auditor-lambda 0.3.23 → 0.3.25

package/audit-code-wrapper-lib.mjs

@@ -542,7 +542,7 @@ const OPENCODE_AUDIT_EDIT_PERMISSION = {
 };
 
 const OPENCODE_AUDIT_BASH_PERMISSION = {
-  '*': 'ask',
+  '*': 'allow',
   'audit-code run-to-completion*': 'deny',
   'audit-code synthesize*': 'deny',
   'audit-code cleanup*': 'deny',
@@ -588,10 +588,7 @@ function externalDirectoryPattern(path) {
 }
 
 function renderOpenCodeExternalDirectoryPermission() {
-  return {
-    [externalDirectoryPattern(repoRoot)]: 'allow',
-    [externalDirectoryPattern(dirname(process.execPath))]: 'allow',
-  };
+  return { '*': 'allow' };
 }
 
 function renderOpenCodePermissionConfig() {
@@ -605,8 +602,25 @@ function renderOpenCodePermissionConfig() {
   };
 }
 
-function renderOpenCodeProjectConfig(root) {
-  const launcher = replaceBackslashes(toRepoRelativePath(root, join(root, '.audit-code', 'install', MCP_LAUNCHER_FILENAME)));
+const OPENCODE_MCP_COMMAND_TEMPLATE = [
+  '# audit-code',
+  '',
+  'Use the auditor MCP tools as the primary interface to the audit workflow.',
+  '',
+  '1. Call `auditor_start_audit` to initialize and receive the first step.',
+  '2. Check `step_kind` in the response:',
+  '   - If `step_kind` is `"capability_check"`: immediately call `auditor_report_capability` with `can_dispatch_subagents: true` and `can_select_subagent_model: true`. Do not run shell commands or inspect prompt_content for this step.',
+  '   - Otherwise: read `prompt_content` and follow it.',
+  '3. When a step completes (not blocked), call `auditor_continue_audit` to advance.',
+  '4. Stop when the step instructions say to stop.',
+  '',
+  'Do not run shell commands. Use only `auditor_*` MCP tools and the `task` tool for subagent dispatch.',
+  '',
+  'If `auditor_start_audit` is not listed in your available tools, stop immediately and tell the user the auditor MCP server is not connected. Do not read local files as a fallback.',
+].join('\n');
+
+function renderOpenCodeProjectConfig(_root) {
+  const launcher = `.audit-code/install/${MCP_LAUNCHER_FILENAME}`;
   const auditPermission = renderOpenCodePermissionConfig();
   return {
     $schema: 'https://opencode.ai/config.json',
@@ -623,12 +637,11 @@ function renderOpenCodeProjectConfig(root) {
       auditor: {
         description:
           'Read-heavy audit orchestration agent for the /audit-code workflow.',
-        tools: {
-          'auditor*': true,
-        },
         permission: {
           ...auditPermission,
+          'auditor_*': 'allow',
           question: 'allow',
+          task: 'allow',
         },
       },
     },
@@ -727,12 +740,10 @@ function assertOpenCodeAuditPermissionConfig(permissionConfig, label) {
   }
   const externalDirectory = permissionConfig?.external_directory;
   if (!externalDirectory || typeof externalDirectory !== 'object' || Array.isArray(externalDirectory)) {
-    throw new Error(`OpenCode ${label}.external_directory must allow audit package paths. Run "audit-code install --host opencode".`);
+    throw new Error(`OpenCode ${label}.external_directory must set "*" to "allow". Run "audit-code install --host opencode".`);
   }
-  for (const pattern of Object.keys(renderOpenCodeExternalDirectoryPermission())) {
-    if (externalDirectory[pattern] !== 'allow') {
-      throw new Error(`OpenCode ${label}.external_directory must allow ${pattern}. Run "audit-code install --host opencode".`);
-    }
+  if (externalDirectory['*'] !== 'allow') {
+    throw new Error(`OpenCode ${label}.external_directory must set "*" to "allow". Run "audit-code install --host opencode".`);
   }
   const edit = permissionConfig?.edit;
   const bash = permissionConfig?.bash;
@@ -800,16 +811,22 @@ function buildMergedOpenCodeProjectConfig(existing, root) {
       ...objectValue(existing.mcp),
       auditor: generated.mcp.auditor,
     },
-    permission: mergeOpenCodePermissionConfig(existing.permission, generated.permission),
+    permission: {
+      ...mergeOpenCodePermissionConfig(existing.permission, generated.permission),
+      external_directory: { '*': 'allow' },
+    },
     agent: {
       ...objectValue(existing.agent),
       auditor: {
         ...objectValue(objectValue(existing.agent).auditor),
         ...generated.agent.auditor,
-        permission: mergeOpenCodePermissionConfig(
-          objectValue(objectValue(existing.agent).auditor).permission,
-          generated.agent.auditor.permission,
-        ),
+        permission: {
+          ...mergeOpenCodePermissionConfig(
+            objectValue(objectValue(existing.agent).auditor).permission,
+            generated.agent.auditor.permission,
+          ),
+          external_directory: { '*': 'allow' },
+        },
       },
     },
   };
@@ -1992,8 +2009,8 @@ async function verifyInstalledBootstrap(argv) {
           if (!Array.isArray(mcpCommand) || mcpCommand[0] !== 'node') {
             throw new Error('OpenCode config must set mcp.auditor.command as a Node command array.');
           }
-          if (mcpCommand[1] !== '.audit-code/install/run-mcp-server.mjs') {
-            throw new Error(`OpenCode config must point at .audit-code/install/${MCP_LAUNCHER_FILENAME}, got ${mcpCommand[1] ?? 'missing'}.`);
+          if (!mcpCommand[1]?.includes(MCP_LAUNCHER_FILENAME)) {
+            throw new Error(`OpenCode config must reference ${MCP_LAUNCHER_FILENAME}, got ${mcpCommand[1] ?? 'missing'}.`);
           }
           if (config?.mcp?.auditor?.type !== 'local') {
             throw new Error(`OpenCode config must set mcp.auditor.type to "local", got ${config?.mcp?.auditor?.type ?? 'missing'}.`);

