auditor-lambda 0.2.6 → 0.2.9

package/dist/supervisor/operatorHandoff.js

@@ -3,22 +3,52 @@ import { join } from "node:path";
 import { writeJsonFile } from "../io/json.js";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "../providers/constants.js";
 export const CONFIG_ERROR_BLOCKER_PREFIX = "config-error:";
-function quoteShellPath(path) {
-    return `"${path.replace(/"/g, '\\"')}"`;
+const INCOMING_DIRNAME = "incoming";
+const OPERATOR_HANDOFF_JSON_FILENAME = "operator-handoff.json";
+const OPERATOR_HANDOFF_MARKDOWN_FILENAME = "operator-handoff.md";
+const SESSION_CONFIG_FILENAME = "session-config.json";
+const RUN_LEDGER_FILENAME = "run-ledger.json";
+const AUDIT_TASKS_FILENAME = "audit_tasks.json";
+const RUNTIME_VALIDATION_TASKS_FILENAME = "runtime_validation_tasks.json";
+const BLOCKED_STATUS = "blocked";
+const COMPLETE_STATUS = "complete";
+const NOT_STARTED_STATUS = "not_started";
+const NON_PENDING_OBLIGATION_STATES = new Set([
+    "present",
+    "satisfied",
+]);
+const INTERACTIVE_PROVIDER_OPTIONS = [
+    "auto",
+    "claude-code",
+    "opencode",
+    "subprocess-template",
+    "vscode-task",
+];
+function quoteShellPath(filePath) {
+    // The handoff renders a single shell argument, so the snippet only needs
+    // double-quote wrapping plus escaping embedded double quotes.
+    return `"${filePath.replace(/"/g, '\\"')}"`;
 }
 function buildPendingObligations(state) {
     return state.obligations
-        .filter((item) => item.state !== "satisfied" && item.state !== "present")
+        .filter((item) => !NON_PENDING_OBLIGATION_STATES.has(item.state))
         .map((item) => item.id);
 }
+function formatQuotedList(values) {
+    if (values.length === 1) {
+        return `"${values[0]}"`;
+    }
+    const head = values.slice(0, -1).map((value) => `"${value}"`).join(", ");
+    return `${head}, or "${values[values.length - 1]}"`;
+}
 function buildSummary(status, providerName, fallbackSummary) {
-    if (status === "complete") {
+    if (status === COMPLETE_STATUS) {
         return "No operator handoff is required. All known obligations are currently satisfied.";
     }
-    if (status === "blocked") {
+    if (status === BLOCKED_STATUS) {
         return fallbackSummary;
     }
-    if (status === "not_started") {
+    if (status === NOT_STARTED_STATUS) {
         return "The artifact bundle is not initialized yet. Run the wrapper from the repository root to create the initial audit artifacts.";
     }
     return providerName
@@ -26,10 +56,10 @@ function buildSummary(status, providerName, fallbackSummary) {
         : "Automatic work can continue. Re-run the same wrapper or inspect the listed artifacts if you need operator context.";
 }
 function buildSuggestedInputs(artifactsDir, status, isConfigError) {
-    if (status !== "blocked" || isConfigError) {
+    if (status !== BLOCKED_STATUS || isConfigError) {
         return [];
     }
-    const incomingDir = join(artifactsDir, "incoming");
+    const incomingDir = join(artifactsDir, INCOMING_DIRNAME);
     return [
         {
             flag: "--results",
@@ -49,20 +79,20 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError) {
