auditor-lambda 0.3.4 → 0.3.5

package/dist/orchestrator/fileAnchors.js

@@ -0,0 +1,217 @@
+const MAX_ANCHORS = 160;
+const KEYWORD_PATTERN = /\b(auth|token|password|secret|permission|role|sql|query|exec|spawn|eval|deserialize|encrypt|decrypt|cache|retry|timeout|transaction|lock|race|TODO|FIXME)\b/i;
+const SYMBOL_PATTERNS = [
+    {
+        kind: "import",
+        pattern: /^\s*import\s+(?:type\s+)?(?:[^"'()]*?\s+from\s+)?["']([^"']+)["']/,
+        label: "import",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?(?:async\s+)?function\s+([A-Za-z_$][\w$]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?class\s+([A-Za-z_$][\w$]*)\b/,
+        label: "class",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?interface\s+([A-Za-z_$][\w$]*)\b/,
+        label: "interface",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?type\s+([A-Za-z_$][\w$]*)\b/,
+        label: "type",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?(?:const|let|var)\s+([A-Za-z_$][\w$]*)\b/,
+        label: "binding",
+    },
+    {
+        kind: "export",
+        pattern: /^\s*export\s+(?:type\s+)?(?:[^"'()]*?\s+from\s+["']([^"']+)["']|(?:default\s+)?(?:async\s+)?(?:function|class|const|let|var|interface|type)\s+([A-Za-z_$][\w$-]*))/,
+        label: "export",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?def\s+([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:export\s+)?func\s+(?:\([^)]+\)\s*)?([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "symbol",
+        pattern: /^\s*(?:pub\s+)?fn\s+([A-Za-z_][\w]*)\b/,
+        label: "function",
+    },
+    {
+        kind: "route",
+        pattern: /\b(?:app|router|server)\s*\.\s*(get|post|put|patch|delete|use)\s*\(/i,
+        label: "route",
+    },
+    {
+        kind: "route",
+        pattern: /^\s*@(?:Get|Post|Put|Patch|Delete|Route|Controller)\b/,
+        label: "route",
+    },
+];
+function normalizePath(path) {
+    return path.replace(/\\/g, "/").replace(/^\.\//, "");
+}
+function truncate(value, maxLength) {
+    const normalized = value.replace(/\s+/g, " ").trim();
+    return normalized.length > maxLength
+        ? `${normalized.slice(0, maxLength - 3)}...`
+        : normalized;
+}
+function addAnchor(anchors, seen, anchor) {
+    const key = `${anchor.kind}\0${anchor.line ?? ""}\0${anchor.name}\0${anchor.detail ?? ""}`;
+    if (seen.has(key)) {
+        return;
+    }
+    seen.add(key);
+    anchors.push(anchor);
+}
+function collectGraphEdges(graphBundle, path) {
+    if (!graphBundle?.graphs) {
+        return [];
+    }
+    const normalizedPath = normalizePath(path).toLowerCase();
+    const edges = [];
+    for (const key of ["imports", "calls", "references"]) {
+        const raw = graphBundle.graphs[key];
+        if (!Array.isArray(raw)) {
+            continue;
+        }
+        for (const item of raw) {
+            const record = item;
+            if (item &&
+                typeof item === "object" &&
+                !Array.isArray(item) &&
+                typeof record.from === "string" &&
+                typeof record.to === "string") {
+                const from = normalizePath(record.from).toLowerCase();
+                const to = normalizePath(record.to).toLowerCase();
+                if (from === normalizedPath || to === normalizedPath) {
+                    edges.push({
+                        from: record.from,
+                        to: record.to,
+                        kind: typeof record.kind === "string" ? record.kind : key,
+                    });
+                }
+            }
+        }
+    }
+    return edges.sort((a, b) => (a.kind ?? "").localeCompare(b.kind ?? "") ||
+        a.from.localeCompare(b.from) ||
+        a.to.localeCompare(b.to));
+}
+export function buildFileAnchorSummary(params) {
+    const anchors = [];
