auditor-lambda 0.6.12 → 0.7.0

package/audit-code-wrapper-lib.mjs

@@ -2,7 +2,7 @@ import { access, cp, mkdir, open, readFile, readdir, stat, unlink, writeFile } f
 import { constants } from 'node:fs';
 import { spawn } from 'node:child_process';
 import { createRequire } from 'node:module';
-import { dirname, join, relative, resolve } from 'node:path';
+import { dirname, isAbsolute, join, relative, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
 
 const repoRoot = dirname(fileURLToPath(import.meta.url));
@@ -247,11 +247,54 @@ async function acquireBuildLock() {
   }
 }
 
+// Pure, testable core of the build preflight. `sharedManifestPath` is the
+// resolved path of @audit-tools/shared's package.json (or null if it could not
+// be resolved at all); `checkoutRoot` is the root this wrapper belongs to.
+export function assertWorkspaceInstalled({ checkoutRoot, sharedManifestPath }) {
+  if (!sharedManifestPath) {
+    throw new Error(
+      'Dependencies are not installed for this checkout. Run `npm install` from ' +
+        'the repository root, then retry — building from source needs node_modules ' +
+        '(including the @audit-tools/shared workspace link).',
+    );
+  }
+
+  const relToCheckout = relative(checkoutRoot, sharedManifestPath);
+  if (relToCheckout.startsWith('..') || isAbsolute(relToCheckout)) {
+    throw new Error(
+      `@audit-tools/shared resolved to ${sharedManifestPath}, outside this ` +
+        `checkout (${checkoutRoot}). node_modules was never installed here — ` +
+        'common in a fresh git worktree — so building would typecheck against ' +
+        "another checkout's stale dist and report phantom \"missing export\" " +
+        "errors. Run `npm install` from this checkout's root.",
+    );
+  }
+}
+
+// Catches the common fresh-checkout trap before `npm run build` runs: with no
+// local node_modules, Node/tsc resolve @audit-tools/shared against a different
+// checkout (e.g. the main repo when running inside a git worktree).
+async function preflightWorkspace() {
+  const requireFromHere = createRequire(import.meta.url);
+  let sharedManifestPath = null;
+  try {
+    sharedManifestPath = requireFromHere.resolve('@audit-tools/shared/package.json');
+  } catch {
+    sharedManifestPath = null;
+  }
+  assertWorkspaceInstalled({
+    checkoutRoot: resolve(repoRoot, '..', '..'),
+    sharedManifestPath,
+  });
+}
+
 async function ensureBuilt() {
   if (!(await shouldBuildDist())) {
     return;
   }
 
+  await preflightWorkspace();
+
   const lockHandle = await acquireBuildLock();
   if (!lockHandle) {
     return;

package/dist/cli/args.d.ts

@@ -35,6 +35,7 @@ export declare function summarizeLaunchExit(result: {
     error?: string;
 }): string | null;
 export declare function taskResultPath(taskResultsDir: string, taskId: string): string;
+export declare function isCanonicalResultFilename(filename: string): boolean;
 export declare function packetPromptPath(taskResultsDir: string, packetId: string): string;
 export declare function readStdinText(): Promise<string>;
 export declare function normalizePositiveInteger(value: unknown): number | undefined;

package/dist/cli/args.js

@@ -101,6 +101,14 @@ export function summarizeLaunchExit(result) {
 export function taskResultPath(taskResultsDir, taskId) {
     return join(taskResultsDir, artifactNameForId(taskId, "json"));
 }
+const CANONICAL_RESULT_FILENAME = /_[0-9a-f]{12}\.json$/i;
+// True when `filename` matches the canonical per-task result naming produced by
+// artifactNameForId (stem + "_" + 12-hex sha256 digest + ".json"). Lets
+// merge-and-ingest tell legitimate prior-round results apart from genuinely
+// stray files (e.g. packet-23-results.json) left in task-results/.
+export function isCanonicalResultFilename(filename) {
+    return CANONICAL_RESULT_FILENAME.test(filename);
+}
 export function packetPromptPath(taskResultsDir, packetId) {
     return join(taskResultsDir, artifactNameForId(packetId, "prompt.md"));
 }

