auditor-lambda 0.3.41 → 0.5.0

package/dist/cli/dispatch.js

@@ -3,7 +3,7 @@ import { existsSync } from "node:fs";
 import { isAbsolute, join, relative, resolve } from "node:path";
 import { isFileMissingError, readJsonFile, writeJsonFile } from "@audit-tools/shared";
 import { loadArtifactBundle } from "../io/artifacts.js";
-import { orderTasksForPacketReview, buildReviewPackets } from "../orchestrator/reviewPackets.js";
+import { orderTasksForPacketReview, buildReviewPackets, sizeIndexFromManifest, } from "../orchestrator/reviewPackets.js";
 import { buildFileAnchorSummary } from "../orchestrator/fileAnchors.js";
 import { resolveFreshSessionProviderName } from "../providers/index.js";
 import { loadSessionConfig } from "../supervisor/sessionConfig.js";
@@ -166,6 +166,7 @@ export function buildPendingAuditTasks(bundle) {
     return orderTasksForPacketReview(pendingTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
+        sizeIndex: sizeIndexFromManifest(bundle.repo_manifest),
     });
 }
 export async function prepareDispatchArtifacts(params) {
@@ -205,13 +206,16 @@ export async function prepareDispatchArtifacts(params) {
         ? tasks.filter((task) => !priorResultTaskIds.has(task.task_id))
         : tasks;
     const lineIndex = Object.fromEntries(dispatchTasks.flatMap((task) => Object.entries(task.file_line_counts ?? {})));
+    const sizeIndex = sizeIndexFromManifest(bundle.repo_manifest);
     const orderedTasks = orderTasksForPacketReview(dispatchTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
+        sizeIndex,
     });
     const packets = buildReviewPackets(orderedTasks, {
         graphBundle: bundle.graph_bundle,
         lineIndex,
+        sizeIndex,
     });
     const tasksById = new Map(orderedTasks.map((task) => [task.task_id, task]));
     const resultPathByTaskId = new Map(orderedTasks.map((task) => [

package/dist/cli/prompts.d.ts

@@ -1,4 +1,5 @@
 import type { ActiveReviewRun } from "../supervisor/operatorHandoff.js";
+import type { AnalyzerPlanEntry } from "../extractors/analyzers/types.js";
 export declare function nextStepCommand(root: string, artifactsDir: string): string;
 export declare function mergeAndIngestCommand(artifactsDir: string, runId: string): string;
 export declare function renderDispatchReviewPrompt(params: {
@@ -14,5 +15,23 @@ export declare function renderSingleTaskFallbackStepPrompt(params: {
     singleTaskPromptPath: string;
     activeReviewRun: ActiveReviewRun;
 }): string;
+export declare function renderEdgeReasoningStepPrompt(params: {
+    basePrompt: string;
+    resultsPath: string;
+    continueCommand: string;
+    contentHash: string;
+}): string;
+export declare function renderEdgeReasoningDispatchPrompt(params: {
+    promptPath: string;
+    resultsPath: string;
+    continueCommand: string;
+    contentHash: string;
+    candidateCount: number;
+}): string;
 export declare function renderPresentReportPrompt(finalReportPath: string): string;
+export declare function renderAnalyzerInstallPrompt(params: {
+    unresolved: AnalyzerPlanEntry[];
+    decisionsPath: string;
+    continueCommand: string;
+}): string;
 export declare function renderBlockedStepPrompt(reason: string): string;

package/dist/cli/prompts.js

@@ -102,6 +102,62 @@ export function renderSingleTaskFallbackStepPrompt(params) {
         "",
     ].join("\n");
 }
+export function renderEdgeReasoningStepPrompt(params) {
+    return [
+        params.basePrompt,
+        "",
+        "## Results path",
+        "",
+        'Write the JSON object ({"rewrites":[{"from":"...","to":"...","kind":"...","reason":"..."}]}) to:',
+        "",
+        `  ${params.resultsPath}`,
+        "",
+        `Cache key (edge-set content hash): ${params.contentHash}.`,
+        "If you already produced rewrites for this exact key, you may reuse them instead of regenerating.",
+        "",
+        `Then run: ${params.continueCommand}`,
