auditor-lambda 0.8.0 → 0.9.0

package/dist/validation/auditResults.js

@@ -1,4 +1,4 @@
-import { describeValue, formatValidationIssues, isRecord, } from "@audit-tools/shared";
+import { describeValue, formatValidationIssues, isRecord, VALID_LENSES, VALID_SEVERITIES, VALID_CONFIDENCES, } from "@audit-tools/shared";
 export function normalizeCoveragePath(path) {
     return path.replace(/\\/g, "/").replace(/^\.\//, "");
 }
@@ -11,23 +11,11 @@ const REQUIRED_FINDING_FIELDS = [
     "lens",
     "summary",
 ];
-const VALID_SEVERITIES = new Set(["critical", "high", "medium", "low", "info"]);
-const VALID_CONFIDENCES = new Set(["high", "medium", "low"]);
+// Severity / confidence / lens validity now come from the canonical shared
+// vocabulary (`@audit-tools/shared`); previously each was re-defined here and
+// drifted from the shared Lens / FindingSeverity / FindingConfidence types.
 const VALID_PRIORITIES = new Set(["high", "medium", "low"]);
 const LENS_VERIFICATION_TAG = "lens_verification";
-const VALID_LENSES = new Set([
-    "correctness",
-    "architecture",
-    "maintainability",
-    "security",
-    "reliability",
-    "performance",
-    "data_integrity",
-    "tests",
-    "operability",
-    "config_deployment",
-    "observability",
-]);
 function pushIssue(issues, params) {
     issues.push({
         ...params,
@@ -77,20 +65,12 @@ function validateExpectedStringField(value, label, expected, taskId, resultIndex
         });
     }
 }
-function validateFinding(finding, label, taskId, resultIndex) {
-    const issues = [];
-    if (!isRecord(finding)) {
-        pushIssue(issues, {
-            result_index: resultIndex,
-            task_id: taskId,
-            field: label,
-            message: `${label} must be an object, got ${describeValue(finding)}.`,
-        });
-        return issues;
-    }
+function validateFindingRequiredFields(finding, label, taskId, resultIndex, issues) {
     for (const field of REQUIRED_FINDING_FIELDS) {
         validateRequiredStringField(finding[field], `${label}.${field}`, taskId, resultIndex, issues);
     }
+}
+function validateFindingEnums(finding, label, taskId, resultIndex, issues) {
     if (typeof finding.severity === "string" &&
         !VALID_SEVERITIES.has(finding.severity)) {
         pushIssue(issues, {
@@ -117,6 +97,8 @@ function validateFinding(finding, label, taskId, resultIndex) {
             message: `Invalid lens '${finding.lens}'. Must be one of: ${[...VALID_LENSES].join(", ")}.`,
         });
     }
+}
+function validateAffectedFiles(finding, label, taskId, resultIndex, issues) {
     const affectedFiles = finding.affected_files;
     if (!Array.isArray(affectedFiles) || affectedFiles.length === 0) {
         pushIssue(issues, {
@@ -125,57 +107,58 @@ function validateFinding(finding, label, taskId, resultIndex) {
             field: `${label}.affected_files`,
             message: "affected_files must be a non-empty array.",
         });
+        return;
     }
-    else {
-        for (let k = 0; k < affectedFiles.length; k++) {
-            const item = affectedFiles[k];
-            if (!isRecord(item)) {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.affected_files[${k}]`,
-                    message: `affected_files[${k}] must be an object, got ${describeValue(item)}.`,
-                });
-                continue;
-            }
-            if (!isNonEmptyString(item.path)) {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.affected_files[${k}].path`,
-                    message: "affected_files entry has an empty path.",
-                });
-            }
-            if (item.line_start !== undefined &&
-                !Number.isInteger(item.line_start)) {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.affected_files[${k}].line_start`,
-                    message: `affected_files[${k}].line_start must be an integer, got ${describeValue(item.line_start)}.`,
-                });
-            }
-            if (item.line_end !== undefined &&
-                !Number.isInteger(item.line_end)) {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.affected_files[${k}].line_end`,
-                    message: `affected_files[${k}].line_end must be an integer, got ${describeValue(item.line_end)}.`,
-                });
-            }
-            if (Number.isInteger(item.line_start) &&
-                Number.isInteger(item.line_end) &&
-                Number(item.line_start) > Number(item.line_end)) {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.affected_files[${k}]`,
-                    message: "affected_files line_start must be less than or equal to line_end.",
-                });
-            }
+    for (let k = 0; k < affectedFiles.length; k++) {
