auditor-lambda 0.3.3 → 0.3.5

package/dist/orchestrator/fileAnchors.js

@@ -0,0 +1,217 @@
+const MAX_ANCHORS = 160;
+const KEYWORD_PATTERN = /\b(auth|token|password|secret|permission|role|sql|query|exec|spawn|eval|deserialize|encrypt|decrypt|cache|retry|timeout|transaction|lock|race|TODO|FIXME)\b/i;
+const SYMBOL_PATTERNS = [
+    {
+        kind: "import",
+        pattern: /^\s*import\s+(?:type\s+)?(?:[^"'()]*?\s+from\s+)?["']([^"']+)["']/,
+        label: "import",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?(?:async\s+)?function\s+([A-Za-z_$][\w$]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?class\s+([A-Za-z_$][\w$]*)\b/,
+        label: "class",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?interface\s+([A-Za-z_$][\w$]*)\b/,
+        label: "interface",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?type\s+([A-Za-z_$][\w$]*)\b/,
+        label: "type",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?(?:const|let|var)\s+([A-Za-z_$][\w$]*)\b/,
+        label: "binding",
+    },
+    {
+        kind: "export",
+        pattern: /^\s*export\s+(?:type\s+)?(?:[^"'()]*?\s+from\s+["']([^"']+)["']|(?:default\s+)?(?:async\s+)?(?:function|class|const|let|var|interface|type)\s+([A-Za-z_$][\w$-]*))/,
+        label: "export",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?def\s+([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?func\s+(?:\([^)]+\)\s*)?([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:pub\s+)?fn\s+([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "route",
+        pattern: /\b(?:app|router|server)\s*\.\s*(get|post|put|patch|delete|use)\s*\(/i,
+        label: "route",
+    },
+    {
+        kind: "route",
+        pattern: /^\s*@(?:Get|Post|Put|Patch|Delete|Route|Controller)\b/,
+        label: "route",
+    },
+];
+function normalizePath(path) {
+    return path.replace(/\\/g, "/").replace(/^\.\//, "");
+}
+function truncate(value, maxLength) {
+    const normalized = value.replace(/\s+/g, " ").trim();
+    return normalized.length > maxLength
+        ? `${normalized.slice(0, maxLength - 3)}...`
+        : normalized;
+}
+function addAnchor(anchors, seen, anchor) {
+    const key = `${anchor.kind}\0${anchor.line ?? ""}\0${anchor.name}\0${anchor.detail ?? ""}`;
+    if (seen.has(key)) {
+        return;
+    }
+    seen.add(key);
+    anchors.push(anchor);
+}
+function collectGraphEdges(graphBundle, path) {
+    if (!graphBundle?.graphs) {
+        return [];
+    }
+    const normalizedPath = normalizePath(path).toLowerCase();
+    const edges = [];
+    for (const key of ["imports", "calls", "references"]) {
+        const raw = graphBundle.graphs[key];
+        if (!Array.isArray(raw)) {
+            continue;
+        }
+        for (const item of raw) {
+            const record = item;
+            if (item &&
+                typeof item === "object" &&
+                !Array.isArray(item) &&
+                typeof record.from === "string" &&
+                typeof record.to === "string") {
+                const from = normalizePath(record.from).toLowerCase();
+                const to = normalizePath(record.to).toLowerCase();
+                if (from === normalizedPath || to === normalizedPath) {
+                    edges.push({
+                        from: record.from,
+                        to: record.to,
+                        kind: typeof record.kind === "string" ? record.kind : key,
+                    });
+                }
+            }
+        }
+    }
+    return edges.sort((a, b) => (a.kind ?? "").localeCompare(b.kind ?? "") ||
+        a.from.localeCompare(b.from) ||
+        a.to.localeCompare(b.to));
+}
+export function buildFileAnchorSummary(params) {
+    const anchors = [];
+    const seen = new Set();
+    const path = normalizePath(params.path);
+    const lines = params.content.split(/\r?\n/);
+    let symbolCount = 0;
+    let routeCount = 0;
+    let keywordCount = 0;
+    addAnchor(anchors, seen, {
+        kind: "boundary",
+        name: "file_start",
+        line: 1,
+        detail: "Start of isolated large-file review boundary.",
+    });
+    if (params.totalLines > 1) {
+        addAnchor(anchors, seen, {
+            kind: "boundary",
+            name: "file_end",