     ];
 }
 function buildSuggestedCommands(suggestedInputs, status) {
-    if (status !== "blocked") {
+    if (status !== BLOCKED_STATUS) {
         return [];
     }
     return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
 }
 function buildInteractiveProviderHint(status, providerName, sessionConfigPath, isConfigError) {
-    if (status !== "blocked") {
+    if (status !== BLOCKED_STATUS) {
         return null;
     }
     if (isConfigError) {
         return `A project configuration issue is blocking the audit. Verify that --root points to the repository root containing a project file (package.json, go.mod, etc.), then run audit-code again.`;
     }
     const providerLabel = providerName ?? LOCAL_SUBPROCESS_PROVIDER_NAME;
-    return `Current provider is ${providerLabel}. If you want the backend to continue through an interactive provider instead of importing results manually, set "provider" in ${sessionConfigPath} to "auto", "claude-code", "opencode", "subprocess-template", or "vscode-task", then run audit-code again from the repository root.`;
+    return `Current backend worker provider is ${providerLabel}. Remaining semantic review belongs to the active conversation agent by default. If you intentionally want the backend to continue through a compatibility bridge instead, configure ${sessionConfigPath} for ${formatQuotedList(INTERACTIVE_PROVIDER_OPTIONS)} and re-run audit-code with an explicit --provider value from the repository root.`;
 }
 function renderMarkdown(handoff) {
     const lines = [
@@ -115,18 +145,18 @@ function renderMarkdown(handoff) {
 }
 export function buildAuditCodeHandoff(params) {
     const isConfigError = params.isConfigError ?? false;
-    const incomingDir = join(params.artifactsDir, "incoming");
+    const incomingDir = join(params.artifactsDir, INCOMING_DIRNAME);
     const artifactPaths = {
         incoming_dir: incomingDir,
-        operator_handoff_json: join(params.artifactsDir, "operator-handoff.json"),
-        operator_handoff_markdown: join(params.artifactsDir, "operator-handoff.md"),
-        session_config: join(params.artifactsDir, "session-config.json"),
-        run_ledger: join(params.artifactsDir, "run-ledger.json"),
+        operator_handoff_json: join(params.artifactsDir, OPERATOR_HANDOFF_JSON_FILENAME),
+        operator_handoff_markdown: join(params.artifactsDir, OPERATOR_HANDOFF_MARKDOWN_FILENAME),
+        session_config: join(params.artifactsDir, SESSION_CONFIG_FILENAME),
+        run_ledger: join(params.artifactsDir, RUN_LEDGER_FILENAME),
         audit_tasks: params.bundle.audit_tasks
-            ? join(params.artifactsDir, "audit_tasks.json")
+            ? join(params.artifactsDir, AUDIT_TASKS_FILENAME)
             : null,
         runtime_validation_tasks: params.bundle.runtime_validation_tasks
-            ? join(params.artifactsDir, "runtime_validation_tasks.json")
+            ? join(params.artifactsDir, RUNTIME_VALIDATION_TASKS_FILENAME)
             : null,
     };
     const suggestedInputs = buildSuggestedInputs(params.artifactsDir, params.state.status, isConfigError);

