auditor-lambda 0.3.41 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/dispatch.js +5 -1
- package/dist/cli/prompts.d.ts +19 -0
- package/dist/cli/prompts.js +95 -0
- package/dist/cli/steps.d.ts +1 -1
- package/dist/cli.js +398 -78
- package/dist/extractors/analyzers/css.d.ts +2 -0
- package/dist/extractors/analyzers/css.js +101 -0
- package/dist/extractors/analyzers/html.d.ts +2 -0
- package/dist/extractors/analyzers/html.js +92 -0
- package/dist/extractors/analyzers/merge.d.ts +14 -0
- package/dist/extractors/analyzers/merge.js +85 -0
- package/dist/extractors/analyzers/python.d.ts +2 -0
- package/dist/extractors/analyzers/python.js +104 -0
- package/dist/extractors/analyzers/registry.d.ts +33 -0
- package/dist/extractors/analyzers/registry.js +100 -0
- package/dist/extractors/analyzers/resourceUrl.d.ts +7 -0
- package/dist/extractors/analyzers/resourceUrl.js +25 -0
- package/dist/extractors/analyzers/sql.d.ts +2 -0
- package/dist/extractors/analyzers/sql.js +19 -0
- package/dist/extractors/analyzers/treeSitter.d.ts +34 -0
- package/dist/extractors/analyzers/treeSitter.js +111 -0
- package/dist/extractors/analyzers/types.d.ts +53 -0
- package/dist/extractors/analyzers/types.js +1 -0
- package/dist/extractors/analyzers/typescript.d.ts +2 -0
- package/dist/extractors/analyzers/typescript.js +257 -0
- package/dist/extractors/disposition.js +8 -1
- package/dist/extractors/graph.d.ts +1 -0
- package/dist/extractors/graph.js +167 -1
- package/dist/extractors/graphPythonImports.d.ts +15 -0
- package/dist/extractors/graphPythonImports.js +36 -0
- package/dist/extractors/pathPatterns.d.ts +6 -0
- package/dist/extractors/pathPatterns.js +8 -0
- package/dist/io/artifacts.d.ts +13 -1
- package/dist/io/artifacts.js +19 -3
- package/dist/mcp/server.js +3 -3
- package/dist/orchestrator/advance.d.ts +20 -0
- package/dist/orchestrator/advance.js +61 -2
- package/dist/orchestrator/dependencyMap.js +27 -0
- package/dist/orchestrator/edgeReasoning.d.ts +39 -0
- package/dist/orchestrator/edgeReasoning.js +125 -0
- package/dist/orchestrator/executors.js +11 -1
- package/dist/orchestrator/graphEnrichmentExecutor.d.ts +29 -0
- package/dist/orchestrator/graphEnrichmentExecutor.js +196 -0
- package/dist/orchestrator/internalExecutors.d.ts +10 -1
- package/dist/orchestrator/internalExecutors.js +89 -11
- package/dist/orchestrator/localCommands.js +6 -25
- package/dist/orchestrator/nextStep.js +2 -0
- package/dist/orchestrator/reviewPackets.d.ts +37 -4
- package/dist/orchestrator/reviewPackets.js +93 -46
- package/dist/orchestrator/runtimeValidation.js +4 -31
- package/dist/orchestrator/scope.d.ts +62 -0
- package/dist/orchestrator/scope.js +227 -0
- package/dist/orchestrator/state.js +2 -0
- package/dist/reporting/synthesis.d.ts +37 -2
- package/dist/reporting/synthesis.js +95 -16
- package/dist/reporting/synthesisNarrativePrompt.d.ts +7 -0
- package/dist/reporting/synthesisNarrativePrompt.js +60 -0
- package/dist/reporting/workBlocks.d.ts +2 -10
- package/dist/supervisor/operatorHandoff.d.ts +1 -1
- package/dist/supervisor/operatorHandoff.js +26 -16
- package/dist/supervisor/sessionConfig.d.ts +8 -1
- package/dist/supervisor/sessionConfig.js +22 -1
- package/dist/types/analyzerCapability.d.ts +16 -0
- package/dist/types/analyzerCapability.js +1 -0
- package/dist/types/auditScope.d.ts +43 -0
- package/dist/types/auditScope.js +14 -0
- package/dist/types/synthesisNarrative.d.ts +7 -0
- package/dist/types/synthesisNarrative.js +5 -0
- package/dist/types.d.ts +2 -19
- package/dist/validation/artifacts.js +9 -0
- package/dist/validation/sessionConfig.js +24 -1
- package/docs/contracts.md +10 -3
- package/package.json +4 -2
- package/schemas/analyzer_capability.schema.json +47 -0
- package/schemas/audit_findings.schema.json +141 -0
- package/schemas/finding.schema.json +2 -1
- package/schemas/graph_bundle.schema.json +5 -0
- package/schemas/scope.schema.json +46 -0
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "analyzer_capability.schema.json",
|
|
4
|
+
"title": "Analyzer Capability Record",
|
|
5
|
+
"description": "Marker artifact (analyzer_capability.json) recording the outcome of the optional Phase 5 graph-enrichment pass. Its presence and freshness against graph_bundle.json satisfy the graph_enrichment_current obligation. The merged edges live in graph_bundle.json.",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"required": ["status", "analyzers"],
|
|
8
|
+
"properties": {
|
|
9
|
+
"status": {
|
|
10
|
+
"type": "string",
|
|
11
|
+
"enum": ["applied", "omitted"],
|
|
12
|
+
"description": "'applied' when at least one analyzer contributed edges/routes; 'omitted' otherwise (regex floor unchanged)."
