auditor-lambda 0.3.5 → 0.3.7

package/dist/validation/auditResults.js

@@ -10,6 +10,8 @@ const REQUIRED_FINDING_FIELDS = [
 ];
 const VALID_SEVERITIES = new Set(["critical", "high", "medium", "low", "info"]);
 const VALID_CONFIDENCES = new Set(["high", "medium", "low"]);
+const VALID_PRIORITIES = new Set(["high", "medium", "low"]);
+const LENS_VERIFICATION_TAG = "lens_verification";
 const VALID_LENSES = new Set([
     "correctness",
     "architecture",
@@ -207,6 +209,161 @@ function validateFinding(finding, label, taskId, resultIndex) {
     }
     return issues;
 }
+function validateOptionalStringArray(value, label, taskId, resultIndex, issues) {
+    if (value === undefined) {
+        return;
+    }
+    if (!Array.isArray(value)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: label,
+            message: `${label} must be an array of strings, got ${describeValue(value)}.`,
+        });
+        return;
+    }
+    for (let index = 0; index < value.length; index++) {
+        if (typeof value[index] !== "string") {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}[${index}]`,
+                message: `${label}[${index}] must be a string, got ${describeValue(value[index])}.`,
+            });
+        }
+    }
+}
+function validateVerificationFollowupTask(task, label, taskId, resultIndex, expectedLens, allowedPaths, issues) {
+    if (!isRecord(task)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: label,
+            message: `${label} must be an AuditTask object, got ${describeValue(task)}.`,
+        });
+        return;
+    }
+    for (const field of ["task_id", "unit_id", "pass_id", "lens", "rationale"]) {
+        validateRequiredStringField(task[field], `${label}.${field}`, taskId, resultIndex, issues);
+    }
+    if (typeof task.lens === "string" && !VALID_LENSES.has(task.lens)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: `${label}.lens`,
+            message: `Invalid lens '${task.lens}'. Must be one of: ${[...VALID_LENSES].join(", ")}.`,
+        });
+    }
+    if (typeof expectedLens === "string" &&
+        typeof task.lens === "string" &&
+        task.lens !== expectedLens) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: `${label}.lens`,
+            message: `${label}.lens must match the lens verification task ` +
+                `(expected '${expectedLens}', got '${task.lens}').`,
+        });
+    }
+    if (task.priority !== undefined &&
+        (typeof task.priority !== "string" || !VALID_PRIORITIES.has(task.priority))) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: `${label}.priority`,
+            message: `${label}.priority must be one of: ${[...VALID_PRIORITIES].join(", ")}.`,
+        });
+    }
+    if (!Array.isArray(task.file_paths) || task.file_paths.length === 0) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: `${label}.file_paths`,
+            message: `${label}.file_paths must be a non-empty array.`,
+        });
+    }
+    else {
+        for (let index = 0; index < task.file_paths.length; index++) {
+            const path = task.file_paths[index];
+            if (!isNonEmptyString(path)) {
+                pushIssue(issues, {
+                    result_index: resultIndex,
+                    task_id: taskId,
+                    field: `${label}.file_paths[${index}]`,
+                    message: `${label}.file_paths[${index}] must be a non-empty string.`,
+                });
+                continue;
+            }
+            if (!allowedPaths.has(path)) {
+                pushIssue(issues, {
+                    result_index: resultIndex,
+                    task_id: taskId,
+                    field: `${label}.file_paths[${index}]`,
+                    message: `${label}.file_paths[${index}] references '${path}', which is outside the verification task's file_coverage.`,
+                });
+            }
+        }
+    }
+    validateOptionalStringArray(task.tags, `${label}.tags`, taskId, resultIndex, issues);
+}
+function validateVerification(value, result, task, coverage, taskId, resultIndex, issues) {
+    if (value === undefined) {
+        return;
+    }
+    if (!isRecord(value)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: "verification",
+            message: `verification must be an object, got ${describeValue(value)}.`,
+        });
+        return;
+    }
+    if (typeof value.verified !== "boolean") {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: "verification.verified",
+            message: `verification.verified must be a boolean, got ${describeValue(value.verified)}.`,
+        });
+    }
+    if (typeof value.needs_followup !== "boolean") {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: "verification.needs_followup",
+            message: `verification.needs_followup must be a boolean, got ${describeValue(value.needs_followup)}.`,
+        });
+    }
+    if (task && !task.tags?.includes(LENS_VERIFICATION_TAG)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: "verification",
+            message: "verification is intended only for tasks tagged lens_verification.",
+            severity: "warning",
+        });
+    }
+    validateOptionalStringArray(value.concerns, "verification.concerns", taskId, resultIndex, issues);
+    validateOptionalStringArray(value.coverage_concerns, "verification.coverage_concerns", taskId, resultIndex, issues);
+    validateOptionalStringArray(value.confidence_concerns, "verification.confidence_concerns", taskId, resultIndex, issues);
+    if (value.followup_tasks === undefined) {
+        return;
+    }
+    if (!Array.isArray(value.followup_tasks)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: "verification.followup_tasks",
+            message: `verification.followup_tasks must be an array, got ${describeValue(value.followup_tasks)}.`,
+        });
+        return;
+    }
+    const allowedPaths = new Set(coverage.map((entry) => entry.path));
+    for (let index = 0; index < value.followup_tasks.length; index++) {
+        validateVerificationFollowupTask(value.followup_tasks[index], `verification.followup_tasks[${index}]`, taskId, resultIndex, result.lens, allowedPaths, issues);
+    }
+}
 function coversAffectedSpan(coverage, path, start, end) {
     return coverage.some((entry) => entry.path === path &&
         start > 0 &&
@@ -438,6 +595,7 @@ export function validateAuditResults(results, tasks, options = {}) {
                 }
             }
         }
+        validateVerification(result.verification, result, task, normalizedFileCoverage, taskId, i, issues);
     }
     return issues;
 }

