auditor-lambda 0.2.9 → 0.2.10

package/dist/cli.js

@@ -169,9 +169,12 @@ async function emitEnvelope(params) {
 }
 function buildManualReviewBlocker(providerName) {
     return providerName === LOCAL_SUBPROCESS_PROVIDER_NAME
-        ? "Automatic backend steps are exhausted. Remaining semantic review now belongs to the active conversation agent. Review the dispatched files, write structured audit results, and run the generated worker command to ingest them. If you intentionally want a backend bridge instead, re-run audit-code with --provider auto, --provider claude-code, --provider opencode, --provider subprocess-template, or --provider vscode-task."
+        ? "Automatic backend steps are exhausted. Remaining semantic review now belongs to the active conversation agent. Review the dispatched files, write structured audit results, and ingest them with audit-code --results <file> or audit-code --batch-results <dir>. If you intentionally want a backend bridge instead, re-run audit-code with --provider auto, --provider claude-code, --provider opencode, --provider subprocess-template, or --provider vscode-task."
         : "Automatic work is exhausted. Remaining audit tasks require explicit audit results or an interactive provider.";
 }
+function shouldRunInlineExecutor(selectedExecutor) {
+    return selectedExecutor !== null && selectedExecutor !== "agent";
+}
 function buildBlockedAuditState(params) {
     return {
         ...params.state,
@@ -896,6 +899,124 @@ async function cmdRunToCompletion(argv) {
         runCount += 1;
         const runId = buildRunId(obligationId, runCount);
         const paths = getRunPaths(artifactsDir, runId);
+        if (shouldRunInlineExecutor(preferredExecutor)) {
+            await clearDispatchFiles(artifactsDir);
+            const startedAt = new Date().toISOString();
+            let workerResult;
+            try {
+                const result = await runAuditStep({
+                    root,
+                    artifactsDir,
+                    preferredExecutor,
+                    auditResultsPath,
+                    runtimeUpdatesPath,
+                    externalAnalyzerPath,
+                });
+                workerResult = {
+                    contract_version: WORKER_RESULT_CONTRACT_VERSION,
+                    run_id: runId,
+                    obligation_id: obligationId,
+                    status: result.progress_made ? "completed" : "no_progress",
+                    progress_made: result.progress_made,
+                    selected_executor: result.selected_executor,
+                    artifacts_written: result.artifacts_written,
+                    summary: result.progress_summary,
+                    next_likely_step: result.next_likely_step,
+                    errors: [],
+                };
+            }
+            catch (error) {
+                const message = error instanceof Error ? error.message : String(error);
+                workerResult = {
+                    contract_version: WORKER_RESULT_CONTRACT_VERSION,
+                    run_id: runId,
+                    obligation_id: obligationId,
+                    status: "failed",
+                    progress_made: false,
+                    selected_executor: preferredExecutor,
+                    artifacts_written: [],
+                    summary: `Inline executor failed for ${preferredExecutor}: ${message}`,
+                    next_likely_step: decision.selected_obligation,
+                    errors: [message],
+                };
+            }
+            await writeJsonFile(paths.resultPath, workerResult);
+            await writeJsonFile(paths.statusPath, {
+                run_id: runId,
+                status: workerResult.status,
+                execution_mode: "inline",
+            });
+            await appendRunLedgerEntry(artifactsDir, {
+                run_id: runId,
+                provider: provider.name,
+                obligation_id: obligationId,
+                selected_executor: workerResult.selected_executor,
+                status: workerResult.status,
+                started_at: startedAt,
+                ended_at: new Date().toISOString(),
+                result_path: paths.resultPath,
+            });
+            lastResult = workerResult;
+            if (workerResult.progress_made) {
+                anyProgress = true;
+            }
+            for (const artifact of workerResult.artifacts_written) {
+                artifactsWritten.add(artifact);
+            }
+            artifactsWritten.add("run-ledger.json");
+            if (externalAnalyzerPath)
+                pendingExternalAnalyzerPath = undefined;
+            if (auditResultsPath &&
+                pendingBatchAuditResults[0] === auditResultsPath &&
+                preferredExecutor === "result_ingestion_executor" &&
+                workerResult.status !== "failed" &&
+                workerResult.status !== "blocked") {
+                pendingBatchAuditResults.shift();
+            }
+            if (auditResultsPath)
+                pendingAuditResultsPath = undefined;
+            if (runtimeUpdatesPath)
+                pendingRuntimeUpdatesPath = undefined;
+            if (workerResult.status === "failed" ||
+                workerResult.status === "blocked" ||
+                workerResult.status === "no_progress") {
+                const bundleAfter = await loadArtifactBundle(artifactsDir);
+                const shouldBlock = workerResult.status === "failed" || workerResult.status === "blocked";
+                const state = shouldBlock
+                    ? buildBlockedAuditState({
+                        state: bundleAfter.audit_state ?? deriveAuditState(bundleAfter),
+                        obligationId: workerResult.obligation_id,
+                        executor: workerResult.selected_executor,
+                        blocker: buildWorkerFailureBlocker(workerResult),
+                    })
+                    : bundleAfter.audit_state ?? deriveAuditState(bundleAfter);
+                if (shouldBlock) {
+                    await writeCoreArtifacts(artifactsDir, {
+                        ...bundleAfter,
+                        audit_state: state,
+                    });
+                }
+                await emitEnvelope({
+                    root,
+                    artifactsDir,
+                    bundle: shouldBlock
+                        ? { ...bundleAfter, audit_state: state }
+                        : bundleAfter,
+                    audit_state: state,
+                    selected_obligation: workerResult.obligation_id,
+                    selected_executor: workerResult.selected_executor,
+                    progress_made: anyProgress,
+                    artifacts_written: Array.from(shouldBlock
+                        ? new Set([...artifactsWritten, "audit_state.json"])
+                        : artifactsWritten),
+                    progress_summary: buildWorkerFailureBlocker(workerResult),
+                    next_likely_step: shouldBlock ? null : workerResult.next_likely_step,
+                    providerName: provider.name,
+                });
+                return;
+            }
+            continue;
+        }
         const pendingAuditTasks = preferredExecutor === "agent"
             ? buildPendingAuditTasks(bundle).slice(0, agentBatchSize)
             : undefined;

