auditor-lambda 0.6.3 → 0.6.5

package/dist/cli/dispatch.d.ts

@@ -1,4 +1,4 @@
-import type { SessionConfig, DispatchModelHint } from "@audit-tools/shared";
+import type { ProviderRateLimits, SessionConfig, DispatchModelHint } from "@audit-tools/shared";
 import type { ArtifactBundle } from "../io/artifacts.js";
 import type { AuditTask } from "../types.js";
 export declare const LARGE_FILE_PACKET_TARGET_LINES = 2500;
@@ -76,5 +76,6 @@ export declare function prepareDispatchArtifacts(params: {
     root?: string;
     sessionConfig?: SessionConfig;
     hostModel?: string | null;
+    queryLimits?: (model: string | null) => Promise<ProviderRateLimits | null>;
     hostActiveSubagentLimit?: number | null;
 }): Promise<PrepareDispatchResult>;

package/dist/cli/dispatch.js

@@ -2,12 +2,13 @@ import { mkdir, readFile, writeFile } from "node:fs/promises";
 import { existsSync } from "node:fs";
 import { isAbsolute, join, relative, resolve } from "node:path";
 import { isFileMissingError, readJsonFile, writeJsonFile } from "@audit-tools/shared";
+import { buildQuotaSource } from "@audit-tools/shared/quota/compositeQuotaSource";
 import { loadArtifactBundle } from "../io/artifacts.js";
 import { orderTasksForPacketReview, buildReviewPackets, sizeIndexFromManifest, } from "../orchestrator/reviewPackets.js";
 import { buildFileAnchorSummary } from "../orchestrator/fileAnchors.js";
 import { resolveFreshSessionProviderName } from "../providers/index.js";
 import { loadSessionConfig } from "../supervisor/sessionConfig.js";
-import { scheduleWave, buildProviderModelKey, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, } from "../quota/index.js";
+import { scheduleWave, buildProviderModelKey, readQuotaState, resolveHostActiveSubagentLimit, lookupDiscoveredLimits, mergeDiscoveredLimits, } from "../quota/index.js";
 import { taskResultPath, packetPromptPath, artifactNameForId, toBase64Url, fromBase64Url, getFlag, } from "./args.js";
 export const LARGE_FILE_PACKET_TARGET_LINES = 2500;
 export const SMALL_MODEL_HINT_MAX_LINES = 500;
@@ -462,7 +463,15 @@ export async function prepareDispatchArtifacts(params) {
         explicitLimit: params.hostActiveSubagentLimit,
         sessionConfig,
     });
+    const providerLimits = await params.queryLimits?.(hostModel)
+        .then((r) => r ? { ...r, source: "provider_query" } : null)
+        .catch(() => null)
+        ?? null;
     const dispatchCachedLimits = await lookupDiscoveredLimits(quotaProviderKey).catch(() => null);
+    const discoveredLimits = mergeDiscoveredLimits(providerLimits, dispatchCachedLimits);
+    const halfLifeHours = sessionConfig.quota?.empirical_half_life_hours ?? 24;
+    const quotaSource = buildQuotaSource({ halfLifeHours });
+    const quotaSourceSnapshot = await quotaSource.queryCurrentUsage(quotaProviderKey).catch(() => null);
     const waveSchedule = scheduleWave({
         providerName: quotaProviderName,
         sessionConfig,
@@ -471,7 +480,8 @@ export async function prepareDispatchArtifacts(params) {
         estimatedSlotTokens: perPacketTokens,
         quotaStateEntry,
         hostConcurrencyLimit,
-        discoveredLimits: dispatchCachedLimits,
+        discoveredLimits,
+        quotaSourceSnapshot,
     });
     const dispatchQuota = {
         contract_version: "audit-code-dispatch-quota/v1alpha2",

