auditor-lambda 0.3.3 → 0.3.5

package/dist/supervisor/operatorHandoff.js

@@ -69,13 +69,7 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError, activeReviewR
         return [];
     }
     if (activeReviewRun) {
-        return [
-            {
-                flag: "--results",
-                suggested_path: activeReviewRun.audit_results_path,
-                description: "Write structured audit-review results for the currently dispatched run, then execute the exact worker command below to ingest them.",
-            },
-        ];
+        return [];
     }
     const incomingDir = join(artifactsDir, INCOMING_DIRNAME);
     return [
@@ -101,12 +95,21 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError, activeReviewR
         },
     ];
 }
-function buildSuggestedCommands(suggestedInputs, status, activeReviewRun) {
+function buildSuggestedCommands(artifactsDir, suggestedInputs, status, activeReviewRun) {
     if (status !== BLOCKED_STATUS) {
         return [];
     }
     if (activeReviewRun) {
-        return [renderShellCommand(activeReviewRun.worker_command)];
+        return [
+            renderShellCommand([
+                "audit-code",
+                "prepare-dispatch",
+                "--run-id",
+                activeReviewRun.run_id,
+                "--artifacts-dir",
+                artifactsDir,
+            ]),
+        ];
     }
     return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
 }
@@ -216,17 +219,25 @@ export function buildAuditCodeHandoff(params) {
         summary: buildSummary(params.state.status, params.providerName ?? null, params.progressSummary),
         pending_obligations: buildPendingObligations(params.state),
         suggested_inputs: suggestedInputs,
-        suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status, params.activeReviewRun),
+        suggested_commands: buildSuggestedCommands(params.artifactsDir, suggestedInputs, params.state.status, params.activeReviewRun),
         interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config, isConfigError),
         artifact_paths: artifactPaths,
         active_review_run: params.activeReviewRun,
     };
     // Add quick_start command and file map when blocked for review
     if (params.state.status === BLOCKED_STATUS && params.activeReviewRun) {
-        handoff.quick_start = `audit-code worker-run --task ${params.activeReviewRun.task_path}`;
+        handoff.quick_start = renderShellCommand([
+            "audit-code",
+            "prepare-dispatch",
+            "--run-id",
+            params.activeReviewRun.run_id,
+            "--artifacts-dir",
+            params.artifactsDir,
+        ]);
         handoff.file_map = {
             current_task: artifactPaths.current_task,
             current_prompt: artifactPaths.current_prompt,
+            dispatch_plan: join(params.artifactsDir, "runs", params.activeReviewRun.run_id, "dispatch-plan.json"),
             audit_results: params.activeReviewRun.audit_results_path,
             final_report: join(params.root, "audit-report.md"),
         };

package/dist/types/graph.d.ts

@@ -12,6 +12,7 @@ export interface GraphBundle {
     graphs: {
         imports?: GraphEdge[];
         calls?: GraphEdge[];
+        references?: GraphEdge[];
         routes?: RouteEdge[];
         [key: string]: unknown;
     };

package/dist/types/reviewPlanning.d.ts

@@ -0,0 +1,41 @@
+import type { AuditTask, Lens } from "../types.js";
+export interface ReviewPacket {
+    packet_id: string;
+    task_ids: string[];
+    unit_ids: string[];
+    pass_ids: string[];
+    lenses: Lens[];
+    file_paths: string[];
+    file_line_counts: Record<string, number>;
+    total_lines: number;
+    priority: NonNullable<AuditTask["priority"]>;
+    tags?: string[];
+    rationale: string;
+    estimated_tokens: number;
+}
+export interface AuditPlanMetrics {
+    generated_at: string;
+    task_count: number;
+    packet_count: number;
+    estimated_agent_reduction: number;
+    estimated_agent_reduction_ratio: number;
+    unique_file_count: number;
+    task_file_reference_count: number;
+    repeated_file_reference_count: number;
+    total_task_lines: number;
+    total_packet_lines: number;
+    repeated_line_reference_count: number;
+    min_task_lines: number;
+    max_task_lines: number;
+    average_task_lines: number;
+    largest_task_id?: string;
+    largest_packet_id?: string;
+    lens_task_counts: Partial<Record<Lens, number>>;
+    priority_task_counts: Record<NonNullable<AuditTask["priority"]>, number>;
+    packet_size: {
+        single_task_packets: number;
+        multi_task_packets: number;
+        max_tasks_per_packet: number;
+        max_files_per_packet: number;
+    };
+}

