@kevinrabun/judges-cli 3.124.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1745) hide show
  1. package/README.md +24 -0
  2. package/agents/accessibility.judge.md +44 -0
  3. package/agents/agent-instructions.judge.md +44 -0
  4. package/agents/ai-code-safety.judge.md +55 -0
  5. package/agents/api-contract.judge.md +37 -0
  6. package/agents/api-design.judge.md +55 -0
  7. package/agents/authentication.judge.md +61 -0
  8. package/agents/backwards-compatibility.judge.md +44 -0
  9. package/agents/caching.judge.md +44 -0
  10. package/agents/ci-cd.judge.md +44 -0
  11. package/agents/cloud-readiness.judge.md +51 -0
  12. package/agents/code-structure.judge.md +48 -0
  13. package/agents/compliance.judge.md +47 -0
  14. package/agents/concurrency.judge.md +46 -0
  15. package/agents/configuration-management.judge.md +44 -0
  16. package/agents/cost-effectiveness.judge.md +40 -0
  17. package/agents/cybersecurity.judge.md +61 -0
  18. package/agents/data-security.judge.md +48 -0
  19. package/agents/data-sovereignty.judge.md +58 -0
  20. package/agents/database.judge.md +49 -0
  21. package/agents/dependency-health.judge.md +46 -0
  22. package/agents/documentation.judge.md +53 -0
  23. package/agents/error-handling.judge.md +53 -0
  24. package/agents/ethics-bias.judge.md +46 -0
  25. package/agents/false-positive-review.judge.md +85 -0
  26. package/agents/framework-safety.judge.md +47 -0
  27. package/agents/hallucination-detection.judge.md +46 -0
  28. package/agents/iac-security.judge.md +45 -0
  29. package/agents/intent-alignment.judge.md +44 -0
  30. package/agents/internationalization.judge.md +42 -0
  31. package/agents/logging-privacy.judge.md +44 -0
  32. package/agents/logic-review.judge.md +34 -0
  33. package/agents/maintainability.judge.md +44 -0
  34. package/agents/model-fingerprint.judge.md +31 -0
  35. package/agents/multi-turn-coherence.judge.md +36 -0
  36. package/agents/observability.judge.md +52 -0
  37. package/agents/over-engineering.judge.md +48 -0
  38. package/agents/performance.judge.md +44 -0
  39. package/agents/portability.judge.md +44 -0
  40. package/agents/rate-limiting.judge.md +53 -0
  41. package/agents/reliability.judge.md +55 -0
  42. package/agents/scalability.judge.md +50 -0
  43. package/agents/security.judge.md +62 -0
  44. package/agents/software-practices.judge.md +54 -0
  45. package/agents/testing.judge.md +52 -0
  46. package/agents/ux.judge.md +44 -0
  47. package/bin/judges.js +8 -0
  48. package/dist/a2a-protocol.d.ts +136 -0
  49. package/dist/a2a-protocol.js +218 -0
  50. package/dist/agent-loader.d.ts +107 -0
  51. package/dist/agent-loader.js +260 -0
  52. package/dist/api.d.ts +169 -0
  53. package/dist/api.js +195 -0
  54. package/dist/ast/cross-file-taint.d.ts +42 -0
  55. package/dist/ast/cross-file-taint.js +679 -0
  56. package/dist/ast/index.d.ts +25 -0
  57. package/dist/ast/index.js +148 -0
  58. package/dist/ast/structural-parser.d.ts +2 -0
  59. package/dist/ast/structural-parser.js +756 -0
  60. package/dist/ast/taint-tracker.d.ts +48 -0
  61. package/dist/ast/taint-tracker.js +1033 -0
  62. package/dist/ast/tree-sitter-ast.d.ts +33 -0
  63. package/dist/ast/tree-sitter-ast.js +1164 -0
  64. package/dist/ast/types.d.ts +50 -0
  65. package/dist/ast/types.js +7 -0
  66. package/dist/audit-trail.d.ts +245 -0
  67. package/dist/audit-trail.js +257 -0
  68. package/dist/auto-tune.d.ts +146 -0
  69. package/dist/auto-tune.js +373 -0
  70. package/dist/cache.d.ts +53 -0
  71. package/dist/cache.js +86 -0
  72. package/dist/calibration.d.ts +108 -0
  73. package/dist/calibration.js +219 -0
  74. package/dist/cli-dispatch.d.ts +7 -0
  75. package/dist/cli-dispatch.js +654 -0
  76. package/dist/cli-formatters.d.ts +6 -0
  77. package/dist/cli-formatters.js +186 -0
  78. package/dist/cli-helpers.d.ts +29 -0
  79. package/dist/cli-helpers.js +129 -0
  80. package/dist/cli.d.ts +30 -0
  81. package/dist/cli.js +1487 -0
  82. package/dist/commands/adoption-report.d.ts +7 -0
  83. package/dist/commands/adoption-report.js +218 -0
  84. package/dist/commands/adoption-track.d.ts +4 -0
  85. package/dist/commands/adoption-track.js +246 -0
  86. package/dist/commands/ai-gate.d.ts +7 -0
  87. package/dist/commands/ai-gate.js +212 -0
  88. package/dist/commands/ai-model-trust.d.ts +16 -0
  89. package/dist/commands/ai-model-trust.js +234 -0
  90. package/dist/commands/ai-output-compare.d.ts +8 -0
  91. package/dist/commands/ai-output-compare.js +202 -0
  92. package/dist/commands/ai-pattern-trend.d.ts +8 -0
  93. package/dist/commands/ai-pattern-trend.js +223 -0
  94. package/dist/commands/ai-prompt-audit.d.ts +22 -0
  95. package/dist/commands/ai-prompt-audit.js +254 -0
  96. package/dist/commands/ai-provenance.d.ts +4 -0
  97. package/dist/commands/ai-provenance.js +247 -0
  98. package/dist/commands/api-audit.d.ts +8 -0
  99. package/dist/commands/api-audit.js +359 -0
  100. package/dist/commands/api-misuse.d.ts +4 -0
  101. package/dist/commands/api-misuse.js +260 -0
  102. package/dist/commands/api-versioning-audit.d.ts +5 -0
  103. package/dist/commands/api-versioning-audit.js +233 -0
  104. package/dist/commands/approve-chain.d.ts +7 -0
  105. package/dist/commands/approve-chain.js +234 -0
  106. package/dist/commands/arch-audit.d.ts +8 -0
  107. package/dist/commands/arch-audit.js +283 -0
  108. package/dist/commands/assertion-density.d.ts +4 -0
  109. package/dist/commands/assertion-density.js +263 -0
  110. package/dist/commands/assign-findings.d.ts +36 -0
  111. package/dist/commands/assign-findings.js +177 -0
  112. package/dist/commands/async-safety.d.ts +4 -0
  113. package/dist/commands/async-safety.js +266 -0
  114. package/dist/commands/audit-bundle.d.ts +28 -0
  115. package/dist/commands/audit-bundle.js +234 -0
  116. package/dist/commands/audit-trail.d.ts +17 -0
  117. package/dist/commands/audit-trail.js +154 -0
  118. package/dist/commands/auto-approve.d.ts +4 -0
  119. package/dist/commands/auto-approve.js +188 -0
  120. package/dist/commands/auto-calibrate.d.ts +14 -0
  121. package/dist/commands/auto-calibrate.js +106 -0
  122. package/dist/commands/auto-detect.d.ts +61 -0
  123. package/dist/commands/auto-detect.js +328 -0
  124. package/dist/commands/auto-fix.d.ts +17 -0
  125. package/dist/commands/auto-fix.js +240 -0
  126. package/dist/commands/auto-triage.d.ts +31 -0
  127. package/dist/commands/auto-triage.js +125 -0
  128. package/dist/commands/baseline.d.ts +47 -0
  129. package/dist/commands/baseline.js +353 -0
  130. package/dist/commands/batch-review.d.ts +4 -0
  131. package/dist/commands/batch-review.js +180 -0
  132. package/dist/commands/benchmark-advanced.d.ts +14 -0
  133. package/dist/commands/benchmark-advanced.js +5057 -0
  134. package/dist/commands/benchmark-ai-agents.d.ts +8 -0
  135. package/dist/commands/benchmark-ai-agents.js +4123 -0
  136. package/dist/commands/benchmark-ai-output.d.ts +9 -0
  137. package/dist/commands/benchmark-ai-output.js +365 -0
  138. package/dist/commands/benchmark-compliance-ethics.d.ts +8 -0
  139. package/dist/commands/benchmark-compliance-ethics.js +3060 -0
  140. package/dist/commands/benchmark-expanded-2.d.ts +12 -0
  141. package/dist/commands/benchmark-expanded-2.js +5530 -0
  142. package/dist/commands/benchmark-expanded.d.ts +12 -0
  143. package/dist/commands/benchmark-expanded.js +2599 -0
  144. package/dist/commands/benchmark-infrastructure.d.ts +8 -0
  145. package/dist/commands/benchmark-infrastructure.js +2882 -0
  146. package/dist/commands/benchmark-languages.d.ts +8 -0
  147. package/dist/commands/benchmark-languages.js +1963 -0
  148. package/dist/commands/benchmark-quality-ops.d.ts +8 -0
  149. package/dist/commands/benchmark-quality-ops.js +3415 -0
  150. package/dist/commands/benchmark-security-deep.d.ts +9 -0
  151. package/dist/commands/benchmark-security-deep.js +2335 -0
  152. package/dist/commands/benchmark.d.ts +233 -0
  153. package/dist/commands/benchmark.js +3214 -0
  154. package/dist/commands/blame-review.d.ts +4 -0
  155. package/dist/commands/blame-review.js +266 -0
  156. package/dist/commands/boundary-enforce.d.ts +5 -0
  157. package/dist/commands/boundary-enforce.js +255 -0
  158. package/dist/commands/build-optimize.d.ts +6 -0
  159. package/dist/commands/build-optimize.js +256 -0
  160. package/dist/commands/burndown.d.ts +26 -0
  161. package/dist/commands/burndown.js +179 -0
  162. package/dist/commands/cache-audit.d.ts +4 -0
  163. package/dist/commands/cache-audit.js +219 -0
  164. package/dist/commands/calibration-dashboard.d.ts +1 -0
  165. package/dist/commands/calibration-dashboard.js +294 -0
  166. package/dist/commands/calibration-share.d.ts +30 -0
  167. package/dist/commands/calibration-share.js +182 -0
  168. package/dist/commands/chat-notify.d.ts +8 -0
  169. package/dist/commands/chat-notify.js +258 -0
  170. package/dist/commands/ci-template.d.ts +14 -0
  171. package/dist/commands/ci-template.js +211 -0
  172. package/dist/commands/ci-templates.d.ts +9 -0
  173. package/dist/commands/ci-templates.js +89 -0
  174. package/dist/commands/clarity-score.d.ts +8 -0
  175. package/dist/commands/clarity-score.js +260 -0
  176. package/dist/commands/clone-detect.d.ts +4 -0
  177. package/dist/commands/clone-detect.js +232 -0
  178. package/dist/commands/coach-mode.d.ts +7 -0
  179. package/dist/commands/coach-mode.js +229 -0
  180. package/dist/commands/code-health.d.ts +4 -0
  181. package/dist/commands/code-health.js +195 -0
  182. package/dist/commands/code-owner-suggest.d.ts +16 -0
  183. package/dist/commands/code-owner-suggest.js +214 -0
  184. package/dist/commands/code-similarity.d.ts +8 -0
  185. package/dist/commands/code-similarity.js +231 -0
  186. package/dist/commands/comment-drift.d.ts +4 -0
  187. package/dist/commands/comment-drift.js +228 -0
  188. package/dist/commands/commit-hygiene.d.ts +5 -0
  189. package/dist/commands/commit-hygiene.js +175 -0
  190. package/dist/commands/community-patterns.d.ts +1 -0
  191. package/dist/commands/community-patterns.js +131 -0
  192. package/dist/commands/compare-runs.d.ts +37 -0
  193. package/dist/commands/compare-runs.js +228 -0
  194. package/dist/commands/completion-audit.d.ts +4 -0
  195. package/dist/commands/completion-audit.js +296 -0
  196. package/dist/commands/completions.d.ts +1 -0
  197. package/dist/commands/completions.js +257 -0
  198. package/dist/commands/compliance-map.d.ts +8 -0
  199. package/dist/commands/compliance-map.js +374 -0
  200. package/dist/commands/compliance-report.d.ts +34 -0
  201. package/dist/commands/compliance-report.js +161 -0
  202. package/dist/commands/compliance-weight.d.ts +8 -0
  203. package/dist/commands/compliance-weight.js +272 -0
  204. package/dist/commands/config-drift.d.ts +24 -0
  205. package/dist/commands/config-drift.js +213 -0
  206. package/dist/commands/config-lint.d.ts +4 -0
  207. package/dist/commands/config-lint.js +187 -0
  208. package/dist/commands/config-migrate.d.ts +43 -0
  209. package/dist/commands/config-migrate.js +240 -0
  210. package/dist/commands/config-share.d.ts +95 -0
  211. package/dist/commands/config-share.js +406 -0
  212. package/dist/commands/context-blind.d.ts +4 -0
  213. package/dist/commands/context-blind.js +272 -0
  214. package/dist/commands/context-inject.d.ts +8 -0
  215. package/dist/commands/context-inject.js +211 -0
  216. package/dist/commands/contract-verify.d.ts +4 -0
  217. package/dist/commands/contract-verify.js +316 -0
  218. package/dist/commands/correlate.d.ts +27 -0
  219. package/dist/commands/correlate.js +241 -0
  220. package/dist/commands/cost-forecast.d.ts +18 -0
  221. package/dist/commands/cost-forecast.js +193 -0
  222. package/dist/commands/coverage-map.d.ts +22 -0
  223. package/dist/commands/coverage-map.js +222 -0
  224. package/dist/commands/coverage.d.ts +40 -0
  225. package/dist/commands/coverage.js +147 -0
  226. package/dist/commands/cross-file-consistency.d.ts +4 -0
  227. package/dist/commands/cross-file-consistency.js +254 -0
  228. package/dist/commands/cross-pr-regression.d.ts +8 -0
  229. package/dist/commands/cross-pr-regression.js +297 -0
