auditor-lambda 0.3.18 → 0.3.20

package/dist/orchestrator/internalExecutors.js

@@ -1,5 +1,5 @@
 import { spawn } from "node:child_process";
-import { buildFileDisposition } from "../extractors/disposition.js";
+import { buildFileDisposition, isAuditExcludedStatus, } from "../extractors/disposition.js";
 import { buildGraphBundle, buildGraphBundleFromFs, } from "../extractors/graph.js";
 import { buildCriticalFlowManifest } from "../extractors/flows.js";
 import { buildRiskRegister } from "../extractors/risk.js";
@@ -123,6 +123,10 @@ export async function runIntakeExecutor(bundle, root) {
         hash_files: false,
     });
     const disposition = buildFileDisposition(repoManifest);
+    const auditableCount = disposition.files.filter((file) => !isAuditExcludedStatus(file.status)).length;
+    if (auditableCount === 0) {
+        throw new Error(`No auditable files found in ${root}. The repository may be empty, generated-only, documentation-only, or filtered by .auditorignore.`);
+    }
     return {
         updated: {
             ...bundle,
@@ -140,7 +144,6 @@ export async function runStructureExecutor(bundle, root) {
     const externalAnalyzerResults = bundle.external_analyzer_results;
     const disposition = bundle.file_disposition ?? buildFileDisposition(bundle.repo_manifest);
     const unitManifest = buildUnitManifest(bundle.repo_manifest, disposition);
-    const surfaceManifest = buildSurfaceManifest(bundle.repo_manifest, disposition);
     const graphBundle = root
         ? await buildGraphBundleFromFs(bundle.repo_manifest, root, disposition, {
             externalAnalyzerResults,
@@ -148,6 +151,7 @@ export async function runStructureExecutor(bundle, root) {
         : buildGraphBundle(bundle.repo_manifest, disposition, {
             externalAnalyzerResults,
         });
+    const surfaceManifest = buildSurfaceManifest(bundle.repo_manifest, disposition, { graphBundle });
     const criticalFlows = buildCriticalFlowManifest(bundle.repo_manifest, surfaceManifest, disposition);
     const riskRegister = buildRiskRegister(unitManifest, criticalFlows, externalAnalyzerResults);
     return {

package/dist/orchestrator/planning.js

@@ -1,5 +1,6 @@
 import { applyUnitCoverage, createCoverageMatrix, markExcludedPath, } from "../coverage.js";
 import { isAuditExcludedStatus } from "../extractors/disposition.js";
+import { hasBrowserExtensionManifestFile } from "../extractors/browserExtension.js";
 import { deriveRequiredLensesForPath } from "./unitBuilder.js";
 const CATEGORY_LENS_TABLE = [
     [["security", "secret"], ["security", "correctness"]],
@@ -47,6 +48,7 @@ function applyAnalyzerCoverage(coverage, externalAnalyzerResults) {
 }
 export function initializeCoverageFromPlan(repoManifest, unitManifest, disposition, externalAnalyzerResults) {
     const coverage = createCoverageMatrix(repoManifest.files.map((file) => file.path));
+    const isBrowserExtensionProject = hasBrowserExtensionManifestFile(repoManifest);
     const dispositionMap = new Map(disposition.files.map((item) => [item.path, item.status]));
     for (const file of repoManifest.files) {
         const status = dispositionMap.get(file.path);
@@ -66,7 +68,9 @@ export function initializeCoverageFromPlan(repoManifest, unitManifest, dispositi
     }
     for (const file of repoManifest.files) {
         const unitIds = unitIdsByPath.get(file.path) ?? [];
-        const requiredLenses = deriveRequiredLensesForPath(file.path);
+        const requiredLenses = deriveRequiredLensesForPath(file.path, {
+            isBrowserExtensionProject,
+        });
         for (const unitId of unitIds) {
             applyUnitCoverage(coverage, file.path, unitId, requiredLenses);
         }