package/dist/types/reviewPlanning.js

@@ -0,0 +1 @@
+export {};

package/dist/types/sessionConfig.d.ts

@@ -10,6 +10,7 @@ export interface SubprocessTemplateConfig {
 export interface ClaudeCodeConfig {
     command?: string;
     extra_args?: string[];
+    dangerously_skip_permissions?: boolean;
 }
 export interface OpenCodeConfig {
     command?: string;

package/dist/validation/artifacts.js

@@ -40,6 +40,19 @@ export function validateArtifactBundle(bundle) {
     if (bundle.external_analyzer_results) {
         issues.push(...requireKeys(bundle.external_analyzer_results, "external_analyzer_results", ["tool", "results"]));
     }
+    if (bundle.audit_plan_metrics) {
+        issues.push(...requireKeys(bundle.audit_plan_metrics, "audit_plan_metrics", ["generated_at", "task_count", "packet_count"]));
+    }
+    if (bundle.review_packets) {
+        for (const [index, packet] of bundle.review_packets.entries()) {
+            issues.push(...requireKeys(packet, `review_packets:${index}`, [
+                "packet_id",
+                "task_ids",
+                "lenses",
+                "file_paths",
+            ]));
+        }
+    }
     if (bundle.tooling_manifest) {
         issues.push(...requireKeys(bundle.tooling_manifest, "tooling_manifest", ["generated_at", "package_root", "implementation_hash", "inputs"]));
     }

package/dist/validation/auditResults.js

@@ -57,6 +57,20 @@ function validateRequiredStringField(value, label, taskId, resultIndex, issues)
         });
     }
 }
+function validateExpectedStringField(value, label, expected, taskId, resultIndex, issues) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        return;
+    }
+    if (value !== expected) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: label,
+            message: `${label} must match the assigned task metadata ` +
+                `(expected '${expected}', got '${value}').`,
+        });
+    }
+}
 function validateFinding(finding, label, taskId, resultIndex) {
     const issues = [];
     if (!isRecord(finding)) {
@@ -237,6 +251,11 @@ export function validateAuditResults(results, tasks, options = {}) {
                 message: `Invalid lens '${result.lens}'. Must be one of: ${[...VALID_LENSES].join(", ")}.`,
             });
         }
+        if (task) {
+            validateExpectedStringField(result.unit_id, "unit_id", task.unit_id, taskId, i, issues);
+            validateExpectedStringField(result.pass_id, "pass_id", task.pass_id, taskId, i, issues);
+            validateExpectedStringField(result.lens, "lens", task.lens, taskId, i, issues);
+        }
         if (tasks.length > 0 && !task) {
             pushIssue(issues, {
                 result_index: i,
@@ -248,6 +267,7 @@ export function validateAuditResults(results, tasks, options = {}) {
         }
         const fileCoverage = result.file_coverage;
         const normalizedFileCoverage = [];
+        const declaredAssignedCoveragePaths = new Set();
         if (!Array.isArray(fileCoverage) || fileCoverage.length === 0) {
             pushIssue(issues, {
                 result_index: i,
@@ -281,7 +301,6 @@ export function validateAuditResults(results, tasks, options = {}) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
-                        severity: "warning",
                         field: `file_coverage[${j}].path`,
                         message: `file_coverage path '${entry.path}' is not listed in the task file_paths.`,
                     });
@@ -297,6 +316,10 @@ export function validateAuditResults(results, tasks, options = {}) {
                 else {
                     seenCoveragePaths.add(entry.path);
                 }
+                if (isNonEmptyString(entry.path) &&
+                    (!task || task.file_paths.includes(entry.path))) {
+                    declaredAssignedCoveragePaths.add(entry.path);
+                }
                 if (!Number.isInteger(entry.total_lines)) {
                     pushIssue(issues, {
                         result_index: i,
@@ -330,7 +353,8 @@ export function validateAuditResults(results, tasks, options = {}) {
                 }
                 if (isNonEmptyString(entry.path) &&
                     Number.isInteger(entry.total_lines) &&
-                    Number(entry.total_lines) >= 0) {
+                    Number(entry.total_lines) >= 0 &&
+                    (!task || task.file_paths.includes(entry.path))) {
                     normalizedFileCoverage.push({
                         path: entry.path,
                         total_lines: Number(entry.total_lines),
@@ -367,11 +391,35 @@ export function validateAuditResults(results, tasks, options = {}) {
             if (!isRecord(finding) || !Array.isArray(finding.affected_files)) {
                 continue;
             }
+            const expectedFindingLens = task?.lens ??
+                (typeof result.lens === "string" && VALID_LENSES.has(result.lens)
+                    ? result.lens
+                    : undefined);
+            if (expectedFindingLens &&
+                typeof finding.lens === "string" &&
+                finding.lens !== expectedFindingLens) {
+                pushIssue(issues, {
+                    result_index: i,
+                    task_id: taskId,
+                    field: `${label}.lens`,
+                    message: `${label}.lens must match the assigned task lens ` +
+                        `(expected '${expectedFindingLens}', got '${finding.lens}').`,
+                });
+            }
             for (let k = 0; k < finding.affected_files.length; k++) {
                 const affected = finding.affected_files[k];
                 if (!isRecord(affected) || !isNonEmptyString(affected.path)) {
                     continue;
                 }
+                if (!declaredAssignedCoveragePaths.has(affected.path)) {
+                    pushIssue(issues, {
+                        result_index: i,
+                        task_id: taskId,
+                        field: `${label}.affected_files[${k}].path`,
+                        message: `affected_files path '${affected.path}' is not in the declared assigned file_coverage.`,
+                    });
+                    continue;
+                }
                 if (!Number.isInteger(affected.line_start)) {
                     continue;
                 }