package/dist/cli.js

@@ -12,6 +12,7 @@ import { buildRuntimeValidationTasks, } from "./orchestrator/runtimeValidation.j
 import { initializeCoverageFromPlan } from "./orchestrator/planning.js";
 import { loadArtifactBundle, writeCoreArtifacts, promoteFinalAuditReport, AUDIT_REPORT_FILENAME, } from "./io/artifacts.js";
 import { isFileMissingError, readJsonFile, writeJsonFile, prefixValidationIssues, RunLogger } from "@audit-tools/shared";
+import { buildQuotaSource } from "@audit-tools/shared/quota/compositeQuotaSource";
 import { validateArtifactBundle } from "./validation/artifacts.js";
 import { validateAuditResults, formatAuditResultIssues, } from "./validation/auditResults.js";
 import { validateConfiguredProviderEnvironment, validateSessionConfig, } from "./validation/sessionConfig.js";
@@ -35,7 +36,7 @@ import { renderWorkerPrompt } from "./prompts/renderWorkerPrompt.js";
 import { estimateTaskGroupTokens, sizeIndexFromManifest, } from "./orchestrator/reviewPackets.js";
 import { LOCAL_SUBPROCESS_PROVIDER_NAME } from "./providers/constants.js";
 import { runAuditCodeMcpServer } from "./mcp/server.js";
-import { scheduleWave, buildProviderModelKey, readQuotaState, recordWaveOutcome, resolveLimits, resolveHostActiveSubagentLimit, probeProvider, computeMaxSafeConcurrency, getQuotaStatePath, detectRateLimitError, computeCooldownUntil, runSlidingWindow, LearnedQuotaSource, CompositeQuotaSource, lookupDiscoveredLimits, updateDiscoveredLimits, mergeDiscoveredLimits, getHeaderExtractorForProvider, setQuotaStateDir, } from "./quota/index.js";
+import { scheduleWave, buildProviderModelKey, readQuotaState, recordWaveOutcome, resolveLimits, resolveHostActiveSubagentLimit, probeProvider, computeMaxSafeConcurrency, getQuotaStatePath, detectRateLimitError, computeCooldownUntil, runSlidingWindow, lookupDiscoveredLimits, updateDiscoveredLimits, mergeDiscoveredLimits, getHeaderExtractorForProvider, setQuotaStateDir, } from "./quota/index.js";
 // Re-exports from extracted modules
 export { resolveHostDispatchCapability, DIRECT_CLI_DEFAULTS, getFlag, hasFlag, getOptionalBooleanFlag, getArtifactsDir, getRootDir, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, chunkArray, getUiMode, looksLikeCliFlag, countLines, warnIfNotGitRepo, } from "./cli/args.js";
 import { DIRECT_CLI_DEFAULTS, getFlag, hasFlag, getOptionalBooleanFlag, fromBase64Url, renderCommand, summarizeLaunchExit, taskResultPath, readStdinText, getArtifactsDir, getRootDir, warnIfNotGitRepo, getBatchResultsDir, getMaxRuns, getAgentBatchSize, getParallelWorkers, getTimeoutMs, getExplicitProvider, getHostModel, getHostMaxActiveSubagents, getQuotaProbeMode, resolveRunProviderName, chunkArray, getUiMode, looksLikeCliFlag, resolveHostDispatchCapability, countLines, listBatchResultFiles, } from "./cli/args.js";
@@ -915,11 +916,16 @@ async function renderSemanticReviewStep(params) {
             },
         });
     }
+    const sessionConfig = await loadSessionConfig(artifactsDir).catch(() => ({}));
+    const provider = createFreshSessionProvider(undefined, sessionConfig);
     const dispatch = await prepareDispatchArtifacts({
         packageRoot,
         runId: activeReviewRun.run_id,
         artifactsDir,
         root,
+        sessionConfig,
+        hostModel: sessionConfig.block_quota?.host_model ?? null,
+        queryLimits: provider.queryLimits?.bind(provider),
         hostActiveSubagentLimit: params.hostMaxActiveSubagents,
     });
     const mergeCommand = mergeAndIngestCommand(artifactsDir, activeReviewRun.run_id);
@@ -1473,7 +1479,7 @@ async function cmdRunToCompletion(argv) {
             const cachedLimits = await lookupDiscoveredLimits(providerModelKey).catch(() => null);
             const discoveredLimits = mergeDiscoveredLimits(providerLimits, cachedLimits);
             const halfLifeHours = sessionConfig.quota?.empirical_half_life_hours ?? 24;
-            const quotaSource = new CompositeQuotaSource([new LearnedQuotaSource(halfLifeHours)]);
+            const quotaSource = buildQuotaSource({ halfLifeHours });
             const quotaSourceSnapshot = await quotaSource.queryCurrentUsage(providerModelKey).catch(() => null);
             const hostConcurrencyLimit = resolveHostActiveSubagentLimit({
                 sessionConfig,
@@ -2155,12 +2161,18 @@ async function cmdPrepareDispatch(argv) {
     const runId = getFlag(argv, "--run-id");
     if (!runId)
         throw new Error("prepare-dispatch requires --run-id <run_id>");
+    const artifactsDir = getArtifactsDir(argv);
+    const sessionConfig = await loadSessionConfig(artifactsDir).catch(() => ({}));
+    const provider = createFreshSessionProvider(getExplicitProvider(argv), sessionConfig);
+    const hostModel = getHostModel(argv) ?? sessionConfig.block_quota?.host_model ?? null;
     const result = await prepareDispatchArtifacts({
         packageRoot,
         runId,
-        artifactsDir: getArtifactsDir(argv),
+        artifactsDir,
         root: getFlag(argv, "--root") ? getRootDir(argv) : undefined,
-        hostModel: getHostModel(argv),
+        sessionConfig,
+        hostModel,
+        queryLimits: provider.queryLimits?.bind(provider),
         hostActiveSubagentLimit: getHostMaxActiveSubagents(argv),
     });
     console.log(JSON.stringify(result, null, 2));
@@ -2958,7 +2970,7 @@ async function cmdQuota(argv) {
         explicitLimit: getHostMaxActiveSubagents(argv),
         sessionConfig,
     });
-    const quotaSource = new CompositeQuotaSource([new LearnedQuotaSource(halfLifeHours)]);
+    const quotaSource = buildQuotaSource({ halfLifeHours });
     const quotaSourceSnapshot = await quotaSource.queryCurrentUsage(providerModelKey).catch(() => null);
     const queryDiscoveredLimits = await lookupDiscoveredLimits(providerModelKey).catch(() => null);
     const waveSchedule = scheduleWave({