+        "",
+        "Read and follow only the new step prompt returned by that command.",
+        "",
+    ].join("\n");
+}
+export function renderEdgeReasoningDispatchPrompt(params) {
+    return [
+        "# audit-code edge reasoning (subagent dispatch)",
+        "",
+        `The dependency graph has ${params.candidateCount} low-confidence edge(s) whose`,
+        "machine-generated `reason` text can be clarified. This is a single, bounded,",
+        "optional pass: it only rewrites the `reason` string of those edges — it never",
+        "adds, removes, re-targets, or re-weights an edge.",
+        "",
+        "Dispatch exactly ONE subagent (via the `task` tool or equivalent). Hand it this",
+        "prompt file path; do not load the file into this orchestrator context:",
+        "",
+        `  ${params.promptPath}`,
+        "",
+        "Subagent prompt shape:",
+        "",
+        "  Read and follow the edge-reasoning instructions in: <prompt path above>",
+        "",
+        'The subagent must write its JSON result ({"rewrites":[...]}) to:',
+        "",
+        `  ${params.resultsPath}`,
+        "",
+        `Cache key (edge-set content hash): ${params.contentHash}.`,
+        "If you hold a cached result for this exact key from a previous run, you may write",
+        "it to the results path directly instead of dispatching a subagent.",
+        "",
+        "**File access pre-approval:** if your host supports per-subagent file access",
+        `restrictions, allow the subagent to read ${params.promptPath} and write ${params.resultsPath}.`,
+        "",
+        "After the subagent writes the result, run exactly:",
+        "",
+        `  ${params.continueCommand}`,
+        "",
+        "Read and follow only the new step prompt returned by that command.",
+        "",
+    ].join("\n");
+}
 export function renderPresentReportPrompt(finalReportPath) {
     return [
         "# audit-code present report",
@@ -116,6 +172,45 @@ export function renderPresentReportPrompt(finalReportPath) {
         "",
     ].join("\n");
 }
+export function renderAnalyzerInstallPrompt(params) {
+    const analyzerLines = params.unresolved.flatMap((entry) => [
+        `- **${entry.id}** — needs \`${entry.dependency ?? entry.id}\`; ${entry.supportedCount} in-scope file(s) would be analyzed.`,
+    ]);
+    const exampleObject = `{ ${params.unresolved
+        .map((entry) => `"${entry.id}": "ephemeral"`)
+        .join(", ")} }`;
+    return [
+        "# audit-code analyzer install",
+        "",
+        "The deterministic regex graph is built. These optional language analyzers can",
+        "produce a richer graph (real module resolution, inheritance, and a call graph),",
+        "but their compiler dependency is not installed in the audited repo:",
+        "",
+        ...analyzerLines,
+        "",
+        "Choose how to resolve each one and write a JSON object of `{ \"<analyzer-id>\": <setting> }`",
+        "to the decisions path below. Valid settings:",
+        "",
+        "- `ephemeral` — install into a shared, version-keyed cache (never touches this project); compile once, reuse across audits.",
+        "- `permanent` — same as `ephemeral` but a durable opt-in recorded in session config.",
+        "- `skip` — do not run this analyzer; keep the regex floor.",
+        "",
+        "Default if you are unsure or cannot install: choose `skip`. The audit proceeds either way.",
+        "",
+        "## Decisions path",
+        "",
+        "Write your choices to:",
+        "",
+        `  ${params.decisionsPath}`,
+        "",
+        `Example: ${exampleObject}`,
+        "",
+        `Then run: ${params.continueCommand}`,
+        "",
+        "Read and follow only the new step prompt returned by that command.",
+        "",
+    ].join("\n");
+}
 export function renderBlockedStepPrompt(reason) {