package/dist/supervisor/runLedger.d.ts

@@ -1,3 +1,3 @@
-import type { RunLedger, RunLedgerEntry } from "../types/runLedger.js";
+import { type RunLedger, type RunLedgerEntry } from "../types/runLedger.js";
 export declare function loadRunLedger(artifactsDir: string): Promise<RunLedger>;
 export declare function appendRunLedgerEntry(artifactsDir: string, entry: RunLedgerEntry): Promise<void>;

package/dist/supervisor/runLedger.js

@@ -1,20 +1,127 @@
+import { randomUUID } from "node:crypto";
+import { mkdir, open, rename, rm } from "node:fs/promises";
+import { join } from "node:path";
+import { RUN_LEDGER_STATUSES, } from "../types/runLedger.js";
 import { isFileMissingError, readJsonFile, writeJsonFile } from "../io/json.js";
+const RUN_LEDGER_FILENAME = "run-ledger.json";
+const RUN_LEDGER_LOCK_FILENAME = "run-ledger.lock";
+const LOCK_RETRY_DELAY_MS = 20;
+const LOCK_RETRY_LIMIT = 100;
+const VALID_RUN_LEDGER_STATUSES = new Set(RUN_LEDGER_STATUSES);
 function ledgerPath(artifactsDir) {
-    return `${artifactsDir}/run-ledger.json`;
+    return join(artifactsDir, RUN_LEDGER_FILENAME);
+}
+function ledgerLockPath(artifactsDir) {
+    return join(artifactsDir, RUN_LEDGER_LOCK_FILENAME);
+}
+function buildTempLedgerPath(artifactsDir) {
+    return join(artifactsDir, `${RUN_LEDGER_FILENAME}.${process.pid}.${randomUUID()}.tmp`);
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isFileExistsError(error) {
+    return (typeof error === "object" &&
+        error !== null &&
+        "code" in error &&
+        error.code === "EEXIST");
+}
+function assertRunLedgerEntry(value, fieldPath) {
+    if (!isRecord(value)) {
+        throw new Error(`Invalid run ledger in ${fieldPath}: expected an object.`);
+    }
+    const requireString = (field) => {
+        const entry = value[field];
+        if (typeof entry !== "string" || entry.trim().length === 0) {
+            throw new Error(`Invalid run ledger in ${fieldPath}.${field}: expected a non-empty string.`);
+        }
+        return entry;
+    };
+    const requireNullableString = (field) => {
+        const entry = value[field];
+        if (entry === null) {
+            return null;
+        }
+        if (typeof entry !== "string" || entry.trim().length === 0) {
+            throw new Error(`Invalid run ledger in ${fieldPath}.${field}: expected a string or null.`);
+        }
+        return entry;
+    };
+    const status = value.status;
+    if (typeof status !== "string" ||
+        !VALID_RUN_LEDGER_STATUSES.has(status)) {
+        throw new Error(`Invalid run ledger in ${fieldPath}.status: expected one of ${Array.from(VALID_RUN_LEDGER_STATUSES).join(", ")}.`);
+    }
+    return {
+        run_id: requireString("run_id"),
+        provider: requireString("provider"),
+        obligation_id: requireNullableString("obligation_id"),
+        selected_executor: requireNullableString("selected_executor"),
+        status: status,
+        started_at: requireString("started_at"),
+        ended_at: requireString("ended_at"),
+        result_path: requireString("result_path"),
+    };
+}
+function parseRunLedger(value, path) {
+    if (!isRecord(value)) {
+        throw new Error(`Invalid run ledger in ${path}: expected an object.`);
+    }
+    if (!Array.isArray(value.runs)) {
+        throw new Error(`Invalid run ledger in ${path}: expected runs to be an array.`);
+    }
+    return {
+        runs: value.runs.map((entry, index) => assertRunLedgerEntry(entry, `${path}.runs[${index}]`)),
+    };
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function acquireLedgerLock(artifactsDir) {
+    const lockPath = ledgerLockPath(artifactsDir);
+    await mkdir(artifactsDir, { recursive: true });
+    for (let attempt = 0; attempt < LOCK_RETRY_LIMIT; attempt += 1) {
+        try {
+            return await open(lockPath, "wx");
+        }
+        catch (error) {
+            if (!isFileExistsError(error)) {
+                throw error;
+            }
+            if (attempt === LOCK_RETRY_LIMIT - 1) {
+                throw new Error(`Timed out waiting to update ${ledgerPath(artifactsDir)} because ${lockPath} is locked.`);
+            }
+            await sleep(LOCK_RETRY_DELAY_MS);
+        }
+    }
+    throw new Error(`Failed to acquire lock for ${ledgerPath(artifactsDir)}.`);
 }
 export async function loadRunLedger(artifactsDir) {
+    const path = ledgerPath(artifactsDir);
     try {
-        return await readJsonFile(ledgerPath(artifactsDir));
+        return parseRunLedger(await readJsonFile(path), path);
     }
     catch (error) {
         if (isFileMissingError(error)) {
+            // A missing run ledger just means no worker runs have been recorded yet.
             return { runs: [] };
         }
         throw error;
     }
 }
 export async function appendRunLedgerEntry(artifactsDir, entry) {
-    const ledger = await loadRunLedger(artifactsDir);
-    ledger.runs.push(entry);
-    await writeJsonFile(ledgerPath(artifactsDir), ledger);
+    const lockHandle = await acquireLedgerLock(artifactsDir);
+    const path = ledgerPath(artifactsDir);
+    const tempPath = buildTempLedgerPath(artifactsDir);
+    try {
+        const ledger = await loadRunLedger(artifactsDir);
+        ledger.runs.push(entry);
+        await writeJsonFile(tempPath, ledger);
+        await rename(tempPath, path);
+    }
+    finally {
+        await lockHandle.close();
+        await rm(ledgerLockPath(artifactsDir), { force: true });
+        await rm(tempPath, { force: true }).catch(() => undefined);
+    }
 }