+    const seen = new Set();
+    const path = normalizePath(params.path);
+    const lines = params.content.split(/\r?\n/);
+    let symbolCount = 0;
+    let routeCount = 0;
+    let keywordCount = 0;
+    addAnchor(anchors, seen, {
+        kind: "boundary",
+        name: "file_start",
+        line: 1,
+        detail: "Start of isolated large-file review boundary.",
+    });
+    if (params.totalLines > 1) {
+        addAnchor(anchors, seen, {
+            kind: "boundary",
+            name: "file_end",
+            line: params.totalLines,
+            detail: "End of isolated large-file review boundary.",
+        });
+    }
+    lines.forEach((line, index) => {
+        const lineNumber = index + 1;
+        for (const { kind, pattern, label } of SYMBOL_PATTERNS) {
+            const match = line.match(pattern);
+            if (!match) {
+                continue;
+            }
+            const name = match.slice(1).find((value) => value && value.trim().length > 0) ?? label;
+            if (kind === "route") {
+                routeCount += 1;
+            }
+            else if (kind === "symbol") {
+                symbolCount += 1;
+            }
+            addAnchor(anchors, seen, {
+                kind,
+                name: truncate(name, 80),
+                line: lineNumber,
+                detail: truncate(`${label}: ${line}`, 180),
+            });
+            break;
+        }
+        if (KEYWORD_PATTERN.test(line)) {
+            keywordCount += 1;
+            addAnchor(anchors, seen, {
+                kind: "keyword",
+                name: truncate(line.match(KEYWORD_PATTERN)?.[1] ?? "keyword", 80),
+                line: lineNumber,
+                detail: truncate(line, 180),
+            });
+        }
+    });
+    const graphEdges = collectGraphEdges(params.graphBundle, path);
+    for (const edge of graphEdges) {
+        addAnchor(anchors, seen, {
+            kind: "graph",
+            name: edge.kind ?? "edge",
+            detail: normalizePath(edge.from).toLowerCase() === path.toLowerCase()
+                ? `outbound: ${edge.to}`
+                : `inbound: ${edge.from}`,
+        });
+    }
+    const analyzerSignals = (params.externalAnalyzerResults?.results ?? [])
+        .filter((result) => normalizePath(result.path).toLowerCase() === path.toLowerCase())
+        .sort((a, b) => (a.line_start ?? 0) - (b.line_start ?? 0) ||
+        a.id.localeCompare(b.id));
+    for (const signal of analyzerSignals) {
+        addAnchor(anchors, seen, {
+            kind: "analyzer_signal",
+            name: truncate(signal.rule ?? signal.category, 80),
+            line: signal.line_start,
+            detail: truncate(signal.summary, 180),
+        });
+    }
+    const sorted = anchors.sort((a, b) => (a.line ?? Number.MAX_SAFE_INTEGER) - (b.line ?? Number.MAX_SAFE_INTEGER) ||
+        a.kind.localeCompare(b.kind) ||
+        a.name.localeCompare(b.name));
+    const boundedAnchors = sorted.slice(0, MAX_ANCHORS);
+    return {
+        contract_version: "audit-code-file-anchors/v1alpha1",
+        path,
+        total_lines: params.totalLines,
+        review_mode: "isolated_large_file",
+        scope_basis: [
+            "single assigned file",
+            "single review packet",
+            "mechanically extracted symbols, routes, graph edges, keywords, and analyzer signals",
+            "backend-owned submit-packet result write path",
+        ],
+        anchors: boundedAnchors,
+        omitted_anchor_count: Math.max(0, sorted.length - boundedAnchors.length),
+        counts: {
+            symbols: symbolCount,
+            routes: routeCount,
+            keywords: keywordCount,
+            graph_edges: graphEdges.length,
+            analyzer_signals: analyzerSignals.length,
+        },
+    };
+}