package/dist/cli/dispatch.js

@@ -8,7 +8,7 @@ import { orderTasksForPacketReview, buildReviewPackets, sizeIndexFromManifest, }
 import { buildFileAnchorSummary } from "../orchestrator/fileAnchors.js";
 import { resolveFreshSessionProviderName } from "../providers/index.js";
 import { loadSessionConfig } from "../supervisor/sessionConfig.js";
-import { scheduleWave, buildProviderModelKey, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, mergeDiscoveredLimits, } from "../quota/index.js";
+import { scheduleWave, buildProviderModelKey, resolveHostModel, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, mergeDiscoveredLimits, } from "../quota/index.js";
 import { taskResultPath, packetPromptPath, artifactNameForId, toBase64Url, fromBase64Url, getFlag, } from "./args.js";
 export const LARGE_FILE_PACKET_TARGET_LINES = 2500;
 export const SMALL_MODEL_HINT_MAX_LINES = 500;
@@ -391,7 +391,9 @@ export async function prepareDispatchArtifacts(params) {
             ...taskSections,
             "## Output",
             "Do not write files directly. Do not use a Write tool, create temp files, edit source files,",
-            "remediate findings, create extra task results, or run unrelated audits.",
+            "remediate findings, run unrelated audits, or write any result file yourself (e.g.",
+            "packet-*-result.json / audit_result_*.json) — the submit-packet command below is the only",
+            "way to record results, and it writes them inside the artifacts directory for you.",
             "Produce one JSON array containing exactly one AuditResult object for each listed task.",
             "",
             "Required AuditResult fields:",
@@ -453,9 +455,18 @@ export async function prepareDispatchArtifacts(params) {
         run_id: runId,
         entries: resultMapEntries,
     });
-    const hostModel = params.hostModel ?? null;
     const perPacketTokens = plan.map((p) => p.complexity.estimated_tokens);
     const quotaProviderName = resolveFreshSessionProviderName(undefined, sessionConfig);
+    // Resolve the host model (explicit/CLI override → block_quota.host_model → env
+    // → per-provider default) so per-model quota detection engages with realistic
+    // limits instead of the conservative unknown-model floor. params.hostModel
+    // carries any caller/CLI override.
+    const hostModel = resolveHostModel({
+        providerName: quotaProviderName,
+        sessionConfig,
+        explicitModel: params.hostModel,
+        envVar: "AUDIT_CODE_HOST_MODEL",
+    });
     const quotaProviderKey = buildProviderModelKey(quotaProviderName, hostModel);
     const quotaState = await readQuotaState().catch(() => ({ version: 2, entries: {} }));
     const quotaStateEntry = quotaState.entries[quotaProviderKey] ?? null;

package/dist/cli/nextStepCommand.js

@@ -3,6 +3,7 @@ import { join, resolve } from "node:path";
 import { isFileMissingError, readJsonFile, writeJsonFile, } from "@audit-tools/shared";
 import { loadArtifactBundle, promoteFinalAuditReport, writeCoreArtifacts, AUDIT_REPORT_FILENAME, } from "../io/artifacts.js";
 import { advanceAudit } from "../orchestrator/advance.js";
+import { computeArtifactStateSignature } from "../orchestrator/artifactMetadata.js";
 import { decideNextStep } from "../orchestrator/nextStep.js";
 import { deriveAuditState } from "../orchestrator/state.js";
 import { checkFileIntegrity } from "../orchestrator/fileIntegrity.js";
@@ -25,6 +26,15 @@ import { getArtifactsDir, getFlag, getHostMaxActiveSubagents, getMaxRuns, getOpt
 async function runDeterministicForNextStep(params) {
     let lastSummary = "";
     let analyzers = params.analyzers;
+    // Finalization thrashing guard. A converging run produces a (mostly) new
+    // artifact state each iteration, so the iteration count tracks the number of
+    // distinct states closely (a few idempotent passes are normal). When
+    // iterations outrun distinct states by this tolerance, deterministic executors
+    // are revisiting states (a staleness ping-pong, e.g. runtime_validation <->
+    // synthesis) rather than progressing — stop instead of spinning to maxRuns.
+    const FINALIZATION_CYCLE_TOLERANCE = 16;
+    const seenStateSignatures = new Set();
+    const obligationTrail = [];
     for (let index = 0; index < params.maxRuns; index++) {
         const bundle = await loadArtifactBundle(params.artifactsDir);
         const decision = decideNextStep(bundle);
@@ -286,6 +296,33 @@ async function runDeterministicForNextStep(params) {
                 reason: result.progress_summary,
             };
         }
+        // Finalization cycle guard. If this iteration returned the audit to an
+        // artifact state already produced this run, the deterministic loop is
+        // thrashing (no net progress) rather than converging. The canonical outputs
+        // are already rendered, so stop and surface the cycling obligations instead
+        // of spinning to maxRuns and crashing.
+        obligationTrail.push(decision.selected_obligation ?? "unknown");
+        seenStateSignatures.add(computeArtifactStateSignature(result.updated_bundle));
+        if (index + 1 - seenStateSignatures.size >= FINALIZATION_CYCLE_TOLERANCE) {
+            const cycle = Array.from(new Set(obligationTrail.slice(-FINALIZATION_CYCLE_TOLERANCE)));
+            await writeJsonFile(join(params.artifactsDir, "steps", "deterministic-progress.json"), {
+                iteration: index + 1,
+                max_runs: params.maxRuns,
+                cycle_detected: true,
+                cycling_obligations: cycle,
+                summary: "Finalization kept revisiting prior artifact states without net " +
+                    `progress; stopping. Cycling obligations: ${cycle.join(" -> ")}.`,
+                timestamp: new Date().toISOString(),
+            });
+            return {
+                kind: "blocked",
+                state: result.audit_state,
+                bundle: result.updated_bundle,
+                reason: "Finalization is not converging: deterministic executors kept revisiting " +
+                    `prior artifact states (${cycle.join(" -> ")}). The report has been ` +
+                    "rendered; review whether these obligations are erroneously invalidating each other.",
+            };
+        }
     }
     const bundle = await loadArtifactBundle(params.artifactsDir);
     const state = deriveAuditState(bundle);

