auditor-lambda 0.3.0 → 0.3.2

package/audit-code-wrapper-lib.mjs

@@ -260,6 +260,9 @@ function printHelp({ usageName, preferredEntrypoint }) {
     '- validate checks the current artifact bundle plus session-config/provider readiness and exits non-zero when issues exist',
     '- validate-results --results FILE validates AuditResult payloads against the active task manifest without ingesting them',
     '- explain-task <task_id> prints the resolved file coverage and current status for a task id',
+    '- prepare-dispatch --run-id <id> [--artifacts-dir <dir>] creates per-task prompt files and dispatch-plan.json for parallel subagent dispatch',
+    '- merge-and-ingest --run-id <id> [--root <dir>] [--artifacts-dir <dir>] merges per-task results and ingests them into the coverage matrix',
+    '- validate-result --run-id <id> --task-id <id> [--artifacts-dir <dir>] validates a single task result against the schema and line counts',
     '',
     'Primary usage:',
     '- from the repository root, run the wrapper with no arguments',
@@ -2195,6 +2198,21 @@ export async function runAuditCodeWrapper({
     return;
   }
 
+  if (argv[0] === 'prepare-dispatch') {
+    await runDistCommand('prepare-dispatch', argv.slice(1));
+    return;
+  }
+
+  if (argv[0] === 'validate-result') {
+    await runDistCommand('validate-result', argv.slice(1));
+    return;
+  }
+
+  if (argv[0] === 'merge-and-ingest') {
+    await runDistCommand('merge-and-ingest', argv.slice(1), { ensureArtifactsDir: true });
+    return;
+  }
+
   const wrapperArgs = [...argv];
   if (defaultSingleStep && !hasFlag(wrapperArgs, '--single-step')) {
     wrapperArgs.push('--single-step');

package/dispatch/merge-results.mjs

@@ -1,40 +1,34 @@
-import { dirname, resolve, join } from "node:path";
-import { fileURLToPath } from "node:url";
+import { resolve, join } from "node:path";
 import { readFileSync, writeFileSync, readdirSync, existsSync } from "node:fs";
 import { validateResult } from "./validate.mjs";
 
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-
-// Parse --run-id
 const runIdIdx = process.argv.indexOf("--run-id");
 if (runIdIdx === -1 || !process.argv[runIdIdx + 1]) {
   console.error("Usage: node dispatch/merge-results.mjs --run-id <run_id> [--artifacts-dir <dir>]");
   process.exit(1);
 }
-const run_id = process.argv[runIdIdx + 1];
+const runId = process.argv[runIdIdx + 1];
 
-// Parse --artifacts-dir (default: CWD/.audit-artifacts)
 const artifactsDirIdx = process.argv.indexOf("--artifacts-dir");
 const artifactsDir = artifactsDirIdx !== -1 && process.argv[artifactsDirIdx + 1]
   ? resolve(process.argv[artifactsDirIdx + 1])
   : join(process.cwd(), ".audit-artifacts");
 
-const taskResultsDir = join(artifactsDir, "runs", run_id, "task-results");
-const auditResultsPath = join(artifactsDir, "runs", run_id, "audit-results.json");
-const failedTasksPath = join(artifactsDir, "runs", run_id, "failed-tasks.json");
-const tasksPath = join(artifactsDir, "runs", run_id, "pending-audit-tasks.json");
+const taskResultsDir = join(artifactsDir, "runs", runId, "task-results");
+const auditResultsPath = join(artifactsDir, "runs", runId, "audit-results.json");
+const failedTasksPath = join(artifactsDir, "runs", runId, "failed-tasks.json");
+const tasksPath = join(artifactsDir, "runs", runId, "pending-audit-tasks.json");
 