+            line: params.totalLines,
+            detail: "End of isolated large-file review boundary.",
+        });
+    }
+    lines.forEach((line, index) => {
+        const lineNumber = index + 1;
+        for (const { kind, pattern, label } of SYMBOL_PATTERNS) {
+            const match = line.match(pattern);
+            if (!match) {
+                continue;
+            }
+            const name = match.slice(1).find((value) => value && value.trim().length > 0) ?? label;
+            if (kind === "route") {
+                routeCount += 1;
+            }
+            else if (kind === "symbol") {
+                symbolCount += 1;
+            }
+            addAnchor(anchors, seen, {
+                kind,
+                name: truncate(name, 80),
+                line: lineNumber,
+                detail: truncate(`${label}: ${line}`, 180),
+            });
+            break;
+        }
+        if (KEYWORD_PATTERN.test(line)) {
+            keywordCount += 1;
+            addAnchor(anchors, seen, {
+                kind: "keyword",
+                name: truncate(line.match(KEYWORD_PATTERN)?.[1] ?? "keyword", 80),
+                line: lineNumber,
+                detail: truncate(line, 180),
+            });
+        }
+    });
+    const graphEdges = collectGraphEdges(params.graphBundle, path);
+    for (const edge of graphEdges) {
+        addAnchor(anchors, seen, {
+            kind: "graph",
+            name: edge.kind ?? "edge",
+            detail: normalizePath(edge.from).toLowerCase() === path.toLowerCase()
+                ? `outbound: ${edge.to}`
+                : `inbound: ${edge.from}`,
+        });
+    }
+    const analyzerSignals = (params.externalAnalyzerResults?.results ?? [])
+        .filter((result) => normalizePath(result.path).toLowerCase() === path.toLowerCase())
+        .sort((a, b) => (a.line_start ?? 0) - (b.line_start ?? 0) ||
+        a.id.localeCompare(b.id));
+    for (const signal of analyzerSignals) {
+        addAnchor(anchors, seen, {
+            kind: "analyzer_signal",
+            name: truncate(signal.rule ?? signal.category, 80),
+            line: signal.line_start,
+            detail: truncate(signal.summary, 180),
+        });
+    }
+    const sorted = anchors.sort((a, b) => (a.line ?? Number.MAX_SAFE_INTEGER) - (b.line ?? Number.MAX_SAFE_INTEGER) ||
+        a.kind.localeCompare(b.kind) ||
+        a.name.localeCompare(b.name));
+    const boundedAnchors = sorted.slice(0, MAX_ANCHORS);
+    return {
+        contract_version: "audit-code-file-anchors/v1alpha1",
+        path,
+        total_lines: params.totalLines,
+        review_mode: "isolated_large_file",
+        scope_basis: [
+            "single assigned file",
+            "single review packet",
+            "mechanically extracted symbols, routes, graph edges, keywords, and analyzer signals",
+            "backend-owned submit-packet result write path",
+        ],
+        anchors: boundedAnchors,
+        omitted_anchor_count: Math.max(0, sorted.length - boundedAnchors.length),
+        counts: {
+            symbols: symbolCount,
+            routes: routeCount,
+            keywords: keywordCount,
+            graph_edges: graphEdges.length,
+            analyzer_signals: analyzerSignals.length,
+        },
+    };
+}

package/dist/orchestrator/internalExecutors.d.ts

@@ -8,7 +8,7 @@ export interface ExecutorRunResult {
     progress_summary: string;
 }
 export declare function runIntakeExecutor(bundle: ArtifactBundle, root: string): Promise<ExecutorRunResult>;
-export declare function runStructureExecutor(bundle: ArtifactBundle): ExecutorRunResult;
+export declare function runStructureExecutor(bundle: ArtifactBundle, root?: string): Promise<ExecutorRunResult>;
 export declare function runPlanningExecutor(bundle: ArtifactBundle, root: string, lineIndex?: Record<string, number>): Promise<ExecutorRunResult>;
 export declare function runResultIngestionExecutor(bundle: ArtifactBundle, results: AuditResult[]): ExecutorRunResult;
 export declare function runRuntimeValidationExecutor(bundle: ArtifactBundle, root: string): Promise<ExecutorRunResult>;

package/dist/orchestrator/internalExecutors.js

@@ -1,6 +1,6 @@
 import { spawn } from "node:child_process";