package/docs/agent-integrations.md

@@ -254,7 +254,7 @@ The current implementation shipped the shared installer and MCP substrate. The r
 
 Highest-value follow-through:
 
-1. validate the generated Codex, Claude Desktop, OpenCode, and VS Code assets inside the real products they target
+1. validate the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity assets inside the real products they target
 2. tighten generated quick-start guidance anywhere those host smoke tests expose ambiguity
 3. document exactly how Antigravity artifacts should map into `import_results` and `import_runtime_updates`
 4. keep host claims conservative until those end-to-end product checks are complete

package/docs/bootstrap-install.md

@@ -10,6 +10,9 @@ That command installs the repo-local `/audit-code` surfaces we can automate toda
 It is also the single refresh path: rerun `audit-code install` after prompt or
 skill updates to rewrite the shared install assets and every generated
 host-specific surface from the same source files.
+The generated manifest records the canonical prompt and skill source paths so
+host surfaces can be checked against one shared source of truth instead of
+drifting independently.
 
 After bootstrap, run:
 
@@ -28,6 +31,7 @@ Installed shared surfaces:
 - `.audit-code/install/GETTING-STARTED.md`
 - `.audit-code/install/manifest.json`
 - `.audit-code/install/run-mcp-server.mjs`
+- `.audit-artifacts/session-config.json` when no backend fallback config exists yet
 
 Installed host-specific surfaces:
 
@@ -76,6 +80,7 @@ without supplying extra root paths, provider flags, or model-selection arguments
 ## What is fully automated today
 
 - shared installer output, manifest generation, and repo-local MCP launcher generation
+- default backend fallback session-config creation when no config exists yet
 - Codex skill-bundle and AGENTS-oriented install output
 - OpenCode command, skill, prompt, and config generation
 - VS Code prompt, custom-agent, instruction, and MCP config generation
@@ -84,7 +89,7 @@ without supplying extra root paths, provider flags, or model-selection arguments
 
 ## What is not fully automated today
 
-- product-level smoke validation for the generated Codex, Claude Desktop, OpenCode, and VS Code assets
+- product-level smoke validation for the generated Codex, Claude Desktop, OpenCode, VS Code, and Antigravity assets
 - one-click proof that the generated Claude Desktop bundle installs cleanly in a real Desktop environment
 - documented Antigravity artifact round-tripping back through `import_results` and `import_runtime_updates`
 

package/docs/contract.md

@@ -31,6 +31,9 @@ Important rules:
 - each finding lens must match the assigned task lens.
 - `findings[].affected_files` must be objects, not strings.
 - `findings[].evidence` must be an array of plain strings.
+- lens steward tasks are tagged `lens_verification`; they must emit
+  `findings: []` plus `verification` metadata. Suggested `verification.followup_tasks`
+  are treated as bounded follow-up requests, not direct findings.
 
