auditor-lambda 0.3.39 → 0.3.41

package/dist/providers/subprocessTemplateProvider.js

@@ -1,4 +1,4 @@
-import { readJsonFile } from "../io/json.js";
+import { readJsonFile } from "@audit-tools/shared";
 import { spawnLoggedCommand } from "./spawnLoggedCommand.js";
 function shellQuote(arg) {
     return JSON.stringify(arg);
@@ -25,9 +25,11 @@ function applyTemplate(template, input, task) {
 export class SubprocessTemplateProvider {
     name;
     config;
-    constructor(config, name = "subprocess-template") {
+    opentoken;
+    constructor(config, name = "subprocess-template", opentoken = {}) {
         this.config = config;
         this.name = name;
+        this.opentoken = opentoken;
     }
     async launch(input) {
         const task = await readJsonFile(input.taskPath);
@@ -36,6 +38,9 @@ export class SubprocessTemplateProvider {
         }
         const rendered = this.config.command_template.map((entry) => applyTemplate(entry, input, task));
         const [command, ...args] = rendered;
-        return await spawnLoggedCommand(command, args, input, this.config.env);
+        return await spawnLoggedCommand(command, args, input, this.config.env, {
+            opentoken: this.opentoken.enabled,
+            opentokenCommand: this.opentoken.command,
+        });
     }
 }

package/dist/providers/vscodeTaskProvider.d.ts

@@ -1,8 +1,7 @@
-import type { FreshSessionProvider, LaunchFreshSessionInput } from "./types.js";
-import type { VSCodeTaskConfig } from "../types/sessionConfig.js";
+import type { FreshSessionProvider, LaunchFreshSessionInput, VSCodeTaskConfig, OpenTokenConfig } from "@audit-tools/shared";
 export declare class VSCodeTaskProvider implements FreshSessionProvider {
     name: string;
     private readonly delegate;
-    constructor(config: VSCodeTaskConfig);
-    launch(input: LaunchFreshSessionInput): Promise<import("./types.js").LaunchFreshSessionResult>;
+    constructor(config: VSCodeTaskConfig, opentoken?: OpenTokenConfig);
+    launch(input: LaunchFreshSessionInput): Promise<import("@audit-tools/shared").LaunchFreshSessionResult>;
 }

package/dist/providers/vscodeTaskProvider.js

@@ -2,11 +2,11 @@ import { SubprocessTemplateProvider } from "./subprocessTemplateProvider.js";
 export class VSCodeTaskProvider {
     name = "vscode-task";
     delegate;
-    constructor(config) {
+    constructor(config, opentoken = {}) {
         this.delegate = new SubprocessTemplateProvider({
             command_template: config.command_template,
             env: config.env,
-        }, "vscode-task");
+        }, "vscode-task", opentoken);
     }
     async launch(input) {
         return await this.delegate.launch(input);

package/dist/quota/discoveredLimits.js

@@ -1,6 +1,6 @@
 import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { dirname } from "node:path";
-import { getQuotaStatePath } from "./state.js";
+import { getQuotaStatePath } from "@audit-tools/shared";
 function getCachePath() {
     return getQuotaStatePath().replace(/quota-state\.json$/, "discovered-limits.json");
 }

package/dist/quota/hostLimits.d.ts

@@ -1,5 +1,4 @@
-import type { SessionConfig } from "../types/sessionConfig.js";
-import type { HostConcurrencyLimit } from "./types.js";
+import type { SessionConfig, HostConcurrencyLimit } from "@audit-tools/shared";
 export declare function detectHostActiveSubagentLimit(env?: NodeJS.ProcessEnv): HostConcurrencyLimit | null;
 export declare function resolveHostActiveSubagentLimit(options: {
     explicitLimit?: number | null;

