auditor-lambda 0.7.0 → 0.9.0

package/dist/io/artifacts.js

@@ -79,13 +79,29 @@ export async function loadArtifactBundle(root) {
     bundle.tooling_manifest = await buildToolingManifest();
     return bundle;
 }
-export async function writeCoreArtifacts(root, bundle) {
+export async function writeCoreArtifacts(root, bundle, options = {}) {
     const bundleRecord = bundle;
     for (const entry of ARTIFACT_ENTRIES) {
         const [key, definition] = entry;
         const value = bundleRecord[key];
+        const path = join(root, definition.fileName);
         if (value !== undefined) {
-            await definition.write(join(root, definition.fileName), value);
+            await definition.write(path, value);
+        }
+        else if (options.prune) {
+            // The bundle is authoritative. An executor that clears an artifact to
+            // `undefined` (to force a downstream rebuild — e.g. planning/ingestion
+            // reset audit_report) intends the file gone; if it lingers it reloads as a
+            // stale "present" artifact with no metadata entry, which deriveAuditState
+            // reads as satisfied — masking the invalidation and stranding a stale
+            // report. Only callers passing the full accumulated bundle may prune.
+            try {
+                await unlink(path);
+            }
+            catch (error) {
+                if (!isFileMissingError(error))
+                    throw error;
+            }
         }
     }
 }

package/dist/io/runArtifactTypes.d.ts

@@ -0,0 +1,18 @@
+export interface RunPaths {
+    runDir: string;
+    taskPath: string;
+    promptPath: string;
+    resultPath: string;
+    stdoutPath: string;
+    stderrPath: string;
+    statusPath: string;
+}
+export interface DispatchBatchRun {
+    run_id: string;
+    task_path: string;
+    prompt_path: string;
+    result_path: string;
+    status_path: string;
+    audit_results_path?: string;
+    pending_audit_tasks_path?: string;
+}

package/dist/io/runArtifactTypes.js

@@ -0,0 +1 @@
+export {};

package/dist/io/runArtifacts.d.ts

@@ -1,23 +1,7 @@
 import type { AuditTask } from "../types.js";
 import type { WorkerTask } from "../types/workerSession.js";
-export interface RunPaths {
-    runDir: string;
-    taskPath: string;
-    promptPath: string;
-    resultPath: string;
-    stdoutPath: string;
-    stderrPath: string;
-    statusPath: string;
-}
-export interface DispatchBatchRun {
-    run_id: string;
-    task_path: string;
-    prompt_path: string;
-    result_path: string;
-    status_path: string;
-    audit_results_path?: string;
-    pending_audit_tasks_path?: string;
-}
+import type { RunPaths, DispatchBatchRun } from "./runArtifactTypes.js";
+export type { RunPaths, DispatchBatchRun } from "./runArtifactTypes.js";
 export declare function buildRunId(obligationId: string | null, index: number, now?: Date): string;
 export declare function getRunPaths(artifactsDir: string, runId: string): RunPaths;
 export declare function ensureSupervisorDirs(artifactsDir: string): Promise<void>;

