auditor-lambda 0.6.8 → 0.6.10

package/dist/cli.js

@@ -1,6 +1,6 @@
-import { mkdir, readFile, readdir, rename, rm, unlink, writeFile } from "node:fs/promises";
+import { mkdir, readFile, readdir, rm, unlink, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
-import { basename, dirname, join, resolve } from "node:path";
+import { dirname, join, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 import { buildRepoManifest } from "./extractors/fileInventory.js";
 import { buildFileDisposition } from "./extractors/disposition.js";
@@ -11,7 +11,7 @@ import { buildFlowCoverage } from "./orchestrator/flowCoverage.js";
 import { buildRuntimeValidationTasks, } from "./orchestrator/runtimeValidation.js";
 import { initializeCoverageFromPlan } from "./orchestrator/planning.js";
 import { loadArtifactBundle, writeCoreArtifacts, promoteFinalAuditReport, AUDIT_REPORT_FILENAME, } from "./io/artifacts.js";
-import { isFileMissingError, readJsonFile, writeJsonFile, prefixValidationIssues, RunLogger } from "@audit-tools/shared";
+import { isFileMissingError, readJsonFile, writeJsonFile, prefixValidationIssues } from "@audit-tools/shared";
 import { buildQuotaSource } from "@audit-tools/shared/quota/compositeQuotaSource";
 import { validateArtifactBundle } from "./validation/artifacts.js";
 import { validateAuditResults, formatAuditResultIssues, } from "./validation/auditResults.js";
@@ -45,247 +45,17 @@ import { writeCurrentStep, } from "./cli/steps.js";
 import { WORKER_RESULT_CONTRACT_VERSION, buildWorkerResult, persistWorkerRunArtifacts, isWorkerResult, buildWorkerFailureBlocker, formatAuditResultValidationError, } from "./cli/workerResult.js";
 import { DISPATCH_RESULT_MAP_FILENAME, ACTIVE_DISPATCH_FILENAME, resolveRunScopedArg, loadDispatchResultMap, entriesByTaskId, buildPendingAuditTasks, prepareDispatchArtifacts, } from "./cli/dispatch.js";
 import { readWaveManifest, writeWaveManifest, removeWaveManifest, buildWaveSlotEntry, } from "./cli/waveManifest.js";
+import { buildLineIndex, buildLineIndexForPaths, addFileLineCountHints, } from "./cli/lineIndex.js";
+import { emitEnvelope, buildBlockedAuditState, buildManualReviewBlocker, shouldRunInlineExecutor, } from "./cli/envelope.js";
+import { writeHandoffOnly, ensureSemanticReviewRun, } from "./cli/reviewRun.js";
+import { runAuditStep, ingestBatchAuditResults, } from "./cli/auditStep.js";
 const packageRoot = resolve(dirname(fileURLToPath(import.meta.url)), "..");
-const ADVANCE_AUDIT_CONTRACT_VERSION = "audit-code/v1alpha1";
 const SAMPLE_REPO_FILES = [
     { path: "src/api/auth.ts", size_bytes: 1240, hash: "abc123" },
     { path: "src/lib/session.ts", size_bytes: 980, hash: "def456" },
     { path: "infra/deploy.yml", size_bytes: 420, hash: "ghi789" },
     { path: "docs/notes.md", size_bytes: 300, hash: "doc111" },
 ];
-function buildEnvelope(params) {
-    return {
-        contract_version: ADVANCE_AUDIT_CONTRACT_VERSION,
-        audit_state: params.audit_state,
-        selected_obligation: params.selected_obligation,
-        selected_executor: params.selected_executor,
-        progress_made: params.progress_made,
-        artifacts_written: params.artifacts_written,
-        progress_summary: params.progress_summary,
-        next_likely_step: params.next_likely_step,
-        handoff: params.handoff,
-    };
-}
-async function emitEnvelope(params) {
-    const handoff = buildAuditCodeHandoff({
-        root: params.root,
-        artifactsDir: params.artifactsDir,
-        state: params.audit_state,
-        bundle: params.bundle,
-        providerName: params.providerName,
-        progressSummary: params.progress_summary,
-        isConfigError: params.isConfigError,
-        activeReviewRun: params.activeReviewRun,
-    });
-    await writeAuditCodeHandoffArtifacts(handoff);
-    console.log(JSON.stringify(buildEnvelope({
-        audit_state: params.audit_state,
-        selected_obligation: params.selected_obligation,
-        selected_executor: params.selected_executor,
-        progress_made: params.progress_made,
-        artifacts_written: params.artifacts_written,
-        progress_summary: params.progress_summary,
-        next_likely_step: params.next_likely_step,
-        handoff,
-    }), null, 2));
-}
-function buildManualReviewBlocker(providerName) {
-    return providerName === LOCAL_SUBPROCESS_PROVIDER_NAME
-        ? "Ready for LLM semantic review. If the host exposes a callable subagent tool, prepare dispatch and fan out packets. " +
-            "If not, use single-task fallback: review only the first pending task, write one AuditResult to the run audit-results path, execute worker_command, then stop."
