npm - auditor-lambda - Versions diffs - 0.3.37 → 0.3.39 - Mend

auditor-lambda 0.3.37 → 0.3.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/cli.js +102 -2
package/dist/extractors/designAssessment.d.ts +11 -0
package/dist/extractors/designAssessment.js +254 -0
package/dist/io/artifacts.d.ts +3 -0
package/dist/io/artifacts.js +1 -0
package/dist/orchestrator/advance.js +7 -1
package/dist/orchestrator/dependencyMap.js +5 -0
package/dist/orchestrator/designReviewPrompt.d.ts +2 -0
package/dist/orchestrator/designReviewPrompt.js +151 -0
package/dist/orchestrator/executors.js +10 -0
package/dist/orchestrator/internalExecutors.d.ts +2 -0
package/dist/orchestrator/internalExecutors.js +43 -0
package/dist/orchestrator/nextStep.js +2 -0
package/dist/orchestrator/state.js +2 -0
package/dist/providers/types.d.ts +6 -0
package/dist/quota/discoveredLimits.d.ts +21 -0
package/dist/quota/discoveredLimits.js +74 -0
package/dist/quota/headerExtraction.d.ts +8 -0
package/dist/quota/headerExtraction.js +140 -0
package/dist/quota/headerExtractors/claudeCodeHeaderExtractor.d.ts +6 -0
package/dist/quota/headerExtractors/claudeCodeHeaderExtractor.js +28 -0
package/dist/quota/headerExtractors/genericHeaderExtractor.d.ts +9 -0
package/dist/quota/headerExtractors/genericHeaderExtractor.js +7 -0
package/dist/quota/headerExtractors/index.d.ts +5 -0
package/dist/quota/headerExtractors/index.js +12 -0
package/dist/quota/index.d.ts +6 -0
package/dist/quota/index.js +3 -0
package/dist/quota/scheduler.d.ts +3 -0
package/dist/quota/scheduler.js +18 -1
package/dist/reporting/mergeFindings.d.ts +2 -1
package/dist/reporting/mergeFindings.js +13 -1
package/dist/reporting/synthesis.d.ts +2 -0
package/dist/reporting/synthesis.js +1 -1
package/dist/types/designAssessment.d.ts +7 -0
package/dist/types/designAssessment.js +1 -0
package/dist/types/sessionConfig.d.ts +3 -0
package/package.json +1 -1

package/dist/quota/scheduler.js CHANGED Viewed

@@ -7,7 +7,7 @@ function sumTopN(sorted, n) {
     return sum;
 }
 export function scheduleWave(options) {
-    const { providerName, sessionConfig, hostModel, requestedConcurrency, estimatedSlotTokens, estimatedPacketTokens = 0, quotaStateEntry = null, hostConcurrencyLimit = null, quotaSourceSnapshot = null, } = options;
+    const { providerName, sessionConfig, hostModel, requestedConcurrency, estimatedSlotTokens, estimatedPacketTokens = 0, quotaStateEntry = null, hostConcurrencyLimit = null, quotaSourceSnapshot = null, discoveredLimits = null, } = options;
     // Descending sort so sumTopN picks the largest slots
     const slotsSorted = estimatedSlotTokens
         ? [...estimatedSlotTokens].sort((a, b) => b - a)
@@ -44,6 +44,12 @@ export function scheduleWave(options) {
     const safetyMargin = quota.safety_margin ?? 0.8;
     const halfLifeHours = quota.empirical_half_life_hours ?? 24;
     const { limits, source, confidence } = resolveLimits({ providerName, sessionConfig, hostModel });
+    // Fill null RPM/TPM from discovered limits (provider query or header extraction)
+    if (discoveredLimits) {
+        limits.requests_per_minute ??= discoveredLimits.requests_per_minute ?? null;
+        limits.input_tokens_per_minute ??= discoveredLimits.input_tokens_per_minute ?? null;
+        limits.output_tokens_per_minute ??= discoveredLimits.output_tokens_per_minute ?? null;
+    }
     let waveSize = requestedConcurrency;
     let cooldownUntil = null;
     // Respect an active cooldown period
@@ -93,6 +99,17 @@ export function scheduleWave(options) {
             else if (typeof fallbackCap === "number" && Number.isFinite(fallbackCap)) {
                 waveSize = Math.min(waveSize, Math.max(1, Math.floor(fallbackCap)));
             }
+            // First-contact cap: when no learned history, no configured fallback, AND
+            // no RPM/TPM limits from any source, apply a conservative ceiling.
+            // This triggers only for unconfigured local providers (fallbackCap is
+            // undefined). Hosted providers default to 1 via unknown_hosted_concurrency,
+            // and "unlimited" is an explicit opt-out.
+            if (fallbackCap == null &&
+                limits.requests_per_minute == null &&
+                limits.input_tokens_per_minute == null) {
+                const firstContactCap = quota.first_contact_concurrency ?? 3;
+                waveSize = Math.min(waveSize, Math.max(1, firstContactCap));
+            }
         }
     }
     // Apply real-time quota source data if available