package/dist/cli/prompts.js

@@ -68,6 +68,8 @@ export function renderDispatchReviewPrompt(params) {
             "`host_concurrency_limit` records any detected hard host cap that contributed to `wave_size`.",
             "",
             "For each wave: use the `task` tool (or equivalent subagent dispatch) to launch up to `wave_size` subagents in parallel (one per entry), wait for all to finish, then start the next wave.",
+            "",
+            'If a subagent reports a host session/usage limit (e.g. "hit your session limit · resets <time>") instead of submitting its result, do not immediately re-dispatch it: run merge-and-ingest with the results you did get, then wait until the stated reset time before running next-step to re-dispatch the remaining packets. Re-dispatching into an active limit just loses the wave.',
         ]
         : [
             "Read this generated dispatch plan:",

package/dist/cli.js

@@ -26,7 +26,7 @@ import { runAuditCodeMcpServer } from "./mcp/server.js";
 import { scheduleWave, buildProviderModelKey, readQuotaState, resolveLimits, resolveHostActiveSubagentLimit, probeProvider, computeMaxSafeConcurrency, getQuotaStatePath, lookupDiscoveredLimits, setQuotaStateDir, } from "./quota/index.js";
 // Re-exports from extracted modules
 export { resolveHostDispatchCapability, DIRECT_CLI_DEFAULTS, getFlag, hasFlag, getOptionalBooleanFlag, getArtifactsDir, getRootDir, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, chunkArray, getUiMode, looksLikeCliFlag, countLines, warnIfNotGitRepo, } from "./cli/args.js";
-import { DIRECT_CLI_DEFAULTS, getFlag, hasFlag, fromBase64Url, taskResultPath, readStdinText, getArtifactsDir, getRootDir, warnIfNotGitRepo, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, getExplicitProvider, getHostModel, getHostMaxActiveSubagents, getQuotaProbeMode, resolveRunProviderName, chunkArray, getUiMode, looksLikeCliFlag, countLines, } from "./cli/args.js";
+import { DIRECT_CLI_DEFAULTS, getFlag, hasFlag, fromBase64Url, taskResultPath, isCanonicalResultFilename, readStdinText, getArtifactsDir, getRootDir, warnIfNotGitRepo, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, getExplicitProvider, getHostModel, getHostMaxActiveSubagents, getQuotaProbeMode, resolveRunProviderName, chunkArray, getUiMode, looksLikeCliFlag, countLines, } from "./cli/args.js";
 import { WORKER_RESULT_CONTRACT_VERSION, buildWorkerResult, formatAuditResultValidationError, } from "./cli/workerResult.js";
 import { DISPATCH_RESULT_MAP_FILENAME, ACTIVE_DISPATCH_FILENAME, resolveRunScopedArg, loadDispatchResultMap, entriesByTaskId, buildPendingAuditTasks, prepareDispatchArtifacts, } from "./cli/dispatch.js";
 import { buildLineIndex, buildLineIndexForPaths, addFileLineCountHints, } from "./cli/lineIndex.js";
@@ -510,20 +510,29 @@ async function cmdMergeAndIngest(argv) {
     const fallbackByTaskId = new Map();
     for (const filename of files) {
         const filePath = resolve(join(taskResultsDir, filename));
-        if (!expectedPaths.has(filePath)) {
-            spuriousFileCount++;
-            try {
-                const raw = await readFile(filePath, "utf8");
-                const parsed = JSON.parse(raw);
-                if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-                    const tid = typeof parsed.task_id === "string"
-                        ? String(parsed.task_id) : undefined;
-                    if (tid && !fallbackByTaskId.has(tid)) {
-                        fallbackByTaskId.set(tid, parsed);
-                    }
+        if (expectedPaths.has(filePath))
+            continue;
+        // Not part of this round's plan. Still read it so a current task can be
+        // recovered by task_id (e.g. a subagent wrote a valid result under a
+        // non-assigned name).
+        try {
+            const raw = await readFile(filePath, "utf8");
+            const parsed = JSON.parse(raw);
+            if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+                const tid = typeof parsed.task_id === "string"
+                    ? String(parsed.task_id) : undefined;
+                if (tid && !fallbackByTaskId.has(tid)) {
+                    fallbackByTaskId.set(tid, parsed);
                 }
             }
-            catch { /* not parseable — skip */ }
+        }
+        catch { /* not parseable — skip */ }
+        // Only genuinely stray files are "spurious". Canonical per-task result files
+        // (<stem>_<digest>.json) left by prior deepening rounds in the same
+        // task-results/ dir are legitimate and must not inflate the count or bury
+        // the real stray-file signal (3 -> 191 over a run before this fix).
+        if (!isCanonicalResultFilename(filename)) {
+            spuriousFileCount++;
             process.stderr.write(`[merge-and-ingest] Warning: unexpected file in task-results/: ${filename}\n`);
         }
     }

