auditor-lambda 0.3.5 → 0.3.6

package/audit-code-wrapper-lib.mjs

@@ -407,6 +407,42 @@ async function writeGeneratedJson(targetPath, value) {
   };
 }
 
+async function readJsonObjectIfExists(targetPath, description) {
+  if (!(await fileExists(targetPath))) {
+    return {};
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(await readFile(targetPath, 'utf8'));
+  } catch (error) {
+    throw new Error(
+      `${description} exists but is not valid JSON: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+
+  if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+    throw new Error(`${description} must be a JSON object when it already exists.`);
+  }
+
+  return parsed;
+}
+
+async function writeMergedGeneratedJson(targetPath, description, buildValue) {
+  const existed = await fileExists(targetPath);
+  const existing = await readJsonObjectIfExists(targetPath, description);
+  await mkdir(dirname(targetPath), { recursive: true });
+  await writeFile(
+    targetPath,
+    JSON.stringify(buildValue(existing), null, 2) + '\n',
+    'utf8',
+  );
+  return {
+    path: targetPath,
+    mode: existed ? 'updated' : 'created',
+  };
+}
+
 async function writeGeneratedBinary(targetPath, content) {
   const existed = await fileExists(targetPath);
   await mkdir(dirname(targetPath), { recursive: true });
@@ -481,70 +517,99 @@ function renderCodexAutomationRecipe() {
 
 function renderOpenCodeProjectConfig(root) {
   const launcher = replaceBackslashes(toRepoRelativePath(root, join(root, '.audit-code', 'install', MCP_LAUNCHER_FILENAME)));
-  return JSON.stringify(
-    {
-      $schema: 'https://opencode.ai/config.json',
-      mcp: {
-        auditor: {
-          type: 'local',
-          command: ['node', launcher],
-          enabled: true,
-          timeout: 10000,
-        },
+  return {
+    $schema: 'https://opencode.ai/config.json',
+    mcp: {
+      auditor: {
+        type: 'local',
+        command: ['node', launcher],
+        enabled: true,
+        timeout: 10000,
       },
-      permission: {
-        read: 'allow',
-        glob: 'allow',
-        grep: 'allow',
-        edit: 'ask',
-        bash: {
-          '*': 'ask',
-          'git status*': 'allow',
-          'git diff*': 'allow',
-          'grep *': 'allow',
-          'rm *': 'deny',
-        },
+    },
+    permission: {
+      read: 'allow',
+      glob: 'allow',
+      grep: 'allow',
+      edit: 'ask',
+      bash: {
+        '*': 'ask',
+        'git status*': 'allow',
+        'git diff*': 'allow',
+        'grep *': 'allow',
+        'rm *': 'deny',
       },
-      agent: {
-        auditor: {
-          description:
-            'Read-heavy audit orchestration agent for the /audit-code workflow.',
-          tools: {
-            'auditor*': true,
-          },
-          permission: {
-            edit: 'ask',
-            bash: {
-              '*': 'ask',
-              'git status*': 'allow',
-              'git diff*': 'allow',
-              'grep *': 'allow',
-              'rm *': 'deny',
-            },
-            question: 'allow',
+    },
+    agent: {
+      auditor: {
+        description:
+          'Read-heavy audit orchestration agent for the /audit-code workflow.',
+        tools: {
+          'auditor*': true,
+        },
+        permission: {
+          edit: 'ask',
+          bash: {
+            '*': 'ask',
+            'git status*': 'allow',
+            'git diff*': 'allow',
+            'grep *': 'allow',
+            'rm *': 'deny',
           },
+          question: 'allow',
         },
       },
     },
-    null,
-    2,
-  ) + '\n';
+  };
 }
 
 function renderVSCodeMcpConfig() {
-  return JSON.stringify(
-    {
-      servers: {
-        auditor: {
-          type: 'stdio',
-          command: 'node',
-          args: ['${workspaceFolder}/.audit-code/install/run-mcp-server.mjs'],
-        },
+  return {
+    servers: {
+      auditor: {
+        type: 'stdio',
+        command: 'node',
+        args: ['${workspaceFolder}/.audit-code/install/run-mcp-server.mjs'],
       },
     },
-    null,
-    2,
-  ) + '\n';
+  };
+}
+
+function objectValue(value) {
+  return value && typeof value === 'object' && !Array.isArray(value)
+    ? value
+    : {};
+}
+
+function buildMergedOpenCodeProjectConfig(existing, root) {
+  const generated = renderOpenCodeProjectConfig(root);
+  return {
+    ...existing,
+    $schema: existing.$schema ?? generated.$schema,
+    mcp: {
+      ...objectValue(existing.mcp),
+      auditor: generated.mcp.auditor,
+    },
+    permission:
+      existing.permission && typeof existing.permission === 'object' && !Array.isArray(existing.permission)
+        ? existing.permission
+        : generated.permission,
+    agent: {
+      ...objectValue(existing.agent),
+      auditor: generated.agent.auditor,
+    },
+  };
+}
+
+function buildMergedVSCodeMcpConfig(existing) {
+  const generated = renderVSCodeMcpConfig();
+  return {
+    ...existing,
+    servers: {
+      ...objectValue(existing.servers),
+      auditor: generated.servers.auditor,
+    },
+  };
 }
 
 function renderClaudeDesktopProjectTemplate() {
@@ -932,116 +997,203 @@ async function buildClaudeDesktopBundle(root, results) {
   };
 }
 