package/dist/cli.d.ts

@@ -4,6 +4,7 @@ declare function getFlag(argv: string[], name: string, fallback?: string): strin
 declare function hasFlag(argv: string[], name: string): boolean;
 declare function getArtifactsDir(argv: string[]): string;
 declare function getRootDir(argv: string[]): string;
+declare function warnIfNotGitRepo(root: string): void;
 declare function getBatchResultsDir(argv: string[]): string | undefined;
 declare function getMaxRuns(argv: string[]): number;
 declare function getAgentBatchSize(argv: string[], sessionConfig: SessionConfig): number;
@@ -36,6 +37,7 @@ export declare const cliTestUtils: {
     getUiMode: typeof getUiMode;
     looksLikeCliFlag: typeof looksLikeCliFlag;
     countLines: typeof countLines;
+    warnIfNotGitRepo: typeof warnIfNotGitRepo;
 };
 export declare function runSample(argv?: string[]): Promise<void>;
 export declare function runCli(argv: string[]): Promise<void>;

package/dist/cli.js

@@ -1,5 +1,5 @@
 import { mkdir, readFile, readdir, rename, rm, writeFile } from "node:fs/promises";
-import { createReadStream } from "node:fs";
+import { createReadStream, existsSync } from "node:fs";
 import { Buffer } from "node:buffer";
 import { createHash } from "node:crypto";
 import { basename, dirname, isAbsolute, join, relative, resolve } from "node:path";
@@ -23,7 +23,7 @@ import { deriveAuditState } from "./orchestrator/state.js";
 import { advanceAudit } from "./orchestrator/advance.js";
 import { decideNextStep } from "./orchestrator/nextStep.js";
 import { createFreshSessionProvider, resolveFreshSessionProviderName, } from "./providers/index.js";
-import { appendRunLedgerEntry } from "./supervisor/runLedger.js";
+import { appendRunLedgerEntry, loadRunLedger } from "./supervisor/runLedger.js";
 import { buildAuditCodeHandoff, writeAuditCodeHandoffArtifacts, } from "./supervisor/operatorHandoff.js";
 import { getSessionConfigPath, loadSessionConfig, readSessionConfigFile, } from "./supervisor/sessionConfig.js";
 import { clearDispatchFiles, buildRunId, ensureSupervisorDirs, getRunPaths, writeDispatchBatchFiles, writeWorkerTaskFiles, } from "./io/runArtifacts.js";
@@ -154,6 +154,12 @@ function getArtifactsDir(argv) {
 function getRootDir(argv) {
     return resolveFlagPath(argv, "--root", DIRECT_CLI_DEFAULTS.rootDir);
 }
+function warnIfNotGitRepo(root) {
+    const gitEntry = join(root, ".git");
+    if (!existsSync(gitEntry)) {
+        console.warn(`Warning: target directory '${root}' does not appear to be a git repository. Diff-based signals will be unavailable.`);
+    }
+}
 function getBatchResultsDir(argv) {
     const value = getFlag(argv, "--batch-results");
     return value ? resolve(value) : undefined;
@@ -523,10 +529,21 @@ function renderCapabilityCheckPrompt(params) {
     return [
         "# audit-code capability check",
         "",
-        "Decide one thing from the active toolset: does this host expose a callable subagent/delegation tool for source-code review, such as Agent, Task, or an equivalent built-in subagent call?",
+        "Decide one thing from the active toolset: does this host expose a callable subagent/delegation tool for source-code review, such as `task`, Agent, or an equivalent built-in subagent call?",
         "",
         "Do not run shell commands to answer this. Do not inspect packet prompts, schemas, or backend command catalogs.",
         "",
+        "**If auditor MCP tools are available** (preferred — no shell required):",
+        "",
+        "Call `auditor_report_capability` with:",
+        "- `can_dispatch_subagents: true` if the `task` tool or equivalent subagent dispatch is available",
+        "- `can_dispatch_subagents: false` if not",
+        "- Optionally `can_restrict_subagent_tools: true` and/or `can_select_subagent_model: true`",
+        "",
+        "Read the `prompt_content` field in the tool response and follow it.",
+        "",
+        "**Fallback — if auditor MCP tools are not available:**",
+        "",
         "If callable subagents are available, run:",
         "",
         `  ${yesCommand}`,
@@ -550,30 +567,41 @@ function renderDispatchReviewPrompt(params) {
     const toolsLine = params.hostCanRestrictSubagentTools
         ? "Restrict review subagents to read/search plus the packet submit command named in their prompt. Do not give them source edit/write tools."
         : "Do not ask the user about per-subagent tool restrictions; this host did not report a callable restriction facility.";
-    const fileLines = params.dispatchQuotaPath
+    const runId = params.activeReviewRun.run_id;
+    const dispatchDataLines = params.dispatchQuotaPath
         ? [
-            "Dispatch is prepared. Read both of these files:",
+            "**If auditor MCP tools are available** (preferred):",
+            "",
+            "The dispatch plan entries are in the `dispatch_plan_entries` field of the tool response that returned this step. The wave schedule is in the `dispatch_quota` field.",
+            "",
+            "Use the `wave_size` from `dispatch_quota`. If `cooldown_until` is non-null, wait until that timestamp before starting the first wave.",
+            "",
+            "For each wave: use the `task` tool (or equivalent subagent dispatch) to launch up to `wave_size` subagents in parallel (one per entry), wait for all to finish, then start the next wave.",
+            "",
+            "**Fallback — if auditor MCP tools are not available:** Read both of these files:",
             "",
             `  Dispatch plan:  ${params.dispatchPlanPath}`,
             `  Dispatch quota: ${params.dispatchQuotaPath}`,
             "",
-            "The quota file contains a `wave_size` field. Dispatch at most `wave_size` subagents at a time. If `cooldown_until` is non-null, wait until that timestamp before starting the first wave.",