package/dist/orchestrator/autoFixExecutor.js

@@ -1,13 +1,9 @@
-import { execSync } from "node:child_process";
+import { join } from "node:path";
 import { isAuditExcludedStatus } from "../extractors/disposition.js";
-function tryRunConfiguredFormatter(root, command) {
-    try {
-        execSync(command, { cwd: root, stdio: "ignore", windowsHide: true });
-        return true;
-    }
-    catch (e) {
-        return false;
-    }
+import { resolveNodeTool, runFirstAvailableCommand, } from "./localCommands.js";
+function tryRunConfiguredFormatter(root, candidates) {
+    const result = runFirstAvailableCommand(root, candidates);
+    return result !== null && !result.error && result.exitCode === 0;
 }
 export function runAutoFixExecutor(bundle, root) {
     if (!bundle.file_disposition) {
@@ -28,24 +24,45 @@ export function runAutoFixExecutor(bundle, root) {
         extensions.has("js") ||
         extensions.has("tsx") ||
         extensions.has("jsx")) {
-        if (tryRunConfiguredFormatter(root, "npx prettier --write ."))
+        if (tryRunConfiguredFormatter(root, [
+            ...resolveNodeTool(root, join("node_modules", "prettier", "bin", "prettier.cjs"), ["--write", "."], "prettier --write ."),
+            { command: "prettier", args: ["--write", "."], display: "prettier --write ." },
+        ]))
             executedTools.push("prettier");
-        if (tryRunConfiguredFormatter(root, "npx eslint --fix ."))
+        if (tryRunConfiguredFormatter(root, [
+            ...resolveNodeTool(root, join("node_modules", "eslint", "bin", "eslint.js"), ["--fix", "."], "eslint --fix ."),
+            { command: "eslint", args: ["--fix", "."], display: "eslint --fix ." },
+        ]))
             executedTools.push("eslint");
     }
     // Python
     if (extensions.has("py")) {
-        if (tryRunConfiguredFormatter(root, "black .") ||
-            tryRunConfiguredFormatter(root, "python -m black .")) {
+        if (tryRunConfiguredFormatter(root, [
+            { command: "black", args: ["."], display: "black ." },
+            { command: "python", args: ["-m", "black", "."], display: "python -m black ." },
+        ])) {
             executedTools.push("black");
         }
-        if (tryRunConfiguredFormatter(root, "autopep8 --in-place --recursive .")) {
+        if (tryRunConfiguredFormatter(root, [
+            {
+                command: "autopep8",
+                args: ["--in-place", "--recursive", "."],
+                display: "autopep8 --in-place --recursive .",
+            },
+            {
+                command: "python",
+                args: ["-m", "autopep8", "--in-place", "--recursive", "."],
+                display: "python -m autopep8 --in-place --recursive .",
+            },
+        ])) {
             executedTools.push("autopep8");
         }
     }
     // Go
     if (extensions.has("go")) {
-        if (tryRunConfiguredFormatter(root, "gofmt -w ."))
+        if (tryRunConfiguredFormatter(root, [
+            { command: "gofmt", args: ["-w", "."], display: "gofmt -w ." },
+        ]))
             executedTools.push("gofmt");
     }
     const resultsArtifact = {