-function buildHostCatalog({ root, host, assets }) {
-  const entries = {
-    codex: {
-      host: 'codex',
-      label: 'Codex',
-      support_level: 'supported',
-      setup_kind: 'skills+mcp+instructions',
-      summary:
-        'Use the generated Codex skill bundle, AGENTS instructions, and shared MCP launcher so Codex can drive the backend through native tools instead of raw shell commands.',
-      primary_path: assets.codexSkillPath,
-      supporting_paths: [
-        assets.agentsInstructionsPath,
-        assets.codexMcpSetupPath,
-        assets.codexAutomationRecipePath,
-      ].filter(Boolean),
-      steps: [
-        'Open this repository in Codex.',
-        'Ensure Codex can access the repo-local auditor MCP server using the generated setup guide.',
-        'Ask Codex to use the auditor MCP tools to start or continue `/audit-code`.',
-      ],
+const INSTALL_PROFILE_FLAGS = [
+  'writeVSCode',
+  'writeCopilotInstructions',
+  'writeOpenCode',
+  'writeCodex',
+  'writeClaudeDesktop',
+  'writeAntigravity',
+  'writeAgents',
+];
+
+const INSTALL_HOST_ORDER = [
+  'codex',
+  'claude-desktop',
+  'opencode',
+  'vscode',
+  'antigravity',
+];
+
+const INSTALL_HOST_DEFINITIONS = {
+  codex: {
+    host: 'codex',
+    label: 'Codex',
+    support_level: 'supported',
+    setup_kind: 'skills+mcp+instructions',
+    summary:
+      'Use the generated Codex skill bundle, AGENTS instructions, and shared MCP launcher so Codex can drive the backend through native tools instead of raw shell commands.',
+    primary_path_key: 'codexSkillPath',
+    supporting_path_keys: [
+      'agentsInstructionsPath',
+      'codexMcpSetupPath',
+      'codexAutomationRecipePath',
+    ],
+    steps: [
+      'Open this repository in Codex.',
+      'Ensure Codex can access the repo-local auditor MCP server using the generated setup guide.',
+      'Ask Codex to use the auditor MCP tools to start or continue `/audit-code`.',
+    ],
+    profile: {
+      writeCodex: true,
+      writeAgents: true,
     },
-    'claude-desktop': {
-      host: 'claude-desktop',
-      label: 'Claude Desktop',
-      support_level: 'supported',
-      setup_kind: 'local-mcp-bundle',
-      summary:
-        'Install the generated local MCP bundle in Claude Desktop, then use the project template and prompt asset as supporting context.',
-      primary_path: assets.claudeDesktopDxtPath,
-      supporting_paths: [
-        assets.claudeDesktopMcpbPath,
-        assets.claudeDesktopProjectTemplatePath,
-        assets.claudeDesktopRemoteConnectorPath,
-        assets.installedPromptPath,
-      ].filter(Boolean),
-      steps: [
-        'Open Claude Desktop Settings and install the generated `.dxt` bundle.',
-        'Configure the repository root when prompted so the bundle can launch the local auditor MCP server.',
-        'Use the project template and prompt asset to kick off `/audit-code` in conversation.',
-      ],
+  },
+  'claude-desktop': {
+    host: 'claude-desktop',
+    label: 'Claude Desktop',
+    support_level: 'supported',
+    setup_kind: 'local-mcp-bundle',
+    summary:
+      'Install the generated local MCP bundle in Claude Desktop, then use the project template and prompt asset as supporting context.',
+    primary_path_key: 'claudeDesktopDxtPath',
+    supporting_path_keys: [
+      'claudeDesktopMcpbPath',
+      'claudeDesktopProjectTemplatePath',
+      'claudeDesktopRemoteConnectorPath',
+      'installedPromptPath',
+    ],
+    steps: [
+      'Open Claude Desktop Settings and install the generated `.dxt` bundle.',
+      'Configure the repository root when prompted so the bundle can launch the local auditor MCP server.',
+      'Use the project template and prompt asset to kick off `/audit-code` in conversation.',
+    ],
+    profile: {
+      writeClaudeDesktop: true,
     },
-    opencode: {
-      host: 'opencode',
-      label: 'OpenCode',
-      support_level: 'supported',
-      setup_kind: 'command+agent+mcp',
-      summary:
-        'Use the generated OpenCode command and project config so `/audit-code` and the local auditor MCP server are available together.',
-      primary_path: assets.opencodeCommandPath,
-      supporting_paths: [
-        assets.opencodeConfigPath,
-        assets.opencodeSkillPath,
-        assets.agentsInstructionsPath,
-        assets.mcpLauncherPath,
-      ].filter(Boolean),
-      steps: [
-        'Open this repository in OpenCode.',
-        'Let OpenCode load the generated `opencode.json` so the auditor MCP server is available.',
-        'Invoke `/audit-code` and keep the audit loop on the auditor MCP tools.',
-      ],
+  },
+  opencode: {
+    host: 'opencode',
+    label: 'OpenCode',
+    support_level: 'supported',
+    setup_kind: 'command+agent+mcp',
+    summary:
+      'Use the generated OpenCode command and project config so `/audit-code` and the local auditor MCP server are available together.',
+    primary_path_key: 'opencodeCommandPath',
+    supporting_path_keys: [
+      'opencodeConfigPath',
+      'opencodeSkillPath',
+      'agentsInstructionsPath',
+      'mcpLauncherPath',
+    ],
+    steps: [
+      'Open this repository in OpenCode.',
+      'Let OpenCode load the generated `opencode.json` so the auditor MCP server is available.',
+      'Invoke `/audit-code` and keep the audit loop on the auditor MCP tools.',
+    ],
+    profile: {
+      writeOpenCode: true,
+      writeAgents: true,
     },
-    vscode: {
-      host: 'vscode',
-      label: 'VS Code',
-      support_level: 'supported',
-      setup_kind: 'prompt+agent+mcp',
-      summary:
-        'Use the generated prompt file, custom agent, and workspace MCP configuration for the cleanest VS Code integration.',
-      primary_path: assets.vscodePromptPath,
-      supporting_paths: [
-        assets.vscodeAgentPath,
-        assets.vscodeMcpConfigPath,
-        assets.copilotInstructionsPath,
-      ].filter(Boolean),
-      steps: [
-        'Open this repository in VS Code with Copilot.',
-        'Allow VS Code to discover the workspace MCP server from `.vscode/mcp.json`.',
-        'Invoke `/audit-code` in chat and use the custom auditor agent when you want the dedicated orchestration persona.',
-      ],
+  },
+  vscode: {
+    host: 'vscode',
+    label: 'VS Code',
+    support_level: 'supported',
+    setup_kind: 'prompt+agent+mcp',
+    summary:
+      'Use the generated prompt file, custom agent, and workspace MCP configuration for the cleanest VS Code integration.',
+    primary_path_key: 'vscodePromptPath',
+    supporting_path_keys: [
+      'vscodeAgentPath',
+      'vscodeMcpConfigPath',
+      'copilotInstructionsPath',
+    ],
+    steps: [
+      'Open this repository in VS Code with Copilot.',
+      'Allow VS Code to discover the workspace MCP server from `.vscode/mcp.json`.',
+      'Invoke `/audit-code` in chat and use the custom auditor agent when you want the dedicated orchestration persona.',
+    ],
+    profile: {
+      writeVSCode: true,
+      writeCopilotInstructions: true,
     },
-    antigravity: {
-      host: 'antigravity',
-      label: 'Antigravity',
-      support_level: 'guided',
-      setup_kind: 'planning-guide+mcp-ready',
-      summary:
-        'Start in Planning mode with the generated guide and AGENTS instructions, then use the shared MCP launcher once Antigravity is ready to call structured tools.',
-      primary_path: assets.antigravityPlanningGuidePath,
-      supporting_paths: [
-        assets.agentsInstructionsPath,
-        assets.mcpLauncherPath,
-        assets.installedPromptPath,
-      ].filter(Boolean),
-      steps: [
-        'Open this repository in Antigravity Planning mode.',
-        'Load the generated planning guide and AGENTS instructions before starting the audit.',
-        'Use the shared auditor MCP server when Antigravity needs structured audit state instead of free-form shell guesses.',
-      ],
+  },
+  antigravity: {
+    host: 'antigravity',
+    label: 'Antigravity',
+    support_level: 'guided',
+    setup_kind: 'planning-guide+mcp-ready',
+    summary:
+      'Start in Planning mode with the generated guide and AGENTS instructions, then use the shared MCP launcher once Antigravity is ready to call structured tools.',
+    primary_path_key: 'antigravityPlanningGuidePath',
+    supporting_path_keys: [
+      'agentsInstructionsPath',
+      'mcpLauncherPath',
+      'installedPromptPath',
+    ],
+    steps: [
+      'Open this repository in Antigravity Planning mode.',
+      'Load the generated planning guide and AGENTS instructions before starting the audit.',
+      'Use the shared auditor MCP server when Antigravity needs structured audit state instead of free-form shell guesses.',
+    ],
+    profile: {
+      writeAntigravity: true,
+      writeAgents: true,
     },
-  };
+  },
+};
+
+function supportedInstallHostsMessage() {
+  return ['all', 'copilot', ...INSTALL_HOST_ORDER].join(', ');
+}
+
+function getInstallHostKeys(host) {
+  if (host === 'all') {
+    return INSTALL_HOST_ORDER;
+  }
+
+  if (host === 'copilot') {
+    return ['vscode'];
+  }
+
+  if (INSTALL_HOST_DEFINITIONS[host]) {
+    return [host];
+  }
+
+  throw new Error(
+    `Unsupported host "${host}". Supported hosts: ${supportedInstallHostsMessage()}.`,
+  );
+}
+
+function getInstallProfile(host) {
+  const profile = Object.fromEntries(
+    INSTALL_PROFILE_FLAGS.map((flag) => [flag, false]),
+  );
+
+  for (const hostKey of getInstallHostKeys(host)) {
+    const hostProfile = INSTALL_HOST_DEFINITIONS[hostKey].profile;
+    for (const flag of INSTALL_PROFILE_FLAGS) {
+      profile[flag] = profile[flag] || Boolean(hostProfile[flag]);
+    }
+  }
+
+  return profile;
+}
 