package/dist/providers/index.js

@@ -22,8 +22,11 @@ function commandExists(command) {
     return result.status === 0;
 }
 export function resolveFreshSessionProviderName(name, sessionConfig = {}, options = {}) {
-    const requestedProvider = name ?? sessionConfig.provider ?? "local-subprocess";
-    if (requestedProvider !== "auto") {
+    const requestedProvider = name ?? sessionConfig.provider;
+    const shouldAutoDetect = requestedProvider === undefined ||
+        requestedProvider === "auto" ||
+        (name === undefined && requestedProvider === "local-subprocess");
+    if (!shouldAutoDetect) {
         return requestedProvider;
     }
     const env = options.env ?? process.env;
@@ -65,8 +68,12 @@ export function resolveFreshSessionProviderName(name, sessionConfig = {}, option
 export function createFreshSessionProvider(name, sessionConfig = {}) {
     const providerName = resolveFreshSessionProviderName(name, sessionConfig);
     const opentoken = sessionConfig.opentoken ?? {};
+    const requestedProvider = name ?? sessionConfig.provider;
+    const autoDetectionRequested = requestedProvider === undefined ||
+        requestedProvider === "auto" ||
+        (name === undefined && requestedProvider === "local-subprocess");
     if (providerName === "local-subprocess" &&
-        (name ?? sessionConfig.provider) === "auto") {
+        autoDetectionRequested) {
         process.stderr.write("audit-code: auto provider resolved to local-subprocess — no capable agent provider detected. " +
             "Agent tasks will require manual dispatch. Configure claude-code, opencode, or subprocess-template " +
             "in session-config.json to automate them.\n");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.6.3",
+  "version": "0.6.5",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",

package/scripts/postinstall.mjs

@@ -5,6 +5,7 @@ import { mkdirSync, existsSync, readFileSync, writeFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 
 const pkgRoot = dirname(dirname(fileURLToPath(import.meta.url)));
+const packageVersion = JSON.parse(readFileSync(join(pkgRoot, 'package.json'), 'utf8')).version ?? '0.0.0';
 const promptSourceFile = join(pkgRoot, 'skills', 'audit-code', 'audit-code.prompt.md');
 const skillSourceFile = join(pkgRoot, 'skills', 'audit-code', 'SKILL.md');
 const codexOpenAiAgentSourceFile = join(pkgRoot, 'skills', 'audit-code', 'agents', 'openai.yaml');
@@ -99,8 +100,8 @@ function renderGlobalMcpLauncher(installedPkgRoot) {
     "import { join } from 'node:path';",
     "import { homedir } from 'node:os';",
     '',
-    'const repoRoot = process.cwd();',
-    "const artifactsDir = join(repoRoot, '.audit-artifacts');",
+    "const repoRoot = process.env.AUDIT_CODE_REPO_ROOT || process.cwd();",
+    "const artifactsDir = process.env.AUDIT_CODE_ARTIFACTS_DIR || join(repoRoot, '.audit-artifacts');",
     `const globalPackageRoot = ${JSON.stringify(installedPkgRoot)};`,
     "const logPath = join(homedir(), '.audit-code', 'mcp-server.log');",
     '',
@@ -330,6 +331,37 @@ function mergeOpenCodeGlobalConfig(existing) {
   };
 }
 
