auditor-lambda 0.2.8 → 0.2.10

package/README.md

@@ -11,6 +11,7 @@ Normal product usage should:
 - use the active conversation model by default
 - use project files and attached repository context by default
 - avoid manual paths, provider flags, and model-selection arguments
+- keep semantic review with the active conversation agent by default
 - advance the audit automatically until it completes or no further automatic progress is possible
 
 ## Conversation Setup
@@ -86,6 +87,7 @@ This wrapper:
 - auto-builds `dist/` if it is missing
 - advances fresh worker sessions automatically until the audit completes or the remaining work requires imported results or an interactive provider
 - continues through provider-assisted audit review automatically when `.audit-artifacts/session-config.json` selects an interactive provider bridge
+- keeps those provider bridges as fallback compatibility modes rather than the primary product path
 - emits `contract_version: "audit-code/v1alpha1"`
 - refreshes `.audit-artifacts/operator-handoff.json` and `.audit-artifacts/operator-handoff.md` with suggested evidence-import paths and continuation hints
 
@@ -160,6 +162,7 @@ Optional backend config:
 - use `audit-code` from the repository root only when you need the repo-local backend fallback
 - use omitted provider or `local-subprocess` for the safest deterministic fallback behavior
 - use `provider: "auto"` only when you want best-effort routing across installed backends
+- treat explicit provider bridges as compatibility fallback, not as the intended owner of semantic review
 
 ## Implementation Next Steps
 
@@ -169,6 +172,7 @@ The next implementation work is tracked in:
 
 The short version is:
 
+- realign review dispatch around the conversation-owned, non-overlapping lens-block workflow
 - prove the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance in real host flows
 - tighten the repo-local MCP-first bootstrap where host smoke tests expose friction
 - polish provider-assisted continuation and failure guidance
@@ -186,6 +190,8 @@ For GitHub Actions publication and npm Trusted Publishing setup, see `docs/relea
 ## Key Docs
 
 - `docs/product-direction.md`
+- `docs/workflow-refactor-brief.md`
+- `docs/remediation-baseline.md`
 - `docs/releasing.md`
 - `docs/production-readiness.md`
 - `docs/production-launch-bar.md`

package/audit-code-wrapper-lib.mjs

@@ -2049,7 +2049,7 @@ async function installBootstrap(argv) {
 
   const sessionConfigPath = join(root, '.audit-artifacts', 'session-config.json');
   if (!(await fileExists(sessionConfigPath))) {
-    const defaultConfig = { provider: 'auto' };
+    const defaultConfig = { provider: 'local-subprocess' };
     await mkdir(dirname(sessionConfigPath), { recursive: true });
     await writeFile(sessionConfigPath, JSON.stringify(defaultConfig, null, 2) + '\n', 'utf8');
     results.push({ path: sessionConfigPath, mode: 'created' });

package/dist/adapters/eslint.js

@@ -1,12 +1,16 @@
 import { normalizeGenericExternalResults } from "./normalizeExternal.js";
 const ESLINT_SEVERITY_ERROR = 2;
 const ESLINT_SEVERITY_WARNING = 1;
+const ESLINT_SEVERITY_MAP = {
+    [ESLINT_SEVERITY_ERROR]: "medium",
+    [ESLINT_SEVERITY_WARNING]: "low",
+};
 function mapSeverity(value) {
-    if (value === ESLINT_SEVERITY_ERROR)
-        return "medium";
-    if (value === ESLINT_SEVERITY_WARNING)
-        return "low";
-    return "info";
+    // ESLint's JSON formatter emits 2 for errors and 1 for warnings.
+    if (typeof value !== "number") {
+        return "info";
+    }
+    return ESLINT_SEVERITY_MAP[value] ?? "info";
 }
 export function normalizeEslintJson(input) {
     return normalizeGenericExternalResults("eslint", input.flatMap((file) => (file.messages ?? []).map((message, index) => ({

