auditor-lambda 0.3.40 → 0.5.0

package/dist/extractors/graphPythonImports.js

@@ -0,0 +1,362 @@
+import { posix } from "node:path";
+import { graphEdge, normalizeGraphPath, resolveCandidate, } from "./graphPathUtils.js";
+const PYTHON_SOURCE_EXTENSIONS = [".py", ".pyi"];
+const PYTHON_PACKAGE_INDEX_FILES = ["__init__.py", "__init__.pyi"];
+const IMPORT_EDGE_CONFIDENCE = 0.95;
+export function isPythonSourcePath(path) {
+    const normalized = normalizeGraphPath(path).toLowerCase();
+    return PYTHON_SOURCE_EXTENSIONS.some((extension) => normalized.endsWith(extension));
+}
+function stripPythonLineComment(line) {
+    let quote;
+    let escaped = false;
+    for (let index = 0; index < line.length; index++) {
+        const char = line[index];
+        if (escaped) {
+            escaped = false;
+            continue;
+        }
+        if (quote) {
+            if (char === "\\") {
+                escaped = true;
+                continue;
+            }
+            if (char === quote) {
+                quote = undefined;
+            }
+            continue;
+        }
+        if (char === "'" || char === '"') {
+            quote = char;
+            continue;
+        }
+        if (char === "#") {
+            return line.slice(0, index);
+        }
+    }
+    return line;
+}
+function pythonParenDelta(line) {
+    let quote;
+    let escaped = false;
+    let delta = 0;
+    for (const char of line) {
+        if (escaped) {
+            escaped = false;
+            continue;
+        }
+        if (quote) {
+            if (char === "\\") {
+                escaped = true;
+                continue;
+            }
+            if (char === quote) {
+                quote = undefined;
+            }
+            continue;
+        }
+        if (char === "'" || char === '"') {
+            quote = char;
+            continue;
+        }
+        if (char === "(") {
+            delta += 1;
+        }
+        else if (char === ")") {
+            delta -= 1;
+        }
+    }
+    return delta;
+}
+function pythonLogicalLines(content) {
+    const logicalLines = [];
+    let pending = "";
+    let parenDepth = 0;
+    for (const rawLine of content.split(/\r?\n/)) {
+        const stripped = stripPythonLineComment(rawLine).trim();
+        if (stripped.length === 0) {
+            continue;
+        }
+        if (pending.length === 0 && !/^(?:import|from)\s+/i.test(stripped)) {
+            continue;
+        }
+        const continued = stripped.endsWith("\\");
+        const line = continued ? stripped.slice(0, -1).trimEnd() : stripped;
+        pending = pending.length > 0 ? `${pending} ${line}` : line;
+        parenDepth += pythonParenDelta(line);
+        if (!continued && parenDepth <= 0) {
+            logicalLines.push(pending.replace(/\s+/g, " ").trim());
+            pending = "";
+            parenDepth = 0;
+        }
+    }
+    if (pending.length > 0) {
+        logicalLines.push(pending.replace(/\s+/g, " ").trim());
+    }
+    return logicalLines;
+}
+function unwrapPythonImportList(value) {
+    let trimmed = value.trim();
+    if (trimmed.startsWith("(") && trimmed.endsWith(")")) {
+        trimmed = trimmed.slice(1, -1).trim();
+    }
+    return trimmed;
+}
+function splitPythonImportList(value) {
+    const items = [];
+    let current = "";
+    let quote;
+    let escaped = false;
+    let parenDepth = 0;
+    for (const char of unwrapPythonImportList(value)) {
+        if (escaped) {
+            current += char;
+            escaped = false;
+            continue;
+        }
+        if (quote) {
+            current += char;
+            if (char === "\\") {
+                escaped = true;
+            }
+            else if (char === quote) {
+                quote = undefined;
+            }
+            continue;
+        }
+        if (char === "'" || char === '"') {
+            current += char;
+            quote = char;
+            continue;
+        }
+        if (char === "(") {
+            parenDepth += 1;
+            current += char;
+            continue;
+        }
+        if (char === ")") {
+            parenDepth -= 1;
+            current += char;
+            continue;
+        }
+        if (char === "," && parenDepth === 0) {
+            const item = current.trim();
+            if (item.length > 0) {
+                items.push(item);
+            }
+            current = "";
+            continue;
+        }