package/dist/quota/hostLimits.js

@@ -1,50 +1,8 @@
-const CODEX_DESKTOP_ACTIVE_SUBAGENT_LIMIT = 6;
-function parsePositiveInteger(value) {
-    if (typeof value === "number") {
-        return Number.isInteger(value) && value > 0 ? value : null;
-    }
-    if (typeof value !== "string")
-        return null;
-    const trimmed = value.trim();
-    if (!/^\d+$/.test(trimmed))
-        return null;
-    const parsed = Number(trimmed);
-    return Number.isSafeInteger(parsed) && parsed > 0 ? parsed : null;
-}
+import { detectHostActiveSubagentLimit as detectShared, resolveHostActiveSubagentLimit as resolveShared, } from "@audit-tools/shared";
+const ENV_PREFIX = "AUDIT_CODE";
 export function detectHostActiveSubagentLimit(env = process.env) {
-    const explicitEnvLimit = parsePositiveInteger(env.AUDIT_CODE_HOST_MAX_ACTIVE_SUBAGENTS ??
-        env.CODEX_MAX_ACTIVE_SUBAGENTS);
-    if (explicitEnvLimit !== null) {
-        return {
-            active_subagents: explicitEnvLimit,
-            source: "environment",
-            description: "Host active subagent limit from environment.",
-        };
-    }
-    if (env.CODEX_INTERNAL_ORIGINATOR_OVERRIDE === "Codex Desktop") {
-        return {
-            active_subagents: CODEX_DESKTOP_ACTIVE_SUBAGENT_LIMIT,
-            source: "environment",
-            description: "Codex Desktop active subagent limit.",
-        };
-    }
-    return null;
+    return detectShared(ENV_PREFIX, env);
 }
 export function resolveHostActiveSubagentLimit(options) {
-    if (options.explicitLimit !== undefined && options.explicitLimit !== null) {
-        return {
-            active_subagents: options.explicitLimit,
-            source: "cli_flags",
-            description: "Host active subagent limit reported by the conversation host.",
-        };
-    }
-    const configuredLimit = parsePositiveInteger(options.sessionConfig.quota?.host_active_subagent_limit);
-    if (configuredLimit !== null) {
-        return {
-            active_subagents: configuredLimit,
-            source: "session_config",
-            description: "Host active subagent limit from session-config quota settings.",
-        };
-    }
-    return detectHostActiveSubagentLimit(options.env);
+    return resolveShared({ envPrefix: ENV_PREFIX, ...options });
 }

