auditor-lambda 0.3.40 → 0.5.0

package/dist/orchestrator/reviewPackets.js

@@ -1,22 +1,70 @@
 import { createHash } from "node:crypto";
-import { LENS_ORDER } from "./unitBuilder.js";
+import { estimateTokensFromBytes, isRecord } from "@audit-tools/shared";
+import { LENS_ORDER, priorityRank, sortLenses } from "./auditTaskUtils.js";
+import { UnionFind } from "./unionFind.js";
 const DEFAULT_MAX_TASKS_PER_PACKET = 0;
 const DEFAULT_TARGET_PACKET_LINES = 8000;
 export const ESTIMATED_TOKENS_PER_LINE = 4;
 export const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
-export function estimateTaskGroupTokens(tasks) {
-    let totalLines = 0;
+// Default per-packet content-token budget. Kept equal to the legacy
+// line-target × per-line estimate so byte-derived sizing lands on the same
+// thresholds as the old line-based sizing when the line fallback is in effect.
+const DEFAULT_TARGET_PACKET_TOKENS = DEFAULT_TARGET_PACKET_LINES * ESTIMATED_TOKENS_PER_LINE;
+/**
+ * Build a path → size_bytes index from a repo manifest. Byte counts are
+ * recorded during intake, so this never reads files. Review packet token
+ * estimates are derived from these bytes (Phase 2) instead of counted lines.
+ */
+export function sizeIndexFromManifest(repoManifest) {
+    if (!repoManifest)
+        return {};
+    return Object.fromEntries(repoManifest.files.map((file) => [file.path, file.size_bytes]));
+}
+/**
+ * Estimated content tokens for a single file. Prefers a byte-based estimate
+ * from `sizeIndex` (sourced from the repo manifest); falls back to the legacy
+ * line-based estimate when no positive byte count is available (e.g. manually
+ * built tasks in tests, or paths absent from the manifest).
+ */
+function pathContentTokens(owner, path, sizeIndex, lineIndex) {
+    const bytes = sizeIndex?.[path];
+    if (typeof bytes === "number" && bytes > 0) {
+        return estimateTokensFromBytes(bytes);
+    }
+    const lines = owner?.file_line_counts?.[path] ?? lineIndex?.[path] ?? 0;
+    return lines * ESTIMATED_TOKENS_PER_LINE;
+}
+/** Estimated content tokens for one task across all of its files. */
+function taskContentTokens(task, sizeIndex, lineIndex) {
+    return task.file_paths.reduce((sum, path) => sum + pathContentTokens(task, path, sizeIndex, lineIndex), 0);
+}
+/**
+ * Estimated content tokens across a set of file paths, resolving an owning task
+ * per path so the line fallback can read its `file_line_counts`. Shared files
+ * are counted once.
+ */
+function fileGroupContentTokens(filePaths, tasks, sizeIndex, lineIndex) {
+    let total = 0;
+    for (const path of filePaths) {
+        const owner = tasks.find((task) => task.file_paths.includes(path));
+        total += pathContentTokens(owner, path, sizeIndex, lineIndex);
+    }
+    return total;
+}
+export function estimateTaskGroupTokens(tasks, sizeIndex, lineIndex) {
+    let contentTokens = 0;
     for (const task of tasks) {
-        if (task.file_line_counts) {
-            for (const count of Object.values(task.file_line_counts)) {
-                totalLines += count;
-            }
-        }
+        contentTokens += taskContentTokens(task, sizeIndex, lineIndex);
     }
-    return ESTIMATED_PACKET_PROMPT_TOKENS + totalLines * ESTIMATED_TOKENS_PER_LINE;
+    return ESTIMATED_PACKET_PROMPT_TOKENS + contentTokens;
 }
 const PACKET_EXPANSION_MIN_CONFIDENCE = 0.65;
-const HIGH_FAN_DEGREE_THRESHOLD = 12;
+/**
+ * Fan-in / fan-out degree above which a node is treated as a hub. Exported so
+ * the Phase 3 delta-scope expansion skips the same hubs that packet planning
+ * skips, preventing scope blow-up through highly-connected modules.