package/dist/cli.d.ts

@@ -1 +1,42 @@
-export declare function runSample(): Promise<void>;
+import type { SessionConfig } from "./types/sessionConfig.js";
+type UiMode = "visible" | "headless";
+declare function getFlag(argv: string[], name: string, fallback?: string): string | undefined;
+declare function hasFlag(argv: string[], name: string): boolean;
+declare function getArtifactsDir(argv: string[]): string;
+declare function getRootDir(argv: string[]): string;
+declare function getBatchResultsDir(argv: string[]): string | undefined;
+declare function getMaxRuns(argv: string[]): number;
+declare function getAgentBatchSize(argv: string[], sessionConfig: SessionConfig): number;
+declare function getParallelWorkers(argv: string[], sessionConfig: SessionConfig): number;
+declare function getTimeoutMs(argv: string[], sessionConfig: SessionConfig): number;
+declare function chunkArray<T>(arr: T[], size: number): T[][];
+declare function getUiMode(argv: string[], fallback?: UiMode): UiMode;
+declare function countLines(path: string): Promise<number>;
+declare function looksLikeCliFlag(value: string | undefined): boolean;
+export declare const cliTestUtils: {
+    defaults: {
+        rootDir: string;
+        artifactsDir: string;
+        maxRuns: number;
+        agentBatchSize: number;
+        parallelWorkers: number;
+        timeoutMs: number;
+        uiMode: UiMode;
+    };
+    getFlag: typeof getFlag;
+    hasFlag: typeof hasFlag;
+    getArtifactsDir: typeof getArtifactsDir;
+    getRootDir: typeof getRootDir;
+    getBatchResultsDir: typeof getBatchResultsDir;
+    getMaxRuns: typeof getMaxRuns;
+    getAgentBatchSize: typeof getAgentBatchSize;
+    getParallelWorkers: typeof getParallelWorkers;
+    getTimeoutMs: typeof getTimeoutMs;
+    chunkArray: typeof chunkArray;
+    getUiMode: typeof getUiMode;
+    looksLikeCliFlag: typeof looksLikeCliFlag;
+    countLines: typeof countLines;
+};
+export declare function runSample(argv?: string[]): Promise<void>;
+export declare function runCli(argv: string[]): Promise<void>;
+export {};

