auditor-lambda 0.2.6 → 0.2.9

package/dist/providers/spawnLoggedCommand.js

@@ -1,5 +1,8 @@
 import { createWriteStream } from "node:fs";
 import { spawn } from "node:child_process";
+const TERMINATION_SIGNAL = "SIGTERM";
+const FORCE_KILL_SIGNAL = "SIGKILL";
+const FORCE_KILL_GRACE_MS = 1_000;
 function tee(write, chunk) {
     write.write(chunk);
 }
@@ -7,22 +10,77 @@ function tee(write, chunk) {
 // does not consult PATH for executables without a shell. Callers should use
 // `platformCommand()` (scripts/smoke-packaged-audit-code.mjs) or similar to
 // supply the correct command form for the host OS.
-export async function spawnLoggedCommand(command, args, input, env) {
+export async function spawnLoggedCommand(command, args, input, env, options = {}) {
+    const openWriteStream = options.createWriteStream ?? createWriteStream;
+    const spawnProcess = options.spawn ?? spawn;
+    const killGraceMs = options.killGraceMs ?? FORCE_KILL_GRACE_MS;
     return await new Promise((resolve, reject) => {
-        const stdoutLog = createWriteStream(input.stdoutPath, { flags: "a" });
-        const stderrLog = createWriteStream(input.stderrPath, { flags: "a" });
+        const stdoutLog = openWriteStream(input.stdoutPath, { flags: "a" });
+        const stderrLog = openWriteStream(input.stderrPath, { flags: "a" });
         const startedAt = Date.now();
         let timedOut = false;
-        const child = spawn(command, args, {
-            cwd: input.repoRoot,
-            env: { ...process.env, ...env },
-            stdio: ["ignore", "pipe", "pipe"],
-        });
-        const timer = setTimeout(() => {
+        let settled = false;
+        let child = null;
+        let timer;
+        let heartbeat;
+        let forceKillTimer;
+        const cleanup = () => {
+            if (timer) {
+                clearTimeout(timer);
+            }
+            if (heartbeat) {
+                clearInterval(heartbeat);
+            }
+            if (forceKillTimer) {
+                clearTimeout(forceKillTimer);
+            }
+            stdoutLog.end();
+            stderrLog.end();
+        };
+        const settle = (callback) => {
+            if (settled) {
+                return;
+            }
+            settled = true;
+            cleanup();
+            callback();
+        };
+        const fail = (error) => {
+            if (child && !child.killed) {
+                child.kill(FORCE_KILL_SIGNAL);
+            }
+            const normalized = error instanceof Error ? error : new Error(String(error));
+            settle(() => reject(normalized));
+        };
+        stdoutLog.on("error", fail);
+        stderrLog.on("error", fail);
+        let spawnedChild;
+        try {
+            spawnedChild = spawnProcess(command, args, {
+                cwd: input.repoRoot,
+                env: { ...process.env, ...env },
+                stdio: ["ignore", "pipe", "pipe"],
+            });
+            child = spawnedChild;
+        }
+        catch (error) {
+            fail(error);
+            return;
+        }
+        if (!spawnedChild.stdout || !spawnedChild.stderr) {
+            fail(new Error(`Fresh session spawn for run ${input.runId} did not provide pipe-backed stdout/stderr streams.`));
+            return;
+        }
+        timer = setTimeout(() => {
             timedOut = true;
-            child.kill("SIGTERM");
+            spawnedChild.kill(TERMINATION_SIGNAL);
+            forceKillTimer = setTimeout(() => {
+                if (!settled) {
+                    spawnedChild.kill(FORCE_KILL_SIGNAL);
+                }
+            }, killGraceMs);
         }, input.timeoutMs);
-        const heartbeat = setInterval(() => {
+        heartbeat = setInterval(() => {
             const elapsedMs = Date.now() - startedAt;
             const message = `[provider] run ${input.runId} still running after ${elapsedMs}ms\n`;
             tee(stderrLog, message);
@@ -30,40 +88,30 @@ export async function spawnLoggedCommand(command, args, input, env) {
                 process.stderr.write(message);
             }
         }, 30_000);
-        child.stdout.on("data", (chunk) => {
+        spawnedChild.stdout.on("data", (chunk) => {
             tee(stdoutLog, chunk);
             if (input.uiMode === "visible") {
                 process.stdout.write(chunk);
             }
         });
-        child.stderr.on("data", (chunk) => {
+        spawnedChild.stderr.on("data", (chunk) => {
             tee(stderrLog, chunk);
             if (input.uiMode === "visible") {
                 process.stderr.write(chunk);
             }
         });
-        child.on("error", (error) => {
-            clearTimeout(timer);
-            clearInterval(heartbeat);
-            stdoutLog.end();
-            stderrLog.end();
-            reject(error);
-        });
-        child.on("exit", (code, signal) => {
-            clearTimeout(timer);
-            clearInterval(heartbeat);
-            stdoutLog.end();
-            stderrLog.end();
+        spawnedChild.on("error", fail);
+        spawnedChild.on("exit", (code, signal) => {
             if (timedOut) {
-                reject(new Error(`Fresh session timed out after ${input.timeoutMs}ms for run ${input.runId}.`));
+                settle(() => reject(new Error(`Fresh session timed out after ${input.timeoutMs}ms for run ${input.runId}.`)));
                 return;
             }
-            resolve({
+            settle(() => resolve({
                 accepted: true,
-                processId: child.pid,
+                processId: spawnedChild.pid,
                 exitCode: code,
                 signal,
-            });
+            }));
         });
     });
 }