package/dist/orchestrator/reviewPackets.js

@@ -105,6 +105,16 @@ function chunkPacketTasks(tasks, options) {
     const chunks = [];
     let current = [];
     for (const task of tasks.sort(compareTasksForPacket)) {
+        const isolatedLargeFileTask = task.file_paths.length === 1 &&
+            taskLineCount(task, options.lineIndex) > options.targetPacketLines;
+        if (isolatedLargeFileTask) {
+            if (current.length > 0) {
+                chunks.push(current);
+                current = [];
+            }
+            chunks.push([task]);
+            continue;
+        }
         const candidate = [...current, task];
         const uniquePaths = new Set(candidate.flatMap((item) => item.file_paths));
         const candidateLines = [...uniquePaths].reduce((sum, path) => {

package/dist/providers/claudeCodeProvider.js

@@ -21,7 +21,9 @@ export class ClaudeCodeProvider {
             "-p",
             prompt,
             ...(this.config.extra_args ?? []),
-            "--dangerously-skip-permissions",
+            ...(this.config.dangerously_skip_permissions
+                ? ["--dangerously-skip-permissions"]
+                : []),
         ];
         return await this.launchCommand(command, args, input);
     }

package/dist/providers/index.js

@@ -9,7 +9,8 @@ function hasEntries(values) {
 }
 function hasConfiguredClaudeCode(sessionConfig) {
     return (Boolean(sessionConfig.claude_code?.command?.trim()) ||
-        hasEntries(sessionConfig.claude_code?.extra_args));
+        hasEntries(sessionConfig.claude_code?.extra_args) ||
+        sessionConfig.claude_code?.dangerously_skip_permissions === true);
 }
 function hasConfiguredOpenCode(sessionConfig) {
     return (Boolean(sessionConfig.opencode?.command?.trim()) ||

package/dist/supervisor/operatorHandoff.js

@@ -69,13 +69,7 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError, activeReviewR
         return [];
     }
     if (activeReviewRun) {
-        return [
-            {
-                flag: "--results",
-                suggested_path: activeReviewRun.audit_results_path,
-                description: "Write structured audit-review results for the currently dispatched run, then execute the exact worker command below to ingest them.",
-            },
-        ];
+        return [];
     }
     const incomingDir = join(artifactsDir, INCOMING_DIRNAME);
     return [
@@ -101,12 +95,21 @@ function buildSuggestedInputs(artifactsDir, status, isConfigError, activeReviewR
         },
     ];
 }
-function buildSuggestedCommands(suggestedInputs, status, activeReviewRun) {
+function buildSuggestedCommands(artifactsDir, suggestedInputs, status, activeReviewRun) {
     if (status !== BLOCKED_STATUS) {
         return [];
     }
     if (activeReviewRun) {
-        return [renderShellCommand(activeReviewRun.worker_command)];
+        return [
+            renderShellCommand([
+                "audit-code",
+                "prepare-dispatch",
+                "--run-id",
+                activeReviewRun.run_id,
+                "--artifacts-dir",
+                artifactsDir,
+            ]),
+        ];
     }
     return suggestedInputs.map((item) => `audit-code ${item.flag} ${quoteShellPath(item.suggested_path)}`);
 }
@@ -216,17 +219,25 @@ export function buildAuditCodeHandoff(params) {
         summary: buildSummary(params.state.status, params.providerName ?? null, params.progressSummary),
         pending_obligations: buildPendingObligations(params.state),
         suggested_inputs: suggestedInputs,
-        suggested_commands: buildSuggestedCommands(suggestedInputs, params.state.status, params.activeReviewRun),
+        suggested_commands: buildSuggestedCommands(params.artifactsDir, suggestedInputs, params.state.status, params.activeReviewRun),
         interactive_provider_hint: buildInteractiveProviderHint(params.state.status, params.providerName ?? null, artifactPaths.session_config, isConfigError),
         artifact_paths: artifactPaths,
         active_review_run: params.activeReviewRun,
     };
     // Add quick_start command and file map when blocked for review
     if (params.state.status === BLOCKED_STATUS && params.activeReviewRun) {
-        handoff.quick_start = `audit-code worker-run --task ${params.activeReviewRun.task_path}`;
+        handoff.quick_start = renderShellCommand([
+            "audit-code",
+            "prepare-dispatch",
+            "--run-id",
+            params.activeReviewRun.run_id,
+            "--artifacts-dir",
+            params.artifactsDir,
+        ]);
         handoff.file_map = {
             current_task: artifactPaths.current_task,
             current_prompt: artifactPaths.current_prompt,
+            dispatch_plan: join(params.artifactsDir, "runs", params.activeReviewRun.run_id, "dispatch-plan.json"),
             audit_results: params.activeReviewRun.audit_results_path,
             final_report: join(params.root, "audit-report.md"),
         };

