auditor-lambda 0.3.3 → 0.3.5

package/README.md

@@ -36,6 +36,10 @@ That bootstraps repo-local `/audit-code` surfaces for the hosts we can automate
 - VS Code prompt, custom agent, Copilot instructions, and `.vscode/mcp.json`
 - Antigravity planning-mode guidance plus the shared repo-local MCP launcher
 
+Re-run the same `audit-code install` command whenever the packaged prompt or
+skill changes. It is the single supported refresh path for the shared
+`.audit-code/install/*` assets and every generated host surface.
+
 After bootstrap, you can smoke-test the generated host assets and launcher from the repository root:
 
 ```bash
@@ -172,7 +176,8 @@ The next implementation work is tracked in:
 
 The short version is:
 
-- realign review dispatch around the conversation-owned, non-overlapping lens-block workflow
+- keep the packet dispatch workflow verified in real host environments
+- benchmark `/audit-code` packet counts and warning counts against nontrivial external repositories
 - prove the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity guidance in real host flows
 - tighten the repo-local MCP-first bootstrap where host smoke tests expose friction
 - polish provider-assisted continuation and failure guidance

package/audit-code-wrapper-lib.mjs

@@ -260,9 +260,11 @@ function printHelp({ usageName, preferredEntrypoint }) {
     '- validate checks the current artifact bundle plus session-config/provider readiness and exits non-zero when issues exist',
     '- validate-results --results FILE validates AuditResult payloads against the active task manifest without ingesting them',
     '- explain-task <task_id> prints the resolved file coverage and current status for a task id',
-    '- prepare-dispatch --run-id <id> [--artifacts-dir <dir>] creates per-task prompt files and dispatch-plan.json for parallel subagent dispatch',
-    '- merge-and-ingest --run-id <id> [--root <dir>] [--artifacts-dir <dir>] merges per-task results and ingests them into the coverage matrix',
+    '- prepare-dispatch --run-id <id> [--artifacts-dir <dir>] creates packet prompt files and a slim dispatch-plan.json for parallel subagent dispatch',
+    '- submit-packet --run-id <id> --packet-id <id> [--artifacts-dir <dir>] validates AuditResult[] from stdin and writes only backend-assigned result files',
+    '- merge-and-ingest --run-id <id> [--root <dir>] [--artifacts-dir <dir>] merges assigned packet results and ingests them into the coverage matrix',
     '- validate-result --run-id <id> --task-id <id> [--artifacts-dir <dir>] validates a single task result against the schema and line counts',
+    '  generated packet prompts may use --run-id-b64, --task-id-b64, and --artifacts-dir-b64 to avoid shell-sensitive raw ids',
     '',
     'Primary usage:',
     '- from the repository root, run the wrapper with no arguments',
@@ -1526,16 +1528,30 @@ async function verifyInstalledBootstrap(argv) {
 
   await collectVerifyCheck(generalChecks, 'installed_prompt', async () => {
     await ensureFile(assetPaths.installedPromptPath, 'Installed prompt asset');
+    const installedPrompt = await readFile(assetPaths.installedPromptPath, 'utf8');
+    const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+    if (installedPrompt !== sourcePrompt) {
+      throw new Error(
+        `Installed prompt is out of sync with the source prompt. Run "audit-code install" from ${root}.`,
+      );
+    }
     return {
-      summary: 'Installed prompt asset is present.',
+      summary: 'Installed prompt asset is present and matches the source prompt.',
       path: assetPaths.installedPromptPath,
     };
   });
 
   await collectVerifyCheck(generalChecks, 'installed_skill', async () => {
     await ensureFile(assetPaths.installedSkillPath, 'Installed skill asset');
+    const installedSkill = (await readFile(assetPaths.installedSkillPath, 'utf8')).replace(/\r\n/g, '\n');
+    const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+    if (installedSkill !== sourceSkill) {
+      throw new Error(
+        `Installed skill is out of sync with the source skill. Run "audit-code install" from ${root}.`,
+      );
+    }
     return {
-      summary: 'Installed skill asset is present.',
+      summary: 'Installed skill asset is present and matches the source skill.',
       path: assetPaths.installedSkillPath,
     };
   });
@@ -1599,11 +1615,30 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('# audit-code skill')) {
             throw new Error(`Codex skill file is missing the expected heading: ${assetPaths.codexSkillPath}`);
           }
+          const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+          if (content.replace(/\r\n/g, '\n') !== sourceSkill) {