package/dist/reporting/mergeFindings.js

@@ -82,9 +82,6 @@ export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
                             ...analyzerEvidence,
                         ]),
                     ],
-                    related_findings: finding.related_findings && finding.related_findings.length > 0
-                        ? [...new Set(finding.related_findings)]
-                        : undefined,
                 });
                 continue;
             }
@@ -110,14 +107,6 @@ export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
                     ...analyzerEvidence,
                 ]),
             ];
-            const related = new Set([
-                ...(existing.related_findings ?? []),
-                ...(finding.related_findings ?? []),
-                existing.id,
-                finding.id,
-            ]);
-            existing.related_findings =
-                related.size > 0 ? [...related].sort() : undefined;
         }
     }
     return [...merged.values()].sort((a, b) => {

package/dist/reporting/synthesis.d.ts

@@ -1,24 +1,29 @@
-import type { AuditResult } from "../types.js";
+import type { AuditResult, CoverageMatrix, Finding, UnitManifest } from "../types.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import type { CriticalFlowManifest } from "../types/flows.js";
+import type { GraphBundle } from "../types/graph.js";
 import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
-import { mergeFindings } from "./mergeFindings.js";
-import { buildRootCauseClusters } from "./rootCause.js";
-import { buildWorkBlocks } from "./workBlocks.js";
-export interface SynthesisReport {
-    summary: {
-        finding_count: number;
-        cluster_count: number;
-        work_block_count: number;
-        runtime_validation_status_breakdown: Record<string, number>;
-        notes: string[];
-        severity_breakdown: Record<string, number>;
-        external_analyzer_summary: {
-            tool_count: number;
-            result_count: number;
-        };
-    };
-    merged_findings: ReturnType<typeof mergeFindings>;
-    root_cause_clusters: ReturnType<typeof buildRootCauseClusters>;
-    work_blocks: ReturnType<typeof buildWorkBlocks>;
+import { type WorkBlock } from "./workBlocks.js";
+export interface AuditReportSummary {
+    finding_count: number;
+    work_block_count: number;
+    severity_breakdown: Record<string, number>;
+    audited_file_count: number;
+    excluded_file_count: number;
+    runtime_validation_status_breakdown: Record<string, number>;
 }
-export declare function buildSynthesisReport(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): SynthesisReport;
+export interface AuditReportModel {
+    summary: AuditReportSummary;
+    findings: Finding[];
+    work_blocks: WorkBlock[];
+}
+export declare function buildAuditReportModel(params: {
+    results: AuditResult[];
+    unitManifest?: UnitManifest;
+    graphBundle?: GraphBundle;
+    criticalFlows?: CriticalFlowManifest;
+    coverageMatrix?: CoverageMatrix;
+    runtimeValidationReport?: RuntimeValidationReport;
+    externalAnalyzerResults?: ExternalAnalyzerResults;
+}): AuditReportModel;
+export declare function renderAuditReportMarkdown(model: AuditReportModel): string;