-        : "Audit blocked: waiting for manual audit results or interactive provider configuration.";
-}
-function shouldRunInlineExecutor(selectedExecutor) {
-    return selectedExecutor !== null && selectedExecutor !== "agent";
-}
-function buildBlockedAuditState(params) {
-    return {
-        ...params.state,
-        status: "blocked",
-        last_executor: params.executor ?? params.state.last_executor,
-        last_obligation: params.obligationId ?? params.state.last_obligation,
-        blockers: [...new Set([...(params.state.blockers ?? []), params.blocker])],
-        obligations: params.state.obligations.map((item) => item.id === params.obligationId
-            ? {
-                ...item,
-                state: "blocked",
-                reason: params.blocker,
-            }
-            : item),
-    };
-}
-async function buildLineIndex(root, repoManifest) {
-    const entries = [];
-    const batchSize = 25;
-    for (let i = 0; i < repoManifest.files.length; i += batchSize) {
-        const batch = repoManifest.files.slice(i, i + batchSize);
-        const results = await Promise.all(batch.map(async (file) => {
-            try {
-                return [
-                    file.path,
-                    await countLines(resolve(root, file.path)),
-                ];
-            }
-            catch {
-                return [file.path, 0];
-            }
-        }));
-        entries.push(...results);
-    }
-    return Object.fromEntries(entries);
-}
-async function buildLineIndexForPaths(root, paths) {
-    const uniquePaths = [...new Set(paths)].sort();
-    const entries = await Promise.all(uniquePaths.map(async (path) => {
-        try {
-            return [path, await countLines(resolve(root, path))];
-        }
-        catch {
-            return [path, 0];
-        }
-    }));
-    return Object.fromEntries(entries);
-}
-async function addFileLineCountHints(root, tasks) {
-    const lineIndex = await buildLineIndexForPaths(root, tasks.flatMap((task) => task.file_paths));
-    return tasks.map((task) => ({
-        ...task,
-        file_line_counts: Object.fromEntries(task.file_paths.map((path) => [path, lineIndex[path] ?? 0])),
-    }));
-}
-function activeReviewRunFromTask(artifactsDir, task) {
-    if (task.preferred_executor !== "agent" || !task.audit_results_path) {
-        return null;
-    }
-    const paths = getRunPaths(artifactsDir, task.run_id);
-    return {
-        run_id: task.run_id,
-        task_path: paths.taskPath,
-        prompt_path: paths.promptPath,
-        pending_audit_tasks_path: task.pending_audit_tasks_path,
-        audit_results_path: task.audit_results_path,
-        worker_command: task.worker_command,
-    };
-}
-async function loadCurrentActiveReviewRun(artifactsDir) {
-    try {
-        const task = await readJsonFile(join(artifactsDir, "dispatch", "current-task.json"));
-        return activeReviewRunFromTask(artifactsDir, task);
-    }
-    catch (error) {
-        if (isFileMissingError(error)) {
-            return null;
-        }
-        throw error;
-    }
-}
-async function writeHandoffOnly(params) {
-    const handoff = buildAuditCodeHandoff({
-        root: params.root,
-        artifactsDir: params.artifactsDir,
-        state: params.audit_state,
-        bundle: params.bundle,
-        providerName: params.providerName,
-        progressSummary: params.progress_summary,
-        isConfigError: params.isConfigError,
-        activeReviewRun: params.activeReviewRun,
-    });
-    await writeAuditCodeHandoffArtifacts(handoff);
-}
-async function ensureSemanticReviewRun(params) {
-    const existingRun = await loadCurrentActiveReviewRun(params.artifactsDir);
-    if (existingRun) {
-        const blockedState = params.bundle.audit_state?.status === "blocked"
-            ? params.bundle.audit_state
-            : buildBlockedAuditState({
-                state: params.state,
-                obligationId: params.obligationId,
-                executor: "agent",
-                blocker: buildManualReviewBlocker(LOCAL_SUBPROCESS_PROVIDER_NAME),
-            });
-        const blockedBundle = { ...params.bundle, audit_state: blockedState };
-        await writeCoreArtifacts(params.artifactsDir, blockedBundle);
-        await writeHandoffOnly({
-            root: params.root,
-            artifactsDir: params.artifactsDir,