package/dist/extractors/fileInventory.js

@@ -1,10 +1,23 @@
 import { normalizeExtractorPath } from "./pathPatterns.js";
 import { LANGUAGE_BY_EXTENSION } from "./languageMap.generated.js";
+// The generated linguist map resolves a few common extensions to obscure
+// languages that outrank the everyday one (".md" -> GCC machine description,
+// ".yml"/".yaml" -> MiniYAML). These overrides win over the generated map so the
+// file inventory does not mislabel ordinary docs/config. Keep this list small
+// and limited to extensions whose generated mapping is demonstrably wrong.
+const EXTENSION_LANGUAGE_OVERRIDES = {
+    md: "markdown",
+    markdown: "markdown",
+    yaml: "yaml",
+    yml: "yaml",
+};
 function inferLanguage(path) {
     const normalized = normalizeExtractorPath(path);
     const base = normalized.split("/").pop() ?? normalized;
-    const extension = base.includes(".") ? base.split(".").pop() ?? "" : "";
-    return LANGUAGE_BY_EXTENSION[extension] ?? "unknown";
+    const extension = (base.includes(".") ? base.split(".").pop() ?? "" : "").toLowerCase();
+    return (EXTENSION_LANGUAGE_OVERRIDES[extension] ??
+        LANGUAGE_BY_EXTENSION[extension] ??
+        "unknown");
 }
 export function buildRepoManifest(repositoryName, files) {
     return {

package/dist/orchestrator/artifactMetadata.d.ts

@@ -1,4 +1,5 @@
 import type { ArtifactMetadataManifest } from "../types/artifactMetadata.js";
 import type { ArtifactBundle } from "../io/artifacts.js";
 export declare function present(bundle: ArtifactBundle, artifactName: string): boolean;
+export declare function computeArtifactStateSignature(bundle: ArtifactBundle): string;
 export declare function computeArtifactMetadata(bundle: ArtifactBundle, previous?: ArtifactMetadataManifest, updatedArtifacts?: Iterable<string>): ArtifactMetadataManifest;