+        const item = affectedFiles[k];
+        if (!isRecord(item)) {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}.affected_files[${k}]`,
+                message: `affected_files[${k}] must be an object, got ${describeValue(item)}.`,
+            });
+            continue;
+        }
+        if (!isNonEmptyString(item.path)) {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}.affected_files[${k}].path`,
+                message: "affected_files entry has an empty path.",
+            });
+        }
+        if (item.line_start !== undefined &&
+            !Number.isInteger(item.line_start)) {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}.affected_files[${k}].line_start`,
+                message: `affected_files[${k}].line_start must be an integer, got ${describeValue(item.line_start)}.`,
+            });
+        }
+        if (item.line_end !== undefined &&
+            !Number.isInteger(item.line_end)) {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}.affected_files[${k}].line_end`,
+                message: `affected_files[${k}].line_end must be an integer, got ${describeValue(item.line_end)}.`,
+            });
+        }
+        if (Number.isInteger(item.line_start) &&
+            Number.isInteger(item.line_end) &&
+            Number(item.line_start) > Number(item.line_end)) {
+            pushIssue(issues, {
+                result_index: resultIndex,
+                task_id: taskId,
+                field: `${label}.affected_files[${k}]`,
+                message: "affected_files line_start must be less than or equal to line_end.",
+            });
         }
     }
+}
+function validateEvidence(finding, label, taskId, resultIndex, issues) {
     const evidence = finding.evidence;
     if (!Array.isArray(evidence) || evidence.length === 0) {
         pushIssue(issues, {
@@ -184,33 +167,52 @@ function validateFinding(finding, label, taskId, resultIndex) {
             field: `${label}.evidence`,
             message: "evidence is empty — provide an array of plain strings such as \"src/foo.ts:42 - variable overwritten before use\".",
         });
+        return;
     }
-    else {
-        let hasSubstantiveEntry = false;
-        for (let k = 0; k < evidence.length; k++) {
-            const entry = evidence[k];
-            if (typeof entry !== "string") {
-                pushIssue(issues, {
-                    result_index: resultIndex,
-                    task_id: taskId,
-                    field: `${label}.evidence[${k}]`,
-                    message: `evidence[${k}] must be a string, got ${describeValue(entry)}.`,
-                });
-                continue;
-            }
-            if (entry.trim().length > 0) {
-                hasSubstantiveEntry = true;
-            }
-        }
-        if (!hasSubstantiveEntry) {
+    let hasSubstantiveEntry = false;
+    for (let k = 0; k < evidence.length; k++) {
+        const entry = evidence[k];
+        if (typeof entry !== "string") {
             pushIssue(issues, {
                 result_index: resultIndex,
                 task_id: taskId,
-                field: `${label}.evidence`,
-                message: "All evidence entries are empty strings.",
+                field: `${label}.evidence[${k}]`,
+                message: `evidence[${k}] must be a string, got ${describeValue(entry)}.`,
             });
+            continue;
+        }
+        if (entry.trim().length > 0) {
+            hasSubstantiveEntry = true;
         }
     }
+    if (!hasSubstantiveEntry) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: `${label}.evidence`,
+            message: "All evidence entries are empty strings.",
+        });
+    }
+}
+// Thin orchestrator: validates one finding by delegating to the per-concern
+// validators (object-shape, required strings, enums, affected_files, evidence),
+// each of which pushes into the shared issues array. Behavior and messages are
+// identical to the former single 165-line function.
+function validateFinding(finding, label, taskId, resultIndex) {
+    const issues = [];
+    if (!isRecord(finding)) {
+        pushIssue(issues, {
+            result_index: resultIndex,
+            task_id: taskId,
+            field: label,
+            message: `${label} must be an object, got ${describeValue(finding)}.`,
+        });
+        return issues;
+    }
+    validateFindingRequiredFields(finding, label, taskId, resultIndex, issues);
+    validateFindingEnums(finding, label, taskId, resultIndex, issues);
+    validateAffectedFiles(finding, label, taskId, resultIndex, issues);
+    validateEvidence(finding, label, taskId, resultIndex, issues);
     return issues;
 }
 function validateOptionalStringArray(value, label, taskId, resultIndex, issues) {