+ */
+export const HIGH_FAN_DEGREE_THRESHOLD = 12;
 const HIGH_FAN_EXPANSION_CONFIDENCE = 0.99;
 const MAX_PACKET_KEY_EDGES = 8;
 const MAX_PACKET_BOUNDARY_FILES = 12;
@@ -57,24 +105,9 @@ const BROAD_ANALYZER_OWNERSHIP_ROOTS = new Set([
     "spec",
     "specs",
 ]);
-function priorityRank(priority) {
-    switch (priority) {
-        case "high":
-            return 3;
-        case "medium":
-            return 2;
-        case "low":
-        default:
-            return 1;
-    }
-}
 function normalizePriority(priority) {
     return priority ?? "low";
 }
-function sortLenses(lenses) {
-    const set = new Set(lenses);
-    return LENS_ORDER.filter((lens) => set.has(lens));
-}
 function lineCountForPath(task, path, lineIndex) {
     return task.file_line_counts?.[path] ?? lineIndex?.[path] ?? 0;
 }
@@ -99,13 +132,10 @@ function buildTaskGroups(tasks) {
     }
     return groups;
 }
-function normalizeGraphPath(path) {
+export function normalizeGraphPath(path) {
     return path.replace(/\\/g, "/").replace(/^\.\//, "").toLowerCase();
 }
-function isRecord(value) {
-    return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-function collectGraphEdges(graphBundle) {
+export function collectGraphEdges(graphBundle) {
     if (!graphBundle?.graphs) {
         return [];
     }
@@ -141,7 +171,7 @@ function collectGraphEdges(graphBundle) {
     }
     return edges;
 }
-function graphEdgeConfidence(edge) {
+export function graphEdgeConfidence(edge) {
     if (typeof edge.confidence === "number" && Number.isFinite(edge.confidence)) {
         return Math.min(1, Math.max(0, edge.confidence));
     }
@@ -156,7 +186,7 @@ function graphEdgeConfidence(edge) {
 function isConcreteGraphEdge(edge) {
     return edge.kind !== "heuristic-container-edge";
 }
-function buildGraphDegreeIndex(edges) {
+export function buildGraphDegreeIndex(edges) {
     const fanIn = new Map();
     const fanOut = new Map();
     for (const edge of edges) {
@@ -255,33 +285,16 @@ function groupsOverlap(a, b) {
     }
     return false;
 }
-function buildGraphConnectedComponentIndex(groups, graphEdges) {
-    const groupKeys = [...groups.keys()];
-    const parent = new Map(groupKeys.map((key) => [key, key]));
+function unionFindFromGroups(groups, graphEdges) {
+    const uf = new UnionFind(groups.keys());
     const fileToGroupKeys = buildFileToGroupKeys(groups);
     const degreeIndex = buildGraphDegreeIndex(graphEdges);
-    function find(key) {
-        const current = parent.get(key) ?? key;
-        if (current === key)
-            return key;
-        const root = find(current);
-        parent.set(key, root);
-        return root;
-    }
-    function union(a, b) {
-        const rootA = find(a);
-        const rootB = find(b);
-        if (rootA === rootB)
-            return;
-        const [keep, move] = rootA.localeCompare(rootB) <= 0 ? [rootA, rootB] : [rootB, rootA];
-        parent.set(move, keep);
-    }
     for (const keys of fileToGroupKeys.values()) {
         const [first, ...rest] = [...keys].sort((a, b) => a.localeCompare(b));
         if (!first)
             continue;
         for (const key of rest) {
-            union(first, key);
+            uf.union(first, key);
         }
     }
     for (const edge of graphEdges) {
@@ -295,11 +308,15 @@ function buildGraphConnectedComponentIndex(groups, graphEdges) {
         }
         for (const fromKey of fromGroups) {
             for (const toKey of toGroups) {
-                union(fromKey, toKey);
+                uf.union(fromKey, toKey);
             }
         }
     }
-    return new Map(groupKeys.map((key) => [key, find(key)]));
+    return uf;
+}