package/dist/reporting/synthesis.js

@@ -1,77 +1,113 @@
-import { mergeFindings } from "./mergeFindings.js";
-import { buildRootCauseClusters } from "./rootCause.js";
 import { buildWorkBlocks } from "./workBlocks.js";
-function statusBreakdown(report) {
+import { mergeFindings } from "./mergeFindings.js";
+function countBy(items, selectKey) {
     const breakdown = {};
-    for (const result of report?.results ?? []) {
-        breakdown[result.status] = (breakdown[result.status] ?? 0) + 1;
+    for (const item of items) {
+        const key = selectKey(item);
+        if (!key) {
+            continue;
+        }
+        breakdown[key] = (breakdown[key] ?? 0) + 1;
     }
     return breakdown;
 }
 function severityBreakdown(findings) {
-    const breakdown = {};
-    for (const finding of findings) {
-        breakdown[finding.severity] = (breakdown[finding.severity] ?? 0) + 1;
-    }
-    return breakdown;
+    return countBy(findings, (finding) => finding.severity);
 }
-function zeroFindingLensNotes(results) {
-    const tasksByLens = new Map();
-    const findingsByLens = new Map();
-    for (const result of results) {
-        tasksByLens.set(result.lens, (tasksByLens.get(result.lens) ?? 0) + 1);
-        findingsByLens.set(result.lens, (findingsByLens.get(result.lens) ?? 0) + result.findings.length);
-    }
-    const zeroLenses = [...tasksByLens.entries()]
-        .filter(([lens, count]) => count > 0 && (findingsByLens.get(lens) ?? 0) === 0)
-        .map(([lens]) => lens)
-        .sort();
-    if (zeroLenses.length === 0)
-        return [];
-    return [
-        `Zero findings across all reviewed tasks for lens(es): ${zeroLenses.join(", ")}. Verify these tasks were genuinely reviewed rather than batch-generated.`,
-    ];
+function runtimeStatusBreakdown(report) {
+    return countBy(report?.results ?? [], (result) => result.status);
 }
-function externalSummary(results) {
-    if (!results) {
-        return { tool_count: 0, result_count: 0 };
-    }
+function coverageSummary(coverage) {
+    const files = coverage?.files ?? [];
     return {
-        tool_count: results.tool ? 1 : 0,
-        result_count: results.results.length,
+        audited_file_count: files.filter((file) => file.audit_status === "complete").length,
+        excluded_file_count: files.filter((file) => file.audit_status === "excluded").length,
     };
 }
-export function buildSynthesisReport(results, runtimeReport, externalAnalyzerResults) {
-    const merged_findings = mergeFindings(results, runtimeReport, externalAnalyzerResults);
-    const root_cause_clusters = buildRootCauseClusters(merged_findings, runtimeReport, externalAnalyzerResults);
-    const work_blocks = buildWorkBlocks(merged_findings);
-    const runtimeBreakdown = statusBreakdown(runtimeReport);
-    const sevBreakdown = severityBreakdown(merged_findings);
-    const extSummary = externalSummary(externalAnalyzerResults);
+function formatSeverityList(summary) {
+    const ordered = ["critical", "high", "medium", "low", "info"];
+    const parts = ordered
+        .filter((severity) => (summary[severity] ?? 0) > 0)
+        .map((severity) => `${severity}: ${summary[severity]}`);
+    return parts.length > 0 ? parts.join(", ") : "none";
+}
+export function buildAuditReportModel(params) {
+    const findings = mergeFindings(params.results, params.runtimeValidationReport, params.externalAnalyzerResults);
+    const workBlocks = buildWorkBlocks({
+        findings,
+        unitManifest: params.unitManifest,
+        graphBundle: params.graphBundle,
+        criticalFlows: params.criticalFlows,
+    });
+    const coverage = coverageSummary(params.coverageMatrix);
     return {
         summary: {
-            finding_count: merged_findings.length,
-            cluster_count: root_cause_clusters.length,
-            work_block_count: work_blocks.length,
