auditor-lambda 0.3.32 → 0.3.34

package/dist/quota/state.js

@@ -1,6 +1,7 @@
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import { withFileLock } from "./fileLock.js";
 const STATE_DIR = join(homedir(), ".audit-code");
 const STATE_PATH = join(STATE_DIR, "quota-state.json");
 // A bucket needs at least this much success weight before we trust it.
@@ -27,31 +28,38 @@ export function applyDecayToEntry(entry, halfLifeHours) {
     return { ...entry, buckets: decayed };
 }
 function isQuotaState(value) {
-    return (value !== null &&
-        typeof value === "object" &&
-        !Array.isArray(value) &&
-        value["version"] === 1 &&
-        typeof value["entries"] === "object");
+    if (value === null || typeof value !== "object" || Array.isArray(value))
+        return false;
+    const obj = value;
+    const version = obj["version"];
+    return (version === 1 || version === 2) && typeof obj["entries"] === "object";
 }
 export async function readQuotaState() {
     try {
         const raw = await readFile(STATE_PATH, "utf8");
         const parsed = JSON.parse(raw);
-        if (isQuotaState(parsed))
+        if (isQuotaState(parsed)) {
+            if (parsed.version === 1) {
+                for (const entry of Object.values(parsed.entries)) {
+                    entry.consecutive_429_count ??= 0;
+                }
+            }
             return parsed;
-        process.stderr.write(`[quota] ignoring invalid quota state at ${STATE_PATH}: expected { version: 1, entries: object }\n`);
+        }
+        process.stderr.write(`[quota] ignoring invalid quota state at ${STATE_PATH}: expected { version: 1|2, entries: object }\n`);
     }
     catch (error) {
         if (error.code === "ENOENT") {
-            return { version: 1, entries: {} };
+            return { version: 2, entries: {} };
         }
         process.stderr.write(`[quota] ignoring unreadable quota state at ${STATE_PATH}: ${error instanceof Error ? error.message : String(error)}\n`);
     }
-    return { version: 1, entries: {} };
+    return { version: 2, entries: {} };
 }
 export async function writeQuotaState(state) {
     await mkdir(STATE_DIR, { recursive: true });
-    await writeFile(STATE_PATH, JSON.stringify(state, null, 2) + "\n", "utf8");
+    const normalized = { ...state, version: 2 };
+    await writeFile(STATE_PATH, JSON.stringify(normalized, null, 2) + "\n", "utf8");
 }
 /**
  * Returns the highest concurrency level for which decayed success evidence
@@ -74,14 +82,39 @@ export function computeMaxSafeConcurrency(entry, halfLifeHours, maxToCheck = 32)
     }
     return maxSafe;
 }
+const RAMP_UP_MIN_SUCCESSES = 2;
+export function computeRampUpConcurrency(entry, halfLifeHours, maxToCheck = 32) {
+    const maxSafe = computeMaxSafeConcurrency(entry, halfLifeHours, maxToCheck);
+    const decayed = applyDecayToEntry(entry, halfLifeHours);
+    const bucket = decayed.buckets[String(maxSafe)];
+    if (bucket &&
+        bucket.success_weight >= RAMP_UP_MIN_SUCCESSES &&
+        bucket.failure_weight === 0) {
+        return maxSafe + 1;
+    }
+    return maxSafe;
+}
 function blankEntry() {
     return { updated_at: new Date().toISOString(), buckets: {}, cooldown_until: null, last_429_at: null };
 }
+const BASE_COOLDOWN_MS = 60_000;
+const MAX_COOLDOWN_MS = 15 * 60_000;
+export function computeBackoffCooldownMs(consecutive429Count) {
+    const ms = BASE_COOLDOWN_MS * Math.pow(2, Math.max(0, consecutive429Count - 1));
+    return Math.min(ms, MAX_COOLDOWN_MS);
+}
+export function computeBackoffFailureWeight(consecutive429Count) {
+    return 1.0 + 0.5 * Math.max(0, consecutive429Count - 1);
+}
+const LOCK_PATH = STATE_PATH + ".lock";
 export async function recordWaveOutcome(providerModelKey, outcome, halfLifeHours) {
+    await withFileLock(LOCK_PATH, () => recordWaveOutcomeUnsafe(providerModelKey, outcome, halfLifeHours));
+}
+async function recordWaveOutcomeUnsafe(providerModelKey, outcome, halfLifeHours) {
     const state = await readQuotaState();
     const entry = applyDecayToEntry(state.entries[providerModelKey] ?? blankEntry(), halfLifeHours);
     if (outcome.outcome === "success") {
-        // Success at N proves 1..N are all safe
+        entry.consecutive_429_count = 0;
         for (let n = 1; n <= outcome.concurrency; n++) {
             const bucket = entry.buckets[String(n)] ?? { success_weight: 0, failure_weight: 0 };
             bucket.success_weight += 1.0;
@@ -89,13 +122,23 @@ export async function recordWaveOutcome(providerModelKey, outcome, halfLifeHours
         }
     }
     else {
+        const prev429Count = entry.consecutive_429_count ?? 0;
+        const new429Count = outcome.outcome === "rate_limited" ? prev429Count + 1 : prev429Count;
+        entry.consecutive_429_count = new429Count;
         entry.last_429_at = new Date().toISOString();
-        if (outcome.cooldown_until)
+        if (outcome.outcome === "rate_limited" && new429Count > 0) {
+            const backoffMs = computeBackoffCooldownMs(new429Count);
+            entry.cooldown_until = new Date(Date.now() + backoffMs).toISOString();
+        }
+        else if (outcome.cooldown_until) {
             entry.cooldown_until = outcome.cooldown_until;
-        // Failure at N marks N and above as unsafe
+        }
+        const failureWeight = outcome.outcome === "rate_limited"
+            ? computeBackoffFailureWeight(new429Count)
+            : 1.0;
         for (let n = outcome.concurrency; n <= outcome.concurrency + 4; n++) {
             const bucket = entry.buckets[String(n)] ?? { success_weight: 0, failure_weight: 0 };
-            bucket.failure_weight += 1.0;
+            bucket.failure_weight += failureWeight;
             entry.buckets[String(n)] = bucket;
         }
     }