+function buildGraphConnectedComponentIndex(groups, graphEdges) {
+    const uf = unionFindFromGroups(groups, graphEdges);
+    return new Map([...groups.keys()].map((key) => [key, uf.find(key)]));
 }
 function subsystemRootForPath(path) {
     const segments = normalizeGraphPath(path).split("/").filter(Boolean);
@@ -375,13 +392,11 @@ function buildBoundedClusterEdges(params) {
         const allFiles = new Set(componentEntries.flatMap((entry) => [...entry.filePaths]));
         const totalTasks = componentEntries.reduce((sum, entry) => sum + entry.taskCount, 0);
         const clusterTasks = entries.flatMap((entry) => entry.tasks);
-        const totalLines = [...allFiles].reduce((sum, path) => {
-            const owner = clusterTasks.find((task) => task.file_paths.includes(path));
-            return sum + (owner ? lineCountForPath(owner, path, params.lineIndex) : 0);
-        }, 0);
+        const totalContentTokens = fileGroupContentTokens(allFiles, clusterTasks, params.sizeIndex, params.lineIndex);
         if (allFiles.size > MAX_SUBSYSTEM_CLUSTER_FILES ||
             totalTasks > MAX_SUBSYSTEM_CLUSTER_TASKS ||
-            totalLines > (params.targetPacketLines ?? DEFAULT_TARGET_PACKET_LINES)) {
+            totalContentTokens >
+                (params.targetPacketTokens ?? DEFAULT_TARGET_PACKET_TOKENS)) {
             continue;
         }
         for (let index = 1; index < componentEntries.length; index++) {
@@ -399,7 +414,7 @@ function buildBoundedClusterEdges(params) {
     }
     return clusterEdges.sort(compareGraphEdges);
 }
-function buildSubsystemClusterEdges(groups, graphEdges, lineIndex, targetPacketLines = DEFAULT_TARGET_PACKET_LINES) {
+function buildSubsystemClusterEdges(groups, graphEdges, lineIndex, sizeIndex, targetPacketTokens = DEFAULT_TARGET_PACKET_TOKENS) {
     return buildBoundedClusterEdges({
         groups,
         graphEdges,
@@ -408,7 +423,8 @@ function buildSubsystemClusterEdges(groups, graphEdges, lineIndex, targetPacketL
         edgeConfidence: SUBSYSTEM_CLUSTER_CONFIDENCE,
         reasonForCluster: (root, fileCount) => `Bounded subsystem cluster '${root}' groups ${fileCount} file(s) without stronger graph evidence.`,
         lineIndex,
-        targetPacketLines,
+        sizeIndex,
+        targetPacketTokens,
     });
 }
 function packageManifestRoot(path) {
@@ -435,39 +451,18 @@ function isCargoManifestPath(path) {
 function isMavenPomPath(path) {
     return normalizeGraphPath(path).split("/").at(-1) === "pom.xml";
 }
-function typescriptProjectRoot(path) {
-    const segments = normalizeGraphPath(path).split("/").filter(Boolean);
-    if (!isTypescriptProjectConfigPath(path) || segments.length < 2) {
-        return undefined;
-    }
-    return segments.slice(0, -1).join("/");
-}
-function goModuleRoot(path) {
-    const segments = normalizeGraphPath(path).split("/").filter(Boolean);
-    if (!isGoModuleManifestPath(path) || segments.length < 2) {
-        return undefined;
-    }
-    return segments.slice(0, -1).join("/");
-}
-function cargoModuleRoot(path) {
-    const segments = normalizeGraphPath(path).split("/").filter(Boolean);
-    if (!isCargoManifestPath(path) || segments.length < 2) {
-        return undefined;
-    }
-    return segments.slice(0, -1).join("/");
-}
-function mavenModuleRoot(path) {
+function configFileRoot(path, predicate) {
     const segments = normalizeGraphPath(path).split("/").filter(Boolean);
-    if (!isMavenPomPath(path) || segments.length < 2) {
+    if (!predicate(path) || segments.length < 2) {
         return undefined;
     }
     return segments.slice(0, -1).join("/");
 }
 function moduleConfigRoot(path) {
-    return (typescriptProjectRoot(path) ??