  230. package/dist/commands/custom-rule.d.ts +4 -0
  231. package/dist/commands/custom-rule.js +210 -0
  232. package/dist/commands/dead-code-detect.d.ts +4 -0
  233. package/dist/commands/dead-code-detect.js +255 -0
  234. package/dist/commands/dedup-report.d.ts +12 -0
  235. package/dist/commands/dedup-report.js +137 -0
  236. package/dist/commands/dep-audit.d.ts +52 -0
  237. package/dist/commands/dep-audit.js +277 -0
  238. package/dist/commands/dep-correlate.d.ts +8 -0
  239. package/dist/commands/dep-correlate.js +207 -0
  240. package/dist/commands/deploy-readiness.d.ts +5 -0
  241. package/dist/commands/deploy-readiness.js +211 -0
  242. package/dist/commands/deprecated.d.ts +47 -0
  243. package/dist/commands/deprecated.js +201 -0
  244. package/dist/commands/deps.d.ts +5 -0
  245. package/dist/commands/deps.js +122 -0
  246. package/dist/commands/design-audit.d.ts +8 -0
  247. package/dist/commands/design-audit.js +301 -0
  248. package/dist/commands/dev-score.d.ts +36 -0
  249. package/dist/commands/dev-score.js +203 -0
  250. package/dist/commands/diff-explain.d.ts +4 -0
  251. package/dist/commands/diff-explain.js +142 -0
  252. package/dist/commands/diff-only.d.ts +33 -0
  253. package/dist/commands/diff-only.js +151 -0
  254. package/dist/commands/diff-review.d.ts +4 -0
  255. package/dist/commands/diff-review.js +190 -0
  256. package/dist/commands/diff.d.ts +6 -0
  257. package/dist/commands/diff.js +449 -0
  258. package/dist/commands/digest.d.ts +19 -0
  259. package/dist/commands/digest.js +221 -0
  260. package/dist/commands/doc-drift.d.ts +8 -0
  261. package/dist/commands/doc-drift.js +258 -0
  262. package/dist/commands/doc-gen.d.ts +7 -0
  263. package/dist/commands/doc-gen.js +208 -0
  264. package/dist/commands/docs.d.ts +1 -0
  265. package/dist/commands/docs.js +156 -0
  266. package/dist/commands/doctor.d.ts +55 -0
  267. package/dist/commands/doctor.js +362 -0
  268. package/dist/commands/encoding-safety.d.ts +4 -0
  269. package/dist/commands/encoding-safety.js +275 -0
  270. package/dist/commands/error-taxonomy.d.ts +5 -0
  271. package/dist/commands/error-taxonomy.js +226 -0
  272. package/dist/commands/error-ux.d.ts +4 -0
  273. package/dist/commands/error-ux.js +252 -0
  274. package/dist/commands/event-leak.d.ts +4 -0
  275. package/dist/commands/event-leak.js +262 -0
  276. package/dist/commands/evidence-chain.d.ts +4 -0
  277. package/dist/commands/evidence-chain.js +309 -0
  278. package/dist/commands/example-leak.d.ts +4 -0
  279. package/dist/commands/example-leak.js +232 -0
  280. package/dist/commands/exception-consistency.d.ts +6 -0
  281. package/dist/commands/exception-consistency.js +192 -0
  282. package/dist/commands/exec-report.d.ts +8 -0
  283. package/dist/commands/exec-report.js +271 -0
  284. package/dist/commands/explain-finding.d.ts +7 -0
  285. package/dist/commands/explain-finding.js +278 -0
  286. package/dist/commands/false-negatives.d.ts +34 -0
  287. package/dist/commands/false-negatives.js +165 -0
  288. package/dist/commands/feedback-rules.d.ts +28 -0
  289. package/dist/commands/feedback-rules.js +173 -0
  290. package/dist/commands/feedback.d.ts +182 -0
  291. package/dist/commands/feedback.js +550 -0
  292. package/dist/commands/finding-age-analysis.d.ts +4 -0
  293. package/dist/commands/finding-age-analysis.js +144 -0
  294. package/dist/commands/finding-age-report.d.ts +4 -0
  295. package/dist/commands/finding-age-report.js +154 -0
  296. package/dist/commands/finding-age-tracker.d.ts +7 -0
  297. package/dist/commands/finding-age-tracker.js +152 -0
  298. package/dist/commands/finding-age.d.ts +4 -0
  299. package/dist/commands/finding-age.js +145 -0
  300. package/dist/commands/finding-ancestry-trace.d.ts +1 -0
  301. package/dist/commands/finding-ancestry-trace.js +69 -0
  302. package/dist/commands/finding-annotation-export.d.ts +1 -0
  303. package/dist/commands/finding-annotation-export.js +97 -0
  304. package/dist/commands/finding-annotation-layer.d.ts +4 -0
  305. package/dist/commands/finding-annotation-layer.js +128 -0
  306. package/dist/commands/finding-auto-categorize.d.ts +1 -0
  307. package/dist/commands/finding-auto-categorize.js +109 -0
  308. package/dist/commands/finding-auto-fix-suggest.d.ts +1 -0
  309. package/dist/commands/finding-auto-fix-suggest.js +76 -0
  310. package/dist/commands/finding-auto-fix.d.ts +4 -0
  311. package/dist/commands/finding-auto-fix.js +188 -0
  312. package/dist/commands/finding-auto-group.d.ts +4 -0
  313. package/dist/commands/finding-auto-group.js +108 -0
  314. package/dist/commands/finding-auto-label.d.ts +4 -0
  315. package/dist/commands/finding-auto-label.js +220 -0
  316. package/dist/commands/finding-auto-priority.d.ts +1 -0
  317. package/dist/commands/finding-auto-priority.js +100 -0
  318. package/dist/commands/finding-auto-suppress.d.ts +4 -0
  319. package/dist/commands/finding-auto-suppress.js +126 -0
  320. package/dist/commands/finding-auto-tag.d.ts +4 -0
  321. package/dist/commands/finding-auto-tag.js +113 -0
  322. package/dist/commands/finding-auto-triage.d.ts +4 -0
  323. package/dist/commands/finding-auto-triage.js +108 -0
  324. package/dist/commands/finding-autofix-preview.d.ts +4 -0
  325. package/dist/commands/finding-autofix-preview.js +86 -0
  326. package/dist/commands/finding-batch-resolve.d.ts +4 -0
  327. package/dist/commands/finding-batch-resolve.js +165 -0
  328. package/dist/commands/finding-batch-suppress.d.ts +4 -0
  329. package/dist/commands/finding-batch-suppress.js +85 -0
  330. package/dist/commands/finding-batch-triage.d.ts +1 -0
  331. package/dist/commands/finding-batch-triage.js +90 -0
  332. package/dist/commands/finding-blast-radius.d.ts +4 -0
  333. package/dist/commands/finding-blast-radius.js +91 -0
  334. package/dist/commands/finding-budget.d.ts +4 -0
  335. package/dist/commands/finding-budget.js +232 -0
  336. package/dist/commands/finding-category-map.d.ts +4 -0
  337. package/dist/commands/finding-category-map.js +103 -0
  338. package/dist/commands/finding-category-stats.d.ts +4 -0
  339. package/dist/commands/finding-category-stats.js +104 -0
  340. package/dist/commands/finding-category.d.ts +4 -0
  341. package/dist/commands/finding-category.js +109 -0
  342. package/dist/commands/finding-change-impact.d.ts +4 -0
  343. package/dist/commands/finding-change-impact.js +107 -0
  344. package/dist/commands/finding-cluster-analysis.d.ts +4 -0
  345. package/dist/commands/finding-cluster-analysis.js +133 -0
  346. package/dist/commands/finding-cluster-group.d.ts +4 -0
  347. package/dist/commands/finding-cluster-group.js +105 -0
  348. package/dist/commands/finding-cluster-summary.d.ts +1 -0
  349. package/dist/commands/finding-cluster-summary.js +85 -0
  350. package/dist/commands/finding-cluster.d.ts +4 -0
  351. package/dist/commands/finding-cluster.js +157 -0
  352. package/dist/commands/finding-code-context.d.ts +4 -0
  353. package/dist/commands/finding-code-context.js +96 -0
  354. package/dist/commands/finding-code-smell.d.ts +4 -0
  355. package/dist/commands/finding-code-smell.js +113 -0
  356. package/dist/commands/finding-compare-runs.d.ts +4 -0
  357. package/dist/commands/finding-compare-runs.js +105 -0
  358. package/dist/commands/finding-compliance-tag.d.ts +1 -0
  359. package/dist/commands/finding-compliance-tag.js +106 -0
  360. package/dist/commands/finding-confidence-boost.d.ts +1 -0
  361. package/dist/commands/finding-confidence-boost.js +88 -0
  362. package/dist/commands/finding-confidence-calibrate.d.ts +4 -0
  363. package/dist/commands/finding-confidence-calibrate.js +111 -0
  364. package/dist/commands/finding-confidence-filter.d.ts +4 -0
  365. package/dist/commands/finding-confidence-filter.js +77 -0
  366. package/dist/commands/finding-contest.d.ts +7 -0
  367. package/dist/commands/finding-contest.js +192 -0
  368. package/dist/commands/finding-context-enrich.d.ts +4 -0
  369. package/dist/commands/finding-context-enrich.js +89 -0
  370. package/dist/commands/finding-context-expand.d.ts +4 -0
  371. package/dist/commands/finding-context-expand.js +102 -0
  372. package/dist/commands/finding-context-link.d.ts +1 -0
  373. package/dist/commands/finding-context-link.js +94 -0
  374. package/dist/commands/finding-context-summary.d.ts +1 -0
  375. package/dist/commands/finding-context-summary.js +85 -0
  376. package/dist/commands/finding-context-window.d.ts +4 -0
  377. package/dist/commands/finding-context-window.js +126 -0
  378. package/dist/commands/finding-context.d.ts +4 -0
  379. package/dist/commands/finding-context.js +140 -0
  380. package/dist/commands/finding-correlate.d.ts +4 -0
  381. package/dist/commands/finding-correlate.js +88 -0
  382. package/dist/commands/finding-correlation-map.d.ts +4 -0
  383. package/dist/commands/finding-correlation-map.js +101 -0
  384. package/dist/commands/finding-correlation.d.ts +4 -0
  385. package/dist/commands/finding-correlation.js +103 -0
  386. package/dist/commands/finding-cross-file-link.d.ts +1 -0
  387. package/dist/commands/finding-cross-file-link.js +101 -0
  388. package/dist/commands/finding-cross-ref.d.ts +4 -0
  389. package/dist/commands/finding-cross-ref.js +98 -0
  390. package/dist/commands/finding-cve-lookup.d.ts +4 -0
  391. package/dist/commands/finding-cve-lookup.js +97 -0
  392. package/dist/commands/finding-cwe-lookup.d.ts +4 -0
  393. package/dist/commands/finding-cwe-lookup.js +148 -0
  394. package/dist/commands/finding-cwe-map.d.ts +4 -0
  395. package/dist/commands/finding-cwe-map.js +133 -0
  396. package/dist/commands/finding-dedup-cross-file.d.ts +4 -0
  397. package/dist/commands/finding-dedup-cross-file.js +95 -0
  398. package/dist/commands/finding-dedup-cross.d.ts +4 -0
  399. package/dist/commands/finding-dedup-cross.js +90 -0
  400. package/dist/commands/finding-dedup-merge.d.ts +1 -0
  401. package/dist/commands/finding-dedup-merge.js +107 -0
  402. package/dist/commands/finding-dedup-report.d.ts +4 -0
  403. package/dist/commands/finding-dedup-report.js +101 -0
  404. package/dist/commands/finding-dedup-smart.d.ts +1 -0
  405. package/dist/commands/finding-dedup-smart.js +109 -0
  406. package/dist/commands/finding-deduplicate.d.ts +4 -0
  407. package/dist/commands/finding-deduplicate.js +141 -0
  408. package/dist/commands/finding-dependency-check.d.ts +4 -0
  409. package/dist/commands/finding-dependency-check.js +119 -0
  410. package/dist/commands/finding-dependency-impact.d.ts +1 -0
  411. package/dist/commands/finding-dependency-impact.js +97 -0
  412. package/dist/commands/finding-dependency-link.d.ts +4 -0
  413. package/dist/commands/finding-dependency-link.js +73 -0
  414. package/dist/commands/finding-dependency-risk.d.ts +4 -0
  415. package/dist/commands/finding-dependency-risk.js +117 -0
  416. package/dist/commands/finding-dependency-tree.d.ts +4 -0
  417. package/dist/commands/finding-dependency-tree.js +116 -0
  418. package/dist/commands/finding-diff-highlight.d.ts +4 -0
  419. package/dist/commands/finding-diff-highlight.js +107 -0
  420. package/dist/commands/finding-dismiss-workflow.d.ts +4 -0
  421. package/dist/commands/finding-dismiss-workflow.js +119 -0
  422. package/dist/commands/finding-duplicate-detect.d.ts +4 -0
  423. package/dist/commands/finding-duplicate-detect.js +113 -0
  424. package/dist/commands/finding-duplicate-rule.d.ts +4 -0
  425. package/dist/commands/finding-duplicate-rule.js +103 -0
  426. package/dist/commands/finding-effort-rank.d.ts +1 -0
  427. package/dist/commands/finding-effort-rank.js +93 -0
  428. package/dist/commands/finding-evidence-chain.d.ts +4 -0
  429. package/dist/commands/finding-evidence-chain.js +147 -0
  430. package/dist/commands/finding-evidence-collect.d.ts +4 -0
  431. package/dist/commands/finding-evidence-collect.js +114 -0
  432. package/dist/commands/finding-explain.d.ts +4 -0
  433. package/dist/commands/finding-explain.js +93 -0
  434. package/dist/commands/finding-export-csv.d.ts +4 -0
  435. package/dist/commands/finding-export-csv.js +78 -0
  436. package/dist/commands/finding-false-neg-check.d.ts +8 -0