-            runtime_validation_status_breakdown: runtimeBreakdown,
-            severity_breakdown: sevBreakdown,
-            external_analyzer_summary: extSummary,
-            notes: [
-                ...(Object.keys(runtimeBreakdown).length === 0
-                    ? ["No runtime validation evidence attached."]
-                    : [
-                        "Runtime validation evidence has been incorporated into synthesis.",
-                    ]),
-                ...(extSummary.result_count > 0
-                    ? [
-                        `External analyzer signals incorporated: ${extSummary.result_count} result(s) from ${externalAnalyzerResults?.tool}.`,
-                    ]
-                    : []),
-                ...zeroFindingLensNotes(results),
-            ],
+            finding_count: findings.length,
+            work_block_count: workBlocks.length,
+            severity_breakdown: severityBreakdown(findings),
+            audited_file_count: coverage.audited_file_count,
+            excluded_file_count: coverage.excluded_file_count,
+            runtime_validation_status_breakdown: runtimeStatusBreakdown(params.runtimeValidationReport),
         },
-        merged_findings,
-        root_cause_clusters,
-        work_blocks,
+        findings,
+        work_blocks: workBlocks,
     };
 }
+export function renderAuditReportMarkdown(model) {
+    const lines = [
+        "# Audit Report",
+        "",
+        "## Summary",
+        "",
+        `- Findings: ${model.summary.finding_count}`,
+        `- Work blocks: ${model.summary.work_block_count}`,
+        `- Severity breakdown: ${formatSeverityList(model.summary.severity_breakdown)}`,
+        `- Fully audited files: ${model.summary.audited_file_count}`,
+        `- Excluded non-auditable files: ${model.summary.excluded_file_count}`,
+        "",
+        "## Work Blocks",
+        "",
+    ];
+    if (model.work_blocks.length === 0) {
+        lines.push("No remediation work blocks were generated.", "");
+    }
+    else {
+        for (const block of model.work_blocks) {
+            lines.push(`### ${block.id}`);
+            lines.push("");
+            lines.push(`- Max severity: ${block.max_severity}`);
+            lines.push(`- Units: ${block.unit_ids.join(", ")}`);
+            lines.push(`- Owned files: ${block.owned_files.join(", ")}`);
+            lines.push(`- Findings: ${block.finding_ids.join(", ")}`);
+            lines.push(`- Depends on: ${block.depends_on.length > 0 ? block.depends_on.join(", ") : "none"}`);
+            lines.push(`- Rationale: ${block.rationale}`);
+            lines.push("");
+        }
+    }
+    lines.push("## Findings", "");
+    if (model.findings.length === 0) {
+        lines.push("No findings were recorded.", "");
+    }
+    else {
+        for (const finding of model.findings) {
+            lines.push(`### ${finding.id} — ${finding.title}`);
+            lines.push("");
+            lines.push(`- Severity: ${finding.severity}`);
+            lines.push(`- Confidence: ${finding.confidence}`);
+            lines.push(`- Lens: ${finding.lens}`);
+            lines.push(`- Files: ${finding.affected_files.map((file) => file.path).join(", ")}`);
+            lines.push(`- Summary: ${finding.summary}`);
+            if (finding.evidence && finding.evidence.length > 0) {
+                lines.push("- Evidence:");
+                for (const evidence of finding.evidence) {
+                    lines.push(`  - ${evidence}`);
+                }
+            }
+            lines.push("");
+        }
+    }
+    lines.push("## Scope and Coverage", "");
+    lines.push("This report is deterministic output from the completed audit. Non-auditable files were excluded from scope before task generation.");
+    lines.push("");
+    return lines.join("\n");
+}