package/dist/io/runArtifacts.js

@@ -61,6 +61,10 @@ export async function ensureSupervisorDirs(artifactsDir) {
 }
 async function writeDispatchSchemaFiles(artifactsDir) {
     const dispatchDir = join(artifactsDir, "dispatch");
+    // Ensure the dispatch dir exists: this is now written before the pointer
+    // files (which formerly created it), and parallel-slot dispatch may reach
+    // here before the canonical dispatch has run.
+    await mkdir(dispatchDir, { recursive: true });
     await writeFile(join(dispatchDir, CURRENT_SCHEMA_FILENAME), await readFile(auditResultSchemaPath, "utf8"), "utf8");
     await writeFile(join(dispatchDir, CURRENT_RESULTS_SCHEMA_FILENAME), await readFile(auditResultsSchemaPath, "utf8"), "utf8");
     await writeFile(join(dispatchDir, CURRENT_FINDING_SCHEMA_FILENAME), await readFile(findingSchemaPath, "utf8"), "utf8");
@@ -116,15 +120,22 @@ export async function writeWorkerTaskFiles(task, prompt, paths, artifactsDir, cu
         run_id: task.run_id,
         status: "dispatched",
     });
-    if (options.updateDispatch === false) {
-        await writeDispatchSchemaFiles(artifactsDir);
+    // The result schema files are always required by the worker, regardless of
+    // whether this run owns the shared "current dispatch" pointer files.
+    await writeDispatchSchemaFiles(artifactsDir);
+    // Parallel-slot dispatch passes updateDispatch:false so each slot does NOT
+    // clobber the shared current-task / current-prompt / current-tasks pointers
+    // (only the single canonical dispatch should own them). The default path
+    // (updateDispatch unset/true) refreshes those pointers and the single-task
+    // fallback.
+    const updateDispatch = options.updateDispatch !== false;
+    if (!updateDispatch) {
         return;
     }
     await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASK_FILENAME), task);
     await writeFile(join(artifactsDir, "dispatch", CURRENT_PROMPT_FILENAME), prompt, "utf8");
     await writeJsonFile(join(artifactsDir, "dispatch", CURRENT_TASKS_FILENAME), currentTasks ?? []);
     await writeSingleTaskFallbackFiles(artifactsDir, task, currentTasks);
-    await writeDispatchSchemaFiles(artifactsDir);
 }
 export async function writeDispatchBatchFiles(artifactsDir, runs, currentTasks) {
     const summary = {

package/dist/mcp/server.js

@@ -125,6 +125,7 @@ async function runWrapperCommand(args, options) {
         });
     });
 }
+const SUBPROCESS_STDERR_TAIL_CHARS = 2000;
 async function parseCliJson(args, options, allowNonZero = false) {
     const result = await runWrapperCommand(args, options);
     const combined = result.stdout.trim() || result.stderr.trim();
@@ -134,6 +135,14 @@ async function parseCliJson(args, options, allowNonZero = false) {
     if (combined.length === 0) {
         throw new Error("Command completed without JSON output.");
     }
+    // On a successful (or tolerated-nonzero) call we parse stdout for the JSON
+    // payload and otherwise discard stderr. Surface any captured stderr as a
+    // tail so subprocess diagnostics (warnings, structured stderr lines) are not
+    // lost when the command still succeeded.
+    const stderrTail = result.stderr.trim();
+    if (stderrTail.length > 0) {
+        process.stderr.write(`[audit-code] mcp: subprocess stderr: ${stderrTail.slice(-SUBPROCESS_STDERR_TAIL_CHARS)}\n`);
+    }
     try {
         return JSON.parse(result.stdout);
     }

