auditor-lambda 0.3.41 → 0.5.0

package/schemas/audit_findings.schema.json

@@ -0,0 +1,141 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "audit_findings.schema.json",
+  "title": "Audit Findings Report",
+  "description": "The canonical machine contract emitted as audit-findings.json and consumed by the remediator. Deterministic fields are always present; themes/executive_summary/top_risks are added by the optional synthesis-narrative pass.",
+  "type": "object",
+  "required": ["contract_version", "summary", "findings", "work_blocks"],
+  "properties": {
+    "contract_version": { "type": "string", "minLength": 1 },
+    "summary": {
+      "type": "object",
+      "required": [
+        "finding_count",
+        "work_block_count",
+        "severity_breakdown",
+        "audited_file_count",
+        "excluded_file_count",
+        "runtime_validation_status_breakdown"
+      ],
+      "properties": {
+        "finding_count": { "type": "integer", "minimum": 0 },
+        "work_block_count": { "type": "integer", "minimum": 0 },
+        "severity_breakdown": {
+          "type": "object",
+          "additionalProperties": { "type": "integer", "minimum": 0 }
+        },
+        "audited_file_count": { "type": "integer", "minimum": 0 },
+        "excluded_file_count": { "type": "integer", "minimum": 0 },
+        "runtime_validation_status_breakdown": {
+          "type": "object",
+          "additionalProperties": { "type": "integer", "minimum": 0 }
+        }
+      },
+      "additionalProperties": false
+    },
+    "findings": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "id",
+          "title",
+          "category",
+          "severity",
+          "confidence",
+          "lens",
+          "summary",
+          "affected_files"
+        ],
+        "properties": {
+          "id": { "type": "string" },
+          "title": { "type": "string" },
+          "category": { "type": "string", "minLength": 1 },
+          "severity": {
+            "type": "string",
+            "enum": ["critical", "high", "medium", "low", "info"]
+          },
+          "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
+          "lens": { "type": "string", "minLength": 1 },
+          "summary": { "type": "string" },
+          "affected_files": {
+            "type": "array",
+            "minItems": 1,
+            "items": {
+              "type": "object",
+              "required": ["path"],
+              "properties": {
+                "path": { "type": "string" },
+                "line_start": { "type": "integer", "minimum": 1 },
+                "line_end": { "type": "integer", "minimum": 1 },
+                "symbol": { "type": "string" },
+                "hash_at_plan_time": { "type": "string" }
+              },
+              "additionalProperties": false
+            }
+          },
+          "impact": { "type": "string" },
+          "likelihood": { "type": "string" },
+          "evidence": { "type": "array", "items": { "type": "string" } },
+          "reproduction": { "type": "array", "items": { "type": "string" } },
+          "systemic": { "type": "boolean" },
+          "related_findings": { "type": "array", "items": { "type": "string" } },
+          "theme_id": { "type": "string" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "work_blocks": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "id",
+          "finding_ids",
+          "unit_ids",
+          "owned_files",
+          "max_severity",
+          "rationale",
+          "depends_on"
+        ],
+        "properties": {
+          "id": { "type": "string" },
+          "finding_ids": { "type": "array", "items": { "type": "string" } },
+          "unit_ids": { "type": "array", "items": { "type": "string" } },
+          "owned_files": { "type": "array", "items": { "type": "string" } },
+          "max_severity": {
+            "type": "string",
+            "enum": ["critical", "high", "medium", "low", "info"]
+          },
+          "rationale": { "type": "string" },
+          "depends_on": { "type": "array", "items": { "type": "string" } }
+        },
+        "additionalProperties": false
+      }
+    },
+    "themes": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "required": [
+          "theme_id",
+          "title",
+          "root_cause",
+          "finding_ids",
+          "suggested_fix_pattern"
+        ],
+        "properties": {
+          "theme_id": { "type": "string" },
+          "title": { "type": "string" },
+          "root_cause": { "type": "string" },
+          "finding_ids": { "type": "array", "items": { "type": "string" } },
+          "suggested_fix_pattern": { "type": "string" }
+        },
+        "additionalProperties": false
+      }
+    },
+    "executive_summary": { "type": "string" },
+    "top_risks": { "type": "array", "items": { "type": "string" } }
+  },
+  "additionalProperties": false
+}

package/schemas/finding.schema.json

@@ -72,7 +72,8 @@
       "type": "array",
       "minItems": 1,
       "items": { "type": "string" }
-    }
+    },
+    "theme_id": { "type": "string" }
   },
   "additionalProperties": false
 }

package/schemas/graph_bundle.schema.json

@@ -116,6 +116,11 @@
         }
       },
       "additionalProperties": true
+    },
+    "analyzers_used": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Ids of the language analyzers whose edges were merged into this bundle by the optional graph-enrichment pass. Absent/empty when only the regex floor was used."
     }
   },
   "additionalProperties": false

package/schemas/scope.schema.json

@@ -0,0 +1,46 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "scope.schema.json",
+  "title": "Audit Scope Manifest",
+  "description": "scope.json — records how a run was scoped (Phase 3 `--since` delta mode). A deterministic function of the git ref, the changed files, and the dependency graph. Sits upstream of coverage_matrix.json in the staleness DAG: in delta mode only seed + expanded files are (re)queued for audit; every other auditable file inherits its prior completion or is excluded from this run.",
+  "type": "object",
+  "required": ["mode", "since", "seed_files", "expanded_files", "budget"],
+  "properties": {
+    "mode": {
+      "type": "string",
+      "enum": ["full", "delta"],
+      "description": "'full' audits every auditable file; 'delta' scopes to a changed neighbourhood."
+    },
+    "since": {
+      "type": ["string", "null"],
+      "description": "Git ref/SHA the delta was measured against; null in full mode."
+    },
+    "seed_files": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Changed auditable files (relative to `since`) present in the repo manifest. Sorted."
+    },
+    "expanded_files": {
+      "type": "array",
+      "items": { "type": "string" },
+      "description": "Auditable graph neighbours pulled in by priority-frontier expansion. Sorted."
+    },
+    "budget": {
+      "type": "object",
+      "required": ["max_files"],
+      "properties": {
+        "max_files": {
+          "type": "integer",
+          "minimum": 1,
+          "description": "Upper bound on in-scope files (seeds + expanded); expansion stops once reached."
+        }
+      },
+      "additionalProperties": false
+    },
+    "dropped_note": {
+      "type": "string",
+      "description": "Set when scope was truncated by the budget, or when `--since` could not be honoured and the run fell back to full."
+    }
+  },
+  "additionalProperties": false
+}