package/dist/types/sessionConfig.d.ts

@@ -10,6 +10,7 @@ export interface SubprocessTemplateConfig {
 export interface ClaudeCodeConfig {
     command?: string;
     extra_args?: string[];
+    dangerously_skip_permissions?: boolean;
 }
 export interface OpenCodeConfig {
     command?: string;

package/dist/validation/auditResults.js

@@ -57,6 +57,20 @@ function validateRequiredStringField(value, label, taskId, resultIndex, issues)
         });
     }
 }
+function validateExpectedStringField(value, label, expected, taskId, resultIndex, issues) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        return;
+    }
+    if (value !== expected) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: label,
+            message: `${label} must match the assigned task metadata ` +
+                `(expected '${expected}', got '${value}').`,
+        });
+    }
+}
 function validateFinding(finding, label, taskId, resultIndex) {
     const issues = [];
     if (!isRecord(finding)) {
@@ -237,6 +251,11 @@ export function validateAuditResults(results, tasks, options = {}) {
                 message: `Invalid lens '${result.lens}'. Must be one of: ${[...VALID_LENSES].join(", ")}.`,
             });
         }
+        if (task) {
+            validateExpectedStringField(result.unit_id, "unit_id", task.unit_id, taskId, i, issues);
+            validateExpectedStringField(result.pass_id, "pass_id", task.pass_id, taskId, i, issues);
+            validateExpectedStringField(result.lens, "lens", task.lens, taskId, i, issues);
+        }
         if (tasks.length > 0 && !task) {
             pushIssue(issues, {
                 result_index: i,
@@ -248,6 +267,7 @@ export function validateAuditResults(results, tasks, options = {}) {
         }
         const fileCoverage = result.file_coverage;
         const normalizedFileCoverage = [];
+        const declaredAssignedCoveragePaths = new Set();
         if (!Array.isArray(fileCoverage) || fileCoverage.length === 0) {
             pushIssue(issues, {
                 result_index: i,
@@ -281,7 +301,6 @@ export function validateAuditResults(results, tasks, options = {}) {
                     pushIssue(issues, {
                         result_index: i,
                         task_id: taskId,
-                        severity: "warning",
                         field: `file_coverage[${j}].path`,
                         message: `file_coverage path '${entry.path}' is not listed in the task file_paths.`,
                     });
@@ -297,6 +316,10 @@ export function validateAuditResults(results, tasks, options = {}) {
                 else {
                     seenCoveragePaths.add(entry.path);
                 }
+                if (isNonEmptyString(entry.path) &&
+                    (!task || task.file_paths.includes(entry.path))) {
+                    declaredAssignedCoveragePaths.add(entry.path);
+                }
                 if (!Number.isInteger(entry.total_lines)) {
                     pushIssue(issues, {
                         result_index: i,
@@ -330,7 +353,8 @@ export function validateAuditResults(results, tasks, options = {}) {
                 }
                 if (isNonEmptyString(entry.path) &&
                     Number.isInteger(entry.total_lines) &&
-                    Number(entry.total_lines) >= 0) {
+                    Number(entry.total_lines) >= 0 &&
+                    (!task || task.file_paths.includes(entry.path))) {
                     normalizedFileCoverage.push({
                         path: entry.path,
                         total_lines: Number(entry.total_lines),
@@ -367,11 +391,35 @@ export function validateAuditResults(results, tasks, options = {}) {
             if (!isRecord(finding) || !Array.isArray(finding.affected_files)) {
                 continue;
             }
+            const expectedFindingLens = task?.lens ??
+                (typeof result.lens === "string" && VALID_LENSES.has(result.lens)
+                    ? result.lens
+                    : undefined);
+            if (expectedFindingLens &&
+                typeof finding.lens === "string" &&
+                finding.lens !== expectedFindingLens) {
+                pushIssue(issues, {
+                    result_index: i,
+                    task_id: taskId,
+                    field: `${label}.lens`,
+                    message: `${label}.lens must match the assigned task lens ` +
+                        `(expected '${expectedFindingLens}', got '${finding.lens}').`,
+                });
+            }
             for (let k = 0; k < finding.affected_files.length; k++) {
                 const affected = finding.affected_files[k];
                 if (!isRecord(affected) || !isNonEmptyString(affected.path)) {
                     continue;
                 }
+                if (!declaredAssignedCoveragePaths.has(affected.path)) {
+                    pushIssue(issues, {
+                        result_index: i,
+                        task_id: taskId,
+                        field: `${label}.affected_files[${k}].path`,
+                        message: `affected_files path '${affected.path}' is not in the declared assigned file_coverage.`,
+                    });
+                    continue;
+                }
                 if (!Number.isInteger(affected.line_start)) {
                     continue;
                 }