package/dist/validation/sessionConfig.d.ts

@@ -1,7 +1,7 @@
 import { type SessionConfig, type ValidationIssue } from "@audit-tools/shared";
 export declare function validateSessionConfig(value: unknown): ValidationIssue[];
 export declare function validateConfiguredProviderEnvironment(sessionConfig: SessionConfig, options?: {
-    commandExists?: (command: string) => boolean;
+    commandExists?: (command: string) => Promise<boolean>;
     pathExists?: (commandPath: string) => boolean;
-}): ValidationIssue[];
+}): Promise<ValidationIssue[]>;
 export { formatValidationIssues } from "@audit-tools/shared";

package/dist/validation/sessionConfig.js

@@ -1,6 +1,8 @@
-import { spawnSync } from "node:child_process";
+import { exec } from "node:child_process";
 import { accessSync, constants } from "node:fs";
+import { promisify } from "node:util";
 import { ANALYZER_SETTINGS, PROVIDER_NAMES, SESSION_UI_MODES, isRecord, pushValidationIssue, } from "@audit-tools/shared";
+const execAsync = promisify(exec);
 const VALID_PROVIDERS = new Set(PROVIDER_NAMES);
 const VALID_UI_MODES = new Set(SESSION_UI_MODES);
 const VALID_ANALYZER_SETTINGS = new Set(ANALYZER_SETTINGS);
@@ -80,10 +82,15 @@ function validateAgentProviderSection(value, path, issues) {
         pushIssue(issues, `${path}.dangerously_skip_permissions`, "dangerously_skip_permissions must be a boolean when provided.");
     }
 }
-function commandExists(command) {
+async function commandExists(command) {
     const lookupCommand = process.platform === "win32" ? "where" : "which";
-    const result = spawnSync(lookupCommand, [command], { stdio: "ignore" });
-    return result.status === 0;
+    try {
+        await execAsync(`${lookupCommand} ${command}`);
+        return true;
+    }
+    catch {
+        return false;
+    }
 }
 function configuredPathExists(commandPath) {
     try {
@@ -183,14 +190,14 @@ export function validateSessionConfig(value) {
     }
     return issues;
 }
-export function validateConfiguredProviderEnvironment(sessionConfig, options = {}) {
+export async function validateConfiguredProviderEnvironment(sessionConfig, options = {}) {
     const issues = [];
     const lookupCommand = options.commandExists ?? commandExists;
     const lookupPath = options.pathExists ?? configuredPathExists;
     const provider = sessionConfig.provider ?? "local-subprocess";
     if (provider === "claude-code") {
         const command = sessionConfig.claude_code?.command ?? "claude";
-        if (isBareExecutableName(command) && !lookupCommand(command)) {
+        if (isBareExecutableName(command) && !(await lookupCommand(command))) {
             pushIssue(issues, "claude_code.command", `Configured claude-code executable was not found on PATH: ${command}.`);
         }
         else if (isDirectExecutablePath(command) && !lookupPath(command)) {
@@ -202,7 +209,7 @@ export function validateConfiguredProviderEnvironment(sessionConfig, options = {
     }
     if (provider === "opencode") {
         const command = sessionConfig.opencode?.command ?? "opencode";
-        if (isBareExecutableName(command) && !lookupCommand(command)) {
+        if (isBareExecutableName(command) && !(await lookupCommand(command))) {
             pushIssue(issues, "opencode.command", `Configured opencode executable was not found on PATH: ${command}.`);
         }
         else if (isDirectExecutablePath(command) && !lookupPath(command)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auditor-lambda",
-  "version": "0.8.0",
+  "version": "0.9.0",
   "private": false,
   "description": "Portable hybrid code-auditing framework for arbitrary repositories.",
   "type": "module",
@@ -23,7 +23,7 @@
     "update-languages": "node scripts/update-languages.mjs",
     "build": "tsc -p tsconfig.json",
     "check": "tsc -p tsconfig.json --noEmit",
-    "test": "npm run build && node --test tests/*.test.mjs",
+    "test": "npm run build && node --import tsx/esm --test tests/*.test.mjs",
     "release:patch": "node scripts/release-and-publish.mjs patch --bump-only",
     "release:minor": "node scripts/release-and-publish.mjs minor --bump-only",
     "release:major": "node scripts/release-and-publish.mjs major --bump-only",
@@ -73,6 +73,7 @@
     "ajv": "^8.17.1",
     "linguist-languages": "^9.3.2",
     "tree-sitter-wasms": "^0.1.13",
+    "tsx": "^4.19.0",
     "typescript": "^5.9.2",
     "web-tree-sitter": "^0.25.10"
   }

