auditor-lambda 0.3.8 → 0.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/extractors/fileInventory.js +1450 -17
- package/dist/mcp/server.js +6 -5
- package/dist/orchestrator/autoFixExecutor.js +22 -20
- package/dist/orchestrator/reviewPackets.js +3 -3
- package/dist/orchestrator/taskBuilder.js +3 -3
- package/package.json +3 -1
- package/skills/audit-code/audit-code.prompt.md +3 -0
package/dist/mcp/server.js
CHANGED
|
@@ -165,7 +165,7 @@ async function getStatusPayload(context) {
|
|
|
165
165
|
};
|
|
166
166
|
}
|
|
167
167
|
function asTextContent(value) {
|
|
168
|
-
return typeof value === "string" ? value : JSON.stringify(value
|
|
168
|
+
return typeof value === "string" ? value : JSON.stringify(value);
|
|
169
169
|
}
|
|
170
170
|
function toolResult(value) {
|
|
171
171
|
return {
|
|
@@ -184,14 +184,14 @@ async function readResource(uri, context) {
|
|
|
184
184
|
const bundle = await loadArtifactBundle(context.artifactsDir);
|
|
185
185
|
return {
|
|
186
186
|
mimeType: "application/json",
|
|
187
|
-
text: JSON.stringify(bundle
|
|
187
|
+
text: JSON.stringify(bundle),
|
|
188
188
|
};
|
|
189
189
|
}
|
|
190
190
|
case "audit-code://handoff/current": {
|
|
191
191
|
const status = (await getStatusPayload(context)).handoff;
|
|
192
192
|
return {
|
|
193
193
|
mimeType: "application/json",
|
|
194
|
-
text: JSON.stringify(status
|
|
194
|
+
text: JSON.stringify(status),
|
|
195
195
|
};
|
|
196
196
|
}
|
|
197
197
|
case "audit-code://install/guide": {
|
|
@@ -247,14 +247,15 @@ function renderPrompt(name, args) {
|
|
|
247
247
|
return [
|
|
248
248
|
"Use the auditor MCP tools as the primary interface to the backend wrapper.",
|
|
249
249
|
"1. Call `start_audit`.",
|
|
250
|
-
"2. If the audit is blocked, inspect `audit-code://handoff/current
|
|
250
|
+
"2. If the audit is blocked, inspect `audit-code://handoff/current`.",
|
|
251
|
+
" Do not read `audit-code://artifacts/current` unless explicitly needed for a specific task; it is massive and consumes your context window.",
|
|
251
252
|
"3. When the user provides additional evidence, call `import_results` or `import_runtime_updates`.",
|
|
252
253
|
"4. Call `continue_audit` until the status is complete or explicitly blocked for operator input.",
|
|
253
254
|
].join("\n");
|
|
254
255
|
case "review-task":
|
|
255
256
|
return [
|
|
256
257
|
`Use \`explain_task\` for task \`${String(args?.task_id ?? "")}\` before you inspect code manually.`,
|
|
257
|
-
"
|
|
258
|
+
"Do not read the full `audit-code://artifacts/current` bundle unless specifically needed, as it is massive.",
|
|
258
259
|
].join("\n");
|
|
259
260
|
case "synthesize-report":
|
|
260
261
|
return [
|
|
@@ -19,51 +19,53 @@ export function runAutoFixExecutor(bundle, root) {
|
|
|
19
19
|
}
|
|
20
20
|
}
|
|
21
21
|
const executedTools = [];
|
|
22
|
-
// TS
|
|
22
|
+
// JS, TS, HTML, CSS, JSON, YAML, MD
|
|
23
23
|
if (extensions.has("ts") ||
|
|
24
24
|
extensions.has("js") ||
|
|
25
25
|
extensions.has("tsx") ||
|
|
26
|
-
extensions.has("jsx")
|
|
26
|
+
extensions.has("jsx") ||
|
|
27
|
+
extensions.has("html") ||
|
|
28
|
+
extensions.has("css") ||
|
|
29
|
+
extensions.has("json") ||
|
|
30
|
+
extensions.has("yml") ||
|
|
31
|
+
extensions.has("yaml") ||
|
|
32
|
+
extensions.has("md")) {
|
|
27