     return [
         "# audit-code blocked",

package/dist/cli/steps.d.ts

@@ -1,7 +1,7 @@
 import type { StepStatus } from "@audit-tools/shared";
 import type { AccessDeclaration } from "../types/workerSession.js";
 export declare const STEP_CONTRACT_VERSION = "audit-code-step/v1alpha1";
-export type StepKind = "dispatch_review" | "single_task_fallback" | "design_review" | "present_report" | "blocked";
+export type StepKind = "dispatch_review" | "single_task_fallback" | "design_review" | "analyzer_install" | "edge_reasoning" | "edge_reasoning_dispatch" | "synthesis_narrative" | "present_report" | "blocked";
 export interface StepArtifact {
     contract_version: typeof STEP_CONTRACT_VERSION;
     step_kind: StepKind;

package/dist/cli.js

@@ -1,4 +1,4 @@
-import { mkdir, readFile, readdir, rename, rm, unlink } from "node:fs/promises";
+import { mkdir, readFile, readdir, rename, rm, unlink, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import { basename, dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
@@ -11,7 +11,7 @@ import { buildFlowCoverage } from "./orchestrator/flowCoverage.js";
 import { buildRuntimeValidationTasks, } from "./orchestrator/runtimeValidation.js";
 import { initializeCoverageFromPlan } from "./orchestrator/planning.js";
 import { loadArtifactBundle, writeCoreArtifacts, promoteFinalAuditReport, } from "./io/artifacts.js";
-import { isFileMissingError, readJsonFile, writeJsonFile, prefixValidationIssues } from "@audit-tools/shared";
+import { isFileMissingError, readJsonFile, writeJsonFile, prefixValidationIssues, RunLogger } from "@audit-tools/shared";
 import { validateArtifactBundle } from "./validation/artifacts.js";
 import { validateAuditResults, formatAuditResultIssues, } from "./validation/auditResults.js";
 import { validateConfiguredProviderEnvironment, validateSessionConfig, } from "./validation/sessionConfig.js";
@@ -20,21 +20,26 @@ import { deriveAuditState } from "./orchestrator/state.js";
 import { advanceAudit } from "./orchestrator/advance.js";
 import { checkFileIntegrity } from "./orchestrator/fileIntegrity.js";
 import { decideNextStep } from "./orchestrator/nextStep.js";
+import { collectLowConfidenceEdges, buildEdgeReasoningPrompt, edgeReasoningContentHash, } from "./orchestrator/edgeReasoning.js";
 import { renderDesignReviewPrompt } from "./orchestrator/designReviewPrompt.js";
+import { renderSynthesisNarrativePrompt } from "./reporting/synthesisNarrativePrompt.js";
 import { createFreshSessionProvider, resolveFreshSessionProviderName, } from "./providers/index.js";
 import { appendRunLedgerEntry, loadRunLedger } from "./supervisor/runLedger.js";
 import { buildAuditCodeHandoff, writeAuditCodeHandoffArtifacts, } from "./supervisor/operatorHandoff.js";
-import { getSessionConfigPath, loadSessionConfig, readSessionConfigFile, } from "./supervisor/sessionConfig.js";
+import { getSessionConfigPath, loadSessionConfig, persistAnalyzerSettings, readSessionConfigFile, } from "./supervisor/sessionConfig.js";
+import { resolveAnalyzerPlan, needsInstallDecision, } from "./extractors/analyzers/registry.js";
+import { buildPathLookup } from "./extractors/graph.js";
+import { buildDispositionMap } from "./extractors/disposition.js";
 import { clearDispatchFiles, buildRunId, ensureSupervisorDirs, getRunPaths, writeDispatchBatchFiles, writeWorkerTaskFiles, } from "./io/runArtifacts.js";
 import { renderWorkerPrompt } from "./prompts/renderWorkerPrompt.js";
-import { estimateTaskGroupTokens, } from "./orchestrator/reviewPackets.js";
+import { estimateTaskGroupTokens, sizeIndexFromManifest, } from "./orchestrator/reviewPackets.js";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "./providers/constants.js";
 import { runAuditCodeMcpServer } from "./mcp/server.js";