-  const hostOrder = host === 'all'
-    ? ['codex', 'claude-desktop', 'opencode', 'vscode', 'antigravity']
-    : host === 'copilot'
-      ? ['vscode']
-      : [host];
+function buildHostCatalog({ root, host, assets }) {
+  return getInstallHostKeys(host)
+    .map((hostKey) => {
+      const definition = INSTALL_HOST_DEFINITIONS[hostKey];
+      const primaryPath = assets[definition.primary_path_key];
+      if (!primaryPath) {
+        return null;
+      }
 
-  return hostOrder
-    .map((hostKey) => entries[hostKey])
-    .filter((entry) => entry?.primary_path)
+      return {
+        host: definition.host,
+        label: definition.label,
+        support_level: definition.support_level,
+        setup_kind: definition.setup_kind,
+        summary: definition.summary,
+        primary_path: primaryPath,
+        supporting_paths: definition.supporting_path_keys
+          .map((key) => assets[key])
+          .filter(Boolean),
+        steps: definition.steps,
+      };
+    })
+    .filter(Boolean)
     .map((entry) => ({
       ...entry,
       primary_path: entry.primary_path,
@@ -1102,6 +1254,7 @@ function renderInstallGuide({
   lines.push('', 'Backend fallback:');
   lines.push('- from the repository root, run `audit-code` only when you intentionally need the repo-local backend wrapper');
   lines.push('- run `audit-code verify-install` after bootstrap when you want to smoke-test the generated launchers and host configs');
+  lines.push('- rerun `audit-code install` to refresh every generated host surface from the shared prompt, skill, and MCP launcher assets together');
 
   if (host !== 'all') {
     lines.push('');
@@ -1112,85 +1265,6 @@ function renderInstallGuide({
   return lines.join('\n');
 }
 
-function getInstallProfile(host) {
-  switch (host) {
-    case 'all':
-      return {
-        writeVSCode: true,
-        writeCopilotInstructions: true,
-        writeOpenCode: true,
-        writeCodex: true,
-        writeClaudeDesktop: true,
-        writeAntigravity: true,
-        writeAgents: true,
-      };
-    case 'copilot':
-      return {
-        writeVSCode: true,
-        writeCopilotInstructions: true,
-        writeAgents: false,
-        writeOpenCode: false,
-        writeCodex: false,
-        writeClaudeDesktop: false,
-        writeAntigravity: false,
-      };
-    case 'vscode':
-      return {
-        writeVSCode: true,
-        writeCopilotInstructions: true,
-        writeAgents: false,
-        writeOpenCode: false,
-        writeCodex: false,
-        writeClaudeDesktop: false,
-        writeAntigravity: false,
-      };
-    case 'opencode':
-      return {
-        writeVSCode: false,
-        writeCopilotInstructions: false,
-        writeAgents: true,
-        writeOpenCode: true,
-        writeCodex: false,
-        writeClaudeDesktop: false,
-        writeAntigravity: false,
-      };
-    case 'codex':
-      return {
-        writeVSCode: false,
-        writeCopilotInstructions: false,
-        writeAgents: true,
-        writeOpenCode: false,
-        writeCodex: true,
-        writeClaudeDesktop: false,
-        writeAntigravity: false,
-      };
-    case 'claude-desktop':
-      return {
-        writeVSCode: false,
-        writeCopilotInstructions: false,
-        writeAgents: false,
-        writeOpenCode: false,
-        writeCodex: false,
-        writeClaudeDesktop: true,
-        writeAntigravity: false,
-      };
-    case 'antigravity':
-      return {
-        writeVSCode: false,
-        writeCopilotInstructions: false,
-        writeAgents: true,
-        writeOpenCode: false,
-        writeCodex: false,
-        writeClaudeDesktop: false,
-        writeAntigravity: true,
-      };
-    default:
-      throw new Error(
-        `Unsupported host "${host}". Supported hosts: all, copilot, vscode, opencode, codex, claude-desktop, antigravity.`,
-      );
-  }
-}
-
 async function assertDirectoryExists(path, description) {
   let stats;
   try {
@@ -1512,7 +1586,7 @@ async function verifyInstalledBootstrap(argv) {
     (installManifest.hosts ?? []).map((entry) => [entry.host, entry]),
   );
   const selectedHosts = requestedHost && requestedHost !== 'all'
-    ? [requestedHost]
+    ? getInstallHostKeys(requestedHost)
     : [...hostCatalog.keys()];
 