package/dist/quota/index.d.ts

@@ -1,25 +1,28 @@
-export { resolveLimits, lookupKnownModel, classifyProvider } from "./limits.js";
-export type { LimitResolutionResult, ResolveLimitsOptions, ProviderType } from "./limits.js";
-export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
-export { readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, } from "./state.js";
+import type { ResolvedLimits as _ResolvedLimits, LimitConfidence as _LimitConfidence, LimitSource as _LimitSource, HostConcurrencyLimit as _HostConcurrencyLimit, QuotaUsageSnapshot as _QuotaUsageSnapshot, BackoffState as _BackoffState } from "@audit-tools/shared";
+export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, } from "@audit-tools/shared";
+export type { LimitResolutionResult, ResolveLimitsOptions, ProviderType, ResolvedLimits, LimitSource, LimitConfidence, HostConcurrencyLimit, HostConcurrencyLimitSource, QuotaState, QuotaStateEntry, ConcurrencyBucket, WaveSchedule, BackoffState, ObservedWaveOutcome, RateLimitDetectionResult, SlidingWindowResult, QuotaSource, QuotaUsageSnapshot, ErrorParser, } from "@audit-tools/shared";
 export { scheduleWave, buildProviderModelKey } from "./scheduler.js";
 export type { ScheduleWaveOptions } from "./scheduler.js";
-export { detectRateLimitError, computeCooldownUntil } from "./errorParsing.js";
-export { acquireLock, releaseLock, withFileLock, FileLockTimeoutError } from "./fileLock.js";
-export { runSlidingWindow } from "./slidingWindow.js";
-export type { SlidingWindowResult } from "./slidingWindow.js";
-export type { RateLimitDetectionResult } from "./errorParsing.js";
+export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
 export { probeProvider } from "./probe.js";
 export type { ProbeResult } from "./probe.js";
-export type { QuotaSource, QuotaUsageSnapshot } from "./quotaSource.js";
-export type { ErrorParser } from "./errorParsers/index.js";
-export { GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider } from "./errorParsers/index.js";
-export { LearnedQuotaSource } from "./learnedQuotaSource.js";
-export { CompositeQuotaSource } from "./compositeQuotaSource.js";
 export { lookupDiscoveredLimits, updateDiscoveredLimits, mergeDiscoveredLimits, readDiscoveredLimitsCache, writeDiscoveredLimitsCache, } from "./discoveredLimits.js";
 export type { DiscoveredRateLimits, DiscoveredLimitsCache, DiscoveredLimitsCacheEntry } from "./discoveredLimits.js";
 export { extractRateLimitHeaders } from "./headerExtraction.js";
 export type { ExtractedRateLimits } from "./headerExtraction.js";
 export type { HeaderExtractor } from "./headerExtractors/index.js";
 export { GenericHeaderExtractor, ClaudeCodeHeaderExtractor, getHeaderExtractorForProvider } from "./headerExtractors/index.js";
-export type { ResolvedLimits, LimitSource, LimitConfidence, HostConcurrencyLimit, HostConcurrencyLimitSource, QuotaState, QuotaStateEntry, ConcurrencyBucket, WaveSchedule, DispatchQuota, ObservedWaveOutcome, } from "./types.js";
+export interface DispatchQuota {
+    contract_version: "audit-code-dispatch-quota/v1alpha1" | "audit-code-dispatch-quota/v1alpha2";
+    run_id: string;
+    model: string | null;
+    resolved_limits: _ResolvedLimits;
+    confidence: _LimitConfidence;
+    source: _LimitSource;
+    host_concurrency_limit: _HostConcurrencyLimit | null;
+    wave_size: number;
+    estimated_wave_tokens: number;
+    cooldown_until: string | null;
+    quota_source_snapshot?: _QuotaUsageSnapshot | null;
+    backoff_state?: _BackoffState | null;
+}

package/dist/quota/index.js

@@ -1,14 +1,9 @@
-export { resolveLimits, lookupKnownModel, classifyProvider } from "./limits.js";
-export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
-export { readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, } from "./state.js";
+// Re-exported from @audit-tools/shared
+export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, } from "@audit-tools/shared";
+// Auditor-specific: local scheduler, probe, discovered limits, header extraction
 export { scheduleWave, buildProviderModelKey } from "./scheduler.js";
-export { detectRateLimitError, computeCooldownUntil } from "./errorParsing.js";
-export { acquireLock, releaseLock, withFileLock, FileLockTimeoutError } from "./fileLock.js";
-export { runSlidingWindow } from "./slidingWindow.js";
+export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
 export { probeProvider } from "./probe.js";
-export { GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider } from "./errorParsers/index.js";
-export { LearnedQuotaSource } from "./learnedQuotaSource.js";
-export { CompositeQuotaSource } from "./compositeQuotaSource.js";
 export { lookupDiscoveredLimits, updateDiscoveredLimits, mergeDiscoveredLimits, readDiscoveredLimitsCache, writeDiscoveredLimitsCache, } from "./discoveredLimits.js";
 export { extractRateLimitHeaders } from "./headerExtraction.js";
 export { GenericHeaderExtractor, ClaudeCodeHeaderExtractor, getHeaderExtractorForProvider } from "./headerExtractors/index.js";