 import { buildFileDisposition } from "../extractors/disposition.js";
-import { buildGraphBundle } from "../extractors/graph.js";
+import { buildGraphBundle, buildGraphBundleFromFs, } from "../extractors/graph.js";
 import { buildCriticalFlowManifest } from "../extractors/flows.js";
 import { buildRiskRegister } from "../extractors/risk.js";
 import { buildSurfaceManifest } from "../extractors/surfaces.js";
@@ -10,12 +10,50 @@ import { buildRequeuePayload } from "./requeueCommand.js";
 import { buildRuntimeValidationTasks, discoverRuntimeValidationCommand, mergeRuntimeValidationReport, } from "./runtimeValidation.js";
 import { buildAuditReportModel, renderAuditReportMarkdown, } from "../reporting/synthesis.js";
 import { buildChunkedAuditTasks, } from "./taskBuilder.js";
+import { buildAuditPlanMetrics, buildReviewPackets, } from "./reviewPackets.js";
 import { buildUnitManifest } from "./unitBuilder.js";
 import { buildRepoManifestFromFs } from "../extractors/fsIntake.js";
 import { loadIgnoreFile } from "../extractors/ignore.js";
 import { ingestAuditResults, updateAuditTaskStatuses, } from "./resultIngestion.js";
+import { buildSelectiveDeepeningTasks } from "./selectiveDeepening.js";
 import { updateRuntimeValidationReport } from "./runtimeValidationUpdate.js";
 import { autoCompleteTrivialCoverage } from "./trivialAudit.js";
+function lineIndexFromTasks(tasks) {
+    return Object.fromEntries((tasks ?? []).flatMap((task) => Object.entries(task.file_line_counts ?? {})));
+}
+function appendSelectiveDeepeningTasks(params) {
+    if (!params.bundle.audit_tasks) {
+        return { bundle: params.bundle, taskCount: 0, artifacts: [] };
+    }
+    const lineIndex = lineIndexFromTasks(params.bundle.audit_tasks);
+    const selectiveDeepeningTasks = buildSelectiveDeepeningTasks({
+        existingTasks: params.bundle.audit_tasks,
+        results: params.results,
+        lineIndex,
+        runtimeValidationTasks: params.bundle.runtime_validation_tasks,
+        runtimeValidationReport: params.runtimeValidationReport ?? params.bundle.runtime_validation_report,
+    });
+    if (selectiveDeepeningTasks.length === 0) {
+        return { bundle: params.bundle, taskCount: 0, artifacts: [] };
+    }
+    const auditTasks = [...params.bundle.audit_tasks, ...selectiveDeepeningTasks];
+    return {
+        bundle: {
+            ...params.bundle,
+            audit_tasks: auditTasks,
+            audit_plan_metrics: buildAuditPlanMetrics(auditTasks, {
+                graphBundle: params.bundle.graph_bundle,
+                lineIndex,
+            }),
+            review_packets: buildReviewPackets(auditTasks, {
+                graphBundle: params.bundle.graph_bundle,
+                lineIndex,
+            }),
+        },
+        taskCount: selectiveDeepeningTasks.length,
+        artifacts: ["audit_tasks.json", "audit_plan_metrics.json", "review_packets.json"],
+    };
+}
 async function runCommand(command, cwd) {
     return await new Promise((resolve) => {
         const child = spawn(command[0], command.slice(1), {
@@ -69,7 +107,7 @@ export async function runIntakeExecutor(bundle, root) {
         progress_summary: `Created intake artifacts for ${repoManifest.files.length} files.`,
     };
 }
-export function runStructureExecutor(bundle) {
+export async function runStructureExecutor(bundle, root) {
     if (!bundle.repo_manifest) {
         throw new Error("Cannot run structure executor without repo_manifest");
     }
@@ -77,7 +115,9 @@ export function runStructureExecutor(bundle) {
     const disposition = bundle.file_disposition ?? buildFileDisposition(bundle.repo_manifest);
     const unitManifest = buildUnitManifest(bundle.repo_manifest, disposition);
     const surfaceManifest = buildSurfaceManifest(bundle.repo_manifest, disposition);
-    const graphBundle = buildGraphBundle(bundle.repo_manifest, disposition);
+    const graphBundle = root
+        ? await buildGraphBundleFromFs(bundle.repo_manifest, root, disposition)
+        : buildGraphBundle(bundle.repo_manifest, disposition);
     const criticalFlows = buildCriticalFlowManifest(bundle.repo_manifest, surfaceManifest, disposition);
     const riskRegister = buildRiskRegister(unitManifest, criticalFlows, externalAnalyzerResults);
     return {