-        goModuleRoot(path) ??
-        cargoModuleRoot(path) ??
-        mavenModuleRoot(path));
+    return (configFileRoot(path, isTypescriptProjectConfigPath) ??
+        configFileRoot(path, isGoModuleManifestPath) ??
+        configFileRoot(path, isCargoManifestPath) ??
+        configFileRoot(path, isMavenPomPath));
 }
 function analyzerOwnershipRoot(path) {
     const root = normalizeGraphPath(path).replace(/\/+$/, "");
@@ -529,7 +524,7 @@ function packageOwnershipRootForTasks(tasks, packageRoots) {
     const roots = new Set(rootsForFiles);
     return roots.size === 1 ? [...roots][0] : undefined;
 }
-function buildPackageOwnershipClusterEdges(groups, graphEdges, lineIndex, targetPacketLines = DEFAULT_TARGET_PACKET_LINES) {
+function buildPackageOwnershipClusterEdges(groups, graphEdges, lineIndex, sizeIndex, targetPacketTokens = DEFAULT_TARGET_PACKET_TOKENS) {
     const packageRoots = collectPackageOwnershipRoots(groups, graphEdges);
     if (packageRoots.size === 0) {
         return [];
@@ -542,7 +537,8 @@ function buildPackageOwnershipClusterEdges(groups, graphEdges, lineIndex, target
         edgeConfidence: PACKAGE_OWNERSHIP_CLUSTER_CONFIDENCE,
         reasonForCluster: (root, fileCount) => `Package ownership root '${root}' groups ${fileCount} file(s) across bounded package subdirectories.`,
         lineIndex,
-        targetPacketLines,
+        sizeIndex,
+        targetPacketTokens,
     });
 }
 function collectModuleOwnershipRoots(groups, graphEdges) {
@@ -588,7 +584,7 @@ function moduleOwnershipRootForTasks(tasks, moduleRoots) {
     const roots = new Set(rootsForFiles);
     return roots.size === 1 ? [...roots][0] : undefined;
 }
-function buildModuleOwnershipClusterEdges(groups, graphEdges, lineIndex, targetPacketLines = DEFAULT_TARGET_PACKET_LINES) {
+function buildModuleOwnershipClusterEdges(groups, graphEdges, lineIndex, sizeIndex, targetPacketTokens = DEFAULT_TARGET_PACKET_TOKENS) {
     const moduleRoots = collectModuleOwnershipRoots(groups, graphEdges);
     if (moduleRoots.size === 0) {
         return [];
@@ -607,7 +603,8 @@ function buildModuleOwnershipClusterEdges(groups, graphEdges, lineIndex, targetP
                 : `Module ownership root '${root}' from project configuration groups ${fileCount} file(s) across bounded subdirectories.`;
         },
         lineIndex,
-        targetPacketLines,
+        sizeIndex,
+        targetPacketTokens,
     });
 }
 function buildEntrypointFlowBridgeEdges(groups, graphEdges, graphBundle) {
@@ -694,18 +691,18 @@ function buildEntrypointFlowBridgeEdges(groups, graphEdges, graphBundle) {
     }
     return [...bridgeEdges.values()].sort(compareGraphEdges);
 }
-function buildPlanningGraphEdges(groups, graphEdges, graphBundle, lineIndex, targetPacketLines = DEFAULT_TARGET_PACKET_LINES) {
+function buildPlanningGraphEdges(groups, graphEdges, graphBundle, lineIndex, sizeIndex, targetPacketTokens = DEFAULT_TARGET_PACKET_TOKENS) {
     const bridgeEdges = buildEntrypointFlowBridgeEdges(groups, graphEdges, graphBundle);
     const graphWithBridges = bridgeEdges.length > 0 ? [...graphEdges, ...bridgeEdges] : graphEdges;
-    const subsystemEdges = buildSubsystemClusterEdges(groups, graphWithBridges, lineIndex, targetPacketLines);
+    const subsystemEdges = buildSubsystemClusterEdges(groups, graphWithBridges, lineIndex, sizeIndex, targetPacketTokens);
     const graphWithSubsystems = subsystemEdges.length > 0
