auditor-lambda 0.3.13 → 0.3.14

package/README.md

@@ -190,20 +190,25 @@ Optional backend config:
 - use `provider: "auto"` only when you want best-effort routing across installed backends
 - treat explicit provider bridges as compatibility fallback, not as the intended owner of semantic review
 
-## Implementation Next Steps
+## Current Development Focus
 
 The next implementation work is tracked in:
 
-- `docs/next-steps.md`
+- `docs/product.md`
+- `docs/development.md`
+- `docs/handoff.md`
 
 The short version is:
 
 - keep the packet dispatch workflow verified in real host environments
-- benchmark `/audit-code` packet counts and warning counts against nontrivial external repositories
-- prove the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance in real host flows
+- make graph-informed packetization observable before adding more ecosystem-specific parsers
+- consolidate graph extraction and exercise generic ownership hints for analyzer-supplied module roots
+- add deterministic Python import, package, and test/source graph support as a core language path
+- use semantic/NLP-style affinity only as low-authority context unless deterministic graph evidence supports it
+- keep generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance aligned with real host behavior
 - tighten the repo-local MCP-first bootstrap where host smoke tests expose friction
 - polish provider-assisted continuation and failure guidance
-- finish publish and release hardening for packaged installs
+- keep schema contracts and examples easy for workers and host integrations to validate
 