  437. package/dist/commands/finding-false-neg-check.js +139 -0
  438. package/dist/commands/finding-false-positive-learn.d.ts +4 -0
  439. package/dist/commands/finding-false-positive-learn.js +85 -0
  440. package/dist/commands/finding-false-positive-log.d.ts +4 -0
  441. package/dist/commands/finding-false-positive-log.js +150 -0
  442. package/dist/commands/finding-false-positive.d.ts +4 -0
  443. package/dist/commands/finding-false-positive.js +134 -0
  444. package/dist/commands/finding-filter-view.d.ts +4 -0
  445. package/dist/commands/finding-filter-view.js +107 -0
  446. package/dist/commands/finding-fix-chain.d.ts +1 -0
  447. package/dist/commands/finding-fix-chain.js +78 -0
  448. package/dist/commands/finding-fix-estimate.d.ts +1 -0
  449. package/dist/commands/finding-fix-estimate.js +95 -0
  450. package/dist/commands/finding-fix-playbook.d.ts +1 -0
  451. package/dist/commands/finding-fix-playbook.js +110 -0
  452. package/dist/commands/finding-fix-priority.d.ts +4 -0
  453. package/dist/commands/finding-fix-priority.js +98 -0
  454. package/dist/commands/finding-fix-rate.d.ts +4 -0
  455. package/dist/commands/finding-fix-rate.js +141 -0
  456. package/dist/commands/finding-fix-suggest.d.ts +4 -0
  457. package/dist/commands/finding-fix-suggest.js +88 -0
  458. package/dist/commands/finding-fix-validation.d.ts +4 -0
  459. package/dist/commands/finding-fix-validation.js +115 -0
  460. package/dist/commands/finding-fix-verify.d.ts +4 -0
  461. package/dist/commands/finding-fix-verify.js +198 -0
  462. package/dist/commands/finding-group-by.d.ts +4 -0
  463. package/dist/commands/finding-group-by.js +86 -0
  464. package/dist/commands/finding-group.d.ts +15 -0
  465. package/dist/commands/finding-group.js +164 -0
  466. package/dist/commands/finding-groupby-file.d.ts +4 -0
  467. package/dist/commands/finding-groupby-file.js +94 -0
  468. package/dist/commands/finding-hotfix-suggest.d.ts +7 -0
  469. package/dist/commands/finding-hotfix-suggest.js +170 -0
  470. package/dist/commands/finding-hotspot-detect.d.ts +1 -0
  471. package/dist/commands/finding-hotspot-detect.js +120 -0
  472. package/dist/commands/finding-hotspot-map.d.ts +4 -0
  473. package/dist/commands/finding-hotspot-map.js +106 -0
  474. package/dist/commands/finding-hotspot.d.ts +4 -0
  475. package/dist/commands/finding-hotspot.js +115 -0
  476. package/dist/commands/finding-impact-radius.d.ts +1 -0
  477. package/dist/commands/finding-impact-radius.js +94 -0
  478. package/dist/commands/finding-impact-rank.d.ts +4 -0
  479. package/dist/commands/finding-impact-rank.js +85 -0
  480. package/dist/commands/finding-impact-score.d.ts +4 -0
  481. package/dist/commands/finding-impact-score.js +123 -0
  482. package/dist/commands/finding-impact.d.ts +4 -0
  483. package/dist/commands/finding-impact.js +135 -0
  484. package/dist/commands/finding-line-blame.d.ts +7 -0
  485. package/dist/commands/finding-line-blame.js +129 -0
  486. package/dist/commands/finding-link-graph.d.ts +4 -0
  487. package/dist/commands/finding-link-graph.js +144 -0
  488. package/dist/commands/finding-link.d.ts +4 -0
  489. package/dist/commands/finding-link.js +128 -0
  490. package/dist/commands/finding-merge-results.d.ts +4 -0
  491. package/dist/commands/finding-merge-results.js +110 -0
  492. package/dist/commands/finding-merge-strategy.d.ts +1 -0
  493. package/dist/commands/finding-merge-strategy.js +84 -0
  494. package/dist/commands/finding-metadata-enrich.d.ts +4 -0
  495. package/dist/commands/finding-metadata-enrich.js +92 -0
  496. package/dist/commands/finding-noise-filter.d.ts +7 -0
  497. package/dist/commands/finding-noise-filter.js +140 -0
  498. package/dist/commands/finding-noise-reduce.d.ts +1 -0
  499. package/dist/commands/finding-noise-reduce.js +81 -0
  500. package/dist/commands/finding-noise-score.d.ts +1 -0
  501. package/dist/commands/finding-noise-score.js +93 -0
  502. package/dist/commands/finding-owner-assign.d.ts +4 -0
  503. package/dist/commands/finding-owner-assign.js +133 -0
  504. package/dist/commands/finding-owner-notify.d.ts +1 -0
  505. package/dist/commands/finding-owner-notify.js +121 -0
  506. package/dist/commands/finding-ownership-assign.d.ts +4 -0
  507. package/dist/commands/finding-ownership-assign.js +101 -0
  508. package/dist/commands/finding-ownership-map.d.ts +4 -0
  509. package/dist/commands/finding-ownership-map.js +118 -0
  510. package/dist/commands/finding-patch-chain.d.ts +1 -0
  511. package/dist/commands/finding-patch-chain.js +90 -0
  512. package/dist/commands/finding-patch-preview.d.ts +4 -0
  513. package/dist/commands/finding-patch-preview.js +103 -0
  514. package/dist/commands/finding-pattern-detect.d.ts +4 -0
  515. package/dist/commands/finding-pattern-detect.js +127 -0
  516. package/dist/commands/finding-pattern-library.d.ts +4 -0
  517. package/dist/commands/finding-pattern-library.js +145 -0
  518. package/dist/commands/finding-pattern-match.d.ts +4 -0
  519. package/dist/commands/finding-pattern-match.js +165 -0
  520. package/dist/commands/finding-prioritize.d.ts +4 -0
  521. package/dist/commands/finding-prioritize.js +119 -0
  522. package/dist/commands/finding-priority-matrix.d.ts +4 -0
  523. package/dist/commands/finding-priority-matrix.js +102 -0
  524. package/dist/commands/finding-priority-queue.d.ts +4 -0
  525. package/dist/commands/finding-priority-queue.js +131 -0
  526. package/dist/commands/finding-priority-rank.d.ts +1 -0
  527. package/dist/commands/finding-priority-rank.js +82 -0
  528. package/dist/commands/finding-quality-gate.d.ts +4 -0
  529. package/dist/commands/finding-quality-gate.js +107 -0
  530. package/dist/commands/finding-rank.d.ts +4 -0
  531. package/dist/commands/finding-rank.js +138 -0
  532. package/dist/commands/finding-reachability-check.d.ts +4 -0
  533. package/dist/commands/finding-reachability-check.js +102 -0
  534. package/dist/commands/finding-reachability.d.ts +4 -0
  535. package/dist/commands/finding-reachability.js +131 -0
  536. package/dist/commands/finding-recurrence-check.d.ts +1 -0
  537. package/dist/commands/finding-recurrence-check.js +103 -0
  538. package/dist/commands/finding-recurrence-detect.d.ts +4 -0
  539. package/dist/commands/finding-recurrence-detect.js +77 -0
  540. package/dist/commands/finding-recurrence.d.ts +4 -0
  541. package/dist/commands/finding-recurrence.js +135 -0
  542. package/dist/commands/finding-regression-check.d.ts +4 -0
  543. package/dist/commands/finding-regression-check.js +112 -0
  544. package/dist/commands/finding-regression-detect.d.ts +1 -0
  545. package/dist/commands/finding-regression-detect.js +86 -0
  546. package/dist/commands/finding-related-rules.d.ts +4 -0
  547. package/dist/commands/finding-related-rules.js +151 -0
  548. package/dist/commands/finding-remediation-cost.d.ts +1 -0
  549. package/dist/commands/finding-remediation-cost.js +79 -0
  550. package/dist/commands/finding-remediation-plan.d.ts +4 -0
  551. package/dist/commands/finding-remediation-plan.js +107 -0
  552. package/dist/commands/finding-reopen-detect.d.ts +1 -0
  553. package/dist/commands/finding-reopen-detect.js +77 -0
  554. package/dist/commands/finding-repeat-detect.d.ts +1 -0
  555. package/dist/commands/finding-repeat-detect.js +92 -0
  556. package/dist/commands/finding-resolution-track.d.ts +4 -0
  557. package/dist/commands/finding-resolution-track.js +150 -0
  558. package/dist/commands/finding-resolution-tracker.d.ts +4 -0
  559. package/dist/commands/finding-resolution-tracker.js +163 -0
  560. package/dist/commands/finding-resolution-workflow.d.ts +1 -0
  561. package/dist/commands/finding-resolution-workflow.js +91 -0
  562. package/dist/commands/finding-resolution.d.ts +4 -0
  563. package/dist/commands/finding-resolution.js +142 -0
  564. package/dist/commands/finding-risk-label.d.ts +1 -0
  565. package/dist/commands/finding-risk-label.js +72 -0
  566. package/dist/commands/finding-risk-matrix.d.ts +4 -0
  567. package/dist/commands/finding-risk-matrix.js +126 -0
  568. package/dist/commands/finding-risk-score.d.ts +4 -0
  569. package/dist/commands/finding-risk-score.js +95 -0
  570. package/dist/commands/finding-root-cause.d.ts +4 -0
  571. package/dist/commands/finding-root-cause.js +184 -0
  572. package/dist/commands/finding-rule-explain.d.ts +4 -0
  573. package/dist/commands/finding-rule-explain.js +140 -0
  574. package/dist/commands/finding-scope-filter.d.ts +1 -0
  575. package/dist/commands/finding-scope-filter.js +77 -0
  576. package/dist/commands/finding-scope-impact.d.ts +1 -0
  577. package/dist/commands/finding-scope-impact.js +83 -0
  578. package/dist/commands/finding-search-index.d.ts +4 -0
  579. package/dist/commands/finding-search-index.js +99 -0
  580. package/dist/commands/finding-security-hotspot.d.ts +4 -0
  581. package/dist/commands/finding-security-hotspot.js +175 -0
  582. package/dist/commands/finding-severity-dist.d.ts +4 -0
  583. package/dist/commands/finding-severity-dist.js +105 -0
  584. package/dist/commands/finding-severity-drift.d.ts +4 -0
  585. package/dist/commands/finding-severity-drift.js +92 -0
  586. package/dist/commands/finding-severity-heatmap.d.ts +4 -0
  587. package/dist/commands/finding-severity-heatmap.js +108 -0
  588. package/dist/commands/finding-severity-histogram.d.ts +4 -0
  589. package/dist/commands/finding-severity-histogram.js +66 -0
  590. package/dist/commands/finding-severity-override.d.ts +4 -0
  591. package/dist/commands/finding-severity-override.js +131 -0
  592. package/dist/commands/finding-severity-rebalance.d.ts +1 -0
  593. package/dist/commands/finding-severity-rebalance.js +108 -0
  594. package/dist/commands/finding-severity-trend.d.ts +4 -0
  595. package/dist/commands/finding-severity-trend.js +127 -0
  596. package/dist/commands/finding-similar-match.d.ts +1 -0
  597. package/dist/commands/finding-similar-match.js +112 -0
  598. package/dist/commands/finding-snippet.d.ts +4 -0
  599. package/dist/commands/finding-snippet.js +102 -0
  600. package/dist/commands/finding-summary-digest.d.ts +7 -0
  601. package/dist/commands/finding-summary-digest.js +145 -0
  602. package/dist/commands/finding-suppress-pattern.d.ts +4 -0
  603. package/dist/commands/finding-suppress-pattern.js +148 -0
  604. package/dist/commands/finding-suppress.d.ts +4 -0
  605. package/dist/commands/finding-suppress.js +164 -0
  606. package/dist/commands/finding-suppression-audit.d.ts +4 -0
  607. package/dist/commands/finding-suppression-audit.js +137 -0
  608. package/dist/commands/finding-suppression-list.d.ts +4 -0
  609. package/dist/commands/finding-suppression-list.js +119 -0
  610. package/dist/commands/finding-suppression-log.d.ts +4 -0
  611. package/dist/commands/finding-suppression-log.js +174 -0
  612. package/dist/commands/finding-time-to-fix.d.ts +1 -0
  613. package/dist/commands/finding-time-to-fix.js +98 -0
  614. package/dist/commands/finding-timeline-view.d.ts +4 -0
  615. package/dist/commands/finding-timeline-view.js +98 -0
  616. package/dist/commands/finding-timeline.d.ts +4 -0
  617. package/dist/commands/finding-timeline.js +143 -0
  618. package/dist/commands/finding-top-offender.d.ts +1 -0
  619. package/dist/commands/finding-top-offender.js +75 -0
  620. package/dist/commands/finding-trace.d.ts +4 -0
  621. package/dist/commands/finding-trace.js +118 -0
  622. package/dist/commands/finding-trend-alert.d.ts +1 -0
  623. package/dist/commands/finding-trend-alert.js +126 -0
  624. package/dist/commands/finding-trend-analysis.d.ts +4 -0
  625. package/dist/commands/finding-trend-analysis.js +95 -0
  626. package/dist/commands/finding-trend-forecast.d.ts +4 -0
  627. package/dist/commands/finding-trend-forecast.js +106 -0
  628. package/dist/commands/finding-trend-report.d.ts +4 -0
  629. package/dist/commands/finding-trend-report.js +107 -0
  630. package/dist/commands/finding-trend.d.ts +4 -0
  631. package/dist/commands/finding-trend.js +118 -0
  632. package/dist/commands/fix-pr.d.ts +22 -0
  633. package/dist/commands/fix-pr.js +286 -0
  634. package/dist/commands/fix-suggest.d.ts +4 -0
