auditor-lambda 0.3.30 → 0.3.33

package/dist/orchestrator/dependencyMap.js

@@ -62,6 +62,20 @@ export const ARTIFACT_DEPENDENCY_MAP = {
         "runtime_validation_report.json",
         "audit-report.md",
     ],
+    "external_analyzer_results.json": [
+        "coverage_matrix.json",
+        "flow_coverage.json",
+        "audit_tasks.json",
+        "audit_plan_metrics.json",
+        "review_packets.json",
+        "requeue_tasks.json",
+        "runtime_validation_tasks.json",
+        "runtime_validation_report.json",
+        "audit-report.md",
+    ],
+    "syntax_resolution_status.json": [
+        "audit-report.md",
+    ],
     "audit_results.jsonl": [
         "coverage_matrix.json",
         "flow_coverage.json",

package/dist/orchestrator/internalExecutors.js

@@ -426,6 +426,14 @@ export function runExternalAnalyzerImportExecutor(bundle, externalResults) {
         updated: {
             ...bundle,
             external_analyzer_results: externalResults,
+            coverage_matrix: undefined,
+            flow_coverage: undefined,
+            runtime_validation_tasks: undefined,
+            runtime_validation_report: undefined,
+            audit_tasks: undefined,
+            audit_plan_metrics: undefined,
+            review_packets: undefined,
+            requeue_tasks: undefined,
             audit_report: undefined,
         },
         artifacts_written: ["external_analyzer_results.json"],

package/dist/orchestrator/staleness.js

@@ -1,56 +1,12 @@
-import { createHash } from "node:crypto";
 import { getArtifactValue } from "../io/artifacts.js";
 import { ARTIFACT_DEPENDENCY_MAP } from "./dependencyMap.js";
 import { present } from "./artifactMetadata.js";
-function stableStringify(value) {
-    if (value === undefined)
-        return "null";
-    if (value === null || typeof value !== "object")
-        return JSON.stringify(value);
-    if (Array.isArray(value))
-        return `[${value.map((item) => stableStringify(item ?? null)).join(",")}]`;
-    const entries = Object.entries(value)
-        .filter(([, item]) => item !== undefined)
-        .sort(([a], [b]) => a.localeCompare(b));
-    return `{${entries.map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
-}
-function normalizeForMetadataHash(artifactName, value) {
-    if (artifactName === "repo_manifest.json" &&
-        value &&
-        typeof value === "object" &&
-        !Array.isArray(value)) {
-        const record = value;
-        const { generated_at: _generatedAt, ...rest } = record;
-        return rest;
-    }
-    if (artifactName === "tooling_manifest.json" &&
-        value &&
-        typeof value === "object" &&
-        !Array.isArray(value)) {
-        const record = value;
-        const { generated_at: _generatedAt, ...rest } = record;
-        return rest;
-    }
-    return value;
-}
+import { buildReverseDependencyMap, hashArtifactValue, stableStringify, } from "./artifactFreshness.js";
 function computeContentHash(artifactName, bundle) {
     const value = getArtifactValue(bundle, artifactName);
     if (value === undefined || value === null)
         return undefined;
-    return createHash("sha256")
-        .update(stableStringify(normalizeForMetadataHash(artifactName, value)))
-        .digest("hex");
-}
-function buildReverseDependencyMap() {
-    const reverse = {};
-    for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENCY_MAP)) {
-        reverse[upstream] ??= [];
-        for (const downstream of downstreamList) {
-            reverse[downstream] ??= [];
-            reverse[downstream].push(upstream);
-        }
-    }
-    return reverse;
+    return hashArtifactValue(artifactName, value);
 }
 const REVERSE_DEPENDENCY_MAP = buildReverseDependencyMap();
 export function computeStaleArtifacts(bundle) {

package/dist/orchestrator/state.js

@@ -16,7 +16,7 @@ export function deriveAuditState(bundle) {
     obligations.push(obligation("repo_manifest", has(bundle.repo_manifest) ? "satisfied" : "missing"));
     obligations.push(obligation("file_disposition", staleOrSatisfied(staleArtifacts, ["file_disposition.json"], has(bundle.file_disposition))));
     obligations.push(obligation("auto_fixes_applied", staleOrSatisfied(staleArtifacts, ["file_disposition.json"], has(bundle.auto_fixes_applied))));
-    obligations.push(obligation("syntax_resolved", staleOrSatisfied(staleArtifacts, ["auto_fixes_applied.json"], has(bundle.external_analyzer_results))));
+    obligations.push(obligation("syntax_resolved", staleOrSatisfied(staleArtifacts, ["auto_fixes_applied.json", "syntax_resolution_status.json"], has(bundle.syntax_resolution_status))));
     const structureReady = has(bundle.unit_manifest) &&
         has(bundle.surface_manifest) &&
         has(bundle.graph_bundle) &&