package/dist/orchestrator/advance.js

@@ -1,12 +1,28 @@
 import { decideNextStep, findObligation } from "./nextStep.js";
 import { deriveAuditState } from "./state.js";
 import { computeArtifactMetadata } from "./artifactMetadata.js";
-import { runIntakeExecutor, runStructureExecutor, runPlanningExecutor, runResultIngestionExecutor, runRuntimeValidationExecutor, runRuntimeValidationUpdateExecutor, runSynthesisExecutor, runSynthesisNarrativeExecutor, runDesignAssessmentExecutor, runDesignReviewAutoComplete, runExternalAnalyzerImportExecutor, } from "./internalExecutors.js";
+import { runIntakeExecutor } from "./intakeExecutors.js";
+import { runStructureExecutor, runDesignAssessmentExecutor, runDesignReviewAutoComplete, } from "./structureExecutors.js";
+import { runPlanningExecutor } from "./planningExecutors.js";
+import { runResultIngestionExecutor, runRuntimeValidationExecutor, runRuntimeValidationUpdateExecutor, runExternalAnalyzerImportExecutor, } from "./ingestionExecutors.js";
+import { runSynthesisExecutor, runSynthesisNarrativeExecutor, } from "./synthesisExecutors.js";
 import { runAutoFixExecutor } from "./autoFixExecutor.js";
 import { runSyntaxResolutionExecutor } from "./syntaxResolutionExecutor.js";
 import { runGraphEnrichmentExecutor } from "./graphEnrichmentExecutor.js";
 import { resolveAuditScope } from "./scope.js";
 import { RunLogger } from "@audit-tools/shared";
+/**
+ * Narrow an optional root to a definite string for an executor that requires
+ * it, throwing the canonical "advanceAudit <executor> requires root" error
+ * otherwise. Replaces the guard previously copy-pasted across every
+ * root-dependent executor branch below.
+ */
+function requireRoot(root, executorName) {
+    if (!root) {
+        throw new Error(`advanceAudit ${executorName} requires root`);
+    }
+    return root;
+}
 function cloneState(state) {
     return {
         ...state,
@@ -63,11 +79,11 @@ export async function advanceAudit(bundle, options = {}) {
     });
     try {
         switch (selectedExecutor) {
-            case "intake_executor":
-                if (!options.root)
-                    throw new Error("advanceAudit intake_executor requires root");
-                run = await runIntakeExecutor(bundle, options.root);
+            case "intake_executor": {
+                const root = requireRoot(options.root, "intake_executor");
+                run = await runIntakeExecutor(bundle, root);
                 break;
+            }
             case "structure_executor":
                 run = await runStructureExecutor(bundle, options.root);
                 break;
@@ -85,26 +101,26 @@ export async function advanceAudit(bundle, options = {}) {
             case "design_review":
                 run = runDesignReviewAutoComplete(bundle);
                 break;
-            case "planning_executor":
-                if (!options.root)
-                    throw new Error("advanceAudit planning_executor requires root");
+            case "planning_executor": {
+                const root = requireRoot(options.root, "planning_executor");
                 plannedScope = resolveAuditScope({
-                    root: options.root,
+                    root,
                     since: options.since,
                     bundle,
                 });
-                run = await runPlanningExecutor(bundle, options.root, options.lineIndex ?? {}, options.sizeIndex, plannedScope);
+                run = await runPlanningExecutor(bundle, root, options.lineIndex ?? {}, options.sizeIndex, plannedScope);
                 break;
+            }
             case "result_ingestion_executor":
                 run = runResultIngestionExecutor(bundle, options.auditResults ?? bundle.audit_results ?? []);
                 break;
-            case "runtime_validation_executor":
-                if (!options.root)
-                    throw new Error("advanceAudit runtime_validation_executor requires root");
-                run = await runRuntimeValidationExecutor(bundle, options.root, {
+            case "runtime_validation_executor": {
+                const root = requireRoot(options.root, "runtime_validation_executor");
+                run = await runRuntimeValidationExecutor(bundle, root, {
                     opentoken: options.opentoken,
                 });
                 break;
+            }
             case "synthesis_executor":
                 run = runSynthesisExecutor(bundle, options.auditResults);
                 break;
@@ -121,16 +137,16 @@ export async function advanceAudit(bundle, options = {}) {
                     throw new Error("advanceAudit external_analyzer_import_executor requires externalAnalyzerResults");
                 run = runExternalAnalyzerImportExecutor(bundle, options.externalAnalyzerResults);
                 break;
-            case "auto_fix_executor":
-                if (!options.root)
-                    throw new Error("advanceAudit auto_fix_executor requires root");
-                run = runAutoFixExecutor(bundle, options.root);
+            case "auto_fix_executor": {
+                const root = requireRoot(options.root, "auto_fix_executor");
+                run = await runAutoFixExecutor(bundle, root);
                 break;
-            case "syntax_resolution_executor":
-                if (!options.root)
-                    throw new Error("advanceAudit syntax_resolution_executor requires root");
-                run = runSyntaxResolutionExecutor(bundle, options.root);
+            }
+            case "syntax_resolution_executor": {
+                const root = requireRoot(options.root, "syntax_resolution_executor");
+                run = runSyntaxResolutionExecutor(bundle, root);
                 break;
+            }
             default: {
                 const state = deriveAuditState(bundle);
                 state.last_executor = selectedExecutor;