package/dist/supervisor/sessionConfig.js

@@ -1,29 +1,29 @@
+import { join } from "node:path";
 import { readOptionalJsonFile } from "../io/json.js";
+import { formatValidationIssues, } from "../validation/basic.js";
 import { validateSessionConfig } from "../validation/sessionConfig.js";
 import { writeJsonFile } from "../io/json.js";
+const SESSION_CONFIG_FILENAME = "session-config.json";
+const DEFAULT_SESSION_CONFIG = { provider: "local-subprocess" };
 export function getSessionConfigPath(artifactsDir) {
-    return `${artifactsDir}/session-config.json`;
+    return join(artifactsDir, SESSION_CONFIG_FILENAME);
 }
 export async function readSessionConfigFile(artifactsDir) {
     return await readOptionalJsonFile(getSessionConfigPath(artifactsDir));
 }
-function formatValidationIssues(configPath, issues) {
-    const details = issues
-        .map((issue) => `- ${issue.path}: ${issue.message}`)
-        .join("\n");
-    return `Invalid ${configPath}:\n${details}`;
+function formatConfigValidationIssues(configPath, issues) {
+    return `Invalid ${configPath}:\n${formatValidationIssues(issues).replace(/^  /gm, "- ")}`;
 }
 export async function loadSessionConfig(artifactsDir) {
     const configPath = getSessionConfigPath(artifactsDir);
     const rawConfig = await readOptionalJsonFile(configPath);
     if (rawConfig === undefined) {
-        const defaultConfig = { provider: "local-subprocess" };
-        await writeJsonFile(configPath, defaultConfig);
-        return defaultConfig;
+        await writeJsonFile(configPath, DEFAULT_SESSION_CONFIG);
+        return { ...DEFAULT_SESSION_CONFIG };
     }
     const issues = validateSessionConfig(rawConfig);
     if (issues.length > 0) {
-        throw new Error(formatValidationIssues(configPath, issues));
+        throw new Error(formatConfigValidationIssues(configPath, issues));
     }
     return rawConfig;
 }

package/dist/types/externalAnalyzer.d.ts

@@ -1,3 +1,4 @@
+/** One normalized result imported from an external analyzer such as eslint or tsc. */
 export interface ExternalAnalyzerResultItem {
     id: string;
     category: string;
@@ -7,8 +8,10 @@ export interface ExternalAnalyzerResultItem {
     line_end?: number;
     summary: string;
     rule?: string;
+    /** Preserves the analyzer-native payload when consumers need original detail. */
     raw?: unknown;
 }
+/** Imported analyzer output captured at a single generation time. */
 export interface ExternalAnalyzerResults {
     tool: string;
     generated_at?: string;

package/dist/types/flowCoverage.d.ts

@@ -1,11 +1,15 @@
+export declare const FLOW_COVERAGE_STATUSES: readonly ["pending", "partial", "complete"];
+export type FlowCoverageStatus = (typeof FLOW_COVERAGE_STATUSES)[number];
+/** Coverage for one critical flow across the lenses the audit expects to see. */
 export interface FlowCoverageRecord {
     flow_id: string;
     paths: string[];
     required_lenses: string[];
     completed_lenses: string[];
-    status: "pending" | "partial" | "complete";
+    status: FlowCoverageStatus;
     notes?: string[];
 }
+/** Aggregated flow coverage written beside the critical flow manifest. */
 export interface FlowCoverageManifest {
     flows: FlowCoverageRecord[];
 }

package/dist/types/flowCoverage.js

@@ -1 +1,5 @@
-export {};
+export const FLOW_COVERAGE_STATUSES = [
+    "pending",
+    "partial",
+    "complete",
+];

package/dist/types/flows.d.ts

@@ -1,11 +1,17 @@
+export declare const FLOW_CONFIDENCE_LEVELS: readonly ["high", "low"];
+export type FlowConfidenceLevel = (typeof FLOW_CONFIDENCE_LEVELS)[number];
+/** A critical user or system flow that must be covered by the audit. */
 export interface CriticalFlow {
     id: string;
     name: string;
     entrypoints: string[];
     paths: string[];
     concerns: string[];
+    confidence?: FlowConfidenceLevel;
     notes?: string[];
 }
+/** The set of critical flows inferred from intake artifacts. */
 export interface CriticalFlowManifest {
     flows: CriticalFlow[];
+    fallback_required?: boolean;
 }

package/dist/types/flows.js

@@ -1 +1 @@
-export {};
+export const FLOW_CONFIDENCE_LEVELS = ["high", "low"];