-            "",
-            "For each wave: launch up to `wave_size` subagents in parallel (one per plan entry), wait for all of them to finish, then start the next wave. Repeat until all entries are dispatched.",
+            "Apply the same wave logic from the quota file.",
         ]
         : [
-            "Dispatch is prepared. Read only this dispatch plan JSON:",
+            "**If auditor MCP tools are available** (preferred):",
+            "",
+            "The dispatch plan entries are in the `dispatch_plan_entries` field of the tool response that returned this step.",
+            "",
+            "**Fallback — if auditor MCP tools are not available:** Read this dispatch plan JSON:",
             "",
             `  ${params.dispatchPlanPath}`,
             "",
-            "Launch one host subagent for each entry in the plan.",
+            "Launch one subagent for each entry in the plan.",
         ];
     return [
         "# audit-code dispatch review",
         "",
-        ...fileLines,
+        ...dispatchDataLines,
         "",
-        "Pass each packet prompt path literally to its subagent; do not load packet prompt files into this orchestrator context.",
+        "Pass each `entry.prompt_path` literally to its subagent; do not load packet prompt files into this orchestrator context.",
         "",
         "Subagent prompt shape:",
         "",
@@ -584,7 +612,11 @@ function renderDispatchReviewPrompt(params) {
         "",
         "Each subagent must submit its packet through the submit command printed in its packet prompt and stop after successful submission.",
         "",
-        "After all waves complete, run exactly:",
+        "**After all waves complete:**",
+        "",
+        "If auditor MCP tools are available, call `auditor_merge_and_ingest` with `{ run_id: \"" + runId + "\" }`, then call `auditor_continue_audit` and follow the `prompt_content` in the response.",
+        "",
+        "Fallback — if auditor MCP tools are not available, run exactly:",
         "",
         `  ${mergeCommand}`,
         "",
@@ -624,9 +656,11 @@ function renderPresentReportPrompt(finalReportPath) {
         "",
         "The deterministic audit is complete.",
         "",
-        "Read this report and present the completed audit with work blocks first:",
-        "",
+        "Read the final audit report from the `audit-code://report/current` MCP resource (or from the file at:",
         `  ${finalReportPath}`,
+        "if a Read tool is available).",
+        "",
+        "Present the completed audit with work blocks first.",
         "",
         "Do not run the orchestrator again for this completed audit.",
         "",
@@ -697,6 +731,7 @@ export const cliTestUtils = {
     getUiMode,
     looksLikeCliFlag,
     countLines,
+    warnIfNotGitRepo,
 };
 async function maybeArchiveLegacyPendingResults(auditResultsPath) {
     if (!auditResultsPath || basename(auditResultsPath) !== "worker_results_pending.json") {
@@ -926,6 +961,7 @@ export async function runSample(argv = process.argv) {
 }
 async function cmdAdvanceAudit(argv) {
     const root = getRootDir(argv);
+    warnIfNotGitRepo(root);
     const artifactsDir = getArtifactsDir(argv);
     await cleanupStaleArtifactsDir(artifactsDir);
     await mkdir(artifactsDir, { recursive: true });
@@ -1090,6 +1126,7 @@ async function runDeterministicForNextStep(params) {
 }
 async function cmdNextStep(argv) {
     const root = getRootDir(argv);
+    warnIfNotGitRepo(root);
     const artifactsDir = getArtifactsDir(argv);
     await mkdir(artifactsDir, { recursive: true });
     await ensureSupervisorDirs(artifactsDir);
@@ -1231,8 +1268,13 @@ async function cmdNextStep(argv) {
         stepKind: "dispatch_review",
         status: "ready",
         runId: result.activeReviewRun.run_id,
-        allowedCommands: [mergeCommand, continueCommand],
-        stopCondition: "Dispatch every packet, merge-and-ingest once, then run next-step again.",
+        allowedCommands: [
+            "auditor_merge_and_ingest",
+            "auditor_continue_audit",
+            mergeCommand,
+            continueCommand,
+        ],
+        stopCondition: "Dispatch every packet, call auditor_merge_and_ingest once, then call auditor_continue_audit.",
         repoRoot: root,
         artifactPaths: {
             dispatch_plan: dispatch.dispatch_plan_path,
@@ -1255,6 +1297,7 @@ async function cmdNextStep(argv) {
 }
 async function cmdRunToCompletion(argv) {
     const root = getRootDir(argv);
+    warnIfNotGitRepo(root);
     const artifactsDir = getArtifactsDir(argv);
     await cleanupStaleArtifactsDir(artifactsDir);
     await mkdir(artifactsDir, { recursive: true });
@@ -2172,7 +2215,6 @@ async function prepareDispatchArtifacts(params) {
     const runId = params.runId;
     const artifactsDir = params.artifactsDir;
     const runDir = join(artifactsDir, "runs", runId);
-    const tasksPath = join(runDir, "pending-audit-tasks.json");
     const taskResultsDir = join(runDir, "task-results");
     const dispatchPlanPath = join(runDir, "dispatch-plan.json");
     let reviewRoot = params.root;
@@ -2185,8 +2227,13 @@ async function prepareDispatchArtifacts(params) {
             throw error;
         }
     }
-    const tasks = await readJsonFile(tasksPath);
     const bundle = await loadArtifactBundle(artifactsDir);
+    const tasksPath = join(runDir, "pending-audit-tasks.json");
+    const tasks = await readJsonFile(tasksPath).catch((error) => {
+        if (isFileMissingError(error))
+            return buildPendingAuditTasks(bundle);
+        throw error;
+    });
     const sessionConfig = params.sessionConfig ?? (await loadSessionConfig(artifactsDir).catch(() => ({})));
     const lensDefsPath = join(packageRoot, "dispatch", "lens-definitions.json");