 ## Build And Test
 
@@ -214,24 +219,15 @@ npm run release:patch
 npm run release:patch:publish
 ```
 
-For GitHub Actions publication and npm Trusted Publishing setup, see `docs/releasing.md`.
+For GitHub Actions publication and npm Trusted Publishing setup, see `docs/release.md`.
 
 ## Key Docs
 
-- `docs/product-direction.md`
-- `docs/workflow-refactor-brief.md`
-- `docs/remediation-baseline.md`
-- `docs/releasing.md`
-- `docs/production-readiness.md`
-- `docs/production-launch-bar.md`
-- `docs/next-steps.md`
+- `docs/product.md`
+- `docs/operator-guide.md`
+- `docs/contracts.md`
+- `docs/release.md`
+- `docs/development.md`
+- `docs/handoff.md`
+- `docs/history.md`
 - `skills/audit-code/SKILL.md`
-- `docs/bootstrap-install.md`
-- `docs/agent-integrations.md`
-- `docs/github-copilot.md`
-- `docs/contract.md`
-- `docs/model-selection.md`
-- `docs/packaging.md`
-- `docs/session-config.md`
-- `docs/supervisor.md`
-- `docs/windows-setup.md`

package/audit-code-wrapper-lib.mjs

@@ -645,7 +645,7 @@ function renderClaudeDesktopProjectTemplate() {
     '',
     '- `.audit-code/install/audit-code.import.md`',
     '- `.audit-code/install/GETTING-STARTED.md`',
-    '- `docs/agent-integrations.md` when you want host-specific operator context',
+    '- `docs/operator-guide.md` when you want host-specific operator context',
     '',
     'Starter prompt:',
     '',

package/dist/cli.js

@@ -1559,6 +1559,42 @@ function renderAnchorPreview(summary, anchorPath) {
         "",
     ];
 }
+function formatPacketConfidence(value) {
+    return typeof value === "number" && Number.isFinite(value)
+        ? value.toFixed(2)
+        : "n/a";
+}
+function renderPacketGraphContext(packet) {
+    const hasContext = (packet.entrypoints?.length ?? 0) > 0 ||
+        (packet.key_edges?.length ?? 0) > 0 ||
+        (packet.boundary_files?.length ?? 0) > 0 ||
+        packet.quality !== undefined;
+    if (!hasContext) {
+        return [];
+    }
+    const lines = ["## Packet graph context"];
+    if (packet.entrypoints?.length) {
+        lines.push("Entrypoints:");
+        lines.push(...packet.entrypoints.map((entrypoint) => `- ${entrypoint}`));
+    }
+    if (packet.key_edges?.length) {
+        lines.push("Key internal edges:");
+        lines.push(...packet.key_edges.map((edge) => {
+            const kind = edge.kind ? ` [${edge.kind}]` : "";
+            const reason = edge.reason ? ` - ${edge.reason}` : "";
+            return `- ${edge.from} -> ${edge.to}${kind} confidence=${formatPacketConfidence(edge.confidence)}${reason}`;
+        }));
+    }
+    if (packet.boundary_files?.length) {
+        lines.push("Boundary files to check only when evidence crosses the packet:");
+        lines.push(...packet.boundary_files.map((path) => `- ${path}`));
+    }
+    if (packet.quality) {
+        lines.push(`Quality: cohesion=${packet.quality.cohesion_score}, internal_edges=${packet.quality.internal_edge_count}, boundary_edges=${packet.quality.boundary_edge_count}, unexplained_files=${packet.quality.unexplained_file_count}`);
+    }
+    lines.push("");
+    return lines;
+}
 async function cmdPrepareDispatch(argv) {
     const runId = getFlag(argv, "--run-id");
     if (!runId)
@@ -1738,6 +1774,7 @@ async function cmdPrepareDispatch(argv) {
                 : "Use your Read tool. Paths are repo-relative from the current working directory.",
             fileList,
             "",
+            ...renderPacketGraphContext(packet),
             ...largeFileSection,
             "## Tasks",
             ...taskSections,
@@ -1961,13 +1998,12 @@ async function cmdMergeAndIngest(argv) {
     const passing = [];
     const failing = [];
     const seenTaskIds = new Set();
+    let spuriousFileCount = 0;
     for (const filename of files) {
         const filePath = resolve(join(taskResultsDir, filename));
         if (!expectedPaths.has(filePath)) {
-            failing.push({
-                task_id: filename,
-                errors: ["Unexpected task result file; only backend-assigned result paths may be ingested."],
-            });
+            spuriousFileCount++;
+            process.stderr.write(`[merge-and-ingest] Warning: ignoring unexpected file in task-results/: ${filename}\n`);
         }
     }
     for (const task of allTasks) {
@@ -2054,6 +2090,7 @@ async function cmdMergeAndIngest(argv) {
         status: workerResult.status,
         accepted_count: passing.length,
         rejected_count: 0,
+        spurious_file_count: spuriousFileCount,
         finding_count: findingCount,
         audit_results_path: auditResultsPath,
         selected_executor: workerResult.selected_executor,

package/dist/coverage.js

@@ -37,7 +37,9 @@ export function applyFileCoverage(matrix, fileCoverage) {
         const record = matrix.files.find((file) => file.path === coverage.path);
         if (!record || record.audit_status === "excluded")
             continue;
-        if (coverage.lens && !record.completed_lenses.includes(coverage.lens)) {
+        if (coverage.lens &&
+            record.required_lenses.includes(coverage.lens) &&
+            !record.completed_lenses.includes(coverage.lens)) {
             record.completed_lenses.push(coverage.lens);
         }
     }

package/dist/extractors/disposition.js

@@ -1,4 +1,4 @@
-import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, isAuditArtifactPath, isGeneratedInstallArtifactPath, isExamplesOrFixturesPath, normalizeExtractorPath, } from "./pathPatterns.js";
+import { isNodeModulesOrGit, isBuildOutput, isVendorPath, isBinaryArtifact, isLicensePath, isLockfilePath, isLogPath, isDocPath, isAuditArtifactPath, isGeneratedTestArtifactPath, isGeneratedInstallArtifactPath, isExamplesOrFixturesPath, normalizeExtractorPath, } from "./pathPatterns.js";
 function inferDisposition(path) {
     const normalized = normalizeExtractorPath(path);
     if (isNodeModulesOrGit(normalized)) {
@@ -33,6 +33,13 @@ function inferDisposition(path) {
             reason: "Generated audit artifact.",
         };
     }
+    if (isGeneratedTestArtifactPath(normalized)) {
+        return {
+            path,
+            status: "generated",
+            reason: "Generated test artifact.",
+        };
+    }
     if (isDocPath(normalized)) {
         return { path, status: "doc_only", reason: "Documentation artifact." };
     }

package/dist/extractors/graph.d.ts

@@ -1,8 +1,10 @@
 import type { RepoManifest } from "../types.js";
 import type { FileDisposition } from "../types/disposition.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { GraphBundle } from "../types/graph.js";
 export interface BuildGraphBundleOptions {
     fileContents?: Record<string, string>;
+    externalAnalyzerResults?: ExternalAnalyzerResults;
 }
-export declare function buildGraphBundleFromFs(repoManifest: RepoManifest, root: string, disposition?: FileDisposition): Promise<GraphBundle>;
+export declare function buildGraphBundleFromFs(repoManifest: RepoManifest, root: string, disposition?: FileDisposition, options?: Pick<BuildGraphBundleOptions, "externalAnalyzerResults">): Promise<GraphBundle>;
 export declare function buildGraphBundle(repoManifest: RepoManifest, disposition?: FileDisposition, options?: BuildGraphBundleOptions): GraphBundle;