auditor-lambda 0.3.2 → 0.3.4

package/README.md

@@ -36,6 +36,10 @@ That bootstraps repo-local `/audit-code` surfaces for the hosts we can automate
 - VS Code prompt, custom agent, Copilot instructions, and `.vscode/mcp.json`
 - Antigravity planning-mode guidance plus the shared repo-local MCP launcher
 
+Re-run the same `audit-code install` command whenever the packaged prompt or
+skill changes. It is the single supported refresh path for the shared
+`.audit-code/install/*` assets and every generated host surface.
+
 After bootstrap, you can smoke-test the generated host assets and launcher from the repository root:
 
 ```bash
@@ -172,7 +176,8 @@ The next implementation work is tracked in:
 
 The short version is:
 
-- realign review dispatch around the conversation-owned, non-overlapping lens-block workflow
+- keep the packet dispatch workflow verified in real host environments
+- benchmark `/audit-code` packet counts and warning counts against nontrivial external repositories
 - prove the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance in real host flows
 - tighten the repo-local MCP-first bootstrap where host smoke tests expose friction
 - polish provider-assisted continuation and failure guidance

package/audit-code-wrapper-lib.mjs

@@ -1526,16 +1526,30 @@ async function verifyInstalledBootstrap(argv) {
 
   await collectVerifyCheck(generalChecks, 'installed_prompt', async () => {
     await ensureFile(assetPaths.installedPromptPath, 'Installed prompt asset');
+    const installedPrompt = await readFile(assetPaths.installedPromptPath, 'utf8');
+    const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+    if (installedPrompt !== sourcePrompt) {
+      throw new Error(
+        `Installed prompt is out of sync with the source prompt. Run "audit-code install" from ${root}.`,
+      );
+    }
     return {
-      summary: 'Installed prompt asset is present.',
+      summary: 'Installed prompt asset is present and matches the source prompt.',
       path: assetPaths.installedPromptPath,
     };
   });
 
   await collectVerifyCheck(generalChecks, 'installed_skill', async () => {
     await ensureFile(assetPaths.installedSkillPath, 'Installed skill asset');
+    const installedSkill = (await readFile(assetPaths.installedSkillPath, 'utf8')).replace(/\r\n/g, '\n');
+    const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+    if (installedSkill !== sourceSkill) {
+      throw new Error(
+        `Installed skill is out of sync with the source skill. Run "audit-code install" from ${root}.`,
+      );
+    }
     return {
-      summary: 'Installed skill asset is present.',
+      summary: 'Installed skill asset is present and matches the source skill.',
       path: assetPaths.installedSkillPath,
     };
   });
@@ -1599,11 +1613,30 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('# audit-code skill')) {
             throw new Error(`Codex skill file is missing the expected heading: ${assetPaths.codexSkillPath}`);
           }
+          const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+          if (content.replace(/\r\n/g, '\n') !== sourceSkill) {
+            throw new Error(
+              `Codex skill is out of sync with the source skill. Run "audit-code install --host codex" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'Codex skill bundle is present.',
+            summary: 'Codex skill bundle is present and matches the source skill.',
             path: assetPaths.codexSkillPath,
           };
         });
+        await collectVerifyCheck(checks, 'codex_prompt', async () => {
+          const content = await readFile(assetPaths.codexPromptPath, 'utf8');
+          const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+          if (content !== sourcePrompt) {
+            throw new Error(
+              `Codex prompt is out of sync with the source prompt. Run "audit-code install --host codex" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'Codex prompt bundle is present and matches the source prompt.',
+            path: assetPaths.codexPromptPath,
+          };
+        });
         await collectVerifyCheck(checks, 'codex_mcp_setup', async () => {
           const content = await readFile(assetPaths.codexMcpSetupPath, 'utf8');
           if (!content.includes(MCP_LAUNCHER_FILENAME)) {
@@ -1701,11 +1734,44 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('agent: auditor')) {
             throw new Error(`OpenCode command file is missing the auditor agent frontmatter: ${assetPaths.opencodeCommandPath}`);