 Use `audit-code validate-results --results <file>` before ingestion to validate
 results against the active task manifest.

package/docs/dispatch-implementation-plan.md

@@ -121,13 +121,31 @@ The command prints a compact JSON envelope:
 {
   "packet_id": "src-auth:security-correctness:packet-1-...",
   "description": "Audit 2 file(s), 2 task(s), 2 lens(es) (~70 lines)",
-  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1_ab12cd34ef56.prompt.md"
+  "prompt_path": ".audit-artifacts/runs/run-1/task-results/src-auth_security-correctness_packet-1_ab12cd34ef56.prompt.md",
+  "complexity": {
+    "priority": "high",
+    "task_count": 2,
+    "file_count": 2,
+    "total_lines": 70,
+    "estimated_tokens": 1180,
+    "lenses": ["security", "correctness"],
+    "tags": ["critical_flow"],
+    "large_file_mode": false
+  },
+  "model_hint": {
+    "tier": "deep",
+    "reasons": ["high_priority", "critical_flow"]
+  }
 }
 ```
 
 The orchestrator should launch one subagent per entry with the entry
 description and a prompt that tells the subagent to read and follow
 `entry.prompt_path`.
+If the host supports per-subagent model selection, it may map
+`entry.model_hint.tier` (`small`, `standard`, or `deep`) to local model names.
+These hints are provider-neutral; the backend does not hardcode model names or
+require model selection during normal use.
 
 ## Large File Mode
 

package/docs/github-copilot.md

@@ -30,7 +30,7 @@ audit-code install --host vscode
 ## Behavior
 
 - the command copies the canonical prompt payload from `skills/audit-code/audit-code.prompt.md`
-- the generated prompt file explicitly sets `agent: agent` so Copilot Chat runs `/audit-code` with tool-capable agent mode
+- the generated prompt file explicitly sets `agent: auditor` so Copilot Chat uses the generated auditor custom agent
 - the installer upserts its managed compatibility block into `.github/copilot-instructions.md` instead of clobbering unrelated instructions
 - it prints machine-readable JSON describing the installed targets
 

package/docs/model-selection.md

@@ -13,6 +13,17 @@ For that surface, the default model rule is:
 
 That is the intended product contract.
 
+When packet dispatch is prepared, `dispatch-plan.json` includes
+provider-neutral complexity metadata and a `model_hint.tier` value:
+
+- `small` for tiny, low-priority packets without sensitive lenses or risk tags
+- `standard` for ordinary bounded review packets
+- `deep` for high-priority, large, critical-flow, or external-signal packets
+
+Hosts that support per-subagent model choice may map those tiers to their own
+available models. Hosts that do not support model choice can ignore the fields.
+The backend still does not prescribe concrete model names.
+
 ## 2. Backend provider rule
 
 When the local backend delegates bounded worker runs into an external provider, model selection becomes provider-specific.

package/docs/next-steps.md

@@ -3,7 +3,7 @@
 This document tracks the next meaningful implementation work after the packet
 review-dispatch refactor and the current skill-first productionization pass.
 
-As of April 22, 2026, the shared MCP substrate and the first host-native installer pass have landed, but this repository is not yet ready for a public production launch.
+As of April 30, 2026, the shared MCP substrate and the host-native installer pass have landed, but this repository is not yet ready for a public production launch.
 
 See:
 
@@ -144,7 +144,7 @@ Status:
 
 Most likely shape:
 
-- run fresh-repo smoke checks inside Codex, Claude Desktop, OpenCode, and VS Code
+- run fresh-repo smoke checks inside Codex, Claude Desktop, OpenCode, and VS Code, with Antigravity validated against its planning-mode path
 - confirm that the generated files are both syntactically valid and actually discovered by each host
 - tighten generated docs wherever operator confusion appears during those checks
 - keep Antigravity as a documented planning-mode path unless a stable project config contract is published

package/docs/packaging.md

@@ -17,6 +17,8 @@ The primary product surface is `/audit-code` in conversation.
 That means the package needs to ship:
 
 - the canonical prompt asset at `skills/audit-code/audit-code.prompt.md`
+- the companion Codex/OpenCode skill asset at `skills/audit-code/SKILL.md`
+- packet-dispatch support data such as `dispatch/lens-definitions.json`
