auditor-lambda 0.6.7 → 0.6.9

package/audit-code-wrapper-lib.mjs

@@ -59,6 +59,25 @@ function nodeExecutable() {
   return process.execPath;
 }
 
+// When the wrapper runs from a source checkout (its package dir is NOT inside a
+// node_modules tree), generated continuation commands should re-invoke THIS
+// wrapper via `node <path>` so a dogfooded monorepo run stays pinned to local
+// code instead of silently falling back to a globally-installed `audit-code`
+// bin. Installed copies leave the hint unset so the dist CLI keeps emitting the
+// `audit-code` bin. Returned as an env fragment scoped to the spawned child so
+// it never leaks into the parent process (e.g. the test runner).
+function selfInvocationEnv() {
+  if (process.env.AUDIT_CODE_INVOCATION) {
+    return { AUDIT_CODE_INVOCATION: process.env.AUDIT_CODE_INVOCATION };
+  }
+  if (/[\\/]node_modules[\\/]/.test(repoRoot)) {
+    return {};
+  }
+  return {
+    AUDIT_CODE_INVOCATION: JSON.stringify(['node', join(repoRoot, 'audit-code.mjs')]),
+  };
+}
+
 function quoteForCmd(arg) {
   if (arg.length === 0) return '""';
   if (!/[\s"]/u.test(arg)) return arg;
@@ -82,7 +101,7 @@ function run(command, args, options = {}) {
     const child = spawn(resolved.command, resolved.args, {
       cwd: repoRoot,
       stdio: options.capture ? ['ignore', 'pipe', 'pipe'] : 'inherit',
-      env: process.env
+      env: options.env ?? process.env
     });
 
     let stdout = '';
@@ -1008,6 +1027,13 @@ function renderSharedMcpLauncher(sourcePackageRoot) {
     'const scriptDir = dirname(fileURLToPath(import.meta.url));',
     "const repoRoot = resolve(scriptDir, '..', '..');",
     "const artifactsDir = join(repoRoot, '.audit-artifacts');",
+    '// Absolute path to the auditor-lambda package that generated this launcher.',
+    '// Intentionally machine-specific: it is a load-bearing fallback candidate',
+    '// (tried after a repo-local dependency) that lets the launcher find the',
+    '// backend entrypoint when the target repo has no local auditor-lambda dep.',
+    '// This file is regenerated per-install by `audit-code ensure`/`install` and',
+    '// is gitignored, so the path is always re-derived for the current machine;',
+    '// if it ever goes stale the launcher degrades gracefully to PATH/npx below.',
     `const sourcePackageRoot = ${JSON.stringify(sourcePackageRoot)};`,
     '',
     'async function exists(path) {',
@@ -2767,7 +2793,9 @@ async function runDistCommand(commandName, argv, { ensureArtifactsDir = false }
   }
 
   await ensureBuilt();
-  await run(nodeExecutable(), [distEntry, commandName, ...commandArgs]);
+  await run(nodeExecutable(), [distEntry, commandName, ...commandArgs], {
+    env: { ...process.env, ...selfInvocationEnv() },
+  });
 }
 
 async function runDistCommandInline(commandName, argv) {
@@ -2781,6 +2809,12 @@ async function runDistCommandInline(commandName, argv) {
   await mkdir(artifactsDir, { recursive: true });
   await ensureBuilt();
 
+  // Propagate the invocation hint into this (long-lived) server process so it
+  // and the wrapper subprocesses it spawns emit continuation commands that
+  // match how the backend was launched. Safe here: this path is only the `mcp`
+  // server, not a shared/test process.
+  Object.assign(process.env, selfInvocationEnv());
+
   // Import the module that exports runCli (dist/cli.js). dist/index.js has no
   // exports — it is the bare entrypoint that runs `runCli(process.argv)` as an
   // import side effect — so importing it here both fails to provide runCli and

package/dist/cli/dispatch.d.ts

@@ -41,6 +41,8 @@ export interface PrepareDispatchResult {
     packet_count: number;
     task_count: number;
     skipped_task_count: number;
+    /** Subagent parallelism resolved for this dispatch run. */
+    wave_size: number;
     largest_packet: {
         packet_id: string;
         total_lines: number;

package/dist/cli/dispatch.js

@@ -533,6 +533,7 @@ export async function prepareDispatchArtifacts(params) {
         packet_count: plan.length,
         task_count: orderedTasks.length,
         skipped_task_count: priorResultTaskIds.size,
+        wave_size: waveSchedule.wave_size,
         largest_packet: largestPacketId
             ? {
                 packet_id: largestPacketId,