-// Build fileLineCounts map
-const lineCounts = {};
+// Build task map for validation context
+const taskMap = {};
 if (existsSync(tasksPath)) {
   try {
     const tasks = JSON.parse(readFileSync(tasksPath, "utf8"));
     for (const task of tasks) {
-      lineCounts[task.task_id] = task.file_line_counts;
+      taskMap[task.task_id] = task;
     }
   } catch {
-    // proceed with empty map
+    // proceed without task context
   }
 }
 
@@ -59,8 +53,8 @@ for (const filename of files) {
   }
 
   const taskId = resultObj?.task_id;
-  const fileLineCounts = (taskId && lineCounts[taskId]) ? lineCounts[taskId] : {};
-  const { valid, errors } = validateResult(resultObj, fileLineCounts);
+  const task = (taskId && taskMap[taskId]) ? taskMap[taskId] : null;
+  const { valid, errors } = validateResult(resultObj, task);
 
   if (valid) {
     passing.push(resultObj);

package/dispatch/validate-result.mjs

@@ -1,38 +1,25 @@
-import { dirname, resolve, join } from "node:path";
-import { fileURLToPath } from "node:url";
+import { resolve, join } from "node:path";
 import { readFileSync, existsSync } from "node:fs";
 import { validateResult } from "./validate.mjs";
 
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-
-// Support both named flags and legacy positional args:
-//   Named:    --run-id <id> --task-id <id> [--artifacts-dir <dir>]
-//   Positional (legacy): <run_id> <task_id>
-const runIdFlagIdx = process.argv.indexOf("--run-id");
-const taskIdFlagIdx = process.argv.indexOf("--task-id");
+const runIdIdx = process.argv.indexOf("--run-id");
+const taskIdIdx = process.argv.indexOf("--task-id");
 const artifactsDirIdx = process.argv.indexOf("--artifacts-dir");
 
-const run_id = runIdFlagIdx !== -1
-  ? process.argv[runIdFlagIdx + 1]
-  : process.argv[2];
-
-const task_id = taskIdFlagIdx !== -1
-  ? process.argv[taskIdFlagIdx + 1]
-  : process.argv[3];
+const runId = runIdIdx !== -1 ? process.argv[runIdIdx + 1] : undefined;
+const taskId = taskIdIdx !== -1 ? process.argv[taskIdIdx + 1] : undefined;
 
-if (!run_id || !task_id) {
+if (!runId || !taskId) {
   console.error("Usage: node dispatch/validate-result.mjs --run-id <run_id> --task-id <task_id> [--artifacts-dir <dir>]");
   process.exit(1);
 }
 
-// Artifacts dir: explicit flag > CWD default
 const artifactsDir = artifactsDirIdx !== -1 && process.argv[artifactsDirIdx + 1]
   ? resolve(process.argv[artifactsDirIdx + 1])
   : join(process.cwd(), ".audit-artifacts");
 
-const sanitized = task_id.replace(/[^a-zA-Z0-9_-]/g, "_");
-const resultPath = join(artifactsDir, "runs", run_id, "task-results", sanitized + ".json");
+const sanitized = taskId.replace(/[^a-zA-Z0-9_-]/g, "_");
+const resultPath = join(artifactsDir, "runs", runId, "task-results", sanitized + ".json");
 
 if (!existsSync(resultPath)) {
   console.error(`File not found: ${resultPath}`);
@@ -47,25 +34,24 @@ try {
   process.exit(1);
 }
 
-const tasksPath = join(artifactsDir, "runs", run_id, "pending-audit-tasks.json");
-let fileLineCounts = {};
+const tasksPath = join(artifactsDir, "runs", runId, "pending-audit-tasks.json");
+let task = null;
 if (existsSync(tasksPath)) {
   try {
     const tasks = JSON.parse(readFileSync(tasksPath, "utf8"));
-    const task = tasks.find(t => t.task_id === task_id);
-    fileLineCounts = task?.file_line_counts ?? {};
+    task = tasks.find(t => t.task_id === taskId) ?? null;
   } catch {
-    // use empty
+    // proceed without task context
   }
 }
 