package/dist/orchestrator/localCommands.d.ts

@@ -0,0 +1,14 @@
+export interface LocalCommandCandidate {
+    command: string;
+    args: string[];
+    display?: string;
+}
+export interface LocalCommandResult {
+    candidate: LocalCommandCandidate;
+    exitCode: number | null;
+    stdout: string;
+    stderr: string;
+    error?: Error;
+}
+export declare function runFirstAvailableCommand(root: string, candidates: LocalCommandCandidate[]): LocalCommandResult | null;
+export declare function resolveNodeTool(root: string, relativePath: string, args: string[], display: string): LocalCommandCandidate[];

package/dist/orchestrator/localCommands.js

@@ -0,0 +1,124 @@
+import { existsSync } from "node:fs";
+import { spawnSync } from "node:child_process";
+import { delimiter, isAbsolute, join } from "node:path";
+function isWindowsBatchCommand(path) {
+    return process.platform === "win32" && /\.(cmd|bat)$/i.test(path);
+}
+function quoteForCmd(arg) {
+    if (arg.length === 0)
+        return '""';
+    if (!/[\s"]/u.test(arg))
+        return arg;
+    return `"${arg.replace(/"/g, '""')}"`;
+}
+function toSpawnTuple(candidate) {
+    if (!isWindowsBatchCommand(candidate.command)) {
+        return {
+            command: candidate.command,
+            args: candidate.args,
+        };
+    }
+    return {
+        command: process.env.ComSpec ?? "cmd.exe",
+        args: [
+            "/d",
+            "/s",
+            "/c",
+            [candidate.command, ...candidate.args].map(quoteForCmd).join(" "),
+        ],
+    };
+}
+function resolveFromPath(command) {
+    if (command.trim().length === 0) {
+        return null;
+    }
+    if (command.includes("\\") ||
+        command.includes("/") ||
+        isAbsolute(command)) {
+        return existsSync(command) ? command : null;
+    }
+    const pathValue = process.env.PATH ?? "";
+    const pathEntries = pathValue
+        .split(delimiter)
+        .map((entry) => entry.trim())
+        .filter((entry) => entry.length > 0);
+    const extensions = process.platform === "win32"
+        ? (process.env.PATHEXT ?? ".COM;.EXE;.BAT;.CMD")
+            .split(";")
+            .map((ext) => ext.toLowerCase())
+        : [""];
+    for (const dir of pathEntries) {
+        const directPath = join(dir, command);
+        if (existsSync(directPath)) {
+            return directPath;
+        }
+        for (const ext of extensions) {
+            const candidatePath = join(dir, `${command}${ext}`);
+            if (existsSync(candidatePath)) {
+                return candidatePath;
+            }
+        }
+    }
+    return null;
+}
+function resolveCandidate(root, candidate) {
+    if (candidate.command === process.execPath) {
+        return candidate;
+    }
+    const resolvedPath = resolveFromPath(candidate.command);
+    if (resolvedPath) {
+        return {
+            ...candidate,
+            command: resolvedPath,
+        };
+    }
+    const repoLocalPath = join(root, candidate.command);
+    if (existsSync(repoLocalPath)) {
+        return {
+            ...candidate,
+            command: repoLocalPath,
+        };
+    }
+    return null;
+}
+export function runFirstAvailableCommand(root, candidates) {
+    for (const candidate of candidates) {
+        const resolved = resolveCandidate(root, candidate);
+        if (!resolved) {
+            continue;
+        }
+        const spawnTarget = toSpawnTuple(resolved);
+        const result = spawnSync(spawnTarget.command, spawnTarget.args, {
+            cwd: root,
+            env: process.env,
+            encoding: "utf8",
+            windowsHide: true,
+            stdio: "pipe",
+        });
+        return {
+            candidate: {
+                ...resolved,
+                display: candidate.display ?? [candidate.command, ...candidate.args].join(" "),
+            },
+            exitCode: result.status,
+            stdout: result.stdout ?? "",
+            stderr: result.stderr ?? "",
+            error: result.error
+                ? new Error(result.error.message, { cause: result.error })
+                : undefined,
+        };
+    }
+    return null;
+}
+export function resolveNodeTool(root, relativePath, args, display) {
+    const localToolPath = join(root, relativePath);
+    const candidates = [];
+    if (existsSync(localToolPath)) {
+        candidates.push({
+            command: process.execPath,
+            args: [localToolPath, ...args],
+            display,
+        });
+    }
+    return candidates;
+}