           }
+          const { body: commandBody } = splitFrontmatter(content);
+          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
+          if (commandBody !== sourceBody.trimStart()) {
+            throw new Error(
+              `OpenCode command prompt body is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'OpenCode command file is present.',
+            summary: 'OpenCode command file is present and uses the source prompt body.',
             path: assetPaths.opencodeCommandPath,
           };
         });
+        await collectVerifyCheck(checks, 'opencode_skill', async () => {
+          const content = (await readFile(assetPaths.opencodeSkillPath, 'utf8')).replace(/\r\n/g, '\n');
+          const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+          if (content !== sourceSkill) {
+            throw new Error(
+              `OpenCode skill is out of sync with the source skill. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'OpenCode skill is present and matches the source skill.',
+            path: assetPaths.opencodeSkillPath,
+          };
+        });
+        await collectVerifyCheck(checks, 'opencode_prompt', async () => {
+          const content = await readFile(assetPaths.opencodePromptPath, 'utf8');
+          const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+          if (content !== sourcePrompt) {
+            throw new Error(
+              `OpenCode prompt is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'OpenCode prompt is present and matches the source prompt.',
+            path: assetPaths.opencodePromptPath,
+          };
+        });
         await collectVerifyCheck(checks, 'opencode_config', async () => {
           const config = await readJson(assetPaths.opencodeConfigPath, 'OpenCode project config');
           const command = config?.mcp?.auditor?.command;
@@ -1730,8 +1796,15 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('name: audit-code')) {
             throw new Error(`VS Code prompt file is missing the expected frontmatter name: ${assetPaths.vscodePromptPath}`);
           }
+          const { body: promptBody } = splitFrontmatter(content);
+          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
+          if (promptBody !== sourceBody.trimStart()) {
+            throw new Error(
+              `VS Code prompt body is out of sync with the source prompt. Run "audit-code install --host vscode" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'VS Code prompt file is present.',
+            summary: 'VS Code prompt file is present and uses the source prompt body.',
             path: assetPaths.vscodePromptPath,
           };
         });

package/dist/cli.js

@@ -26,6 +26,7 @@ import { buildAuditCodeHandoff, writeAuditCodeHandoffArtifacts, } from "./superv
 import { getSessionConfigPath, loadSessionConfig, readSessionConfigFile, } from "./supervisor/sessionConfig.js";
 import { clearDispatchFiles, buildRunId, ensureSupervisorDirs, getRunPaths, writeDispatchBatchFiles, writeWorkerTaskFiles, } from "./io/runArtifacts.js";
 import { renderWorkerPrompt } from "./prompts/renderWorkerPrompt.js";
+import { buildReviewPackets, orderTasksForPacketReview, } from "./orchestrator/reviewPackets.js";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "./providers/constants.js";
 import { runAuditCodeMcpServer } from "./mcp/server.js";
 const packageRoot = resolve(dirname(fileURLToPath(import.meta.url)), "..");
@@ -35,7 +36,7 @@ const DIRECT_CLI_DEFAULTS = {
     rootDir: ".",
     artifactsDir: ".artifacts",
     maxRuns: 1000,
-    agentBatchSize: 1,
+    agentBatchSize: 6,
     parallelWorkers: 1,
     timeoutMs: 30 * 60 * 1000, // 30 minutes
     uiMode: "headless",
@@ -287,7 +288,12 @@ async function detectProjectRoot(root) {
 }
 function buildPendingAuditTasks(bundle) {
     const completedTaskIds = new Set((bundle.audit_results ?? []).map((result) => result.task_id));
-    return (bundle.audit_tasks ?? []).filter((task) => task.status !== "complete" && !completedTaskIds.has(task.task_id));
+    const pendingTasks = (bundle.audit_tasks ?? []).filter((task) => task.status !== "complete" && !completedTaskIds.has(task.task_id));
+    const lineIndex = Object.fromEntries(pendingTasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
+    return orderTasksForPacketReview(pendingTasks, {
+        graphBundle: bundle.graph_bundle,
+        lineIndex,
+    });
 }
 async function addFileLineCountHints(root, tasks) {
