auditor-lambda 0.8.0 → 0.9.0

package/dist/orchestrator/selectiveDeepening/lensVerification.js

@@ -0,0 +1,242 @@
+import { isHighRiskCleanResult } from "./highRiskClean.js";
+import { DEEPENING_TAG, IMPORTANT_LENS_VERIFICATION_LENSES, LENS_VERIFICATION_TAG, MAX_LENS_VERIFICATION_FILES, MAX_LENS_VERIFICATION_RESULT_SUMMARIES, SEVERITY_RANK, formatList, getExternalAnalyzerPaths, isDeepeningTask, isLensVerificationTask, lineCountForPath, lineCountFromSources, priorityLabel, priorityRank, taskIdFor, uniqueSorted, } from "./shared.js";
+function sourceTaskIds(sources) {
+    return uniqueSorted(sources.map((source) => source.result.task_id));
+}
+function resultFiles(source) {
+    return uniqueSorted(source.task?.file_paths && source.task.file_paths.length > 0
+        ? source.task.file_paths
+        : source.result.file_coverage.map((coverage) => coverage.path));
+}
+function lensVerificationTriggers(params) {
+    const filePaths = uniqueSorted(params.sources.flatMap(resultFiles));
+    const findingPaths = new Set(params.sources.flatMap((source) => source.result.findings.flatMap((finding) => finding.affected_files.map((file) => file.path))));
+    const externalPathsInScope = filePaths.filter((path) => params.externalAnalyzerPaths.has(path));
+    const unresolvedExternalPaths = externalPathsInScope.filter((path) => !findingPaths.has(path));
+    const cleanResults = params.sources.filter((source) => source.result.findings.length === 0 &&
+        source.result.requires_followup !== false);
+    const highRiskCleanResults = params.sources.filter((source) => isHighRiskCleanResult(source.result, source.task));
+    const totalLines = filePaths.reduce((sum, path) => {
+        const owner = params.sources.find((source) => resultFiles(source).includes(path));
+        return (sum +
+            (owner
+                ? lineCountForPath(path, owner.task, owner.result)
+                : 0));
+    }, 0);
+    const triggers = [];
+    if (params.sources.some((source) => source.task?.priority === "high")) {
+        triggers.push("high_priority_lens");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "critical_flow" || tag.startsWith("critical_flow:")))) {
+        triggers.push("critical_flow");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "external_analyzer_signal" ||
+        tag.startsWith("external_tool:"))) ||
+        externalPathsInScope.length > 0) {
+        triggers.push("external_analyzer_signal");
+    }
+    if (unresolvedExternalPaths.length > 0) {
+        triggers.push("unresolved_external_signal");
+    }
+    if (params.sources.length >= 3 ||
+        filePaths.length >= 4 ||
+        totalLines >= 2000) {
+        triggers.push("large_lens_surface");
+    }
+    if (cleanResults.length >= 2 && cleanResults.length >= params.sources.length / 2) {
+        triggers.push("many_no_finding_results");
+    }
+    if (highRiskCleanResults.length > 0) {
+        triggers.push("high_risk_clean_result");
+    }
+    if (params.sources.some((source) => source.task?.tags?.some((tag) => tag === "large_file"))) {
+        triggers.push("large_file_reviewed");
+    }
+    return uniqueSorted(triggers);
+}
+function hasPendingBaseTaskForLens(lens, tasks, completedResultIds) {
+    return tasks.some((task) => task.lens === lens &&
+        !isDeepeningTask(task) &&
+        !completedResultIds.has(task.task_id) &&
+        task.status !== "complete");
+}
+function shouldBuildLensVerificationTask(params) {
+    if (!IMPORTANT_LENS_VERIFICATION_LENSES.has(params.lens)) {
+        return false;
+    }
+    if (params.sources.length === 0 || params.triggers.length === 0) {
+        return false;
+    }
+    const explicitlyClosedCleanScope = params.sources.every((source) => source.result.findings.length === 0 &&
+        source.result.requires_followup === false);
+    if (explicitlyClosedCleanScope &&
+        !params.triggers.some((trigger) => ["external_analyzer_signal", "unresolved_external_signal"].includes(trigger))) {
+        return false;
+    }
+    if (hasPendingBaseTaskForLens(params.lens, params.existingTasks, params.completedResultIds)) {
