sentinelayer-cli 0.8.11 → 0.9.0

package/src/audit/registry.js

@@ -1,6 +1,28 @@
 import fsp from "node:fs/promises";
 import path from "node:path";
 
+export const DEFAULT_AUDIT_AGENT_TOOLS = Object.freeze([
+  "FileRead",
+  "Grep",
+  "Glob",
+  "Shell",
+  "FileEdit",
+]);
+
+const TOOL_NAME_ALIASES = Object.freeze({
+  read: "FileRead",
+  file_read: "FileRead",
+  "file-read": "FileRead",
+  fileread: "FileRead",
+  grep: "Grep",
+  glob: "Glob",
+  shell: "Shell",
+  file_edit: "FileEdit",
+  "file-edit": "FileEdit",
+  fileedit: "FileEdit",
+  dispatch: "Dispatch",
+});
+
 const BUILTIN_AUDIT_AGENTS = Object.freeze([
   {
     id: "security",
@@ -173,16 +195,40 @@ function normalizeString(value) {
   return String(value || "").trim();
 }
 
+function normalizeToolName(value) {
+  const raw = normalizeString(value);
+  if (!raw) {
+    return "";
+  }
+  const alias = TOOL_NAME_ALIASES[raw.toLowerCase()];
+  if (alias) {
+    return alias;
+  }
+  return raw;
+}
+
+export function normalizeAuditAgentTools(tools = [], { useDefaultWhenEmpty = false } = {}) {
+  const normalized = Array.isArray(tools)
+    ? tools.map((item) => normalizeToolName(item)).filter(Boolean)
+    : [];
+  const unique = [...new Set(normalized)];
+  if (unique.length > 0) {
+    return unique;
+  }
+  return useDefaultWhenEmpty ? [...DEFAULT_AUDIT_AGENT_TOOLS] : [];
+}
+
 function normalizeAgentId(value) {
   return normalizeString(value).toLowerCase();
 }
 
 function normalizeAgentRecord(record = {}) {
+  const hasToolOverride = Object.prototype.hasOwnProperty.call(record, "tools");
   return {
     id: normalizeAgentId(record.id),
     persona: normalizeString(record.persona),
     domain: normalizeString(record.domain),
-    tools: Array.isArray(record.tools) ? record.tools.map((item) => normalizeString(item)).filter(Boolean) : [],
+    tools: normalizeAuditAgentTools(record.tools, { useDefaultWhenEmpty: !hasToolOverride }),
     permissionMode: normalizeString(record.permissionMode || "plan") || "plan",
     maxTurns: Math.max(1, Math.floor(Number(record.maxTurns || 1))),
     confidenceFloor: Math.max(0, Math.min(1, Number(record.confidenceFloor || 0))),
@@ -206,6 +252,11 @@ function mergeRegistry(builtinAgents = [], overrideAgents = []) {
       continue;
     }
     const existing = byId.get(normalized.id) || {};
+    if (!Object.prototype.hasOwnProperty.call(override, "tools")) {
+      normalized.tools = Array.isArray(existing.tools) && existing.tools.length > 0
+        ? [...existing.tools]
+        : [...DEFAULT_AUDIT_AGENT_TOOLS];
+    }
     byId.set(normalized.id, {
       ...existing,
       ...normalized,
@@ -223,7 +274,12 @@ function parseAgentFilter(rawValue) {
 }
 
 export function listBuiltinAuditAgents() {
-  return BUILTIN_AUDIT_AGENTS.map((agent) => ({ ...agent }));
+  return BUILTIN_AUDIT_AGENTS.map((agent) =>
+    normalizeAgentRecord({
+      ...agent,
+      tools: DEFAULT_AUDIT_AGENT_TOOLS,
+    })
+  );
 }
 
 export async function loadAuditRegistry({ registryFile = "" } = {}) {

package/src/commands/audit.js

@@ -26,6 +26,14 @@ function parseMaxParallel(rawValue) {
   return Math.floor(normalized);
 }
 