-            bundle: blockedBundle,
-            audit_state: blockedState,
-            progress_summary: buildManualReviewBlocker(LOCAL_SUBPROCESS_PROVIDER_NAME),
-            providerName: LOCAL_SUBPROCESS_PROVIDER_NAME,
-            activeReviewRun: existingRun,
-        });
-        return {
-            state: blockedState,
-            bundle: blockedBundle,
-            activeReviewRun: existingRun,
-        };
-    }
-    const blockedState = buildBlockedAuditState({
-        state: params.state,
-        obligationId: params.obligationId,
-        executor: "agent",
-        blocker: buildManualReviewBlocker(LOCAL_SUBPROCESS_PROVIDER_NAME),
-    });
-    await writeCoreArtifacts(params.artifactsDir, {
-        ...params.bundle,
-        audit_state: blockedState,
-    });
-    const runId = buildRunId(params.obligationId, 1);
-    const paths = getRunPaths(params.artifactsDir, runId);
-    const pendingTasks = await addFileLineCountHints(params.root, buildPendingAuditTasks(params.bundle));
-    const pendingTasksPath = join(paths.runDir, "pending-audit-tasks.json");
-    const auditResultsPath = join(paths.runDir, "audit-results.json");
-    const taskReadPaths = new Set();
-    for (const pt of pendingTasks) {
-        for (const fp of pt.file_paths)
-            taskReadPaths.add(fp);
-    }
-    const task = {
-        contract_version: "audit-code-worker/v1alpha1",
-        run_id: runId,
-        repo_root: params.root,
-        artifacts_dir: params.artifactsDir,
-        obligation_id: params.obligationId,
-        preferred_executor: "agent",
-        result_path: paths.resultPath,
-        worker_command: [
-            process.execPath,
-            params.selfCliPath,
-            "worker-run",
-            "--task",
-            paths.taskPath,
-        ],
-        audit_results_path: auditResultsPath,
-        pending_audit_tasks_path: pendingTasksPath,
-        timeout_ms: params.timeoutMs,
-        max_retries: 0,
-        access: {
-            read_paths: [...taskReadPaths],
-            write_paths: [auditResultsPath, paths.resultPath],
-        },
-    };
-    const prompt = renderWorkerPrompt(task);
-    await writeWorkerTaskFiles(task, prompt, paths, params.artifactsDir, pendingTasks);
-    await writeJsonFile(pendingTasksPath, pendingTasks);
-    const activeReviewRun = activeReviewRunFromTask(params.artifactsDir, task);
-    if (!activeReviewRun) {
-        throw new Error("Internal error: failed to materialize active review run.");
-    }
-    const blockedBundle = {
-        ...params.bundle,
-        audit_state: blockedState,
-    };
-    await writeHandoffOnly({
-        root: params.root,
-        artifactsDir: params.artifactsDir,
-        bundle: blockedBundle,
-        audit_state: blockedState,
-        progress_summary: buildManualReviewBlocker(LOCAL_SUBPROCESS_PROVIDER_NAME),
-        providerName: LOCAL_SUBPROCESS_PROVIDER_NAME,
-        activeReviewRun,
-    });
-    return { state: blockedState, bundle: blockedBundle, activeReviewRun };
-}
 export const cliTestUtils = {
     defaults: DIRECT_CLI_DEFAULTS,
     getFlag,
@@ -303,127 +73,6 @@ export const cliTestUtils = {
     countLines,
     warnIfNotGitRepo,
 };
-async function maybeArchiveLegacyPendingResults(auditResultsPath) {
-    if (!auditResultsPath || basename(auditResultsPath) !== "worker_results_pending.json") {
-        return undefined;
-    }
-    const archivedPath = join(dirname(auditResultsPath), `worker_results_submitted_${new Date().toISOString().replace(/[:.]/g, "-")}.json`);
-    try {
-        await rename(auditResultsPath, archivedPath);
-        return archivedPath;
-    }
-    catch (error) {
-        process.stderr.write(`[audit-results cleanup] failed to archive ${auditResultsPath}: ${error instanceof Error ? error.message : String(error)}\n`);
-        return undefined;
-    }
-}
-async function runAuditStep(options) {
-    const bundle = await loadArtifactBundle(options.artifactsDir);
-    const runLogger = new RunLogger(join(options.artifactsDir, "run.log.jsonl"), {
-        enabled: options.runLog ?? true,
-    });
-    const lineIndex = bundle.repo_manifest
-        ? await buildLineIndex(options.root, bundle.repo_manifest)
-        : undefined;
-    const sizeIndex = bundle.repo_manifest
-        ? sizeIndexFromManifest(bundle.repo_manifest)
-        : undefined;