package/dist/orchestrator/syntaxResolutionExecutor.js

@@ -39,6 +39,9 @@ function hasEslintConfig(root) {
         return false;
     }
 }
+function snippet(value) {
+    return value.replace(/\s+/g, " ").trim().slice(0, 500);
+}
 function runTsc(root) {
     const results = [];
     const command = runFirstAvailableCommand(root, [
@@ -46,7 +49,17 @@ function runTsc(root) {
         { command: "tsc", args: ["--noEmit"], display: "tsc --noEmit" },
     ]);
     if (!command || command.error) {
-        return results;
+        return {
+            results,
+            status: {
+                tool: "tsc",
+                command: command?.candidate.display,
+                resolved: Boolean(command),
+                status: command?.error ? "spawn_error" : "not_resolved",
+                exit_code: command?.exitCode,
+                error: command?.error?.message,
+            },
+        };
     }
     const output = [command.stdout, command.stderr].filter(Boolean).join("\n");
     const lines = output.split("\n");
@@ -65,17 +78,54 @@ function runTsc(root) {
         }
     }
     if (command.exitCode === 0 && output.trim().length === 0) {
-        return results;
+        return {
+            results,
+            status: {
+                tool: "tsc",
+                command: command.candidate.display,
+                resolved: true,
+                status: "success",
+                exit_code: command.exitCode,
+            },
+        };
     }
     if (results.length === 0 && output.trim().length > 0) {
-        process.stderr.write(`[syntax-resolution] tsc output could not be parsed: ${output.slice(0, 200)}\n`);
+        const outputSnippet = snippet(output);
+        process.stderr.write(`[syntax-resolution] tsc output could not be parsed: ${outputSnippet}\n`);
+        return {
+            results,
+            status: {
+                tool: "tsc",
+                command: command.candidate.display,
+                resolved: true,
+                status: "parse_error",
+                exit_code: command.exitCode,
+                output_snippet: outputSnippet,
+            },
+        };
     }
-    return results;
+    return {
+        results,
+        status: {
+            tool: "tsc",
+            command: command.candidate.display,
+            resolved: true,
+            status: results.length > 0 ? "findings" : "failed",
+            exit_code: command.exitCode,
+        },
+    };
 }
 function runEslint(root) {
     const results = [];
     if (!hasEslintConfig(root)) {
-        return results;
+        return {
+            results,
+            status: {
+                tool: "eslint",
+                resolved: false,
+                status: "skipped",
+            },
+        };
     }
     const command = runFirstAvailableCommand(root, [
         ...resolveNodeTool(root, join("node_modules", "eslint", "bin", "eslint.js"), [".", "--ext", ".ts,.js,.tsx,.jsx", "--format", "json"], "eslint . --ext .ts,.js,.tsx,.jsx --format json"),
@@ -86,11 +136,30 @@ function runEslint(root) {
         },
     ]);
     if (!command || command.error) {
-        return results;
+        return {
+            results,
+            status: {
+                tool: "eslint",
+                command: command?.candidate.display,
+                resolved: Boolean(command),
+                status: command?.error ? "spawn_error" : "not_resolved",
+                exit_code: command?.exitCode,
+                error: command?.error?.message,
+            },
+        };
     }
     const output = [command.stdout, command.stderr].filter(Boolean).join("\n").trim();