+        return false;
+    }
+    const enoughSurface = params.sources.length >= 2 ||
+        params.triggers.some((trigger) => [
+            "critical_flow",
+            "external_analyzer_signal",
+            "unresolved_external_signal",
+            "large_lens_surface",
+        ].includes(trigger));
+    if (!enoughSurface) {
+        return false;
+    }
+    const sourceSignature = sourceTaskIds(params.sources);
+    const candidateId = taskIdFor("steward", [params.lens, ...sourceSignature]);
+    return !params.existingTasks.some((task) => task.task_id === candidateId);
+}
+function selectLensVerificationFiles(sources, externalAnalyzerPaths) {
+    const scores = new Map();
+    function add(path, score, lines) {
+        const current = scores.get(path) ?? { score: 0, lines };
+        current.score += score;
+        current.lines = Math.max(current.lines, lines);
+        scores.set(path, current);
+    }
+    for (const source of sources) {
+        const priorityScore = priorityRank(source.task?.priority);
+        const highRiskClean = isHighRiskCleanResult(source.result, source.task);
+        for (const path of resultFiles(source)) {
+            add(path, priorityScore, lineCountForPath(path, source.task, source.result));
+            if (source.task?.tags?.includes("critical_flow"))
+                add(path, 6, 0);
+            if (source.task?.tags?.includes("external_analyzer_signal"))
+                add(path, 6, 0);
+            if (source.task?.tags?.includes("large_file"))
+                add(path, 4, 0);
+            if (highRiskClean)
+                add(path, 5, 0);
+        }
+        for (const finding of source.result.findings) {
+            for (const file of finding.affected_files) {
+                add(file.path, SEVERITY_RANK[finding.severity], 0);
+            }
+        }
+    }
+    for (const path of externalAnalyzerPaths) {
+        if (scores.has(path)) {
+            add(path, 8, 0);
+        }
+    }
+    const ranked = [...scores.entries()].sort((a, b) => {
+        const scoreDelta = b[1].score - a[1].score;
+        if (scoreDelta !== 0)
+            return scoreDelta;
+        const lineDelta = b[1].lines - a[1].lines;
+        if (lineDelta !== 0)
+            return lineDelta;
+        return a[0].localeCompare(b[0]);
+    });
+    if (ranked.length > MAX_LENS_VERIFICATION_FILES) {
+        // No RunLogger in scope here: emit the established structured-stderr signal
+        // so the silent task-budget truncation leaves a trace.
+        process.stderr.write(`[audit-code] selectiveDeepening: truncated verification-file list to ` +
+            `${MAX_LENS_VERIFICATION_FILES} of ${ranked.length}\n`);
+    }
+    return ranked.slice(0, MAX_LENS_VERIFICATION_FILES).map(([path]) => path);
+}
+function summarizeLensVerificationSource(source) {
+    const findings = source.result.findings.length === 0
+        ? "findings=none"
+        : `findings=${source.result.findings
+            .slice(0, 3)
+            .map((finding) => `${finding.id} ${finding.severity}/${finding.confidence} ${finding.category}: ${finding.title}`)
+            .join("; ")}${source.result.findings.length > 3 ? "; ..." : ""}`;
+    const tags = source.task?.tags?.length
+        ? ` tags=${source.task.tags.join(",")}`
+        : "";
+    return (`- ${source.result.task_id} priority=${priorityLabel(source.task?.priority)}` +
+        `${tags} files=${formatList(resultFiles(source), 4)} ${findings}` +
+        (source.result.requires_followup === true ? " requires_followup=true" : ""));
+}
+function buildLensVerificationTask(params) {
+    const sourceIds = sourceTaskIds(params.sources);
+    const selectedPaths = selectLensVerificationFiles(params.sources, params.externalAnalyzerPaths);
+    const allPaths = uniqueSorted(params.sources.flatMap(resultFiles));
+    const omittedPathCount = Math.max(0, allPaths.length - selectedPaths.length);
+    const externalPathsInScope = allPaths.filter((path) => params.externalAnalyzerPaths.has(path));
+    if (params.sources.length > MAX_LENS_VERIFICATION_RESULT_SUMMARIES) {