package/dist/quota/types.d.ts

@@ -22,9 +22,10 @@ export interface QuotaStateEntry {
     buckets: Record<string, ConcurrencyBucket>;
     cooldown_until: string | null;
     last_429_at: string | null;
+    consecutive_429_count?: number;
 }
 export interface QuotaState {
-    version: 1;
+    version: 1 | 2;
     entries: Record<string, QuotaStateEntry>;
 }
 export interface WaveSchedule {
@@ -36,9 +37,15 @@ export interface WaveSchedule {
     resolved_limits: ResolvedLimits;
     host_concurrency_limit: HostConcurrencyLimit | null;
     model: string | null;
+    quota_source_snapshot?: import("./quotaSource.js").QuotaUsageSnapshot | null;
+}
+export interface BackoffState {
+    consecutive_429_count: number;
+    current_cooldown_ms: number;
+    current_failure_weight: number;
 }
 export interface DispatchQuota {
-    contract_version: "audit-code-dispatch-quota/v1alpha1";
+    contract_version: "audit-code-dispatch-quota/v1alpha1" | "audit-code-dispatch-quota/v1alpha2";
     run_id: string;
     model: string | null;
     resolved_limits: ResolvedLimits;
@@ -48,6 +55,8 @@ export interface DispatchQuota {
     wave_size: number;
     estimated_wave_tokens: number;
     cooldown_until: string | null;
+    quota_source_snapshot?: import("./quotaSource.js").QuotaUsageSnapshot | null;
+    backoff_state?: BackoffState | null;
 }
 export interface ObservedWaveOutcome {
     concurrency: number;

package/dist/supervisor/operatorHandoff.js

@@ -168,7 +168,7 @@ function renderMarkdown(handoff) {
             lines.push(`- ${command}`);
         }
         if (handoff.active_review_run) {
-            lines.push("- Use next-step so the backend renders either packet dispatch or single-task fallback after the host reports capabilities.");
+            lines.push("- Use next-step so the backend renders either packet dispatch or single-task fallback from CLI flags, session config, environment, or the default single-task path.");
         }
     }
     if (handoff.active_review_run) {