     if (output.length === 0) {
-        return results;
+        return {
+            results,
+            status: {
+                tool: "eslint",
+                command: command.candidate.display,
+                resolved: true,
+                status: "success",
+                exit_code: command.exitCode,
+            },
+        };
     }
     try {
         const parsed = JSON.parse(output);
@@ -111,18 +180,44 @@ function runEslint(root) {
         }
     }
     catch {
-        process.stderr.write(`[syntax-resolution] eslint output could not be parsed: ${output.slice(0, 200)}\n`);
+        const outputSnippet = snippet(output);
+        process.stderr.write(`[syntax-resolution] eslint output could not be parsed: ${outputSnippet}\n`);
+        return {
+            results,
+            status: {
+                tool: "eslint",
+                command: command.candidate.display,
+                resolved: true,
+                status: "parse_error",
+                exit_code: command.exitCode,
+                output_snippet: outputSnippet,
+            },
+        };
     }
-    return results;
+    return {
+        results,
+        status: {
+            tool: "eslint",
+            command: command.candidate.display,
+            resolved: true,
+            status: results.length > 0 ? "findings" : "success",
+            exit_code: command.exitCode,
+        },
+    };
 }
 export function runSyntaxResolutionExecutor(bundle, root) {
     const items = [];
+    const toolStatuses = [];
     if (hasTypeScriptConfig(root) &&
         bundle.file_disposition?.files.some((f) => f.path.endsWith(".ts"))) {
-        items.push(...runTsc(root));
+        const tsc = runTsc(root);
+        items.push(...tsc.results);
+        toolStatuses.push(tsc.status);
     }
     if (bundle.file_disposition?.files.some((f) => f.path.endsWith(".ts") || f.path.endsWith(".js"))) {
-        items.push(...runEslint(root));
+        const eslint = runEslint(root);
+        items.push(...eslint.results);
+        toolStatuses.push(eslint.status);
     }
     const existing = bundle.external_analyzer_results?.results ?? [];
     const merged = [...existing, ...items];
@@ -139,13 +234,26 @@ export function runSyntaxResolutionExecutor(bundle, root) {
     const resultsArtifact = {
         tool: "syntax_resolution_executor",
         results: deduped,
+        tool_statuses: toolStatuses,
     };
+    const diagnosticCount = toolStatuses.filter((status) => ["not_resolved", "spawn_error", "parse_error", "failed"].includes(status.status)).length;
     return {
         updated: {
             ...bundle,
             external_analyzer_results: resultsArtifact,
+            syntax_resolution_status: {
+                tool: "syntax_resolution_executor",
+                completed_at: new Date().toISOString(),
+                tool_statuses: toolStatuses,
+            },
         },
-        artifacts_written: ["external_analyzer_results.json"],
-        progress_summary: `Phase 2 Syntax Resolution complete. Extracted ${items.length} unfixable syntax/lint errors, triggering high-priority LLM resolution tasks.`,
+        artifacts_written: [
+            "external_analyzer_results.json",
+            "syntax_resolution_status.json",
+        ],
+        progress_summary: `Phase 2 Syntax Resolution complete. Extracted ${items.length} unfixable syntax/lint errors` +
+            (diagnosticCount > 0
+                ? ` with ${diagnosticCount} analyzer diagnostic(s).`
+                : ", triggering high-priority LLM resolution tasks."),
     };
 }