package/dist/orchestrator/syntaxResolutionExecutor.js

@@ -1,74 +1,75 @@
-import { execSync } from "node:child_process";
+import { join } from "node:path";
+import { resolveNodeTool, runFirstAvailableCommand } from "./localCommands.js";
 function runTsc(root) {
     const results = [];
-    try {
-        execSync("npx tsc --noEmit", {
-            cwd: root,
-            stdio: "pipe",
-            windowsHide: true,
-        });
+    const command = runFirstAvailableCommand(root, [
+        ...resolveNodeTool(root, join("node_modules", "typescript", "bin", "tsc"), ["--noEmit"], "tsc --noEmit"),
+        { command: "tsc", args: ["--noEmit"], display: "tsc --noEmit" },
+    ]);
+    if (!command || command.error) {
+        return results;
     }
-    catch (error) {
-        if (error.stdout) {
-            const output = error.stdout.toString();
-            const lines = output.split("\n");
-            for (const line of lines) {
-                const match = line.match(/^([^:]+)\((\d+),\d+\):\s+(error\s+TS\d+:.*)$/);
-                if (match) {
-                    results.push({
-                        id: `tsc-${results.length}`,
-                        category: "correctness",
-                        severity: "error",
-                        path: match[1].replace(/\\/g, "/"),
-                        line_start: parseInt(match[2], 10),
-                        summary: match[3],
-                        rule: "tsc",
-                    });
-                }
-            }
-        }
-        else {
-            process.stderr.write(`[syntax-resolution] tsc exited with no stdout; stderr: ${(error.stderr?.toString() ?? "").slice(0, 200)}\n`);
+    const output = [command.stdout, command.stderr].filter(Boolean).join("\n");
+    const lines = output.split("\n");
+    for (const line of lines) {
+        const match = line.match(/^([^:]+)\((\d+),\d+\):\s+(error\s+TS\d+:.*)$/);
+        if (match) {
+            results.push({
+                id: `tsc-${results.length}`,
+                category: "correctness",
+                severity: "error",
+                path: match[1].replace(/\\/g, "/"),
+                line_start: parseInt(match[2], 10),
+                summary: match[3],
+                rule: "tsc",
+            });
         }
     }
+    if (command.exitCode === 0 && output.trim().length === 0) {
+        return results;
+    }
+    if (results.length === 0 && output.trim().length > 0) {
+        process.stderr.write(`[syntax-resolution] tsc output could not be parsed: ${output.slice(0, 200)}\n`);
+    }
     return results;
 }
 function runEslint(root) {
     const results = [];
-    try {
-        execSync("npx eslint . --ext .ts,.js,.tsx,.jsx --format json", {
-            cwd: root,
-            stdio: "pipe",
-            windowsHide: true,
-        });
+    const command = runFirstAvailableCommand(root, [
+        ...resolveNodeTool(root, join("node_modules", "eslint", "bin", "eslint.js"), [".", "--ext", ".ts,.js,.tsx,.jsx", "--format", "json"], "eslint . --ext .ts,.js,.tsx,.jsx --format json"),
+        {
+            command: "eslint",
+            args: [".", "--ext", ".ts,.js,.tsx,.jsx", "--format", "json"],
+            display: "eslint . --ext .ts,.js,.tsx,.jsx --format json",
+        },
+    ]);
+    if (!command || command.error) {
+        return results;
     }
-    catch (error) {
-        if (error.stdout) {
-            try {
-                const output = JSON.parse(error.stdout.toString());
-                for (const fileResult of output) {
-                    for (const msg of fileResult.messages) {
-                        results.push({
-                            id: `eslint-${results.length}`,
-                            category: "maintainability",
-                            severity: msg.severity === 2 ? "error" : "warning",
-                            path: fileResult.filePath
-                                .replace(/\\/g, "/")
-                                .replace(root.replace(/\\/g, "/") + "/", ""),
-                            line_start: msg.line,
-                            summary: msg.message,
-                            rule: msg.ruleId || "eslint-error",
-                        });
-                    }
-                }
-            }
-            catch (e) {
-                process.stderr.write(`[syntax-resolution] eslint output could not be parsed: ${(error.stdout?.toString() ?? "").slice(0, 200)}\n`);
+    const output = [command.stdout, command.stderr].filter(Boolean).join("\n").trim();
+    if (output.length === 0) {
+        return results;
+    }
+    try {
+        const parsed = JSON.parse(output);
+        for (const fileResult of parsed) {
+            for (const msg of fileResult.messages) {
+                results.push({
+                    id: `eslint-${results.length}`,
+                    category: "maintainability",
+                    severity: msg.severity === 2 ? "error" : "warning",
+                    path: fileResult.filePath
+                        .replace(/\\/g, "/")
+                        .replace(root.replace(/\\/g, "/") + "/", ""),
+                    line_start: msg.line,
+                    summary: msg.message,
+                    rule: msg.ruleId || "eslint-error",
+                });
             }
         }
-        else {
-            process.stderr.write(`[syntax-resolution] eslint exited with no stdout; stderr: ${(error.stderr?.toString() ?? "").slice(0, 200)}\n`);
-        }
+    }
+    catch {
+        process.stderr.write(`[syntax-resolution] eslint output could not be parsed: ${output.slice(0, 200)}\n`);
     }
     return results;
 }