+        current += char;
+    }
+    const item = current.trim();
+    if (item.length > 0) {
+        items.push(item);
+    }
+    return items;
+}
+function stripPythonAlias(value) {
+    return value.replace(/\s+as\s+[A-Za-z_]\w*$/i, "").trim();
+}
+function isPythonIdentifier(value) {
+    return /^[A-Za-z_]\w*$/.test(value);
+}
+function isPythonAbsoluteModuleSpecifier(value) {
+    return /^[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*$/.test(value);
+}
+function isPythonRelativeModuleSpecifier(value) {
+    return /^\.+(?:[A-Za-z_]\w*(?:\.[A-Za-z_]\w*)*)?$/.test(value);
+}
+function isPythonModuleSpecifier(value) {
+    return (isPythonAbsoluteModuleSpecifier(value) ||
+        isPythonRelativeModuleSpecifier(value));
+}
+function pythonModulePath(specifier) {
+    return specifier.split(".").filter(Boolean).join("/");
+}
+function resolvePythonPathCandidate(candidate, pathLookup) {
+    const normalized = normalizeGraphPath(candidate).replace(/\/+$/, "");
+    if (normalized.length === 0 || normalized === "." || normalized === "..") {
+        return undefined;
+    }
+    return resolveCandidate(normalized, pathLookup);
+}
+function pythonPathMatchesModule(path, modulePath) {
+    const normalizedPath = normalizeGraphPath(path).toLowerCase();
+    const normalizedModulePath = normalizeGraphPath(modulePath).toLowerCase();
+    return (PYTHON_SOURCE_EXTENSIONS.some((extension) => {
+        const moduleFile = `${normalizedModulePath}${extension}`;
+        return (normalizedPath === moduleFile ||
+            normalizedPath.endsWith(`/${moduleFile}`));
+    }) ||
+        PYTHON_PACKAGE_INDEX_FILES.some((indexFile) => {
+            const packageFile = posix.join(normalizedModulePath, indexFile);
+            return (normalizedPath === packageFile ||
+                normalizedPath.endsWith(`/${packageFile}`));
+        }));
+}
+function commonDirectoryPrefixLength(left, right) {
+    const leftParts = normalizeGraphPath(left).split("/").filter(Boolean);
+    const rightParts = normalizeGraphPath(right).split("/").filter(Boolean);
+    let count = 0;
+    while (count < leftParts.length &&
+        count < rightParts.length &&
+        leftParts[count].toLowerCase() === rightParts[count].toLowerCase()) {
+        count += 1;
+    }
+    return count;
+}
+function resolvePythonAbsoluteModuleSpecifier(fromPath, specifier, pathLookup) {
+    const modulePath = pythonModulePath(specifier);
+    const direct = resolvePythonPathCandidate(modulePath, pathLookup);
+    if (direct) {
+        return direct;
+    }
+    const matches = [...new Set(pathLookup.values())].filter((path) => isPythonSourcePath(path) && pythonPathMatchesModule(path, modulePath));
+    if (matches.length === 1) {
+        return matches[0];
+    }
+    if (matches.length === 0) {
+        return undefined;
+    }
+    const fromDir = posix.dirname(normalizeGraphPath(fromPath));
+    const scored = matches
+        .map((target) => ({
+        target,
+        score: commonDirectoryPrefixLength(fromDir, posix.dirname(normalizeGraphPath(target))),
+    }))
+        .sort((a, b) => b.score - a.score || a.target.localeCompare(b.target));
+    const bestScore = scored[0]?.score ?? 0;
+    const bestMatches = scored.filter((item) => item.score === bestScore);
+    if (bestScore > 0 && bestMatches.length === 1) {
+        return bestMatches[0].target;
+    }
+    const srcMatches = matches.filter((target) => normalizeGraphPath(target).toLowerCase().startsWith("src/"));
+    return srcMatches.length === 1 ? srcMatches[0] : undefined;
+}
+function resolvePythonRelativeModuleSpecifier(fromPath, specifier, pathLookup) {
+    const match = /^(\.+)(.*)$/.exec(specifier);
+    if (!match) {
+        return undefined;
+    }
+    const level = match[1].length;
+    const remainder = match[2] ?? "";
+    let baseDir = posix.dirname(normalizeGraphPath(fromPath));
+    for (let index = 1; index < level; index++) {
+        const next = posix.dirname(baseDir);
+        if (next === baseDir) {
+            return undefined;
+        }
+        baseDir = next;
+    }
+    const modulePath = pythonModulePath(remainder);
+    const candidate = modulePath.length > 0 ? posix.join(baseDir, modulePath) : baseDir;
+    return resolvePythonPathCandidate(candidate, pathLookup);
+}
+function resolvePythonModuleSpecifier(fromPath, specifier, pathLookup) {
+    if (isPythonRelativeModuleSpecifier(specifier)) {