+        process.stderr.write(`[audit-code] selectiveDeepening: truncated result-summary list to ` +
+            `${MAX_LENS_VERIFICATION_RESULT_SUMMARIES} of ${params.sources.length}\n`);
+    }
+    const summaries = params.sources
+        .sort((a, b) => a.result.task_id.localeCompare(b.result.task_id))
+        .slice(0, MAX_LENS_VERIFICATION_RESULT_SUMMARIES)
+        .map(summarizeLensVerificationSource);
+    return {
+        task_id: taskIdFor("steward", [params.lens, ...sourceIds]),
+        unit_id: `lens-steward:${params.lens}`,
+        pass_id: `lens-steward:${params.lens}`,
+        lens: params.lens,
+        file_paths: selectedPaths,
+        file_line_counts: Object.fromEntries(selectedPaths.map((path) => [
+            path,
+            lineCountFromSources(path, params.sources.map((source) => source.task).filter((task) => task !== undefined), params.sources.map((source) => source.result), params.lineIndex),
+        ])),
+        inputs: {
+            source_task_ids: sourceIds.join(","),
+            trigger_summary: params.triggers.join(","),
+        },
+        rationale: `Lens steward verification for ${params.lens} after ${params.sources.length} completed base result(s) across ${allPaths.length} file(s). ` +
+            `Triggers: ${params.triggers.join(", ")}. ` +
+            "Review whether high-risk packets are suspiciously clean, severity/confidence levels are consistent, external analyzer signals were resolved rather than hand-waved, cross-packet issues are visible, no-finding conclusions are believable, and related-file findings contradict each other. " +
+            "Do not write direct findings from this verification task; return findings: [] plus verification metadata with bounded follow-up AuditTask suggestions when needed.\n" +
+            `Selected verification files: ${formatList(selectedPaths, 8)}${omittedPathCount > 0 ? `; omitted ${omittedPathCount} lower-priority file(s) from direct source checks` : ""}.\n` +
+            (externalPathsInScope.length > 0
+                ? `External analyzer paths in scope: ${formatList(externalPathsInScope, 8)}.\n`
+                : "") +
+            "Source result summary:\n" +
+            summaries.join("\n") +
+            (params.sources.length > MAX_LENS_VERIFICATION_RESULT_SUMMARIES
+                ? `\n- ... (+${params.sources.length - MAX_LENS_VERIFICATION_RESULT_SUMMARIES} more result summaries omitted)`
+                : ""),
+        priority: "high",
+        tags: [
+            DEEPENING_TAG,
+            LENS_VERIFICATION_TAG,
+            `lens:${params.lens}`,
+            ...params.triggers.map((trigger) => `trigger:${trigger}`),
+        ],
+        status: "pending",
+    };
+}
+export function buildLensVerificationTasks(params) {
+    const taskById = new Map(params.existingTasks.map((task) => [task.task_id, task]));
+    const completedResultIds = new Set(params.results.map((result) => result.task_id));
+    const externalAnalyzerPaths = getExternalAnalyzerPaths(params.externalAnalyzerResults);
+    const tasks = [];
+    for (const lens of [...IMPORTANT_LENS_VERIFICATION_LENSES].sort((a, b) => a.localeCompare(b))) {
+        const sources = params.results
+            .map((result) => ({ result, task: taskById.get(result.task_id) }))
+            .filter((source) => source.result.lens === lens &&
+            !isDeepeningTask(source.task) &&
+            !isLensVerificationTask(source.task));
+        const triggers = lensVerificationTriggers({
+            lens,
+            sources,
+            externalAnalyzerPaths,
+        });
+        if (!shouldBuildLensVerificationTask({
+            lens,
+            sources,
+            triggers,
+            existingTasks: params.existingTasks,
+            completedResultIds,
+        })) {
+            continue;
+        }
+        tasks.push(buildLensVerificationTask({
+            lens,
+            sources,
+            triggers,
+            externalAnalyzerPaths,
+            lineIndex: params.lineIndex,
+        }));
+    }
+    return tasks;
+}