package/dist/cli.js

@@ -1,6 +1,7 @@
 import { access, mkdir, readdir, rename } from "node:fs/promises";
 import { createReadStream } from "node:fs";
 import { basename, dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
 import { buildRepoManifest } from "./extractors/fileInventory.js";
 import { buildFileDisposition } from "./extractors/disposition.js";
 import { buildCriticalFlowManifest } from "./extractors/flows.js";
@@ -13,6 +14,7 @@ import { loadArtifactBundle, writeCoreArtifacts, promoteFinalAuditReport, } from
 import { readJsonFile, writeJsonFile } from "./io/json.js";
 import { validateArtifactBundle } from "./validation/artifacts.js";
 import { validateAuditResults, formatAuditResultIssues, } from "./validation/auditResults.js";
+import { prefixValidationIssues } from "./validation/basic.js";
 import { validateConfiguredProviderEnvironment, validateSessionConfig, } from "./validation/sessionConfig.js";
 import { buildAuditReportModel, renderAuditReportMarkdown, } from "./reporting/synthesis.js";
 import { deriveAuditState } from "./orchestrator/state.js";
@@ -28,78 +30,101 @@ import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "./providers/constants.js";
 import { runAuditCodeMcpServer } from "./mcp/server.js";
 const ADVANCE_AUDIT_CONTRACT_VERSION = "audit-code/v1alpha1";
 const WORKER_RESULT_CONTRACT_VERSION = "audit-code-worker-result/v1alpha1";
-const DEFAULT_MAX_RUNS = 1000;
-const DEFAULT_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
-const sampleFiles = [
+const DIRECT_CLI_DEFAULTS = {
+    rootDir: ".",
+    artifactsDir: ".artifacts",
+    maxRuns: 1000,
+    agentBatchSize: 1,
+    parallelWorkers: 1,
+    timeoutMs: 30 * 60 * 1000, // 30 minutes
+    uiMode: "headless",
+};
+// Keep the sample-run payload explicit so the demo command is deterministic.
+const SAMPLE_REPO_FILES = [
     { path: "src/api/auth.ts", size_bytes: 1240, hash: "abc123" },
     { path: "src/lib/session.ts", size_bytes: 980, hash: "def456" },
     { path: "infra/deploy.yml", size_bytes: 420, hash: "ghi789" },
     { path: "docs/notes.md", size_bytes: 300, hash: "doc111" },
 ];
+function isLongFlagToken(value) {
+    return typeof value === "string" && value.startsWith("--");
+}
+// Read a long-form CLI flag while treating a following flag token as "missing".
 function getFlag(argv, name, fallback) {
     const index = argv.indexOf(name);
-    if (index >= 0 && argv[index + 1])
-        return argv[index + 1];
-    return fallback;
+    if (index < 0)
+        return fallback;
+    const candidate = argv[index + 1];
+    if (!candidate || isLongFlagToken(candidate))
+        return fallback;
+    return candidate;
 }
+// Boolean flags only care whether the token is present at all.
 function hasFlag(argv, name) {
     return argv.includes(name);
 }
+function resolveFlagPath(argv, name, fallback) {
+    return resolve(getFlag(argv, name, fallback));
+}
+function normalizePositiveInteger(value) {
+    if (typeof value !== "number" || !Number.isFinite(value) || value <= 0) {
+        return undefined;
+    }
+    return Math.floor(value);
+}
+function parsePositiveIntegerFlag(argv, name) {
+    const raw = getFlag(argv, name);
+    if (raw === undefined) {
+        return undefined;
+    }
+    return normalizePositiveInteger(Number(raw));
+}
 function getArtifactsDir(argv) {
-    return resolve(getFlag(argv, "--artifacts-dir", ".artifacts"));
+    return resolveFlagPath(argv, "--artifacts-dir", DIRECT_CLI_DEFAULTS.artifactsDir);
 }
 function getRootDir(argv) {
-    return resolve(getFlag(argv, "--root", "."));
+    return resolveFlagPath(argv, "--root", DIRECT_CLI_DEFAULTS.rootDir);
 }
 function getBatchResultsDir(argv) {
     const value = getFlag(argv, "--batch-results");
     return value ? resolve(value) : undefined;
 }
 function getMaxRuns(argv) {
-    const raw = Number(getFlag(argv, "--max-runs", String(DEFAULT_MAX_RUNS)));
-    return Number.isFinite(raw) && raw > 0 ? Math.floor(raw) : DEFAULT_MAX_RUNS;
+    return parsePositiveIntegerFlag(argv, "--max-runs") ?? DIRECT_CLI_DEFAULTS.maxRuns;
 }
 function getAgentBatchSize(argv, sessionConfig) {
-    const fromArg = getFlag(argv, "--agent-batch-size");
-    if (fromArg !== undefined) {
-        const parsed = Number(fromArg);
-        if (Number.isFinite(parsed) && parsed > 0)
-            return Math.floor(parsed);
-    }
-    if (typeof sessionConfig.agent_task_batch_size === "number" && sessionConfig.agent_task_batch_size > 0) {
-        return Math.floor(sessionConfig.agent_task_batch_size);
-    }
-    return 1;
+    return (parsePositiveIntegerFlag(argv, "--agent-batch-size") ??
+        normalizePositiveInteger(sessionConfig.agent_task_batch_size) ??
+        DIRECT_CLI_DEFAULTS.agentBatchSize);
 }
 function getParallelWorkers(argv, sessionConfig) {
-    const fromArg = getFlag(argv, "--parallel");
-    if (fromArg !== undefined) {
-        const parsed = Number(fromArg);
-        if (Number.isFinite(parsed) && parsed > 0)
-            return Math.floor(parsed);
-    }