+        return resolvePythonRelativeModuleSpecifier(fromPath, specifier, pathLookup);
+    }
+    if (isPythonAbsoluteModuleSpecifier(specifier)) {
+        return resolvePythonAbsoluteModuleSpecifier(fromPath, specifier, pathLookup);
+    }
+    return undefined;
+}
+function appendPythonImportedSpecifier(moduleSpecifier, importedName) {
+    return moduleSpecifier.endsWith(".")
+        ? `${moduleSpecifier}${importedName}`
+        : `${moduleSpecifier}.${importedName}`;
+}
+function addPythonImportEdge(edges, fromPath, target, kind, specifier) {
+    if (!target || target === fromPath) {
+        return;
+    }
+    edges.push(graphEdge({
+        from: fromPath,
+        to: target,
+        kind,
+        confidence: IMPORT_EDGE_CONFIDENCE,
+        reason: `Resolved Python import specifier '${specifier}'.`,
+    }));
+}
+/**
+ * Resolve a single `import <spec>` module specifier to a repo file, or
+ * undefined. Shared with the tree-sitter Python analyzer so AST-extracted
+ * imports resolve to exactly the same targets as the regex floor.
+ */
+export function resolvePythonImportTarget(fromPath, specifier, pathLookup) {
+    if (!isPythonAbsoluteModuleSpecifier(specifier)) {
+        return undefined;
+    }
+    return resolvePythonModuleSpecifier(fromPath, specifier, pathLookup);
+}
+/**
+ * Resolve a `from <module> import <names>` statement to repo files. Mirrors the
+ * floor: prefer submodule files (`module.name`), else the module itself. Shared
+ * with the tree-sitter Python analyzer.
+ */
+export function resolvePythonFromImportTargets(fromPath, moduleSpecifier, importedNames, pathLookup) {
+    if (!isPythonModuleSpecifier(moduleSpecifier)) {
+        return [];
+    }
+    const submoduleTargets = importedNames
+        .filter((name) => name !== "*" && isPythonIdentifier(name))
+        .map((name) => appendPythonImportedSpecifier(moduleSpecifier, name))
+        .map((specifier) => ({
+        specifier,
+        target: resolvePythonModuleSpecifier(fromPath, specifier, pathLookup),
+    }))
+        .filter((item) => item.target !== undefined && item.target !== fromPath);
+    if (submoduleTargets.length > 0) {
+        return submoduleTargets;
+    }
+    const moduleTarget = resolvePythonModuleSpecifier(fromPath, moduleSpecifier, pathLookup);
+    return moduleTarget && moduleTarget !== fromPath
+        ? [{ specifier: moduleSpecifier, target: moduleTarget }]
+        : [];
+}
+export function extractPythonImportEdges(fromPath, content, pathLookup) {
+    if (!isPythonSourcePath(fromPath)) {
+        return [];
+    }
+    const edges = [];
+    for (const line of pythonLogicalLines(content)) {
+        const importMatch = /^import\s+(.+)$/i.exec(line);
+        if (importMatch) {
+            for (const rawSpecifier of splitPythonImportList(importMatch[1] ?? "")) {
+                const specifier = stripPythonAlias(rawSpecifier);
+                if (!isPythonAbsoluteModuleSpecifier(specifier)) {
+                    continue;
+                }
+                addPythonImportEdge(edges, fromPath, resolvePythonModuleSpecifier(fromPath, specifier, pathLookup), "python-import", specifier);
+            }
+            continue;
+        }
+        const fromImportMatch = /^from\s+([.\w]+)\s+import\s+(.+)$/i.exec(line);
+        if (!fromImportMatch) {
+            continue;
+        }
+        const moduleSpecifier = fromImportMatch[1] ?? "";
+        if (!isPythonModuleSpecifier(moduleSpecifier)) {
+            continue;
+        }
+        const importedNames = splitPythonImportList(fromImportMatch[2] ?? "")
+            .map(stripPythonAlias)
+            .filter((name) => name !== "*" && isPythonIdentifier(name));
+        const submoduleTargets = importedNames
+            .map((name) => appendPythonImportedSpecifier(moduleSpecifier, name))
+            .map((specifier) => ({
+            specifier,
+            target: resolvePythonModuleSpecifier(fromPath, specifier, pathLookup),
+        }))
+            .filter((item) => item.target);
+        if (submoduleTargets.length > 0) {
+            for (const { specifier, target } of submoduleTargets) {
+                addPythonImportEdge(edges, fromPath, target, "python-from-import", specifier);
+            }
+            continue;
+        }
+        addPythonImportEdge(edges, fromPath, resolvePythonModuleSpecifier(fromPath, moduleSpecifier, pathLookup), "python-from-import", moduleSpecifier);
+    }
+    return edges;
+}