package/dist/orchestrator/syntaxResolutionExecutor.js

@@ -15,6 +15,14 @@ const ESLINT_CONFIG_FILES = [
     ".eslintrc.yml",
     ".eslintrc.yaml",
 ];
+const TSCONFIG_FILES = [
+    "tsconfig.json",
+    "tsconfig.build.json",
+    "jsconfig.json",
+];
+function hasTypeScriptConfig(root) {
+    return TSCONFIG_FILES.some((file) => existsSync(join(root, file)));
+}
 function hasEslintConfig(root) {
     if (ESLINT_CONFIG_FILES.some((file) => existsSync(join(root, file)))) {
         return true;
@@ -109,7 +117,8 @@ function runEslint(root) {
 }
 export function runSyntaxResolutionExecutor(bundle, root) {
     const items = [];
-    if (bundle.file_disposition?.files.some((f) => f.path.endsWith(".ts"))) {
+    if (hasTypeScriptConfig(root) &&
+        bundle.file_disposition?.files.some((f) => f.path.endsWith(".ts"))) {
         items.push(...runTsc(root));
     }
     if (bundle.file_disposition?.files.some((f) => f.path.endsWith(".ts") || f.path.endsWith(".js"))) {

package/dist/orchestrator/unitBuilder.d.ts

@@ -1,5 +1,7 @@
 import type { Lens, RepoManifest, UnitManifest } from "../types.js";
 import type { FileDisposition } from "../types/disposition.js";
 export declare const LENS_ORDER: Lens[];
-export declare function deriveRequiredLensesForPath(path: string): Lens[];
+export declare function deriveRequiredLensesForPath(path: string, options?: {
+    isBrowserExtensionProject?: boolean;
+}): Lens[];
 export declare function buildUnitManifest(repoManifest: RepoManifest, disposition?: FileDisposition): UnitManifest;

package/dist/orchestrator/unitBuilder.js

@@ -1,3 +1,4 @@
+import { deriveBrowserExtensionLensesForPath, hasBrowserExtensionManifestFile, inferBrowserExtensionUnitKind, } from "../extractors/browserExtension.js";
 import { bucketFile } from "../extractors/bucketing.js";
 import { isAuditExcludedStatus } from "../extractors/disposition.js";
 import { pathTokens, normalizeExtractorPath } from "../extractors/pathPatterns.js";
@@ -14,7 +15,13 @@ const LENS_MAP = {
     generated_vendor: ["maintainability"],
     unknown: ["correctness"],
 };
-function inferUnitKind(path) {
+function inferUnitKind(path, isBrowserExtensionProject = false) {
+    if (isBrowserExtensionProject) {
+        const extensionKind = inferBrowserExtensionUnitKind(path);
+        if (extensionKind) {
+            return extensionKind;
+        }
+    }
     const normalized = path.toLowerCase();
     if (normalized.startsWith("apps/") || normalized.startsWith("services/"))
         return "service";
@@ -94,7 +101,7 @@ function applyExtensionLensGuards(path, lenses) {
     }
     return lenses;
 }
-export function deriveRequiredLensesForPath(path) {
+export function deriveRequiredLensesForPath(path, options = {}) {
     const assignment = bucketFile(path);
     const required = new Set();
     for (const bucket of assignment.buckets) {
@@ -102,6 +109,11 @@ export function deriveRequiredLensesForPath(path) {
             required.add(lens);
         }
     }
+    if (options.isBrowserExtensionProject) {
+        for (const lens of deriveBrowserExtensionLensesForPath(path)) {
+            required.add(lens);
+        }
+    }
     return applyExtensionLensGuards(path, sortLenses(required));
 }
 function inferCriticalFlows(files, requiredLenses) {
@@ -128,13 +140,14 @@ function inferCriticalFlows(files, requiredLenses) {
 }
 export function buildUnitManifest(repoManifest, disposition) {
     const units = new Map();
+    const isBrowserExtensionProject = hasBrowserExtensionManifestFile(repoManifest);
     const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
     for (const file of repoManifest.files) {
         const status = dispositionMap.get(file.path);
         if (file.excluded || (status && isAuditExcludedStatus(status))) {
             continue;
         }
-        const kind = inferUnitKind(file.path);
+        const kind = inferUnitKind(file.path, isBrowserExtensionProject);
         const unitId = inferUnitId(file.path, kind);
         const existing = units.get(unitId) ?? {
             unit_id: unitId,
@@ -148,7 +161,9 @@ export function buildUnitManifest(repoManifest, disposition) {
         }
         const assignment = bucketFile(file.path);
         const required = new Set(existing.required_lenses);
-        for (const lens of deriveRequiredLensesForPath(file.path)) {
+        for (const lens of deriveRequiredLensesForPath(file.path, {
+            isBrowserExtensionProject,
+        })) {
             required.add(lens);
         }
         existing.required_lenses = sortLenses(required);