package/dist/orchestrator/artifactFreshness.js

@@ -1,5 +1,5 @@
 import { createHash } from "node:crypto";
-import { ARTIFACT_DEPENDENCY_MAP } from "./dependencyMap.js";
+import { ARTIFACT_DEPENDENTS_MAP } from "./dependencyMap.js";
 export function stableStringify(value) {
     if (value === undefined) {
         return "null";
@@ -15,9 +15,19 @@ export function stableStringify(value) {
         .sort(([a], [b]) => a.localeCompare(b));
     return `{${entries.map(([key, item]) => `${JSON.stringify(key)}:${stableStringify(item)}`).join(",")}}`;
 }
+// Artifacts that stamp a wall-clock `generated_at` on every (re)build. The
+// timestamp is provenance, not content: two rebuilds with identical data but
+// different timestamps must hash equal, or the artifact's revision churns every
+// rebuild and perpetually re-stales its downstreams (e.g. audit-report.md
+// depends on design_assessment) — a finalization-oscillation hazard.
+const GENERATED_AT_STRIPPED_ARTIFACTS = new Set([
+    "repo_manifest.json",
+    "tooling_manifest.json",
+    "audit_plan_metrics.json",
+    "design_assessment.json",
+]);
 export function normalizeForMetadataHash(artifactName, value) {
-    if ((artifactName === "repo_manifest.json" ||
-        artifactName === "tooling_manifest.json") &&
+    if (GENERATED_AT_STRIPPED_ARTIFACTS.has(artifactName) &&
         value &&
         typeof value === "object" &&
         !Array.isArray(value)) {
@@ -34,7 +44,7 @@ export function hashArtifactValue(artifactName, value) {
 }
 export function buildReverseDependencyMap() {
     const reverse = {};
-    for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENCY_MAP)) {
+    for (const [upstream, downstreamList] of Object.entries(ARTIFACT_DEPENDENTS_MAP)) {
         reverse[upstream] ??= [];
         for (const downstream of downstreamList) {
             reverse[downstream] ??= [];

package/dist/orchestrator/autoFixExecutor.d.ts

@@ -1,3 +1,3 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
-import type { ExecutorRunResult } from "./internalExecutors.js";
-export declare function runAutoFixExecutor(bundle: ArtifactBundle, root: string): ExecutorRunResult;
+import type { ExecutorRunResult } from "./executorResult.js";
+export declare function runAutoFixExecutor(bundle: ArtifactBundle, root: string): Promise<ExecutorRunResult>;