package/dist/cli/lineIndex.d.ts

@@ -0,0 +1,4 @@
+import type { AuditTask, RepoManifest } from "../types.js";
+export declare function buildLineIndex(root: string, repoManifest: RepoManifest): Promise<Record<string, number>>;
+export declare function buildLineIndexForPaths(root: string, paths: string[]): Promise<Record<string, number>>;
+export declare function addFileLineCountHints(root: string, tasks: AuditTask[]): Promise<AuditTask[]>;

package/dist/cli/lineIndex.js

@@ -0,0 +1,44 @@
+import { resolve } from "node:path";
+import { countLines } from "./args.js";
+// Line-count helpers extracted from cli.ts. Pure functions over the repo
+// manifest / task file paths — used to annotate audit tasks with per-file line
+// counts and to build line indexes for prompt rendering.
+export async function buildLineIndex(root, repoManifest) {
+    const entries = [];
+    const batchSize = 25;
+    for (let i = 0; i < repoManifest.files.length; i += batchSize) {
+        const batch = repoManifest.files.slice(i, i + batchSize);
+        const results = await Promise.all(batch.map(async (file) => {
+            try {
+                return [
+                    file.path,
+                    await countLines(resolve(root, file.path)),
+                ];
+            }
+            catch {
+                return [file.path, 0];
+            }
+        }));
+        entries.push(...results);
+    }
+    return Object.fromEntries(entries);
+}
+export async function buildLineIndexForPaths(root, paths) {
+    const uniquePaths = [...new Set(paths)].sort();
+    const entries = await Promise.all(uniquePaths.map(async (path) => {
+        try {
+            return [path, await countLines(resolve(root, path))];
+        }
+        catch {
+            return [path, 0];
+        }
+    }));
+    return Object.fromEntries(entries);
+}
+export async function addFileLineCountHints(root, tasks) {
+    const lineIndex = await buildLineIndexForPaths(root, tasks.flatMap((task) => task.file_paths));
+    return tasks.map((task) => ({
+        ...task,
+        file_line_counts: Object.fromEntries(task.file_paths.map((path) => [path, lineIndex[path] ?? 0])),
+    }));
+}

package/dist/cli/prompts.js

@@ -1,7 +1,32 @@
 import { renderCommand } from "./args.js";
+/**
+ * Token prefix the host should use to re-invoke the backend in generated
+ * continuation commands. Defaults to the `audit-code` bin (correct for an
+ * installed global). The wrapper sets `AUDIT_CODE_INVOCATION` to e.g.
+ * `["node","<path>/audit-code.mjs"]` when it runs from a source checkout, so a
+ * dogfooded monorepo run keeps generated commands pinned to local code instead
+ * of silently falling back to a globally-installed `audit-code`.
+ */
+function cliInvocationTokens() {
+    const raw = process.env.AUDIT_CODE_INVOCATION;
+    if (raw) {
+        try {
+            const parsed = JSON.parse(raw);
+            if (Array.isArray(parsed) &&
+                parsed.length > 0 &&
+                parsed.every((t) => typeof t === "string" && t.length > 0)) {
+                return parsed;
+            }
+        }
+        catch {
+            // malformed override — fall back to the default bin
+        }
+    }
+    return ["audit-code"];
+}
 export function nextStepCommand(root, artifactsDir) {
     return renderCommand([
-        "audit-code",
+        ...cliInvocationTokens(),
         "next-step",
         "--root",
         root,
@@ -11,7 +36,7 @@ export function nextStepCommand(root, artifactsDir) {
 }
 export function mergeAndIngestCommand(artifactsDir, runId) {
     return renderCommand([
-        "audit-code",
+        ...cliInvocationTokens(),
         "merge-and-ingest",
         "--artifacts-dir",
         artifactsDir,

package/dist/cli/steps.d.ts

@@ -2,12 +2,30 @@ import type { StepStatus } from "@audit-tools/shared";
 import type { AccessDeclaration } from "../types/workerSession.js";
 export declare const STEP_CONTRACT_VERSION = "audit-code-step/v1alpha1";
 export type StepKind = "dispatch_review" | "single_task_fallback" | "design_review" | "analyzer_install" | "edge_reasoning" | "edge_reasoning_dispatch" | "synthesis_narrative" | "present_report" | "blocked";
+/**
+ * Lightweight run-level orientation surfaced in the step contract so a host
+ * resuming an in-flight audit knows where it stands without reading artifacts.
+ */
+export interface StepProgress {
+    /** One-line, human-readable summary safe to show a resuming host. */
+    summary: string;
+    /** Pending review packets in the active dispatch run, when applicable. */
+    pending_packets?: number;
+    /** Audit tasks covered by the pending packets. */
+    pending_tasks?: number;
+    /** Audit tasks already completed before this run (skipped as done). */
+    completed_tasks?: number;
+    /** Subagent parallelism resolved for this dispatch run. */
+    wave_size?: number;
+}
 export interface StepArtifact {
     contract_version: typeof STEP_CONTRACT_VERSION;
     step_kind: StepKind;
     prompt_path: string;
     status: StepStatus;
     run_id: string | null;
+    /** Run-level orientation; omitted for steps that have no meaningful summary. */
+    progress?: StepProgress;
     /** Shell commands the host may run for this step. */
     allowed_commands: string[];
     /**
@@ -30,6 +48,7 @@ export declare function writeCurrentStep(params: {
     runId: string | null;
     allowedCommands: string[];
     allowedMcpTools?: string[];
+    progress?: StepProgress;
     stopCondition: string;
     repoRoot: string;
     artifactPaths: Record<string, string | null>;