package/dist/supervisor/operatorHandoff.js

@@ -11,6 +11,8 @@ const RUN_LEDGER_FILENAME = "run-ledger.json";
 const CURRENT_TASK_FILENAME = "current-task.json";
 const CURRENT_PROMPT_FILENAME = "current-prompt.md";
 const CURRENT_TASKS_FILENAME = "current-tasks.json";
+const CURRENT_SINGLE_TASK_FILENAME = "current-single-task.json";
+const CURRENT_SINGLE_TASK_PROMPT_FILENAME = "current-single-task-prompt.md";
 const AUDIT_TASKS_FILENAME = "audit_tasks.json";
 const RUNTIME_VALIDATION_TASKS_FILENAME = "runtime_validation_tasks.json";
 const BLOCKED_STATUS = "blocked";
@@ -118,10 +120,10 @@ function buildInteractiveProviderHint(status, providerName, sessionConfigPath, i
         return null;
     }
     if (isConfigError) {
-        return `Configuration error: Verify --root points to a repository root (with package.json, go.mod, etc.).`;
+        return `Configuration error: Verify --root points to the intended repository root and that the tree contains auditable files.`;
     }
     const providerLabel = providerName ?? LOCAL_SUBPROCESS_PROVIDER_NAME;
-    return `Provider: ${providerLabel}. For automatic LLM review, configure an interactive provider in ${sessionConfigPath}.`;
+    return `Provider: ${providerLabel}. This is a deterministic semantic-review handoff, not a failed audit. Use host subagents when the active toolset provides them; otherwise use the single-task fallback and stop after the worker command. For automatic LLM review, configure an interactive provider in ${sessionConfigPath}; that is only needed for backend-launched review.`;
 }
 function renderMarkdown(handoff) {
     const lines = [
@@ -167,6 +169,9 @@ function renderMarkdown(handoff) {
         for (const command of handoff.suggested_commands) {
             lines.push(`- ${command}`);
         }
+        if (handoff.active_review_run) {
+            lines.push("- Use packet dispatch commands only when the conversation host exposes a callable subagent tool; otherwise follow the single-task fallback.");
+        }
     }
     if (handoff.active_review_run) {
         lines.push("", "Active review run:");
@@ -237,6 +242,8 @@ export function buildAuditCodeHandoff(params) {
         handoff.file_map = {
             current_task: artifactPaths.current_task,
             current_prompt: artifactPaths.current_prompt,
+            single_task: join(params.artifactsDir, "dispatch", CURRENT_SINGLE_TASK_FILENAME),
+            single_task_prompt: join(params.artifactsDir, "dispatch", CURRENT_SINGLE_TASK_PROMPT_FILENAME),
             dispatch_plan: join(params.artifactsDir, "runs", params.activeReviewRun.run_id, "dispatch-plan.json"),
             audit_results: params.activeReviewRun.audit_results_path,
             final_report: join(params.root, "audit-report.md"),

package/docs/operator-guide.md

@@ -57,7 +57,9 @@ ChatGPT-style project conversations are the intended product surface. Use
 default context.
 
 Codex should normally use the global skill seeded by the npm install plus
-repo-local `AGENTS.md` fallback guidance.
+repo-local `AGENTS.md` fallback guidance. The installed skill includes
+`agents/openai.yaml` metadata so Codex can keep the slash-list display aligned
+with the canonical `/audit-code` spelling.
 
 Claude Desktop is treated as an MCP-first host. Use the generated project
 template and local bundle artifacts when installing the integration.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.18",
+  "version": "0.3.20",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/scripts/postinstall.mjs

@@ -7,6 +7,7 @@ import { fileURLToPath } from 'url';
 const pkgRoot = dirname(dirname(fileURLToPath(import.meta.url)));
 const promptSourceFile = join(pkgRoot, 'skills', 'audit-code', 'audit-code.prompt.md');
 const skillSourceFile = join(pkgRoot, 'skills', 'audit-code', 'SKILL.md');
+const codexOpenAiAgentSourceFile = join(pkgRoot, 'skills', 'audit-code', 'agents', 'openai.yaml');
 
 function readRequiredSource(path, label) {
   if (!existsSync(path)) {
@@ -18,6 +19,15 @@ function readRequiredSource(path, label) {
   return readFileSync(path);
 }
 