-    if (typeof sessionConfig.parallel_workers === "number" && sessionConfig.parallel_workers > 0) {
-        return Math.floor(sessionConfig.parallel_workers);
-    }
-    return 1;
+    return (parsePositiveIntegerFlag(argv, "--parallel") ??
+        normalizePositiveInteger(sessionConfig.parallel_workers) ??
+        DIRECT_CLI_DEFAULTS.parallelWorkers);
 }
 function getTimeoutMs(argv, sessionConfig) {
-    const fromArg = getFlag(argv, "--timeout");
-    if (fromArg !== undefined) {
-        const parsed = Number(fromArg);
-        if (Number.isFinite(parsed) && parsed > 0)
-            return Math.floor(parsed);
-    }
-    return sessionConfig.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+    return (parsePositiveIntegerFlag(argv, "--timeout") ??
+        normalizePositiveInteger(sessionConfig.timeout_ms) ??
+        DIRECT_CLI_DEFAULTS.timeoutMs);
+}
+function getExplicitProvider(argv) {
+    return getFlag(argv, "--provider");
+}
+function resolveRunProviderName(argv, sessionConfig) {
+    return resolveFreshSessionProviderName(getExplicitProvider(argv) ?? LOCAL_SUBPROCESS_PROVIDER_NAME, sessionConfig);
 }
 function chunkArray(arr, size) {
+    const chunkSize = normalizePositiveInteger(size);
+    if (chunkSize === undefined) {
+        throw new Error("chunkArray size must be a positive integer.");
+    }
     const chunks = [];
-    for (let i = 0; i < arr.length; i += size) {
-        chunks.push(arr.slice(i, i + size));
+    for (let i = 0; i < arr.length; i += chunkSize) {
+        chunks.push(arr.slice(i, i + chunkSize));
     }
     return chunks;
 }
-function getUiMode(argv, fallback = "headless") {
+function getUiMode(argv, fallback = DIRECT_CLI_DEFAULTS.uiMode) {
     const raw = getFlag(argv, "--ui");
     if (raw === "visible")
         return "visible";
@@ -144,18 +169,11 @@ async function emitEnvelope(params) {
 }
 function buildManualReviewBlocker(providerName) {
     return providerName === LOCAL_SUBPROCESS_PROVIDER_NAME
-        ? "Automatic local-subprocess work is exhausted. Remaining audit tasks require explicit audit results or an interactive provider such as claude-code, opencode, or subprocess-template."
+        ? "Automatic backend steps are exhausted. Remaining semantic review now belongs to the active conversation agent. Review the dispatched files, write structured audit results, and ingest them with audit-code --results <file> or audit-code --batch-results <dir>. If you intentionally want a backend bridge instead, re-run audit-code with --provider auto, --provider claude-code, --provider opencode, --provider subprocess-template, or --provider vscode-task."
         : "Automatic work is exhausted. Remaining audit tasks require explicit audit results or an interactive provider.";
 }
-function prefixValidationIssues(prefix, issues) {
-    return issues.map((issue) => ({
-        path: issue.path.length === 0
-            ? prefix
-            : issue.path === prefix || issue.path.startsWith(`${prefix}.`)
-                ? issue.path
-                : `${prefix}.${issue.path}`,
-        message: issue.message,
-    }));
+function shouldRunInlineExecutor(selectedExecutor) {
+    return selectedExecutor !== null && selectedExecutor !== "agent";
 }
 function buildBlockedAuditState(params) {
     return {
@@ -279,8 +297,24 @@ function buildWorkerFailureBlocker(workerResult) {
         : workerResult.summary;
 }
 function looksLikeCliFlag(value) {
-    return typeof value === "string" && value.startsWith("--");
+    return isLongFlagToken(value);
 }
+export const cliTestUtils = {
+    defaults: DIRECT_CLI_DEFAULTS,
+    getFlag,
+    hasFlag,
+    getArtifactsDir,
+    getRootDir,
+    getBatchResultsDir,
+    getMaxRuns,
+    getAgentBatchSize,
+    getParallelWorkers,
+    getTimeoutMs,
+    chunkArray,
+    getUiMode,
+    looksLikeCliFlag,
+    countLines,
+};
 async function maybeArchiveLegacyPendingResults(auditResultsPath) {
     if (!auditResultsPath || basename(auditResultsPath) !== "worker_results_pending.json") {
         return undefined;
@@ -388,8 +422,8 @@ function isWorkerResult(value) {
         value.contract_version ===
             WORKER_RESULT_CONTRACT_VERSION);
 }
-export async function runSample() {
-    const repoManifest = buildRepoManifest("sample-repo", sampleFiles);
+export async function runSample(argv = process.argv) {
+    const repoManifest = buildRepoManifest("sample-repo", SAMPLE_REPO_FILES);
     const disposition = buildFileDisposition(repoManifest);
     const unitManifest = buildUnitManifest(repoManifest, disposition);
     const surfaceManifest = buildSurfaceManifest(repoManifest, disposition);
@@ -444,7 +478,7 @@ export async function runSample() {
         audit_results: sampleResults,
         audit_report: auditReport,
     });
-    const artifactsDir = getArtifactsDir(process.argv);
+    const artifactsDir = getArtifactsDir(argv);
     await mkdir(artifactsDir, { recursive: true });
     await writeCoreArtifacts(artifactsDir, {
         repo_manifest: repoManifest,
@@ -466,7 +500,7 @@ async function cmdAdvanceAudit(argv) {