package/dist/orchestrator/selectiveDeepening/runtimeValidation.d.ts

@@ -0,0 +1,13 @@
+import type { AuditResult, AuditTask, Lens } from "../../types.js";
+import type { RuntimeValidationStatus, RuntimeValidationTask } from "../../types/runtimeValidation.js";
+import { type FindingContext } from "./shared.js";
+export declare function runtimeResultNeedsFollowup(status: RuntimeValidationStatus): boolean;
+export declare function pickRuntimeFollowupLens(relatedTasks: AuditTask[]): Lens;
+export declare function runtimeValidationHasStrongStaticFinding(runtimeTask: RuntimeValidationTask, contexts: FindingContext[]): boolean;
+export declare function buildRuntimeValidationFollowupTask(params: {
+    runtimeTask: RuntimeValidationTask;
+    runtimeResultStatus: RuntimeValidationStatus;
+    relatedTasks: AuditTask[];
+    results: AuditResult[];
+    lineIndex?: Record<string, number>;
+}): AuditTask;

package/dist/orchestrator/selectiveDeepening/runtimeValidation.js

@@ -0,0 +1,57 @@
+import { DEEPENING_TAG, SEVERITY_RANK, intersects, lineCountFromSources, sanitizeSegment, taskIdFor, uniqueSorted, } from "./shared.js";
+export function runtimeResultNeedsFollowup(status) {
+    return status === "not_confirmed" || status === "inconclusive";
+}
+export function pickRuntimeFollowupLens(relatedTasks) {
+    const preference = [
+        "security",
+        "data_integrity",
+        "reliability",
+        "correctness",
+        "tests",
+        "operability",
+        "config_deployment",
+        "performance",
+        "architecture",
+        "maintainability",
+    ];
+    for (const lens of preference) {
+        if (relatedTasks.some((task) => task.lens === lens)) {
+            return lens;
+        }
+    }
+    return "correctness";
+}
+export function runtimeValidationHasStrongStaticFinding(runtimeTask, contexts) {
+    return contexts.some((context) => intersects(context.paths, runtimeTask.target_paths) &&
+        SEVERITY_RANK[context.finding.severity] >= SEVERITY_RANK.high);
+}
+export function buildRuntimeValidationFollowupTask(params) {
+    const paths = uniqueSorted(params.runtimeTask.target_paths);
+    const lens = pickRuntimeFollowupLens(params.relatedTasks);
+    const firstRelated = params.relatedTasks[0];
+    return {
+        task_id: taskIdFor("runtime", [params.runtimeTask.id]),
+        unit_id: firstRelated?.unit_id ?? `runtime:${sanitizeSegment(params.runtimeTask.id)}`,
+        pass_id: `deepening:runtime:${sanitizeSegment(params.runtimeTask.id)}`,
+        lens,
+        file_paths: paths,
+        file_line_counts: Object.fromEntries(paths.map((path) => [
+            path,
+            lineCountFromSources(path, params.relatedTasks, params.results, params.lineIndex),
+        ])),
+        rationale: `Reconcile runtime validation ${params.runtimeTask.id} (${params.runtimeResultStatus}) with semantic audit output. ` +
+            "Verify the failing or inconclusive runtime evidence, map it to source behavior, and decide whether a finding should be added or escalated.",
+        priority: params.runtimeTask.priority === "high" ||
+            params.runtimeResultStatus === "not_confirmed"
+            ? "high"
+            : "medium",
+        tags: [
+            DEEPENING_TAG,
+            "trigger:runtime_validation_disagreement",
+            `runtime_task:${sanitizeSegment(params.runtimeTask.id)}`,
+            `runtime_status:${params.runtimeResultStatus}`,
+        ],
+        status: "pending",
+    };
+}