  635. package/dist/commands/fix-suggest.js +171 -0
  636. package/dist/commands/fix-verify.d.ts +4 -0
  637. package/dist/commands/fix-verify.js +123 -0
  638. package/dist/commands/fix.d.ts +117 -0
  639. package/dist/commands/fix.js +445 -0
  640. package/dist/commands/focus-area.d.ts +5 -0
  641. package/dist/commands/focus-area.js +192 -0
  642. package/dist/commands/generate.d.ts +7 -0
  643. package/dist/commands/generate.js +403 -0
  644. package/dist/commands/governance.d.ts +31 -0
  645. package/dist/commands/governance.js +202 -0
  646. package/dist/commands/group-findings.d.ts +22 -0
  647. package/dist/commands/group-findings.js +154 -0
  648. package/dist/commands/guided-tour.d.ts +8 -0
  649. package/dist/commands/guided-tour.js +287 -0
  650. package/dist/commands/habit-tracker.d.ts +7 -0
  651. package/dist/commands/habit-tracker.js +194 -0
  652. package/dist/commands/hallucination-detect.d.ts +4 -0
  653. package/dist/commands/hallucination-detect.js +350 -0
  654. package/dist/commands/hallucination-score.d.ts +8 -0
  655. package/dist/commands/hallucination-score.js +316 -0
  656. package/dist/commands/help.d.ts +7 -0
  657. package/dist/commands/help.js +302 -0
  658. package/dist/commands/hook-install.d.ts +21 -0
  659. package/dist/commands/hook-install.js +142 -0
  660. package/dist/commands/hook.d.ts +8 -0
  661. package/dist/commands/hook.js +145 -0
  662. package/dist/commands/iac-lint.d.ts +7 -0
  663. package/dist/commands/iac-lint.js +312 -0
  664. package/dist/commands/idempotency-audit.d.ts +4 -0
  665. package/dist/commands/idempotency-audit.js +222 -0
  666. package/dist/commands/ignore-list.d.ts +18 -0
  667. package/dist/commands/ignore-list.js +152 -0
  668. package/dist/commands/impact-scan.d.ts +8 -0
  669. package/dist/commands/impact-scan.js +281 -0
  670. package/dist/commands/incident-response.d.ts +7 -0
  671. package/dist/commands/incident-response.js +254 -0
  672. package/dist/commands/incremental-review.d.ts +4 -0
  673. package/dist/commands/incremental-review.js +236 -0
  674. package/dist/commands/init.d.ts +10 -0
  675. package/dist/commands/init.js +265 -0
  676. package/dist/commands/input-guard.d.ts +4 -0
  677. package/dist/commands/input-guard.js +255 -0
  678. package/dist/commands/interactive-fix.d.ts +22 -0
  679. package/dist/commands/interactive-fix.js +139 -0
  680. package/dist/commands/judge-author.d.ts +7 -0
  681. package/dist/commands/judge-author.js +260 -0
  682. package/dist/commands/judge-config.d.ts +4 -0
  683. package/dist/commands/judge-config.js +151 -0
  684. package/dist/commands/judge-learn.d.ts +8 -0
  685. package/dist/commands/judge-learn.js +217 -0
  686. package/dist/commands/judge-reputation.d.ts +28 -0
  687. package/dist/commands/judge-reputation.js +198 -0
  688. package/dist/commands/kb.d.ts +40 -0
  689. package/dist/commands/kb.js +228 -0
  690. package/dist/commands/language-packs.d.ts +42 -0
  691. package/dist/commands/language-packs.js +150 -0
  692. package/dist/commands/learn.d.ts +26 -0
  693. package/dist/commands/learn.js +288 -0
  694. package/dist/commands/learning-path.d.ts +8 -0
  695. package/dist/commands/learning-path.js +325 -0
  696. package/dist/commands/license-scan.d.ts +8 -0
  697. package/dist/commands/license-scan.js +183 -0
  698. package/dist/commands/llm-benchmark-optimizer.d.ts +78 -0
  699. package/dist/commands/llm-benchmark-optimizer.js +241 -0
  700. package/dist/commands/llm-benchmark.d.ts +156 -0
  701. package/dist/commands/llm-benchmark.js +670 -0
  702. package/dist/commands/log-quality.d.ts +5 -0
  703. package/dist/commands/log-quality.js +211 -0
  704. package/dist/commands/logic-lint.d.ts +4 -0
  705. package/dist/commands/logic-lint.js +255 -0
  706. package/dist/commands/lsp.d.ts +23 -0
  707. package/dist/commands/lsp.js +285 -0
  708. package/dist/commands/merge-verdict.d.ts +4 -0
  709. package/dist/commands/merge-verdict.js +287 -0
  710. package/dist/commands/metrics-dashboard.d.ts +21 -0
  711. package/dist/commands/metrics-dashboard.js +334 -0
  712. package/dist/commands/metrics.d.ts +57 -0
  713. package/dist/commands/metrics.js +241 -0
  714. package/dist/commands/migration-safety.d.ts +5 -0
  715. package/dist/commands/migration-safety.js +256 -0
  716. package/dist/commands/model-report.d.ts +8 -0
  717. package/dist/commands/model-report.js +194 -0
  718. package/dist/commands/model-risk.d.ts +27 -0
  719. package/dist/commands/model-risk.js +220 -0
  720. package/dist/commands/monorepo.d.ts +37 -0
  721. package/dist/commands/monorepo.js +232 -0
  722. package/dist/commands/multi-lang-review.d.ts +4 -0
  723. package/dist/commands/multi-lang-review.js +230 -0
  724. package/dist/commands/noise-advisor.d.ts +29 -0
  725. package/dist/commands/noise-advisor.js +170 -0
  726. package/dist/commands/notify.d.ts +78 -0
  727. package/dist/commands/notify.js +324 -0
  728. package/dist/commands/null-safety-audit.d.ts +5 -0
  729. package/dist/commands/null-safety-audit.js +221 -0
  730. package/dist/commands/observability-gap.d.ts +5 -0
  731. package/dist/commands/observability-gap.js +211 -0
  732. package/dist/commands/onboard.d.ts +12 -0
  733. package/dist/commands/onboard.js +178 -0
  734. package/dist/commands/org-metrics.d.ts +23 -0
  735. package/dist/commands/org-metrics.js +237 -0
  736. package/dist/commands/org-policy.d.ts +7 -0
  737. package/dist/commands/org-policy.js +207 -0
  738. package/dist/commands/over-abstraction.d.ts +4 -0
  739. package/dist/commands/over-abstraction.js +307 -0
  740. package/dist/commands/override.d.ts +61 -0
  741. package/dist/commands/override.js +268 -0
  742. package/dist/commands/ownership-map.d.ts +5 -0
  743. package/dist/commands/ownership-map.js +217 -0
  744. package/dist/commands/parity.d.ts +30 -0
  745. package/dist/commands/parity.js +212 -0
  746. package/dist/commands/pattern-registry.d.ts +22 -0
  747. package/dist/commands/pattern-registry.js +226 -0
  748. package/dist/commands/perf-compare.d.ts +8 -0
  749. package/dist/commands/perf-compare.js +245 -0
  750. package/dist/commands/perf-hotspot.d.ts +7 -0
  751. package/dist/commands/perf-hotspot.js +273 -0
  752. package/dist/commands/phantom-import.d.ts +4 -0
  753. package/dist/commands/phantom-import.js +260 -0
  754. package/dist/commands/pii-scan.d.ts +7 -0
  755. package/dist/commands/pii-scan.js +299 -0
  756. package/dist/commands/plugin-search.d.ts +39 -0
  757. package/dist/commands/plugin-search.js +327 -0
  758. package/dist/commands/plugins.d.ts +12 -0
  759. package/dist/commands/plugins.js +104 -0
  760. package/dist/commands/policy-audit.d.ts +52 -0
  761. package/dist/commands/policy-audit.js +160 -0
  762. package/dist/commands/pr-quality-gate.d.ts +28 -0
  763. package/dist/commands/pr-quality-gate.js +207 -0
  764. package/dist/commands/pr-summary.d.ts +25 -0
  765. package/dist/commands/pr-summary.js +187 -0
  766. package/dist/commands/predict.d.ts +7 -0
  767. package/dist/commands/predict.js +218 -0
  768. package/dist/commands/privilege-path.d.ts +4 -0
  769. package/dist/commands/privilege-path.js +233 -0
  770. package/dist/commands/profile.d.ts +37 -0
  771. package/dist/commands/profile.js +101 -0
  772. package/dist/commands/prompt-replay.d.ts +7 -0
  773. package/dist/commands/prompt-replay.js +176 -0
  774. package/dist/commands/quality-gate.d.ts +69 -0
  775. package/dist/commands/quality-gate.js +252 -0
  776. package/dist/commands/query.d.ts +19 -0
  777. package/dist/commands/query.js +229 -0
  778. package/dist/commands/quick-check.d.ts +4 -0
  779. package/dist/commands/quick-check.js +173 -0
  780. package/dist/commands/recommend.d.ts +20 -0
  781. package/dist/commands/recommend.js +282 -0
  782. package/dist/commands/refactor-safety.d.ts +8 -0
  783. package/dist/commands/refactor-safety.js +273 -0
  784. package/dist/commands/reg-watch.d.ts +20 -0
  785. package/dist/commands/reg-watch.js +219 -0
  786. package/dist/commands/regression-alert.d.ts +31 -0
  787. package/dist/commands/regression-alert.js +215 -0
  788. package/dist/commands/remediation-lib.d.ts +8 -0
  789. package/dist/commands/remediation-lib.js +265 -0
  790. package/dist/commands/remediation.d.ts +20 -0
  791. package/dist/commands/remediation.js +256 -0
  792. package/dist/commands/report-template.d.ts +16 -0
  793. package/dist/commands/report-template.js +290 -0
  794. package/dist/commands/report.d.ts +12 -0
  795. package/dist/commands/report.js +139 -0
  796. package/dist/commands/resource-cleanup.d.ts +6 -0
  797. package/dist/commands/resource-cleanup.js +235 -0
  798. package/dist/commands/retro.d.ts +22 -0
  799. package/dist/commands/retro.js +211 -0
  800. package/dist/commands/retry-pattern-audit.d.ts +5 -0
  801. package/dist/commands/retry-pattern-audit.js +215 -0
  802. package/dist/commands/review-ab-test.d.ts +4 -0
  803. package/dist/commands/review-ab-test.js +224 -0
  804. package/dist/commands/review-access-log.d.ts +4 -0
  805. package/dist/commands/review-access-log.js +65 -0
  806. package/dist/commands/review-action-item-gen.d.ts +1 -0
  807. package/dist/commands/review-action-item-gen.js +72 -0
  808. package/dist/commands/review-adoption-metrics.d.ts +4 -0
  809. package/dist/commands/review-adoption-metrics.js +95 -0
  810. package/dist/commands/review-adoption-score.d.ts +1 -0
  811. package/dist/commands/review-adoption-score.js +181 -0
  812. package/dist/commands/review-ai-feedback-loop.d.ts +1 -0
  813. package/dist/commands/review-ai-feedback-loop.js +116 -0
  814. package/dist/commands/review-annotate.d.ts +4 -0
  815. package/dist/commands/review-annotate.js +122 -0
  816. package/dist/commands/review-annotation-export.d.ts +4 -0
  817. package/dist/commands/review-annotation-export.js +105 -0
  818. package/dist/commands/review-annotation.d.ts +4 -0
  819. package/dist/commands/review-annotation.js +133 -0
  820. package/dist/commands/review-api-export.d.ts +4 -0
  821. package/dist/commands/review-api-export.js +98 -0
  822. package/dist/commands/review-approval-criteria.d.ts +1 -0
  823. package/dist/commands/review-approval-criteria.js +99 -0
  824. package/dist/commands/review-approval-gate.d.ts +7 -0
  825. package/dist/commands/review-approval-gate.js +190 -0
  826. package/dist/commands/review-approval.d.ts +4 -0
  827. package/dist/commands/review-approval.js +133 -0
  828. package/dist/commands/review-archive-search.d.ts +4 -0
  829. package/dist/commands/review-archive-search.js +70 -0
  830. package/dist/commands/review-archive.d.ts +4 -0
  831. package/dist/commands/review-archive.js +135 -0
  832. package/dist/commands/review-audit-export.d.ts +4 -0
  833. package/dist/commands/review-audit-export.js +93 -0
  834. package/dist/commands/review-audit-log.d.ts +4 -0
  835. package/dist/commands/review-audit-log.js +140 -0
  836. package/dist/commands/review-audit-trail.d.ts +4 -0
  837. package/dist/commands/review-audit-trail.js +96 -0
  838. package/dist/commands/review-auto-merge.d.ts +4 -0
  839. package/dist/commands/review-auto-merge.js +175 -0
  840. package/dist/commands/review-badge.d.ts +4 -0
  841. package/dist/commands/review-badge.js +152 -0
  842. package/dist/commands/review-batch-files.d.ts +4 -0
  843. package/dist/commands/review-batch-files.js +82 -0
  844. package/dist/commands/review-batch-mode.d.ts +4 -0
  845. package/dist/commands/review-batch-mode.js +97 -0
  846. package/dist/commands/review-batch-run.d.ts +4 -0
  847. package/dist/commands/review-batch-run.js +149 -0
  848. package/dist/commands/review-benchmark-self.d.ts +4 -0
  849. package/dist/commands/review-benchmark-self.js +140 -0
  850. package/dist/commands/review-blame-map.d.ts +4 -0
  851. package/dist/commands/review-blame-map.js +100 -0
  852. package/dist/commands/review-branch-compare.d.ts +4 -0
  853. package/dist/commands/review-branch-compare.js +108 -0
  854. package/dist/commands/review-branch-policy.d.ts +4 -0
  855. package/dist/commands/review-branch-policy.js +102 -0
  856. package/dist/commands/review-bulk-action.d.ts +4 -0
  857. package/dist/commands/review-bulk-action.js +109 -0
  858. package/dist/commands/review-bulk-apply.d.ts +4 -0