package/dist/extractors/pathPatterns.d.ts

@@ -8,6 +8,12 @@ export declare const EXTRACTOR_HEURISTIC_NOTE = "Heuristic path classification n
 export declare function normalizeExtractorPath(path: string): string;
 export declare function pathTokens(normalized: string): string[];
 export declare function isNodeModulesOrGit(normalized: string): boolean;
+/**
+ * `.tmp/` holds transient scratch and bundled tool copies (e.g. a vendored
+ * `.tmp/opentoken`). These are not the audited project's source — excluding
+ * them keeps the self-audit from auditing its own bundled dependencies.
+ */
+export declare function isTmpPath(normalized: string): boolean;
 export declare function isBuildOutput(normalized: string): boolean;
 export declare function isVendorPath(normalized: string): boolean;
 export declare function isBinaryArtifact(normalized: string): boolean;

package/dist/extractors/pathPatterns.js

@@ -156,6 +156,14 @@ function hasToken(normalized, values) {
 export function isNodeModulesOrGit(normalized) {
     return hasSegment(normalized, "node_modules") || hasSegment(normalized, ".git");
 }
+/**
+ * `.tmp/` holds transient scratch and bundled tool copies (e.g. a vendored
+ * `.tmp/opentoken`). These are not the audited project's source — excluding
+ * them keeps the self-audit from auditing its own bundled dependencies.
+ */
+export function isTmpPath(normalized) {
+    return hasSegment(normalized, ".tmp");
+}
 export function isBuildOutput(normalized) {
     return hasSegment(normalized, "dist") || hasSegment(normalized, "build");
 }