 import { scheduleWave, buildProviderModelKey, readQuotaState, recordWaveOutcome, resolveLimits, resolveHostActiveSubagentLimit, probeProvider, computeMaxSafeConcurrency, getQuotaStatePath, detectRateLimitError, computeCooldownUntil, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, lookupDiscoveredLimits, updateDiscoveredLimits, mergeDiscoveredLimits, getHeaderExtractorForProvider, setQuotaStateDir, } from "./quota/index.js";
 // Re-exports from extracted modules
 export { resolveHostDispatchCapability, DIRECT_CLI_DEFAULTS, getFlag, hasFlag, getOptionalBooleanFlag, getArtifactsDir, getRootDir, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, chunkArray, getUiMode, looksLikeCliFlag, countLines, warnIfNotGitRepo, } from "./cli/args.js";
 import { DIRECT_CLI_DEFAULTS, getFlag, hasFlag, getOptionalBooleanFlag, fromBase64Url, renderCommand, summarizeLaunchExit, taskResultPath, readStdinText, getArtifactsDir, getRootDir, warnIfNotGitRepo, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, getExplicitProvider, getHostModel, getHostMaxActiveSubagents, getQuotaProbeMode, resolveRunProviderName, chunkArray, getUiMode, looksLikeCliFlag, resolveHostDispatchCapability, countLines, listBatchResultFiles, } from "./cli/args.js";
-import { nextStepCommand, mergeAndIngestCommand, renderDispatchReviewPrompt, renderSingleTaskFallbackStepPrompt, renderPresentReportPrompt, renderBlockedStepPrompt, } from "./cli/prompts.js";
+import { nextStepCommand, mergeAndIngestCommand, renderDispatchReviewPrompt, renderSingleTaskFallbackStepPrompt, renderPresentReportPrompt, renderAnalyzerInstallPrompt, renderEdgeReasoningStepPrompt, renderEdgeReasoningDispatchPrompt, renderBlockedStepPrompt, } from "./cli/prompts.js";
 import { writeCurrentStep, } from "./cli/steps.js";
 import { WORKER_RESULT_CONTRACT_VERSION, buildWorkerResult, persistWorkerRunArtifacts, isWorkerResult, buildWorkerFailureBlocker, formatAuditResultValidationError, } from "./cli/workerResult.js";
 import { DISPATCH_RESULT_MAP_FILENAME, ACTIVE_DISPATCH_FILENAME, resolveRunScopedArg, loadDispatchResultMap, entriesByTaskId, buildPendingAuditTasks, prepareDispatchArtifacts, } from "./cli/dispatch.js";
@@ -313,9 +318,15 @@ async function maybeArchiveLegacyPendingResults(auditResultsPath) {
 }
 async function runAuditStep(options) {
     const bundle = await loadArtifactBundle(options.artifactsDir);
+    const runLogger = new RunLogger(join(options.artifactsDir, "run.log.jsonl"), {
+        enabled: options.runLog ?? true,
+    });
     const lineIndex = bundle.repo_manifest
         ? await buildLineIndex(options.root, bundle.repo_manifest)
         : undefined;
+    const sizeIndex = bundle.repo_manifest
+        ? sizeIndexFromManifest(bundle.repo_manifest)
+        : undefined;
     if (looksLikeCliFlag(options.auditResultsPath)) {
         throw new Error(`Invalid audit results path '${options.auditResultsPath}'. This looks like a CLI flag rather than a file path.`);
     }
@@ -343,14 +354,27 @@ async function runAuditStep(options) {
     const externalAnalyzerResults = options.externalAnalyzerPath
         ? await readJsonFile(options.externalAnalyzerPath)
         : undefined;
+    const narrativeResults = options.narrativeResultsPath
+        ? await readJsonFile(options.narrativeResultsPath)
+        : undefined;
+    const edgeReasoningResults = options.edgeReasoningResultsPath
+        ? await readJsonFile(options.edgeReasoningResultsPath)
+        : undefined;
     const result = await advanceAudit(bundle, {
         root: options.root,
         lineIndex,
+        sizeIndex,
         auditResults: auditResults,
         runtimeValidationUpdates,
         externalAnalyzerResults,
+        narrativeResults,
+        edgeReasoningResults,
+        analyzers: options.analyzers,
+        graphLlmEdgeReasoning: options.graphLlmEdgeReasoning,
+        since: options.since,
         preferredExecutor: options.preferredExecutor,
         opentoken: options.opentoken,
+        runLogger,
     });