  859. package/dist/commands/review-bulk-apply.js +102 -0
  860. package/dist/commands/review-cache-clear.d.ts +4 -0
  861. package/dist/commands/review-cache-clear.js +160 -0
  862. package/dist/commands/review-cache-warm.d.ts +4 -0
  863. package/dist/commands/review-cache-warm.js +70 -0
  864. package/dist/commands/review-cache.d.ts +22 -0
  865. package/dist/commands/review-cache.js +134 -0
  866. package/dist/commands/review-changelog-entry.d.ts +7 -0
  867. package/dist/commands/review-changelog-entry.js +109 -0
  868. package/dist/commands/review-changelog-gen.d.ts +4 -0
  869. package/dist/commands/review-changelog-gen.js +117 -0
  870. package/dist/commands/review-changelog-impact.d.ts +1 -0
  871. package/dist/commands/review-changelog-impact.js +89 -0
  872. package/dist/commands/review-checklist.d.ts +4 -0
  873. package/dist/commands/review-checklist.js +144 -0
  874. package/dist/commands/review-checkpoint.d.ts +4 -0
  875. package/dist/commands/review-checkpoint.js +163 -0
  876. package/dist/commands/review-ci-gate.d.ts +4 -0
  877. package/dist/commands/review-ci-gate.js +114 -0
  878. package/dist/commands/review-ci-insight.d.ts +1 -0
  879. package/dist/commands/review-ci-insight.js +100 -0
  880. package/dist/commands/review-ci-integration.d.ts +4 -0
  881. package/dist/commands/review-ci-integration.js +125 -0
  882. package/dist/commands/review-ci-status.d.ts +4 -0
  883. package/dist/commands/review-ci-status.js +200 -0
  884. package/dist/commands/review-cicd-integrate.d.ts +4 -0
  885. package/dist/commands/review-cicd-integrate.js +122 -0
  886. package/dist/commands/review-code-health-score.d.ts +1 -0
  887. package/dist/commands/review-code-health-score.js +100 -0
  888. package/dist/commands/review-code-owner.d.ts +7 -0
  889. package/dist/commands/review-code-owner.js +164 -0
  890. package/dist/commands/review-code-ownership.d.ts +1 -0
  891. package/dist/commands/review-code-ownership.js +88 -0
  892. package/dist/commands/review-comment.d.ts +4 -0
  893. package/dist/commands/review-comment.js +165 -0
  894. package/dist/commands/review-commit-hook.d.ts +7 -0
  895. package/dist/commands/review-commit-hook.js +134 -0
  896. package/dist/commands/review-commit-quality.d.ts +1 -0
  897. package/dist/commands/review-commit-quality.js +94 -0
  898. package/dist/commands/review-comparative.d.ts +4 -0
  899. package/dist/commands/review-comparative.js +149 -0
  900. package/dist/commands/review-compare-version.d.ts +4 -0
  901. package/dist/commands/review-compare-version.js +108 -0
  902. package/dist/commands/review-compare.d.ts +4 -0
  903. package/dist/commands/review-compare.js +200 -0
  904. package/dist/commands/review-compliance-check.d.ts +4 -0
  905. package/dist/commands/review-compliance-check.js +202 -0
  906. package/dist/commands/review-compliance-gate.d.ts +4 -0
  907. package/dist/commands/review-compliance-gate.js +151 -0
  908. package/dist/commands/review-compliance-map.d.ts +4 -0
  909. package/dist/commands/review-compliance-map.js +110 -0
  910. package/dist/commands/review-compliance-report.d.ts +4 -0
  911. package/dist/commands/review-compliance-report.js +127 -0
  912. package/dist/commands/review-confidence-explain.d.ts +1 -0
  913. package/dist/commands/review-confidence-explain.js +99 -0
  914. package/dist/commands/review-config-diff.d.ts +4 -0
  915. package/dist/commands/review-config-diff.js +108 -0
  916. package/dist/commands/review-config-export.d.ts +4 -0
  917. package/dist/commands/review-config-export.js +124 -0
  918. package/dist/commands/review-config-health.d.ts +1 -0
  919. package/dist/commands/review-config-health.js +172 -0
  920. package/dist/commands/review-config-migrate.d.ts +4 -0
  921. package/dist/commands/review-config-migrate.js +123 -0
  922. package/dist/commands/review-config-template.d.ts +4 -0
  923. package/dist/commands/review-config-template.js +112 -0
  924. package/dist/commands/review-config-validate.d.ts +4 -0
  925. package/dist/commands/review-config-validate.js +110 -0
  926. package/dist/commands/review-contract.d.ts +4 -0
  927. package/dist/commands/review-contract.js +199 -0
  928. package/dist/commands/review-coverage-gap.d.ts +4 -0
  929. package/dist/commands/review-coverage-gap.js +120 -0
  930. package/dist/commands/review-coverage-map.d.ts +4 -0
  931. package/dist/commands/review-coverage-map.js +194 -0
  932. package/dist/commands/review-custom-judge-config.d.ts +4 -0
  933. package/dist/commands/review-custom-judge-config.js +103 -0
  934. package/dist/commands/review-custom-judge.d.ts +4 -0
  935. package/dist/commands/review-custom-judge.js +182 -0
  936. package/dist/commands/review-custom-prompt.d.ts +4 -0
  937. package/dist/commands/review-custom-prompt.js +170 -0
  938. package/dist/commands/review-custom-rule.d.ts +4 -0
  939. package/dist/commands/review-custom-rule.js +169 -0
  940. package/dist/commands/review-dashboard-data.d.ts +4 -0
  941. package/dist/commands/review-dashboard-data.js +142 -0
  942. package/dist/commands/review-dashboard.d.ts +4 -0
  943. package/dist/commands/review-dashboard.js +140 -0
  944. package/dist/commands/review-data-retention.d.ts +4 -0
  945. package/dist/commands/review-data-retention.js +119 -0
  946. package/dist/commands/review-dependency-graph.d.ts +4 -0
  947. package/dist/commands/review-dependency-graph.js +94 -0
  948. package/dist/commands/review-dependency-review.d.ts +1 -0
  949. package/dist/commands/review-dependency-review.js +104 -0
  950. package/dist/commands/review-deployment-gate.d.ts +4 -0
  951. package/dist/commands/review-deployment-gate.js +94 -0
  952. package/dist/commands/review-depth.d.ts +4 -0
  953. package/dist/commands/review-depth.js +142 -0
  954. package/dist/commands/review-diff-annotate.d.ts +4 -0
  955. package/dist/commands/review-diff-annotate.js +104 -0
  956. package/dist/commands/review-diff-context.d.ts +4 -0
  957. package/dist/commands/review-diff-context.js +158 -0
  958. package/dist/commands/review-diff-highlight.d.ts +4 -0
  959. package/dist/commands/review-diff-highlight.js +179 -0
  960. package/dist/commands/review-diff-stats.d.ts +4 -0
  961. package/dist/commands/review-diff-stats.js +90 -0
  962. package/dist/commands/review-diff-summary.d.ts +4 -0
  963. package/dist/commands/review-diff-summary.js +154 -0
  964. package/dist/commands/review-digest-gen.d.ts +1 -0
  965. package/dist/commands/review-digest-gen.js +100 -0
  966. package/dist/commands/review-digest.d.ts +4 -0
  967. package/dist/commands/review-digest.js +265 -0
  968. package/dist/commands/review-dry-run.d.ts +4 -0
  969. package/dist/commands/review-dry-run.js +120 -0
  970. package/dist/commands/review-engagement-score.d.ts +1 -0
  971. package/dist/commands/review-engagement-score.js +111 -0
  972. package/dist/commands/review-env-check.d.ts +4 -0
  973. package/dist/commands/review-env-check.js +115 -0
  974. package/dist/commands/review-environment-config.d.ts +4 -0
  975. package/dist/commands/review-environment-config.js +102 -0
  976. package/dist/commands/review-escalation-path.d.ts +1 -0
  977. package/dist/commands/review-escalation-path.js +86 -0
  978. package/dist/commands/review-exclude-vendor.d.ts +4 -0
  979. package/dist/commands/review-exclude-vendor.js +158 -0
  980. package/dist/commands/review-explain.d.ts +5 -0
  981. package/dist/commands/review-explain.js +194 -0
  982. package/dist/commands/review-export-pdf.d.ts +7 -0
  983. package/dist/commands/review-export-pdf.js +131 -0
  984. package/dist/commands/review-export.d.ts +4 -0
  985. package/dist/commands/review-export.js +179 -0
  986. package/dist/commands/review-feedback-loop.d.ts +4 -0
  987. package/dist/commands/review-feedback-loop.js +113 -0
  988. package/dist/commands/review-feedback-summary.d.ts +1 -0
  989. package/dist/commands/review-feedback-summary.js +130 -0
  990. package/dist/commands/review-feedback.d.ts +4 -0
  991. package/dist/commands/review-feedback.js +145 -0
  992. package/dist/commands/review-file-complexity.d.ts +4 -0
  993. package/dist/commands/review-file-complexity.js +137 -0
  994. package/dist/commands/review-file-filter.d.ts +4 -0
  995. package/dist/commands/review-file-filter.js +121 -0
  996. package/dist/commands/review-file-stats.d.ts +4 -0
  997. package/dist/commands/review-file-stats.js +130 -0
  998. package/dist/commands/review-filter.d.ts +4 -0
  999. package/dist/commands/review-filter.js +161 -0
  1000. package/dist/commands/review-finding-link.d.ts +7 -0
  1001. package/dist/commands/review-finding-link.js +115 -0
  1002. package/dist/commands/review-focus-area.d.ts +1 -0
  1003. package/dist/commands/review-focus-area.js +96 -0
  1004. package/dist/commands/review-focus.d.ts +4 -0
  1005. package/dist/commands/review-focus.js +196 -0
  1006. package/dist/commands/review-gate-config.d.ts +4 -0
  1007. package/dist/commands/review-gate-config.js +153 -0
  1008. package/dist/commands/review-gate.d.ts +4 -0
  1009. package/dist/commands/review-gate.js +212 -0
  1010. package/dist/commands/review-goal-track.d.ts +1 -0
  1011. package/dist/commands/review-goal-track.js +123 -0
  1012. package/dist/commands/review-guardrail.d.ts +4 -0
  1013. package/dist/commands/review-guardrail.js +155 -0
  1014. package/dist/commands/review-handoff.d.ts +4 -0
  1015. package/dist/commands/review-handoff.js +208 -0
  1016. package/dist/commands/review-health-check.d.ts +4 -0
  1017. package/dist/commands/review-health-check.js +148 -0
  1018. package/dist/commands/review-health-trend.d.ts +1 -0
  1019. package/dist/commands/review-health-trend.js +107 -0
  1020. package/dist/commands/review-history-compare.d.ts +4 -0
  1021. package/dist/commands/review-history-compare.js +93 -0
  1022. package/dist/commands/review-history-search.d.ts +4 -0
  1023. package/dist/commands/review-history-search.js +214 -0
  1024. package/dist/commands/review-ide-sync.d.ts +4 -0
  1025. package/dist/commands/review-ide-sync.js +91 -0
  1026. package/dist/commands/review-ignore-path.d.ts +4 -0
  1027. package/dist/commands/review-ignore-path.js +147 -0
  1028. package/dist/commands/review-ignore-pattern.d.ts +5 -0
  1029. package/dist/commands/review-ignore-pattern.js +138 -0
  1030. package/dist/commands/review-incident-link.d.ts +4 -0
  1031. package/dist/commands/review-incident-link.js +93 -0
  1032. package/dist/commands/review-incremental.d.ts +4 -0
  1033. package/dist/commands/review-incremental.js +128 -0
  1034. package/dist/commands/review-integration-health.d.ts +4 -0
  1035. package/dist/commands/review-integration-health.js +84 -0
  1036. package/dist/commands/review-integration-test.d.ts +4 -0
  1037. package/dist/commands/review-integration-test.js +145 -0
  1038. package/dist/commands/review-integration.d.ts +4 -0
  1039. package/dist/commands/review-integration.js +236 -0
  1040. package/dist/commands/review-interactive.d.ts +4 -0
  1041. package/dist/commands/review-interactive.js +85 -0
  1042. package/dist/commands/review-knowledge-capture.d.ts +1 -0
  1043. package/dist/commands/review-knowledge-capture.js +94 -0
  1044. package/dist/commands/review-language-profile.d.ts +4 -0
  1045. package/dist/commands/review-language-profile.js +72 -0
  1046. package/dist/commands/review-language-stats.d.ts +4 -0
  1047. package/dist/commands/review-language-stats.js +152 -0
  1048. package/dist/commands/review-lock-file.d.ts +4 -0
  1049. package/dist/commands/review-lock-file.js +153 -0
  1050. package/dist/commands/review-lock.d.ts +4 -0
  1051. package/dist/commands/review-lock.js +107 -0
  1052. package/dist/commands/review-log.d.ts +22 -0
  1053. package/dist/commands/review-log.js +164 -0
  1054. package/dist/commands/review-mentor-suggest.d.ts +1 -0
  1055. package/dist/commands/review-mentor-suggest.js +112 -0
  1056. package/dist/commands/review-merge-check.d.ts +4 -0
  1057. package/dist/commands/review-merge-check.js +101 -0
  1058. package/dist/commands/review-merge-config.d.ts +4 -0
  1059. package/dist/commands/review-merge-config.js +119 -0
  1060. package/dist/commands/review-merge-readiness.d.ts +1 -0