     const root = getRootDir(argv);
     const artifactsDir = getArtifactsDir(argv);
     const sessionConfig = await loadSessionConfig(artifactsDir);
-    const providerName = resolveFreshSessionProviderName(getFlag(argv, "--provider"), sessionConfig);
+    const providerName = resolveRunProviderName(argv, sessionConfig);
     const batchResultsDir = getBatchResultsDir(argv);
     if (batchResultsDir && getFlag(argv, "--results")) {
         throw new Error("Use either --results <file> or --batch-results <dir>, not both.");
@@ -532,13 +566,14 @@ async function cmdRunToCompletion(argv) {
     const root = getRootDir(argv);
     const artifactsDir = getArtifactsDir(argv);
     const sessionConfig = await loadSessionConfig(artifactsDir);
-    const provider = createFreshSessionProvider(getFlag(argv, "--provider"), sessionConfig);
+    const explicitProvider = getExplicitProvider(argv);
+    const provider = createFreshSessionProvider(explicitProvider ?? LOCAL_SUBPROCESS_PROVIDER_NAME, sessionConfig);
     const uiMode = getUiMode(argv, sessionConfig.ui_mode ?? "headless");
     const maxRuns = getMaxRuns(argv);
     const agentBatchSize = getAgentBatchSize(argv, sessionConfig);
     const parallelWorkers = getParallelWorkers(argv, sessionConfig);
     const timeoutMs = getTimeoutMs(argv, sessionConfig);
-    const selfCliPath = resolve(process.argv[1] ?? "");
+    const selfCliPath = resolve(argv[1] ?? process.argv[1] ?? "");
     await mkdir(artifactsDir, { recursive: true });
     await ensureSupervisorDirs(artifactsDir);
     const batchResultsDir = getBatchResultsDir(argv);
@@ -646,6 +681,8 @@ async function cmdRunToCompletion(argv) {
                 ],
                 audit_results_path: blockAuditResultsPath,
                 pending_audit_tasks_path: blockPendingTasksPath,
+                timeout_ms: timeoutMs,
+                max_retries: 0,
             };
             const blockPrompt = renderWorkerPrompt(blockTask);
             await writeWorkerTaskFiles(blockTask, blockPrompt, blockPaths, artifactsDir, blockPendingTasks);
@@ -716,7 +753,9 @@ async function cmdRunToCompletion(argv) {
                     worker_command: [process.execPath, selfCliPath, "worker-run", "--task", slotPaths.taskPath],
                     audit_results_path: slotAuditResultsPath,
                     pending_audit_tasks_path: slotPendingTasksPath,
-                    skip_worker_command: true,
+                    worker_command_mode: "deferred",
+                    timeout_ms: timeoutMs,
+                    max_retries: 0,
                 };
                 const slotPrompt = renderWorkerPrompt(slotTask);
                 await writeWorkerTaskFiles(slotTask, slotPrompt, slotPaths, artifactsDir, group);
@@ -860,6 +899,124 @@ async function cmdRunToCompletion(argv) {
         runCount += 1;
         const runId = buildRunId(obligationId, runCount);
         const paths = getRunPaths(artifactsDir, runId);
+        if (shouldRunInlineExecutor(preferredExecutor)) {
+            await clearDispatchFiles(artifactsDir);
+            const startedAt = new Date().toISOString();
+            let workerResult;
+            try {
+                const result = await runAuditStep({
+                    root,
+                    artifactsDir,
+                    preferredExecutor,
+                    auditResultsPath,
+                    runtimeUpdatesPath,
+                    externalAnalyzerPath,
+                });
+                workerResult = {
+                    contract_version: WORKER_RESULT_CONTRACT_VERSION,
+                    run_id: runId,
+                    obligation_id: obligationId,
+                    status: result.progress_made ? "completed" : "no_progress",
+                    progress_made: result.progress_made,
+                    selected_executor: result.selected_executor,
+                    artifacts_written: result.artifacts_written,
+                    summary: result.progress_summary,
+                    next_likely_step: result.next_likely_step,
+                    errors: [],
+                };
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                workerResult = {
+                    contract_version: WORKER_RESULT_CONTRACT_VERSION,
+                    run_id: runId,
+                    obligation_id: obligationId,
+                    status: "failed",
+                    progress_made: false,
+                    selected_executor: preferredExecutor,
+                    artifacts_written: [],
+                    summary: `Inline executor failed for ${preferredExecutor}: ${message}`,
+                    next_likely_step: decision.selected_obligation,
+                    errors: [message],
+                };
+            }
+            await writeJsonFile(paths.resultPath, workerResult);
+            await writeJsonFile(paths.statusPath, {
+                run_id: runId,
+                status: workerResult.status,
+                execution_mode: "inline",
+            });
+            await appendRunLedgerEntry(artifactsDir, {