package/dist/reporting/workBlocks.d.ts

@@ -1,9 +1,18 @@
-import type { Finding } from "../types.js";
+import type { Finding, UnitManifest } from "../types.js";
+import type { CriticalFlowManifest } from "../types/flows.js";
+import type { GraphBundle } from "../types/graph.js";
 export interface WorkBlock {
     id: string;
     finding_ids: string[];
-    affected_files: string[];
+    unit_ids: string[];
+    owned_files: string[];
     max_severity: Finding["severity"];
     rationale: string;
+    depends_on: string[];
 }
-export declare function buildWorkBlocks(findings: Finding[]): WorkBlock[];
+export declare function buildWorkBlocks(params: {
+    findings: Finding[];
+    unitManifest?: UnitManifest;
+    graphBundle?: GraphBundle;
+    criticalFlows?: CriticalFlowManifest;
+}): WorkBlock[];

package/dist/reporting/workBlocks.js

@@ -12,98 +12,152 @@ function severityRank(severity) {
             return 1;
     }
 }
-export function buildWorkBlocks(findings) {
-    if (findings.length === 0)
+function buildFileUnitMap(unitManifest) {
+    const map = new Map();
+    for (const unit of unitManifest?.units ?? []) {
+        for (const path of unit.files) {
+            if (!map.has(path)) {
+                map.set(path, unit.unit_id);
+            }
+        }
+    }
+    return map;
+}
+function normalizeOwnedUnits(finding, fileUnitMap) {
+    const unitIds = new Set();
+    for (const file of finding.affected_files) {
+        const mapped = fileUnitMap.get(file.path);
+        unitIds.add(mapped ?? `file:${file.path}`);
+    }
+    return [...unitIds].sort();
+}
+function computeDependencies(params) {
+    const blockByFile = new Map();
+    for (const block of params.blocks) {
+        for (const path of block.owned_files) {
+            blockByFile.set(path, block.id);
+        }
+    }
+    const dependsOn = new Map();
+    for (const block of params.blocks) {
+        dependsOn.set(block.id, new Set());
+    }
+    const graphEdges = [
+        ...(params.graphBundle?.graphs.imports ?? []),
+        ...(params.graphBundle?.graphs.calls ?? []),
+    ];
+    for (const edge of graphEdges) {
+        const fromBlock = blockByFile.get(edge.from);
+        const toBlock = blockByFile.get(edge.to);
+        if (fromBlock && toBlock && fromBlock !== toBlock) {
+            dependsOn.get(fromBlock)?.add(toBlock);
+        }
+    }
+    for (const flow of params.criticalFlows?.flows ?? []) {
+        const flowBlocks = new Set();
+        for (const path of flow.paths) {
+            const blockId = blockByFile.get(path);
+            if (blockId) {
+                flowBlocks.add(blockId);
+            }
+        }
+        const ordered = [...flowBlocks].sort();
+        for (let i = 1; i < ordered.length; i++) {
+            dependsOn.get(ordered[i - 1])?.add(ordered[i]);
+        }
+    }
+    return params.blocks.map((block) => ({
+        ...block,
+        depends_on: [...(dependsOn.get(block.id) ?? [])].sort(),
+    }));
+}
+export function buildWorkBlocks(params) {
+    if (params.findings.length === 0) {
         return [];
+    }
+    const fileUnitMap = buildFileUnitMap(params.unitManifest);
     const parent = new Map();
+    const findingUnits = new Map();
     function find(id) {
         if (!parent.has(id))
             parent.set(id, id);
-        const p = parent.get(id);
-        if (p === id)
+        const current = parent.get(id);
+        if (current === id)
             return id;
-        const root = find(p);
+        const root = find(current);
         parent.set(id, root);
         return root;
     }
     function union(a, b) {
-        const ra = find(a);
-        const rb = find(b);
-        if (ra !== rb)
-            parent.set(ra, rb);
-    }
-    for (const finding of findings)
-        find(finding.id);
-    // Union findings that share affected files
-    const fileToIds = new Map();
-    for (const finding of findings) {
-        for (const af of finding.affected_files) {
-            const ids = fileToIds.get(af.path) ?? [];
-            ids.push(finding.id);
-            fileToIds.set(af.path, ids);
+        const rootA = find(a);
+        const rootB = find(b);
+        if (rootA !== rootB) {
+            parent.set(rootA, rootB);
         }
     }
-    for (const ids of fileToIds.values()) {
-        for (let i = 1; i < ids.length; i++) {
-            union(ids[0], ids[i]);
+    const unitToFindingIds = new Map();
+    for (const finding of params.findings) {
+        parent.set(finding.id, finding.id);
+        const ownedUnits = normalizeOwnedUnits(finding, fileUnitMap);
+        findingUnits.set(finding.id, ownedUnits);
+        for (const unitId of ownedUnits) {