  1061. package/dist/commands/review-merge-readiness.js +90 -0
  1062. package/dist/commands/review-merge-request.d.ts +4 -0
  1063. package/dist/commands/review-merge-request.js +95 -0
  1064. package/dist/commands/review-merge.d.ts +4 -0
  1065. package/dist/commands/review-merge.js +145 -0
  1066. package/dist/commands/review-metric-export.d.ts +4 -0
  1067. package/dist/commands/review-metric-export.js +62 -0
  1068. package/dist/commands/review-milestone.d.ts +4 -0
  1069. package/dist/commands/review-milestone.js +136 -0
  1070. package/dist/commands/review-multi-repo-sync.d.ts +4 -0
  1071. package/dist/commands/review-multi-repo-sync.js +115 -0
  1072. package/dist/commands/review-multi-repo.d.ts +4 -0
  1073. package/dist/commands/review-multi-repo.js +145 -0
  1074. package/dist/commands/review-note.d.ts +4 -0
  1075. package/dist/commands/review-note.js +104 -0
  1076. package/dist/commands/review-notification-config.d.ts +4 -0
  1077. package/dist/commands/review-notification-config.js +122 -0
  1078. package/dist/commands/review-notification-digest.d.ts +4 -0
  1079. package/dist/commands/review-notification-digest.js +64 -0
  1080. package/dist/commands/review-notification.d.ts +4 -0
  1081. package/dist/commands/review-notification.js +126 -0
  1082. package/dist/commands/review-notify.d.ts +4 -0
  1083. package/dist/commands/review-notify.js +143 -0
  1084. package/dist/commands/review-offline.d.ts +4 -0
  1085. package/dist/commands/review-offline.js +125 -0
  1086. package/dist/commands/review-onboard-checklist.d.ts +4 -0
  1087. package/dist/commands/review-onboard-checklist.js +119 -0
  1088. package/dist/commands/review-onboard-wizard.d.ts +4 -0
  1089. package/dist/commands/review-onboard-wizard.js +92 -0
  1090. package/dist/commands/review-onboard.d.ts +4 -0
  1091. package/dist/commands/review-onboard.js +154 -0
  1092. package/dist/commands/review-onboarding-check.d.ts +1 -0
  1093. package/dist/commands/review-onboarding-check.js +93 -0
  1094. package/dist/commands/review-org-dashboard.d.ts +4 -0
  1095. package/dist/commands/review-org-dashboard.js +68 -0
  1096. package/dist/commands/review-output-filter.d.ts +4 -0
  1097. package/dist/commands/review-output-filter.js +112 -0
  1098. package/dist/commands/review-output-format.d.ts +4 -0
  1099. package/dist/commands/review-output-format.js +144 -0
  1100. package/dist/commands/review-output-transform.d.ts +4 -0
  1101. package/dist/commands/review-output-transform.js +119 -0
  1102. package/dist/commands/review-owner.d.ts +4 -0
  1103. package/dist/commands/review-owner.js +129 -0
  1104. package/dist/commands/review-parallel-diff.d.ts +4 -0
  1105. package/dist/commands/review-parallel-diff.js +146 -0
  1106. package/dist/commands/review-parallel-files.d.ts +7 -0
  1107. package/dist/commands/review-parallel-files.js +134 -0
  1108. package/dist/commands/review-parallel-run.d.ts +4 -0
  1109. package/dist/commands/review-parallel-run.js +116 -0
  1110. package/dist/commands/review-parallel.d.ts +4 -0
  1111. package/dist/commands/review-parallel.js +164 -0
  1112. package/dist/commands/review-perf-profile.d.ts +4 -0
  1113. package/dist/commands/review-perf-profile.js +98 -0
  1114. package/dist/commands/review-permission-model.d.ts +4 -0
  1115. package/dist/commands/review-permission-model.js +149 -0
  1116. package/dist/commands/review-pipeline-status.d.ts +4 -0
  1117. package/dist/commands/review-pipeline-status.js +54 -0
  1118. package/dist/commands/review-plugin-config.d.ts +4 -0
  1119. package/dist/commands/review-plugin-config.js +167 -0
  1120. package/dist/commands/review-plugin-list.d.ts +4 -0
  1121. package/dist/commands/review-plugin-list.js +99 -0
  1122. package/dist/commands/review-plugin-manage.d.ts +4 -0
  1123. package/dist/commands/review-plugin-manage.js +137 -0
  1124. package/dist/commands/review-plugin-status.d.ts +4 -0
  1125. package/dist/commands/review-plugin-status.js +53 -0
  1126. package/dist/commands/review-policy-enforce.d.ts +1 -0
  1127. package/dist/commands/review-policy-enforce.js +92 -0
  1128. package/dist/commands/review-policy-engine.d.ts +4 -0
  1129. package/dist/commands/review-policy-engine.js +135 -0
  1130. package/dist/commands/review-pr-comment-gen.d.ts +4 -0
  1131. package/dist/commands/review-pr-comment-gen.js +62 -0
  1132. package/dist/commands/review-pr-comment.d.ts +4 -0
  1133. package/dist/commands/review-pr-comment.js +106 -0
  1134. package/dist/commands/review-pr-label-suggest.d.ts +1 -0
  1135. package/dist/commands/review-pr-label-suggest.js +77 -0
  1136. package/dist/commands/review-pr-size-check.d.ts +1 -0
  1137. package/dist/commands/review-pr-size-check.js +98 -0
  1138. package/dist/commands/review-pr-template.d.ts +4 -0
  1139. package/dist/commands/review-pr-template.js +104 -0
  1140. package/dist/commands/review-preset-save.d.ts +4 -0
  1141. package/dist/commands/review-preset-save.js +159 -0
  1142. package/dist/commands/review-priority.d.ts +4 -0
  1143. package/dist/commands/review-priority.js +157 -0
  1144. package/dist/commands/review-profile.d.ts +4 -0
  1145. package/dist/commands/review-profile.js +168 -0
  1146. package/dist/commands/review-progress-bar.d.ts +4 -0
  1147. package/dist/commands/review-progress-bar.js +157 -0
  1148. package/dist/commands/review-progress-report.d.ts +1 -0
  1149. package/dist/commands/review-progress-report.js +95 -0
  1150. package/dist/commands/review-progress-track.d.ts +4 -0
  1151. package/dist/commands/review-progress-track.js +94 -0
  1152. package/dist/commands/review-quality-baseline.d.ts +1 -0
  1153. package/dist/commands/review-quality-baseline.js +134 -0
  1154. package/dist/commands/review-quality-gate.d.ts +1 -0
  1155. package/dist/commands/review-quality-gate.js +86 -0
  1156. package/dist/commands/review-quality-score.d.ts +4 -0
  1157. package/dist/commands/review-quality-score.js +127 -0
  1158. package/dist/commands/review-quality-trend.d.ts +4 -0
  1159. package/dist/commands/review-quality-trend.js +57 -0
  1160. package/dist/commands/review-queue.d.ts +33 -0
  1161. package/dist/commands/review-queue.js +225 -0
  1162. package/dist/commands/review-quickstart.d.ts +4 -0
  1163. package/dist/commands/review-quickstart.js +107 -0
  1164. package/dist/commands/review-quota-check.d.ts +4 -0
  1165. package/dist/commands/review-quota-check.js +97 -0
  1166. package/dist/commands/review-quota.d.ts +4 -0
  1167. package/dist/commands/review-quota.js +126 -0
  1168. package/dist/commands/review-rate-limit.d.ts +4 -0
  1169. package/dist/commands/review-rate-limit.js +130 -0
  1170. package/dist/commands/review-readiness-check.d.ts +1 -0
  1171. package/dist/commands/review-readiness-check.js +98 -0
  1172. package/dist/commands/review-receipt.d.ts +4 -0
  1173. package/dist/commands/review-receipt.js +220 -0
  1174. package/dist/commands/review-release-gate.d.ts +1 -0
  1175. package/dist/commands/review-release-gate.js +81 -0
  1176. package/dist/commands/review-replay.d.ts +8 -0
  1177. package/dist/commands/review-replay.js +264 -0
  1178. package/dist/commands/review-repo-onboard.d.ts +4 -0
  1179. package/dist/commands/review-repo-onboard.js +114 -0
  1180. package/dist/commands/review-report-archive.d.ts +4 -0
  1181. package/dist/commands/review-report-archive.js +100 -0
  1182. package/dist/commands/review-report-merge.d.ts +4 -0
  1183. package/dist/commands/review-report-merge.js +90 -0
  1184. package/dist/commands/review-report-pdf.d.ts +4 -0
  1185. package/dist/commands/review-report-pdf.js +163 -0
  1186. package/dist/commands/review-report-schedule.d.ts +4 -0
  1187. package/dist/commands/review-report-schedule.js +96 -0
  1188. package/dist/commands/review-retrospective.d.ts +1 -0
  1189. package/dist/commands/review-retrospective.js +118 -0
  1190. package/dist/commands/review-retry.d.ts +4 -0
  1191. package/dist/commands/review-retry.js +91 -0
  1192. package/dist/commands/review-review-cadence.d.ts +1 -0
  1193. package/dist/commands/review-review-cadence.js +85 -0
  1194. package/dist/commands/review-review-comments.d.ts +4 -0
  1195. package/dist/commands/review-review-comments.js +84 -0
  1196. package/dist/commands/review-reviewer-match.d.ts +1 -0
  1197. package/dist/commands/review-reviewer-match.js +108 -0
  1198. package/dist/commands/review-risk-matrix.d.ts +1 -0
  1199. package/dist/commands/review-risk-matrix.js +96 -0
  1200. package/dist/commands/review-risk-score.d.ts +4 -0
  1201. package/dist/commands/review-risk-score.js +156 -0
  1202. package/dist/commands/review-role-assignment.d.ts +4 -0
  1203. package/dist/commands/review-role-assignment.js +98 -0
  1204. package/dist/commands/review-rollback.d.ts +4 -0
  1205. package/dist/commands/review-rollback.js +171 -0
  1206. package/dist/commands/review-rollout-plan.d.ts +4 -0
  1207. package/dist/commands/review-rollout-plan.js +123 -0
  1208. package/dist/commands/review-rule-filter.d.ts +4 -0
  1209. package/dist/commands/review-rule-filter.js +116 -0
  1210. package/dist/commands/review-rule-stats.d.ts +4 -0
  1211. package/dist/commands/review-rule-stats.js +161 -0
  1212. package/dist/commands/review-sandbox.d.ts +4 -0
  1213. package/dist/commands/review-sandbox.js +191 -0
  1214. package/dist/commands/review-schedule.d.ts +4 -0
  1215. package/dist/commands/review-schedule.js +169 -0
  1216. package/dist/commands/review-scope-limit.d.ts +4 -0
  1217. package/dist/commands/review-scope-limit.js +100 -0
  1218. package/dist/commands/review-scope-lock.d.ts +7 -0
  1219. package/dist/commands/review-scope-lock.js +138 -0
  1220. package/dist/commands/review-scope-select.d.ts +4 -0
  1221. package/dist/commands/review-scope-select.js +98 -0
  1222. package/dist/commands/review-scope-suggest.d.ts +1 -0
  1223. package/dist/commands/review-scope-suggest.js +112 -0
  1224. package/dist/commands/review-scope.d.ts +4 -0
  1225. package/dist/commands/review-scope.js +197 -0
  1226. package/dist/commands/review-score-history.d.ts +4 -0
  1227. package/dist/commands/review-score-history.js +137 -0
  1228. package/dist/commands/review-security-posture.d.ts +1 -0
  1229. package/dist/commands/review-security-posture.js +105 -0
  1230. package/dist/commands/review-session-replay.d.ts +4 -0
  1231. package/dist/commands/review-session-replay.js +81 -0
  1232. package/dist/commands/review-session-save.d.ts +4 -0
  1233. package/dist/commands/review-session-save.js +173 -0
  1234. package/dist/commands/review-session.d.ts +4 -0
  1235. package/dist/commands/review-session.js +150 -0
  1236. package/dist/commands/review-skip-list.d.ts +4 -0
  1237. package/dist/commands/review-skip-list.js +135 -0
  1238. package/dist/commands/review-skip-rule.d.ts +4 -0
  1239. package/dist/commands/review-skip-rule.js +105 -0
  1240. package/dist/commands/review-sla-config.d.ts +4 -0
  1241. package/dist/commands/review-sla-config.js +88 -0
  1242. package/dist/commands/review-slack-format.d.ts +4 -0
  1243. package/dist/commands/review-slack-format.js +113 -0
  1244. package/dist/commands/review-snapshot-diff.d.ts +4 -0
  1245. package/dist/commands/review-snapshot-diff.js +100 -0
  1246. package/dist/commands/review-sprint-plan.d.ts +1 -0
  1247. package/dist/commands/review-sprint-plan.js +79 -0
  1248. package/dist/commands/review-stakeholder-notify.d.ts +1 -0
  1249. package/dist/commands/review-stakeholder-notify.js +134 -0
  1250. package/dist/commands/review-stakeholder-report.d.ts +4 -0
  1251. package/dist/commands/review-stakeholder-report.js +75 -0
  1252. package/dist/commands/review-stale-finding-clean.d.ts +1 -0
  1253. package/dist/commands/review-stale-finding-clean.js +81 -0
  1254. package/dist/commands/review-standup.d.ts +4 -0
  1255. package/dist/commands/review-standup.js +95 -0
  1256. package/dist/commands/review-stats.d.ts +4 -0
  1257. package/dist/commands/review-stats.js +175 -0
  1258. package/dist/commands/review-status-badge.d.ts +4 -0
  1259. package/dist/commands/review-status-badge.js +120 -0
  1260. package/dist/commands/review-streak.d.ts +4 -0
  1261. package/dist/commands/review-streak.js +150 -0