package/schemas/audit_findings.schema.json

@@ -57,7 +57,7 @@
             "enum": ["critical", "high", "medium", "low", "info"]
           },
           "confidence": { "type": "string", "enum": ["high", "medium", "low"] },
-          "lens": { "type": "string", "minLength": 1 },
+          "lens": { "type": "string", "enum": ["correctness", "architecture", "maintainability", "security", "reliability", "performance", "data_integrity", "tests", "operability", "config_deployment", "observability"] },
           "summary": { "type": "string" },
           "affected_files": {
             "type": "array",
@@ -78,9 +78,9 @@
           "impact": { "type": "string" },
           "likelihood": { "type": "string" },
           "evidence": { "type": "array", "minItems": 1, "items": { "type": "string" } },
-          "reproduction": { "type": "array", "items": { "type": "string" } },
+          "reproduction": { "type": "array", "minItems": 1, "items": { "type": "string" } },
           "systemic": { "type": "boolean" },
-          "related_findings": { "type": "array", "items": { "type": "string" } },
+          "related_findings": { "type": "array", "minItems": 1, "items": { "type": "string" } },
           "theme_id": { "type": "string" }
         },
         "additionalProperties": false

package/schemas/critical_flows.schema.json

@@ -33,8 +33,9 @@
             "items": { "type": "string" }
           },
           "confidence": {
-            "type": "string",
-            "enum": ["high", "low"]
+            "type": "number",
+            "minimum": 0,
+            "maximum": 1
           }
         },
         "additionalProperties": false

package/schemas/dispatch_quota.schema.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "audit-code-dispatch-quota/v1alpha2",
   "title": "DispatchQuota",
   "description": "Quota schedule for a prepare-dispatch run. Written beside dispatch-plan.json. Hosts must launch at most wave_size packets per wave, then re-read this file before the next wave to pick up any updated limits.",

package/schemas/graph_bundle.schema.json

@@ -115,7 +115,7 @@
           }
         }
       },
-      "additionalProperties": true
+      "additionalProperties": false
     },
     "analyzers_used": {
       "type": "array",

package/schemas/review_packets.schema.json

@@ -29,7 +29,7 @@
     },
     "graphEdge": {
       "type": "object",
-      "required": ["from", "to", "confidence"],
+      "required": ["from", "to"],
       "properties": {
         "from": { "type": "string" },
         "to": { "type": "string" },

