auditor-lambda 0.3.25 → 0.3.27

package/audit-code-wrapper-lib.mjs

@@ -399,21 +399,122 @@ async function writeGeneratedMarkdown(targetPath, content) {
   };
 }
 
-async function removeGeneratedMarkdownIfMatches(targetPath, expectedContent) {
-  const existing = await readTextIfExists(targetPath);
-  if (existing === null) {
-    return null;
+function looksLikeAuditCodeSkill(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    /^name:\s*audit-code\b/mu.test(normalized)
+    || normalized.includes('Conversation-first autonomous code auditing workflow for the /audit-code command.')
+    || normalized.includes('The canonical entrypoint is `/audit-code` in conversation.')
+  );
+}
+
+function looksLikeAuditCodePrompt(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    normalized.includes('# `/audit-code`')
+    && (
+      normalized.includes('audit-code orchestrator')
+      || normalized.includes('Autonomous local loop code auditing')
+      || normalized.includes('Conversation-first autonomous code auditing workflow')
+    )
+  );
+}
+
+function looksLikeAuditCodeInterfaceMetadata(content) {
+  const normalized = normalizeNewlines(content);
+  return (
+    normalized.includes('audit-code')
+    && (
+      normalized.includes('display_name:')
+      || normalized.includes('short_description:')
+      || normalized.includes('default_prompt:')
+    )
+    && (
+      normalized.includes('/audit-code')
+      || normalized.includes('Start /audit-code')
+    )
+  );
+}
+
+async function buildLegacyAuditCodeSurfaceTargets(root) {
+  const targets = [
+    {
+      host: 'codex',
+      surface: 'skill',
+      path: join(root, '.codex', 'skills', 'audit-code', 'SKILL.md'),
+      matches: looksLikeAuditCodeSkill,
+    },
+    {
+      host: 'codex',
+      surface: 'prompt',
+      path: join(root, '.codex', 'skills', 'audit-code', 'audit-code.prompt.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'opencode',
+      surface: 'command',
+      path: join(root, '.opencode', 'commands', 'audit-code.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'opencode',
+      surface: 'skill',
+      path: join(root, '.opencode', 'skills', 'audit-code', 'SKILL.md'),
+      matches: looksLikeAuditCodeSkill,
+    },
+    {
+      host: 'opencode',
+      surface: 'prompt',
+      path: join(root, '.opencode', 'skills', 'audit-code', 'audit-code.prompt.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+    {
+      host: 'claude',
+      surface: 'command',
+      path: join(root, '.claude', 'commands', 'audit-code.md'),
+      matches: looksLikeAuditCodePrompt,
+    },
+  ];
+
+  const codexAgentDir = join(root, '.codex', 'skills', 'audit-code', 'agents');
+  const codexAgentEntries = await readdir(codexAgentDir).catch(() => []);
+  for (const entry of codexAgentEntries) {
+    targets.push({
+      host: 'codex',
+      surface: 'interface-metadata',
+      path: join(codexAgentDir, entry),
+      matches: looksLikeAuditCodeInterfaceMetadata,
+    });
   }
 
-  if (normalizeNewlines(existing) !== normalizeNewlines(expectedContent)) {
-    return null;
+  return targets;
+}
+
+async function findLegacyAuditCodeSurfaceFiles(root) {
+  const matches = [];
+  for (const target of await buildLegacyAuditCodeSurfaceTargets(root)) {
+    const existing = await readTextIfExists(target.path);
+    if (existing !== null && target.matches(existing)) {
+      matches.push(target.path);
+    }
   }
+  return matches;
+}
 
-  await unlink(targetPath);
-  return {
-    path: targetPath,
-    mode: 'removed',
-  };
+async function removeLegacyAuditCodeSurfaceFiles(root) {
+  const removed = [];
+  for (const target of await buildLegacyAuditCodeSurfaceTargets(root)) {
+    const existing = await readTextIfExists(target.path);
+    if (existing === null || !target.matches(existing)) {
+      continue;
+    }
+    await unlink(target.path);
+    removed.push({
+      path: target.path,
+      mode: 'removed',
+    });
+  }
+  return removed;
 }
 