         ? [...graphWithBridges, ...subsystemEdges]
         : graphWithBridges;
-    const packageOwnershipEdges = buildPackageOwnershipClusterEdges(groups, graphWithSubsystems, lineIndex, targetPacketLines);
+    const packageOwnershipEdges = buildPackageOwnershipClusterEdges(groups, graphWithSubsystems, lineIndex, sizeIndex, targetPacketTokens);
     const graphWithPackageOwnership = packageOwnershipEdges.length > 0
         ? [...graphWithSubsystems, ...packageOwnershipEdges]
         : graphWithSubsystems;
-    const moduleOwnershipEdges = buildModuleOwnershipClusterEdges(groups, graphWithPackageOwnership, lineIndex, targetPacketLines);
+    const moduleOwnershipEdges = buildModuleOwnershipClusterEdges(groups, graphWithPackageOwnership, lineIndex, sizeIndex, targetPacketTokens);
     return moduleOwnershipEdges.length > 0
         ? [...graphWithPackageOwnership, ...moduleOwnershipEdges]
         : graphWithPackageOwnership;
@@ -831,7 +828,8 @@ function chunkPacketTasks(tasks, options) {
     let current = [];
     for (const task of tasks.sort(compareTasksForPacket)) {
         const isolatedLargeFileTask = task.file_paths.length === 1 &&
-            taskLineCount(task, options.lineIndex) > options.targetPacketLines;
+            taskContentTokens(task, options.sizeIndex, options.lineIndex) >
+                options.targetPacketTokens;
         if (isolatedLargeFileTask) {
             if (current.length > 0) {
                 chunks.push(current);
@@ -842,13 +840,10 @@ function chunkPacketTasks(tasks, options) {
         }
         const candidate = [...current, task];
         const uniquePaths = new Set(candidate.flatMap((item) => item.file_paths));
-        const candidateLines = [...uniquePaths].reduce((sum, path) => {
-            const owner = candidate.find((item) => item.file_paths.includes(path));
-            return sum + (owner ? lineCountForPath(owner, path, options.lineIndex) : 0);
-        }, 0);
+        const candidateContentTokens = fileGroupContentTokens(uniquePaths, candidate, options.sizeIndex, options.lineIndex);
         const wouldExceedTaskCount = options.maxTasksPerPacket > 0 && current.length > 0 && candidate.length > options.maxTasksPerPacket;
-        const wouldExceedLines = current.length > 0 && candidateLines > options.targetPacketLines;
-        if (wouldExceedTaskCount || wouldExceedLines) {
+        const wouldExceedTokens = current.length > 0 && candidateContentTokens > options.targetPacketTokens;
+        if (wouldExceedTaskCount || wouldExceedTokens) {
             chunks.push(current);
             current = [];
         }
@@ -860,59 +855,17 @@ function chunkPacketTasks(tasks, options) {
     return chunks;
 }
 function mergeGraphConnectedGroups(groups, graphEdges) {
-    const groupKeys = [...groups.keys()];
-    const parent = new Map(groupKeys.map((key) => [key, key]));
-    const fileToGroupKeys = buildFileToGroupKeys(groups);
-    const degreeIndex = buildGraphDegreeIndex(graphEdges);
-    function find(key) {
-        const current = parent.get(key) ?? key;
-        if (current === key)
-            return key;
-        const root = find(current);
-        parent.set(key, root);
-        return root;
-    }
-    function union(a, b) {
-        const rootA = find(a);
-        const rootB = find(b);
-        if (rootA === rootB)
-            return;