-const { valid, errors } = validateResult(resultObj, fileLineCounts);
+const { valid, errors } = validateResult(resultObj, task);
 
 if (valid) {
-  console.log("✓ valid:", task_id);
+  console.log("✓ valid:", taskId);
   process.exit(0);
 } else {
-  console.error("✗ invalid:", task_id);
+  console.error("✗ invalid:", taskId);
   console.error(JSON.stringify(errors, null, 2));
   process.exit(1);
 }

package/dispatch/validate.mjs

@@ -1,88 +1,16 @@
-import { dirname, resolve, join } from "node:path";
-import { fileURLToPath } from "node:url";
-import { readFileSync } from "node:fs";
-import Ajv2020 from "ajv/dist/2020.js";
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const PROJECT_ROOT = resolve(__dirname, "..");
-const SCHEMAS_DIR = join(PROJECT_ROOT, "schemas");
-
-function loadSchema(name) {
-  return JSON.parse(readFileSync(join(SCHEMAS_DIR, name), "utf8"));
-}
-
-let _ajv = null;
-let _validateFn = null;
-
-function getValidator() {
-  if (_validateFn) return _validateFn;
-  _ajv = new Ajv2020({ strict: false, allErrors: true });
-  _ajv.addSchema(loadSchema("finding.schema.json"));
-  _validateFn = _ajv.compile(loadSchema("audit_result.schema.json"));
-  return _validateFn;
-}
-
-function formatAjvError(e) {
-  const path = e.instancePath || "(root)";
-  return `${path}: ${e.message}${e.params ? " (" + JSON.stringify(e.params) + ")" : ""}`;
-}
+import { validateAuditResults } from "../dist/validation/auditResults.js";
 
 /**
  * @param {object} resultObj  — parsed JSON from a task-results file
- * @param {Record<string, number>} fileLineCounts — from the task's file_line_counts
+ * @param {object|null} task  — the matching AuditTask from pending-audit-tasks.json, or null
  * @returns {{ valid: boolean, errors: string[] }}
  */
-export function validateResult(resultObj, fileLineCounts) {
-  const validate = getValidator();
-  const schemaValid = validate(resultObj);
-
-  if (!schemaValid) {
-    return { valid: false, errors: validate.errors.map(formatAjvError) };
-  }
-
-  const errors = [];
-
-  // Line range constraint
-  for (const finding of resultObj.findings) {
-    for (const entry of finding.affected_files) {
-      if (entry.line_end !== undefined) {
-        const coverage = resultObj.file_coverage.find(fc => fc.path === entry.path);
-        if (!coverage) {
-          errors.push(`affected_files path '${entry.path}' not in file_coverage`);
-        } else if (entry.line_end > coverage.total_lines) {
-          errors.push(
-            `finding '${finding.id}': line_end ${entry.line_end} exceeds total_lines ${coverage.total_lines} for ${entry.path}`
-          );
-        }
-      }
-    }
-  }
-
-  // Lens consistency
-  for (const finding of resultObj.findings) {
-    if (finding.lens !== resultObj.lens) {
-      errors.push(
-        `finding '${finding.id}': lens '${finding.lens}' does not match task lens '${resultObj.lens}'`
-      );
-    }
-  }
-
-  // affected_files paths in scope
-  const allowedPaths = new Set(resultObj.file_coverage.map(fc => fc.path));
-  for (const finding of resultObj.findings) {
-    for (const entry of finding.affected_files) {
-      if (!allowedPaths.has(entry.path)) {
-        errors.push(
-          `finding '${finding.id}': affected path '${entry.path}' not in task file_coverage`
-        );
-      }
-    }
-  }
-
-  if (errors.length > 0) {
-    return { valid: false, errors };
-  }
-
-  return { valid: true, errors: [] };
+export function validateResult(resultObj, task) {
+  const tasks = task ? [task] : [];
+  const lineIndex = task?.file_line_counts ?? {};
+  const issues = validateAuditResults([resultObj], tasks, { lineIndex });
+  const errors = issues
+    .filter(i => i.severity === "error")
+    .map(i => `${i.path}: ${i.message}`);
+  return { valid: errors.length === 0, errors };
 }