package/dist/orchestrator/selectiveDeepening/shared.d.ts

@@ -0,0 +1,45 @@
+import type { AuditResult, AuditTask, Finding, Lens } from "../../types.js";
+import type { ExternalAnalyzerResults } from "../../types/externalAnalyzer.js";
+export declare const DEFAULT_MAX_DEEPENING_TASKS = 6;
+export declare const DEFAULT_MAX_TOTAL_DEEPENING_TASKS = 24;
+export declare const DEEPENING_TAG = "selective_deepening";
+export declare const LENS_VERIFICATION_TAG = "lens_verification";
+export declare const LENS_VERIFICATION_FOLLOWUP_TAG = "lens_verification_followup";
+export declare const MAX_LENS_VERIFICATION_FILES = 12;
+export declare const MAX_LENS_VERIFICATION_RESULT_SUMMARIES = 12;
+export declare const MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT = 4;
+export declare const IMPORTANT_LENS_VERIFICATION_LENSES: Set<Lens>;
+export declare const SEVERITY_RANK: Record<Finding["severity"], number>;
+export declare const CONFIDENCE_RANK: Record<Finding["confidence"], number>;
+export declare function priorityRank(priority: AuditTask["priority"]): number;
+export interface BuildSelectiveDeepeningTaskOptions {
+    existingTasks?: AuditTask[];
+    results: AuditResult[];
+    lineIndex?: Record<string, number>;
+    runtimeValidationTasks?: import("../../types/runtimeValidation.js").RuntimeValidationTaskManifest;
+    runtimeValidationReport?: import("../../types/runtimeValidation.js").RuntimeValidationReport;
+    externalAnalyzerResults?: ExternalAnalyzerResults;
+    maxTasks?: number;
+    maxTotalDeepeningTasks?: number;
+}
+export interface FindingContext {
+    result: AuditResult;
+    task?: AuditTask;
+    finding: Finding;
+    paths: string[];
+}
+export declare function isDeepeningTask(task: AuditTask | undefined): boolean;
+export declare function isLensVerificationTask(task: AuditTask | undefined): boolean;
+export declare function sanitizeSegment(value: string): string;
+export declare function shortHash(value: string): string;
+export declare function lineCountForPath(path: string, task: AuditTask | undefined, result: AuditResult, lineIndex?: Record<string, number>): number;
+export declare function uniqueSorted(values: Iterable<string>): string[];
+export declare function intersects(left: string[], right: string[]): boolean;
+export declare function pathsForFinding(finding: Finding, result: AuditResult, task: AuditTask | undefined): string[];
+export declare function taskIdFor(prefix: string, values: string[]): string;
+export declare function lineCountFromSources(path: string, tasks: AuditTask[], results: AuditResult[], lineIndex?: Record<string, number>): number;
+export declare function formatList(values: string[], maxItems: number): string;
+export declare function priorityLabel(priority: AuditTask["priority"]): NonNullable<AuditTask["priority"]>;
+export declare function getExternalAnalyzerPaths(externalAnalyzerResults?: ExternalAnalyzerResults): Set<string>;
+export declare function isRecord(value: unknown): value is Record<string, unknown>;
+export declare function normalizedSuggestedPriority(value: unknown, fallback?: NonNullable<AuditTask["priority"]>): NonNullable<AuditTask["priority"]>;