-        const [keep, move] = rootA.localeCompare(rootB) <= 0 ? [rootA, rootB] : [rootB, rootA];
-        parent.set(move, keep);
-    }
-    for (const keys of fileToGroupKeys.values()) {
-        const [first, ...rest] = [...keys].sort((a, b) => a.localeCompare(b));
-        if (!first)
-            continue;
-        for (const key of rest) {
-            union(first, key);
-        }
-    }
-    for (const edge of graphEdges) {
-        if (!isPacketExpansionEdge(edge, degreeIndex)) {
-            continue;
-        }
-        const fromGroups = fileToGroupKeys.get(normalizeGraphPath(edge.from));
-        const toGroups = fileToGroupKeys.get(normalizeGraphPath(edge.to));
-        if (!fromGroups || !toGroups) {
-            continue;
-        }
-        for (const fromKey of fromGroups) {
-            for (const toKey of toGroups) {
-                union(fromKey, toKey);
-            }
-        }
-    }
+    const uf = unionFindFromGroups(groups, graphEdges);
     const merged = new Map();
-    for (const key of groupKeys) {
-        const root = find(key);
+    for (const key of groups.keys()) {
+        const root = uf.find(key);
         const current = merged.get(root) ?? [];
         current.push(...(groups.get(key) ?? []));
         merged.set(root, current);
     }
     return [...merged.values()];
 }
-function buildPacket(tasks, packetIndex, lineIndex, graphEdges = [], graphBundle) {
+function buildPacket(tasks, packetIndex, lineIndex, sizeIndex, graphEdges = [], graphBundle) {
     const filePaths = [...new Set(tasks.flatMap((task) => task.file_paths))].sort((a, b) => a.localeCompare(b));
     const graphContext = buildPacketGraphContext(filePaths, graphEdges, graphBundle);
     const fileLineCounts = Object.fromEntries(filePaths.map((path) => {
@@ -920,6 +873,8 @@ function buildPacket(tasks, packetIndex, lineIndex, graphEdges = [], graphBundle
         return [path, owner ? lineCountForPath(owner, path, lineIndex) : 0];
     }));
     const totalLines = Object.values(fileLineCounts).reduce((sum, value) => sum + value, 0);
+    const estimatedTokens = ESTIMATED_PACKET_PROMPT_TOKENS +
+        fileGroupContentTokens(filePaths, tasks, sizeIndex, lineIndex);
     const priority = tasks.reduce((highest, task) => priorityRank(task.priority) > priorityRank(highest)
         ? normalizePriority(task.priority)
         : highest, "low");
@@ -955,19 +910,18 @@ function buildPacket(tasks, packetIndex, lineIndex, graphEdges = [], graphBundle
             : undefined,
         quality: graphContext.quality,
         rationale: `${baseRationale}${graphRationale}`,
-        estimated_tokens: ESTIMATED_PACKET_PROMPT_TOKENS + totalLines * ESTIMATED_TOKENS_PER_LINE,
+        estimated_tokens: estimatedTokens,
     };
 }
 function buildReviewPacketPlanningData(tasks, options = {}) {
     const maxTasksPerPacket = options.maxTasksPerPacket ?? DEFAULT_MAX_TASKS_PER_PACKET;
-    const configuredTargetLines = options.targetPacketLines ?? DEFAULT_TARGET_PACKET_LINES;
-    const targetPacketLines = options.maxContextTokens != null
-        ? Math.min(configuredTargetLines, Math.max(1, Math.floor((options.maxContextTokens - ESTIMATED_PACKET_PROMPT_TOKENS) /
-            ESTIMATED_TOKENS_PER_LINE)))
-        : configuredTargetLines;
+    const configuredTargetTokens = options.targetPacketTokens ?? DEFAULT_TARGET_PACKET_TOKENS;
+    const targetPacketTokens = options.maxContextTokens != null