package/dist/cli.js

@@ -112,7 +112,7 @@ function getExplicitProvider(argv) {
     return getFlag(argv, "--provider");
 }
 function resolveRunProviderName(argv, sessionConfig) {
-    return resolveFreshSessionProviderName(getExplicitProvider(argv) ?? "auto", sessionConfig);
+    return resolveFreshSessionProviderName(getExplicitProvider(argv), sessionConfig);
 }
 function chunkArray(arr, size) {
     const chunkSize = normalizePositiveInteger(size);
@@ -648,7 +648,7 @@ async function cmdRunToCompletion(argv) {
         throw error;
     }
     const explicitProvider = getExplicitProvider(argv);
-    const provider = createFreshSessionProvider(explicitProvider ?? "auto", sessionConfig);
+    const provider = createFreshSessionProvider(explicitProvider, sessionConfig);
     const uiMode = getUiMode(argv, sessionConfig.ui_mode ?? "headless");
     const maxRuns = getMaxRuns(argv);
     const agentBatchSize = getAgentBatchSize(argv, sessionConfig);
@@ -1479,7 +1479,7 @@ async function cmdPrepareDispatch(argv) {
             "",
             "## Validate",
             "After writing your result, run:",
-            `  audit-code validate-result --run-id ${runId} --task-id ${task.task_id} --artifacts-dir ${artifactsDir}`,
+            `  "${process.execPath}" "${join(packageRoot, "audit-code.mjs")}" validate-result --run-id ${runId} --task-id ${task.task_id} --artifacts-dir "${artifactsDir}"`,
             "",
             "Exit 0 means valid. Non-zero: read the errors, fix your JSON, rewrite the file, run again. Retry up to 3 times.",
         ].join("\n");
@@ -1501,12 +1501,16 @@ async function cmdMergeAndIngest(argv) {
     const taskResultsDir = join(runDir, "task-results");
     const auditResultsPath = join(runDir, "audit-results.json");
     const taskPath = join(runDir, "task.json");
-    // Merge: collect all per-task result files (skip .prompt.md files)
+    const tasksPath = join(runDir, "pending-audit-tasks.json");
+    let allTasks = [];
+    try {
+        allTasks = await readJsonFile(tasksPath);
+    }
+    catch { /* may not exist */ }
+    const taskMap = new Map(allTasks.map(t => [t.task_id, t]));
     let files;
     try {
-        files = (await readdir(taskResultsDir))
-            .filter(f => f.endsWith(".json"))
-            .sort();
+        files = (await readdir(taskResultsDir)).filter(f => f.endsWith(".json")).sort();
     }
     catch {
         files = [];
@@ -1523,13 +1527,16 @@ async function cmdMergeAndIngest(argv) {
             failing.push({ task_id: filename, errors: [`Invalid JSON: ${e.message}`] });
             continue;
         }
-        const r = obj;
-        const missing = ["task_id", "unit_id", "pass_id", "lens", "file_coverage", "findings"].filter(f => !(f in r));
-        if (missing.length > 0) {
-            failing.push({ task_id: String(r.task_id ?? filename), errors: [`Missing required fields: ${missing.join(", ")}`] });
+        const taskId = typeof obj.task_id === "string"
+            ? String(obj.task_id) : undefined;
+        const matchingTask = taskId ? taskMap.get(taskId) : undefined;
+        const issues = validateAuditResults([obj], matchingTask ? [matchingTask] : [], { lineIndex: matchingTask?.file_line_counts ?? {} });
+        const errors = issues.filter(i => i.severity === "error");
+        if (errors.length === 0) {
+            passing.push(obj);
         }
         else {
-            passing.push(obj);
+            failing.push({ task_id: taskId ?? filename, errors: errors.map(i => i.message) });
         }
     }
     await writeJsonFile(auditResultsPath, passing);
@@ -1541,12 +1548,6 @@ async function cmdMergeAndIngest(argv) {
     // Ingest: run worker-run logic against the merged results file
     await cmdWorkerRun([argv[0], argv[1], "worker-run", "--task", taskPath, "--artifacts-dir", artifactsDir]);
 }
-const VALID_LENSES_SET = new Set([
-    "correctness", "architecture", "maintainability", "security", "reliability",
-    "performance", "data_integrity", "tests", "operability", "config_deployment",
-]);
-const VALID_SEVERITIES_SET = new Set(["critical", "high", "medium", "low", "info"]);
-const VALID_CONFIDENCES_SET = new Set(["high", "medium", "low"]);
 async function cmdValidateResult(argv) {
     const runId = getFlag(argv, "--run-id");
     const taskId = getFlag(argv, "--task-id");
@@ -1574,102 +1575,22 @@ async function cmdValidateResult(argv) {
         process.exitCode = 1;
         return;
     }
-    const errors = [];
-    // Required top-level fields
-    for (const field of ["task_id", "unit_id", "pass_id", "lens", "file_coverage", "findings"]) {
-        if (!(field in obj))
-            errors.push(`Missing required field: ${field}`);