package/dist/orchestrator/autoFixExecutor.js

@@ -1,4 +1,4 @@
-import { existsSync, readFileSync } from "node:fs";
+import { access, readFile } from "node:fs/promises";
 import { join } from "node:path";
 import { isAuditExcludedStatus } from "../extractors/disposition.js";
 import { resolveNodeTool, runFirstAvailableCommand, } from "./localCommands.js";
@@ -19,23 +19,31 @@ const PRETTIER_CONFIG_FILES = [
     "prettier.config.cjs",
     "prettier.config.mjs",
 ];
-function hasPrettierConfig(root) {
-    if (PRETTIER_CONFIG_FILES.some((file) => existsSync(join(root, file)))) {
+async function pathExists(target) {
+    try {
+        await access(target);
         return true;
     }
-    const packageJsonPath = join(root, "package.json");
-    if (!existsSync(packageJsonPath)) {
+    catch {
         return false;
     }
+}
+async function hasPrettierConfig(root) {
+    const configChecks = await Promise.all(PRETTIER_CONFIG_FILES.map((file) => pathExists(join(root, file))));
+    if (configChecks.some(Boolean)) {
+        return true;
+    }
+    const packageJsonPath = join(root, "package.json");
     try {
-        const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
+        const packageJson = JSON.parse(await readFile(packageJsonPath, "utf8"));
         return packageJson.prettier !== undefined;
     }
     catch {
+        // Missing package.json or unparseable JSON => no prettier config.
         return false;
     }
 }
-export function runAutoFixExecutor(bundle, root) {
+export async function runAutoFixExecutor(bundle, root) {
     if (!bundle.file_disposition) {
         throw new Error("Cannot run auto fix executor without file_disposition");
     }
@@ -49,8 +57,9 @@ export function runAutoFixExecutor(bundle, root) {
         }
     }
     const executedTools = [];
+    const toolTimings = [];
     // JS, TS, HTML, CSS, JSON, YAML, MD
-    if (hasPrettierConfig(root) &&
+    if ((await hasPrettierConfig(root)) &&
         (extensions.has("ts") ||
             extensions.has("js") ||
             extensions.has("tsx") ||
@@ -61,16 +70,19 @@ export function runAutoFixExecutor(bundle, root) {
             extensions.has("yml") ||
             extensions.has("yaml") ||
             extensions.has("md"))) {
+        const prettierStart = Date.now();
         if (tryRunConfiguredFormatter(root, [
             ...resolveNodeTool(root, join("node_modules", "prettier", "bin", "prettier.cjs"), ["--write", "."], "prettier --write ."),
             { command: "prettier", args: ["--write", "."], display: "prettier --write ." },
             { command: "npx", args: ["--yes", "prettier", "--write", "."], display: "npx --yes prettier --write ." },
         ])) {
             executedTools.push("prettier");
+            toolTimings.push({ tool: "prettier", duration_ms: Date.now() - prettierStart });
         }
     }
     // Python
     if (extensions.has("py")) {
+        const blackStart = Date.now();
         if (tryRunConfiguredFormatter(root, [
             { command: "black", args: ["."], display: "black ." },
             { command: "python", args: ["-m", "black", "."], display: "python -m black ." },
@@ -78,28 +90,34 @@ export function runAutoFixExecutor(bundle, root) {
             { command: "pipx", args: ["run", "black", "."], display: "pipx run black ." },
         ])) {
             executedTools.push("black");
+            toolTimings.push({ tool: "black", duration_ms: Date.now() - blackStart });
         }
     }
     // SQL
     if (extensions.has("sql")) {
+        const sqlfluffStart = Date.now();
         if (tryRunConfiguredFormatter(root, [
             { command: "sqlfluff", args: ["fix", "--force", "."], display: "sqlfluff fix --force ." },
             { command: "uvx", args: ["sqlfluff", "fix", "--force", "."], display: "uvx sqlfluff fix --force ." },
             { command: "pipx", args: ["run", "sqlfluff", "fix", "--force", "."], display: "pipx run sqlfluff fix --force ." },
         ])) {
             executedTools.push("sqlfluff");
+            toolTimings.push({ tool: "sqlfluff", duration_ms: Date.now() - sqlfluffStart });
         }
     }
     // Go
     if (extensions.has("go")) {
+        const gofmtStart = Date.now();
         if (tryRunConfiguredFormatter(root, [
             { command: "gofmt", args: ["-w", "."], display: "gofmt -w ." },
         ])) {
             executedTools.push("gofmt");
+            toolTimings.push({ tool: "gofmt", duration_ms: Date.now() - gofmtStart });
         }
     }
     const resultsArtifact = {
         executed_tools: executedTools,
+        tool_timings: toolTimings,
         timestamp: new Date().toISOString(),
     };
     return {

package/dist/orchestrator/dependencyMap.d.ts

@@ -1 +1 @@
-export declare const ARTIFACT_DEPENDENCY_MAP: Record<string, string[]>;
+export declare const ARTIFACT_DEPENDENTS_MAP: Record<string, string[]>;