 async function writeGeneratedJson(targetPath, value) {
@@ -608,9 +709,7 @@ const OPENCODE_MCP_COMMAND_TEMPLATE = [
   'Use the auditor MCP tools as the primary interface to the audit workflow.',
   '',
   '1. Call `auditor_start_audit` to initialize and receive the first step.',
-  '2. Check `step_kind` in the response:',
-  '   - If `step_kind` is `"capability_check"`: immediately call `auditor_report_capability` with `can_dispatch_subagents: true` and `can_select_subagent_model: true`. Do not run shell commands or inspect prompt_content for this step.',
-  '   - Otherwise: read `prompt_content` and follow it.',
+  '2. Read `prompt_content` in the response and follow it.',
   '3. When a step completes (not blocked), call `auditor_continue_audit` to advance.',
   '4. Stop when the step instructions say to stop.',
   '',
@@ -620,18 +719,9 @@ const OPENCODE_MCP_COMMAND_TEMPLATE = [
 ].join('\n');
 
 function renderOpenCodeProjectConfig(_root) {
-  const launcher = `.audit-code/install/${MCP_LAUNCHER_FILENAME}`;
   const auditPermission = renderOpenCodePermissionConfig();
   return {
     $schema: 'https://opencode.ai/config.json',
-    mcp: {
-      auditor: {
-        type: 'local',
-        command: ['node', launcher],
-        enabled: true,
-        timeout: 10000,
-      },
-    },
     permission: auditPermission,
     agent: {
       auditor: {
@@ -803,14 +893,13 @@ function assertOpenCodeAuditPermissionConfig(permissionConfig, label) {
 
 function buildMergedOpenCodeProjectConfig(existing, root) {
   const generated = renderOpenCodeProjectConfig(root);
+  const mergedMcp = objectValue(existing.mcp);
+  delete mergedMcp.auditor;
   return {
     ...existing,
     $schema: existing.$schema ?? generated.$schema,
     command: removeManagedOpenCodeCommand(existing.command),
-    mcp: {
-      ...objectValue(existing.mcp),
-      auditor: generated.mcp.auditor,
-    },
+    mcp: mergedMcp,
     permission: {
       ...mergeOpenCodePermissionConfig(existing.permission, generated.permission),
       external_directory: { '*': 'allow' },
@@ -1857,6 +1946,18 @@ async function verifyInstalledBootstrap(argv) {
     };
   });
 
+  await collectVerifyCheck(generalChecks, 'legacy_local_surfaces', async () => {
+    const legacySurfaces = await findLegacyAuditCodeSurfaceFiles(root);
+    if (legacySurfaces.length > 0) {
+      throw new Error(
+        `Legacy local /audit-code surfaces are still present: ${legacySurfaces.join(', ')}. Run "audit-code install" from ${root}.`,
+      );
+    }
+    return {
+      summary: 'No legacy local /audit-code command or skill surfaces were found.',
+    };
+  });
+
   await collectVerifyCheck(generalChecks, 'shared_launcher_file', async () => {
     const launcher = await readFile(assetPaths.mcpLauncherPath, 'utf8');
     if (!launcher.includes('Unable to locate an audit-code executable')) {
@@ -2005,23 +2106,16 @@ async function verifyInstalledBootstrap(argv) {
       case 'opencode':
         await collectVerifyCheck(checks, 'opencode_config', async () => {
           const config = await readJson(assetPaths.opencodeConfigPath, 'OpenCode project config');
-          const mcpCommand = config?.mcp?.auditor?.command;
-          if (!Array.isArray(mcpCommand) || mcpCommand[0] !== 'node') {
-            throw new Error('OpenCode config must set mcp.auditor.command as a Node command array.');
-          }
-          if (!mcpCommand[1]?.includes(MCP_LAUNCHER_FILENAME)) {
-            throw new Error(`OpenCode config must reference ${MCP_LAUNCHER_FILENAME}, got ${mcpCommand[1] ?? 'missing'}.`);
-          }
-          if (config?.mcp?.auditor?.type !== 'local') {
-            throw new Error(`OpenCode config must set mcp.auditor.type to "local", got ${config?.mcp?.auditor?.type ?? 'missing'}.`);
-          }
           if (config?.command?.['audit-code']) {
             throw new Error('OpenCode project config must not define command["audit-code"]; the slash command is global npm-installed state. Run "audit-code install --host opencode" to remove the stale local command.');
           }
+          if (config?.mcp?.auditor) {
+            throw new Error('OpenCode project config must not define mcp.auditor; the MCP server is supplied by the global npm-installed config. Run "audit-code install --host opencode" to remove the stale project-level MCP entry.');
+          }
           assertOpenCodeAuditPermissionConfig(config?.permission, 'permission');
           assertOpenCodeAuditPermissionConfig(config?.agent?.auditor?.permission, 'agent.auditor.permission');
           return {
-            summary: 'OpenCode project config has MCP server and audit permissions; /audit-code is supplied by the global npm-installed OpenCode command.',
+            summary: 'OpenCode project config has audit permissions; MCP server and /audit-code command are supplied by the global npm-installed config.',
             path: assetPaths.opencodeConfigPath,
           };
         });
@@ -2149,7 +2243,11 @@ async function detectBootstrapRefreshReason(root, host) {
   );
 