package/dist/orchestrator/artifactMetadata.js

@@ -1,3 +1,4 @@
+import { createHash } from "node:crypto";
 import { getArtifactValue } from "../io/artifacts.js";
 import { buildReverseDependencyMap, hashArtifactValue, stableStringify, } from "./artifactFreshness.js";
 const REVERSE_DEPENDENCY_MAP = buildReverseDependencyMap();
@@ -31,6 +32,20 @@ export function present(bundle, artifactName) {
     const value = getArtifactValue(bundle, artifactName);
     return value !== undefined && value !== null;
 }
+// Stable signature of the overall artifact state, keyed on per-artifact CONTENT
+// hashes — deliberately NOT revisions, which only ever increment. A
+// deterministic advance loop that revisits a signature it already produced this
+// run is cycling (e.g. a runtime_validation <-> synthesis staleness ping-pong);
+// the content-hash basis catches that even while revisions churn underneath.
+export function computeArtifactStateSignature(bundle) {
+    const metadata = bundle.artifact_metadata;
+    if (!metadata)
+        return "no-metadata";
+    const entries = Object.entries(metadata.artifacts)
+        .map(([name, entry]) => `${name}:${entry.content_hash}`)
+        .sort();
+    return createHash("sha256").update(entries.join("\n")).digest("hex");
+}
 export function computeArtifactMetadata(bundle, previous, updatedArtifacts = []) {
     const artifacts = {};
     const updated = new Set(updatedArtifacts);

package/dist/orchestrator/flowRequeue.js

@@ -1,17 +1,4 @@
-function isLens(value) {
-    return [
-        "correctness",
-        "architecture",
-        "maintainability",
-        "security",
-        "reliability",
-        "performance",
-        "data_integrity",
-        "tests",
-        "operability",
-        "config_deployment",
-    ].includes(String(value));
-}
+import { isLens } from "../types.js";
 function getExternalSignalPaths(externalAnalyzerResults) {
     const results = Array.isArray(externalAnalyzerResults?.results)
         ? externalAnalyzerResults.results

package/dist/orchestrator/reviewPacketSizing.d.ts

@@ -0,0 +1,25 @@
+import type { AuditTask } from "../types.js";
+export declare const DEFAULT_MAX_TASKS_PER_PACKET = 0;
+export declare const ESTIMATED_TOKENS_PER_LINE = 4;
+export declare const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
+export declare const DEFAULT_TARGET_PACKET_TOKENS: number;
+/**
+ * Build a path → size_bytes index from a repo manifest. Byte counts are
+ * recorded during intake, so this never reads files. Review packet token
+ * estimates are derived from these bytes (Phase 2) instead of counted lines.
+ */
+export declare function sizeIndexFromManifest(repoManifest?: {
+    files: ReadonlyArray<{
+        path: string;
+        size_bytes: number;
+    }>;
+}): Record<string, number>;
+/** Estimated content tokens for one task across all of its files. */
+export declare function taskContentTokens(task: AuditTask, sizeIndex?: Record<string, number>, lineIndex?: Record<string, number>): number;
+/**
+ * Estimated content tokens across a set of file paths, resolving an owning task
+ * per path so the line fallback can read its `file_line_counts`. Shared files
+ * are counted once.
+ */
+export declare function fileGroupContentTokens(filePaths: Iterable<string>, tasks: AuditTask[], sizeIndex?: Record<string, number>, lineIndex?: Record<string, number>): number;
+export declare function estimateTaskGroupTokens(tasks: AuditTask[], sizeIndex?: Record<string, number>, lineIndex?: Record<string, number>): number;