     await writeCoreArtifacts(options.artifactsDir, result.updated_bundle);
     const archivedPendingResults = await maybeArchiveLegacyPendingResults(options.auditResultsPath);
@@ -555,7 +579,11 @@ async function cmdAdvanceAudit(argv) {
         auditResultsPath: getFlag(argv, "--results"),
         runtimeUpdatesPath: getFlag(argv, "--updates"),
         externalAnalyzerPath,
+        analyzers: sessionConfig.analyzers,
+        graphLlmEdgeReasoning: sessionConfig.graph?.llm_edge_reasoning,
+        since: getFlag(argv, "--since"),
         opentoken: sessionConfig.opentoken?.enabled,
+        runLog: sessionConfig.observability?.run_log,
     });
     if (result.selected_executor !== "agent") {
         await clearDispatchFiles(artifactsDir);
@@ -579,6 +607,7 @@ async function cmdAdvanceAudit(argv) {
 }
 async function runDeterministicForNextStep(params) {
     let lastSummary = "";
+    let analyzers = params.analyzers;
     for (let index = 0; index < params.maxRuns; index++) {
         const bundle = await loadArtifactBundle(params.artifactsDir);
         const decision = decideNextStep(bundle);
@@ -621,6 +650,89 @@ async function runDeterministicForNextStep(params) {
                 }
             }
         }
+        if (decision.selected_executor === "graph_enrichment_executor") {
+            const includedFiles = bundle.repo_manifest
+                ? [
+                    ...new Set(buildPathLookup(bundle.repo_manifest, buildDispositionMap(bundle.file_disposition)).values()),
+                ]
+                : [];
+            const plan = resolveAnalyzerPlan(params.root, analyzers, includedFiles);
+            const unresolved = plan.filter(needsInstallDecision);
+            if (unresolved.length > 0) {
+                const decisionsPath = join(params.artifactsDir, "incoming", "analyzer-decisions.json");
+                let decisions;
+                try {
+                    decisions = await readJsonFile(decisionsPath);
+                }
+                catch (error) {
+                    if (!isFileMissingError(error))
+                        throw error;
+                }
+                if (decisions && typeof decisions === "object") {
+                    const settings = {};
+                    for (const [id, value] of Object.entries(decisions)) {
+                        if (value === "ephemeral" ||
+                            value === "permanent" ||
+                            value === "skip" ||
+                            value === "repo" ||
+                            value === "auto") {
+                            settings[id] = value;
+                        }
+                    }
+                    if (Object.keys(settings).length > 0) {
+                        const merged = await persistAnalyzerSettings(params.artifactsDir, settings);
+                        analyzers = merged.analyzers;
+                    }
+                    await unlink(decisionsPath).catch(() => { });
+                    continue;
+                }
+                return {
+                    kind: "analyzer_install",
+                    state,
+                    bundle,
+                    unresolved,
+                };
+            }
+            // Phase 4B — optional edge-reasoning producing turn. Once analyzer installs
+            // are resolved, if the flag is on and the floor carries low-confidence
+            // (< 0.65) edges, emit one bounded host turn (subagent dispatch or a single
+            // host step) to produce reason rewrites, then re-run. The enrichment
+            // executor applies the host-supplied rewrites in the SAME advanceAudit call
+            // that merges analyzer edges and writes analyzer_capability, so graph_bundle
+            // and its marker stay revision-consistent (no staleness loop). Flag off or
+            // no candidates → fall through and run the executor with no rewrites.