+            throw new Error(
+              `Codex skill is out of sync with the source skill. Run "audit-code install --host codex" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'Codex skill bundle is present.',
+            summary: 'Codex skill bundle is present and matches the source skill.',
             path: assetPaths.codexSkillPath,
           };
         });
+        await collectVerifyCheck(checks, 'codex_prompt', async () => {
+          const content = await readFile(assetPaths.codexPromptPath, 'utf8');
+          const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+          if (content !== sourcePrompt) {
+            throw new Error(
+              `Codex prompt is out of sync with the source prompt. Run "audit-code install --host codex" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'Codex prompt bundle is present and matches the source prompt.',
+            path: assetPaths.codexPromptPath,
+          };
+        });
         await collectVerifyCheck(checks, 'codex_mcp_setup', async () => {
           const content = await readFile(assetPaths.codexMcpSetupPath, 'utf8');
           if (!content.includes(MCP_LAUNCHER_FILENAME)) {
@@ -1701,11 +1736,44 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('agent: auditor')) {
             throw new Error(`OpenCode command file is missing the auditor agent frontmatter: ${assetPaths.opencodeCommandPath}`);
           }
+          const { body: commandBody } = splitFrontmatter(content);
+          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
+          if (commandBody !== sourceBody.trimStart()) {
+            throw new Error(
+              `OpenCode command prompt body is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'OpenCode command file is present.',
+            summary: 'OpenCode command file is present and uses the source prompt body.',
             path: assetPaths.opencodeCommandPath,
           };
         });
+        await collectVerifyCheck(checks, 'opencode_skill', async () => {
+          const content = (await readFile(assetPaths.opencodeSkillPath, 'utf8')).replace(/\r\n/g, '\n');
+          const sourceSkill = (await readFile(skillAssetPath, 'utf8')).replace(/\r\n/g, '\n');
+          if (content !== sourceSkill) {
+            throw new Error(
+              `OpenCode skill is out of sync with the source skill. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'OpenCode skill is present and matches the source skill.',
+            path: assetPaths.opencodeSkillPath,
+          };
+        });
+        await collectVerifyCheck(checks, 'opencode_prompt', async () => {
+          const content = await readFile(assetPaths.opencodePromptPath, 'utf8');
+          const sourcePrompt = await readFile(promptAssetPath, 'utf8');
+          if (content !== sourcePrompt) {
+            throw new Error(
+              `OpenCode prompt is out of sync with the source prompt. Run "audit-code install --host opencode" or "audit-code install".`,
+            );
+          }
+          return {
+            summary: 'OpenCode prompt is present and matches the source prompt.',
+            path: assetPaths.opencodePromptPath,
+          };
+        });
         await collectVerifyCheck(checks, 'opencode_config', async () => {
           const config = await readJson(assetPaths.opencodeConfigPath, 'OpenCode project config');
           const command = config?.mcp?.auditor?.command;
@@ -1730,8 +1798,15 @@ async function verifyInstalledBootstrap(argv) {
           if (!content.includes('name: audit-code')) {
             throw new Error(`VS Code prompt file is missing the expected frontmatter name: ${assetPaths.vscodePromptPath}`);
           }
+          const { body: promptBody } = splitFrontmatter(content);
+          const { body: sourceBody } = splitFrontmatter(await readFile(promptAssetPath, 'utf8'));
+          if (promptBody !== sourceBody.trimStart()) {
+            throw new Error(
+              `VS Code prompt body is out of sync with the source prompt. Run "audit-code install --host vscode" or "audit-code install".`,
+            );
+          }
           return {
-            summary: 'VS Code prompt file is present.',
+            summary: 'VS Code prompt file is present and uses the source prompt body.',
             path: assetPaths.vscodePromptPath,
           };
         });
@@ -2208,6 +2283,11 @@ export async function runAuditCodeWrapper({
     return;
   }
 
+  if (argv[0] === 'submit-packet') {
+    await runDistCommand('submit-packet', argv.slice(1));
+    return;
+  }
+
   if (argv[0] === 'merge-and-ingest') {
     await runDistCommand('merge-and-ingest', argv.slice(1), { ensureArtifactsDir: true });
     return;