package/dist/types/runLedger.d.ts

@@ -1,13 +1,17 @@
+export declare const RUN_LEDGER_STATUSES: readonly ["completed", "blocked", "failed", "no_progress"];
+export type RunLedgerStatus = (typeof RUN_LEDGER_STATUSES)[number];
+/** One persisted supervisor run entry, including the terminal worker outcome. */
 export interface RunLedgerEntry {
     run_id: string;
     provider: string;
     obligation_id: string | null;
     selected_executor: string | null;
-    status: "completed" | "blocked" | "failed" | "no_progress";
+    status: RunLedgerStatus;
     started_at: string;
     ended_at: string;
     result_path: string;
 }
+/** Append-only ledger used to explain how the audit advanced over time. */
 export interface RunLedger {
     runs: RunLedgerEntry[];
 }

package/dist/types/runLedger.js

@@ -1 +1,6 @@
-export {};
+export const RUN_LEDGER_STATUSES = [
+    "completed",
+    "blocked",
+    "failed",
+    "no_progress",
+];

package/dist/types/runtimeValidation.d.ts

@@ -1,23 +1,33 @@
-export type RuntimeValidationKind = "unit-risk-check" | "critical-flow-check";
+export declare const RUNTIME_VALIDATION_KINDS: readonly ["unit-risk-check", "critical-flow-check"];
+export type RuntimeValidationKind = (typeof RUNTIME_VALIDATION_KINDS)[number];
+export declare const RUNTIME_VALIDATION_PRIORITIES: readonly ["high", "medium", "low"];
+export type RuntimeValidationPriority = (typeof RUNTIME_VALIDATION_PRIORITIES)[number];
+export declare const RUNTIME_VALIDATION_STATUSES: readonly ["pending", "confirmed", "not_confirmed", "inconclusive", "not_required"];
+export type RuntimeValidationStatus = (typeof RUNTIME_VALIDATION_STATUSES)[number];
+/** A deterministic runtime check queued after static review highlights risk. */
 export interface RuntimeValidationTask {
     id: string;
     kind: RuntimeValidationKind;
     target_paths: string[];
     reason: string;
-    priority: "high" | "medium" | "low";
+    priority: RuntimeValidationPriority;
+    command?: string[];
     suggested_checks?: string[];
     source_artifacts?: string[];
 }
+/** Planner output for the runtime validation stage. */
 export interface RuntimeValidationTaskManifest {
     tasks: RuntimeValidationTask[];
 }
+/** Result recorded after a runtime validation task runs or is intentionally skipped. */
 export interface RuntimeValidationResult {
     task_id: string;
-    status: "pending" | "confirmed" | "not_confirmed" | "inconclusive";
+    status: RuntimeValidationStatus;
     summary: string;
     evidence?: string[];
     notes?: string[];
 }
+/** Persisted runtime validation outcomes keyed by generated task id. */
 export interface RuntimeValidationReport {
     results: RuntimeValidationResult[];
 }

package/dist/types/runtimeValidation.js

@@ -1 +1,16 @@
-export {};
+export const RUNTIME_VALIDATION_KINDS = [
+    "unit-risk-check",
+    "critical-flow-check",
+];
+export const RUNTIME_VALIDATION_PRIORITIES = [
+    "high",
+    "medium",
+    "low",
+];
+export const RUNTIME_VALIDATION_STATUSES = [
+    "pending",
+    "confirmed",
+    "not_confirmed",
+    "inconclusive",
+    "not_required",
+];

package/dist/types/sessionConfig.d.ts

@@ -1,5 +1,8 @@
-export type ProviderName = "auto" | "local-subprocess" | "subprocess-template" | "claude-code" | "opencode" | "vscode-task";
+export declare const PROVIDER_NAMES: readonly ["auto", "local-subprocess", "subprocess-template", "claude-code", "opencode", "vscode-task"];
+export type ProviderName = (typeof PROVIDER_NAMES)[number];
 export type ResolvedProviderName = Exclude<ProviderName, "auto">;
+export declare const SESSION_UI_MODES: readonly ["visible", "headless"];
+export type SessionUiMode = (typeof SESSION_UI_MODES)[number];
 export interface SubprocessTemplateConfig {
     command_template: string[];
     env?: Record<string, string>;
@@ -16,10 +19,20 @@ export interface VSCodeTaskConfig {
     command_template: string[];
     env?: Record<string, string>;
 }
+export declare const PROVIDER_SECTION_KEYS: {
+    readonly "subprocess-template": "subprocess_template";
+    readonly "claude-code": "claude_code";
+    readonly opencode: "opencode";
+    readonly "vscode-task": "vscode_task";
+};
+/**
+ * Provider names use CLI-friendly hyphenation, while nested provider config
+ * sections stay snake_case because they serialize directly into JSON files.
+ */
 export interface SessionConfig {
     provider?: ProviderName;
     timeout_ms?: number;
-    ui_mode?: "visible" | "headless";
+    ui_mode?: SessionUiMode;
     subprocess_template?: SubprocessTemplateConfig;
     claude_code?: ClaudeCodeConfig;
     opencode?: OpenCodeConfig;