package/schemas/step_contract.schema.json

@@ -0,0 +1,80 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "step_contract.schema.json",
+  "title": "Audit Code Step Contract",
+  "description": "The step contract written to steps/current-step.json by audit-code. Describes one bounded step for the host agent to execute.",
+  "type": "object",
+  "required": [
+    "contract_version",
+    "step_kind",
+    "prompt_path",
+    "status",
+    "run_id",
+    "allowed_commands",
+    "stop_condition",
+    "repo_root",
+    "artifacts_dir",
+    "artifact_paths"
+  ],
+  "properties": {
+    "contract_version": { "const": "audit-code-step/v1alpha1" },
+    "step_kind": {
+      "type": "string",
+      "enum": [
+        "dispatch_review",
+        "single_task_fallback",
+        "design_review",
+        "analyzer_install",
+        "edge_reasoning",
+        "edge_reasoning_dispatch",
+        "synthesis_narrative",
+        "present_report",
+        "blocked"
+      ]
+    },
+    "status": {
+      "type": "string",
+      "enum": ["ready", "blocked", "complete"]
+    },
+    "prompt_path": { "type": "string" },
+    "run_id": { "type": ["string", "null"] },
+    "progress": {
+      "type": "object",
+      "required": ["summary"],
+      "properties": {
+        "summary": { "type": "string" },
+        "pending_packets": { "type": "integer" },
+        "pending_tasks": { "type": "integer" },
+        "completed_tasks": { "type": "integer" },
+        "wave_size": { "type": "integer" }
+      },
+      "additionalProperties": false
+    },
+    "allowed_commands": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "allowed_mcp_tools": {
+      "type": "array",
+      "items": { "type": "string" }
+    },
+    "stop_condition": { "type": "string" },
+    "repo_root": { "type": "string" },
+    "artifacts_dir": { "type": "string" },
+    "artifact_paths": {
+      "type": "object",
+      "additionalProperties": { "type": ["string", "null"] }
+    },
+    "access": {
+      "type": "object",
+      "required": ["read_paths", "write_paths"],
+      "properties": {
+        "read_paths": { "type": "array", "items": { "type": "string" } },
+        "write_paths": { "type": "array", "items": { "type": "string" } },
+        "forbidden_patterns": { "type": "array", "items": { "type": "string" } }
+      },
+      "additionalProperties": false
+    }
+  },
+  "additionalProperties": false
+}

package/scripts/postinstall.mjs

@@ -284,7 +284,6 @@ function mergeOpenCodeGlobalConfig(existing) {
   const parsed = existing ? JSON.parse(existing) : {};
   const auditPermission = renderOpenCodePermissionConfig();
   const existingAuditor = objectValue(objectValue(parsed.agent).auditor);
-  const nodeExecPath = replaceBackslashes(process.execPath);
   const pkgEntrypoint = replaceBackslashes(join(pkgRoot, 'audit-code.mjs'));
   return {
     ...parsed,
@@ -303,7 +302,7 @@ function mergeOpenCodeGlobalConfig(existing) {
       ...objectValue(parsed.mcp),
       auditor: {
         type: 'local',
-        command: [nodeExecPath, pkgEntrypoint, 'mcp'],
+        command: ['node', pkgEntrypoint, 'mcp'],
         enabled: true,
         timeout: 10000,
       },
@@ -380,6 +379,10 @@ if (!promptSource || !skillSource) {
 
 const codexOpenAiAgentSource = readOptionalSource(codexOpenAiAgentSourceFile, 'Codex skill UI metadata');
 
+const postinstallStart = Date.now();
+let succeeded = 0;
+let failed = 0;
+
 const installs = [
   {
     label: 'Claude command',
@@ -415,12 +418,14 @@ for (const install of installs) {
   try {
     const action = writeGeneratedFile(install.path, install.content);
     console.log(`audit-code: ${action} global ${install.label} at ${install.path}`);
+    succeeded++;
   } catch (err) {
     console.warn(`audit-code: could not install global ${install.label} (${err.message})`);
     console.warn(`  To install manually, copy from:`);
     console.warn(`    ${install.sourcePath}`);
     console.warn(`  to:`);
     console.warn(`    ${install.path}`);
+    failed++;
   }
 }
 