     const lensDefs = await readJsonFile(lensDefsPath);
@@ -2704,6 +2751,8 @@ async function cmdMergeAndIngest(argv) {
         preferredExecutor: "result_ingestion_executor",
         auditResultsPath,
     });
+    const updatedPendingTasks = await addFileLineCountHints(workerTask.repo_root, buildPendingAuditTasks(result.updated_bundle));
+    await writeJsonFile(tasksPath, updatedPendingTasks);
     const workerResult = buildWorkerResult({
         runId,
         obligationId: workerTask.obligation_id,
@@ -2805,9 +2854,11 @@ async function cmdImportExternalAnalyzer(argv) {
     }, null, 2));
 }
 async function cmdIntake(argv) {
+    const root = getRootDir(argv);
+    warnIfNotGitRepo(root);
     const artifactsDir = getArtifactsDir(argv);
     const result = await runAuditStep({
-        root: getRootDir(argv),
+        root,
         artifactsDir,
         preferredExecutor: "intake_executor",
     });
@@ -3039,6 +3090,114 @@ async function cmdCleanup(argv) {
         dry_run: dryRun,
     }, null, 2));
 }
+async function cmdStatus(argv) {
+    const artifactsDir = getArtifactsDir(argv);
+    const auditStatePath = join(artifactsDir, "audit_state.json");
+    // 1. Read audit_state.json
+    let auditState = null;
+    try {
+        auditState = await readJsonFile(auditStatePath);
+    }
+    catch (error) {
+        if (!isFileMissingError(error)) {
+            throw error;
+        }
+    }
+    if (!auditState) {
+        console.error("No audit_state.json found; no active audit in this artifacts directory.");
+        process.exitCode = 1;
+        return;
+    }
+    // Build obligations summary: count by state
+    const obligationStates = {
+        missing: 0,
+        present: 0,
+        stale: 0,
+        blocked: 0,
+        satisfied: 0,
+    };
+    for (const obligation of auditState.obligations ?? []) {
+        const state = obligation.state;
+        if (state in obligationStates) {
+            obligationStates[state]++;
+        }
+    }
+    // 2. Read run ledger for last N entries
+    const ledger = await loadRunLedger(artifactsDir);
+    const RECENT_RUN_LIMIT = 5;
+    const recentRuns = ledger.runs
+        .slice(-RECENT_RUN_LIMIT)
+        .reverse()
+        .map((entry) => ({
+        run_id: entry.run_id,
+        obligation_id: entry.obligation_id,
+        status: entry.status,
+        started_at: entry.started_at,
+    }));
+    // 3. Find the most recent run directory and read pending-audit-tasks.json
+    let pendingTasksSummary = null;
+    const runsDir = join(artifactsDir, "runs");
+    let runDirs = [];
+    try {
+        const entries = await readdir(runsDir, { withFileTypes: true });
+        runDirs = entries
+            .filter((e) => e.isDirectory())
+            .map((e) => e.name)
+            .sort()
+            .reverse();
+    }
+    catch {
+        // runs directory may not exist yet
+    }
+    for (const runDirName of runDirs) {
+        const runDir = join(runsDir, runDirName);
+        const tasksPath = join(runDir, "pending-audit-tasks.json");
+        let tasks = null;
+        try {
+            tasks = await readJsonFile(tasksPath);
+        }
+        catch {
+            continue; // no pending-audit-tasks.json in this run dir — try previous
+        }
+        if (!Array.isArray(tasks))
+            continue;
+        // Count remaining: tasks without status "complete"
+        const total = tasks.length;
+        const remaining = tasks.filter((t) => t.status !== "complete").length;
+        pendingTasksSummary = {
+            run_id: runDirName,
+            total,
+            remaining,
+        };
+        break;
+    }
+    // 4. Surface failed-tasks.json from the most recent run that has one
+    let failedTasks = null;
+    for (const runDirName of runDirs) {
+        const failedTasksPath = join(runsDir, runDirName, "failed-tasks.json");
+        try {
+            const raw = await readJsonFile(failedTasksPath);
+            if (Array.isArray(raw) && raw.length > 0) {
+                failedTasks = raw;
+                break;
+            }
+        }
+        catch {
+            // Not present in this run dir — keep looking
+        }
+    }
+    console.log(JSON.stringify({
+        artifacts_dir: artifactsDir,
+        status: auditState.status,
+        last_obligation: auditState.last_obligation ?? null,
+        last_executor: auditState.last_executor ?? null,
+        blockers: auditState.blockers ?? [],
+        obligations_summary: obligationStates,
+        recent_runs: recentRuns,
+        pending_tasks: pendingTasksSummary,
+        failed_tasks: failedTasks,
+    }, null, 2));
+}
 async function cmdMcp(argv) {
     await runAuditCodeMcpServer(argv.slice(3));
 }
@@ -3150,9 +3309,12 @@ async function main(argv) {
         case "quota":
             await cmdQuota(argv);
             return;
+        case "status":
+            await cmdStatus(argv);
+            return;
         default:
             console.error(`Unknown command: ${command}`);
-            console.error("Available commands: sample-run, advance-audit, next-step, run-to-completion, worker-run, import-external-analyzer, intake, plan, ingest-results, explain-task, update-runtime-validation, validate, validate-results, requeue, synthesize, cleanup, mcp, prepare-dispatch, merge-and-ingest, submit-packet, validate-result, quota");
+            console.error("Available commands: sample-run, advance-audit, next-step, run-to-completion, worker-run, import-external-analyzer, intake, plan, ingest-results, explain-task, update-runtime-validation, validate, validate-results, requeue, synthesize, cleanup, mcp, prepare-dispatch, merge-and-ingest, submit-packet, validate-result, quota, status");
             process.exitCode = 1;
     }
 }

