auditor-lambda 0.3.30 → 0.3.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/README.md +2 -1
  2. package/audit-code-wrapper-lib.mjs +208 -198
  3. package/dist/cli.d.ts +5 -0
  4. package/dist/cli.js +65 -101
  5. package/dist/extractors/risk.js +6 -4
  6. package/dist/io/artifacts.d.ts +2 -0
  7. package/dist/io/artifacts.js +1 -0
  8. package/dist/io/toolingManifest.d.ts +1 -0
  9. package/dist/io/toolingManifest.js +1 -1
  10. package/dist/mcp/server.d.ts +71 -0
  11. package/dist/mcp/server.js +261 -222
  12. package/dist/orchestrator/artifactFreshness.d.ts +4 -0
  13. package/dist/orchestrator/artifactFreshness.js +45 -0
  14. package/dist/orchestrator/artifactMetadata.js +2 -51
  15. package/dist/orchestrator/dependencyMap.js +14 -0
  16. package/dist/orchestrator/internalExecutors.js +8 -0
  17. package/dist/orchestrator/staleness.js +2 -46
  18. package/dist/orchestrator/state.js +1 -1
  19. package/dist/orchestrator/syntaxResolutionExecutor.js +121 -13
  20. package/dist/orchestrator/unitBuilder.js +2 -1
  21. package/dist/providers/spawnLoggedCommand.js +71 -18
  22. package/dist/providers/types.d.ts +5 -0
  23. package/dist/quota/scheduler.js +10 -2
  24. package/dist/quota/state.js +6 -2
  25. package/dist/supervisor/operatorHandoff.js +1 -1
  26. package/dist/types/externalAnalyzer.d.ts +10 -0
  27. package/dist/types/sessionConfig.d.ts +1 -0
  28. package/dist/types/workerSession.js +1 -2
  29. package/dist/validation/artifacts.js +36 -0
  30. package/dist/validation/sessionConfig.js +4 -0
  31. package/package.json +1 -1
  32. package/schemas/audit_task.schema.json +2 -2
  33. package/schemas/risk_register.schema.json +1 -1
  34. package/schemas/unit_manifest.schema.json +2 -1
  35. package/scripts/postinstall.mjs +10 -41
  36. package/skills/audit-code/audit-code.prompt.md +5 -0
package/schemas/risk_register.schema.json CHANGED
@@ -15,7 +15,7 @@
15
15
  "risk_score": {
16
16
  "type": "number",
17
17
  "minimum": 0,
18
- "maximum": 1
18
+ "maximum": 10
19
19
  },
20
20
  "signals": {
21
21
  "type": "array",
package/schemas/unit_manifest.schema.json CHANGED
@@ -21,7 +21,8 @@
21
21
  },
22
22
  "risk_score": {
23
23
  "type": "number",
24
- "minimum": 0
24
+ "minimum": 0,
25
+ "maximum": 10
25
26
  },
26
27
  "required_lenses": {
27
28
  "type": "array",
package/scripts/postinstall.mjs CHANGED
@@ -200,26 +200,6 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
200
200
  ].join('\n');
201
201
  }
202
202
 
203
- function splitFrontmatter(text) {
204
- const normalized = text.replace(/\r\n/g, '\n');
205
- const match = normalized.match(/^---\n[\s\S]*?\n---\n?/u);
206
- return { body: match ? normalized.slice(match[0].length) : normalized };
207
- }
208
-
209
- function renderAntigravityToml(description, promptBody) {
210
- const escaped = promptBody.replace(/"""/g, '\\"\\"\\"');
211
- return `description = ${JSON.stringify(description)}\nprompt = """\n${escaped}"""\n`;
212
- }
213
-
214
- function mergeExtensionEnablement(existing, extensionName) {
215
- const parsed = existing ? JSON.parse(existing) : {};
216
- if (!parsed[extensionName]) {
217
- const homePrefix = replaceBackslashes(join(homedir(), '*'));
218
- parsed[extensionName] = { overrides: [`/${homePrefix}`] };
219
- }
220
- return parsed;
221
- }
222
-
223
203
  function objectValue(value) {
224
204
  return value && typeof value === 'object' && !Array.isArray(value)
225
205
  ? value
@@ -379,7 +359,6 @@ if (!promptSource || !skillSource) {
379
359
  process.exit(0);
380
360
  }
381
361
 