@@ -137,6 +177,14 @@ export async function runPlanningExecutor(bundle, root, lineIndex = {}) {
         ...task,
         status: task.status ?? "pending",
     }));
+    const reviewPackets = buildReviewPackets(taggedAuditTasks, {
+        graphBundle: bundle.graph_bundle,
+        lineIndex,
+    });
+    const auditPlanMetrics = buildAuditPlanMetrics(taggedAuditTasks, {
+        graphBundle: bundle.graph_bundle,
+        lineIndex,
+    });
     const requeuePayload = buildRequeuePayload(coverage, bundle.critical_flows, flowCoverage, externalAnalyzerResults);
     return {
         updated: {
@@ -146,6 +194,8 @@ export async function runPlanningExecutor(bundle, root, lineIndex = {}) {
             runtime_validation_tasks: runtimeValidationTasks,
             runtime_validation_report: runtimeValidationReport,
             audit_tasks: taggedAuditTasks,
+            audit_plan_metrics: auditPlanMetrics,
+            review_packets: reviewPackets,
             requeue_tasks: requeuePayload.tasks,
             audit_report: undefined,
         },
@@ -155,9 +205,11 @@ export async function runPlanningExecutor(bundle, root, lineIndex = {}) {
             "runtime_validation_tasks.json",
             ...(runtimeValidationReport ? ["runtime_validation_report.json"] : []),
             "audit_tasks.json",
+            "audit_plan_metrics.json",
+            "review_packets.json",
             "requeue_tasks.json",
         ],
-        progress_summary: `Built planning artifacts; generated ${taggedAuditTasks.length} review blocks and ${requeuePayload.task_count} requeue tasks.` +
+        progress_summary: `Built planning artifacts; generated ${taggedAuditTasks.length} review tasks in ${reviewPackets.length} packet(s) and ${requeuePayload.task_count} requeue tasks.` +
             (skippedTrivialPaths.length > 0
                 ? ` Skipped ${skippedTrivialPaths.length} trivial path${skippedTrivialPaths.length === 1 ? "" : "s"} from semantic review.`
                 : "") +
@@ -188,19 +240,25 @@ export function runResultIngestionExecutor(bundle, results) {
         : bundle.runtime_validation_report;
     const requeuePayload = buildRequeuePayload(updatedCoverageMatrix, bundle.critical_flows, flowCoverage, bundle.external_analyzer_results);
     const mergedResults = [...(bundle.audit_results ?? []), ...results];
-    const updatedAuditTasks = updateAuditTaskStatuses(bundle.audit_tasks, mergedResults);
+    const completedAuditTasks = updateAuditTaskStatuses(bundle.audit_tasks, mergedResults);
+    const baseUpdatedBundle = {
+        ...bundle,
+        coverage_matrix: updatedCoverageMatrix,
+        flow_coverage: flowCoverage,
+        runtime_validation_tasks: runtimeValidationTasks,
+        runtime_validation_report: runtimeValidationReport,
+        audit_results: mergedResults,
+        audit_tasks: completedAuditTasks,
+        requeue_tasks: requeuePayload.tasks,
+        audit_report: undefined,
+    };
+    const selectiveDeepening = appendSelectiveDeepeningTasks({
+        bundle: baseUpdatedBundle,
+        results: mergedResults,
+        runtimeValidationReport,
+    });
     return {
-        updated: {
-            ...bundle,
-            coverage_matrix: updatedCoverageMatrix,
-            flow_coverage: flowCoverage,
-            runtime_validation_tasks: runtimeValidationTasks,
-            runtime_validation_report: runtimeValidationReport,
-            audit_results: mergedResults,
-            audit_tasks: updatedAuditTasks,
-            requeue_tasks: requeuePayload.tasks,
-            audit_report: undefined,
-        },
+        updated: selectiveDeepening.bundle,
         artifacts_written: [
             "coverage_matrix.json",
             "flow_coverage.json",
@@ -208,9 +266,13 @@ export function runResultIngestionExecutor(bundle, results) {
             ...(runtimeValidationReport ? ["runtime_validation_report.json"] : []),
             "audit_results.jsonl",
             "audit_tasks.json",
+            ...selectiveDeepening.artifacts.filter((artifact) => artifact !== "audit_tasks.json"),
             "requeue_tasks.json",
         ],
-        progress_summary: `Ingested ${results.length} audit result entries and refreshed dependent artifacts.`,