-    }
-    if (errors.length > 0) {
-        console.error(`✗ invalid: ${taskId}`);
-        for (const e of errors)
-            console.error(`  ${e}`);
-        process.exitCode = 1;
-        return;
-    }
-    // Lens
-    if (typeof obj.lens !== "string" || !VALID_LENSES_SET.has(obj.lens)) {
-        errors.push(`lens must be one of: ${[...VALID_LENSES_SET].join("|")}`);
-    }
-    // file_coverage
-    if (!Array.isArray(obj.file_coverage) || obj.file_coverage.length === 0) {
-        errors.push("file_coverage must be a non-empty array");
-    }
-    else {
-        for (const fc of obj.file_coverage) {
-            const entry = fc;
-            if (typeof entry.path !== "string")
-                errors.push(`file_coverage entry missing string 'path'`);
-            if (typeof entry.total_lines !== "number")
-                errors.push(`file_coverage entry missing numeric 'total_lines'`);
-        }
-    }
-    // findings
-    if (!Array.isArray(obj.findings)) {
-        errors.push("findings must be an array");
-    }
-    else {
-        for (const f of obj.findings) {
-            const finding = f;
-            for (const field of ["id", "title", "category", "severity", "confidence", "lens", "summary"]) {
-                if (typeof finding[field] !== "string")
-                    errors.push(`finding missing string '${field}'`);
-            }
-            if (typeof finding.severity === "string" && !VALID_SEVERITIES_SET.has(finding.severity)) {
-                errors.push(`finding '${finding.id}': invalid severity '${finding.severity}'`);
-            }
-            if (typeof finding.confidence === "string" && !VALID_CONFIDENCES_SET.has(finding.confidence)) {
-                errors.push(`finding '${finding.id}': invalid confidence '${finding.confidence}'`);
-            }
-            if (!Array.isArray(finding.affected_files) || finding.affected_files.length === 0) {
-                errors.push(`finding '${finding.id}': affected_files must be a non-empty array`);
-            }
-            else {
-                for (const af of finding.affected_files) {
-                    if (typeof af.path !== "string") {
-                        errors.push(`finding '${finding.id}': affected_files entries must be objects with a 'path' key`);
-                    }
-                }
-            }
-            if (!Array.isArray(finding.evidence) || finding.evidence.length === 0) {
-                errors.push(`finding '${finding.id}': evidence must be a non-empty array`);
-            }
-            if (typeof finding.lens === "string" && finding.lens !== obj.lens) {
-                errors.push(`finding '${finding.id}': lens '${finding.lens}' does not match task lens '${obj.lens}'`);
-            }
-        }
-    }
-    // Line range bounds (load from pending-audit-tasks.json if available)
-    let fileLineCounts = {};
+    let allTasks = [];
     try {
-        const tasks = await readJsonFile(tasksPath);
-        const task = tasks.find(t => t.task_id === taskId);
-        fileLineCounts = task?.file_line_counts ?? {};
-    }
-    catch { /* ignore */ }
-    if (Array.isArray(obj.file_coverage) && Array.isArray(obj.findings)) {
-        const coverageMap = new Map(obj.file_coverage.map(fc => [fc.path, fc.total_lines]));
-        const allowedPaths = new Set(coverageMap.keys());
-        for (const f of obj.findings) {
-            for (const af of (f.affected_files ?? [])) {
-                const p = af.path;
-                if (!allowedPaths.has(p))
-                    errors.push(`finding '${f.id}': path '${p}' not in file_coverage`);
-                if (typeof af.line_end === "number") {
-                    const max = coverageMap.get(p) ?? fileLineCounts[p] ?? Infinity;
-                    if (af.line_end > max)
-                        errors.push(`finding '${f.id}': line_end ${af.line_end} exceeds total_lines ${max} for ${p}`);
-                }
-            }
-        }
+        allTasks = await readJsonFile(tasksPath);
     }
+    catch { /* may not exist */ }
+    const matchingTasks = allTasks.filter(t => t.task_id === taskId);
+    const lineIndex = matchingTasks[0]?.file_line_counts ?? {};
+    const issues = validateAuditResults([obj], matchingTasks, { lineIndex });
+    const errors = issues.filter(i => i.severity === "error");
     if (errors.length === 0) {
         console.log(`✓ valid: ${taskId}`);
     }
     else {
         console.error(`✗ invalid: ${taskId}`);
         for (const e of errors)
-            console.error(`  ${e}`);
+            console.error(`  ${e.path}: ${e.message}`);
         process.exitCode = 1;
     }
 }