package/dist/orchestrator/unitBuilder.js

@@ -15,6 +15,7 @@ const LENS_MAP = {
     generated_vendor: ["maintainability"],
     unknown: ["correctness"],
 };
+const MAX_RISK_SCORE = 10;
 function inferUnitKind(path, isBrowserExtensionProject = false) {
     if (isBrowserExtensionProject) {
         const extensionKind = inferBrowserExtensionUnitKind(path);
@@ -171,7 +172,7 @@ export function buildUnitManifest(repoManifest, disposition) {
             (assignment.buckets.includes("security_sensitive") ? 3 : 0) +
             (assignment.buckets.includes("interface") ? 1 : 0) +
             (assignment.buckets.includes("data_layer") ? 1 : 0);
-        existing.risk_score = Math.max(existing.risk_score ?? 0, riskScore);
+        existing.risk_score = Math.min(MAX_RISK_SCORE, Math.max(existing.risk_score ?? 0, riskScore));
         existing.files = existing.files.sort((a, b) => a.localeCompare(b));
         existing.critical_flows = inferCriticalFlows(existing.files, existing.required_lenses);
         units.set(unitId, existing);

package/dist/providers/spawnLoggedCommand.js

@@ -3,8 +3,8 @@ import { spawn } from "node:child_process";
 const TERMINATION_SIGNAL = "SIGTERM";
 const FORCE_KILL_SIGNAL = "SIGKILL";
 const FORCE_KILL_GRACE_MS = 1_000;
-function tee(write, chunk) {
-    write.write(chunk);
+function formatCommand(command, args) {
+    return [command, ...args].join(" ");
 }
 // On Windows `command` must be the resolved .cmd / .exe path because `spawn`
 // does not consult PATH for executables without a shell. Callers should use
@@ -24,7 +24,12 @@ export async function spawnLoggedCommand(command, args, input, env, options = {}
         let timer;
         let heartbeat;
         let forceKillTimer;
-        const cleanup = () => {
+        let pendingLogWrites = 0;
+        let childClosed = false;
+        let closeCode = null;
+        let closeSignal = null;
+        let logsEnded = false;
+        const clearTimers = () => {
             if (timer) {
                 clearTimeout(timer);
             }
@@ -34,16 +39,30 @@ export async function spawnLoggedCommand(command, args, input, env, options = {}
             if (forceKillTimer) {
                 clearTimeout(forceKillTimer);
             }
-            stdoutLog.end();
-            stderrLog.end();
+        };
+        const endLogs = (callback) => {
+            if (logsEnded) {
+                callback();
+                return;
+            }
+            logsEnded = true;
+            let remaining = 2;
+            const done = () => {
+                remaining -= 1;
+                if (remaining === 0) {
+                    callback();
+                }
+            };
+            stdoutLog.end(done);
+            stderrLog.end(done);
         };
         const settle = (callback) => {
             if (settled) {
                 return;
             }
             settled = true;
-            cleanup();
-            callback();
+            clearTimers();
+            endLogs(callback);
         };
         const fail = (error) => {
             if (child && !child.killed) {
@@ -52,6 +71,37 @@ export async function spawnLoggedCommand(command, args, input, env, options = {}
             const normalized = error instanceof Error ? error : new Error(String(error));
             settle(() => reject(normalized));
         };
+        const writeLog = (write, chunk) => {
+            pendingLogWrites += 1;
+            write.write(chunk, () => {
+                pendingLogWrites -= 1;
+                maybeSettleFromClose();
+            });
+        };
+        const maybeSettleFromClose = () => {
+            if (!childClosed || pendingLogWrites > 0 || settled) {
+                return;
+            }
+            if (timedOut) {
+                settle(() => reject(new Error(`Fresh session timed out after ${input.timeoutMs}ms for run ${input.runId}.`)));
+                return;
+            }
+            settle(() => resolve({
+                accepted: closeCode === 0 && closeSignal === null,
+                processId: spawnedChild.pid,
+                exitCode: closeCode,
+                signal: closeSignal,
+                command: formatCommand(command, args),
+                args,
+                stdoutPath: input.stdoutPath,
+                stderrPath: input.stderrPath,
+                error: closeCode === 0 && closeSignal === null
+                    ? undefined
+                    : closeSignal
+                        ? `Provider command exited with signal ${closeSignal}.`
+                        : `Provider command exited with code ${closeCode}.`,
+            }));
+        };
         stdoutLog.on("error", fail);
         stderrLog.on("error", fail);
         let spawnedChild;
@@ -83,35 +133,38 @@ export async function spawnLoggedCommand(command, args, input, env, options = {}
         heartbeat = setInterval(() => {
             const elapsedMs = Date.now() - startedAt;
             const message = `[provider] run ${input.runId} still running after ${elapsedMs}ms\n`;
-            tee(stderrLog, message);
+            writeLog(stderrLog, message);
             if (input.uiMode === "visible") {
                 process.stderr.write(message);
             }
         }, 30_000);
         spawnedChild.stdout.on("data", (chunk) => {
-            tee(stdoutLog, chunk);
+            writeLog(stdoutLog, chunk);
             if (input.uiMode === "visible") {
                 process.stdout.write(chunk);
             }
         });
         spawnedChild.stderr.on("data", (chunk) => {
-            tee(stderrLog, chunk);
+            writeLog(stderrLog, chunk);
             if (input.uiMode === "visible") {
                 process.stderr.write(chunk);
             }
         });
         spawnedChild.on("error", fail);
         spawnedChild.on("exit", (code, signal) => {
-            if (timedOut) {
-                settle(() => reject(new Error(`Fresh session timed out after ${input.timeoutMs}ms for run ${input.runId}.`)));
+            if (!timedOut) {
                 return;
             }
-            settle(() => resolve({
-                accepted: true,
-                processId: spawnedChild.pid,
-                exitCode: code,
-                signal,
-            }));
+            childClosed = true;
+            closeCode = code;
+            closeSignal = signal;
+            maybeSettleFromClose();
+        });
+        spawnedChild.on("close", (code, signal) => {
+            childClosed = true;
+            closeCode = code;
+            closeSignal = signal;
+            maybeSettleFromClose();
         });
     });
 }