|
|
13
|
+
},
|
|
14
|
+
"analyzers": {
|
|
15
|
+
"type": "array",
|
|
16
|
+
"items": {
|
|
17
|
+
"type": "object",
|
|
18
|
+
"required": ["id", "resolution", "setting", "edges_added", "routes_added"],
|
|
19
|
+
"properties": {
|
|
20
|
+
"id": { "type": "string", "minLength": 1 },
|
|
21
|
+
"resolution": {
|
|
22
|
+
"type": "string",
|
|
23
|
+
"enum": [
|
|
24
|
+
"repo",
|
|
25
|
+
"cache",
|
|
26
|
+
"installed",
|
|
27
|
+
"absent",
|
|
28
|
+
"skip",
|
|
29
|
+
"not_applicable"
|
|
30
|
+
],
|
|
31
|
+
"description": "How the analyzer's dependency resolved, or why it did not run."
|
|
32
|
+
},
|
|
33
|
+
"setting": {
|
|
34
|
+
"type": "string",
|
|
35
|
+
"enum": ["repo", "ephemeral", "permanent", "skip", "auto"],
|
|
36
|
+
"description": "Resolved analyzers.<id> session-config setting."
|
|
37
|
+
},
|
|
38
|
+
"edges_added": { "type": "integer", "minimum": 0 },
|
|
39
|
+
"routes_added": { "type": "integer", "minimum": 0 },
|
|
40
|
+
"note": { "type": "string" }
|
|
41
|
+
},
|
|
42
|
+
"additionalProperties": false
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
},
|
|
46
|
+
"additionalProperties": false
|
|
47
|
+
}
|
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "audit_findings.schema.json",
|
|
4
|
+
"title": "Audit Findings Report",
|
|
5
|
+
"description": "The canonical machine contract emitted as audit-findings.json and consumed by the remediator. Deterministic fields are always present; themes/executive_summary/top_risks are added by the optional synthesis-narrative pass.",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"required": ["contract_version", "summary", "findings", "work_blocks"],
|
|
8
|
+
"properties": {
|
|
9
|
+
"contract_version": { "type": "string", "minLength": 1 },
|
|
10
|
+
"summary": {
|
|
11
|
+
"type": "object",
|
|
12
|
+
"required": [
|
|
13
|
+
"finding_count",
|
|
14
|
+
"work_block_count",
|
|
15
|
+
"severity_breakdown",
|
|
16
|
+
"audited_file_count",
|
|
17
|
+
"excluded_file_count",
|
|
18
|
+
"runtime_validation_status_breakdown"
|
|
19
|
+
],
|
|
20
|
+
"properties": {
|
|
21
|
+
"finding_count": { "type": "integer", "minimum": 0 },
|
|
22
|
+
"work_block_count": { "type": "integer", "minimum": 0 },
|
|
23
|
+
"severity_breakdown": {
|
|
24
|
+
"type": "object",
|
|
25
|
+
"additionalProperties": { "type": "integer", "minimum": 0 }
|
|
26
|
+
},
|
|
27
|
+
"audited_file_count": { "type": "integer", "minimum": 0 },
|
|
28
|
+
"excluded_file_count": { "type": "integer", "minimum": 0 },
|
|
29
|
+
"runtime_validation_status_breakdown": {
|
|
30
|
+
"type": "object",
|
|
31
|
+
"additionalProperties": { "type": "integer", "minimum": 0 }
|
|
32
|
+
}
|
|
33
|
+
},
|
|
34
|
+
"additionalProperties": false
|
|
35
|
+
},
|
|
36
|
+
"findings": {
|
|
37
|
+
"type": "array",
|
|
38
|
+
"items": {
|
|
39
|
+
"type": "object",
|
|
40
|
+
"required": [
|
|
41
|
+
"id",
|
|
42
|
+
"title",
|
|
43
|
+
"category",
|
|
44
|
+
"severity",
|
|
45
|
+
"confidence",
|
|
46
|
+
"lens",
|
|
47
|
+
"summary",