package/dist/prompts/renderWorkerPrompt.js

@@ -11,10 +11,15 @@ export function renderWorkerPrompt(task) {
             `Audit run: ${task.run_id}`,
             `Read: ${tasksPath}`,
             "For each task: read all file_paths in full, review under the specified lens,",
-            "and emit one AuditResult with: task_id, unit_id, pass_id, lens, file_coverage,",
-            "findings. Each finding: id, title, category, severity, confidence, lens, summary,",
-            "affected_files (path, line_start, line_end, symbol), evidence (plain strings).",
-            `Write to: ${task.audit_results_path}`,
+            "and emit one AuditResult with:",
+            "  task_id, unit_id, pass_id, lens (copy from task),",
+            "  file_coverage: [{path, total_lines}] — use file_line_counts[path] from the task for each file,",
+            "  findings: [] or array of finding objects.",
+            "Each finding: id, title, category, severity, confidence, lens, summary,",
+            "  affected_files [{path, line_start, line_end, symbol}] (objects, not strings; min 1 entry),",
+            "  evidence [strings] (min 1 entry).",
+            "Constraint: line_end must not exceed total_lines for that file.",
+            `Write all results as a JSON array to: ${task.audit_results_path}`,
         ];
         if (usesDeferredWorkerCommand(task)) {
             lines.push("Deferred mode: write results, do not execute worker_command.");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",
@@ -38,7 +38,7 @@
     "start": "node dist/index.js",
     "audit-code": "node audit-code.mjs",
     "sample-run": "node dist/index.js sample-run",
-    "dispatch:prepare": "node dispatch/prepare-dispatch.mjs",
+    "dispatch:prepare": "node audit-code.mjs prepare-dispatch",
     "dispatch:merge": "node dispatch/merge-results.mjs",
     "dispatch:validate": "node dispatch/validate-result.mjs"
   },

package/skills/audit-code/audit-code.prompt.md

@@ -36,13 +36,11 @@ Parse the JSON output. Check `audit_state.status`:
 