+function claudePluginExternalDir() {
+  return join(homedir(), '.claude', 'plugins', 'marketplaces', 'claude-plugins-official', 'external_plugins', 'audit-code');
+}
+
+function claudeDesktopConfigPath() {
+  if (process.platform === 'win32') {
+    return join(process.env.APPDATA || join(homedir(), 'AppData', 'Roaming'), 'Claude', 'claude_desktop_config.json');
+  }
+  if (process.platform === 'darwin') {
+    return join(homedir(), 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json');
+  }
+  return join(homedir(), '.config', 'Claude', 'claude_desktop_config.json');
+}
+
+function mergeClaudeDesktopConfig(existing, globalMcpLauncherPath) {
+  const parsed = existing ? JSON.parse(existing) : {};
+  const mcpServers = parsed.mcpServers && typeof parsed.mcpServers === 'object' && !Array.isArray(parsed.mcpServers)
+    ? parsed.mcpServers
+    : {};
+  return {
+    ...parsed,
+    mcpServers: {
+      ...mcpServers,
+      auditor: {
+        command: 'node',
+        args: [replaceBackslashes(globalMcpLauncherPath)],
+      },
+    },
+  };
+}
+
 function installMergedJson(path, buildMerged) {
   const existing = existsSync(path) ? readFileSync(path, 'utf8') : null;
   const merged = buildMerged(existing);
@@ -431,3 +463,57 @@ try {
 } catch (err) {
   console.warn(`audit-code: could not install Antigravity plugin (${err.message})`);
 }
+
+// Install Claude Desktop plugin so /audit-code appears in the slash-command menu
+// Claude Desktop reads external plugins from ~/.claude/plugins/marketplaces/claude-plugins-official/external_plugins/
+const claudePluginDir = claudePluginExternalDir();
+const claudePluginManifestPath = join(claudePluginDir, '.claude-plugin', 'plugin.json');
+const claudePluginCommandPath = join(claudePluginDir, 'commands', 'audit-code.md');
+const claudePluginSkillPath = join(claudePluginDir, 'skills', 'audit-code', 'SKILL.md');
+try {
+  const manifest = {
+    name: 'audit-code',
+    description: 'Autonomous local-loop code auditing workflow',
+    version: packageVersion,
+    author: {
+      name: 'auditor-lambda',
+      url: 'https://github.com/OhOkThisIsFine/auditor-lambda',
+    },
+    homepage: 'https://github.com/OhOkThisIsFine/auditor-lambda',
+    repository: 'https://github.com/OhOkThisIsFine/auditor-lambda',
+    license: 'MIT',
+    keywords: ['audit', 'code-audit', 'static-analysis', 'orchestration'],
+  };
+  const manifestAction = writeGeneratedFile(
+    claudePluginManifestPath,
+    Buffer.from(JSON.stringify(manifest, null, 2) + '\n'),
+  );
+  console.log(`audit-code: ${manifestAction} Claude Desktop plugin manifest at ${claudePluginManifestPath}`);
+
+  const commandAction = writeGeneratedFile(claudePluginCommandPath, promptSource);
+  console.log(`audit-code: ${commandAction} Claude Desktop plugin command at ${claudePluginCommandPath}`);
+
+  const skillAction = writeGeneratedFile(claudePluginSkillPath, skillSource);
+  console.log(`audit-code: ${skillAction} Claude Desktop plugin skill at ${claudePluginSkillPath}`);
+
+  console.log(`audit-code: restart Claude Desktop for /audit-code to appear in the slash-command menu`);
+} catch (err) {
+  console.warn(`audit-code: could not install Claude Desktop plugin (${err.message})`);
+  console.warn(`  Plugin directory: ${claudePluginDir}`);
+}
+
+// Register auditor MCP server with Claude Desktop so /audit-code appears in its slash-command menu
+const claudeDesktopConfig = claudeDesktopConfigPath();
+try {
+  const action = installMergedJson(claudeDesktopConfig, (existing) =>
+    mergeClaudeDesktopConfig(existing, globalMcpLauncherPath),
+  );
+  console.log(`audit-code: ${action} Claude Desktop MCP server entry in ${claudeDesktopConfig}`);
+  console.log(`audit-code: restart Claude Desktop for /audit-code to appear`);
+  console.log(`audit-code: to target a specific repo, set AUDIT_CODE_REPO_ROOT in Claude Desktop's MCP env settings`);
+} catch (err) {
+  console.warn(`audit-code: could not update Claude Desktop config (${err.message})`);
+  console.warn(`  To register manually, add "mcpServers.auditor" to:`);
+  console.warn(`    ${claudeDesktopConfig}`);
+  console.warn(`  with command "node" and args ["${replaceBackslashes(globalMcpLauncherPath)}"]`);
+}