+function parseIsolationMode(rawValue) {
+  const normalized = String(rawValue || "strict").trim().toLowerCase();
+  if (normalized === "strict" || normalized === "relaxed") {
+    return normalized;
+  }
+  throw new Error("isolation must be one of: strict, relaxed.");
+}
+
 function printAuditSummary(result) {
   console.log(pc.bold("Audit orchestrator complete"));
   console.log(pc.gray(`Run: ${result.runId}`));
@@ -34,6 +42,11 @@ function printAuditSummary(result) {
   if (result.sharedMemory?.artifactPath) {
     console.log(pc.gray(`Shared memory: ${result.sharedMemory.artifactPath}`));
   }
+  if (result.omargateReuse?.used) {
+    console.log(pc.gray(`Reused OmarGate run: ${result.omargateReuse.runId}`));
+  } else if (result.omargateReuse?.requested) {
+    console.log(pc.gray(`OmarGate reuse unavailable: ${result.omargateReuse.reason || "not_found"}`));
+  }
   if (result.ddPackage?.executiveSummaryPath) {
     console.log(pc.gray(`DD package: ${result.ddPackage.executiveSummaryPath}`));
   }
@@ -51,6 +64,15 @@ function printAuditSummary(result) {
   console.log(`Agents: ${result.agentResults.length}, max_parallel=${result.maxParallel}`);
 }
 
+function buildAuditOrchestratorEventHandler(emitStream) {
+  if (!emitStream) {
+    return null;
+  }
+  return (evt) => {
+    console.log(JSON.stringify(evt));
+  };
+}
+
 export function registerAuditCommand(program, invokeLegacy) {
   const audit = program
     .command("audit")
@@ -63,9 +85,14 @@ export function registerAuditCommand(program, invokeLegacy) {
     .option("--output-dir <path>", "Optional artifact output root override")
     .option("--refresh", "Refresh CODEBASE_INGEST before running audit")
     .option("--dry-run", "Skip deterministic baseline and run orchestration planning only")
+    .option("--isolation <mode>", "Persona isolation mode: strict | relaxed", "strict")
+    .option("--no-seed-from-deterministic", "Run personas without deterministic baseline or specialist seed findings")
+    .option("--reuse-omargate <runId>", "Reuse deterministic findings from an OmarGate run id or latest")
+    .option("--stream", "Emit NDJSON agent events to stdout")
     .option("--json", "Emit machine-readable output")
     .action(async (targetPathArg, options, command) => {
       const emitJson = shouldEmitJson(options, command);
+      const emitStream = Boolean(options.stream);
       const targetPath = path.resolve(process.cwd(), String(options.path || targetPathArg || "."));
       const registry = await loadAuditRegistry({
         registryFile: options.registryFile,
@@ -85,6 +112,10 @@ export function registerAuditCommand(program, invokeLegacy) {
         outputDir: options.outputDir,
         dryRun: Boolean(options.dryRun),
         refreshIngest: Boolean(options.refresh),
+        isolation: parseIsolationMode(options.isolation),
+        seedFromDeterministic: options.seedFromDeterministic !== false,
+        reuseOmarGate: options.reuseOmargate,
+        onEvent: buildAuditOrchestratorEventHandler(emitStream),
       });
 
       const payload = {
@@ -99,6 +130,11 @@ export function registerAuditCommand(program, invokeLegacy) {
         registryFile: registry.registryFile,
         selectedAgents: result.selectedAgents,
         maxParallel: result.maxParallel,
+        isolation: result.isolation,
+        seedFromDeterministic: result.seedFromDeterministic !== false,
+        omargateReuse: result.omargateReuse || null,
+        reusedOmarGateRunId: result.omargateReuse?.used ? result.omargateReuse.runId : "",
+        reusedOmarGateDeterministicPath: result.omargateReuse?.used ? result.omargateReuse.artifactPath : "",
         summary: result.summary,
         agentCount: result.agentResults.length,
         sharedMemoryPath: result.sharedMemory?.artifactPath || "",
@@ -112,7 +148,7 @@ export function registerAuditCommand(program, invokeLegacy) {
 
       if (emitJson) {
         console.log(JSON.stringify(payload, null, 2));
-      } else {
+      } else if (!emitStream) {
         printAuditSummary(result);
       }
 
@@ -211,6 +247,8 @@ export function registerAuditCommand(program, invokeLegacy) {
         outputDir: options.outputDir,
         dryRun: Boolean(baseReport.dryRun),
         refreshIngest: Boolean(options.refresh),
+        isolation: baseReport.isolation || "strict",
+        seedFromDeterministic: baseReport.seedFromDeterministic !== false,
       });
 
       const comparison = await writeAuditComparisonArtifact({
@@ -231,6 +269,8 @@ export function registerAuditCommand(program, invokeLegacy) {
         deterministicEquivalent: comparison.comparison.deterministicEquivalent,
         addedCount: comparison.comparison.addedCount,
         removedCount: comparison.comparison.removedCount,
+        isolation: replayResult.isolation,
+        seedFromDeterministic: replayResult.seedFromDeterministic !== false,
         ingestRefresh: replayResult.ingest?.refresh || null,
       };
 
