next Steps
152
168
 
@@ -156,8 +172,9 @@ The next implementation work is tracked in:
156
172
 
157
173
  The short version is:
158
174
 
159
- - reduce prompt-import friction in the conversation setup flow
160
- - make the conversation route feel more native in the first target hosts
175
+ - realign review dispatch around the conversation-owned, non-overlapping lens-block workflow
176
+ - prove the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance in real host flows
177
+ - tighten the repo-local MCP-first bootstrap where host smoke tests expose friction
161
178
  - polish provider-assisted continuation and failure guidance
162
179
  - finish publish and release hardening for packaged installs
163
180
 
@@ -168,9 +185,14 @@ npm install
168
185
  npm run verify:release
169
186
  ```
170
187
 
188
+ For GitHub Actions publication and npm Trusted Publishing setup, see `docs/releasing.md`.
189
+
171
190
  ## Key Docs
172
191
 
173
192
  - `docs/product-direction.md`
193
+ - `docs/workflow-refactor-brief.md`
194
+ - `docs/remediation-baseline.md`
195
+ - `docs/releasing.md`
174
196
  - `docs/production-readiness.md`
175
197
  - `docs/production-launch-bar.md`
176
198
  - `docs/next-steps.md`