package/dist/mcp/server.js

@@ -85,6 +85,14 @@ function parseContentLength(headerBlock) {
     }
     return contentLength;
 }
+async function readOptionalJson(path) {
+    try {
+        return JSON.parse(await readFile(path, "utf8"));
+    }
+    catch {
+        return undefined;
+    }
+}
 async function runWrapperCommand(args, options) {
     return await new Promise((resolvePromise, rejectPromise) => {
         const child = spawn(process.execPath, [
@@ -266,13 +274,41 @@ function renderPrompt(name, args) {
             throw new Error(`Unknown prompt: ${name}`);
     }
 }
+async function runContinueAudit(context, extraArgs = []) {
+    const step = await parseCliJson(extraArgs, context);
+    if (!step || typeof step !== "object" || Array.isArray(step))
+        return step;
+    const s = step;
+    if (hasValue(s.prompt_path)) {
+        try {
+            s.prompt_content = await readFile(s.prompt_path, "utf8");
+        }
+        catch {
+            // ignore — prompt_path is a fallback for hosts that can read files
+        }
+    }
+    if (s.step_kind === "dispatch_review") {
+        const paths = s.artifact_paths;
+        if (hasValue(paths?.dispatch_plan)) {
+            const plan = await readOptionalJson(paths.dispatch_plan);
+            if (plan !== undefined)
+                s.dispatch_plan_entries = plan;
+        }
+        if (hasValue(paths?.dispatch_quota)) {
+            const quota = await readOptionalJson(paths.dispatch_quota);
+            if (quota !== undefined)
+                s.dispatch_quota = quota;
+        }
+    }
+    return s;
+}
 async function handleToolCall(name, params, defaults) {
     const context = getToolContext(params, defaults);
     switch (name) {
         case "start_audit":
-            return toolResult(await parseCliJson([], context));
+            return toolResult(await runContinueAudit(context));
         case "continue_audit":
-            return toolResult(await parseCliJson([], context));
+            return toolResult(await runContinueAudit(context));
         case "get_status":
             return toolResult(await getStatusPayload(context));
         case "explain_task": {
@@ -304,6 +340,32 @@ async function handleToolCall(name, params, defaults) {
                 : params?.updatesPath;
             return toolResult(await parseCliJson(["--updates", resolve(updatesPath)], context));
         }
+        case "merge_and_ingest": {
+            const runId = hasValue(params?.run_id)
+                ? params.run_id
+                : hasValue(params?.runId)
+                    ? params.runId
+                    : undefined;
+            if (!runId)
+                throw new Error("merge_and_ingest requires run_id.");
+            return toolResult(await parseCliJson(["merge-and-ingest", "--run-id", runId], context, true));
+        }
+        case "report_capability": {
+            const extraArgs = [];
+            const canDispatch = params?.can_dispatch_subagents ?? params?.canDispatchSubagents;
+            if (canDispatch !== undefined) {
+                extraArgs.push("--host-can-dispatch-subagents", String(Boolean(canDispatch)));
+            }
+            const canRestrict = params?.can_restrict_subagent_tools ?? params?.canRestrictSubagentTools;
+            if (canRestrict !== undefined) {
+                extraArgs.push("--host-can-restrict-subagent-tools", String(Boolean(canRestrict)));
+            }
+            const canSelect = params?.can_select_subagent_model ?? params?.canSelectSubagentModel;
+            if (canSelect !== undefined) {
+                extraArgs.push("--host-can-select-subagent-model", String(Boolean(canSelect)));
+            }
+            return toolResult(await runContinueAudit(context, ["next-step", ...extraArgs]));
+        }
         default:
             throw new Error(`Unknown tool: ${name}`);
     }
@@ -423,6 +485,52 @@ function toolDefinitions() {
                 required: ["updates_path"],
             },
         },
+        {
+            name: "merge_and_ingest",
+            description: "Merge completed packet submissions into the artifact bundle after all dispatch subagents finish.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    run_id: {
+                        type: "string",
+                        description: "Review run ID from the dispatch_review step response.",
+                    },
+                    root: { type: "string", description: "Repository root override." },
+                    artifacts_dir: {
+                        type: "string",
+                        description: "Artifacts directory override.",
+                    },
+                },
+                required: ["run_id"],
+            },
+        },
+        {
+            name: "report_capability",
+            description: "Report host subagent dispatch capability and advance to the next step. Call this instead of running audit-code next-step from the shell during a capability_check step.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    can_dispatch_subagents: {
+                        type: "boolean",
+                        description: "Whether this host can dispatch subagents (e.g. via the task tool).",
+                    },
+                    can_restrict_subagent_tools: {
+                        type: "boolean",
+                        description: "Whether this host can restrict tools per subagent.",
+                    },
+                    can_select_subagent_model: {
+                        type: "boolean",
+                        description: "Whether this host can select a model per subagent.",
+                    },
+                    root: { type: "string", description: "Repository root override." },
+                    artifacts_dir: {
+                        type: "string",
+                        description: "Artifacts directory override.",
+                    },
+                },
+                required: ["can_dispatch_subagents"],
+            },
+        },
     ];
 }
 export async function runAuditCodeMcpServer(argv) {
@@ -469,9 +577,15 @@ export async function runAuditCodeMcpServer(argv) {
             }
             try {
                 switch (request.method) {
-                    case "initialize":
+                    case "initialize": {
+                        const requestedVersion = typeof request.params?.protocolVersion === "string"
+                            ? request.params.protocolVersion
+                            : PROTOCOL_VERSION;
+                        const negotiatedVersion = requestedVersion <= PROTOCOL_VERSION
+                            ? requestedVersion
+                            : PROTOCOL_VERSION;
                         writeMessage(success(request.id ?? null, {
-                            protocolVersion: PROTOCOL_VERSION,
+                            protocolVersion: negotiatedVersion,
                             serverInfo: {
                                 name: "audit-code",
                                 version,
@@ -484,6 +598,7 @@ export async function runAuditCodeMcpServer(argv) {
                             },
                         }));
                         break;
+                    }
                     case "notifications/initialized":
                         break;
                     case "ping":