|
|
48
|
+
"affected_files"
|
|
49
|
+
],
|
|
50
|
+
"properties": {
|
|
51
|
+
"id": { "type": "string" },
|
|
52
|
+
"title": { "type": "string" },
|
|
53
|
+
"category": { "type": "string", "minLength": 1 },
|
|
54
|
+
"severity": {
|
|
55
|
+
"type": "string",
|
|
56
|
+
"enum": ["critical", "high", "medium", "low", "info"]
|
|
57
|
+
},
|
|
58
|
+
"confidence": { "type": "string", "enum": ["high", "medium", "low"] },
|
|
59
|
+
"lens": { "type": "string", "minLength": 1 },
|
|
60
|
+
"summary": { "type": "string" },
|
|
61
|
+
"affected_files": {
|
|
62
|
+
"type": "array",
|
|
63
|
+
"minItems": 1,
|
|
64
|
+
"items": {
|
|
65
|
+
"type": "object",
|
|
66
|
+
"required": ["path"],
|
|
67
|
+
"properties": {
|
|
68
|
+
"path": { "type": "string" },
|
|
69
|
+
"line_start": { "type": "integer", "minimum": 1 },
|
|
70
|
+
"line_end": { "type": "integer", "minimum": 1 },
|
|
71
|
+
"symbol": { "type": "string" },
|
|
72
|
+
"hash_at_plan_time": { "type": "string" }
|
|
73
|
+
},
|
|
74
|
+
"additionalProperties": false
|
|
75
|
+
}
|
|
76
|
+
},
|
|
77
|
+
"impact": { "type": "string" },
|
|
78
|
+
"likelihood": { "type": "string" },
|
|
79
|
+
"evidence": { "type": "array", "items": { "type": "string" } },
|
|
80
|
+
"reproduction": { "type": "array", "items": { "type": "string" } },
|
|
81
|
+
"systemic": { "type": "boolean" },
|
|
82
|
+
"related_findings": { "type": "array", "items": { "type": "string" } },
|
|
83
|
+
"theme_id": { "type": "string" }
|
|
84
|
+
},
|
|
85
|
+
"additionalProperties": false
|
|
86
|
+
}
|
|
87
|
+
},
|
|
88
|
+
"work_blocks": {
|
|
89
|
+
"type": "array",
|
|
90
|
+
"items": {
|
|
91
|
+
"type": "object",
|
|
92
|
+
"required": [
|
|
93
|
+
"id",
|
|
94
|
+
"finding_ids",
|
|
95
|
+
"unit_ids",
|
|
96
|
+
"owned_files",
|
|
97
|
+
"max_severity",
|
|
98
|
+
"rationale",
|
|
99
|
+
"depends_on"
|
|
100
|
+
],
|
|
101
|
+
"properties": {
|
|
102
|
+
"id": { "type": "string" },
|
|
103
|
+
"finding_ids": { "type": "array", "items": { "type": "string" } },
|
|
104
|
+
"unit_ids": { "type": "array", "items": { "type": "string" } },
|
|
105
|
+
"owned_files": { "type": "array", "items": { "type": "string" } },
|
|
106
|
+
"max_severity": {
|
|
107
|
+
"type": "string",
|
|
108
|
+
"enum": ["critical", "high", "medium", "low", "info"]
|
|
109
|
+
},
|
|
110
|
+
"rationale": { "type": "string" },
|
|
111
|
+
"depends_on": { "type": "array", "items": { "type": "string" } }
|
|
112
|
+
},
|
|
113
|
+
"additionalProperties": false
|
|
114
|
+
}
|
|
115
|
+
},
|
|
116
|
+
"themes": {
|
|
117
|
+
"type": "array",
|
|
118
|
+
"items": {
|
|
119
|
+
"type": "object",
|
|
120
|
+
"required": [
|
|
121
|
+
"theme_id",
|
|
122
|
+
"title",
|
|
123
|
+
"root_cause",
|
|
124
|
+
"finding_ids",
|
|
125
|
+
"suggested_fix_pattern"
|
|
126
|
+
],
|
|
127
|
+
"properties": {
|
|
128
|
+
"theme_id": { "type": "string" },
|
|
129
|
+
"title": { "type": "string" },
|
|
130
|
+
"root_cause": { "type": "string" },
|
|
131
|
+
"finding_ids": { "type": "array", "items": { "type": "string" } },