 ---
 
-### Step 2 — Read the Task
+### Step 2 — Extract the Task IDs
 
-Read the file at `.audit-artifacts/dispatch/current-task.json`.
-
-Note these fields:
-- `run_id` — identifies this batch of audit work
-- `artifacts_dir` — base artifacts directory
+Parse these fields directly from the Step 1 JSON output:
+- `run_id` — from `handoff.active_review_run.run_id`
+- `artifacts_dir` — from `handoff.artifacts_dir`
 
 _(If `audit_state.blockers` contains a message that requires operator input rather than code review, stop and report the blocker verbatim to the user.)_
 
@@ -103,3 +101,5 @@ Read `audit-report.md` and present the completed audit to the user. Lead with th
 **Large task warnings:** `prepare-dispatch` warns about tasks exceeding ~1500 lines. If a subagent hits a quota limit and fails to produce output, `merge-and-ingest` excludes it silently — those tasks remain pending and are picked up in the next loop iteration. No manual intervention needed.
 
 **Failed validation:** Subagents self-validate and retry up to 3 times before finishing. `merge-and-ingest` excludes any results that still lack required fields and writes `failed-tasks.json`. Those tasks are requeued automatically in the next cycle.
+
+**Command failures:** If `prepare-dispatch` or `merge-and-ingest` exits non-zero, **STOP immediately** and report the exact error output to the user. Do NOT improvise manual dispatch, manually split tasks, manually create directories, manually construct prompts, or manually merge results. These scripts are the canonical mechanism — operating without them produces incorrect output. Fix the underlying issue and re-run the failed command.