+        ? Math.min(configuredTargetTokens, Math.max(1, options.maxContextTokens - ESTIMATED_PACKET_PROMPT_TOKENS))
+        : configuredTargetTokens;
     const graphEdges = collectGraphEdges(options.graphBundle);
     const groups = buildTaskGroups(tasks);
-    const planningGraphEdges = buildPlanningGraphEdges(groups, graphEdges, options.graphBundle, options.lineIndex, targetPacketLines);
+    const planningGraphEdges = buildPlanningGraphEdges(groups, graphEdges, options.graphBundle, options.lineIndex, options.sizeIndex, targetPacketTokens);
     const packets = [];
     let packetIndex = 0;
     const groupedTasks = mergeGraphConnectedGroups(groups, planningGraphEdges).sort((a, b) => {
@@ -980,10 +934,11 @@ function buildReviewPacketPlanningData(tasks, options = {}) {
     for (const group of groupedTasks) {
         for (const chunk of chunkPacketTasks(group, {
             lineIndex: options.lineIndex,
+            sizeIndex: options.sizeIndex,
             maxTasksPerPacket,
-            targetPacketLines,
+            targetPacketTokens,
         })) {
-            packets.push(buildPacket(chunk, packetIndex, options.lineIndex, planningGraphEdges, options.graphBundle));
+            packets.push(buildPacket(chunk, packetIndex, options.lineIndex, options.sizeIndex, planningGraphEdges, options.graphBundle));
             packetIndex += 1;
         }
     }

package/dist/orchestrator/runtimeValidation.d.ts

@@ -1,6 +1,6 @@
 import type { UnitManifest } from "../types.js";
 import type { FlowCoverageManifest } from "../types/flowCoverage.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
+import type { CriticalFlowManifest } from "@audit-tools/shared";
 import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
 export declare function discoverRuntimeValidationCommand(root: string): Promise<string[] | undefined>;
 export declare function buildRuntimeValidationTasks(params: {

package/dist/orchestrator/runtimeValidation.js

@@ -1,4 +1,4 @@
-import { access, readFile } from "node:fs/promises";
+import { discoverProjectCommands } from "@audit-tools/shared";
 function checksForFlow(requiredLenses) {
     const checks = [];
     if (requiredLenses.includes("security")) {
@@ -15,37 +15,10 @@ function checksForFlow(requiredLenses) {
     }
     return checks;
 }
-async function exists(path) {
-    try {
-        await access(path);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
 export async function discoverRuntimeValidationCommand(root) {
-    const packageJsonPath = `${root}/package.json`;
-    if (await exists(packageJsonPath)) {
-        try {
-            const packageJson = JSON.parse(await readFile(packageJsonPath, "utf8"));
-            const testScript = packageJson.scripts?.test?.trim();
-            if (testScript &&
-                !/no test specified/i.test(testScript)) {
-                return ["npm", "test"];
-            }
-        }
-        catch {
-            // ignore unreadable package.json for runtime discovery
-        }
-    }
-    if (await exists(`${root}/go.mod`)) {
-        return ["go", "test", "./..."];
-    }
-    if (await exists(`${root}/pyproject.toml`) || await exists(`${root}/pytest.ini`)) {
-        return ["python", "-m", "pytest"];
-    }
-    return undefined;
+    // Shared discovery (Node test script → Go → Python) is the single source of
+    // truth; the runtime-validation command is the discovered test command.