package/dist/orchestrator/internalExecutors.js

@@ -272,7 +272,6 @@ export function runResultIngestionExecutor(bundle, results) {
     const runtimeValidationReport = runtimeValidationTasks
         ? mergeRuntimeValidationReport(runtimeValidationTasks, bundle.runtime_validation_report)
         : bundle.runtime_validation_report;
-    const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, bundle.critical_flows, flowCoverage, bundle.external_analyzer_results);
     const mergedResults = [...(bundle.audit_results ?? []), ...results];
     const completedAuditTasks = updateAuditTaskStatuses(bundle.audit_tasks, mergedResults);
     const baseUpdatedBundle = {
@@ -283,7 +282,6 @@ export function runResultIngestionExecutor(bundle, results) {
         runtime_validation_report: runtimeValidationReport,
         audit_results: mergedResults,
         audit_tasks: completedAuditTasks,
-        requeue_tasks: requeuePayload.tasks,
         audit_report: undefined,
     };
     const selectiveDeepening = appendSelectiveDeepeningTasks({
@@ -291,8 +289,13 @@ export function runResultIngestionExecutor(bundle, results) {
         results: mergedResults,
         runtimeValidationReport,
     });
+    const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, selectiveDeepening.bundle.critical_flows, selectiveDeepening.bundle.flow_coverage, selectiveDeepening.bundle.external_analyzer_results);
+    const finalBundle = {
+        ...selectiveDeepening.bundle,
+        requeue_tasks: requeuePayload.tasks,
+    };
     return {
-        updated: selectiveDeepening.bundle,
+        updated: finalBundle,
         artifacts_written: [
             "coverage_matrix.json",
             "flow_coverage.json",

package/dist/quota/limits.js

@@ -13,8 +13,8 @@ const KNOWN_MODEL_LIMITS = {
 export function classifyProvider(providerName) {
     switch (providerName) {
         case "claude-code":
-        case "opencode":
             return "hosted";
+        case "opencode":
         case "local-subprocess":
             return "local";
         case "subprocess-template":

package/dist/quota/scheduler.js

@@ -1,4 +1,4 @@
-import { classifyProvider, resolveLimits } from "./limits.js";
+import { resolveLimits } from "./limits.js";
 import { computeMaxSafeConcurrency } from "./state.js";
 export function scheduleWave(options) {
     const { providerName, sessionConfig, hostModel, requestedConcurrency, estimatedPacketTokens = 0, quotaStateEntry = null, } = options;
@@ -23,7 +23,6 @@ export function scheduleWave(options) {
     }
     const safetyMargin = quota.safety_margin ?? 0.8;
     const halfLifeHours = quota.empirical_half_life_hours ?? 24;
-    const providerType = classifyProvider(providerName);
     const { limits, source, confidence } = resolveLimits({ providerName, sessionConfig, hostModel });
     let waveSize = requestedConcurrency;
     let cooldownUntil = null;
@@ -50,14 +49,7 @@ export function scheduleWave(options) {
             const learnedCap = computeMaxSafeConcurrency(quotaStateEntry, halfLifeHours);
             waveSize = Math.min(waveSize, learnedCap);
         }
-        else if (providerType === "hosted" && source === "default") {
-            // Unknown hosted provider with no learned data and no model-specific limits —
-            // be conservative. If the caller supplied RPM/TPM caps those already govern rate;
-            // this guard only triggers when we have no rate information at all.
-            const conservativeDefault = quota.unknown_hosted_concurrency ?? 1;
-            waveSize = Math.min(waveSize, conservativeDefault);
-        }
-        // Local providers with no learned data: use requestedConcurrency (no rate pressure)
+        // No learned data: use requestedConcurrency and let 429 outcomes train the cap
     }
     waveSize = Math.max(1, waveSize);
     return {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.23",
+  "version": "0.3.25",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/scripts/postinstall.mjs