|
|
132
|
+
"suggested_fix_pattern": { "type": "string" }
|
|
133
|
+
},
|
|
134
|
+
"additionalProperties": false
|
|
135
|
+
}
|
|
136
|
+
},
|
|
137
|
+
"executive_summary": { "type": "string" },
|
|
138
|
+
"top_risks": { "type": "array", "items": { "type": "string" } }
|
|
139
|
+
},
|
|
140
|
+
"additionalProperties": false
|
|
141
|
+
}
|
|
@@ -116,6 +116,11 @@
|
|
|
116
116
|
}
|
|
117
117
|
},
|
|
118
118
|
"additionalProperties": true
|
|
119
|
+
},
|
|
120
|
+
"analyzers_used": {
|
|
121
|
+
"type": "array",
|
|
122
|
+
"items": { "type": "string" },
|
|
123
|
+
"description": "Ids of the language analyzers whose edges were merged into this bundle by the optional graph-enrichment pass. Absent/empty when only the regex floor was used."
|
|
119
124
|
}
|
|
120
125
|
},
|
|
121
126
|
"additionalProperties": false
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
|
+
"$id": "scope.schema.json",
|
|
4
|
+
"title": "Audit Scope Manifest",
|
|
5
|
+
"description": "scope.json — records how a run was scoped (Phase 3 `--since` delta mode). A deterministic function of the git ref, the changed files, and the dependency graph. Sits upstream of coverage_matrix.json in the staleness DAG: in delta mode only seed + expanded files are (re)queued for audit; every other auditable file inherits its prior completion or is excluded from this run.",
|
|
6
|
+
"type": "object",
|
|
7
|
+
"required": ["mode", "since", "seed_files", "expanded_files", "budget"],
|
|
8
|
+
"properties": {
|
|
9
|
+
"mode": {
|
|
10
|
+
"type": "string",
|
|
11
|
+
"enum": ["full", "delta"],
|
|
12
|
+
"description": "'full' audits every auditable file; 'delta' scopes to a changed neighbourhood."
|
|
13
|
+
},
|
|
14
|
+
"since": {
|
|
15
|
+
"type": ["string", "null"],
|
|
16
|
+
"description": "Git ref/SHA the delta was measured against; null in full mode."
|
|
17
|
+
},
|
|
18
|
+
"seed_files": {
|
|
19
|
+
"type": "array",
|
|
20
|
+
"items": { "type": "string" },
|
|
21
|
+
"description": "Changed auditable files (relative to `since`) present in the repo manifest. Sorted."
|
|
22
|
+
},
|
|
23
|
+
"expanded_files": {
|
|
24
|
+
"type": "array",
|
|
25
|
+
"items": { "type": "string" },
|
|
26
|
+
"description": "Auditable graph neighbours pulled in by priority-frontier expansion. Sorted."
|
|
27
|
+
},
|
|
28
|
+
"budget": {
|
|
29
|
+
"type": "object",
|
|
30
|
+
"required": ["max_files"],
|
|
31
|
+
"properties": {
|
|
32
|
+
"max_files": {
|
|
33
|
+
"type": "integer",
|
|
34
|
+
"minimum": 1,
|
|
35
|
+
"description": "Upper bound on in-scope files (seeds + expanded); expansion stops once reached."
|
|
36
|
+
}
|
|
37
|
+
},
|
|
38
|
+
"additionalProperties": false
|
|
39
|
+
},
|
|
40
|
+
"dropped_note": {
|
|
41
|
+
"type": "string",
|
|
42
|
+
"description": "Set when scope was truncated by the budget, or when `--since` could not be honoured and the run fell back to full."
|
|
43
|
+
}
|
|
44
|
+
},
|
|
45
|
+
"additionalProperties": false
|
|
46
|
+
}
|