package/dist/quota/scheduler.d.ts

@@ -1,6 +1,4 @@
-import type { ResolvedProviderName, SessionConfig } from "../types/sessionConfig.js";
-import type { HostConcurrencyLimit, QuotaStateEntry, WaveSchedule } from "./types.js";
-import type { QuotaUsageSnapshot } from "./quotaSource.js";
+import type { ResolvedProviderName, SessionConfig, HostConcurrencyLimit, QuotaStateEntry, WaveSchedule, QuotaUsageSnapshot } from "@audit-tools/shared";
 import type { DiscoveredRateLimits } from "./discoveredLimits.js";
 export interface ScheduleWaveOptions {
     providerName: ResolvedProviderName;

package/dist/quota/scheduler.js

@@ -1,5 +1,4 @@
-import { classifyProvider, resolveLimits } from "./limits.js";
-import { computeMaxSafeConcurrency, computeRampUpConcurrency } from "./state.js";
+import { classifyProvider, resolveLimits, computeMaxSafeConcurrency, computeRampUpConcurrency } from "@audit-tools/shared";
 function sumTopN(sorted, n) {
     let sum = 0;
     for (let i = 0; i < Math.min(n, sorted.length); i++)

package/dist/reporting/synthesis.d.ts

@@ -1,8 +1,7 @@
 import type { AuditResult, CoverageMatrix, Finding, UnitManifest } from "../types.js";
 import type { DesignAssessment } from "../types/designAssessment.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { GraphBundle } from "../types/graph.js";
+import type { CriticalFlowManifest, GraphBundle } from "@audit-tools/shared";
 import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
 import { type WorkBlock } from "./workBlocks.js";
 export interface AuditReportSummary {

package/dist/reporting/synthesis.js

@@ -1,3 +1,4 @@
+import { AUDITOR_REPORT_MARKER } from "@audit-tools/shared";
 import { buildWorkBlocks } from "./workBlocks.js";
 import { mergeFindings } from "./mergeFindings.js";
 function countBy(items, selectKey) {
@@ -55,6 +56,7 @@ export function buildAuditReportModel(params) {
 }
 export function renderAuditReportMarkdown(model) {
     const lines = [
+        AUDITOR_REPORT_MARKER,
         "# Audit Report",
         "",
         "## Summary",

package/dist/reporting/workBlocks.d.ts

@@ -1,6 +1,5 @@
 import type { Finding, UnitManifest } from "../types.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { GraphBundle } from "../types/graph.js";
+import type { CriticalFlowManifest, GraphBundle } from "@audit-tools/shared";
 export interface WorkBlock {
     id: string;
     finding_ids: string[];

package/dist/supervisor/operatorHandoff.js

@@ -1,6 +1,6 @@
 import { mkdir, writeFile } from "node:fs/promises";
 import { join } from "node:path";
-import { writeJsonFile } from "../io/json.js";
+import { writeJsonFile } from "@audit-tools/shared";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "../providers/constants.js";
 export const CONFIG_ERROR_BLOCKER_PREFIX = "config-error:";
 const INCOMING_DIRNAME = "incoming";

package/dist/supervisor/runLedger.d.ts

@@ -1,3 +1,3 @@
-import { type RunLedger, type RunLedgerEntry } from "../types/runLedger.js";
+import { type RunLedger, type RunLedgerEntry } from "@audit-tools/shared";
 export declare function loadRunLedger(artifactsDir: string): Promise<RunLedger>;
 export declare function appendRunLedgerEntry(artifactsDir: string, entry: RunLedgerEntry): Promise<void>;

package/dist/supervisor/runLedger.js

@@ -1,8 +1,8 @@
 import { randomUUID } from "node:crypto";
 import { mkdir, open, rename, rm } from "node:fs/promises";
 import { join } from "node:path";
-import { RUN_LEDGER_STATUSES, } from "../types/runLedger.js";
-import { isFileMissingError, readJsonFile, writeJsonFile } from "../io/json.js";
+import { RUN_LEDGER_STATUSES, } from "@audit-tools/shared";
+import { isFileMissingError, readJsonFile, writeJsonFile } from "@audit-tools/shared";
 const RUN_LEDGER_FILENAME = "run-ledger.json";
 const RUN_LEDGER_LOCK_FILENAME = "run-ledger.lock";
 const LOCK_RETRY_DELAY_MS = 20;