package/dist/extractors/risk.d.ts

@@ -1,5 +1,4 @@
 import type { UnitManifest } from "../types.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { RiskRegister } from "../types/risk.js";
+import type { CriticalFlowManifest, RiskRegister } from "@audit-tools/shared";
 export declare function buildRiskRegister(unitManifest: UnitManifest, criticalFlows?: CriticalFlowManifest, externalAnalyzerResults?: ExternalAnalyzerResults): RiskRegister;

package/dist/extractors/surfaces.d.ts

@@ -1,7 +1,5 @@
 import type { RepoManifest } from "../types.js";
-import type { FileDisposition } from "../types/disposition.js";
-import type { GraphBundle } from "../types/graph.js";
-import type { SurfaceManifest } from "../types/surfaces.js";
+import type { FileDisposition, GraphBundle, SurfaceManifest } from "@audit-tools/shared";
 /**
  * Detects likely execution surfaces from file paths using the shared extractor
  * heuristics, primarily to seed later audit planning.

package/dist/extractors/surfaces.js

@@ -1,5 +1,5 @@
 import { buildBrowserExtensionSurfacesFromGraph } from "./browserExtension.js";
-import { isAuditExcludedStatus } from "./disposition.js";
+import { buildDispositionMap, isAuditExcludedStatus } from "./disposition.js";
 import { EXTRACTOR_HEURISTIC_NOTE, isBackgroundSurfacePath, isNetworkSurfacePath, isSurfacePath, normalizeExtractorPath, } from "./pathPatterns.js";
 function methodsForPath(path) {
     const normalized = normalizeExtractorPath(path);
@@ -15,7 +15,7 @@ function methodsForPath(path) {
 export function buildSurfaceManifest(repoManifest, disposition, options = {}) {
     const surfaces = [];
     const seen = new Set();
-    const dispositionMap = new Map(disposition?.files.map((item) => [item.path, item.status]) ?? []);
+    const dispositionMap = buildDispositionMap(disposition);
     function addSurface(surface) {
         const key = `${surface.kind}:${surface.entrypoint}`;
         if (seen.has(key)) {