package/dist/validation/sessionConfig.js

@@ -74,6 +74,11 @@ function validateAgentProviderSection(value, path, issues) {
     if (value.extra_args !== undefined) {
         validateStringArray(value.extra_args, `${path}.extra_args`, "extra_args", issues, { allowEmptyArray: true });
     }
+    if (path === "claude_code" &&
+        value.dangerously_skip_permissions !== undefined &&
+        typeof value.dangerously_skip_permissions !== "boolean") {
+        pushIssue(issues, `${path}.dangerously_skip_permissions`, "dangerously_skip_permissions must be a boolean when provided.");
+    }
 }
 function commandExists(command) {
     const lookupCommand = process.platform === "win32" ? "where" : "which";

package/docs/agent-integrations.md

@@ -277,4 +277,7 @@ For a polished operator experience today:
 4. prefer `local-subprocess` unless you explicitly want a backend provider bridge
 5. use `subprocess-template` only when integrating a non-native editor or launcher surface
 
-If you intentionally want the backend fallback to bridge semantic review into another process, re-run with an explicit `--provider` flag after configuring the matching section in `.audit-artifacts/session-config.json`.
+If you intentionally want the backend fallback to bridge semantic review into
+another process, set the matching provider in
+`.audit-artifacts/session-config.json` or re-run with an explicit `--provider`
+flag after configuring the matching provider section.

package/docs/contract.md

@@ -25,7 +25,10 @@ Workers submit `AuditResult[]` shaped by `schemas/audit_result.schema.json`.
 Important rules:
 
 - `file_coverage` is required and must include every assigned file.
+- `file_coverage` must not include files outside the assigned task.
 - `file_coverage[].total_lines` must match the current file line count.
+- `task_id`, `unit_id`, `pass_id`, and `lens` must match the assigned task.
+- each finding lens must match the assigned task lens.
 - `findings[].affected_files` must be objects, not strings.
 - `findings[].evidence` must be an array of plain strings.
 

package/docs/dispatch-implementation-plan.md

@@ -3,8 +3,8 @@
 This document describes the implemented review-dispatch path for `/audit-code`.
 The original dispatch plan was one agent per audit task. The current path keeps
 the existing `AuditTask` and `AuditResult` contracts, but groups related tasks
-into review packets so a worker can read a coherent file set once and produce
-one validated result file for each assigned task.
+into review packets so a worker can read a coherent file set once and submit
+one validated result for each assigned task through a backend-owned write path.
 
 ## Current Workflow
 
@@ -15,15 +15,16 @@ one validated result file for each assigned task.
 