package/dist/orchestrator/dependencyMap.js

@@ -1,4 +1,10 @@
-export const ARTIFACT_DEPENDENCY_MAP = {
+// Invalidation map keyed by UPSTREAM artifact → the list of DOWNSTREAM
+// artifacts that depend on it (and so become stale when it changes). The name
+// reflects the actual direction: each entry's value is that key's *dependents*.
+// `buildReverseDependencyMap` flips this to the "X depends on Y" view used by
+// computeArtifactMetadata. (Renamed from the misleading ARTIFACT_DEPENDENCY_MAP,
+// which read as "X's dependencies" — the opposite of what it stores.)
+export const ARTIFACT_DEPENDENTS_MAP = {
     "tooling_manifest.json": [
         "repo_manifest.json",
     ],

package/dist/orchestrator/executorResult.d.ts

@@ -0,0 +1,12 @@
+import type { ArtifactBundle } from "../io/artifacts.js";
+/**
+ * Uniform result of running one audit executor: the updated artifact bundle, the
+ * artifact filenames it wrote (which drive metadata/staleness bookkeeping in
+ * advanceAudit), and a one-line human progress summary. Shared by every executor
+ * module so they need not depend on the internalExecutors barrel.
+ */
+export interface ExecutorRunResult {
+    updated: ArtifactBundle;
+    artifacts_written: string[];
+    progress_summary: string;
+}

package/dist/orchestrator/executorResult.js

@@ -0,0 +1 @@
+export {};

package/dist/orchestrator/fileAnchors.js

@@ -1,3 +1,11 @@
+/**
+ * Graph buckets in `graph_bundle.json` that carry file-to-file edges relevant to
+ * large-file anchoring. Named here (rather than inlined as bare strings in the
+ * collection loop) so the set of scanned buckets is a single typed source of
+ * truth and each bucket key doubles as a typed fallback edge `kind`. `as const`
+ * narrows the element type from `string` to the literal union.
+ */
+const GRAPH_EDGE_BUCKETS = ["imports", "calls", "references"];
 const MAX_ANCHORS = 160;
 const KEYWORD_PATTERN = /\b(auth|token|password|secret|permission|role|sql|query|exec|spawn|eval|deserialize|encrypt|decrypt|cache|retry|timeout|transaction|lock|race|TODO|FIXME)\b/i;
 const SYMBOL_PATTERNS = [
@@ -85,8 +93,11 @@ function collectGraphEdges(graphBundle, path) {
     }
     const normalizedPath = normalizePath(path).toLowerCase();
     const edges = [];
-    for (const key of ["imports", "calls", "references"]) {
-        const raw = graphBundle.graphs[key];
+    // Typed as `string` (not the literal union) so the lookup resolves through the
+    // `[key: string]: unknown` index signature on `graphs` — the loop body then
+    // re-validates each entry's shape, matching the original deterministic parse.
+    for (const bucket of GRAPH_EDGE_BUCKETS) {
+        const raw = graphBundle.graphs[bucket];
         if (!Array.isArray(raw)) {
             continue;
         }
@@ -103,7 +114,7 @@ function collectGraphEdges(graphBundle, path) {
                     edges.push({
                         from: record.from,
                         to: record.to,
-                        kind: typeof record.kind === "string" ? record.kind : key,
+                        kind: typeof record.kind === "string" ? record.kind : bucket,
                     });
                 }
             }

package/dist/orchestrator/fileIntegrity.d.ts

@@ -2,6 +2,7 @@ import type { RepoManifest } from "../types.js";
 export interface FileIntegrityResult {
     changed_files: string[];
     missing_files: string[];
+    io_errors: string[];
     is_clean: boolean;
 }
 export declare function checkFileIntegrity(root: string, manifest: RepoManifest, scope?: string[]): Promise<FileIntegrityResult>;