package/dist/io/artifacts.d.ts

@@ -2,16 +2,15 @@ import { cp, rm } from "node:fs/promises";
 import type { AuditResult, AuditTask, CoverageMatrix, RepoManifest, UnitManifest } from "../types.js";
 import type { AuditState } from "../types/auditState.js";
 import type { ArtifactMetadataManifest } from "../types/artifactMetadata.js";
-import type { FileDisposition } from "../types/disposition.js";
+import type { AuditFindingsReport, FileDisposition, CriticalFlowManifest, GraphBundle, RiskRegister, SurfaceManifest } from "@audit-tools/shared";
+import type { SynthesisNarrativeRecord } from "../types/synthesisNarrative.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
 import type { FlowCoverageManifest } from "../types/flowCoverage.js";
-import type { CriticalFlowManifest } from "../types/flows.js";
-import type { GraphBundle } from "../types/graph.js";
-import type { RiskRegister } from "../types/risk.js";
 import type { AuditPlanMetrics, ReviewPacket } from "../types/reviewPlanning.js";
 import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
-import type { SurfaceManifest } from "../types/surfaces.js";
 import type { DesignAssessment } from "../types/designAssessment.js";
+import type { AnalyzerCapabilityRecord } from "../types/analyzerCapability.js";
+import type { AuditScopeManifest } from "../types/auditScope.js";
 import type { ToolingManifest } from "../types/toolingManifest.js";
 type ArtifactPayloadMap = {
     repo_manifest: RepoManifest;
@@ -24,6 +23,8 @@ type ArtifactPayloadMap = {
     flow_coverage: FlowCoverageManifest;
     risk_register: RiskRegister;
     design_assessment: DesignAssessment;
+    analyzer_capability: AnalyzerCapabilityRecord;
+    scope: AuditScopeManifest;
     coverage_matrix: CoverageMatrix;
     runtime_validation_tasks: RuntimeValidationTaskManifest;
     runtime_validation_report: RuntimeValidationReport;
@@ -35,6 +36,8 @@ type ArtifactPayloadMap = {
     review_packets: ReviewPacket[];
     requeue_tasks: AuditTask[];
     audit_report: string;
+    audit_findings: AuditFindingsReport;
+    synthesis_narrative: SynthesisNarrativeRecord;
     audit_state: AuditState;
     artifact_metadata: ArtifactMetadataManifest;
     tooling_manifest: ToolingManifest;
@@ -63,6 +66,8 @@ export declare const ARTIFACT_DEFINITIONS: {
     readonly flow_coverage: ArtifactDefinition<"flow_coverage">;
     readonly risk_register: ArtifactDefinition<"risk_register">;
     readonly design_assessment: ArtifactDefinition<"design_assessment">;
+    readonly analyzer_capability: ArtifactDefinition<"analyzer_capability">;
+    readonly scope: ArtifactDefinition<"scope">;
     readonly coverage_matrix: ArtifactDefinition<"coverage_matrix">;
     readonly runtime_validation_tasks: ArtifactDefinition<"runtime_validation_tasks">;
     readonly runtime_validation_report: ArtifactDefinition<"runtime_validation_report">;
@@ -74,6 +79,8 @@ export declare const ARTIFACT_DEFINITIONS: {
     readonly review_packets: ArtifactDefinition<"review_packets">;
     readonly requeue_tasks: ArtifactDefinition<"requeue_tasks">;
     readonly audit_report: ArtifactDefinition<"audit_report">;
+    readonly audit_findings: ArtifactDefinition<"audit_findings">;
+    readonly synthesis_narrative: ArtifactDefinition<"synthesis_narrative">;
     readonly audit_state: ArtifactDefinition<"audit_state">;
     readonly artifact_metadata: ArtifactDefinition<"artifact_metadata">;
     readonly tooling_manifest: ArtifactDefinition<"tooling_manifest">;

package/dist/io/artifacts.js

@@ -1,6 +1,6 @@
 import { cp, rm, unlink } from "node:fs/promises";
 import { join } from "node:path";
-import { isFileMissingError, readOptionalJsonFile, readOptionalNdjsonFile, readOptionalTextFile, writeJsonFile, writeNdjsonFile, writeTextFile, } from "./json.js";
+import { isFileMissingError, readOptionalJsonFile, readOptionalNdjsonFile, readOptionalTextFile, writeJsonFile, writeNdjsonFile, writeTextFile, } from "@audit-tools/shared";
 import { buildToolingManifest } from "./toolingManifest.js";
 function jsonArtifact(fileName, phase) {
     return {
@@ -37,6 +37,8 @@ export const ARTIFACT_DEFINITIONS = {
     flow_coverage: jsonArtifact("flow_coverage.json", "analysis"),
     risk_register: jsonArtifact("risk_register.json", "analysis"),
     design_assessment: jsonArtifact("design_assessment.json", "analysis"),
+    analyzer_capability: jsonArtifact("analyzer_capability.json", "analysis"),
+    scope: jsonArtifact("scope.json", "execution"),
     coverage_matrix: jsonArtifact("coverage_matrix.json", "execution"),
     runtime_validation_tasks: jsonArtifact("runtime_validation_tasks.json", "execution"),
     runtime_validation_report: jsonArtifact("runtime_validation_report.json", "execution"),
@@ -48,6 +50,8 @@ export const ARTIFACT_DEFINITIONS = {
     review_packets: jsonArtifact("review_packets.json", "execution"),
     requeue_tasks: jsonArtifact("requeue_tasks.json", "execution"),
     audit_report: textArtifact("audit-report.md", "reporting"),
+    audit_findings: jsonArtifact("audit-findings.json", "reporting"),
+    synthesis_narrative: jsonArtifact("synthesis-narrative.json", "reporting"),
     audit_state: jsonArtifact("audit_state.json", "supervisor"),
     artifact_metadata: jsonArtifact("artifact_metadata.json", "supervisor"),
     tooling_manifest: jsonArtifact("tooling_manifest.json", "supervisor"),
@@ -113,6 +117,14 @@ export async function promoteFinalAuditReport(params, options = {}) {
         warn(warning);
         return { promoted: false, cleaned: false, warning };
     }
+    // Promote the canonical machine contract alongside the human report. Missing
+    // (e.g. legacy bundle) or unreadable: best-effort, never blocks completion.
+    try {
+        await copy(join(params.artifactsDir, "audit-findings.json"), join(params.repoRoot, "audit-findings.json"), { force: true });
+    }
+    catch {
+        // audit-findings.json is optional output; absence must not fail promotion.
+    }
     try {
         await remove(params.artifactsDir, { recursive: true, force: true });
         return { promoted: true, cleaned: true };