+            if (params.graphLlmEdgeReasoning === true && bundle.graph_bundle) {
+                const candidates = collectLowConfidenceEdges(bundle.graph_bundle);
+                if (candidates.length > 0) {
+                    const edgeReasoningResultsPath = join(params.artifactsDir, "incoming", "edge-reasoning.json");
+                    let edgeReasoningResults;
+                    try {
+                        edgeReasoningResults = await readJsonFile(edgeReasoningResultsPath);
+                    }
+                    catch (error) {
+                        if (!isFileMissingError(error))
+                            throw error;
+                    }
+                    if (edgeReasoningResults) {
+                        await runAuditStep({
+                            root: params.root,
+                            artifactsDir: params.artifactsDir,
+                            analyzers,
+                            graphLlmEdgeReasoning: true,
+                            edgeReasoningResultsPath,
+                            since: params.since,
+                            opentoken: params.opentoken,
+                        });
+                        await unlink(edgeReasoningResultsPath).catch(() => { });
+                        continue;
+                    }
+                    return { kind: "edge_reasoning", state, bundle, candidates };
+                }
+            }
+            // No undecided installs (and no pending edge reasoning): fall through to run
+            // the executor below (it installs for ephemeral/permanent, uses repo/cache,
+            // skips the rest).
+        }
         if (decision.selected_executor === "design_review") {
             const findingsPath = join(params.artifactsDir, "incoming", "design-review-findings.json");
             let reviewFindings;
@@ -647,6 +759,36 @@ async function runDeterministicForNextStep(params) {
                 bundle,
             };
         }
+        if (decision.selected_executor === "synthesis_narrative_executor") {
+            const narrativePath = join(params.artifactsDir, "incoming", "synthesis-narrative.json");
+            let narrativeResults;
+            try {
+                narrativeResults = await readJsonFile(narrativePath);
+            }
+            catch (error) {
+                if (!isFileMissingError(error))
+                    throw error;
+            }
+            if (narrativeResults) {
+                await runAuditStep({
+                    root: params.root,
+                    artifactsDir: params.artifactsDir,
+                    preferredExecutor: "synthesis_narrative_executor",
+                    narrativeResultsPath: narrativePath,
+                    opentoken: params.opentoken,
+                });
+                await unlink(narrativePath).catch(() => { });
+                continue;
+            }
+            if (params.narrativeEnabled) {
+                return {
+                    kind: "synthesis_narrative",
+                    state,
+                    bundle,
+                };
+            }
+            // Narrative disabled: fall through so the deterministic omit runs below.