     const lineIndex = await buildLineIndexForPaths(root, tasks.flatMap((task) => task.file_paths));
@@ -1312,6 +1318,9 @@ async function cmdRunToCompletion(argv) {
         next_likely_step: state.status === "complete" ? null : decision.selected_obligation,
         providerName: provider.name,
     });
+    if (state.status === "complete") {
+        await promoteFinalAuditReport({ artifactsDir, repoRoot: root });
+    }
 }
 async function cmdWorkerRun(argv) {
     const taskPath = getFlag(argv, "--task");
@@ -1405,92 +1414,169 @@ async function cmdPrepareDispatch(argv) {
     const taskResultsDir = join(runDir, "task-results");
     const dispatchPlanPath = join(runDir, "dispatch-plan.json");
     const tasks = await readJsonFile(tasksPath);
+    const bundle = await loadArtifactBundle(artifactsDir);
     const lensDefsPath = join(packageRoot, "dispatch", "lens-definitions.json");
     const lensDefs = await readJsonFile(lensDefsPath);
     await mkdir(taskResultsDir, { recursive: true });
+    const lineIndex = Object.fromEntries(tasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
+    const orderedTasks = orderTasksForPacketReview(tasks, {
+        graphBundle: bundle.graph_bundle,
+        lineIndex,
+    });
+    const packets = buildReviewPackets(orderedTasks, {
+        graphBundle: bundle.graph_bundle,
+        lineIndex,
+    });
+    const tasksById = new Map(orderedTasks.map((task) => [task.task_id, task]));
+    const outputPathByTaskId = new Map(orderedTasks.map((task) => [
+        task.task_id,
+        join(taskResultsDir, `${task.task_id.replace(/[^a-zA-Z0-9_-]/g, "_")}.json`),
+    ]));
     const plan = [];
-    let largestTask = null;
+    let largestPacketId = null;
     let largestLines = 0;
-    for (const task of tasks) {
-        const sanitized = task.task_id.replace(/[^a-zA-Z0-9_-]/g, "_");
-        const outputPath = join(taskResultsDir, `${sanitized}.json`);
+    let largestEstimatedTokens = 0;
+    const warnings = [];
+    for (const packet of packets) {
+        const sanitized = packet.packet_id.replace(/[^a-zA-Z0-9_-]/g, "_");
         const promptPath = join(taskResultsDir, `${sanitized}.prompt.md`);
-        const lensDef = lensDefs[task.lens];
-        if (!lensDef) {
-            process.stderr.write(`Warning: no lens definition for '${task.lens}' (task ${task.task_id})\n`);
+        const packetTasks = packet.task_ids
+            .map((taskId) => tasksById.get(taskId))
+            .filter((task) => task !== undefined);
+        if (packet.total_lines > largestLines) {
+            largestLines = packet.total_lines;
+            largestEstimatedTokens = packet.estimated_tokens;
+            largestPacketId = packet.packet_id;
         }
-        const totalLines = Object.values(task.file_line_counts ?? {}).reduce((a, b) => a + b, 0);
-        if (totalLines > largestLines) {
-            largestLines = totalLines;
-            largestTask = task.task_id;
+        if (packet.total_lines > 2500) {
+            warnings.push({
+                code: "large_packet",
+                message: `large packet ${packet.packet_id} (~${packet.total_lines} lines) may hit quota limits`,
+            });
         }
-        if (totalLines > 1500) {
-            process.stderr.write(`Warning: large task ${task.task_id} (~${totalLines} lines) may hit quota limits\n`);
+        for (const task of packetTasks) {
+            if (!lensDefs[task.lens]) {
+                warnings.push({
+                    code: "missing_lens_definition",
+                    message: `no lens definition for '${task.lens}' (task ${task.task_id})`,
+                });
+            }
         }
-        const fileList = task.file_paths.map(p => {
-            const lines = task.file_line_counts?.[p] ?? 0;
-            return `- ${p} (${lines} lines)`;
+        const fileList = packet.file_paths.map((path) => {
+            const lines = packet.file_line_counts[path] ?? 0;
+            return `- ${path} (${lines} lines)`;
         }).join("\n");
+        const taskSections = packetTasks.flatMap((task) => {
+            const lensDef = lensDefs[task.lens];
+            const outputPath = outputPathByTaskId.get(task.task_id);
+            return [
+                `### ${task.task_id}`,
+                `unit_id: ${task.unit_id}`,
+                `pass_id: ${task.pass_id}`,
+                `lens: ${task.lens}`,
+                `output_path: ${outputPath}`,
+                `rationale: ${task.rationale}`,
+                "",