33
|
if (tryRunConfiguredFormatter(root, [
|
|
28
34
|
...resolveNodeTool(root, join("node_modules", "prettier", "bin", "prettier.cjs"), ["--write", "."], "prettier --write ."),
|
|
29
35
|
{ command: "prettier", args: ["--write", "."], display: "prettier --write ." },
|
|
30
|
-
|
|
36
|
+
{ command: "npx", args: ["--yes", "prettier", "--write", "."], display: "npx --yes prettier --write ." },
|
|
37
|
+
])) {
|
|
31
38
|
executedTools.push("prettier");
|
|
32
|
-
|
|
33
|
-
...resolveNodeTool(root, join("node_modules", "eslint", "bin", "eslint.js"), ["--fix", "."], "eslint --fix ."),
|
|
34
|
-
{ command: "eslint", args: ["--fix", "."], display: "eslint --fix ." },
|
|
35
|
-
]))
|
|
36
|
-
executedTools.push("eslint");
|
|
39
|
+
}
|
|
37
40
|
}
|
|
38
41
|
// Python
|
|
39
42
|
if (extensions.has("py")) {
|
|
40
43
|
if (tryRunConfiguredFormatter(root, [
|
|
41
44
|
{ command: "black", args: ["."], display: "black ." },
|
|
42
45
|
{ command: "python", args: ["-m", "black", "."], display: "python -m black ." },
|
|
46
|
+
{ command: "uvx", args: ["black", "."], display: "uvx black ." },
|
|
47
|
+
{ command: "pipx", args: ["run", "black", "."], display: "pipx run black ." },
|
|
43
48
|
])) {
|
|
44
49
|
executedTools.push("black");
|
|
45
50
|
}
|
|
51
|
+
}
|
|
52
|
+
// SQL
|
|
53
|
+
if (extensions.has("sql")) {
|
|
46
54
|
if (tryRunConfiguredFormatter(root, [
|
|
47
|
-
{
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
display: "autopep8 --in-place --recursive .",
|
|
51
|
-
},
|
|
52
|
-
{
|
|
53
|
-
command: "python",
|
|
54
|
-
args: ["-m", "autopep8", "--in-place", "--recursive", "."],
|
|
55
|
-
display: "python -m autopep8 --in-place --recursive .",
|
|
56
|
-
},
|
|
55
|
+
{ command: "sqlfluff", args: ["fix", "--force", "."], display: "sqlfluff fix --force ." },
|
|
56
|
+
{ command: "uvx", args: ["sqlfluff", "fix", "--force", "."], display: "uvx sqlfluff fix --force ." },
|
|
57
|
+
{ command: "pipx", args: ["run", "sqlfluff", "fix", "--force", "."], display: "pipx run sqlfluff fix --force ." },
|
|
57
58
|
])) {
|
|
58
|
-
executedTools.push("
|
|
59
|
+
executedTools.push("sqlfluff");
|
|
59
60
|
}
|
|
60
61
|
}
|
|
61
62
|
// Go
|
|
62
63
|
if (extensions.has("go")) {
|
|
63
64
|
if (tryRunConfiguredFormatter(root, [
|
|
64
65
|
{ command: "gofmt", args: ["-w", "."], display: "gofmt -w ." },
|
|
65
|
-
]))
|
|
66
|
+
])) {
|
|
66
67
|
executedTools.push("gofmt");
|
|
68
|
+
}
|
|
67
69
|
}
|
|
68
70
|
const resultsArtifact = {
|
|
69
71
|
executed_tools: executedTools,
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { createHash } from "node:crypto";
|
|
2
2
|
import { LENS_ORDER } from "./unitBuilder.js";
|
|
3
|
-
const DEFAULT_MAX_TASKS_PER_PACKET =
|
|
4
|
-
const DEFAULT_TARGET_PACKET_LINES =
|
|
3
|
+
const DEFAULT_MAX_TASKS_PER_PACKET = 0;
|
|
4
|
+
const DEFAULT_TARGET_PACKET_LINES = 8000;
|
|
5
5
|
const ESTIMATED_TOKENS_PER_LINE = 4;
|
|
6
6
|
const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
|
|
7
7
|
function priorityRank(priority) {
|
|
@@ -121,7 +121,7 @@ function chunkPacketTasks(tasks, options) {
|
|
|
121
121
|
const owner = candidate.find((item) => item.file_paths.includes(path));
|
|
122
122
|
return sum + (owner ? lineCountForPath(owner, path, options.lineIndex) : 0);
|
|
123
123
|