 2. audit-code prepare-dispatch --run-id <run_id> --artifacts-dir <artifacts_dir>
    -> reads pending-audit-tasks.json and review planning artifacts
-   -> writes dispatch-plan.json
+   -> writes a slim dispatch-plan.json
+   -> writes backend-owned dispatch-result-map.json
    -> writes one packet prompt per dispatch-plan entry
    -> prints one compact JSON envelope
 
 3. Conversation orchestrator reads only dispatch-plan.json
    -> launches one subagent per packet
    -> each subagent reads its packet prompt and assigned files
-   -> each subagent writes one task-results/<task_id>.json per underlying task
-   -> each subagent runs the validation commands in the prompt
+   -> each subagent pipes AuditResult[] to the submit-packet command in the prompt
+   -> submit-packet validates and writes only backend-assigned result files
    -> each subagent replies: valid: <packet_id>, findings=<n>
 
 4. audit-code merge-and-ingest --run-id <run_id> --artifacts-dir <artifacts_dir>
@@ -62,6 +63,7 @@ Packet planning is deterministic and compatibility-preserving:
 - graph edges from imports, calls, and references can merge related task groups
 - heuristic container edges do not force packet expansion
 - packet chunking respects task-count and line-budget limits
+- a single file that exceeds the packet target is isolated rather than split
 - high-priority packets sort ahead of lower-priority packets
 
 Generated packets include:
@@ -88,7 +90,10 @@ audit-code prepare-dispatch --run-id <run_id> --artifacts-dir <artifacts_dir>
 Artifacts:
 
 - `<artifacts_dir>/runs/<run_id>/dispatch-plan.json`
+- `<artifacts_dir>/runs/<run_id>/dispatch-result-map.json`
 - `<artifacts_dir>/runs/<run_id>/task-results/<packet_id>.prompt.md`
+- `<artifacts_dir>/runs/<run_id>/task-results/<packet_id>.anchors.json`,
+  only for isolated large-file packets
 - `<artifacts_dir>/runs/<run_id>/dispatch-warnings.json`, only when warnings
   exist
 
@@ -115,18 +120,8 @@ The command prints a compact JSON envelope:
 ```json
 {
   "packet_id": "src-auth:security-correctness:packet-1-...",
-  "task_id": "src-auth:security-correctness:packet-1-...",
-  "task_ids": ["src-auth:security", "src-auth:correctness"],
   "description": "Audit 2 file(s), 2 task(s), 2 lens(es) (~70 lines)",
-  "output_paths": {
-    "src-auth:security": ".audit-artifacts/runs/run-1/task-results/src-auth_security.json",
-    "src-auth:correctness": ".audit-artifacts/runs/run-1/task-results/src-auth_correctness.json"
-  },
-  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1.prompt.md",
-  "lenses": ["security", "correctness"],
-  "file_paths": ["src/api/auth.ts", "src/lib/session.ts"],
-  "total_lines": 70,
-  "estimated_tokens": 1180
+  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1_ab12cd34ef56.prompt.md"
 }
 ```
 
@@ -134,6 +129,27 @@ The orchestrator should launch one subagent per entry with the entry
 description and a prompt that tells the subagent to read and follow
 `entry.prompt_path`.
 
+## Large File Mode
+
+The workflow does not impose a hard single-file size limit. When a packet is
+large because it contains one large file, `prepare-dispatch` keeps that file in
+an isolated packet and writes a mechanical anchor summary next to the packet
+prompt. The anchor summary may include:
+
+- file boundaries
+- imports and exports
+- top-level symbols
+- route-like declarations
+- risk keywords
+- graph edges
+- external analyzer signals
+
+The packet prompt points the worker at the anchor file and asks for targeted
+reads/searches within the assigned file. The backend still validates and writes
+results through `submit-packet`. This keeps large-file review bounded by
+mechanically generated structure without slicing files into arbitrary line
+ranges.
+
 ## Packet Prompt Contract
 