 - the backend fallback wrapper exposed as `audit-code`
 
 A linked-command smoke test proves the installed wrapper and prompt lookup work from the working tree.
@@ -76,11 +78,11 @@ The repository now includes packaging metadata and lifecycle hooks intended for
 
 - `package.json` is no longer marked private
 - `publishConfig.access` defaults publication to the public npm access level
-- package contents are curated with a `files` allowlist that includes the canonical prompt asset
+- package contents are curated with a `files` allowlist that includes the canonical prompt, skill, dispatch, schema, and runtime assets
 - `prepack` and `prepare` build the runtime artifact
 - `verify:release` codifies the minimum in-repo release gate
 - `prepublishOnly` now runs that full release gate, including both linked-install and packaged-install smoke validation
-- packaged smoke now verifies the tarball includes `audit-code-wrapper-lib.mjs`, the prompt asset, the response schema, and `dist/` entrypoints before install-time smoke runs
+- packaged smoke now verifies the tarball includes `audit-code-wrapper-lib.mjs`, the prompt and skill assets, dispatch lens definitions, the response schema, and `dist/` entrypoints before install-time smoke runs
 - the GitHub publish workflow uses the same release gate before `npm publish`
 - the GitHub publish workflow uses npm Trusted Publishing with GitHub OIDC instead of a long-lived publish token
 - prerelease versions now default to the `next` dist-tag in the publish workflow unless an explicit tag override is chosen on manual dispatch

package/docs/production-launch-bar.md

@@ -25,6 +25,8 @@ Anything below `dist/index.js` remains a backend or development interface rather
 - packaged installs must include:
   - `audit-code`
   - `audit-code-wrapper-lib.mjs`
+  - `dispatch/lens-definitions.json`
+  - `skills/audit-code/SKILL.md`
   - `skills/audit-code/audit-code.prompt.md`
   - `schemas/audit-code-v1alpha1.schema.json`
 - the checked-in `dist/` output is part of the shipped runtime contract for installed usage
@@ -38,7 +40,7 @@ Anything below `dist/index.js` remains a backend or development interface rather
 ### Host surfaces
 
 - ChatGPT-style project conversations are the intended `/audit-code` product surface
-- VS Code / GitHub Copilot, OpenCode, and Claude Code repositories are supported through `audit-code install`
+- Codex, Claude Desktop, OpenCode, VS Code / GitHub Copilot, and Antigravity repository surfaces are generated through `audit-code install`
 - editor integrations that import `skills/audit-code/audit-code.prompt.md` are supported as prompt-based integrations
 - no editor-specific native install surface should be called production-ready until it has explicit documentation and a repeatable verification path
 

package/docs/production-readiness.md

@@ -2,7 +2,7 @@
 
 ## Verdict
 
-As of April 22, 2026, the package release path is ready for a public npm release candidate, but the broader host experience still has follow-through work before it should be described as a frictionless production launch.
+As of April 30, 2026, the package release path has a strong in-repo release gate, but the broader host experience still has follow-through work before it should be described as a frictionless production launch.
 
 What is already true:
 
@@ -11,9 +11,9 @@ What is already true:
 - linked-install smoke coverage passes
 - packaged-install smoke coverage passes
 - packaged tarball contract verification passes
-- `npm run verify:release` passes for the current `0.2.8` worktree
-- local `npm publish --dry-run` passes for `auditor-lambda@0.2.8`
-- npm currently reports `auditor-lambda@0.2.6` as `latest`, so the checked-in release version is still unpublished
+- `npm run verify:release` is the authoritative local release gate for the current worktree
+- local `npm publish --dry-run` should be run before any release candidate publish
+- npm registry state should be verified at release time rather than inferred from checked-in docs
 - malformed config and corrupted artifact handling are explicit
 - blocked fallback runs now emit structured operator handoff guidance
 - supported repo-local hosts now share a bootstrap install path via `audit-code install`
@@ -27,7 +27,7 @@ The biggest remaining gaps are product and release-operational, not core wrapper
 1. npm publication is not fully proven end to end.