-    if (looksLikeCliFlag(options.auditResultsPath)) {
-        throw new Error(`Invalid audit results path '${options.auditResultsPath}'. This looks like a CLI flag rather than a file path.`);
-    }
-    const auditResults = options.auditResultsPath
-        ? await readJsonFile(options.auditResultsPath)
-        : undefined;
-    if (auditResults !== undefined) {
-        const issues = validateAuditResults(auditResults, bundle.audit_tasks ?? [], {
-            lineIndex,
-        });
-        const errors = issues.filter((issue) => issue.severity === "error");
-        const warnings = issues.filter((issue) => issue.severity === "warning");
-        if (warnings.length > 0) {
-            process.stderr.write(`audit-results validation: ${warnings.length} warning(s):\n` +
-                formatAuditResultIssues(warnings) +
-                "\n");
-        }
-        if (errors.length > 0) {
-            throw new Error(formatAuditResultValidationError(errors));
-        }
-    }
-    const runtimeValidationUpdates = options.runtimeUpdatesPath
-        ? await readJsonFile(options.runtimeUpdatesPath)
-        : undefined;
-    const externalAnalyzerResults = options.externalAnalyzerPath
-        ? await readJsonFile(options.externalAnalyzerPath)
-        : undefined;
-    const narrativeResults = options.narrativeResultsPath
-        ? await readJsonFile(options.narrativeResultsPath)
-        : undefined;
-    const edgeReasoningResults = options.edgeReasoningResultsPath
-        ? await readJsonFile(options.edgeReasoningResultsPath)
-        : undefined;
-    const result = await advanceAudit(bundle, {
-        root: options.root,
-        lineIndex,
-        sizeIndex,
-        auditResults: auditResults,
-        runtimeValidationUpdates,
-        externalAnalyzerResults,
-        narrativeResults,
-        edgeReasoningResults,
-        analyzers: options.analyzers,
-        graphLlmEdgeReasoning: options.graphLlmEdgeReasoning,
-        since: options.since,
-        preferredExecutor: options.preferredExecutor,
-        opentoken: options.opentoken,
-        runLogger,
-    });
-    await writeCoreArtifacts(options.artifactsDir, result.updated_bundle);
-    const archivedPendingResults = await maybeArchiveLegacyPendingResults(options.auditResultsPath);
-    if (archivedPendingResults) {
-        result.progress_summary +=
-            ` Archived legacy staging file to ${archivedPendingResults}.`;
-    }
-    return result;
-}
-async function ingestBatchAuditResults(options) {
-    const batchFiles = await listBatchResultFiles(options.batchDir);
-    const artifactsWritten = new Set();
-    const progressSummaries = [];
-    let lastStep = null;
-    let anyProgress = false;
-    for (const batchFile of batchFiles) {
-        const step = await runAuditStep({
-            root: options.root,
-            artifactsDir: options.artifactsDir,
-            preferredExecutor: "result_ingestion_executor",
-            auditResultsPath: batchFile,
-        });
-        lastStep = step;
-        anyProgress ||= step.progress_made;
-        for (const artifact of step.artifacts_written) {
-            artifactsWritten.add(artifact);
-        }
-        progressSummaries.push(`${basename(batchFile)}: ${step.progress_summary}`);
-    }
-    const bundle = lastStep?.updated_bundle ??
-        (await loadArtifactBundle(options.artifactsDir));
-    const state = deriveAuditState(bundle);
-    const decision = decideNextStep(bundle);
-    return {
-        batchFiles,
-        bundle,
-        audit_state: state,
-        selected_obligation: lastStep?.selected_obligation ?? decision.selected_obligation,
-        selected_executor: lastStep?.selected_executor ?? "result_ingestion_executor",
-        progress_made: anyProgress,
-        artifacts_written: Array.from(artifactsWritten),
-        progress_summary: `Imported ${batchFiles.length} batch result file${batchFiles.length === 1 ? "" : "s"} from ${options.batchDir}.` +
-            (progressSummaries.length > 0
-                ? `\n${progressSummaries.join("\n")}`
-                : ""),
-        next_likely_step: state.status === "complete" ? null : decision.selected_obligation,
-    };
-}
 async function persistConfigErrorHandoff(params) {
     const bundle = await loadArtifactBundle(params.artifactsDir);
     const blockedState = buildBlockedAuditState({