 Each packet prompt tells the worker to:
@@ -141,20 +157,31 @@ Each packet prompt tells the worker to:
 - review the packet once
 - read only the listed repo-relative files
 - produce one JSON object per listed task
-- write each object to that task's exact `output_path`
+- pipe one JSON array to the prompt's `submit-packet` command
 - preserve the existing `AuditResult` fields:
   `task_id`, `unit_id`, `pass_id`, `lens`, `file_coverage`, `findings`
 - keep `file_coverage[]` as `{ path, total_lines }`
 - keep every finding lens equal to the task lens
-- avoid source edits, remediation, extra task results, and unrelated audits
-- run the generated validation command for every task result
-- reply exactly `valid: <packet_id>, findings=<total finding count>` after all
-  validation commands pass
+- avoid direct file writes, source edits, remediation, extra task results, and
+  unrelated audits
+- reply exactly `valid: <packet_id>, findings=<total finding count>` after the
+  submit command accepts the packet
 
 This keeps packet review efficient while leaving merge and ingestion
 mechanically deterministic.
 
-## Validation
+## Submission and Validation
+
+Packet submission is exposed through:
+
+```bash
+audit-code submit-packet --run-id <run_id> --packet-id <packet_id> --artifacts-dir <artifacts_dir>
+```
+
+The command reads `AuditResult[]` from stdin, validates the complete assigned
+packet, and writes only the backend-assigned per-task result paths from
+`dispatch-result-map.json`. This keeps result writes out of the LLM prompt and
+prevents swapped or unknown task result files from being ingested.
 
 Per-task validation is exposed through:
 
@@ -162,6 +189,10 @@ Per-task validation is exposed through:
 audit-code validate-result --run-id <run_id> --task-id <task_id> --artifacts-dir <artifacts_dir>
 ```
 
+Generated packet prompts may pass run ids, packet ids, task ids, and artifact paths through
+base64url flags such as `--run-id-b64`, `--packet-id-b64`, `--task-id-b64`, and
+`--artifacts-dir-b64` when raw values could contain shell-sensitive characters.
+
 The validator checks the result against the assigned task set and enforces the
 mechanical constraints that matter for ingestion:
 
@@ -171,7 +202,7 @@ mechanical constraints that matter for ingestion:
 - line spans do not exceed known `total_lines`
 - result fields conform to the shipped schemas
 
-Workers should retry invalid JSON up to the bounded retry count in the prompt.
+Workers should retry rejected submissions up to the bounded retry count in the prompt.
 
 ## `merge-and-ingest` Output
 
@@ -183,7 +214,9 @@ audit-code merge-and-ingest --run-id <run_id> --artifacts-dir <artifacts_dir>
 
 Merge behavior:
 
-- validates every JSON file under `task-results/`
+- validates every backend-assigned result-map path
+- rejects unexpected JSON files under `task-results/`
+- rejects task IDs that appear in the wrong assigned result path
 - rejects duplicate task results
 - rejects unknown task IDs
 - rejects missing assigned task results

package/docs/run-flow.md

@@ -14,11 +14,13 @@ This document describes the backend execution flow that supports that conversati
 4. Build `review_packets.json` and `audit_plan_metrics.json` from those tasks.
 5. Stop at semantic review with an active run handoff.
 6. `prepare-dispatch` writes a small run-scoped `dispatch-plan.json` and one
-   prompt per review packet.
+   prompt per review packet, plus a backend-owned result map.
+   Isolated large-file packets also get mechanical anchor summaries for
+   targeted review.
 7. The active conversation orchestrator launches one bounded subagent per
    packet when the host supports subagents.
-8. Each subagent writes one validated `AuditResult` JSON object per underlying
-   task.
+8. Each subagent pipes `AuditResult[]` to the packet's `submit-packet` command;
+   the backend validates and writes assigned result files.
 9. `merge-and-ingest` validates the full assigned task set and ingests the
    existing `AuditResult[]` shape.
 10. Result ingestion updates coverage, requeue, runtime-validation state, and