package/dist/supervisor/sessionConfig.d.ts

@@ -1,4 +1,4 @@
-import type { SessionConfig } from "../types/sessionConfig.js";
+import { type SessionConfig } from "@audit-tools/shared";
 export declare function getSessionConfigPath(artifactsDir: string): string;
 export declare function readSessionConfigFile(artifactsDir: string): Promise<unknown | undefined>;
 export declare function loadSessionConfig(artifactsDir: string): Promise<SessionConfig>;

package/dist/supervisor/sessionConfig.js

@@ -1,8 +1,6 @@
 import { join } from "node:path";
-import { readOptionalJsonFile } from "../io/json.js";
-import { formatValidationIssues, } from "../validation/basic.js";
+import { readOptionalJsonFile, writeJsonFile, formatValidationIssues, } from "@audit-tools/shared";
 import { validateSessionConfig } from "../validation/sessionConfig.js";
-import { writeJsonFile } from "../io/json.js";
 const SESSION_CONFIG_FILENAME = "session-config.json";
 const DEFAULT_SESSION_CONFIG = { provider: "local-subprocess" };
 export function getSessionConfigPath(artifactsDir) {

package/dist/types/reviewPlanning.d.ts

@@ -1,5 +1,5 @@
 import type { AuditTask, Lens } from "../types.js";
-import type { GraphEdge } from "./graph.js";
+import type { GraphEdge } from "@audit-tools/shared";
 export interface ReviewPacketGraphEdge extends Pick<GraphEdge, "from" | "to" | "kind" | "confidence" | "reason"> {
 }
 export interface ReviewPacketQuality {

package/dist/types/workerSession.d.ts

@@ -1,5 +1,10 @@
 export declare const WORKER_COMMAND_MODES: readonly ["run", "deferred"];
 export type WorkerCommandMode = (typeof WORKER_COMMAND_MODES)[number];
+export interface AccessDeclaration {
+    read_paths: string[];
+    write_paths: string[];
+    forbidden_patterns?: string[];
+}
 /**
  * Worker tasks serialize directly to task.json, so their persisted field names
  * intentionally stay snake_case for consistency across providers and bridges.
@@ -22,5 +27,6 @@ export interface WorkerTask {
     skip_worker_command?: boolean;
     timeout_ms?: number;
     max_retries?: number;
+    access?: AccessDeclaration;
 }
 export declare function usesDeferredWorkerCommand(task: Pick<WorkerTask, "worker_command_mode" | "skip_worker_command">): boolean;

package/dist/validation/artifacts.d.ts

@@ -1,3 +1,3 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
-import { type ValidationIssue } from "./basic.js";
+import { type ValidationIssue } from "@audit-tools/shared";
 export declare function validateArtifactBundle(bundle: ArtifactBundle): ValidationIssue[];

package/dist/validation/artifacts.js

@@ -1,4 +1,4 @@
-import { pushValidationIssue, requireKeys, } from "./basic.js";
+import { pushValidationIssue, requireKeys, } from "@audit-tools/shared";
 function pushIssue(issues, path, message) {
     pushValidationIssue(issues, path, message);
 }

package/dist/validation/auditResults.d.ts

@@ -1,6 +1,7 @@
 import type { AuditTask } from "../types.js";
-import { type ValidationIssue } from "./basic.js";
+import { type ValidationIssue } from "@audit-tools/shared";
 export type IssueSeverity = "error" | "warning";
+export declare function normalizeCoveragePath(path: string): string;
 export interface AuditResultIssue extends ValidationIssue {
     result_index: number;
     task_id: string;