package/dist/types/sessionConfig.js

@@ -1 +1,15 @@
-export {};
+export const PROVIDER_NAMES = [
+    "auto",
+    "local-subprocess",
+    "subprocess-template",
+    "claude-code",
+    "opencode",
+    "vscode-task",
+];
+export const SESSION_UI_MODES = ["visible", "headless"];
+export const PROVIDER_SECTION_KEYS = {
+    "subprocess-template": "subprocess_template",
+    "claude-code": "claude_code",
+    opencode: "opencode",
+    "vscode-task": "vscode_task",
+};

package/dist/types/surfaces.d.ts

@@ -1,4 +1,6 @@
-export type SurfaceKind = "interface" | "background";
+export declare const SURFACE_KINDS: readonly ["interface", "background"];
+export type SurfaceKind = (typeof SURFACE_KINDS)[number];
+/** Discovered execution surfaces that define where the product can be reached. */
 export interface SurfaceRecord {
     id: string;
     kind: SurfaceKind;
@@ -7,6 +9,7 @@ export interface SurfaceRecord {
     methods?: string[];
     notes?: string[];
 }
+/** Intake output that summarizes externally reachable product surfaces. */
 export interface SurfaceManifest {
     surfaces: SurfaceRecord[];
 }

package/dist/types/surfaces.js

@@ -1 +1 @@
-export {};
+export const SURFACE_KINDS = ["interface", "background"];

package/dist/types/workerSession.d.ts

@@ -1,3 +1,9 @@
+export declare const WORKER_COMMAND_MODES: readonly ["run", "deferred"];
+export type WorkerCommandMode = (typeof WORKER_COMMAND_MODES)[number];
+/**
+ * Worker tasks serialize directly to task.json, so their persisted field names
+ * intentionally stay snake_case for consistency across providers and bridges.
+ */
 export interface WorkerTask {
     contract_version: "audit-code-worker/v1alpha1";
     run_id: string;
@@ -11,7 +17,10 @@ export interface WorkerTask {
     pending_audit_tasks_path?: string;
     runtime_updates_path?: string;
     external_analyzer_results_path?: string;
+    worker_command_mode?: WorkerCommandMode;
+    /** @deprecated Prefer worker_command_mode: "deferred" for new task files. */
     skip_worker_command?: boolean;
     timeout_ms?: number;
     max_retries?: number;
 }
+export declare function usesDeferredWorkerCommand(task: Pick<WorkerTask, "worker_command_mode" | "skip_worker_command">): boolean;

package/dist/types/workerSession.js

@@ -1 +1,5 @@
-export {};
+export const WORKER_COMMAND_MODES = ["run", "deferred"];
+export function usesDeferredWorkerCommand(task) {
+    return (task.worker_command_mode === "deferred" ||
+        task.skip_worker_command === true);
+}

package/dist/types.d.ts

@@ -28,10 +28,9 @@ export interface AuditUnit {
 export interface UnitManifest {
     units: AuditUnit[];
 }
-export interface ReviewedLineRange {
+export interface FileCoverageRecord {
     path: string;
-    start: number;
-    end: number;
+    total_lines: number;
     pass_id: string;
     lens?: Lens;
     agent_role?: string;
@@ -94,11 +93,9 @@ export interface AuditResult {
     pass_id: string;
     lens: Lens;
     agent_role?: string;
-    reviewed_ranges: Array<{
+    file_coverage: Array<{
         path: string;
-        start: number;
-        end: number;
-        line_count: number;
+        total_lines: number;
     }>;
     findings: Finding[];
     notes?: string[];

package/dist/validation/artifacts.d.ts

@@ -1,3 +1,3 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
-import type { ValidationIssue } from "./basic.js";
+import { type ValidationIssue } from "./basic.js";
 export declare function validateArtifactBundle(bundle: ArtifactBundle): ValidationIssue[];