@@ -35,13 +35,6 @@ function writeGeneratedFile(path, content) {
   return action;
 }
 
-function splitFrontmatter(text) {
-  const normalized = text.replace(/\r\n/g, '\n');
-  const match = normalized.match(/^---\n([\s\S]*?)\n---\n?/u);
-  if (!match) return { body: normalized };
-  return { body: normalized.slice(match[0].length) };
-}
-
 const OPENCODE_AUDIT_EDIT_PERMISSION = {
   '*': 'ask',
   '.audit-code/**': 'allow',
@@ -50,7 +43,7 @@ const OPENCODE_AUDIT_EDIT_PERMISSION = {
 };
 
 const OPENCODE_AUDIT_BASH_PERMISSION = {
-  '*': 'ask',
+  '*': 'allow',
   'audit-code run-to-completion*': 'deny',
   'audit-code synthesize*': 'deny',
   'audit-code cleanup*': 'deny',
@@ -95,15 +88,94 @@ function replaceBackslashes(value) {
   return value.replace(/\\/g, '/');
 }
 
-function externalDirectoryPattern(path) {
-  return `${replaceBackslashes(path).replace(/\/+$/u, '')}/**`;
+function renderOpenCodeExternalDirectoryPermission() {
+  return { '*': 'allow' };
 }
 
-function renderOpenCodeExternalDirectoryPermission() {
-  return {
-    [externalDirectoryPattern(pkgRoot)]: 'allow',
-    [externalDirectoryPattern(dirname(process.execPath))]: 'allow',
-  };
+function renderGlobalMcpLauncher(installedPkgRoot) {
+  return [
+    "import { access, readFile } from 'node:fs/promises';",
+    "import { constants } from 'node:fs';",
+    "import { spawn } from 'node:child_process';",
+    "import { join } from 'node:path';",
+    '',
+    'const repoRoot = process.cwd();',
+    "const artifactsDir = join(repoRoot, '.audit-artifacts');",
+    `const globalPackageRoot = ${JSON.stringify(installedPkgRoot)};`,
+    '',
+    'async function exists(path) {',
+    '  try {',
+    '    await access(path, constants.F_OK);',
+    '    return true;',
+    '  } catch {',
+    '    return false;',
+    '  }',
+    '}',
+    '',
+    'function spawnForward(command, args) {',
+    '  return new Promise((resolvePromise, rejectPromise) => {',
+    '    const child = spawn(command, args, {',
+    '      cwd: repoRoot,',
+    '      env: process.env,',
+    "      stdio: ['inherit', 'inherit', 'inherit'],",
+    '    });',
+    "    child.on('error', rejectPromise);",
+    "    child.on('exit', (code) => resolvePromise(code ?? 1));",
+    '  });',
+    '}',
+    '',
+    'async function tryCandidates() {',
+    "  const localPackageEntrypoint = join(repoRoot, 'node_modules', 'auditor-lambda', 'audit-code.mjs');",
+    "  const localBin = process.platform === 'win32'",
+    "    ? join(repoRoot, 'node_modules', '.bin', 'audit-code.cmd')",
+    "    : join(repoRoot, 'node_modules', '.bin', 'audit-code');",
+    "  const repoPackageJsonPath = join(repoRoot, 'package.json');",
+    "  const globalPackageEntrypoint = globalPackageRoot ? join(globalPackageRoot, 'audit-code.mjs') : null;",
+    "  const sharedArgs = ['mcp', '--root', repoRoot, '--artifacts-dir', artifactsDir];",
+    '',
+    '  if (await exists(localPackageEntrypoint)) {',
+    '    return await spawnForward(process.execPath, [localPackageEntrypoint, ...sharedArgs]);',
+    '  }',
+    '',
+    "  if (await exists(repoPackageJsonPath) && await exists(join(repoRoot, 'audit-code.mjs'))) {",
+    '    try {',
+    "      const packageJson = JSON.parse(await readFile(repoPackageJsonPath, 'utf8'));",
+    "      if (packageJson?.name === 'auditor-lambda') {",
+    "        return await spawnForward(process.execPath, [join(repoRoot, 'audit-code.mjs'), ...sharedArgs]);",
+    '      }',
+    '    } catch {',
+    '      // fall through to the next candidate',
+    '    }',
+    '  }',
+    '',
+    '  if (globalPackageEntrypoint && await exists(globalPackageEntrypoint)) {',
+    '    return await spawnForward(process.execPath, [globalPackageEntrypoint, ...sharedArgs]);',
+    '  }',
+    '',
+    '  if (await exists(localBin)) {',
+    '    return await spawnForward(localBin, sharedArgs);',
+    '  }',
+    '',
+    "  const pathCandidate = process.platform === 'win32' ? 'audit-code.cmd' : 'audit-code';",
+    '  let exitCode = await spawnForward(pathCandidate, sharedArgs).catch(() => null);',
+    "  if (typeof exitCode === 'number') {",
+    '    return exitCode;',
+    '  }',
+    '',
+    "  exitCode = await spawnForward('npx', ['--no-install', 'audit-code', ...sharedArgs]).catch(() => null);",
+    "  if (typeof exitCode === 'number') {",
+    '    return exitCode;',
+    '  }',
+    '',
+    '  throw new Error(',
+    "    'Unable to locate an audit-code executable. Install auditor-lambda globally or as a local dependency.',",
+    '  );',
+    '}',
+    '',
+    'const code = await tryCandidates();',
+    'process.exitCode = code;',
+    '',
+  ].join('\n');
 }
 
 function objectValue(value) {
@@ -183,10 +255,29 @@ function renderOpenCodePermissionConfig() {
   };
 }
 