+        }
         if (decision.selected_executor === "agent") {
             return {
                 kind: "semantic_review",
@@ -682,6 +824,9 @@ async function runDeterministicForNextStep(params) {
             result = await runAuditStep({
                 root: params.root,
                 artifactsDir: params.artifactsDir,
+                analyzers,
+                graphLlmEdgeReasoning: params.graphLlmEdgeReasoning,
+                since: params.since,
                 opentoken: params.opentoken,
             });
         }
@@ -783,6 +928,10 @@ async function cmdNextStep(argv) {
         timeoutMs: getTimeoutMs(argv, sessionConfig),
         maxRuns: getMaxRuns(argv),
         opentoken: sessionConfig.opentoken?.enabled,
+        narrativeEnabled: sessionConfig.synthesis?.narrative !== false,
+        analyzers: sessionConfig.analyzers,
+        graphLlmEdgeReasoning: sessionConfig.graph?.llm_edge_reasoning,
+        since: getFlag(argv, "--since"),
     });
     if (result.kind === "complete") {
         const step = await writeCurrentStep({
@@ -850,6 +999,130 @@ async function cmdNextStep(argv) {
         console.log(JSON.stringify(step, null, 2));
         return;
     }
+    if (result.kind === "analyzer_install") {
+        const decisionsPath = join(artifactsDir, "incoming", "analyzer-decisions.json");
+        await mkdir(join(artifactsDir, "incoming"), { recursive: true });
+        const continueCommand = nextStepCommand(root, artifactsDir);
+        const step = await writeCurrentStep({
+            artifactsDir,
+            stepKind: "analyzer_install",
+            status: "ready",
+            runId: null,
+            allowedCommands: [continueCommand],
+            stopCondition: "Write analyzer install decisions to the results path, then run next-step.",
+            repoRoot: root,
+            artifactPaths: {
+                analyzer_decisions: decisionsPath,
+            },
+            prompt: renderAnalyzerInstallPrompt({
+                unresolved: result.unresolved,
+                decisionsPath,
+                continueCommand,
+            }),
+        });
+        console.log(JSON.stringify(step, null, 2));
+        return;
+    }
+    if (result.kind === "edge_reasoning") {
+        await mkdir(join(artifactsDir, "incoming"), { recursive: true });
+        const edgeReasoningResultsPath = join(artifactsDir, "incoming", "edge-reasoning.json");
+        const continueCommand = nextStepCommand(root, artifactsDir);
+        const basePrompt = buildEdgeReasoningPrompt(result.candidates);
+        const contentHash = edgeReasoningContentHash(result.candidates);
+        if (hostCanDispatch) {
+            // Dispatch path: isolate the (potentially large) edge-list prompt in a file
+            // and have the host fan it out to one subagent, mirroring the packet review
+            // dispatch contract. The subagent writes the rewrites file; next-step applies.
+            const edgeReasoningPromptPath = join(artifactsDir, "incoming", "edge-reasoning-prompt.md");
+            await writeFile(edgeReasoningPromptPath, basePrompt, "utf8");
+            const step = await writeCurrentStep({
+                artifactsDir,
+                stepKind: "edge_reasoning_dispatch",
+                status: "ready",
+                runId: null,
+                allowedCommands: [continueCommand],
+                stopCondition: "Dispatch one subagent to write the edge-reasoning rewrites, then run next-step.",
+                repoRoot: root,
+                artifactPaths: {
+                    edge_reasoning_prompt: edgeReasoningPromptPath,
+                    edge_reasoning_results: edgeReasoningResultsPath,
+                },
+                prompt: renderEdgeReasoningDispatchPrompt({
+                    promptPath: edgeReasoningPromptPath,
+                    resultsPath: edgeReasoningResultsPath,
+                    continueCommand,
+                    contentHash,
+                    candidateCount: result.candidates.length,
+                }),
+                access: {
+                    read_paths: [edgeReasoningPromptPath],
+                    write_paths: [edgeReasoningResultsPath],
+                },
+            });
+            console.log(JSON.stringify(step, null, 2));
+            return;
+        }
+        // One-step fallback (no callable subagent facility): the host produces the
+        // rewrites itself in a single bounded turn, mirroring the narrative step.