package/dist/io/runArtifacts.js

@@ -1,7 +1,7 @@
 import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import { dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
-import { writeJsonFile } from "./json.js";
+import { writeJsonFile } from "@audit-tools/shared";
 const moduleDir = dirname(fileURLToPath(import.meta.url));
 const packageRoot = resolve(moduleDir, "..", "..");
 const auditResultSchemaPath = join(packageRoot, "schemas", "audit_result.schema.json");

package/dist/mcp/server.js

@@ -3,7 +3,7 @@ import { spawn } from "node:child_process";
 import { dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { loadArtifactBundle } from "../io/artifacts.js";
-import { readOptionalTextFile } from "../io/json.js";
+import { readOptionalTextFile } from "@audit-tools/shared";
 import { deriveAuditState } from "../orchestrator/state.js";
 import { decideNextStep } from "../orchestrator/nextStep.js";
 import { buildAuditCodeHandoff, } from "../supervisor/operatorHandoff.js";

package/dist/orchestrator/advance.d.ts

@@ -3,13 +3,34 @@ import type { AuditState } from "../types/auditState.js";
 import type { AuditResult } from "../types.js";
 import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
 import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import { RunLogger } from "@audit-tools/shared";
+import type { AnalyzerSetting, SynthesisNarrative } from "@audit-tools/shared";
+import type { EdgeReasoningResults } from "./edgeReasoning.js";
 export interface AdvanceAuditOptions {
     root?: string;
     lineIndex?: Record<string, number>;
+    /** Path → size_bytes (from the repo manifest); drives byte-based packet token sizing. */
+    sizeIndex?: Record<string, number>;
     auditResults?: AuditResult[];
     runtimeValidationUpdates?: RuntimeValidationReport;
     externalAnalyzerResults?: ExternalAnalyzerResults;
+    /** Host/provider-supplied synthesis narrative; merged by synthesis_narrative_executor. */
+    narrativeResults?: SynthesisNarrative;
+    /** Per-analyzer resolution policy for the optional graph-enrichment pass. */
+    analyzers?: Record<string, AnalyzerSetting>;
+    /** Phase 4B gate (session-config `graph.llm_edge_reasoning`); default off. */
+    graphLlmEdgeReasoning?: boolean;
+    /** Phase 4B host-supplied reason rewrites for low-confidence graph edges. */
+    edgeReasoningResults?: EdgeReasoningResults;
+    /**
+     * Git ref for Phase 3 delta mode (the `--since` flag). When set and resolvable
+     * against a git repo, planning scopes coverage to the changed files and their
+     * graph neighbours; otherwise the run is a full audit.
+     */
+    since?: string;
     preferredExecutor?: string;
+    opentoken?: boolean;
+    runLogger?: RunLogger;
 }
 export interface AdvanceAuditResult {
     audit_state: AuditState;