   await collectVerifyCheck(generalChecks, 'install_guide', async () => {
@@ -2056,9 +2130,10 @@ async function installBootstrap(argv) {
       ),
     );
     results.push(
-      await writeGeneratedMarkdown(
+      await writeMergedGeneratedJson(
         assetPaths.opencodeConfigPath,
-        renderOpenCodeProjectConfig(root),
+        'OpenCode project config',
+        (existing) => buildMergedOpenCodeProjectConfig(existing, root),
       ),
     );
   }
@@ -2084,9 +2159,10 @@ async function installBootstrap(argv) {
       ),
     );
     results.push(
-      await writeGeneratedMarkdown(
+      await writeMergedGeneratedJson(
         assetPaths.vscodeMcpConfigPath,
-        renderVSCodeMcpConfig(),
+        'VS Code MCP config',
+        buildMergedVSCodeMcpConfig,
       ),
     );
   }
@@ -2116,6 +2192,7 @@ async function installBootstrap(argv) {
     install_manifest_path: installManifestPath,
     mcp_server_launcher_path: mcpLauncherPath,
     source_prompt_path: resolve(promptAssetPath),
+    source_skill_path: resolve(skillAssetPath),
     asset_paths: assetPaths,
     hosts: hostGuidance,
   };
@@ -2155,6 +2232,7 @@ async function installBootstrap(argv) {
         install_manifest_path: installManifestPath,
         mcp_server_launcher_path: mcpLauncherPath,
         source_prompt_path: resolve(promptAssetPath),
+        source_skill_path: resolve(skillAssetPath),
         files: results,
         slash_command_surfaces: {
           vscode_prompt: assetPaths.vscodePromptPath,

package/dist/cli.js

@@ -36,6 +36,9 @@ const packageRoot = resolve(dirname(fileURLToPath(import.meta.url)), "..");
 const ADVANCE_AUDIT_CONTRACT_VERSION = "audit-code/v1alpha1";
 const WORKER_RESULT_CONTRACT_VERSION = "audit-code-worker-result/v1alpha1";
 const LARGE_FILE_PACKET_TARGET_LINES = 2500;
+const SMALL_MODEL_HINT_MAX_LINES = 500;
+const SMALL_MODEL_HINT_MAX_ESTIMATED_TOKENS = 3000;
+const DEEP_MODEL_HINT_MIN_ESTIMATED_TOKENS = 9000;
 const DIRECT_CLI_DEFAULTS = {
     rootDir: ".",
     artifactsDir: ".artifacts",
@@ -1474,6 +1477,58 @@ function isIsolatedLargeFilePacket(packet) {
     return (packet.file_paths.length === 1 &&
         packet.total_lines > LARGE_FILE_PACKET_TARGET_LINES);
 }
+function buildDispatchComplexity(packet, largeFileMode) {
+    return {
+        priority: packet.priority,
+        task_count: packet.task_ids.length,
+        file_count: packet.file_paths.length,
+        total_lines: packet.total_lines,
+        estimated_tokens: packet.estimated_tokens,
+        lenses: packet.lenses,
+        tags: packet.tags ?? [],
+        large_file_mode: largeFileMode,
+    };
+}
+function buildDispatchModelHint(complexity) {
+    const deepReasons = [];
+    if (complexity.priority === "high")
+        deepReasons.push("high_priority");
+    if (complexity.large_file_mode)
+        deepReasons.push("isolated_large_file");
+    if (complexity.estimated_tokens >= DEEP_MODEL_HINT_MIN_ESTIMATED_TOKENS) {
+        deepReasons.push("high_estimated_tokens");
+    }
+    if (complexity.tags.some((tag) => tag === "critical_flow" || tag.startsWith("critical_flow:"))) {
+        deepReasons.push("critical_flow");
+    }
+    if (complexity.tags.some((tag) => tag === "external_analyzer_signal" || tag.startsWith("external_tool:"))) {
+        deepReasons.push("external_analyzer_signal");
+    }
+    if (deepReasons.length > 0) {
+        return { tier: "deep", reasons: deepReasons };
+    }
+    const sensitiveLenses = new Set(["security", "data_integrity", "reliability"]);
+    const hasSensitiveLens = complexity.lenses.some((lens) => sensitiveLenses.has(lens));
+    if (complexity.priority === "low" &&
+        complexity.total_lines <= SMALL_MODEL_HINT_MAX_LINES &&
+        complexity.estimated_tokens <= SMALL_MODEL_HINT_MAX_ESTIMATED_TOKENS &&
+        !hasSensitiveLens &&
+        complexity.tags.length === 0) {
+        return { tier: "small", reasons: ["small_low_priority_packet"] };
+    }
+    const reasons = [];
+    if (complexity.priority === "medium")
+        reasons.push("medium_priority");
+    if (hasSensitiveLens)
+        reasons.push("sensitive_lens");
+    if (complexity.total_lines > SMALL_MODEL_HINT_MAX_LINES) {
+        reasons.push("moderate_size");
+    }
+    return {
+        tier: "standard",
+        reasons: reasons.length > 0 ? reasons : ["default_review_packet"],
+    };
+}
 function withinRoot(root, path) {
     const rootPath = resolve(root);
     const absolutePath = resolve(rootPath, path);
@@ -1641,6 +1696,7 @@ async function cmdPrepareDispatch(argv) {
             `--run-id-b64 ${toBase64Url(runId)} ` +
             `--packet-id-b64 ${toBase64Url(packet.packet_id)} ` +
             `--artifacts-dir-b64 ${toBase64Url(artifactsDir)}`;
+        const complexity = buildDispatchComplexity(packet, largeFileMode);
         for (const task of packetTasks) {
             resultMapEntries.push({
                 packet_id: packet.packet_id,
@@ -1712,6 +1768,8 @@ async function cmdPrepareDispatch(argv) {
             description: `Audit ${packet.file_paths.length} file(s), ${packet.task_ids.length} task(s), ${packet.lenses.length} lens(es) (~${packet.total_lines} lines)` +
                 (largeFileMode ? " [isolated large-file mode]" : ""),
             prompt_path: promptPath,
+            complexity,
+            model_hint: buildDispatchModelHint(complexity),
         });
     }
     await writeJsonFile(dispatchPlanPath, plan);
@@ -2170,7 +2228,7 @@ async function cmdValidate(argv) {
         ...providerIssues,
     ];
     const resolvedProvider = rawSessionConfig === undefined
-        ? "auto"
+        ? "local-subprocess"
         : sessionConfigIssues.length > 0
             ? null
             : resolveFreshSessionProviderName(undefined, rawSessionConfig);