-function mergeOpenCodeGlobalConfig(existing, promptBody) {
+const OPENCODE_MCP_COMMAND_TEMPLATE = [
+  '# audit-code',
+  '',
+  'Use the auditor MCP tools as the primary interface to the audit workflow.',
+  '',
+  '1. Call `auditor_start_audit` to initialize and receive the first step.',
+  '2. Check `step_kind` in the response:',
+  '   - If `step_kind` is `"capability_check"`: immediately call `auditor_report_capability` with `can_dispatch_subagents: true` and `can_select_subagent_model: true`. Do not run shell commands or inspect prompt_content for this step.',
+  '   - Otherwise: read `prompt_content` and follow it.',
+  '3. When a step completes (not blocked), call `auditor_continue_audit` to advance.',
+  '4. Stop when the step instructions say to stop.',
+  '',
+  'Do not run shell commands. Use only `auditor_*` MCP tools and the `task` tool for subagent dispatch.',
+  '',
+  'If `auditor_start_audit` is not listed in your available tools, stop immediately and tell the user the auditor MCP server is not connected. Do not read local files as a fallback.',
+].join('\n');
+
+function mergeOpenCodeGlobalConfig(existing) {
   const parsed = existing ? JSON.parse(existing) : {};
   const auditPermission = renderOpenCodePermissionConfig();
   const existingAuditor = objectValue(objectValue(parsed.agent).auditor);
+  const globalLauncherPath = replaceBackslashes(join(homedir(), '.audit-code', 'run-mcp-server.mjs'));
+  const nodeExecPath = replaceBackslashes(process.execPath);
   return {
     ...parsed,
     command: {
@@ -194,13 +285,25 @@ function mergeOpenCodeGlobalConfig(existing, promptBody) {
         ? parsed.command
         : {}),
       'audit-code': {
-        template: promptBody.trimStart(),
+        template: OPENCODE_MCP_COMMAND_TEMPLATE,
         description: 'Autonomous local loop code auditing',
         agent: 'auditor',
         subtask: false,
       },
     },
-    permission: mergeOpenCodePermissionConfig(parsed.permission, auditPermission),
+    mcp: {
+      ...objectValue(parsed.mcp),
+      auditor: {
+        type: 'local',
+        command: [nodeExecPath, globalLauncherPath],
+        enabled: true,
+        timeout: 10000,
+      },
+    },
+    permission: {
+      ...mergeOpenCodePermissionConfig(parsed.permission, auditPermission),
+      external_directory: { '*': 'allow' },
+    },
     agent: {
       ...(parsed.agent && typeof parsed.agent === 'object' && !Array.isArray(parsed.agent)
         ? parsed.agent
@@ -208,10 +311,13 @@ function mergeOpenCodeGlobalConfig(existing, promptBody) {
       auditor: {
         ...existingAuditor,
         description: 'Read-heavy audit orchestration agent for the /audit-code workflow.',
-        permission: mergeOpenCodePermissionConfig(
-          existingAuditor.permission,
-          auditPermission,
-        ),
+        permission: {
+          ...mergeOpenCodePermissionConfig(existingAuditor.permission, auditPermission),
+          external_directory: { '*': 'allow' },
+          'auditor_*': 'allow',
+          question: 'allow',
+          task: 'allow',
+        },
       },
     },
   };
@@ -233,7 +339,6 @@ if (!promptSource || !skillSource) {
   process.exit(0);
 }
 
-const promptBody = splitFrontmatter(promptSource.toString('utf8')).body;
 const codexOpenAiAgentSource = readOptionalSource(codexOpenAiAgentSourceFile, 'Codex skill UI metadata');
 
 const installs = [
@@ -280,15 +385,24 @@ for (const install of installs) {
   }
 }
 
-// Install OpenCode global command via merged config
+// Install global MCP launcher for OpenCode (and other hosts that support global config)
+const globalMcpLauncherPath = join(homedir(), '.audit-code', 'run-mcp-server.mjs');
+try {
+  const action = writeGeneratedFile(globalMcpLauncherPath, Buffer.from(renderGlobalMcpLauncher(pkgRoot)));
+  console.log(`audit-code: ${action} global MCP launcher at ${globalMcpLauncherPath}`);
+} catch (err) {
+  console.warn(`audit-code: could not install global MCP launcher (${err.message})`);
+}
+
+// Install OpenCode global command and MCP via merged config
 const opencodeGlobalConfig = join(homedir(), '.config', 'opencode', 'opencode.json');
 try {
   const action = installMergedJson(opencodeGlobalConfig, (existing) =>
-    mergeOpenCodeGlobalConfig(existing, promptBody),
+    mergeOpenCodeGlobalConfig(existing),
   );
-  console.log(`audit-code: ${action} global OpenCode command in ${opencodeGlobalConfig}`);
+  console.log(`audit-code: ${action} global OpenCode config in ${opencodeGlobalConfig}`);
 } catch (err) {
-  console.warn(`audit-code: could not install global OpenCode command (${err.message})`);
-  console.warn(`  To install manually, add "command": { "audit-code": { "template": "...", "agent": "auditor" } } to:`);
+  console.warn(`audit-code: could not install global OpenCode config (${err.message})`);
+  console.warn(`  To install manually, add the mcp.auditor and command["audit-code"] entries to:`);
   console.warn(`    ${opencodeGlobalConfig}`);
 }