package/dist/orchestrator/reviewPacketSizing.js

@@ -0,0 +1,60 @@
+import { estimateTokensFromBytes } from "@audit-tools/shared";
+// Per-packet sizing / token-budget arithmetic for review packetization,
+// extracted from reviewPackets.ts. Estimates derive from manifest byte counts
+// (recorded at intake) with a line-count fallback for manually built tasks.
+export const DEFAULT_MAX_TASKS_PER_PACKET = 0;
+const DEFAULT_TARGET_PACKET_LINES = 8000;
+export const ESTIMATED_TOKENS_PER_LINE = 4;
+export const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
+// Default per-packet content-token budget. Kept equal to the legacy
+// line-target × per-line estimate so byte-derived sizing lands on the same
+// thresholds as the old line-based sizing when the line fallback is in effect.
+export const DEFAULT_TARGET_PACKET_TOKENS = DEFAULT_TARGET_PACKET_LINES * ESTIMATED_TOKENS_PER_LINE;
+/**
+ * Build a path → size_bytes index from a repo manifest. Byte counts are
+ * recorded during intake, so this never reads files. Review packet token
+ * estimates are derived from these bytes (Phase 2) instead of counted lines.
+ */
+export function sizeIndexFromManifest(repoManifest) {
+    if (!repoManifest)
+        return {};
+    return Object.fromEntries(repoManifest.files.map((file) => [file.path, file.size_bytes]));
+}
+/**
+ * Estimated content tokens for a single file. Prefers a byte-based estimate
+ * from `sizeIndex` (sourced from the repo manifest); falls back to the legacy
+ * line-based estimate when no positive byte count is available (e.g. manually
+ * built tasks in tests, or paths absent from the manifest).
+ */
+function pathContentTokens(owner, path, sizeIndex, lineIndex) {
+    const bytes = sizeIndex?.[path];
+    if (typeof bytes === "number" && bytes > 0) {
+        return estimateTokensFromBytes(bytes);
+    }
+    const lines = owner?.file_line_counts?.[path] ?? lineIndex?.[path] ?? 0;
+    return lines * ESTIMATED_TOKENS_PER_LINE;
+}
+/** Estimated content tokens for one task across all of its files. */
+export function taskContentTokens(task, sizeIndex, lineIndex) {
+    return task.file_paths.reduce((sum, path) => sum + pathContentTokens(task, path, sizeIndex, lineIndex), 0);
+}
+/**
+ * Estimated content tokens across a set of file paths, resolving an owning task
+ * per path so the line fallback can read its `file_line_counts`. Shared files
+ * are counted once.
+ */
+export function fileGroupContentTokens(filePaths, tasks, sizeIndex, lineIndex) {
+    let total = 0;
+    for (const path of filePaths) {
+        const owner = tasks.find((task) => task.file_paths.includes(path));
+        total += pathContentTokens(owner, path, sizeIndex, lineIndex);
+    }
+    return total;
+}
+export function estimateTaskGroupTokens(tasks, sizeIndex, lineIndex) {
+    let contentTokens = 0;
+    for (const task of tasks) {
+        contentTokens += taskContentTokens(task, sizeIndex, lineIndex);
+    }
+    return ESTIMATED_PACKET_PROMPT_TOKENS + contentTokens;
+}

package/dist/orchestrator/reviewPackets.d.ts

@@ -3,20 +3,8 @@ import type { AuditPlanMetrics, ReviewPacket } from "../types/reviewPlanning.js"
 import type { GraphBundle, GraphEdge } from "@audit-tools/shared";
 import { normalizeGraphPath } from "../extractors/graphPathUtils.js";
 export { normalizeGraphPath };
-export declare const ESTIMATED_TOKENS_PER_LINE = 4;
-export declare const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
-/**
- * Build a path → size_bytes index from a repo manifest. Byte counts are
- * recorded during intake, so this never reads files. Review packet token
- * estimates are derived from these bytes (Phase 2) instead of counted lines.
- */
-export declare function sizeIndexFromManifest(repoManifest?: {
-    files: ReadonlyArray<{
-        path: string;
-        size_bytes: number;
-    }>;
-}): Record<string, number>;
-export declare function estimateTaskGroupTokens(tasks: AuditTask[], sizeIndex?: Record<string, number>, lineIndex?: Record<string, number>): number;
+import { ESTIMATED_TOKENS_PER_LINE, ESTIMATED_PACKET_PROMPT_TOKENS, sizeIndexFromManifest, estimateTaskGroupTokens } from "./reviewPacketSizing.js";
+export { ESTIMATED_TOKENS_PER_LINE, ESTIMATED_PACKET_PROMPT_TOKENS, sizeIndexFromManifest, estimateTaskGroupTokens, };
 /**
  * Fan-in / fan-out degree above which a node is treated as a hub. Exported so
  * the Phase 3 delta-scope expansion skips the same hubs that packet planning