   if (hostCatalog.has('codex') && (assetPaths.codexSkillPath || assetPaths.codexPromptPath)) {
-    return 'legacy_repo_local_codex_skill';
+    return 'legacy_local_audit_code_surface';
+  }
+
+  if ((await findLegacyAuditCodeSurfaceFiles(root)).length > 0) {
+    return 'legacy_local_audit_code_surface';
   }
 
   for (const hostKey of getInstallHostKeys(host)) {
@@ -2199,6 +2297,9 @@ async function detectBootstrapRefreshReason(root, host) {
         if (opencodeConfig?.command?.['audit-code']) {
           return 'stale_host_asset:opencode:local_command';
         }
+        if (opencodeConfig?.mcp?.auditor) {
+          return 'stale_host_asset:opencode:project_mcp';
+        }
         try {
           assertOpenCodeAuditPermissionConfig(opencodeConfig?.permission, 'permission');
           assertOpenCodeAuditPermissionConfig(opencodeConfig?.agent?.auditor?.permission, 'agent.auditor.permission');
@@ -2384,22 +2485,7 @@ async function installBootstrap(argv, options = {}) {
     );
   }
 
-  if (!profile.writeCodex) {
-    const legacyCodexSkillRemoval = await removeGeneratedMarkdownIfMatches(
-      join(root, '.codex', 'skills', 'audit-code', 'SKILL.md'),
-      skillSource,
-    );
-    if (legacyCodexSkillRemoval) {
-      results.push(legacyCodexSkillRemoval);
-    }
-    const legacyCodexPromptRemoval = await removeGeneratedMarkdownIfMatches(
-      join(root, '.codex', 'skills', 'audit-code', 'audit-code.prompt.md'),
-      promptSource,
-    );
-    if (legacyCodexPromptRemoval) {
-      results.push(legacyCodexPromptRemoval);
-    }
-  }
+  results.push(...await removeLegacyAuditCodeSurfaceFiles(root));
 
   if (profile.writeCodex) {
     results.push(
@@ -2447,19 +2533,6 @@ async function installBootstrap(argv, options = {}) {
   }
 
   if (profile.writeOpenCode) {
-    // Remove legacy command/skill/prompt files unconditionally — these paths are exclusively
-    // owned by the auditor-lambda installer and keeping any version of them causes OpenCode to
-    // load the wrong slash command regardless of prompt content.
-    for (const legacyPath of [
-      join(root, '.opencode', 'commands', 'audit-code.md'),
-      join(root, '.opencode', 'skills', 'audit-code', 'SKILL.md'),
-      join(root, '.opencode', 'skills', 'audit-code', 'audit-code.prompt.md'),
-    ]) {
-      if (await fileExists(legacyPath)) {
-        await unlink(legacyPath);
-        results.push({ path: legacyPath, mode: 'removed' });
-      }
-    }
     results.push(
       await writeMergedGeneratedJson(
         assetPaths.opencodeConfigPath,
@@ -2625,6 +2698,22 @@ async function runDistCommand(commandName, argv, { ensureArtifactsDir = false }
   await run(nodeExecutable(), [distEntry, commandName, ...commandArgs]);
 }
 