@@ -429,8 +434,10 @@ const globalMcpLauncherPath = join(homedir(), '.audit-code', 'run-mcp-server.mjs
 try {
   const action = writeGeneratedFile(globalMcpLauncherPath, Buffer.from(renderGlobalMcpLauncher(pkgRoot)));
   console.log(`audit-code: ${action} global MCP launcher at ${globalMcpLauncherPath}`);
+  succeeded++;
 } catch (err) {
   console.warn(`audit-code: could not install global MCP launcher (${err.message})`);
+  failed++;
 }
 
 // Install OpenCode global command and MCP via merged config
@@ -440,10 +447,12 @@ try {
     mergeOpenCodeGlobalConfig(existing),
   );
   console.log(`audit-code: ${action} global OpenCode config in ${opencodeGlobalConfig}`);
+  succeeded++;
 } catch (err) {
   console.warn(`audit-code: could not install global OpenCode config (${err.message})`);
   console.warn(`  To install manually, add the mcp.auditor and command["audit-code"] entries to:`);
   console.warn(`    ${opencodeGlobalConfig}`);
+  failed++;
 }
 
 // Install Antigravity plugin (global skill for Gemini IDE / Antigravity Hub)
@@ -460,8 +469,10 @@ try {
 
   const skillAction = writeGeneratedFile(antigravityPluginSkillPath, skillSource);
   console.log(`audit-code: ${skillAction} Antigravity plugin skill at ${antigravityPluginSkillPath}`);
+  succeeded++;
 } catch (err) {
   console.warn(`audit-code: could not install Antigravity plugin (${err.message})`);
+  failed++;
 }
 
 // Install Claude Desktop plugin so /audit-code appears in the slash-command menu
@@ -497,9 +508,11 @@ try {
   console.log(`audit-code: ${skillAction} Claude Desktop plugin skill at ${claudePluginSkillPath}`);
 
   console.log(`audit-code: restart Claude Desktop for /audit-code to appear in the slash-command menu`);
+  succeeded++;
 } catch (err) {
   console.warn(`audit-code: could not install Claude Desktop plugin (${err.message})`);
   console.warn(`  Plugin directory: ${claudePluginDir}`);
+  failed++;
 }
 
 // Register auditor MCP server with Claude Desktop so /audit-code appears in its slash-command menu
@@ -511,9 +524,13 @@ try {
   console.log(`audit-code: ${action} Claude Desktop MCP server entry in ${claudeDesktopConfig}`);
   console.log(`audit-code: restart Claude Desktop for /audit-code to appear`);
   console.log(`audit-code: to target a specific repo, set AUDIT_CODE_REPO_ROOT in Claude Desktop's MCP env settings`);
+  succeeded++;
 } catch (err) {
   console.warn(`audit-code: could not update Claude Desktop config (${err.message})`);
   console.warn(`  To register manually, add "mcpServers.auditor" to:`);
   console.warn(`    ${claudeDesktopConfig}`);
   console.warn(`  with command "node" and args ["${replaceBackslashes(globalMcpLauncherPath)}"]`);
+  failed++;
 }
+
+console.log(`audit-code: postinstall complete — ${succeeded} succeeded, ${failed} failed (${Date.now() - postinstallStart}ms)`);

package/skills/audit-code/opencode-command-template.txt

@@ -3,11 +3,11 @@
 Use `audit-code next-step` as the primary interface to the audit workflow.
 
 1. Run `audit-code next-step` directly when shell access is available.
-2. If MCP is your only available interface, call `auditor_start_audit` or `auditor_continue_audit`; both return the same one-step contract.
+2. If MCP is your only available interface, call `start_audit` or `continue_audit`; both return the same one-step contract.
 3. Read `prompt_content` in the response and follow it.
-4. When a step completes (not blocked), run `audit-code next-step` again or call `auditor_continue_audit` as the compatibility adapter.
+4. When a step completes (not blocked), run `audit-code next-step` again or call `continue_audit` as the compatibility adapter.
 5. Stop when the step instructions say to stop.
 
 Use the `task` tool or equivalent for subagent dispatch when the step tells you to fan out review work.
 
-If neither shell access nor `auditor_start_audit` is available, stop and report that no next-step interface is connected.
+If neither shell access nor `start_audit` is available, stop and report that no next-step interface is connected.