package/dist/types/sessionConfig.d.ts

@@ -44,6 +44,8 @@ export interface QuotaConfig {
     reserved_output_tokens?: number;
     /** Half-life of empirical success/failure evidence in hours (default: 24). */
     empirical_half_life_hours?: number;
+    /** Allow the scheduler to try concurrency maxSafe+1 after consecutive successes (default: true). */
+    ramp_up_enabled?: boolean;
     /** Hard host ceiling for simultaneously active conversation subagents. */
     host_active_subagent_limit?: number;
     /** Per-model overrides keyed by "provider/model". */
@@ -63,6 +65,7 @@ export interface SessionConfig {
     provider?: ProviderName;
     timeout_ms?: number;
     ui_mode?: SessionUiMode;
+    host_can_dispatch_subagents?: boolean;
     subprocess_template?: SubprocessTemplateConfig;
     claude_code?: ClaudeCodeConfig;
     opencode?: OpenCodeConfig;

package/dist/validation/sessionConfig.js

@@ -151,6 +151,10 @@ export function validateSessionConfig(value) {
             pushIssue(issues, "ui_mode", `ui_mode must be one of: ${Array.from(VALID_UI_MODES).join(", ")}.`);
         }
     }
+    if (value.host_can_dispatch_subagents !== undefined &&
+        typeof value.host_can_dispatch_subagents !== "boolean") {
+        pushIssue(issues, "host_can_dispatch_subagents", "host_can_dispatch_subagents must be a boolean when provided.");
+    }
     validateTemplateProviderSection(value.subprocess_template, "subprocess_template", issues, provider === "subprocess-template");
     validateTemplateProviderSection(value.vscode_task, "vscode_task", issues, provider === "vscode-task");
     validateAgentProviderSection(value.claude_code, "claude_code", issues);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.32",
+  "version": "0.3.34",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/schemas/dispatch_quota.schema.json

@@ -1,6 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "$id": "audit-code-dispatch-quota/v1alpha1",
+  "$id": "audit-code-dispatch-quota/v1alpha2",
   "title": "DispatchQuota",
   "description": "Quota schedule for a prepare-dispatch run. Written beside dispatch-plan.json. Hosts must launch at most wave_size packets per wave, then re-read this file before the next wave to pick up any updated limits.",
   "type": "object",
@@ -20,7 +20,7 @@
   "properties": {
     "contract_version": {
       "type": "string",
-      "const": "audit-code-dispatch-quota/v1alpha1"
+      "enum": ["audit-code-dispatch-quota/v1alpha1", "audit-code-dispatch-quota/v1alpha2"]
     },
     "run_id": {
       "type": "string",
@@ -97,6 +97,27 @@
       "type": ["string", "null"],
       "format": "date-time",
       "description": "If non-null, the host should wait until this timestamp before launching the next wave."
+    },
+    "quota_source_snapshot": {
+      "type": ["object", "null"],
+      "description": "Real-time usage snapshot from a QuotaSource, if available.",
+      "properties": {
+        "remaining_pct": { "type": ["number", "null"] },
+        "reset_at": { "type": ["string", "null"], "format": "date-time" },
+        "requests_remaining": { "type": ["integer", "null"] },
+        "tokens_remaining": { "type": ["integer", "null"] },
+        "captured_at": { "type": "string", "format": "date-time" },
+        "source": { "type": "string" }
+      }
+    },
+    "backoff_state": {
+      "type": ["object", "null"],
+      "description": "Exponential backoff state for repeated rate-limit errors.",
+      "properties": {
+        "consecutive_429_count": { "type": "integer", "minimum": 0 },
+        "current_cooldown_ms": { "type": "integer", "minimum": 0 },
+        "current_failure_weight": { "type": "number", "minimum": 0 }
+      }
     }
   }
 }

package/skills/audit-code/audit-code.prompt.md

@@ -40,6 +40,11 @@ follow only that prompt. Do not read packet prompts, schemas, command catalogs,
 or handoff files unless the current step prompt explicitly instructs you to do
 so.
 
+Use MCP tools only as a compatibility adapter when direct shell access to
+`audit-code next-step` is unavailable. The MCP `start_audit` and
+`continue_audit` tools return the same one-step contract; they are not a
+separate orchestration path.
+
 When a step prompt tells you to continue, run `audit-code next-step` again and
 follow only the newly returned `prompt_path`.