+async function runDistCommandInline(commandName, argv) {
+  const commandArgs = [...argv];
+  const rootValue = resolve(getFlag(commandArgs, '--root') ?? '.');
+  const artifactsDir = resolve(getFlag(commandArgs, '--artifacts-dir') ?? join(rootValue, '.audit-artifacts'));
+
+  setDefaultFlag(commandArgs, '--root', rootValue);
+  setDefaultFlag(commandArgs, '--artifacts-dir', artifactsDir);
+
+  await mkdir(artifactsDir, { recursive: true });
+  await ensureBuilt();
+
+  const distUrl = new URL(`file:///${distEntry.replace(/\\/g, '/')}`);
+  const cli = await import(distUrl.href);
+  await cli.runCli([process.execPath, distEntry, commandName, ...commandArgs]);
+}
+
 export async function runAuditCodeWrapper({
   usageName,
   argv = process.argv.slice(2),
@@ -2683,7 +2772,7 @@ export async function runAuditCodeWrapper({
   }
 
   if (argv[0] === 'mcp') {
-    await runDistCommand('mcp', argv.slice(1), { ensureArtifactsDir: true });
+    await runDistCommandInline('mcp', argv.slice(1));
     return;
   }
 

package/dist/cli.js

@@ -2238,8 +2238,18 @@ async function prepareDispatchArtifacts(params) {
     const lensDefsPath = join(packageRoot, "dispatch", "lens-definitions.json");
     const lensDefs = await readJsonFile(lensDefsPath);
     await mkdir(taskResultsDir, { recursive: true });
-    const lineIndex = Object.fromEntries(tasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
-    const orderedTasks = orderTasksForPacketReview(tasks, {
+    // On resume: skip tasks whose result files already exist from a prior dispatch.
+    const priorResultTaskIds = new Set();
+    for (const task of tasks) {
+        if (existsSync(taskResultPath(taskResultsDir, task.task_id))) {
+            priorResultTaskIds.add(task.task_id);
+        }
+    }
+    const dispatchTasks = priorResultTaskIds.size > 0
+        ? tasks.filter((task) => !priorResultTaskIds.has(task.task_id))
+        : tasks;
+    const lineIndex = Object.fromEntries(dispatchTasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
+    const orderedTasks = orderTasksForPacketReview(dispatchTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
     });
@@ -2258,6 +2268,15 @@ async function prepareDispatchArtifacts(params) {
     }
     const plan = [];
     const resultMapEntries = [];
+    for (const task of tasks) {
+        if (priorResultTaskIds.has(task.task_id)) {
+            resultMapEntries.push({
+                packet_id: "__prior_dispatch__",
+                task_id: task.task_id,
+                result_path: taskResultPath(taskResultsDir, task.task_id),
+            });
+        }
+    }
     let largestPacketId = null;
     let largestLines = 0;
     let largestEstimatedTokens = 0;
@@ -2473,7 +2492,7 @@ async function prepareDispatchArtifacts(params) {
         providerName: quotaProviderName,
         sessionConfig,
         hostModel,
-        requestedConcurrency: sessionConfig.parallel_workers ?? 1,
+        requestedConcurrency: sessionConfig.parallel_workers ?? plan.length,
         estimatedPacketTokens: avgPacketTokens,
         quotaStateEntry,
     });
@@ -2518,6 +2537,7 @@ async function prepareDispatchArtifacts(params) {
         dispatch_quota_path: dispatchQuotaPath,
         packet_count: plan.length,
         task_count: orderedTasks.length,
+        skipped_task_count: priorResultTaskIds.size,
         largest_packet: largestPacketId
             ? {
                 packet_id: largestPacketId,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.25",
+  "version": "0.3.27",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/scripts/postinstall.mjs