+        const step = await writeCurrentStep({
+            artifactsDir,
+            stepKind: "edge_reasoning",
+            status: "ready",
+            runId: null,
+            allowedCommands: [continueCommand],
+            stopCondition: "Write the edge-reasoning rewrites to the results path, then run next-step.",
+            repoRoot: root,
+            artifactPaths: {
+                edge_reasoning_results: edgeReasoningResultsPath,
+            },
+            prompt: renderEdgeReasoningStepPrompt({
+                basePrompt,
+                resultsPath: edgeReasoningResultsPath,
+                continueCommand,
+                contentHash,
+            }),
+            access: {
+                read_paths: [],
+                write_paths: [edgeReasoningResultsPath],
+            },
+        });
+        console.log(JSON.stringify(step, null, 2));
+        return;
+    }
+    if (result.kind === "synthesis_narrative") {
+        const narrativeResultsPath = join(artifactsDir, "incoming", "synthesis-narrative.json");
+        await mkdir(join(artifactsDir, "incoming"), { recursive: true });
+        const continueCommand = nextStepCommand(root, artifactsDir);
+        const basePrompt = result.bundle.audit_findings
+            ? renderSynthesisNarrativePrompt(result.bundle.audit_findings)
+            : "# Synthesis narrative\n\nNo findings report is available; write an empty themes array.";
+        const fullPrompt = [
+            basePrompt,
+            "## Results path",
+            "",
+            "Write the SynthesisNarrative JSON object to:",
+            "",
+            `  ${narrativeResultsPath}`,
+            "",
+            `Then run: ${continueCommand}`,
+            "",
+        ].join("\n");
+        const step = await writeCurrentStep({
+            artifactsDir,
+            stepKind: "synthesis_narrative",
+            status: "ready",
+            runId: null,
+            allowedCommands: [continueCommand],
+            stopCondition: "Write the synthesis narrative to the results path, then run next-step.",
+            repoRoot: root,
+            artifactPaths: {
+                synthesis_narrative_results: narrativeResultsPath,
+            },
+            prompt: fullPrompt,
+        });
+        console.log(JSON.stringify(step, null, 2));
+        return;
+    }
     if (!hostCanDispatch) {
         const singleTaskPromptPath = join(artifactsDir, "dispatch", "current-single-task-prompt.md");
         const workerCommand = renderCommand(result.activeReviewRun.worker_command);
@@ -1151,7 +1424,8 @@ async function cmdRunToCompletion(argv) {
             const quotaStateEntry = quotaState.entries[providerModelKey] ?? null;
             const allCandidateTasks = buildPendingAuditTasks(bundle);
             const candidateGroups = chunkArray(allCandidateTasks.slice(0, parallelWorkers * agentBatchSize), agentBatchSize);
-            const slotTokenEstimates = candidateGroups.map((g) => estimateTaskGroupTokens(g));
+            const candidateSizeIndex = sizeIndexFromManifest(bundle.repo_manifest);
+            const slotTokenEstimates = candidateGroups.map((g) => estimateTaskGroupTokens(g, candidateSizeIndex));
             const providerLimits = await provider.queryLimits?.(hostModel)
                 .then((r) => r ? { ...r, source: "provider_query" } : null)
                 .catch(() => null)
@@ -1457,6 +1731,8 @@ async function cmdRunToCompletion(argv) {
                     auditResultsPath,
                     runtimeUpdatesPath,
                     externalAnalyzerPath,
+                    analyzers: sessionConfig.analyzers,
+                    since: getFlag(argv, "--since"),
                 });
                 workerResult = {
                     contract_version: WORKER_RESULT_CONTRACT_VERSION,
@@ -2290,7 +2566,11 @@ async function cmdIntake(argv) {
 }
 async function cmdPlan(argv) {
     const artifactsDir = getArtifactsDir(argv);
-    const result = await runAuditStep({ root: getRootDir(argv), artifactsDir });
+    const result = await runAuditStep({
+        root: getRootDir(argv),
+        artifactsDir,
+        since: getFlag(argv, "--since"),
+    });
     console.log(JSON.stringify({
         artifacts_dir: artifactsDir,
         selected_executor: result.selected_executor,

package/dist/extractors/analyzers/css.d.ts

@@ -0,0 +1,2 @@
+import type { LanguageAnalyzer } from "./types.js";
+export declare const cssAnalyzer: LanguageAnalyzer;