+                `Lens guidance: ${lensDef?.description ?? task.lens}`,
+                `Do NOT report: ${lensDef?.do_not_report ?? "N/A"}`,
+                "",
+            ];
+        });
+        const validationCommands = packetTasks.map((task) => `  "${process.execPath}" "${join(packageRoot, "audit-code.mjs")}" validate-result --run-id ${runId} --task-id ${task.task_id} --artifacts-dir "${artifactsDir}"`);
+        const outputPaths = Object.fromEntries(packetTasks.map((task) => [
+            task.task_id,
+            outputPathByTaskId.get(task.task_id) ?? "",
+        ]));
         const prompt = [
-            "You are a code auditor. Review the files below under the specified lens.",
+            "You are a code auditor. Review this packet once, then produce one result file per listed task.",
             "",
-            "## Task",
-            `task_id: ${task.task_id}`,
-            `unit_id: ${task.unit_id}`,
-            `pass_id: ${task.pass_id}`,
-            `lens: ${task.lens}`,
+            "## Packet",
+            `packet_id: ${packet.packet_id}`,
+            `task_count: ${packet.task_ids.length}`,
+            `lenses: ${packet.lenses.join(", ")}`,
+            `estimated_tokens: ${packet.estimated_tokens}`,
             "",
             "## Files to read",
             "Use your Read tool. Paths are repo-relative from the current working directory.",
             fileList,
             "",
-            `## Lens: ${task.lens}`,
-            lensDef?.description ?? task.lens,
-            "",
-            `Do NOT report: ${lensDef?.do_not_report ?? "N/A"}`,
-            "",
+            "## Tasks",
+            ...taskSections,
             "## Output",
-            `Write a single JSON object to: ${outputPath}`,
+            "Write exactly one JSON object for each task to that task's output_path.",
+            "Do not combine the task results into one file. Do not edit source files,",
+            "remediate findings, create extra task results, or run unrelated audits.",
             "",
-            "Required fields:",
-            "  task_id       copy from task metadata above",
-            "  unit_id       copy from task metadata above",
-            "  pass_id       copy from task metadata above",
-            "  lens          copy from task metadata above",
-            "  file_coverage [{path, total_lines}] — one entry per file; use the line counts listed above",
-            "  findings      [] or array of finding objects (see below)",
+            "Required AuditResult fields:",
+            "  task_id       copy from the task metadata",
+            "  unit_id       copy from the task metadata",
+            "  pass_id       copy from the task metadata",
+            "  lens          copy from the task metadata",
+            "  file_coverage [{path, total_lines}] - one entry per assigned file; use the line counts listed above",
+            "  findings      [] or array of finding objects",
             "",
             "Each finding object:",
             "  id            unique ID, e.g. \"COR-001\"",
             "  title         short title",
-            "  category      correctness|architecture|maintainability|security|reliability|performance|data_integrity|tests|operability|config_deployment",
+            "  category      specific finding category, such as missing-validation or command-execution",
             "  severity      critical|high|medium|low|info",
             "  confidence    high|medium|low",
-            `  lens          "${task.lens}" — must match task lens exactly`,
-            "  summary       1–2 sentence description",
-            "  affected_files  [{path, line_start?, line_end?, symbol?}] — objects, not strings; min 1 entry",
-            "  evidence     [\"path/to/file.ts:42 — description of what you see there\"] — min 1 entry",
+            "  lens          must match the task lens exactly",
+            "  summary       1-2 sentence description",
+            "  affected_files  [{path, line_start?, line_end?, symbol?}] - objects, not strings; min 1 entry",
+            "  evidence     [\"path/to/file.ts:42 - description of what you see there\"] - min 1 entry",
             "",
             "Constraints:",
-            "1. line_end must not exceed the file's actual line count (use counts listed above)",
-            "2. affected_files entries are OBJECTS with a \"path\" key — NOT plain strings",
-            "3. Only reference files from the list above",