  1262. package/dist/commands/review-summary-dashboard.d.ts +4 -0
  1263. package/dist/commands/review-summary-dashboard.js +96 -0
  1264. package/dist/commands/review-summary-email.d.ts +4 -0
  1265. package/dist/commands/review-summary-email.js +102 -0
  1266. package/dist/commands/review-summary.d.ts +4 -0
  1267. package/dist/commands/review-summary.js +174 -0
  1268. package/dist/commands/review-tag-manager.d.ts +4 -0
  1269. package/dist/commands/review-tag-manager.js +128 -0
  1270. package/dist/commands/review-tag.d.ts +4 -0
  1271. package/dist/commands/review-tag.js +136 -0
  1272. package/dist/commands/review-team-analytics.d.ts +1 -0
  1273. package/dist/commands/review-team-analytics.js +94 -0
  1274. package/dist/commands/review-team-assign.d.ts +7 -0
  1275. package/dist/commands/review-team-assign.js +211 -0
  1276. package/dist/commands/review-team-coverage.d.ts +1 -0
  1277. package/dist/commands/review-team-coverage.js +95 -0
  1278. package/dist/commands/review-team-dashboard.d.ts +4 -0
  1279. package/dist/commands/review-team-dashboard.js +98 -0
  1280. package/dist/commands/review-team-rotation.d.ts +1 -0
  1281. package/dist/commands/review-team-rotation.js +99 -0
  1282. package/dist/commands/review-team-skill-map.d.ts +1 -0
  1283. package/dist/commands/review-team-skill-map.js +102 -0
  1284. package/dist/commands/review-team-stats.d.ts +4 -0
  1285. package/dist/commands/review-team-stats.js +97 -0
  1286. package/dist/commands/review-team-summary.d.ts +4 -0
  1287. package/dist/commands/review-team-summary.js +155 -0
  1288. package/dist/commands/review-team-velocity.d.ts +1 -0
  1289. package/dist/commands/review-team-velocity.js +103 -0
  1290. package/dist/commands/review-template-export.d.ts +4 -0
  1291. package/dist/commands/review-template-export.js +146 -0
  1292. package/dist/commands/review-template-library.d.ts +4 -0
  1293. package/dist/commands/review-template-library.js +155 -0
  1294. package/dist/commands/review-template-suggest.d.ts +1 -0
  1295. package/dist/commands/review-template-suggest.js +119 -0
  1296. package/dist/commands/review-template.d.ts +4 -0
  1297. package/dist/commands/review-template.js +212 -0
  1298. package/dist/commands/review-tenant-config.d.ts +4 -0
  1299. package/dist/commands/review-tenant-config.js +116 -0
  1300. package/dist/commands/review-threshold-tune.d.ts +4 -0
  1301. package/dist/commands/review-threshold-tune.js +135 -0
  1302. package/dist/commands/review-timeline.d.ts +4 -0
  1303. package/dist/commands/review-timeline.js +76 -0
  1304. package/dist/commands/review-token-budget.d.ts +4 -0
  1305. package/dist/commands/review-token-budget.js +117 -0
  1306. package/dist/commands/review-velocity-track.d.ts +1 -0
  1307. package/dist/commands/review-velocity-track.js +94 -0
  1308. package/dist/commands/review-watch-mode.d.ts +7 -0
  1309. package/dist/commands/review-watch-mode.js +132 -0
  1310. package/dist/commands/review-webhook-dispatch.d.ts +4 -0
  1311. package/dist/commands/review-webhook-dispatch.js +99 -0
  1312. package/dist/commands/review-webhook-notify.d.ts +4 -0
  1313. package/dist/commands/review-webhook-notify.js +145 -0
  1314. package/dist/commands/review-webhook.d.ts +4 -0
  1315. package/dist/commands/review-webhook.js +140 -0
  1316. package/dist/commands/review-whitelist.d.ts +4 -0
  1317. package/dist/commands/review-whitelist.js +150 -0
  1318. package/dist/commands/review-workflow-suggest.d.ts +1 -0
  1319. package/dist/commands/review-workflow-suggest.js +129 -0
  1320. package/dist/commands/review-workload-balance.d.ts +1 -0
  1321. package/dist/commands/review-workload-balance.js +86 -0
  1322. package/dist/commands/review-workspace-init.d.ts +4 -0
  1323. package/dist/commands/review-workspace-init.js +104 -0
  1324. package/dist/commands/review-workspace-scan.d.ts +4 -0
  1325. package/dist/commands/review-workspace-scan.js +144 -0
  1326. package/dist/commands/review.d.ts +155 -0
  1327. package/dist/commands/review.js +1114 -0
  1328. package/dist/commands/risk-heatmap.d.ts +7 -0
  1329. package/dist/commands/risk-heatmap.js +223 -0
  1330. package/dist/commands/rollback-safety.d.ts +4 -0
  1331. package/dist/commands/rollback-safety.js +191 -0
  1332. package/dist/commands/rule-catalog.d.ts +4 -0
  1333. package/dist/commands/rule-catalog.js +128 -0
  1334. package/dist/commands/rule-metrics.d.ts +43 -0
  1335. package/dist/commands/rule-metrics.js +113 -0
  1336. package/dist/commands/rule-owner.d.ts +30 -0
  1337. package/dist/commands/rule-owner.js +181 -0
  1338. package/dist/commands/rule-share.d.ts +34 -0
  1339. package/dist/commands/rule-share.js +202 -0
  1340. package/dist/commands/rule-test.d.ts +4 -0
  1341. package/dist/commands/rule-test.js +201 -0
  1342. package/dist/commands/rule.d.ts +114 -0
  1343. package/dist/commands/rule.js +295 -0
  1344. package/dist/commands/sbom-export.d.ts +7 -0
  1345. package/dist/commands/sbom-export.js +161 -0
  1346. package/dist/commands/scaffold-plugin.d.ts +15 -0
  1347. package/dist/commands/scaffold-plugin.js +270 -0
  1348. package/dist/commands/secret-age.d.ts +5 -0
  1349. package/dist/commands/secret-age.js +214 -0
  1350. package/dist/commands/secret-scan.d.ts +7 -0
  1351. package/dist/commands/secret-scan.js +244 -0
  1352. package/dist/commands/security-maturity.d.ts +7 -0
  1353. package/dist/commands/security-maturity.js +312 -0
  1354. package/dist/commands/security-theater.d.ts +4 -0
  1355. package/dist/commands/security-theater.js +278 -0
  1356. package/dist/commands/setup-wizard.d.ts +4 -0
  1357. package/dist/commands/setup-wizard.js +174 -0
  1358. package/dist/commands/severity-tune.d.ts +4 -0
  1359. package/dist/commands/severity-tune.js +208 -0
  1360. package/dist/commands/sla-track.d.ts +56 -0
  1361. package/dist/commands/sla-track.js +268 -0
  1362. package/dist/commands/smart-output.d.ts +38 -0
  1363. package/dist/commands/smart-output.js +175 -0
  1364. package/dist/commands/smart-select.d.ts +26 -0
  1365. package/dist/commands/smart-select.js +345 -0
  1366. package/dist/commands/snapshot.d.ts +139 -0
  1367. package/dist/commands/snapshot.js +478 -0
  1368. package/dist/commands/snippet-eval.d.ts +7 -0
  1369. package/dist/commands/snippet-eval.js +223 -0
  1370. package/dist/commands/spec-conform.d.ts +4 -0
  1371. package/dist/commands/spec-conform.js +304 -0
  1372. package/dist/commands/stale-pattern.d.ts +4 -0
  1373. package/dist/commands/stale-pattern.js +293 -0
  1374. package/dist/commands/state-integrity.d.ts +4 -0
  1375. package/dist/commands/state-integrity.js +283 -0
  1376. package/dist/commands/suppress.d.ts +39 -0
  1377. package/dist/commands/suppress.js +203 -0
  1378. package/dist/commands/team-config.d.ts +4 -0
  1379. package/dist/commands/team-config.js +234 -0
  1380. package/dist/commands/team-leaderboard.d.ts +24 -0
  1381. package/dist/commands/team-leaderboard.js +227 -0
  1382. package/dist/commands/team-rules-sync.d.ts +7 -0
  1383. package/dist/commands/team-rules-sync.js +250 -0
  1384. package/dist/commands/team-trust.d.ts +7 -0
  1385. package/dist/commands/team-trust.js +174 -0
  1386. package/dist/commands/test-correlate.d.ts +7 -0
  1387. package/dist/commands/test-correlate.js +221 -0
  1388. package/dist/commands/test-isolation.d.ts +5 -0
  1389. package/dist/commands/test-isolation.js +234 -0
  1390. package/dist/commands/test-quality.d.ts +5 -0
  1391. package/dist/commands/test-quality.js +160 -0
  1392. package/dist/commands/test-suggest.d.ts +8 -0
  1393. package/dist/commands/test-suggest.js +247 -0
  1394. package/dist/commands/ticket-sync.d.ts +25 -0
  1395. package/dist/commands/ticket-sync.js +235 -0
  1396. package/dist/commands/timeout-audit.d.ts +4 -0
  1397. package/dist/commands/timeout-audit.js +210 -0
  1398. package/dist/commands/trace.d.ts +64 -0
  1399. package/dist/commands/trace.js +245 -0
  1400. package/dist/commands/trend-report.d.ts +4 -0
  1401. package/dist/commands/trend-report.js +148 -0
  1402. package/dist/commands/triage.d.ts +15 -0
  1403. package/dist/commands/triage.js +171 -0
  1404. package/dist/commands/trust-adaptive.d.ts +8 -0
  1405. package/dist/commands/trust-adaptive.js +193 -0
  1406. package/dist/commands/trust-ramp.d.ts +29 -0
  1407. package/dist/commands/trust-ramp.js +189 -0
  1408. package/dist/commands/tune.d.ts +24 -0
  1409. package/dist/commands/tune.js +380 -0
  1410. package/dist/commands/type-boundary.d.ts +4 -0
  1411. package/dist/commands/type-boundary.js +235 -0
  1412. package/dist/commands/upload.d.ts +13 -0
  1413. package/dist/commands/upload.js +172 -0
  1414. package/dist/commands/validate-config.d.ts +16 -0
  1415. package/dist/commands/validate-config.js +267 -0
  1416. package/dist/commands/vendor-lock-detect.d.ts +7 -0
  1417. package/dist/commands/vendor-lock-detect.js +288 -0
  1418. package/dist/commands/vote.d.ts +31 -0
  1419. package/dist/commands/vote.js +200 -0
  1420. package/dist/commands/warm-cache.d.ts +30 -0
  1421. package/dist/commands/warm-cache.js +165 -0
  1422. package/dist/commands/watch-judge.d.ts +7 -0
  1423. package/dist/commands/watch-judge.js +179 -0
  1424. package/dist/commands/watch.d.ts +22 -0
  1425. package/dist/commands/watch.js +147 -0
  1426. package/dist/comparison.d.ts +67 -0
  1427. package/dist/comparison.js +253 -0
  1428. package/dist/config.d.ts +108 -0
  1429. package/dist/config.js +694 -0
  1430. package/dist/context/context-snippets.d.ts +15 -0
  1431. package/dist/context/context-snippets.js +36 -0
  1432. package/dist/context/embedding-cache.d.ts +30 -0
  1433. package/dist/context/embedding-cache.js +48 -0
  1434. package/dist/data-adapter.d.ts +123 -0
  1435. package/dist/data-adapter.js +212 -0
  1436. package/dist/dedup.d.ts +105 -0
  1437. package/dist/dedup.js +606 -0
  1438. package/dist/disk-cache.d.ts +59 -0
  1439. package/dist/disk-cache.js +236 -0
  1440. package/dist/errors.d.ts +43 -0
  1441. package/dist/errors.js +63 -0
  1442. package/dist/escalation.d.ts +100 -0
  1443. package/dist/escalation.js +292 -0
  1444. package/dist/evaluation-session.d.ts +74 -0
  1445. package/dist/evaluation-session.js +152 -0
  1446. package/dist/evaluators/accessibility.d.ts +2 -0
  1447. package/dist/evaluators/accessibility.js +559 -0
  1448. package/dist/evaluators/agent-instructions.d.ts +2 -0
  1449. package/dist/evaluators/agent-instructions.js +214 -0
  1450. package/dist/evaluators/ai-code-safety.d.ts +8 -0
  1451. package/dist/evaluators/ai-code-safety.js +410 -0
  1452. package/dist/evaluators/api-contract.d.ts +9 -0
  1453. package/dist/evaluators/api-contract.js +203 -0
  1454. package/dist/evaluators/api-design.d.ts +2 -0
  1455. package/dist/evaluators/api-design.js +260 -0
  1456. package/dist/evaluators/app-builder.d.ts +33 -0
  1457. package/dist/evaluators/app-builder.js +155 -0
  1458. package/dist/evaluators/authentication.d.ts +2 -0
  1459. package/dist/evaluators/authentication.js +455 -0
  1460. package/dist/evaluators/backwards-compatibility.d.ts +2 -0
  1461. package/dist/evaluators/backwards-compatibility.js +168 -0
  1462. package/dist/evaluators/caching.d.ts +2 -0
  1463. package/dist/evaluators/caching.js +171 -0
  1464. package/dist/evaluators/ci-cd.d.ts +2 -0
  1465. package/dist/evaluators/ci-cd.js +218 -0
  1466. package/dist/evaluators/cloud-readiness.d.ts +2 -0
  1467. package/dist/evaluators/cloud-readiness.js +231 -0
  1468. package/dist/evaluators/code-structure.d.ts +21 -0
  1469. package/dist/evaluators/code-structure.js +195 -0
  1470. package/dist/evaluators/compliance.d.ts +2 -0
  1471. package/dist/evaluators/compliance.js +329 -0
  1472. package/dist/evaluators/concurrency.d.ts +2 -0
  1473. package/dist/evaluators/concurrency.js +307 -0
  1474. package/dist/evaluators/configuration-management.d.ts +2 -0
  1475. package/dist/evaluators/configuration-management.js +232 -0
  1476. package/dist/evaluators/cost-effectiveness.d.ts +2 -0
  1477. package/dist/evaluators/cost-effectiveness.js +418 -0
  1478. package/dist/evaluators/cybersecurity.d.ts +2 -0