+function readOptionalSource(path, label) {
+  if (!existsSync(path)) {
+    console.warn(`audit-code: ${label} source not found at ${path} - skipping optional install`);
+    return null;
+  }
+
+  return readFileSync(path);
+}
+
 function writeGeneratedFile(path, content) {
   const action = existsSync(path) ? 'updated' : 'installed';
   mkdirSync(dirname(path), { recursive: true });
@@ -32,8 +42,118 @@ function splitFrontmatter(text) {
   return { body: normalized.slice(match[0].length) };
 }
 
+const OPENCODE_AUDIT_EDIT_PERMISSION = {
+  '*': 'ask',
+  '.audit-code/**': 'allow',
+  '.audit-artifacts/**': 'allow',
+  'audit-report.md': 'allow',
+};
+
+const OPENCODE_AUDIT_BASH_PERMISSION = {
+  '*': 'ask',
+  'audit-code run-to-completion*': 'deny',
+  'audit-code synthesize*': 'deny',
+  'audit-code cleanup*': 'deny',
+  'audit-code requeue*': 'deny',
+  'audit-code ingest-results*': 'deny',
+  '*audit-code.mjs* run-to-completion*': 'deny',
+  '*audit-code.mjs* synthesize*': 'deny',
+  '*audit-code.mjs* cleanup*': 'deny',
+  '*audit-code.mjs* requeue*': 'deny',
+  '*audit-code.mjs* ingest-results*': 'deny',
+  'audit-code': 'allow',
+  'audit-code ensure*': 'allow',
+  'audit-code prepare-dispatch*': 'allow',
+  'audit-code submit-packet*': 'allow',
+  'audit-code merge-and-ingest*': 'allow',
+  'audit-code validate*': 'allow',
+  '*audit-code.mjs': 'allow',
+  '*audit-code.mjs* ensure*': 'allow',
+  '*audit-code.mjs* prepare-dispatch*': 'allow',
+  '*audit-code.mjs* submit-packet*': 'allow',
+  '*audit-code.mjs* merge-and-ingest*': 'allow',
+  '*audit-code.mjs* worker-run*': 'allow',
+  '*audit-code.mjs* validate*': 'allow',
+  'node* .audit-code/install/run-mcp-server.mjs*': 'allow',
+  'node* ./.audit-code/install/run-mcp-server.mjs*': 'allow',
+  'git status*': 'allow',
+  'git diff*': 'allow',
+  'grep *': 'allow',
+  'rm *': 'deny',
+};
+
+function objectValue(value) {
+  return value && typeof value === 'object' && !Array.isArray(value)
+    ? value
+    : {};
+}
+
+function mergeOpenCodePermissionRule(existingRule, generatedRule, managedRules = {}) {
+  if (generatedRule && typeof generatedRule === 'object' && !Array.isArray(generatedRule)) {
+    const generatedObject = generatedRule;
+    const merged = {};
+    const existingObject =
+      existingRule && typeof existingRule === 'object' && !Array.isArray(existingRule)
+        ? existingRule
+        : {};
+
+    if (typeof existingRule === 'string') {
+      merged['*'] = existingRule;
+    } else {
+      merged['*'] = existingObject['*'] ?? generatedObject['*'] ?? 'ask';
+    }
+
+    for (const [key, value] of Object.entries(generatedObject)) {
+      if (key !== '*') merged[key] = value;
+    }
+    for (const [key, value] of Object.entries(existingObject)) {
+      if (key !== '*') merged[key] = value;
+    }
+    for (const [key, value] of Object.entries(managedRules)) {
+      merged[key] = value;
+    }
+
+    return merged;
+  }
+
+  return existingRule ?? generatedRule;
+}
+
+function mergeOpenCodePermissionConfig(existingPermission, generatedPermission) {
+  if (!existingPermission || typeof existingPermission !== 'object' || Array.isArray(existingPermission)) {
+    return generatedPermission;
+  }
+
+  return {
+    ...generatedPermission,
+    ...existingPermission,
+    edit: mergeOpenCodePermissionRule(
+      existingPermission.edit,
+      generatedPermission.edit,
+      OPENCODE_AUDIT_EDIT_PERMISSION,
+    ),
+    bash: mergeOpenCodePermissionRule(
+      existingPermission.bash,
+      generatedPermission.bash,
+      OPENCODE_AUDIT_BASH_PERMISSION,
+    ),
+  };
+}
+
+function renderOpenCodePermissionConfig() {
+  return {
+    read: 'allow',
+    glob: 'allow',
+    grep: 'allow',
+    edit: { ...OPENCODE_AUDIT_EDIT_PERMISSION },
+    bash: { ...OPENCODE_AUDIT_BASH_PERMISSION },
+  };
+}
+
 function mergeOpenCodeGlobalConfig(existing, promptBody) {
   const parsed = existing ? JSON.parse(existing) : {};
+  const auditPermission = renderOpenCodePermissionConfig();
+  const existingAuditor = objectValue(objectValue(parsed.agent).auditor);
   return {
     ...parsed,
     command: {
@@ -47,12 +167,18 @@ function mergeOpenCodeGlobalConfig(existing, promptBody) {
         subtask: false,
       },
     },
+    permission: mergeOpenCodePermissionConfig(parsed.permission, auditPermission),
     agent: {
       ...(parsed.agent && typeof parsed.agent === 'object' && !Array.isArray(parsed.agent)
         ? parsed.agent
         : {}),
       auditor: {
+        ...existingAuditor,
         description: 'Read-heavy audit orchestration agent for the /audit-code workflow.',
+        permission: mergeOpenCodePermissionConfig(
+          existingAuditor.permission,
+          auditPermission,
+        ),
       },
     },
   };
@@ -75,23 +201,37 @@ if (!promptSource || !skillSource) {
 }
 