@@ -94,14 +94,25 @@ function renderOpenCodeExternalDirectoryPermission() {
 
 function renderGlobalMcpLauncher(installedPkgRoot) {
   return [
-    "import { access, readFile } from 'node:fs/promises';",
+    "import { access, readFile, appendFile } from 'node:fs/promises';",
     "import { constants } from 'node:fs';",
     "import { spawn } from 'node:child_process';",
     "import { join } from 'node:path';",
+    "import { homedir } from 'node:os';",
     '',
     'const repoRoot = process.cwd();',
     "const artifactsDir = join(repoRoot, '.audit-artifacts');",
     `const globalPackageRoot = ${JSON.stringify(installedPkgRoot)};`,
+    "const logPath = join(homedir(), '.audit-code', 'mcp-server.log');",
+    '',
+    'async function log(msg) {',
+    '  try {',
+    '    const ts = new Date().toISOString();',
+    "    await appendFile(logPath, `${ts} ${msg}\\n`, 'utf8');",
+    '  } catch {',
+    '    // ignore log failures',
+    '  }',
+    '}',
     '',
     'async function exists(path) {',
     '  try {',
@@ -134,6 +145,7 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
     "  const sharedArgs = ['mcp', '--root', repoRoot, '--artifacts-dir', artifactsDir];",
     '',
     '  if (await exists(localPackageEntrypoint)) {',
+    "    await log(`launching local node_modules candidate: ${localPackageEntrypoint}`);",
     '    return await spawnForward(process.execPath, [localPackageEntrypoint, ...sharedArgs]);',
     '  }',
     '',
@@ -141,6 +153,7 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
     '    try {',
     "      const packageJson = JSON.parse(await readFile(repoPackageJsonPath, 'utf8'));",
     "      if (packageJson?.name === 'auditor-lambda') {",
+    "        await log(`launching repo-root candidate: ${join(repoRoot, 'audit-code.mjs')}`);",
     "        return await spawnForward(process.execPath, [join(repoRoot, 'audit-code.mjs'), ...sharedArgs]);",
     '      }',
     '    } catch {',
@@ -149,14 +162,17 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
     '  }',
     '',
     '  if (globalPackageEntrypoint && await exists(globalPackageEntrypoint)) {',
+    "    await log(`launching global candidate: ${globalPackageEntrypoint}`);",
     '    return await spawnForward(process.execPath, [globalPackageEntrypoint, ...sharedArgs]);',
     '  }',
     '',
     '  if (await exists(localBin)) {',
+    "    await log(`launching local bin candidate: ${localBin}`);",
     '    return await spawnForward(localBin, sharedArgs);',
     '  }',
     '',
     "  const pathCandidate = process.platform === 'win32' ? 'audit-code.cmd' : 'audit-code';",
+    "  await log(`trying PATH candidate: ${pathCandidate}`);",
     '  let exitCode = await spawnForward(pathCandidate, sharedArgs).catch(() => null);',
     "  if (typeof exitCode === 'number') {",
     '    return exitCode;',
@@ -167,12 +183,18 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
     '    return exitCode;',
     '  }',
     '',
+    "  await log('ERROR: no candidate found');",
     '  throw new Error(',
     "    'Unable to locate an audit-code executable. Install auditor-lambda globally or as a local dependency.',",
     '  );',
     '}',
     '',
-    'const code = await tryCandidates();',
+    "log(`run-mcp-server.mjs started: node=${process.execPath} cwd=${repoRoot} globalPkg=${globalPackageRoot}`).catch(() => {});",
+    'const code = await tryCandidates().catch(async (err) => {',
+    "  await log(`FATAL: ${err.message}`);",
+    '  process.stderr.write(err.message + "\\n");',
+    '  return 1;',
+    '});',
     'process.exitCode = code;',
     '',
   ].join('\n');
@@ -261,9 +283,7 @@ const OPENCODE_MCP_COMMAND_TEMPLATE = [
   'Use the auditor MCP tools as the primary interface to the audit workflow.',
   '',
   '1. Call `auditor_start_audit` to initialize and receive the first step.',
-  '2. Check `step_kind` in the response:',
-  '   - If `step_kind` is `"capability_check"`: immediately call `auditor_report_capability` with `can_dispatch_subagents: true` and `can_select_subagent_model: true`. Do not run shell commands or inspect prompt_content for this step.',
-  '   - Otherwise: read `prompt_content` and follow it.',
+  '2. Read `prompt_content` in the response and follow it.',
   '3. When a step completes (not blocked), call `auditor_continue_audit` to advance.',
   '4. Stop when the step instructions say to stop.',
   '',
@@ -276,8 +296,8 @@ function mergeOpenCodeGlobalConfig(existing) {
   const parsed = existing ? JSON.parse(existing) : {};
   const auditPermission = renderOpenCodePermissionConfig();
   const existingAuditor = objectValue(objectValue(parsed.agent).auditor);
-  const globalLauncherPath = replaceBackslashes(join(homedir(), '.audit-code', 'run-mcp-server.mjs'));
   const nodeExecPath = replaceBackslashes(process.execPath);
+  const pkgEntrypoint = replaceBackslashes(join(pkgRoot, 'audit-code.mjs'));
   return {
     ...parsed,
     command: {
@@ -295,7 +315,7 @@ function mergeOpenCodeGlobalConfig(existing) {
       ...objectValue(parsed.mcp),
       auditor: {
         type: 'local',
-        command: [nodeExecPath, globalLauncherPath],
+        command: [nodeExecPath, pkgEntrypoint, 'mcp'],
         enabled: true,
         timeout: 10000,
       },