package/docs/agent-integrations.md

@@ -254,7 +254,7 @@ The current implementation shipped the shared installer and MCP substrate. The r
 
 Highest-value follow-through:
 
-1. validate the generated Codex, Claude Desktop, OpenCode, and VS Code assets inside the real products they target
+1. validate the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity assets inside the real products they target
 2. tighten generated quick-start guidance anywhere those host smoke tests expose ambiguity
 3. document exactly how Antigravity artifacts should map into `import_results` and `import_runtime_updates`
 4. keep host claims conservative until those end-to-end product checks are complete

package/docs/bootstrap-install.md

@@ -10,6 +10,9 @@ That command installs the repo-local `/audit-code` surfaces we can automate toda
 It is also the single refresh path: rerun `audit-code install` after prompt or
 skill updates to rewrite the shared install assets and every generated
 host-specific surface from the same source files.
+The generated manifest records the canonical prompt and skill source paths so
+host surfaces can be checked against one shared source of truth instead of
+drifting independently.
 
 After bootstrap, run:
 
@@ -28,6 +31,7 @@ Installed shared surfaces:
 - `.audit-code/install/GETTING-STARTED.md`
 - `.audit-code/install/manifest.json`
 - `.audit-code/install/run-mcp-server.mjs`
+- `.audit-artifacts/session-config.json` when no backend fallback config exists yet
 
 Installed host-specific surfaces:
 
@@ -76,6 +80,7 @@ without supplying extra root paths, provider flags, or model-selection arguments
 ## What is fully automated today
 
 - shared installer output, manifest generation, and repo-local MCP launcher generation
+- default backend fallback session-config creation when no config exists yet
 - Codex skill-bundle and AGENTS-oriented install output
 - OpenCode command, skill, prompt, and config generation
 - VS Code prompt, custom-agent, instruction, and MCP config generation
@@ -84,7 +89,7 @@ without supplying extra root paths, provider flags, or model-selection arguments
 
 ## What is not fully automated today
 
-- product-level smoke validation for the generated Codex, Claude Desktop, OpenCode, and VS Code assets
+- product-level smoke validation for the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity assets
 - one-click proof that the generated Claude Desktop bundle installs cleanly in a real Desktop environment
 - documented Antigravity artifact round-tripping back through `import_results` and `import_runtime_updates`
 