package/dist/orchestrator/selectiveDeepening/shared.js

@@ -0,0 +1,128 @@
+import { createHash } from "node:crypto";
+// Shared primitives for the selective-deepening strategies. Each strategy
+// module under this directory builds one kind of follow-up task; they all draw
+// the ranks, id/hash helpers, path utilities, and tag/limit constants from
+// here. The public entry (`buildSelectiveDeepeningTasks`) lives in `index.ts`.
+export const DEFAULT_MAX_DEEPENING_TASKS = 6;
+export const DEFAULT_MAX_TOTAL_DEEPENING_TASKS = 24;
+export const DEEPENING_TAG = "selective_deepening";
+export const LENS_VERIFICATION_TAG = "lens_verification";
+export const LENS_VERIFICATION_FOLLOWUP_TAG = "lens_verification_followup";
+export const MAX_LENS_VERIFICATION_FILES = 12;
+export const MAX_LENS_VERIFICATION_RESULT_SUMMARIES = 12;
+export const MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT = 4;
+export const IMPORTANT_LENS_VERIFICATION_LENSES = new Set([
+    "security",
+    "data_integrity",
+    "reliability",
+]);
+export const SEVERITY_RANK = {
+    critical: 5,
+    high: 4,
+    medium: 3,
+    low: 2,
+    info: 1,
+};
+export const CONFIDENCE_RANK = {
+    high: 3,
+    medium: 2,
+    low: 1,
+};
+export function priorityRank(priority) {
+    switch (priority) {
+        case "high":
+            return 3;
+        case "medium":
+            return 2;
+        case "low":
+        default:
+            return 1;
+    }
+}
+export function isDeepeningTask(task) {
+    return task?.tags?.includes(DEEPENING_TAG) ?? false;
+}
+export function isLensVerificationTask(task) {
+    return task?.tags?.includes(LENS_VERIFICATION_TAG) ?? false;
+}
+export function sanitizeSegment(value) {
+    const sanitized = value
+        .replace(/[^a-zA-Z0-9_-]+/g, "-")
+        .replace(/^-+|-+$/g, "");
+    return sanitized.length > 0 ? sanitized : "followup";
+}
+export function shortHash(value) {
+    return createHash("sha1").update(value).digest("hex").slice(0, 10);
+}
+function resultLineIndex(result) {
+    return Object.fromEntries(result.file_coverage.map((coverage) => [
+        coverage.path,
+        coverage.total_lines,
+    ]));
+}
+export function lineCountForPath(path, task, result, lineIndex) {
+    return (task?.file_line_counts?.[path] ??
+        resultLineIndex(result)[path] ??
+        lineIndex?.[path] ??
+        0);
+}
+export function uniqueSorted(values) {
+    return [...new Set(values)].sort((a, b) => a.localeCompare(b));
+}
+export function intersects(left, right) {
+    const rightSet = new Set(right);
+    return left.some((value) => rightSet.has(value));
+}
+export function pathsForFinding(finding, result, task) {
+    const assignedPaths = new Set([
+        ...(task?.file_paths ?? []),
+        ...result.file_coverage.map((coverage) => coverage.path),
+    ]);
+    const affected = finding.affected_files
+        .map((file) => file.path)
+        .filter((path) => assignedPaths.size === 0 || assignedPaths.has(path));
+    return uniqueSorted(affected.length > 0
+        ? affected
+        : result.file_coverage.map((coverage) => coverage.path));
+}
+export function taskIdFor(prefix, values) {
+    return `deepening:${prefix}:${shortHash(values.join("\0"))}`;
+}
+export function lineCountFromSources(path, tasks, results, lineIndex) {
+    for (const task of tasks) {
+        const count = task.file_line_counts?.[path];
+        if (count !== undefined) {
+            return count;
+        }
+    }
+    for (const result of results) {
+        const coverage = result.file_coverage.find((item) => item.path === path);
+        if (coverage) {
+            return coverage.total_lines;
+        }
+    }
+    return lineIndex?.[path] ?? 0;
+}
+export function formatList(values, maxItems) {
+    const visible = values.slice(0, maxItems);
+    const suffix = values.length > maxItems ? `, ... (+${values.length - maxItems} more)` : "";
+    return `${visible.join(", ")}${suffix}`;
+}
+export function priorityLabel(priority) {
+    return priority ?? "low";
+}
+export function getExternalAnalyzerPaths(externalAnalyzerResults) {
+    return new Set((externalAnalyzerResults?.results ?? [])
+        .map((result) => result && typeof result.path === "string" && result.path.length > 0
+        ? result.path
+        : null)
+        .filter((path) => path !== null));
+}
+export function isRecord(value) {
+    return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+export function normalizedSuggestedPriority(value, fallback = "medium") {
+    return value === "high" || value === "medium" || value === "low"
+        ? value
+        : fallback;
+}

package/dist/orchestrator/selectiveDeepening/stewardFollowup.d.ts

@@ -0,0 +1,6 @@
+import type { AuditResult, AuditTask } from "../../types.js";
+export declare function buildVerificationFollowupTasks(params: {
+    result: AuditResult;
+    task?: AuditTask;
+    lineIndex?: Record<string, number>;
+}): AuditTask[];