package/dist/validation/sessionConfig.js

@@ -74,6 +74,11 @@ function validateAgentProviderSection(value, path, issues) {
     if (value.extra_args !== undefined) {
         validateStringArray(value.extra_args, `${path}.extra_args`, "extra_args", issues, { allowEmptyArray: true });
     }
+    if (path === "claude_code" &&
+        value.dangerously_skip_permissions !== undefined &&
+        typeof value.dangerously_skip_permissions !== "boolean") {
+        pushIssue(issues, `${path}.dangerously_skip_permissions`, "dangerously_skip_permissions must be a boolean when provided.");
+    }
 }
 function commandExists(command) {
     const lookupCommand = process.platform === "win32" ? "where" : "which";

package/docs/agent-integrations.md

@@ -277,4 +277,7 @@ For a polished operator experience today:
 4. prefer `local-subprocess` unless you explicitly want a backend provider bridge
 5. use `subprocess-template` only when integrating a non-native editor or launcher surface
 
-If you intentionally want the backend fallback to bridge semantic review into another process, re-run with an explicit `--provider` flag after configuring the matching section in `.audit-artifacts/session-config.json`.
+If you intentionally want the backend fallback to bridge semantic review into
+another process, set the matching provider in
+`.audit-artifacts/session-config.json` or re-run with an explicit `--provider`
+flag after configuring the matching provider section.

package/docs/bootstrap-install.md

@@ -7,6 +7,9 @@ audit-code install
 ```
 
 That command installs the repo-local `/audit-code` surfaces we can automate today.
+It is also the single refresh path: rerun `audit-code install` after prompt or
+skill updates to rewrite the shared install assets and every generated
+host-specific surface from the same source files.
 
 After bootstrap, run:
 

package/docs/contract.md

@@ -25,7 +25,10 @@ Workers submit `AuditResult[]` shaped by `schemas/audit_result.schema.json`.
 Important rules:
 
 - `file_coverage` is required and must include every assigned file.
+- `file_coverage` must not include files outside the assigned task.
 - `file_coverage[].total_lines` must match the current file line count.
+- `task_id`, `unit_id`, `pass_id`, and `lens` must match the assigned task.
+- each finding lens must match the assigned task lens.
 - `findings[].affected_files` must be objects, not strings.
 - `findings[].evidence` must be an array of plain strings.