package/dist/reporting/mergeFindings.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { AuditResult, Finding } from "../types.js";
+import type { DesignAssessment } from "../types/designAssessment.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
-export declare function mergeFindings(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults): Finding[];
+export declare function mergeFindings(results: AuditResult[], runtimeReport?: RuntimeValidationReport, externalAnalyzerResults?: ExternalAnalyzerResults, designAssessment?: DesignAssessment): Finding[];

package/dist/reporting/mergeFindings.js CHANGED Viewed

@@ -236,8 +236,20 @@ function relevantExternalEvidence(finding, results) {
         .filter((item) => findingPaths.has(item.path))
         .map((item) => `external:${results.tool}:${item.path}:${item.summary}`);
 }
-export function mergeFindings(results, runtimeReport, externalAnalyzerResults) {
+export function mergeFindings(results, runtimeReport, externalAnalyzerResults, designAssessment) {
     const merged = new Map();
+    const allDesignFindings = [
+        ...(designAssessment?.findings ?? []),
+        ...(designAssessment?.review_findings ?? []),
+    ];
+    for (const finding of allDesignFindings) {
+        const key = findingKey(finding);
+        merged.set(key, {
+            ...finding,
+            affected_files: [...finding.affected_files],
+            evidence: [...(finding.evidence ?? [])],
+        });
+    }
     for (const result of results) {
         for (const finding of result.findings) {
             const key = findingKey(finding);

package/dist/reporting/synthesis.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { AuditResult, CoverageMatrix, Finding, UnitManifest } from "../types.js";
+import type { DesignAssessment } from "../types/designAssessment.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { CriticalFlowManifest } from "../types/flows.js";
 import type { GraphBundle } from "../types/graph.js";
@@ -25,5 +26,6 @@ export declare function buildAuditReportModel(params: {
     coverageMatrix?: CoverageMatrix;
     runtimeValidationReport?: RuntimeValidationReport;
     externalAnalyzerResults?: ExternalAnalyzerResults;
+    designAssessment?: DesignAssessment;
 }): AuditReportModel;
 export declare function renderAuditReportMarkdown(model: AuditReportModel): string;

package/dist/reporting/synthesis.js CHANGED Viewed

@@ -32,7 +32,7 @@ function formatSeverityList(summary) {
     return parts.length > 0 ? parts.join(", ") : "none";
 }
 export function buildAuditReportModel(params) {
-    const findings = mergeFindings(params.results, params.runtimeValidationReport, params.externalAnalyzerResults);
+    const findings = mergeFindings(params.results, params.runtimeValidationReport, params.externalAnalyzerResults, params.designAssessment);
     const workBlocks = buildWorkBlocks({
         findings,
         unitManifest: params.unitManifest,

package/dist/types/designAssessment.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Finding } from "../types.js";
+export interface DesignAssessment {
+    generated_at: string;
+    findings: Finding[];
+    review_findings?: Finding[];
+    reviewed?: boolean;
+}

package/dist/types/designAssessment.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/types/sessionConfig.d.ts CHANGED Viewed

@@ -46,6 +46,9 @@ export interface QuotaConfig {
     empirical_half_life_hours?: number;
     /** Allow the scheduler to try concurrency maxSafe+1 after consecutive successes (default: true). */
     ramp_up_enabled?: boolean;
+    /** Conservative concurrency cap for the first wave when no learned history
+     *  and no discovered RPM/TPM limits exist (default: 3). */
+    first_contact_concurrency?: number;
     /** Hard host ceiling for simultaneously active conversation subagents. */
     host_active_subagent_limit?: number;
     /** Per-model overrides keyed by "provider/model". */

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.37",
+  "version": "0.3.39",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",