@@ -717,6 +757,7 @@ export function registerAuditCommand(program, invokeLegacy) {
     .description("Compatibility mode: run legacy local readiness + policy audit")
     .option("--path <path>", "Target repository path")
     .option("--output-dir <path>", "Artifact root for report output")
+    .option("--reuse-omargate <runId>", "Reuse deterministic findings from an OmarGate run id or latest")
     .option("--json", "Emit machine-readable output")
     .action(async (options, command) => {
       const legacyArgs = buildLegacyArgs(["/audit"], {

package/src/commands/legacy-args.js

@@ -20,12 +20,24 @@ function appendOutputDirFlag(args, maybeOutputDir) {
 }
 
 function appendPassthroughFlag(args, flagName, maybeValue) {
-  const value = String(maybeValue || "").trim();
+  const value = maybeValue === undefined || maybeValue === null ? "" : String(maybeValue).trim();
   if (value) {
     args.push(flagName, value);
   }
 }
 
+function appendBooleanFlag(args, flagName, maybeValue) {
+  if (Boolean(maybeValue)) {
+    args.push(flagName);
+  }
+}
+
+function appendNegatedBooleanFlag(args, flagName, maybeValue) {
+  if (maybeValue === false) {
+    args.push(flagName);
+  }
+}
+
 export function buildLegacyArgs(baseArgs, { commandOptions = {}, command } = {}) {
   const args = [...baseArgs];
   appendPathFlag(args, commandOptions.path);
@@ -33,6 +45,25 @@ export function buildLegacyArgs(baseArgs, { commandOptions = {}, command } = {})
   if (wantsJsonOutput(commandOptions, command)) {
     args.push("--json");
   }
+  appendNegatedBooleanFlag(args, "--no-ai", commandOptions.ai);
+  appendBooleanFlag(args, "--ai-dry-run", commandOptions.aiDryRun);
+  appendBooleanFlag(args, "--stream", commandOptions.stream);
+  appendBooleanFlag(args, "--dry-run", commandOptions.dryRun);
+  appendNegatedBooleanFlag(args, "--no-email", commandOptions.email);
+  appendNegatedBooleanFlag(args, "--no-dashboard", commandOptions.dashboard);
+  appendPassthroughFlag(args, "--scan-mode", commandOptions.scanMode);
+  appendPassthroughFlag(args, "--max-parallel", commandOptions.maxParallel);
+  appendPassthroughFlag(args, "--max-cost", commandOptions.maxCost);
+  appendPassthroughFlag(args, "--max-runtime-minutes", commandOptions.maxRuntimeMinutes);
+  appendPassthroughFlag(args, "--model", commandOptions.model);
+  appendPassthroughFlag(args, "--provider", commandOptions.provider);
+  appendPassthroughFlag(args, "--reuse-omargate", commandOptions.reuseOmargate);
+  appendPassthroughFlag(args, "--notify-email", commandOptions.notifyEmail);
+  appendPassthroughFlag(args, "--email-on-complete", commandOptions.emailOnComplete);
+  appendPassthroughFlag(args, "--notify-session", commandOptions.notifySession);
+  appendPassthroughFlag(args, "--devtestbot-base-url", commandOptions.devtestbotBaseUrl);
+  appendPassthroughFlag(args, "--devtestbot-scope", commandOptions.devtestbotScope);
+  appendNegatedBooleanFlag(args, "--no-devtestbot", commandOptions.devtestbot);
   // Omar Gate per-persona filter flags (A-CLI-1).
   appendPassthroughFlag(args, "--persona", commandOptions.persona);
   appendPassthroughFlag(args, "--skip-persona", commandOptions.skipPersona);

package/src/commands/omargate.js

@@ -48,9 +48,13 @@ export function registerOmarGateCommand(program, invokeLegacy) {
     .option("--skip-persona <csv>", "Skip these personas (comma-separated IDs)")
     .option("--stream", "Emit NDJSON events to stdout as personas work file-by-file")
     .option("--notify-email <addr>", "Send final report to this email (default: account email)")
+    .option("--email-on-complete <addr>", "Trigger the API-side DD report email after the run completes")
     .option("--notify-session <session-id>", "Stream progress into this Senti session (default: auto-start)")
     .option("--no-email", "Skip email dispatch")
     .option("--no-dashboard", "Skip dashboard card persistence")
+    .option("--devtestbot-base-url <url>", "Approved absolute URL for devTestBot browser lanes")
+    .option("--devtestbot-scope <scope>", "devTestBot runtime scope (default: orchestrator decides)")
+    .option("--no-devtestbot", "Skip the automated devTestBot phase")
     .option("--dry-run", "Validate config + emit plan.json; skip LLM calls")
     .option("--json", "Emit machine-readable final output")
     .action(async (options, command) => {