package/dist/orchestrator/selectiveDeepening/stewardFollowup.js

@@ -0,0 +1,72 @@
+import { DEEPENING_TAG, LENS_VERIFICATION_FOLLOWUP_TAG, MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT, isLensVerificationTask, isRecord, normalizedSuggestedPriority, sanitizeSegment, taskIdFor, uniqueSorted, } from "./shared.js";
+export function buildVerificationFollowupTasks(params) {
+    if (!params.result.verification?.needs_followup ||
+        !Array.isArray(params.result.verification.followup_tasks) ||
+        !isLensVerificationTask(params.task)) {
+        return [];
+    }
+    const coverageByPath = new Map(params.result.file_coverage.map((coverage) => [
+        coverage.path,
+        coverage.total_lines,
+    ]));
+    const concerns = [
+        ...(params.result.verification.concerns ?? []),
+        ...(params.result.verification.coverage_concerns ?? []),
+        ...(params.result.verification.confidence_concerns ?? []),
+    ];
+    const tasks = [];
+    for (let index = 0; index < params.result.verification.followup_tasks.length; index++) {
+        if (tasks.length >= MAX_VERIFICATION_FOLLOWUP_TASKS_PER_RESULT) {
+            break;
+        }
+        const suggestion = params.result.verification.followup_tasks[index];
+        if (!isRecord(suggestion)) {
+            continue;
+        }
+        if (suggestion.lens !== params.result.lens) {
+            continue;
+        }
+        const suggestedPaths = Array.isArray(suggestion.file_paths)
+            ? suggestion.file_paths.filter((path) => typeof path === "string" && coverageByPath.has(path))
+            : [];
+        const paths = uniqueSorted(suggestedPaths);
+        if (paths.length === 0) {
+            continue;
+        }
+        const suggestedRationale = typeof suggestion.rationale === "string" && suggestion.rationale.trim().length > 0
+            ? suggestion.rationale.trim()
+            : concerns[0] ?? "Lens steward requested bounded follow-up.";
+        const suggestedId = typeof suggestion.task_id === "string" && suggestion.task_id.trim().length > 0
+            ? suggestion.task_id
+            : `suggestion-${index + 1}`;
+        tasks.push({
+            task_id: taskIdFor("steward-followup", [
+                params.result.task_id,
+                String(index),
+                suggestedId,
+                ...paths,
+                suggestedRationale,
+            ]),
+            unit_id: typeof suggestion.unit_id === "string" && suggestion.unit_id.trim().length > 0
+                ? suggestion.unit_id
+                : params.result.unit_id,
+            pass_id: `deepening:${params.result.pass_id}`,
+            lens: params.result.lens,
+            file_paths: paths,
+            file_line_counts: Object.fromEntries(paths.map((path) => [
+                path,
+                coverageByPath.get(path) ?? params.lineIndex?.[path] ?? 0,
+            ])),
+            rationale: `Lens steward follow-up from ${params.result.task_id}. ${suggestedRationale}`,
+            priority: normalizedSuggestedPriority(suggestion.priority, "medium"),
+            tags: [
+                DEEPENING_TAG,
+                LENS_VERIFICATION_FOLLOWUP_TAG,
+                "trigger:lens_verification",
+                `source_task:${sanitizeSegment(params.result.task_id)}`,
+            ],
+            status: "pending",
+        });
+    }
+    return tasks;
+}

package/dist/orchestrator/selectiveDeepening.d.ts

@@ -1,20 +1,2 @@
-import type { AuditResult, AuditTask } from "../types.js";
-import type { ExternalAnalyzerResults } from "../types/externalAnalyzer.js";
-import type { RuntimeValidationReport, RuntimeValidationTaskManifest } from "../types/runtimeValidation.js";
-export interface BuildSelectiveDeepeningTaskOptions {
-    existingTasks?: AuditTask[];
-    results: AuditResult[];
-    lineIndex?: Record<string, number>;
-    runtimeValidationTasks?: RuntimeValidationTaskManifest;
-    runtimeValidationReport?: RuntimeValidationReport;
-    externalAnalyzerResults?: ExternalAnalyzerResults;
-    maxTasks?: number;
-    maxTotalDeepeningTasks?: number;
-}
-export declare function buildSelectiveDeepeningTasks(options: BuildSelectiveDeepeningTaskOptions): AuditTask[];
-export declare const selectiveDeepeningTestUtils: {
-    DEEPENING_TAG: string;
-    LENS_VERIFICATION_TAG: string;
-    LENS_VERIFICATION_FOLLOWUP_TAG: string;
-    DEFAULT_MAX_TOTAL_DEEPENING_TASKS: number;
-};
+export { buildSelectiveDeepeningTasks, selectiveDeepeningTestUtils, } from "./selectiveDeepening/index.js";
+export type { BuildSelectiveDeepeningTaskOptions } from "./selectiveDeepening/index.js";