}, 0);
|
|
124
|
-
const wouldExceedTaskCount = current.length > 0 && candidate.length > options.maxTasksPerPacket;
|
|
124
|
+
const wouldExceedTaskCount = options.maxTasksPerPacket > 0 && current.length > 0 && candidate.length > options.maxTasksPerPacket;
|
|
125
125
|
const wouldExceedLines = current.length > 0 && candidateLines > options.targetPacketLines;
|
|
126
126
|
if (wouldExceedTaskCount || wouldExceedLines) {
|
|
127
127
|
chunks.push(current);
|
|
@@ -46,9 +46,9 @@ function pickAnalyzerLens(category) {
|
|
|
46
46
|
return "maintainability";
|
|
47
47
|
return "correctness";
|
|
48
48
|
}
|
|
49
|
-
const DEFAULT_FILE_SPLIT_THRESHOLD =
|
|
50
|
-
const DEFAULT_MAX_TASK_LINES =
|
|
51
|
-
const DEFAULT_MAX_TASK_FILES =
|
|
49
|
+
const DEFAULT_FILE_SPLIT_THRESHOLD = 5000;
|
|
50
|
+
const DEFAULT_MAX_TASK_LINES = 3000;
|
|
51
|
+
const DEFAULT_MAX_TASK_FILES = 15;
|
|
52
52
|
const DEFAULT_TINY_TEST_FILE_LINES = 250;
|
|
53
53
|
const TINY_TEST_UNIT_ID = "tests-tiny-files";
|
|
54
54
|
function buildCoverageIndex(coverageMatrix) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "auditor-lambda",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.10",
|
|
4
4
|
"private": false,
|
|
5
5
|
"description": "Portable hybrid code-auditing framework for arbitrary repositories.",
|
|
6
6
|
"type": "module",
|
|
@@ -20,6 +20,7 @@
|
|
|
20
20
|
],
|
|
21
21
|
"scripts": {
|
|
22
22
|
"postinstall": "node scripts/postinstall.mjs",
|
|
23
|
+
"update-languages": "node scripts/update-languages.mjs",
|
|
23
24
|
"build": "tsc -p tsconfig.json",
|
|
24
25
|
"check": "tsc -p tsconfig.json --noEmit",
|
|
25
26
|
"test": "npm run build && node --test tests/*.test.mjs",
|
|
@@ -67,6 +68,7 @@
|
|
|
67
68
|
"devDependencies": {
|
|
68
69
|
"@types/node": "^24.3.0",
|
|
69
70
|
"ajv": "^8.17.1",
|
|
71
|
+
"linguist-languages": "^9.3.2",
|
|
70
72
|
"typescript": "^5.9.2"
|
|
71
73
|
}
|
|
72
74
|
}
|
|
@@ -25,6 +25,7 @@ and ingest results mechanically.
|
|
|
25
25
|
a backend command fails and the error explicitly requires diagnosis.
|
|
26
26
|
- Do not inspect individual subagent result files after dispatch. Validation
|
|
27
27
|
and ingestion are backend responsibilities.
|
|
28
|
+
- CRITICAL: Do not use your `Read` tool to read `entry.prompt_path` or JSON schemas into your own context window. The subagent will read them. Pass the path literally.
|
|
28
29
|
- Prefer subagent dispatch for semantic review whenever the host exposes an
|
|
29
30
|
Agent/subagent tool.
|
|
30
31
|
- If the host cannot dispatch subagents, complete exactly one assigned review
|
|
@@ -94,6 +95,8 @@ In a single message, launch one Agent/subagent call per dispatch-plan entry:
|
|
|
94
95
|
Agent({ description: entry.description, prompt: "Read and follow the audit instructions in: " + entry.prompt_path })
|
|
95
96
|
```
|
|
96
97
|
|
|
98
|
+
Do NOT use your `Read` tool to load `entry.prompt_path` into your context window. The subagent has its own context window and will read the file.
|
|
99
|
+
|
|
97
100
|
If the host supports per-subagent model selection, use `entry.model_hint.tier`
|
|
98
101
|
as a provider-neutral routing hint (`small`, `standard`, or `deep`). Map it to
|
|
99
102
|
available host models without asking the user to choose model names. If model
|