package/docs/dispatch-implementation-plan.md

@@ -121,13 +121,31 @@ The command prints a compact JSON envelope:
 {
   "packet_id": "src-auth:security-correctness:packet-1-...",
   "description": "Audit 2 file(s), 2 task(s), 2 lens(es) (~70 lines)",
-  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1_ab12cd34ef56.prompt.md"
+  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1_ab12cd34ef56.prompt.md",
+  "complexity": {
+    "priority": "high",
+    "task_count": 2,
+    "file_count": 2,
+    "total_lines": 70,
+    "estimated_tokens": 1180,
+    "lenses": ["security", "correctness"],
+    "tags": ["critical_flow"],
+    "large_file_mode": false
+  },
+  "model_hint": {
+    "tier": "deep",
+    "reasons": ["high_priority", "critical_flow"]
+  }
 }
 ```
 
 The orchestrator should launch one subagent per entry with the entry
 description and a prompt that tells the subagent to read and follow
 `entry.prompt_path`.
+If the host supports per-subagent model selection, it may map
+`entry.model_hint.tier` (`small`, `standard`, or `deep`) to local model names.
+These hints are provider-neutral; the backend does not hardcode model names or
+require model selection during normal use.
 
 ## Large File Mode
 

package/docs/github-copilot.md

@@ -30,7 +30,7 @@ audit-code install --host vscode
 ## Behavior
 
 - the command copies the canonical prompt payload from `skills/audit-code/audit-code.prompt.md`
-- the generated prompt file explicitly sets `agent: agent` so Copilot Chat runs `/audit-code` with tool-capable agent mode
+- the generated prompt file explicitly sets `agent: auditor` so Copilot Chat uses the generated auditor custom agent
 - the installer upserts its managed compatibility block into `.github/copilot-instructions.md` instead of clobbering unrelated instructions
 - it prints machine-readable JSON describing the installed targets
 

package/docs/model-selection.md

@@ -13,6 +13,17 @@ For that surface, the default model rule is:
 
 That is the intended product contract.
 
+When packet dispatch is prepared, `dispatch-plan.json` includes
+provider-neutral complexity metadata and a `model_hint.tier` value:
+
+- `small` for tiny, low-priority packets without sensitive lenses or risk tags
+- `standard` for ordinary bounded review packets
+- `deep` for high-priority, large, critical-flow, or external-signal packets
+
+Hosts that support per-subagent model choice may map those tiers to their own
+available models. Hosts that do not support model choice can ignore the fields.
+The backend still does not prescribe concrete model names.
+
 ## 2. Backend provider rule
 
 When the local backend delegates bounded worker runs into an external provider, model selection becomes provider-specific.

package/docs/next-steps.md

@@ -3,7 +3,7 @@
 This document tracks the next meaningful implementation work after the packet
 review-dispatch refactor and the current skill-first productionization pass.
 
-As of April 22, 2026, the shared MCP substrate and the first host-native installer pass have landed, but this repository is not yet ready for a public production launch.
+As of April 30, 2026, the shared MCP substrate and the host-native installer pass have landed, but this repository is not yet ready for a public production launch.
 
 See:
 
@@ -144,7 +144,7 @@ Status:
 
 Most likely shape:
 
-- run fresh-repo smoke checks inside Codex, Claude Desktop, OpenCode, and VS Code
+- run fresh-repo smoke checks inside Codex, Claude Desktop, OpenCode, and VS Code, with Antigravity validated against its planning-mode path
 - confirm that the generated files are both syntactically valid and actually discovered by each host
 - tighten generated docs wherever operator confusion appears during those checks
 - keep Antigravity as a documented planning-mode path unless a stable project config contract is published

package/docs/packaging.md

@@ -17,6 +17,8 @@ The primary product surface is `/audit-code` in conversation.
 That means the package needs to ship:
 
 - the canonical prompt asset at `skills/audit-code/audit-code.prompt.md`
+- the companion Codex/OpenCode skill asset at `skills/audit-code/SKILL.md`
+- packet-dispatch support data such as `dispatch/lens-definitions.json`
 - the backend fallback wrapper exposed as `audit-code`
 
 A linked-command smoke test proves the installed wrapper and prompt lookup work from the working tree.
@@ -76,11 +78,11 @@ The repository now includes packaging metadata and lifecycle hooks intended for
 
 - `package.json` is no longer marked private
 - `publishConfig.access` defaults publication to the public npm access level
-- package contents are curated with a `files` allowlist that includes the canonical prompt asset
+- package contents are curated with a `files` allowlist that includes the canonical prompt, skill, dispatch, schema, and runtime assets
 - `prepack` and `prepare` build the runtime artifact
 - `verify:release` codifies the minimum in-repo release gate
 - `prepublishOnly` now runs that full release gate, including both linked-install and packaged-install smoke validation
-- packaged smoke now verifies the tarball includes `audit-code-wrapper-lib.mjs`, the prompt asset, the response schema, and `dist/` entrypoints before install-time smoke runs
+- packaged smoke now verifies the tarball includes `audit-code-wrapper-lib.mjs`, the prompt and skill assets, dispatch lens definitions, the response schema, and `dist/` entrypoints before install-time smoke runs
 - the GitHub publish workflow uses the same release gate before `npm publish`
 - the GitHub publish workflow uses npm Trusted Publishing with GitHub OIDC instead of a long-lived publish token
 - prerelease versions now default to the `next` dist-tag in the publish workflow unless an explicit tag override is chosen on manual dispatch

package/docs/production-launch-bar.md

@@ -25,6 +25,8 @@ Anything below `dist/index.js` remains a backend or development interface rather
 - packaged installs must include:
   - `audit-code`
   - `audit-code-wrapper-lib.mjs`