package/dist/orchestrator/reviewPackets.js

@@ -1,66 +1,14 @@
 import { createHash } from "node:crypto";
-import { estimateTokensFromBytes, isRecord } from "@audit-tools/shared";
+import { isRecord } from "@audit-tools/shared";
 import { LENS_ORDER, priorityRank, sortLenses } from "./auditTaskUtils.js";
 import { UnionFind } from "./unionFind.js";
 import { normalizeGraphPath, isPackageManifestPath, isTypescriptProjectConfigPath, isGoModuleManifestPath, isCargoManifestPath, isMavenPomPath, } from "../extractors/graphPathUtils.js";
 // Re-exported for scope.ts, which imports the canonical path normalizer here.
 export { normalizeGraphPath };
-const DEFAULT_MAX_TASKS_PER_PACKET = 0;
-const DEFAULT_TARGET_PACKET_LINES = 8000;
-export const ESTIMATED_TOKENS_PER_LINE = 4;
-export const ESTIMATED_PACKET_PROMPT_TOKENS = 900;
-// Default per-packet content-token budget. Kept equal to the legacy
-// line-target × per-line estimate so byte-derived sizing lands on the same
-// thresholds as the old line-based sizing when the line fallback is in effect.
-const DEFAULT_TARGET_PACKET_TOKENS = DEFAULT_TARGET_PACKET_LINES * ESTIMATED_TOKENS_PER_LINE;
-/**
- * Build a path → size_bytes index from a repo manifest. Byte counts are
- * recorded during intake, so this never reads files. Review packet token
- * estimates are derived from these bytes (Phase 2) instead of counted lines.
- */
-export function sizeIndexFromManifest(repoManifest) {
-    if (!repoManifest)
-        return {};
-    return Object.fromEntries(repoManifest.files.map((file) => [file.path, file.size_bytes]));
-}
-/**
- * Estimated content tokens for a single file. Prefers a byte-based estimate
- * from `sizeIndex` (sourced from the repo manifest); falls back to the legacy
- * line-based estimate when no positive byte count is available (e.g. manually
- * built tasks in tests, or paths absent from the manifest).
- */
-function pathContentTokens(owner, path, sizeIndex, lineIndex) {
-    const bytes = sizeIndex?.[path];
-    if (typeof bytes === "number" && bytes > 0) {
-        return estimateTokensFromBytes(bytes);
-    }
-    const lines = owner?.file_line_counts?.[path] ?? lineIndex?.[path] ?? 0;
-    return lines * ESTIMATED_TOKENS_PER_LINE;
-}
-/** Estimated content tokens for one task across all of its files. */
-function taskContentTokens(task, sizeIndex, lineIndex) {
-    return task.file_paths.reduce((sum, path) => sum + pathContentTokens(task, path, sizeIndex, lineIndex), 0);
-}
-/**
- * Estimated content tokens across a set of file paths, resolving an owning task
- * per path so the line fallback can read its `file_line_counts`. Shared files
- * are counted once.
- */
-function fileGroupContentTokens(filePaths, tasks, sizeIndex, lineIndex) {
-    let total = 0;
-    for (const path of filePaths) {
-        const owner = tasks.find((task) => task.file_paths.includes(path));
-        total += pathContentTokens(owner, path, sizeIndex, lineIndex);
-    }
-    return total;
-}
-export function estimateTaskGroupTokens(tasks, sizeIndex, lineIndex) {
-    let contentTokens = 0;
-    for (const task of tasks) {
-        contentTokens += taskContentTokens(task, sizeIndex, lineIndex);
-    }
-    return ESTIMATED_PACKET_PROMPT_TOKENS + contentTokens;
-}
+import { DEFAULT_MAX_TASKS_PER_PACKET, DEFAULT_TARGET_PACKET_TOKENS, ESTIMATED_TOKENS_PER_LINE, ESTIMATED_PACKET_PROMPT_TOKENS, sizeIndexFromManifest, fileGroupContentTokens, taskContentTokens, estimateTaskGroupTokens, } from "./reviewPacketSizing.js";
+// Sizing / token-budget arithmetic moved to reviewPacketSizing.ts; re-exported
+// here for the modules that import it from reviewPackets.
+export { ESTIMATED_TOKENS_PER_LINE, ESTIMATED_PACKET_PROMPT_TOKENS, sizeIndexFromManifest, estimateTaskGroupTokens, };
 const PACKET_EXPANSION_MIN_CONFIDENCE = 0.65;
 /**
  * Fan-in / fan-out degree above which a node is treated as a hub. Exported so

package/dist/orchestrator.js

@@ -1,3 +1,4 @@
+import { isLens } from "./types.js";
 const DEFAULT_LENS_ORDER = [
     "correctness",
     "architecture",
@@ -10,13 +11,9 @@ const DEFAULT_LENS_ORDER = [
     "operability",
     "config_deployment",
 ];
-const VALID_LENSES = new Set(DEFAULT_LENS_ORDER);
 function isRecord(value) {
     return value !== null && typeof value === "object";
 }
-function isLens(value) {
-    return typeof value === "string" && VALID_LENSES.has(value);
-}
 function assertStringArray(value, label) {
     if (!Array.isArray(value) || value.some((item) => typeof item !== "string")) {
         throw new TypeError(`${label} must be an array of strings.`);