    The repo now has a Trusted Publishing workflow and a passing local dry run, but npm-side trusted publisher setup plus the first GitHub Actions dry run still need to be completed outside the codebase.
 2. The primary conversation-first product still has setup friction on hosts without a verified repo-local slash-command surface.
-   VS Code / Copilot, OpenCode, and Claude Code now share a bootstrap path, but Claude Desktop, Antigravity, and other hosts still need more work.
+   Codex, Claude Desktop, OpenCode, VS Code / Copilot, and Antigravity now share the same bootstrap command, but each generated host surface still needs real-product verification before it can be called frictionless.
 3. Provider-assisted continuation still needs polish outside the happy path.
    Configured interactive bridges can now continue through audit-task review, but operator guidance and host-specific ergonomics still need refinement when a provider cannot produce results cleanly.
 
@@ -38,7 +38,7 @@ The explicit launch bar is now documented in `docs/production-launch-bar.md`, an
 1. Confirm release operations externally.
    Validate npm package-name ownership for `auditor-lambda`, configure npm Trusted Publishing for `.github/workflows/publish-package.yml`, and run a real GitHub Actions dry run or prerelease publish from that workflow path.
 2. Extend bootstrap coverage beyond the currently automated hosts.
-   Keep `audit-code install` stable for VS Code / Copilot, OpenCode, and Claude Code, and close the remaining friction gap for hosts that still lack a verified repo-local install surface.
+   Keep `audit-code install` stable for Codex, Claude Desktop, OpenCode, VS Code / Copilot, and Antigravity, and close the remaining friction gap for hosts that still lack a verified repo-local install surface.
 3. Polish provider-assisted UX.
    Keep the new continuation path explicit and inspectable while improving failure hints, host guidance, and operator recovery when a provider bridge misbehaves.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.3.5",
+  "version": "0.3.7",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/schemas/audit_result.schema.json

@@ -14,6 +14,9 @@
   "$defs": {
     "Finding": {
       "$ref": "finding.schema.json"
+    },
+    "AuditTask": {
+      "$ref": "audit_task.schema.json"
     }
   },
   "properties": {
@@ -50,6 +53,31 @@
     "followup_tasks": {
       "type": "array",
       "items": { "type": "string" }
+    },
+    "verification": {
+      "type": "object",
+      "required": ["verified", "needs_followup"],
+      "properties": {
+        "verified": { "type": "boolean" },
+        "needs_followup": { "type": "boolean" },
+        "concerns": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "coverage_concerns": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "confidence_concerns": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "followup_tasks": {
+          "type": "array",
+          "items": { "$ref": "#/$defs/AuditTask" }
+        }
+      },
+      "additionalProperties": false
     }
   },
   "additionalProperties": false

package/skills/audit-code/SKILL.md

@@ -28,6 +28,10 @@ command, then stop so the user can rerun `/audit-code` from fresh context.
 Subagent fan-out belongs to the host agent runtime rather than to repo-local
 backend provider settings.
 
+When dispatch-plan entries include provider-neutral complexity and
+`model_hint.tier` metadata, a capable host may map those tiers to its own
+subagent models. The backend should not prescribe concrete model names.
+
 Bounded steps are a backend implementation detail, not the intended user experience.
 
 ## Embedded Prompt Payload

package/skills/audit-code/audit-code.prompt.md

@@ -81,6 +81,11 @@ In a single message, launch one Agent/subagent call per dispatch-plan entry:
 Agent({ description: entry.description, prompt: "Read and follow the audit instructions in: " + entry.prompt_path })
 ```
 
+If the host supports per-subagent model selection, use `entry.model_hint.tier`
+as a provider-neutral routing hint (`small`, `standard`, or `deep`). Map it to
+available host models without asking the user to choose model names. If model
+selection is unavailable, ignore the hint and dispatch normally.
+
 If the host supports per-subagent tool restrictions, give review subagents no
 Write tool and allow shell access only for the `audit-code submit-packet`
 command printed in their prompt.