package/dist/orchestrator/fileIntegrity.js

@@ -9,6 +9,7 @@ async function hashFile(absolutePath) {
 export async function checkFileIntegrity(root, manifest, scope) {
     const changed = [];
     const missing = [];
+    const ioErrors = [];
     const scopeSet = scope ? new Set(scope) : null;
     const files = scopeSet
         ? manifest.files.filter((f) => scopeSet.has(f.path))
@@ -29,13 +30,21 @@ export async function checkFileIntegrity(root, manifest, scope) {
                 changed.push(record.path);
             }
         }
-        catch {
-            missing.push(record.path);
+        catch (err) {
+            const code = err.code;
+            if (code === "ENOENT") {
+                missing.push(record.path);
+            }
+            else {
+                console.warn(`fileIntegrity: I/O error on ${record.path}: ${code ?? String(err)}`);
+                ioErrors.push(record.path);
+            }
         }
     }
     return {
         changed_files: changed,
         missing_files: missing,
-        is_clean: changed.length === 0 && missing.length === 0,
+        io_errors: ioErrors,
+        is_clean: changed.length === 0 && missing.length === 0 && ioErrors.length === 0,
     };
 }

package/dist/orchestrator/flowCoverage.js

@@ -6,6 +6,7 @@ function lensSetForFlow(concerns) {
         "data_integrity",
         "operability",
         "performance",
+        "observability",
     ];
     return concerns.filter((concern) => allowed.includes(concern));
 }

package/dist/orchestrator/flowRequeue.js

@@ -45,8 +45,11 @@ export function buildFlowRequeueTasks(criticalFlows, flowCoverage, coverageMatri
             ? flow.paths.filter((path) => typeof path === "string")
             : [];
         for (const lensName of missingLenses) {
+            // Skip (rather than throw on) an unsupported lens value, consistent with
+            // the filter-based lens guards elsewhere in the orchestrator: a stray
+            // non-canonical lens in flow coverage should not abort the whole requeue.
             if (!isLens(lensName)) {
-                throw new Error(`buildFlowRequeueTasks encountered unsupported lens "${String(lensName)}" for flow ${record.flow_id}.`);
+                continue;
             }
             for (const path of flowPaths) {
                 if (!fileStillNeedsLens(coverageByPath, path, lensName)) {

package/dist/orchestrator/graphEnrichmentExecutor.d.ts

@@ -1,5 +1,5 @@
 import type { ArtifactBundle } from "../io/artifacts.js";
-import type { ExecutorRunResult } from "./internalExecutors.js";
+import type { ExecutorRunResult } from "./executorResult.js";
 import type { AnalyzerSetting } from "@audit-tools/shared";
 import type { LanguageAnalyzer } from "../extractors/analyzers/types.js";
 import { type EdgeReasoningResults } from "./edgeReasoning.js";

package/dist/orchestrator/graphEnrichmentExecutor.js

@@ -133,7 +133,9 @@ export async function runGraphEnrichmentExecutor(bundle, options = {}) {
                 setting,
                 edges_added: 0,
                 routes_added: 0,
-                note: `Analyzer failed: ${error instanceof Error ? error.message : String(error)}.`,
+                note: error instanceof Error
+                    ? `Analyzer failed [${error.name}]: ${error.message}${error.stack ? ` — stack: ${error.stack.split("\n").slice(0, 4).join(" | ")}` : ""}`
+                    : `Analyzer failed: ${String(error)}.`,
             });
             continue;
         }

package/dist/orchestrator/ingestionExecutors.d.ts

@@ -0,0 +1,11 @@
+import type { ArtifactBundle } from "../io/artifacts.js";
+import type { AuditResult } from "../types.js";
+import type { RuntimeValidationReport } from "../types/runtimeValidation.js";
+import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
+import type { ExecutorRunResult } from "./executorResult.js";
+export declare function runResultIngestionExecutor(bundle: ArtifactBundle, results: AuditResult[]): ExecutorRunResult;
+export declare function runRuntimeValidationExecutor(bundle: ArtifactBundle, root: string, options?: {
+    opentoken?: boolean;
+}): Promise<ExecutorRunResult>;
+export declare function runRuntimeValidationUpdateExecutor(bundle: ArtifactBundle, updates: RuntimeValidationReport): ExecutorRunResult;
+export declare function runExternalAnalyzerImportExecutor(bundle: ArtifactBundle, externalResults: ExternalAnalyzerResults): ExecutorRunResult;