package/dist/quota/index.d.ts

@@ -1,7 +1,7 @@
 import type { ResolvedLimits as _ResolvedLimits, LimitConfidence as _LimitConfidence, LimitSource as _LimitSource, HostConcurrencyLimit as _HostConcurrencyLimit, QuotaUsageSnapshot as _QuotaUsageSnapshot, BackoffState as _BackoffState } from "@audit-tools/shared";
 export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writeQuotaState, computeMaxSafeConcurrency, recordWaveOutcome, getQuotaStatePath, decayWeight, applyDecayToEntry, computeBackoffCooldownMs, computeBackoffFailureWeight, computeRampUpConcurrency, setQuotaStateDir, detectRateLimitError, computeCooldownUntil, acquireLock, releaseLock, withFileLock, FileLockTimeoutError, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, GenericErrorParser, ClaudeCodeErrorParser, getErrorParserForProvider, } from "@audit-tools/shared";
 export type { LimitResolutionResult, ResolveLimitsOptions, ProviderType, ResolvedLimits, LimitSource, LimitConfidence, HostConcurrencyLimit, HostConcurrencyLimitSource, QuotaState, QuotaStateEntry, ConcurrencyBucket, WaveSchedule, BackoffState, ObservedWaveOutcome, RateLimitDetectionResult, SlidingWindowResult, QuotaSource, QuotaUsageSnapshot, ErrorParser, } from "@audit-tools/shared";
-export { scheduleWave, buildProviderModelKey } from "@audit-tools/shared";
+export { scheduleWave, buildProviderModelKey, resolveHostModel } from "@audit-tools/shared";
 export type { ScheduleWaveOptions } from "@audit-tools/shared";
 export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
 export { probeProvider } from "./probe.js";

package/dist/quota/index.js

@@ -3,7 +3,7 @@ export { resolveLimits, lookupKnownModel, classifyProvider, readQuotaState, writ
 // Wave scheduler now lives in @audit-tools/shared (single source of truth for
 // both orchestrators). Auditor passes its discovered-limits via the structural
 // DiscoveredRateLimitsInput the shared scheduler accepts.
-export { scheduleWave, buildProviderModelKey } from "@audit-tools/shared";
+export { scheduleWave, buildProviderModelKey, resolveHostModel } from "@audit-tools/shared";
 // Auditor-specific: probe, discovered limits, header extraction
 export { detectHostActiveSubagentLimit, resolveHostActiveSubagentLimit, } from "./hostLimits.js";
 export { probeProvider } from "./probe.js";

package/dist/types/workerSession.d.ts

@@ -23,10 +23,8 @@ export interface WorkerTask {
     runtime_updates_path?: string;
     external_analyzer_results_path?: string;
     worker_command_mode?: WorkerCommandMode;
-    /** @deprecated Prefer worker_command_mode: "deferred" for new task files. */
-    skip_worker_command?: boolean;
     timeout_ms?: number;
     max_retries?: number;
     access?: AccessDeclaration;
 }
-export declare function usesDeferredWorkerCommand(task: Pick<WorkerTask, "worker_command_mode" | "skip_worker_command">): boolean;
+export declare function usesDeferredWorkerCommand(task: Pick<WorkerTask, "worker_command_mode">): boolean;

package/dist/types.d.ts

@@ -1,5 +1,11 @@
 import type { Finding as SharedFinding } from "@audit-tools/shared";
 export type Lens = "correctness" | "architecture" | "maintainability" | "security" | "reliability" | "performance" | "data_integrity" | "tests" | "operability" | "config_deployment" | "observability";
+/** Canonical list of every valid {@link Lens}. Single source of truth — import
+ * {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into local
+ * guards, which drift (a copy omitting "observability" caused it to be wrongly
+ * rejected in flow requeue). */
+export declare const ALL_LENSES: readonly Lens[];
+export declare function isLens(value: unknown): value is Lens;
 export interface FileRecord {
     path: string;
     language: string;

package/dist/types.js

@@ -1 +1,20 @@
-export {};
+/** Canonical list of every valid {@link Lens}. Single source of truth — import
+ * {@link isLens} / `ALL_LENSES` instead of hand-copying lens lists into local
+ * guards, which drift (a copy omitting "observability" caused it to be wrongly
+ * rejected in flow requeue). */
+export const ALL_LENSES = [
+    "correctness",
+    "architecture",
+    "maintainability",
+    "security",
+    "reliability",
+    "performance",
+    "data_integrity",
+    "tests",
+    "operability",
+    "config_deployment",
+    "observability",
+];
+export function isLens(value) {
+    return (typeof value === "string" && ALL_LENSES.includes(value));
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.6.12",
+  "version": "0.7.0",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",