package/dispatch/prepare-dispatch.mjs

@@ -1,136 +0,0 @@
-import { dirname, resolve, join } from "node:path";
-import { fileURLToPath } from "node:url";
-import { readFileSync, writeFileSync, mkdirSync } from "node:fs";
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const PACKAGE_ROOT = resolve(__dirname, "..");
-
-// Parse --run-id
-const runIdIdx = process.argv.indexOf("--run-id");
-if (runIdIdx === -1 || !process.argv[runIdIdx + 1]) {
-  console.error("Usage: node dispatch/prepare-dispatch.mjs --run-id <run_id> [--artifacts-dir <dir>]");
-  process.exit(1);
-}
-const run_id = process.argv[runIdIdx + 1];
-
-// Parse --artifacts-dir (default: CWD/.audit-artifacts)
-const artifactsDirIdx = process.argv.indexOf("--artifacts-dir");
-const artifactsDir = artifactsDirIdx !== -1 && process.argv[artifactsDirIdx + 1]
-  ? resolve(process.argv[artifactsDirIdx + 1])
-  : join(process.cwd(), ".audit-artifacts");
-
-const runDir = join(artifactsDir, "runs", run_id);
-const tasksPath = join(runDir, "pending-audit-tasks.json");
-const taskResultsDir = join(runDir, "task-results");
-const dispatchPlanPath = join(runDir, "dispatch-plan.json");
-
-let tasks;
-try {
-  tasks = JSON.parse(readFileSync(tasksPath, "utf8"));
-} catch (e) {
-  console.error(`Cannot read ${tasksPath}: ${e.message}`);
-  process.exit(1);
-}
-
-const lensDefinitions = JSON.parse(
-  readFileSync(join(__dirname, "lens-definitions.json"), "utf8")
-);
-
-mkdirSync(taskResultsDir, { recursive: true });
-
-function buildPrompt(task, lensDef, outputPath, runId, artifactsDir) {
-  const fileList = task.file_paths.map(p => {
-    const lines = task.file_line_counts?.[p] ?? 0;
-    return `- ${p} (${lines} lines)`;
-  }).join("\n");
-
-  return `You are a code auditor. Review the files below under the specified lens.
-
-## Task
-task_id: ${task.task_id}
-unit_id: ${task.unit_id}
-pass_id: ${task.pass_id}
-lens: ${task.lens}
-
-## Files to read
-Use your Read tool. Paths are repo-relative from the current working directory.
-${fileList}
-
-## Lens: ${task.lens}
-${lensDef?.description ?? task.lens}
-
-Do NOT report: ${lensDef?.do_not_report ?? "N/A"}
-
-## Output
-Write a single JSON object to: ${outputPath}
-
-Required fields:
-  task_id       copy from task metadata above
-  unit_id       copy from task metadata above
-  pass_id       copy from task metadata above
-  lens          copy from task metadata above
-  file_coverage [{path, total_lines}] — one entry per file; use the line counts listed above
-  findings      [] or array of finding objects (see below)
-
-Each finding object (omit optional fields if not applicable):
-  id            unique ID, e.g. "SEC-001"
-  title         short title
-  category      correctness|architecture|maintainability|security|reliability|performance|data_integrity|tests|operability|config_deployment
-  severity      critical|high|medium|low|info
-  confidence    high|medium|low
-  lens          "${task.lens}" — must match task lens exactly
-  summary       1–2 sentence description
-  affected_files  [{path, line_start?, line_end?, symbol?}] — objects, not strings; min 1 entry
-  evidence     ["path/to/file.ts:42 — description of what you see there"] — min 1 entry
-
-Constraints:
-1. line_end must not exceed the file's actual line count (use the counts listed above)
-2. affected_files entries are OBJECTS with a "path" key — NOT plain strings
-3. Only reference files from the list above
-4. findings: [] is correct when you find nothing genuine — do not invent findings
-
-## Validate
-After writing your result, run:
-  audit-code validate-result --run-id ${runId} --task-id ${task.task_id} --artifacts-dir ${artifactsDir}
-
-Exit 0 means valid. Non-zero: read the errors, fix your JSON, rewrite the file, run again. Retry up to 3 times.`;
-}
-
-const plan = [];
-let largestTask = null;
-let largestLines = 0;
-
-for (const task of tasks) {
-  const sanitizedId = task.task_id.replace(/[^a-zA-Z0-9_-]/g, "_");
-  const outputPath = join(taskResultsDir, sanitizedId + ".json");
-  const promptPath = join(taskResultsDir, sanitizedId + ".prompt.md");
-  const lensDef = lensDefinitions[task.lens];
-
-  if (!lensDef) {
-    process.stderr.write(`Warning: no lens definition for '${task.lens}' (task ${task.task_id})\n`);
-  }
-
-  const totalFileLines = Object.values(task.file_line_counts ?? {}).reduce((a, b) => a + b, 0);
-
-  if (totalFileLines > largestLines) {
-    largestLines = totalFileLines;
-    largestTask = task.task_id;
-  }
-  if (totalFileLines > 1500) {
-    process.stderr.write(`Warning: large task ${task.task_id} (~${totalFileLines} lines) may hit quota limits\n`);
-  }
-
-  const prompt = buildPrompt(task, lensDef, outputPath, run_id, artifactsDir);
-  writeFileSync(promptPath, prompt, "utf8");
-
-  const description = `Audit ${task.unit_id} (${task.file_paths.length} file(s), ~${totalFileLines} lines) — ${task.lens} lens`;
-  plan.push({ task_id: task.task_id, description, output_path: outputPath, prompt_path: promptPath });
-}
-
-writeFileSync(dispatchPlanPath, JSON.stringify(plan, null, 2));
-
-console.log(`Wrote dispatch-plan.json — ${plan.length} tasks ready for dispatch`);
-if (largestTask) {
-  console.log(`Largest task: ${largestTask} (~${largestLines} lines)`);
-}