382
- const promptBody = splitFrontmatter(promptSource.toString('utf8')).body;
383
362
  const codexOpenAiAgentSource = readOptionalSource(codexOpenAiAgentSourceFile, 'Codex skill UI metadata');
384
363
 
385
364
  const installs = [
@@ -448,30 +427,20 @@ try {
448
427
  console.warn(` ${opencodeGlobalConfig}`);
449
428
  }
450
429
 
451
- // Install Antigravity extension (Gemini IDE slash command)
452
- const antigravityExtDir = join(homedir(), '.gemini', 'extensions', 'audit-code');
453
- const antigravityManifestPath = join(antigravityExtDir, 'gemini-extension.json');
454
- const antigravityCommandPath = join(antigravityExtDir, 'commands', 'audit-code.toml');
455
- const antigravityEnablementPath = join(homedir(), '.gemini', 'extensions', 'extension-enablement.json');
430
+ // Install Antigravity plugin (global skill for Gemini IDE / Antigravity Hub)
431
+ const antigravityPluginDir = join(homedir(), '.gemini', 'config', 'plugins', 'audit-code');
432
+ const antigravityPluginJsonPath = join(antigravityPluginDir, 'plugin.json');
433
+ const antigravityPluginSkillPath = join(antigravityPluginDir, 'skills', 'SKILL.md');
456
434
 
457
435
  try {
458
- const manifestAction = writeGeneratedFile(
459
- antigravityManifestPath,
436
+ const pluginJsonAction = writeGeneratedFile(
437
+ antigravityPluginJsonPath,
460
438
  Buffer.from(JSON.stringify({ name: 'audit-code', version: '1.0.0' }, null, 2) + '\n'),
461
439
  );
462
- console.log(`audit-code: ${manifestAction} Antigravity extension manifest at ${antigravityManifestPath}`);
440
+ console.log(`audit-code: ${pluginJsonAction} Antigravity plugin manifest at ${antigravityPluginJsonPath}`);
463
441
 
464
- const tomlContent = renderAntigravityToml(
465
- 'Autonomous local loop code auditing - loads one backend-rendered audit step at a time',
466
- promptBody,
467
- );
468
- const commandAction = writeGeneratedFile(antigravityCommandPath, Buffer.from(tomlContent));
469
- console.log(`audit-code: ${commandAction} Antigravity command at ${antigravityCommandPath}`);
470
-
471
- const enablementAction = installMergedJson(antigravityEnablementPath, (existing) =>
472
- mergeExtensionEnablement(existing, 'audit-code'),
473
- );
474
- console.log(`audit-code: ${enablementAction} Antigravity extension enablement at ${antigravityEnablementPath}`);
442
+ const skillAction = writeGeneratedFile(antigravityPluginSkillPath, skillSource);
443
+ console.log(`audit-code: ${skillAction} Antigravity plugin skill at ${antigravityPluginSkillPath}`);
475
444
  } catch (err) {
476
- console.warn(`audit-code: could not install Antigravity extension (${err.message})`);
445
+ console.warn(`audit-code: could not install Antigravity plugin (${err.message})`);
477
446
  }
package/skills/audit-code/audit-code.prompt.md CHANGED
@@ -40,6 +40,11 @@ follow only that prompt. Do not read packet prompts, schemas, command catalogs,
40
40
  or handoff files unless the current step prompt explicitly instructs you to do
41
41
  so.
42
42
 
43
+ Use MCP tools only as a compatibility adapter when direct shell access to
44
+ `audit-code next-step` is unavailable. The MCP `start_audit` and
45
+ `continue_audit` tools return the same one-step contract; they are not a
46
+ separate orchestration path.
47
+
43
48
  When a step prompt tells you to continue, run `audit-code next-step` again and
44
49
  follow only the newly returned `prompt_path`.
45
50