-            "4. findings: [] is correct when you find nothing genuine",
+            "1. line_end must not exceed the file's actual line count.",
+            "2. affected_files entries are objects with a path key, not plain strings.",
+            "3. Only reference files from the packet unless a finding genuinely crosses a boundary.",
+            "4. findings: [] is correct when you find nothing genuine.",
             "",
             "## Validate",
-            "After writing your result, run:",
-            `  "${process.execPath}" "${join(packageRoot, "audit-code.mjs")}" validate-result --run-id ${runId} --task-id ${task.task_id} --artifacts-dir "${artifactsDir}"`,
+            "After writing every result, run:",
+            ...validationCommands,
+            "",
+            "Exit 0 means valid. Non-zero: read the errors, fix the JSON, rewrite the file, run again. Retry up to 3 times.",
             "",
-            "Exit 0 means valid. Non-zero: read the errors, fix your JSON, rewrite the file, run again. Retry up to 3 times.",
+            "## Final response",
+            `After every validation command succeeds, reply exactly: valid: ${packet.packet_id}, findings=<total finding count>`,
         ].join("\n");
         await writeFile(promptPath, prompt, "utf8");
-        const description = `Audit ${task.unit_id} (${task.file_paths.length} file(s), ~${totalLines} lines) — ${task.lens} lens`;
-        plan.push({ task_id: task.task_id, description, output_path: outputPath, prompt_path: promptPath });
+        plan.push({
+            packet_id: packet.packet_id,
+            task_id: packet.task_ids.length === 1 ? packet.task_ids[0] : packet.packet_id,
+            task_ids: packet.task_ids,
+            description: `Audit ${packet.file_paths.length} file(s), ${packet.task_ids.length} task(s), ${packet.lenses.length} lens(es) (~${packet.total_lines} lines)`,
+            output_paths: outputPaths,
+            prompt_path: promptPath,
+            lenses: packet.lenses,
+            file_paths: packet.file_paths,
+            total_lines: packet.total_lines,
+            estimated_tokens: packet.estimated_tokens,
+        });
     }
     await writeJsonFile(dispatchPlanPath, plan);
-    console.log(`Wrote dispatch-plan.json — ${plan.length} tasks ready for dispatch`);
-    if (largestTask)
-        console.log(`Largest task: ${largestTask} (~${largestLines} lines)`);
+    const warningsPath = warnings.length > 0
+        ? join(runDir, "dispatch-warnings.json")
+        : null;
+    if (warningsPath) {
+        await writeJsonFile(warningsPath, warnings);
+    }
+    console.log(JSON.stringify({
+        run_id: runId,
+        dispatch_plan_path: dispatchPlanPath,
+        packet_count: plan.length,
+        task_count: orderedTasks.length,
+        largest_packet: largestPacketId
+            ? {
+                packet_id: largestPacketId,
+                total_lines: largestLines,
+                estimated_tokens: largestEstimatedTokens,
+            }
+            : null,
+        warning_count: warnings.length,
+        dispatch_warnings_path: warningsPath,
+    }, null, 2));
 }
 async function cmdMergeAndIngest(argv) {
     const runId = getFlag(argv, "--run-id");
@@ -1502,12 +1588,13 @@ async function cmdMergeAndIngest(argv) {
     const auditResultsPath = join(runDir, "audit-results.json");
     const taskPath = join(runDir, "task.json");
     const tasksPath = join(runDir, "pending-audit-tasks.json");
+    const workerTask = await readJsonFile(taskPath);
     let allTasks = [];
     try {
         allTasks = await readJsonFile(tasksPath);
     }
     catch { /* may not exist */ }
-    const taskMap = new Map(allTasks.map(t => [t.task_id, t]));
+    const lineIndex = Object.fromEntries(allTasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
     let files;
     try {
         files = (await readdir(taskResultsDir)).filter(f => f.endsWith(".json")).sort();
@@ -1517,6 +1604,7 @@ async function cmdMergeAndIngest(argv) {
     }
     const passing = [];
     const failing = [];
+    const seenTaskIds = new Set();
     for (const filename of files) {
         const filePath = join(taskResultsDir, filename);
         let obj;
@@ -1527,26 +1615,76 @@ async function cmdMergeAndIngest(argv) {
             failing.push({ task_id: filename, errors: [`Invalid JSON: ${e.message}`] });
             continue;
         }
-        const taskId = typeof obj.task_id === "string"
-            ? String(obj.task_id) : undefined;