+            const ids = unitToFindingIds.get(unitId) ?? [];
+            ids.push(finding.id);
+            unitToFindingIds.set(unitId, ids);
         }
     }
-    // Union findings explicitly linked via related_findings
-    const knownIds = new Set(findings.map((f) => f.id));
-    for (const finding of findings) {
-        for (const relId of finding.related_findings ?? []) {
-            if (knownIds.has(relId))
-                union(finding.id, relId);
+    for (const ids of unitToFindingIds.values()) {
+        for (let index = 1; index < ids.length; index++) {
+            union(ids[0], ids[index]);
         }
     }
-    // Collect connected components
-    const groups = new Map();
-    for (const finding of findings) {
+    const grouped = new Map();
+    for (const finding of params.findings) {
         const root = find(finding.id);
-        const group = groups.get(root) ?? [];
+        const group = grouped.get(root) ?? [];
         group.push(finding);
-        groups.set(root, group);
+        grouped.set(root, group);
     }
-    const blocks = [];
-    for (const group of groups.values()) {
-        // Within a block: severity desc, systemic first, then title
-        const sorted = [...group].sort((a, b) => {
-            const sevDelta = severityRank(b.severity) - severityRank(a.severity);
-            if (sevDelta !== 0)
-                return sevDelta;
-            const sysA = a.systemic ? 1 : 0;
-            const sysB = b.systemic ? 1 : 0;
-            if (sysA !== sysB)
-                return sysB - sysA;
-            return a.title.localeCompare(b.title);
+    const blocks = [...grouped.values()].map((group, index) => {
+        const orderedFindings = [...group].sort((a, b) => {
+            const severityDelta = severityRank(b.severity) - severityRank(a.severity);
+            if (severityDelta !== 0)
+                return severityDelta;
+            return a.id.localeCompare(b.id);
         });
-        const affectedFiles = [
-            ...new Set(sorted.flatMap((f) => f.affected_files.map((af) => af.path))),
+        const unitIds = [
+            ...new Set(group.flatMap((finding) => findingUnits.get(finding.id) ?? [])),
         ].sort();
-        const maxSeverity = sorted[0].severity;
-        const rationale = affectedFiles.length === 1
-            ? `${sorted.length} finding(s) affect the same file — fix together to avoid conflicts.`
-            : `${sorted.length} finding(s) share ${affectedFiles.length} file(s) or are linked via related_findings — fix as a unit so one change does not invalidate another.`;
-        blocks.push({
-            id: "",
-            finding_ids: sorted.map((f) => f.id),
-            affected_files: affectedFiles,
-            max_severity: maxSeverity,
-            rationale,
-        });
-    }
-    // Sort blocks: highest severity first, then largest group, then stable by first finding id
+        const ownedFiles = [
+            ...new Set(group.flatMap((finding) => finding.affected_files.map((file) => file.path))),
+        ].sort();
+        return {
+            id: `block-${index + 1}`,
+            finding_ids: orderedFindings.map((finding) => finding.id),
+            unit_ids: unitIds,
+            owned_files: ownedFiles,
+            max_severity: orderedFindings[0].severity,
+            rationale: unitIds.length === 1
+                ? "All findings map to the same owned unit and should be remediated together."
+                : "Findings share owned units transitively and should remain one non-overlapping remediation block.",
+            depends_on: [],
+        };
+    });
     blocks.sort((a, b) => {
-        const sevDelta = severityRank(b.max_severity) - severityRank(a.max_severity);
-        if (sevDelta !== 0)
-            return sevDelta;
-        const lenDelta = b.finding_ids.length - a.finding_ids.length;
-        if (lenDelta !== 0)
-            return lenDelta;
-        return (a.finding_ids[0] ?? "").localeCompare(b.finding_ids[0] ?? "");
+        const severityDelta = severityRank(b.max_severity) - severityRank(a.max_severity);
+        if (severityDelta !== 0)
+            return severityDelta;
+        const findingDelta = b.finding_ids.length - a.finding_ids.length;
+        if (findingDelta !== 0)
+            return findingDelta;
+        return a.id.localeCompare(b.id);
     });
-    for (let i = 0; i < blocks.length; i++) {
-        blocks[i].id = `block-${i + 1}`;
+    for (let index = 0; index < blocks.length; index++) {
+        blocks[index].id = `block-${index + 1}`;
     }
-    return blocks;
+    return computeDependencies({
+        blocks,
+        graphBundle: params.graphBundle,
+        criticalFlows: params.criticalFlows,
+    });
 }