+  - `dispatch/lens-definitions.json`
+  - `skills/audit-code/SKILL.md`
   - `skills/audit-code/audit-code.prompt.md`
   - `schemas/audit-code-v1alpha1.schema.json`
 - the checked-in `dist/` output is part of the shipped runtime contract for installed usage
@@ -38,7 +40,7 @@ Anything below `dist/index.js` remains a backend or development interface rather
 ### Host surfaces
 
 - ChatGPT-style project conversations are the intended `/audit-code` product surface
-- VS Code / GitHub Copilot, OpenCode, and Claude Code repositories are supported through `audit-code install`
+- Codex, Claude Desktop, OpenCode, VS Code / GitHub Copilot, and Antigravity repository surfaces are generated through `audit-code install`
 - editor integrations that import `skills/audit-code/audit-code.prompt.md` are supported as prompt-based integrations
 - no editor-specific native install surface should be called production-ready until it has explicit documentation and a repeatable verification path
 

package/docs/production-readiness.md

@@ -2,7 +2,7 @@
 
 ## Verdict
 
-As of April 22, 2026, the package release path is ready for a public npm release candidate, but the broader host experience still has follow-through work before it should be described as a frictionless production launch.
+As of April 30, 2026, the package release path has a strong in-repo release gate, but the broader host experience still has follow-through work before it should be described as a frictionless production launch.
 
 What is already true:
 
@@ -11,9 +11,9 @@ What is already true:
 - linked-install smoke coverage passes
 - packaged-install smoke coverage passes
 - packaged tarball contract verification passes
-- `npm run verify:release` passes for the current `0.2.8` worktree
-- local `npm publish --dry-run` passes for `auditor-lambda@0.2.8`
-- npm currently reports `auditor-lambda@0.2.6` as `latest`, so the checked-in release version is still unpublished
+- `npm run verify:release` is the authoritative local release gate for the current worktree
+- local `npm publish --dry-run` should be run before any release candidate publish
+- npm registry state should be verified at release time rather than inferred from checked-in docs
 - malformed config and corrupted artifact handling are explicit
 - blocked fallback runs now emit structured operator handoff guidance
 - supported repo-local hosts now share a bootstrap install path via `audit-code install`
@@ -27,7 +27,7 @@ The biggest remaining gaps are product and release-operational, not core wrapper
 1. npm publication is not fully proven end to end.
    The repo now has a Trusted Publishing workflow and a passing local dry run, but npm-side trusted publisher setup plus the first GitHub Actions dry run still need to be completed outside the codebase.
 2. The primary conversation-first product still has setup friction on hosts without a verified repo-local slash-command surface.
-   VS Code / Copilot, OpenCode, and Claude Code now share a bootstrap path, but Claude Desktop, Antigravity, and other hosts still need more work.
+   Codex, Claude Desktop, OpenCode, VS Code / Copilot, and Antigravity now share the same bootstrap command, but each generated host surface still needs real-product verification before it can be called frictionless.
 3. Provider-assisted continuation still needs polish outside the happy path.
    Configured interactive bridges can now continue through audit-task review, but operator guidance and host-specific ergonomics still need refinement when a provider cannot produce results cleanly.
 
@@ -38,7 +38,7 @@ The explicit launch bar is now documented in `docs/production-launch-bar.md`, an
 1. Confirm release operations externally.
    Validate npm package-name ownership for `auditor-lambda`, configure npm Trusted Publishing for `.github/workflows/publish-package.yml`, and run a real GitHub Actions dry run or prerelease publish from that workflow path.
 2. Extend bootstrap coverage beyond the currently automated hosts.
-   Keep `audit-code install` stable for VS Code / Copilot, OpenCode, and Claude Code, and close the remaining friction gap for hosts that still lack a verified repo-local install surface.
+   Keep `audit-code install` stable for Codex, Claude Desktop, OpenCode, VS Code / Copilot, and Antigravity, and close the remaining friction gap for hosts that still lack a verified repo-local install surface.
 3. Polish provider-assisted UX.
    Keep the new continuation path explicit and inspectable while improving failure hints, host guidance, and operator recovery when a provider bridge misbehaves.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.5",
+  "version": "0.3.6",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/skills/audit-code/SKILL.md

@@ -28,6 +28,10 @@ command, then stop so the user can rerun `/audit-code` from fresh context.
 Subagent fan-out belongs to the host agent runtime rather than to repo-local
 backend provider settings.
 
+When dispatch-plan entries include provider-neutral complexity and
+`model_hint.tier` metadata, a capable host may map those tiers to its own
+subagent models. The backend should not prescribe concrete model names.
+
 Bounded steps are a backend implementation detail, not the intended user experience.
 
 ## Embedded Prompt Payload

package/skills/audit-code/audit-code.prompt.md

@@ -81,6 +81,11 @@ In a single message, launch one Agent/subagent call per dispatch-plan entry:
 Agent({ description: entry.description, prompt: "Read and follow the audit instructions in: " + entry.prompt_path })
 ```
 
+If the host supports per-subagent model selection, use `entry.model_hint.tier`
+as a provider-neutral routing hint (`small`, `standard`, or `deep`). Map it to
+available host models without asking the user to choose model names. If model
+selection is unavailable, ignore the hint and dispatch normally.
+
 If the host supports per-subagent tool restrictions, give review subagents no
 Write tool and allow shell access only for the `audit-code submit-packet`
 command printed in their prompt.