-        const matchingTask = taskId ? taskMap.get(taskId) : undefined;
-        const issues = validateAuditResults([obj], matchingTask ? [matchingTask] : [], { lineIndex: matchingTask?.file_line_counts ?? {} });
-        const errors = issues.filter(i => i.severity === "error");
-        if (errors.length === 0) {
+        const record = obj && typeof obj === "object" && !Array.isArray(obj)
+            ? obj
+            : undefined;
+        const taskId = typeof record?.task_id === "string"
+            ? String(record.task_id) : undefined;
+        const resultErrors = [];
+        if (taskId) {
+            if (seenTaskIds.has(taskId)) {
+                resultErrors.push(`Duplicate audit result for assigned task '${taskId}'.`);
+            }
+            else {
+                seenTaskIds.add(taskId);
+            }
+        }
+        const issues = validateAuditResults([obj], allTasks, { lineIndex });
+        resultErrors.push(...issues
+            .filter(i => i.severity === "error")
+            .map(i => i.message));
+        if (resultErrors.length === 0) {
             passing.push(obj);
         }
         else {
-            failing.push({ task_id: taskId ?? filename, errors: errors.map(i => i.message) });
+            failing.push({ task_id: taskId ?? filename, errors: resultErrors });
+        }
+    }
+    for (const task of allTasks) {
+        if (!seenTaskIds.has(task.task_id)) {
+            failing.push({
+                task_id: task.task_id,
+                errors: ["Missing audit result for assigned task."],
+            });
         }
     }
     await writeJsonFile(auditResultsPath, passing);
     if (failing.length > 0) {
-        await writeJsonFile(join(runDir, "failed-tasks.json"), failing);
-        process.stderr.write(`${failing.length} task(s) excluded — see ${join(runDir, "failed-tasks.json")}\n`);
+        const failedTasksPath = join(runDir, "failed-tasks.json");
+        await writeJsonFile(failedTasksPath, failing);
+        throw new Error(`${failing.length} assigned task result(s) were missing or invalid; blocked before ingestion. See ${failedTasksPath}`);
     }
-    process.stderr.write(`✓ ${passing.length}/${files.length} results merged → ${auditResultsPath}\n`);
-    // Ingest: run worker-run logic against the merged results file
-    await cmdWorkerRun([argv[0], argv[1], "worker-run", "--task", taskPath, "--artifacts-dir", artifactsDir]);
+    const findingCount = passing.reduce((sum, result) => sum + result.findings.length, 0);
+    const result = await runAuditStep({
+        root: workerTask.repo_root,
+        artifactsDir,
+        preferredExecutor: "result_ingestion_executor",
+        auditResultsPath,
+    });
+    const workerResult = buildWorkerResult({
+        runId,
+        obligationId: workerTask.obligation_id,
+        status: result.progress_made ? "completed" : "no_progress",
+        progressMade: result.progress_made,
+        selectedExecutor: result.selected_executor,
+        artifactsWritten: result.artifacts_written,
+        summary: result.progress_summary,
+        nextLikelyStep: result.next_likely_step,
+        errors: [],
+    });
+    await writeJsonFile(workerTask.result_path, workerResult);
+    console.log(JSON.stringify({
+        run_id: runId,
+        status: workerResult.status,
+        accepted_count: passing.length,
+        rejected_count: 0,
+        finding_count: findingCount,
+        audit_results_path: auditResultsPath,
+        selected_executor: workerResult.selected_executor,
+        progress_made: workerResult.progress_made,
+        progress_summary: workerResult.summary,
+        next_likely_step: workerResult.next_likely_step,
+    }, null, 2));
 }
 async function cmdValidateResult(argv) {
     const runId = getFlag(argv, "--run-id");

package/dist/extractors/graph.d.ts

@@ -1,4 +1,8 @@
 import type { RepoManifest } from "../types.js";
 import type { FileDisposition } from "../types/disposition.js";
 import type { GraphBundle } from "../types/graph.js";
-export declare function buildGraphBundle(repoManifest: RepoManifest, disposition?: FileDisposition): GraphBundle;
+export interface BuildGraphBundleOptions {
+    fileContents?: Record<string, string>;
+}
+export declare function buildGraphBundleFromFs(repoManifest: RepoManifest, root: string, disposition?: FileDisposition): Promise<GraphBundle>;
+export declare function buildGraphBundle(repoManifest: RepoManifest, disposition?: FileDisposition, options?: BuildGraphBundleOptions): GraphBundle;