package/dist/providers/types.d.ts

@@ -15,6 +15,11 @@ export interface LaunchFreshSessionResult {
     processId?: number;
     exitCode?: number | null;
     signal?: string | null;
+    command?: string;
+    args?: string[];
+    stdoutPath?: string;
+    stderrPath?: string;
+    error?: string;
 }
 export interface FreshSessionProvider {
     name: string;

package/dist/quota/scheduler.js

@@ -1,4 +1,4 @@
-import { resolveLimits } from "./limits.js";
+import { classifyProvider, resolveLimits } from "./limits.js";
 import { computeMaxSafeConcurrency } from "./state.js";
 export function scheduleWave(options) {
     const { providerName, sessionConfig, hostModel, requestedConcurrency, estimatedPacketTokens = 0, quotaStateEntry = null, hostConcurrencyLimit = null, } = options;
@@ -56,7 +56,15 @@ export function scheduleWave(options) {
             const learnedCap = computeMaxSafeConcurrency(quotaStateEntry, halfLifeHours);
             waveSize = Math.min(waveSize, learnedCap);
         }
-        // No learned data: use requestedConcurrency and let 429 outcomes train the cap
+        else {
+            const providerType = classifyProvider(providerName);
+            const fallbackCap = providerType === "local"
+                ? quota.unknown_local_concurrency
+                : (quota.unknown_hosted_concurrency ?? 1);
+            if (typeof fallbackCap === "number" && Number.isFinite(fallbackCap)) {
+                waveSize = Math.min(waveSize, Math.max(1, Math.floor(fallbackCap)));
+            }
+        }
     }
     waveSize = applyHostConcurrencyLimit(waveSize);
     waveSize = Math.max(1, waveSize);

package/dist/quota/state.js

@@ -39,9 +39,13 @@ export async function readQuotaState() {
         const parsed = JSON.parse(raw);
         if (isQuotaState(parsed))
             return parsed;
+        process.stderr.write(`[quota] ignoring invalid quota state at ${STATE_PATH}: expected { version: 1, entries: object }\n`);
     }
-    catch {
-        // File not found or malformed — start fresh
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return { version: 1, entries: {} };
+        }
+        process.stderr.write(`[quota] ignoring unreadable quota state at ${STATE_PATH}: ${error instanceof Error ? error.message : String(error)}\n`);
     }
     return { version: 1, entries: {} };
 }

package/dist/supervisor/operatorHandoff.js

@@ -168,7 +168,7 @@ function renderMarkdown(handoff) {
             lines.push(`- ${command}`);
         }
         if (handoff.active_review_run) {
-            lines.push("- Use next-step so the backend renders either packet dispatch or single-task fallback after the host reports capabilities.");
+            lines.push("- Use next-step so the backend renders either packet dispatch or single-task fallback from CLI flags, session config, environment, or the default single-task path.");
         }
     }
     if (handoff.active_review_run) {

package/dist/types/externalAnalyzer.d.ts

@@ -19,10 +19,20 @@ export interface ExternalAnalyzerOwnershipRoot {
     confidence?: number;
     reason?: string;
 }
+export interface ExternalAnalyzerToolStatus {
+    tool: string;
+    command?: string;
+    resolved: boolean;
+    status: "skipped" | "success" | "findings" | "not_resolved" | "spawn_error" | "parse_error" | "failed";
+    exit_code?: number | null;
+    error?: string;
+    output_snippet?: string;
+}
 /** Imported analyzer output captured at a single generation time. */
 export interface ExternalAnalyzerResults {
     tool: string;
     generated_at?: string;
     ownership_roots?: ExternalAnalyzerOwnershipRoot[];
+    tool_statuses?: ExternalAnalyzerToolStatus[];
     results: ExternalAnalyzerResultItem[];
 }

package/dist/types/sessionConfig.d.ts

@@ -63,6 +63,7 @@ export interface SessionConfig {
     provider?: ProviderName;
     timeout_ms?: number;
     ui_mode?: SessionUiMode;
+    host_can_dispatch_subagents?: boolean;
     subprocess_template?: SubprocessTemplateConfig;
     claude_code?: ClaudeCodeConfig;
     opencode?: OpenCodeConfig;