package/dist/validation/auditResults.js

@@ -1,4 +1,7 @@
-import { describeValue, formatValidationIssues, isRecord, } from "./basic.js";
+import { describeValue, formatValidationIssues, isRecord, } from "@audit-tools/shared";
+export function normalizeCoveragePath(path) {
+    return path.replace(/\\/g, "/").replace(/^\.\//, "");
+}
 const REQUIRED_FINDING_FIELDS = [
     "id",
     "title",
@@ -423,6 +426,18 @@ export function validateAuditResults(results, tasks, options = {}) {
                     tasks.map((item) => item.task_id).join(", "),
             });
         }
+        const taskNormMap = new Map();
+        if (task) {
+            for (const fp of task.file_paths) {
+                taskNormMap.set(normalizeCoveragePath(fp), fp);
+            }
+        }
+        const normLineIndex = new Map();
+        if (options.lineIndex) {
+            for (const [k, v] of Object.entries(options.lineIndex)) {
+                normLineIndex.set(normalizeCoveragePath(k), v);
+            }
+        }
         const fileCoverage = result.file_coverage;
         const normalizedFileCoverage = [];
         const declaredAssignedCoveragePaths = new Set();
@@ -447,6 +462,10 @@ export function validateAuditResults(results, tasks, options = {}) {
                     });
                     continue;
                 }
+                const entryNorm = isNonEmptyString(entry.path)
+                    ? normalizeCoveragePath(entry.path)
+                    : "";
+                const canonicalPath = taskNormMap.get(entryNorm);
                 if (!isNonEmptyString(entry.path)) {
                     pushIssue(issues, {
                         result_index: i,
@@ -455,7 +474,7 @@ export function validateAuditResults(results, tasks, options = {}) {
                         message: "file_coverage entry has an empty path.",
                     });
                 }
-                else if (task && !task.file_paths.includes(entry.path)) {
+                else if (task && !canonicalPath) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
@@ -463,7 +482,7 @@ export function validateAuditResults(results, tasks, options = {}) {
                         message: `file_coverage path '${entry.path}' is not listed in the task file_paths.`,
                     });
                 }
-                else if (seenCoveragePaths.has(entry.path)) {
+                else if (seenCoveragePaths.has(entryNorm)) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
@@ -472,11 +491,10 @@ export function validateAuditResults(results, tasks, options = {}) {
                     });
                 }
                 else {
-                    seenCoveragePaths.add(entry.path);
+                    seenCoveragePaths.add(entryNorm);
                 }
-                if (isNonEmptyString(entry.path) &&
-                    (!task || task.file_paths.includes(entry.path))) {
-                    declaredAssignedCoveragePaths.add(entry.path);
+                if (entryNorm.length > 0 && (!task || canonicalPath)) {
+                    declaredAssignedCoveragePaths.add(canonicalPath ?? entryNorm);
                 }
                 if (!Number.isInteger(entry.total_lines)) {
                     pushIssue(issues, {
@@ -495,8 +513,8 @@ export function validateAuditResults(results, tasks, options = {}) {
                         message: "file_coverage total_lines must be zero or greater.",
                     });
                 }
-                const expectedLineCount = typeof entry.path === "string"
-                    ? options.lineIndex?.[entry.path]
+                const expectedLineCount = entryNorm.length > 0
+                    ? normLineIndex.get(entryNorm)
                     : undefined;
                 if (Number.isInteger(entry.total_lines) &&
                     typeof expectedLineCount === "number" &&
@@ -509,19 +527,19 @@ export function validateAuditResults(results, tasks, options = {}) {
                             `(expected ${expectedLineCount}, got ${entry.total_lines}).`,
                     });
                 }
-                if (isNonEmptyString(entry.path) &&
+                if (entryNorm.length > 0 &&
                     Number.isInteger(entry.total_lines) &&
                     Number(entry.total_lines) >= 0 &&
-                    (!task || task.file_paths.includes(entry.path))) {
+                    (!task || canonicalPath)) {
                     normalizedFileCoverage.push({
-                        path: entry.path,
+                        path: canonicalPath ?? entryNorm,
                         total_lines: Number(entry.total_lines),
                     });
                 }
             }
             if (task) {
                 for (const path of task.file_paths) {
-                    if (!seenCoveragePaths.has(path)) {
+                    if (!seenCoveragePaths.has(normalizeCoveragePath(path))) {
                         pushIssue(issues, {
                             result_index: i,
                             task_id: taskId,