package/dist/supervisor/operatorHandoff.d.ts

@@ -1,7 +1,7 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
 import type { AuditState, AuditTopLevelStatus } from "../types/auditState.js";
 export interface AuditCodeHandoffInput {
-    flag: "--results" | "--updates" | "--external-analyzer-results";
+    flag: "--results" | "--batch-results" | "--updates" | "--external-analyzer-results";
     suggested_path: string;
     description: string;
 }

package/dist/supervisor/operatorHandoff.js

@@ -66,6 +66,11 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError) {
             suggested_path: join(incomingDir, "audit-results.json"),
             description: "Import structured audit-review results after manual or provider-assisted review finishes.",
         },
+        {
+            flag: "--batch-results",
+            suggested_path: join(incomingDir, "audit-results-batch"),
+            description: "Import a directory of per-batch audit result files when the conversation agent reviews multiple tasks before ingestion.",
+        },
         {
             flag: "--updates",
             suggested_path: join(incomingDir, "runtime-validation-updates.json"),
@@ -176,6 +181,9 @@ export function buildAuditCodeHandoff(params) {
 export async function writeAuditCodeHandoffArtifacts(handoff) {
     try {
         await mkdir(handoff.artifact_paths.incoming_dir, { recursive: true });
+        await mkdir(join(handoff.artifact_paths.incoming_dir, "audit-results-batch"), {
+            recursive: true,
+        });
         await writeJsonFile(handoff.artifact_paths.operator_handoff_json, handoff);
         await writeFile(handoff.artifact_paths.operator_handoff_markdown, renderMarkdown(handoff), "utf8");
     }

package/docs/agent-integrations.md

@@ -172,9 +172,9 @@ Use it when the current host cannot keep review inside the active conversation,
 
 Use when you want the supervisor to stay entirely local.
 
-This requires no external agent CLI. The supervisor launches fresh worker subprocesses that call the bounded `worker-run` entrypoint for deterministic stages.
+This requires no external agent CLI. Deterministic executors run in-process during normal wrapper runs, and the supervisor only stops once the remaining work is genuinely semantic review.
 
-When the remaining work is genuinely audit-task review, `local-subprocess` stops in a terminal blocked handoff instead of pretending more automatic progress is available.
+When that review boundary is reached, `local-subprocess` stops in a terminal blocked handoff instead of pretending more automatic progress is available. Use `--results <file>` for a single batch or `--batch-results <dir>` when the active conversation agent reviewed multiple task batches before ingestion.
 
 This is the safest default backend when the repository is already available locally.
 

package/docs/session-config.md

@@ -112,7 +112,9 @@ This keeps the current default stable while still allowing best-effort cross-edi
 
 No extra config is required.
 
-This mode covers deterministic worker runs locally and stops in a terminal blocked state once the remaining work requires imported audit results or an interactive provider.
+This mode covers deterministic audit execution locally and stops in a terminal blocked state once the remaining work requires imported audit results or an interactive provider.
+
+When the active conversation agent reviews multiple task batches before ingestion, prefer `audit-code --batch-results <dir>` over ad hoc artifact edits.
 
 This remains the safest fallback default while the semantic-review workflow is being realigned.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.2.9",
+  "version": "0.2.10",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/schemas/audit-code-v1alpha1.schema.json

@@ -131,6 +131,7 @@
                 "type": "string",
                 "enum": [
                   "--results",
+                  "--batch-results",
                   "--updates",
                   "--external-analyzer-results"
                 ]