+    return discoverProjectCommands(root).test;
 }
 export function buildRuntimeValidationTasks(params) {
     if (!params.command) {

package/dist/orchestrator/scope.d.ts

@@ -0,0 +1,62 @@
+import type { GraphBundle } from "@audit-tools/shared";
+import type { ArtifactBundle } from "../io/artifacts.js";
+import type { CoverageMatrix } from "../types.js";
+import type { AuditScopeBudget, AuditScopeManifest } from "../types/auditScope.js";
+/** Default cap on in-scope files (seeds + expanded) before expansion stops. */
+export declare const DEFAULT_SCOPE_MAX_FILES = 200;
+/** Graph edges below this confidence are never traversed during expansion. */
+export declare const SCOPE_EDGE_CONFIDENCE_FLOOR = 0.5;
+/**
+ * Expansion stops along a path once the accumulated path-confidence (the product
+ * of the traversed edge confidences) drops below this floor. With no fixed hop
+ * count, this — together with hub-skipping and the file budget — bounds the
+ * frontier deterministically.
+ */
+export declare const SCOPE_MIN_FRONTIER_CONFIDENCE = 0.5;
+export interface ComputeAuditScopeInput {
+    /** The git ref the delta is measured against. */
+    since: string;
+    /** Raw changed paths (git output, posix-relative). */
+    changed: string[];
+    /** Canonical auditable file paths (repo-manifest paths, non-excluded). */
+    includedFiles: string[];
+    /** Dependency graph used to expand from seeds to neighbours. */
+    graphBundle?: GraphBundle;
+    budget?: AuditScopeBudget;
+}
+/**
+ * Deterministic priority-frontier expansion (Phase 3). Starting from the changed
+ * files (seeds), walk the dependency graph outward, always visiting the neighbour
+ * with the highest accumulated path-confidence first (tie-broken by path). High
+ * fan-in/out hubs are skipped so a single change near a hub does not drag the
+ * whole repo into scope, low-confidence edges are dropped, and expansion halts at
+ * the file budget or when the best remaining frontier confidence falls below the
+ * floor. Same inputs → identical scope.
+ */
+export declare function computeAuditScope(input: ComputeAuditScopeInput): AuditScopeManifest;
+/** A full-audit scope (the default, and every fallback). */
+export declare function fullAuditScope(budget?: AuditScopeBudget, droppedNote?: string): AuditScopeManifest;
+export interface ResolveAuditScopeInput {
+    root?: string;
+    /** The `--since` ref, if any. Absent/empty → full audit. */
+    since?: string;
+    bundle: ArtifactBundle;
+    budget?: AuditScopeBudget;
+}
+/**
+ * Resolve the scope for a planning run. Returns a full-audit scope unless a
+ * `--since` ref was supplied against a real git repository; an unusable ref or
+ * missing root degrades to a full audit with an honest note. Reads the auditable
+ * file set from the repo manifest + disposition (the same lookup the graph
+ * extractor uses) and the dependency graph from the bundle.
+ */
+export declare function resolveAuditScope(input: ResolveAuditScopeInput): AuditScopeManifest;
+/**
+ * Apply a delta scope to a freshly-built coverage matrix. In-scope files (seeds
+ * + expanded neighbours) keep their fresh `pending` status to be re-audited.
+ * Out-of-scope files inherit a prior `complete` record verbatim when present (so
+ * previously-finished work is preserved, not re-run), and are otherwise excluded
+ * from this run with `classification_status: "out_of_scope_delta"`. Deterministic
+ * exclusions (non-auditable/trivial) are left untouched. A full scope is a no-op.
+ */
+export declare function applyScopeToCoverage(coverage: CoverageMatrix, scope: AuditScopeManifest, priorCoverage?: CoverageMatrix): CoverageMatrix;