package/dist/types/workerSession.js

@@ -1,5 +1,4 @@
 export const WORKER_COMMAND_MODES = ["run", "deferred"];
 export function usesDeferredWorkerCommand(task) {
-    return (task.worker_command_mode === "deferred" ||
-        task.skip_worker_command === true);
+    return task.worker_command_mode === "deferred";
 }

package/dist/validation/artifacts.js

@@ -5,6 +5,9 @@ function pushIssue(issues, path, message) {
 function asArray(value) {
     return Array.isArray(value) ? value : [];
 }
+function hasOwnProperty(value, key) {
+    return Object.prototype.hasOwnProperty.call(value, key);
+}
 export function validateArtifactBundle(bundle) {
     const issues = [];
     if (bundle.repo_manifest) {
@@ -50,6 +53,7 @@ export function validateArtifactBundle(bundle) {
                 "task_ids",
                 "lenses",
                 "file_paths",
+                "file_line_counts",
             ]));
         }
     }
@@ -66,6 +70,9 @@ export function validateArtifactBundle(bundle) {
     const runtimeValidationTasks = asArray(bundle.runtime_validation_tasks?.tasks);
     const runtimeValidationResults = asArray(bundle.runtime_validation_report?.results);
     const externalAnalyzerResults = asArray(bundle.external_analyzer_results?.results);
+    const auditTasks = asArray(bundle.audit_tasks);
+    const requeueTasks = asArray(bundle.requeue_tasks);
+    const reviewPackets = asArray(bundle.review_packets);
     const coverageFiles = asArray(bundle.coverage_matrix?.files);
     const repoPaths = new Set(repoManifestFiles.map((file) => file.path));
     const dispositionMap = new Map(fileDispositionEntries.map((item) => [item.path, item.status]));
@@ -216,5 +223,34 @@ export function validateArtifactBundle(bundle) {
             }
         }
     }
+    const taskGroups = [
+        { artifactPath: "audit_tasks", tasks: auditTasks },
+        { artifactPath: "requeue_tasks", tasks: requeueTasks },
+    ];
+    for (const { artifactPath, tasks } of taskGroups) {
+        for (const task of tasks) {
+            for (const [rangeIndex, range] of (task.line_ranges ?? []).entries()) {
+                const path = `${artifactPath}:${task.task_id}.line_ranges:${rangeIndex}`;
+                if (range.start < 1) {
+                    pushIssue(issues, path, "Line range start must be a positive 1-based integer");
+                }
+                if (range.end < 1) {
+                    pushIssue(issues, path, "Line range end must be a positive 1-based integer");
+                }
+                if (range.end < range.start) {
+                    pushIssue(issues, path, "Line range end must be greater than or equal to start");
+                }
+            }
+        }
+    }
+    if (bundle.review_packets) {
+        for (const [index, packet] of reviewPackets.entries()) {
+            const filePaths = asArray(packet.file_paths);
+            const missingPaths = filePaths.filter((path) => !hasOwnProperty(packet.file_line_counts ?? {}, path));
+            if (missingPaths.length > 0) {
+                pushIssue(issues, `review_packets:${packet.packet_id ?? index}`, `Every listed file must have a corresponding file_line_counts entry; missing ${missingPaths.join(", ")}`);
+            }
+        }
+    }
     return issues;
 }

package/dist/validation/sessionConfig.js

@@ -151,6 +151,10 @@ export function validateSessionConfig(value) {
             pushIssue(issues, "ui_mode", `ui_mode must be one of: ${Array.from(VALID_UI_MODES).join(", ")}.`);
         }
     }
+    if (value.host_can_dispatch_subagents !== undefined &&
+        typeof value.host_can_dispatch_subagents !== "boolean") {
+        pushIssue(issues, "host_can_dispatch_subagents", "host_can_dispatch_subagents must be a boolean when provided.");
+    }
     validateTemplateProviderSection(value.subprocess_template, "subprocess_template", issues, provider === "subprocess-template");
     validateTemplateProviderSection(value.vscode_task, "vscode_task", issues, provider === "vscode-task");
     validateAgentProviderSection(value.claude_code, "claude_code", issues);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.30",
+  "version": "0.3.33",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/schemas/audit_task.schema.json

@@ -38,8 +38,8 @@
         "required": ["path", "start", "end"],
         "properties": {
           "path": { "type": "string" },
-          "start": { "type": "integer" },
-          "end": { "type": "integer" }
+          "start": { "type": "integer", "minimum": 1 },
+          "end": { "type": "integer", "minimum": 1 }
         },
         "additionalProperties": false
       }