package/dist/cli/steps.js

@@ -14,6 +14,7 @@ export async function writeCurrentStep(params) {
         prompt_path: promptPath,
         status: params.status,
         run_id: params.runId,
+        ...(params.progress ? { progress: params.progress } : {}),
         allowed_commands: params.allowedCommands,
         ...(params.allowedMcpTools && params.allowedMcpTools.length > 0
             ? { allowed_mcp_tools: params.allowedMcpTools }

package/dist/cli.js

@@ -45,6 +45,7 @@ import { writeCurrentStep, } from "./cli/steps.js";
 import { WORKER_RESULT_CONTRACT_VERSION, buildWorkerResult, persistWorkerRunArtifacts, isWorkerResult, buildWorkerFailureBlocker, formatAuditResultValidationError, } from "./cli/workerResult.js";
 import { DISPATCH_RESULT_MAP_FILENAME, ACTIVE_DISPATCH_FILENAME, resolveRunScopedArg, loadDispatchResultMap, entriesByTaskId, buildPendingAuditTasks, prepareDispatchArtifacts, } from "./cli/dispatch.js";
 import { readWaveManifest, writeWaveManifest, removeWaveManifest, buildWaveSlotEntry, } from "./cli/waveManifest.js";
+import { buildLineIndex, buildLineIndexForPaths, addFileLineCountHints, } from "./cli/lineIndex.js";
 const packageRoot = resolve(dirname(fileURLToPath(import.meta.url)), "..");
 const ADVANCE_AUDIT_CONTRACT_VERSION = "audit-code/v1alpha1";
 const SAMPLE_REPO_FILES = [
@@ -114,45 +115,6 @@ function buildBlockedAuditState(params) {
             : item),
     };
 }
-async function buildLineIndex(root, repoManifest) {
-    const entries = [];
-    const batchSize = 25;
-    for (let i = 0; i < repoManifest.files.length; i += batchSize) {
-        const batch = repoManifest.files.slice(i, i + batchSize);
-        const results = await Promise.all(batch.map(async (file) => {
-            try {
-                return [
-                    file.path,
-                    await countLines(resolve(root, file.path)),
-                ];
-            }
-            catch {
-                return [file.path, 0];
-            }
-        }));
-        entries.push(...results);
-    }
-    return Object.fromEntries(entries);
-}
-async function buildLineIndexForPaths(root, paths) {
-    const uniquePaths = [...new Set(paths)].sort();
-    const entries = await Promise.all(uniquePaths.map(async (path) => {
-        try {
-            return [path, await countLines(resolve(root, path))];
-        }
-        catch {
-            return [path, 0];
-        }
-    }));
-    return Object.fromEntries(entries);
-}
-async function addFileLineCountHints(root, tasks) {
-    const lineIndex = await buildLineIndexForPaths(root, tasks.flatMap((task) => task.file_paths));
-    return tasks.map((task) => ({
-        ...task,
-        file_line_counts: Object.fromEntries(task.file_paths.map((path) => [path, lineIndex[path] ?? 0])),
-    }));
-}
 function activeReviewRunFromTask(artifactsDir, task) {
     if (task.preferred_executor !== "agent" || !task.audit_results_path) {
         return null;
@@ -937,6 +899,17 @@ async function renderSemanticReviewStep(params) {
         runId: activeReviewRun.run_id,
         allowedCommands: [mergeCommand, continueCommand],
         allowedMcpTools: ["auditor_merge_and_ingest", "auditor_continue_audit"],
+        progress: {
+            summary: `Dispatching ${dispatch.packet_count} review packet(s) covering ` +
+                `${dispatch.task_count} task(s) in waves of ${dispatch.wave_size}` +
+                (dispatch.skipped_task_count > 0
+                    ? `; ${dispatch.skipped_task_count} task(s) already completed.`
+                    : "."),
+            pending_packets: dispatch.packet_count,
+            pending_tasks: dispatch.task_count,
+            completed_tasks: dispatch.skipped_task_count,
+            wave_size: dispatch.wave_size,
+        },
         stopCondition: "Dispatch every packet, run merge-and-ingest once, then run next-step.",
         repoRoot: root,
         artifactPaths: {