+                run_id: runId,
+                provider: provider.name,
+                obligation_id: obligationId,
+                selected_executor: workerResult.selected_executor,
+                status: workerResult.status,
+                started_at: startedAt,
+                ended_at: new Date().toISOString(),
+                result_path: paths.resultPath,
+            });
+            lastResult = workerResult;
+            if (workerResult.progress_made) {
+                anyProgress = true;
+            }
+            for (const artifact of workerResult.artifacts_written) {
+                artifactsWritten.add(artifact);
+            }
+            artifactsWritten.add("run-ledger.json");
+            if (externalAnalyzerPath)
+                pendingExternalAnalyzerPath = undefined;
+            if (auditResultsPath &&
+                pendingBatchAuditResults[0] === auditResultsPath &&
+                preferredExecutor === "result_ingestion_executor" &&
+                workerResult.status !== "failed" &&
+                workerResult.status !== "blocked") {
+                pendingBatchAuditResults.shift();
+            }
+            if (auditResultsPath)
+                pendingAuditResultsPath = undefined;
+            if (runtimeUpdatesPath)
+                pendingRuntimeUpdatesPath = undefined;
+            if (workerResult.status === "failed" ||
+                workerResult.status === "blocked" ||
+                workerResult.status === "no_progress") {
+                const bundleAfter = await loadArtifactBundle(artifactsDir);
+                const shouldBlock = workerResult.status === "failed" || workerResult.status === "blocked";
+                const state = shouldBlock
+                    ? buildBlockedAuditState({
+                        state: bundleAfter.audit_state ?? deriveAuditState(bundleAfter),
+                        obligationId: workerResult.obligation_id,
+                        executor: workerResult.selected_executor,
+                        blocker: buildWorkerFailureBlocker(workerResult),
+                    })
+                    : bundleAfter.audit_state ?? deriveAuditState(bundleAfter);
+                if (shouldBlock) {
+                    await writeCoreArtifacts(artifactsDir, {
+                        ...bundleAfter,
+                        audit_state: state,
+                    });
+                }
+                await emitEnvelope({
+                    root,
+                    artifactsDir,
+                    bundle: shouldBlock
+                        ? { ...bundleAfter, audit_state: state }
+                        : bundleAfter,
+                    audit_state: state,
+                    selected_obligation: workerResult.obligation_id,
+                    selected_executor: workerResult.selected_executor,
+                    progress_made: anyProgress,
+                    artifacts_written: Array.from(shouldBlock
+                        ? new Set([...artifactsWritten, "audit_state.json"])
+                        : artifactsWritten),
+                    progress_summary: buildWorkerFailureBlocker(workerResult),
+                    next_likely_step: shouldBlock ? null : workerResult.next_likely_step,
+                    providerName: provider.name,
+                });
+                return;
+            }
+            continue;
+        }
         const pendingAuditTasks = preferredExecutor === "agent"
             ? buildPendingAuditTasks(bundle).slice(0, agentBatchSize)
             : undefined;
@@ -888,6 +1045,8 @@ async function cmdRunToCompletion(argv) {
             pending_audit_tasks_path: pendingAuditTasksPath,
             runtime_updates_path: runtimeUpdatesPath,
             external_analyzer_results_path: externalAnalyzerPath,
+            timeout_ms: timeoutMs,
+            max_retries: 0,
         };
         const prompt = renderWorkerPrompt(task);
         await writeWorkerTaskFiles(task, prompt, paths, artifactsDir, pendingAuditTasks);
@@ -1317,7 +1476,7 @@ async function main(argv) {
     const command = argv[2] ?? "sample-run";
     switch (command) {
         case "sample-run":
-            await runSample();
+            await runSample(argv);
             return;
         case "advance-audit":
             await cmdAdvanceAudit(argv);
@@ -1367,7 +1526,19 @@ async function main(argv) {
             process.exitCode = 1;
     }
 }
-await main(process.argv).catch((error) => {
-    console.error(error instanceof Error ? error.message : String(error));
-    process.exitCode = 1;
-});
+export async function runCli(argv) {
+    await main(argv).catch((error) => {
+        console.error(error instanceof Error ? error.message : String(error));
+        process.exitCode = 1;
+    });
+}
+function isDirectCliExecution(argv) {
+    const entryPath = argv[1];
+    if (!entryPath) {
+        return false;
+    }
+    return resolve(entryPath) === fileURLToPath(import.meta.url);
+}
+if (isDirectCliExecution(process.argv)) {
+    await runCli(process.argv);
+}