+        progress_summary: `Ingested ${results.length} audit result entries and refreshed dependent artifacts.` +
+            (selectiveDeepening.taskCount > 0
+                ? ` Added ${selectiveDeepening.taskCount} selective deepening task(s).`
+                : ""),
     };
 }
 export async function runRuntimeValidationExecutor(bundle, root) {
@@ -247,16 +309,29 @@ export async function runRuntimeValidationExecutor(bundle, root) {
             notes: [`Target paths: ${task.target_paths.join(", ")}`],
         });
     }
+    const runtimeValidationReport = {
+        results: [...byTaskId.values()].sort((a, b) => a.task_id.localeCompare(b.task_id)),
+    };
+    const baseUpdatedBundle = {
+        ...bundle,
+        runtime_validation_report: runtimeValidationReport,
+        audit_report: undefined,
+    };
+    const selectiveDeepening = appendSelectiveDeepeningTasks({
+        bundle: baseUpdatedBundle,
+        results: bundle.audit_results ?? [],
+        runtimeValidationReport,
+    });
     return {
-        updated: {
-            ...bundle,
-            runtime_validation_report: {
-                results: [...byTaskId.values()].sort((a, b) => a.task_id.localeCompare(b.task_id)),
-            },
-            audit_report: undefined,
-        },
-        artifacts_written: ["runtime_validation_report.json"],
-        progress_summary: `Executed deterministic runtime validation for ${bundle.runtime_validation_tasks.tasks.length} task(s).`,
+        updated: selectiveDeepening.bundle,
+        artifacts_written: [
+            "runtime_validation_report.json",
+            ...selectiveDeepening.artifacts,
+        ],
+        progress_summary: `Executed deterministic runtime validation for ${bundle.runtime_validation_tasks.tasks.length} task(s).` +
+            (selectiveDeepening.taskCount > 0
+                ? ` Added ${selectiveDeepening.taskCount} selective deepening task(s).`
+                : ""),
     };
 }
 export function runRuntimeValidationUpdateExecutor(bundle, updates) {
@@ -265,14 +340,26 @@ export function runRuntimeValidationUpdateExecutor(bundle, updates) {
     }
     const existingReport = bundle.runtime_validation_report ?? { results: [] };
     const mergedReport = updateRuntimeValidationReport(bundle.runtime_validation_tasks, existingReport, updates);
+    const baseUpdatedBundle = {
+        ...bundle,
+        runtime_validation_report: mergedReport,
+        audit_report: undefined,
+    };
+    const selectiveDeepening = appendSelectiveDeepeningTasks({
+        bundle: baseUpdatedBundle,
+        results: bundle.audit_results ?? [],
+        runtimeValidationReport: mergedReport,
+    });
     return {
-        updated: {
-            ...bundle,
-            runtime_validation_report: mergedReport,
-            audit_report: undefined,
-        },
-        artifacts_written: ["runtime_validation_report.json"],
-        progress_summary: `Merged ${updates.results.length} runtime validation updates.`,
+        updated: selectiveDeepening.bundle,
+        artifacts_written: [
+            "runtime_validation_report.json",
+            ...selectiveDeepening.artifacts,
+        ],
+        progress_summary: `Merged ${updates.results.length} runtime validation updates.` +
+            (selectiveDeepening.taskCount > 0
+                ? ` Added ${selectiveDeepening.taskCount} selective deepening task(s).`
+                : ""),
     };
 }
 export function runSynthesisExecutor(bundle, results) {

package/dist/orchestrator/reviewPackets.d.ts

@@ -0,0 +1,14 @@
+import type { AuditTask } from "../types.js";
+import type { AuditPlanMetrics, ReviewPacket } from "../types/reviewPlanning.js";
+import type { GraphBundle } from "../types/graph.js";
+export interface BuildReviewPacketOptions {
+    graphBundle?: GraphBundle;
+    lineIndex?: Record<string, number>;
+    maxTasksPerPacket?: number;
+    targetPacketLines?: number;
+}
+export declare function buildReviewPackets(tasks: AuditTask[], options?: BuildReviewPacketOptions): ReviewPacket[];
+export declare function orderTasksForPacketReview(tasks: AuditTask[], options?: BuildReviewPacketOptions): AuditTask[];
+export declare function buildAuditPlanMetrics(tasks: AuditTask[], options?: BuildReviewPacketOptions & {
+    generatedAt?: Date;
+}): AuditPlanMetrics;