 const promptBody = splitFrontmatter(promptSource.toString('utf8')).body;
+const codexOpenAiAgentSource = readOptionalSource(codexOpenAiAgentSourceFile, 'Codex skill UI metadata');
 
 const installs = [
   {
     label: 'Claude command',
     path: join(homedir(), '.claude', 'commands', 'audit-code.md'),
+    sourcePath: promptSourceFile,
     content: promptSource,
   },
   {
     label: 'Codex skill',
     path: join(homedir(), '.codex', 'skills', 'audit-code', 'SKILL.md'),
+    sourcePath: skillSourceFile,
     content: skillSource,
   },
   {
     label: 'Codex prompt',
     path: join(homedir(), '.codex', 'skills', 'audit-code', 'audit-code.prompt.md'),
+    sourcePath: promptSourceFile,
     content: promptSource,
   },
+  ...(codexOpenAiAgentSource
+    ? [
+        {
+          label: 'Codex skill UI metadata',
+          path: join(homedir(), '.codex', 'skills', 'audit-code', 'agents', 'openai.yaml'),
+          sourcePath: codexOpenAiAgentSourceFile,
+          content: codexOpenAiAgentSource,
+        },
+      ]
+    : []),
 ];
 
 for (const install of installs) {
@@ -101,7 +241,7 @@ for (const install of installs) {
   } catch (err) {
     console.warn(`audit-code: could not install global ${install.label} (${err.message})`);
     console.warn(`  To install manually, copy from:`);
-    console.warn(`    ${install.label === 'Codex skill' ? skillSourceFile : promptSourceFile}`);
+    console.warn(`    ${install.sourcePath}`);
     console.warn(`  to:`);
     console.warn(`    ${install.path}`);
   }

package/skills/audit-code/SKILL.md

@@ -27,6 +27,11 @@ dispatch.
 If the host cannot delegate to subagents, the conversation orchestrator may
 complete exactly one assigned review task, ingest it through the provided backend
 command, then stop so the user can rerun `/audit-code` from fresh context.
+In that fallback path it should not prepare packet dispatch, probe alternate
+backend subcommands, synthesize reports, or choose a smaller task; the first
+pending task and the exact worker command are the boundary.
+The backend writes a deterministic single-task fallback prompt for that case so
+the orchestrator does not need to infer the first task from a broad batch prompt.
 