package/dist/extractors/bucketing.d.ts

@@ -4,4 +4,8 @@ export interface BucketAssignment {
     buckets: FileBucket[];
     rationale: string[];
 }
+/**
+ * Buckets files using the shared extractor heuristics so intake stays
+ * consistent across OS-specific path separators and mixed-case manifests.
+ */
 export declare function bucketFile(path: string): BucketAssignment;

package/dist/extractors/bucketing.js

@@ -1,12 +1,16 @@
-import { isNodeModulesOrGit, isTestPath, isInterfacePath, isDataLayerPath, isSecuritySensitivePath, isConcurrencyPath, isScriptPath, isDeploymentConfigPath, isDocPath, isGeneratedPath, } from "./pathPatterns.js";
+import { isNodeModulesOrGit, isTestPath, isInterfacePath, isDataLayerPath, isSecuritySensitivePath, isConcurrencyPath, isScriptPath, isDeploymentConfigPath, isDocPath, isGeneratedPath, normalizeExtractorPath, } from "./pathPatterns.js";
 function addBucket(buckets, rationale, bucket, reason) {
     if (!buckets.has(bucket)) {
         buckets.add(bucket);
         rationale.push(reason);
     }
 }
+/**
+ * Buckets files using the shared extractor heuristics so intake stays
+ * consistent across OS-specific path separators and mixed-case manifests.
+ */
 export function bucketFile(path) {
-    const normalized = path.toLowerCase();
+    const normalized = normalizeExtractorPath(path);
     const buckets = new Set();
     const rationale = [];
     if (isNodeModulesOrGit(normalized)) {

package/dist/extractors/disposition.d.ts

@@ -1,4 +1,8 @@
 import type { RepoManifest } from "../types.js";
 import type { FileDisposition, FileDispositionStatus } from "../types/disposition.js";
+/**
+ * Applies shared path heuristics to mark files that should be excluded or
+ * down-scoped before audit planning begins.
+ */
 export declare function buildFileDisposition(repoManifest: RepoManifest): FileDisposition;
 export declare function isAuditExcludedStatus(status: FileDispositionStatus): boolean;

package/dist/extractors/disposition.js

@@ -1,6 +1,6 @@
-import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, } from "./pathPatterns.js";
+import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, normalizeExtractorPath, } from "./pathPatterns.js";
 function inferDisposition(path) {
-    const normalized = path.toLowerCase();
+    const normalized = normalizeExtractorPath(path);
     if (isNodeModulesOrGit(normalized)) {
         return { path, status: "excluded", reason: "node_modules or .git excluded by convention." };
     }
@@ -35,6 +35,10 @@ function inferDisposition(path) {
         reason: "Default included source or config artifact.",
     };
 }
+/**
+ * Applies shared path heuristics to mark files that should be excluded or
+ * down-scoped before audit planning begins.
+ */
 export function buildFileDisposition(repoManifest) {
     return {
         files: repoManifest.files.map((file) => inferDisposition(file.path)),