package/dist/validation/sessionConfig.d.ts

@@ -1,8 +1,7 @@
-import { type SessionConfig } from "../types/sessionConfig.js";
-import { type ValidationIssue } from "./basic.js";
+import { type SessionConfig, type ValidationIssue } from "@audit-tools/shared";
 export declare function validateSessionConfig(value: unknown): ValidationIssue[];
 export declare function validateConfiguredProviderEnvironment(sessionConfig: SessionConfig, options?: {
     commandExists?: (command: string) => boolean;
     pathExists?: (commandPath: string) => boolean;
 }): ValidationIssue[];
-export { formatValidationIssues } from "./basic.js";
+export { formatValidationIssues } from "@audit-tools/shared";

package/dist/validation/sessionConfig.js

@@ -1,7 +1,6 @@
 import { spawnSync } from "node:child_process";
 import { accessSync, constants } from "node:fs";
-import { PROVIDER_NAMES, SESSION_UI_MODES, } from "../types/sessionConfig.js";
-import { isRecord, pushValidationIssue, } from "./basic.js";
+import { PROVIDER_NAMES, SESSION_UI_MODES, isRecord, pushValidationIssue, } from "@audit-tools/shared";
 const VALID_PROVIDERS = new Set(PROVIDER_NAMES);
 const VALID_UI_MODES = new Set(SESSION_UI_MODES);
 function pushIssue(issues, path, message) {
@@ -192,4 +191,4 @@ export function validateConfiguredProviderEnvironment(sessionConfig, options = {
     }
     return issues;
 }
-export { formatValidationIssues } from "./basic.js";
+export { formatValidationIssues } from "@audit-tools/shared";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.39",
+  "version": "0.3.41",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",
@@ -34,7 +34,6 @@
     "smoke:linked-audit-code": "node scripts/smoke-linked-audit-code.mjs",
     "smoke:packaged-audit-code": "node scripts/smoke-packaged-audit-code.mjs",
     "prepack": "npm run build",
-    "prepare": "npm run build",
     "prepublishOnly": "npm run verify:release",
     "start": "node dist/index.js",
     "audit-code": "node audit-code.mjs",
@@ -65,6 +64,9 @@
     "orchestration",
     "agents"
   ],
+  "dependencies": {
+    "@audit-tools/shared": "*"
+  },
   "devDependencies": {
     "@types/node": "^24.3.0",
     "ajv": "^8.17.1",

package/scripts/postinstall.mjs

@@ -80,7 +80,6 @@ const OPENCODE_AUDIT_BASH_PERMISSION = {
   'git status*': 'allow',
   'git diff*': 'allow',
   'grep *': 'allow',
-  'Select-String *': 'allow',
   'rm *': 'deny',
 };
 

package/dist/io/json.d.ts

@@ -1,10 +0,0 @@
-export declare function isFileMissingError(error: unknown): boolean;
-export declare function readJsonFile<T>(path: string): Promise<T>;
-export declare function writeJsonFile(path: string, value: unknown): Promise<void>;
-export declare function appendNdjsonFile(path: string, value: unknown): Promise<void>;
-export declare function readNdjsonFile<T>(path: string): Promise<T[]>;
-export declare function readOptionalJsonFile<T>(path: string): Promise<T | undefined>;
-export declare function readOptionalNdjsonFile<T>(path: string): Promise<T[] | undefined>;
-export declare function writeNdjsonFile(path: string, values: unknown[]): Promise<void>;
-export declare function readOptionalTextFile(path: string): Promise<string | undefined>;
-export declare function writeTextFile(path: string, value: string): Promise<void>;