 Subagent fan-out belongs to the host agent runtime rather than to repo-local
 backend provider settings.

package/skills/audit-code/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "audit-code"
+  short_description: "Run the autonomous /audit-code repository audit workflow."
+  default_prompt: "Start /audit-code for this repository and continue until the audit completes or blocks for operator input."

package/skills/audit-code/audit-code.prompt.md

@@ -25,12 +25,21 @@ and ingest results mechanically.
   a backend command fails and the error explicitly requires diagnosis.
 - Do not inspect individual subagent result files after dispatch. Validation
   and ingestion are backend responsibilities.
+- Do not inspect the backend command catalog or try alternate subcommands to
+  bypass a blocked semantic-review handoff. In particular, do not run
+  `run-to-completion`, `synthesize`, `cleanup`, `requeue`, or direct
+  `ingest-results` while following this directive.
+- A report under `.audit-artifacts/` is not a completion signal while
+  `audit_state.status` is `"blocked"`. Present a report only after Step 5.
 - CRITICAL: Do not use your `Read` tool to read `entry.prompt_path` or JSON schemas into your own context window. The subagent will read them. Pass the path literally.
 - Prefer subagent dispatch for semantic review whenever the host exposes an
   Agent/subagent tool.
 - Treat the user's `/audit-code` request as explicit authorization to launch
   review subagents in parallel. Do not ask for a separate delegation request
   before using available Agent/subagent tools.
+- Decide subagent support from the active toolset, not from shell commands or
+  backend provider names. A shell command named `agent`, an MCP prompt, or a
+  `local-subprocess` provider is not a host subagent facility.
 - Do not use `browser_subagent` for semantic review of source code unless the
   task explicitly requires browser-based validation.
 - If the host cannot dispatch subagents, complete exactly one assigned review
@@ -86,7 +95,11 @@ If status is `"blocked"` for semantic review, continue to Step 2.
 
 ## Step 2 - Dispatch Review Work
 
-When the host supports subagents, prepare a dispatch plan by default:
+Use this step only when the active toolset exposes a callable host subagent
+facility such as `Agent`, `Task`, or an equivalent built-in delegation tool.
+Do not try to discover subagent support by running shell commands.
+
+When that callable subagent facility exists, prepare a dispatch plan by default:
 
 ```bash
 audit-code prepare-dispatch --run-id <run_id> --artifacts-dir <artifacts_dir>
@@ -132,21 +145,43 @@ error. Do not improvise manual merging or state edits.
 
 Loop back to Step 1.
 
+If no callable host subagent facility exists, or a delegation attempt fails
+because the host does not provide such a tool, go directly to Step 3. Do not run
+`prepare-dispatch`, do not inspect generated packet prompts, and do not try
+alternate backend commands.
+
 ## Step 3 - Single-Task Fallback
 
 Use this path only when the host cannot dispatch subagents.
 
-Read the current review prompt named by `handoff.active_review_run.prompt_path`
-or `.audit-artifacts/dispatch/current-prompt.md`, plus the matching task file
+Allowed backend command in this step: the exact `worker_command` from the task
+file, after you have written the single-task result. Do not run `audit-code`,
+`run-to-completion`, `prepare-dispatch`, `merge-and-ingest`, `synthesize`,
+`validate`, or any other backend command as a substitute for the fallback.
+
+Read the generated single-task fallback prompt at
+`handoff.file_map.single_task_prompt` when present, otherwise
+`.audit-artifacts/dispatch/current-single-task-prompt.md`. That file is
+deterministically narrowed to the first pending task. If it is unavailable, read
+the current review prompt named by `handoff.active_review_run.prompt_path` or
+`.audit-artifacts/dispatch/current-prompt.md`, plus the matching task file
 needed to find `audit_results_path` and `worker_command`.
 
 Complete exactly one assigned review task. If a batch file lists multiple tasks,
-choose the first pending task only. Read only that task's assigned files. Write
-one valid `AuditResult` object, wrapped in a JSON array, to `audit_results_path`.
+choose the first pending task by array order only; do not substitute a smaller
+or easier task. If that first task covers a large file, use targeted reads and
+searches within its assigned files instead of abandoning it. Read only that
+task's assigned files. Write one valid `AuditResult` object, wrapped in a JSON
+array, to `audit_results_path`.
+
+If the current review prompt says to produce results for every listed task, the
+single-task fallback overrides that wording for the top-level orchestrator:
+produce exactly one result for the first pending task only.
 
 Run the exact `worker_command` from the task file. Then stop and summarize that
 one bounded step. Do not loop into another semantic review task in the same
-conversation turn.
+conversation turn. Do not re-check audit state or read an audit report after the
+worker command.
 
 ## Step 4 - Backend Failure Handling