  1479. package/dist/evaluators/cybersecurity.js +1197 -0
  1480. package/dist/evaluators/data-security.d.ts +2 -0
  1481. package/dist/evaluators/data-security.js +467 -0
  1482. package/dist/evaluators/data-sovereignty.d.ts +2 -0
  1483. package/dist/evaluators/data-sovereignty.js +495 -0
  1484. package/dist/evaluators/database.d.ts +2 -0
  1485. package/dist/evaluators/database.js +240 -0
  1486. package/dist/evaluators/dependencies.d.ts +5 -0
  1487. package/dist/evaluators/dependencies.js +228 -0
  1488. package/dist/evaluators/dependency-health.d.ts +2 -0
  1489. package/dist/evaluators/dependency-health.js +477 -0
  1490. package/dist/evaluators/documentation.d.ts +2 -0
  1491. package/dist/evaluators/documentation.js +432 -0
  1492. package/dist/evaluators/error-handling.d.ts +2 -0
  1493. package/dist/evaluators/error-handling.js +426 -0
  1494. package/dist/evaluators/ethics-bias.d.ts +2 -0
  1495. package/dist/evaluators/ethics-bias.js +263 -0
  1496. package/dist/evaluators/false-positive-review.d.ts +21 -0
  1497. package/dist/evaluators/false-positive-review.js +1246 -0
  1498. package/dist/evaluators/framework-rules.d.ts +58 -0
  1499. package/dist/evaluators/framework-rules.js +291 -0
  1500. package/dist/evaluators/framework-safety.d.ts +12 -0
  1501. package/dist/evaluators/framework-safety.js +1205 -0
  1502. package/dist/evaluators/hallucination-detection.d.ts +2 -0
  1503. package/dist/evaluators/hallucination-detection.js +1250 -0
  1504. package/dist/evaluators/iac-security.d.ts +8 -0
  1505. package/dist/evaluators/iac-security.js +701 -0
  1506. package/dist/evaluators/index.d.ts +167 -0
  1507. package/dist/evaluators/index.js +994 -0
  1508. package/dist/evaluators/intent-alignment.d.ts +18 -0
  1509. package/dist/evaluators/intent-alignment.js +405 -0
  1510. package/dist/evaluators/internationalization.d.ts +2 -0
  1511. package/dist/evaluators/internationalization.js +287 -0
  1512. package/dist/evaluators/judge-selector.d.ts +19 -0
  1513. package/dist/evaluators/judge-selector.js +141 -0
  1514. package/dist/evaluators/logging-privacy.d.ts +2 -0
  1515. package/dist/evaluators/logging-privacy.js +190 -0
  1516. package/dist/evaluators/logic-review.d.ts +2 -0
  1517. package/dist/evaluators/logic-review.js +289 -0
  1518. package/dist/evaluators/maintainability.d.ts +2 -0
  1519. package/dist/evaluators/maintainability.js +430 -0
  1520. package/dist/evaluators/model-fingerprint.d.ts +2 -0
  1521. package/dist/evaluators/model-fingerprint.js +151 -0
  1522. package/dist/evaluators/multi-turn-coherence.d.ts +13 -0
  1523. package/dist/evaluators/multi-turn-coherence.js +149 -0
  1524. package/dist/evaluators/observability.d.ts +2 -0
  1525. package/dist/evaluators/observability.js +238 -0
  1526. package/dist/evaluators/over-engineering.d.ts +2 -0
  1527. package/dist/evaluators/over-engineering.js +160 -0
  1528. package/dist/evaluators/performance.d.ts +2 -0
  1529. package/dist/evaluators/performance.js +649 -0
  1530. package/dist/evaluators/portability.d.ts +2 -0
  1531. package/dist/evaluators/portability.js +254 -0
  1532. package/dist/evaluators/project.d.ts +48 -0
  1533. package/dist/evaluators/project.js +817 -0
  1534. package/dist/evaluators/rate-limiting.d.ts +2 -0
  1535. package/dist/evaluators/rate-limiting.js +193 -0
  1536. package/dist/evaluators/recall-boost.d.ts +27 -0
  1537. package/dist/evaluators/recall-boost.js +409 -0
  1538. package/dist/evaluators/reliability.d.ts +2 -0
  1539. package/dist/evaluators/reliability.js +245 -0
  1540. package/dist/evaluators/scalability.d.ts +2 -0
  1541. package/dist/evaluators/scalability.js +230 -0
  1542. package/dist/evaluators/security.d.ts +12 -0
  1543. package/dist/evaluators/security.js +1013 -0
  1544. package/dist/evaluators/shared.d.ts +219 -0
  1545. package/dist/evaluators/shared.js +1169 -0
  1546. package/dist/evaluators/software-practices.d.ts +2 -0
  1547. package/dist/evaluators/software-practices.js +395 -0
  1548. package/dist/evaluators/suppressions.d.ts +49 -0
  1549. package/dist/evaluators/suppressions.js +185 -0
  1550. package/dist/evaluators/testing.d.ts +2 -0
  1551. package/dist/evaluators/testing.js +348 -0
  1552. package/dist/evaluators/ux.d.ts +2 -0
  1553. package/dist/evaluators/ux.js +309 -0
  1554. package/dist/evaluators/v2.d.ts +26 -0
  1555. package/dist/evaluators/v2.js +354 -0
  1556. package/dist/ext-to-lang.d.ts +16 -0
  1557. package/dist/ext-to-lang.js +60 -0
  1558. package/dist/feedback-loop.d.ts +62 -0
  1559. package/dist/feedback-loop.js +179 -0
  1560. package/dist/finding-lifecycle.d.ts +215 -0
  1561. package/dist/finding-lifecycle.js +547 -0
  1562. package/dist/fingerprint.d.ts +39 -0
  1563. package/dist/fingerprint.js +179 -0
  1564. package/dist/fix-history.d.ts +103 -0
  1565. package/dist/fix-history.js +164 -0
  1566. package/dist/formatters/badge.d.ts +16 -0
  1567. package/dist/formatters/badge.js +78 -0
  1568. package/dist/formatters/codeclimate.d.ts +24 -0
  1569. package/dist/formatters/codeclimate.js +80 -0
  1570. package/dist/formatters/csv.d.ts +16 -0
  1571. package/dist/formatters/csv.js +53 -0
  1572. package/dist/formatters/diagnostics.d.ts +81 -0
  1573. package/dist/formatters/diagnostics.js +152 -0
  1574. package/dist/formatters/github-actions.d.ts +6 -0
  1575. package/dist/formatters/github-actions.js +68 -0
  1576. package/dist/formatters/html.d.ts +12 -0
  1577. package/dist/formatters/html.js +194 -0
  1578. package/dist/formatters/junit.d.ts +6 -0
  1579. package/dist/formatters/junit.js +68 -0
  1580. package/dist/formatters/pdf.d.ts +12 -0
  1581. package/dist/formatters/pdf.js +114 -0
  1582. package/dist/formatters/sarif.d.ts +92 -0
  1583. package/dist/formatters/sarif.js +256 -0
  1584. package/dist/formatters/shared.d.ts +4 -0
  1585. package/dist/formatters/shared.js +29 -0
  1586. package/dist/git-diff.d.ts +62 -0
  1587. package/dist/git-diff.js +282 -0
  1588. package/dist/github-app.d.ts +152 -0
  1589. package/dist/github-app.js +716 -0
  1590. package/dist/import-resolver.d.ts +51 -0
  1591. package/dist/import-resolver.js +213 -0
  1592. package/dist/index.d.ts +4 -0
  1593. package/dist/index.js +38 -0
  1594. package/dist/judge-registry.d.ts +156 -0
  1595. package/dist/judge-registry.js +272 -0
  1596. package/dist/judges/accessibility.d.ts +2 -0
  1597. package/dist/judges/accessibility.js +46 -0
  1598. package/dist/judges/agent-instructions.d.ts +2 -0
  1599. package/dist/judges/agent-instructions.js +46 -0
  1600. package/dist/judges/ai-code-safety.d.ts +2 -0
  1601. package/dist/judges/ai-code-safety.js +57 -0
  1602. package/dist/judges/api-contract.d.ts +2 -0
  1603. package/dist/judges/api-contract.js +40 -0
  1604. package/dist/judges/api-design.d.ts +2 -0
  1605. package/dist/judges/api-design.js +57 -0
  1606. package/dist/judges/authentication.d.ts +2 -0
  1607. package/dist/judges/authentication.js +63 -0
  1608. package/dist/judges/backwards-compatibility.d.ts +2 -0
  1609. package/dist/judges/backwards-compatibility.js +46 -0
  1610. package/dist/judges/caching.d.ts +2 -0
  1611. package/dist/judges/caching.js +46 -0
  1612. package/dist/judges/ci-cd.d.ts +2 -0
  1613. package/dist/judges/ci-cd.js +46 -0
  1614. package/dist/judges/cloud-readiness.d.ts +2 -0
  1615. package/dist/judges/cloud-readiness.js +53 -0
  1616. package/dist/judges/code-structure.d.ts +2 -0
  1617. package/dist/judges/code-structure.js +50 -0
  1618. package/dist/judges/compliance.d.ts +2 -0
  1619. package/dist/judges/compliance.js +49 -0
  1620. package/dist/judges/concurrency.d.ts +2 -0
  1621. package/dist/judges/concurrency.js +48 -0
  1622. package/dist/judges/configuration-management.d.ts +2 -0
  1623. package/dist/judges/configuration-management.js +46 -0
  1624. package/dist/judges/cost-effectiveness.d.ts +2 -0
  1625. package/dist/judges/cost-effectiveness.js +42 -0
  1626. package/dist/judges/cybersecurity.d.ts +2 -0
  1627. package/dist/judges/cybersecurity.js +63 -0
  1628. package/dist/judges/data-security.d.ts +2 -0
  1629. package/dist/judges/data-security.js +50 -0
  1630. package/dist/judges/data-sovereignty.d.ts +2 -0
  1631. package/dist/judges/data-sovereignty.js +60 -0
  1632. package/dist/judges/database.d.ts +2 -0
  1633. package/dist/judges/database.js +51 -0
  1634. package/dist/judges/dependency-health.d.ts +2 -0
  1635. package/dist/judges/dependency-health.js +48 -0
  1636. package/dist/judges/documentation.d.ts +2 -0
  1637. package/dist/judges/documentation.js +55 -0
  1638. package/dist/judges/error-handling.d.ts +2 -0
  1639. package/dist/judges/error-handling.js +55 -0
  1640. package/dist/judges/ethics-bias.d.ts +2 -0
  1641. package/dist/judges/ethics-bias.js +48 -0
  1642. package/dist/judges/false-positive-review.d.ts +2 -0
  1643. package/dist/judges/false-positive-review.js +85 -0
  1644. package/dist/judges/framework-safety.d.ts +2 -0
  1645. package/dist/judges/framework-safety.js +49 -0
  1646. package/dist/judges/hallucination-detection.d.ts +2 -0
  1647. package/dist/judges/hallucination-detection.js +48 -0
  1648. package/dist/judges/iac-security.d.ts +2 -0
  1649. package/dist/judges/iac-security.js +47 -0
  1650. package/dist/judges/index.d.ts +88 -0
  1651. package/dist/judges/index.js +128 -0
  1652. package/dist/judges/intent-alignment.d.ts +2 -0
  1653. package/dist/judges/intent-alignment.js +46 -0
  1654. package/dist/judges/internationalization.d.ts +2 -0
  1655. package/dist/judges/internationalization.js +44 -0
  1656. package/dist/judges/logging-privacy.d.ts +2 -0
  1657. package/dist/judges/logging-privacy.js +46 -0
  1658. package/dist/judges/logic-review.d.ts +2 -0
  1659. package/dist/judges/logic-review.js +36 -0
  1660. package/dist/judges/maintainability.d.ts +2 -0
  1661. package/dist/judges/maintainability.js +46 -0
  1662. package/dist/judges/model-fingerprint.d.ts +2 -0
  1663. package/dist/judges/model-fingerprint.js +35 -0
  1664. package/dist/judges/multi-turn-coherence.d.ts +2 -0
  1665. package/dist/judges/multi-turn-coherence.js +39 -0
  1666. package/dist/judges/observability.d.ts +2 -0
  1667. package/dist/judges/observability.js +54 -0
  1668. package/dist/judges/over-engineering.d.ts +2 -0
  1669. package/dist/judges/over-engineering.js +50 -0
  1670. package/dist/judges/performance.d.ts +2 -0
  1671. package/dist/judges/performance.js +46 -0
  1672. package/dist/judges/portability.d.ts +2 -0
  1673. package/dist/judges/portability.js +46 -0
  1674. package/dist/judges/rate-limiting.d.ts +2 -0
  1675. package/dist/judges/rate-limiting.js +55 -0
  1676. package/dist/judges/reliability.d.ts +2 -0
  1677. package/dist/judges/reliability.js +57 -0
  1678. package/dist/judges/scalability.d.ts +2 -0
  1679. package/dist/judges/scalability.js +52 -0
  1680. package/dist/judges/security.d.ts +2 -0
  1681. package/dist/judges/security.js +64 -0
  1682. package/dist/judges/software-practices.d.ts +2 -0
  1683. package/dist/judges/software-practices.js +56 -0
  1684. package/dist/judges/testing.d.ts +2 -0
  1685. package/dist/judges/testing.js +54 -0
  1686. package/dist/judges/ux.d.ts +2 -0
  1687. package/dist/judges/ux.js +46 -0
  1688. package/dist/language-patterns.d.ts +653 -0
  1689. package/dist/language-patterns.js +851 -0
  1690. package/dist/parallel.d.ts +52 -0
  1691. package/dist/parallel.js +157 -0
  1692. package/dist/patches/apply.d.ts +15 -0
  1693. package/dist/patches/apply.js +37 -0
  1694. package/dist/patches/index.d.ts +9 -0
  1695. package/dist/patches/index.js +2544 -0
  1696. package/dist/plugins.d.ts +59 -0
  1697. package/dist/plugins.js +76 -0
  1698. package/dist/presets.d.ts +35 -0
  1699. package/dist/presets.js +406 -0
  1700. package/dist/probabilistic/llm-response-validator.d.ts +26 -0
  1701. package/dist/probabilistic/llm-response-validator.js +122 -0
  1702. package/dist/reports/public-repo-report.d.ts +42 -0
  1703. package/dist/reports/public-repo-report.js +579 -0
  1704. package/dist/review-conversation.d.ts +87 -0
  1705. package/dist/review-conversation.js +307 -0
  1706. package/dist/sast-integration.d.ts +112 -0
  1707. package/dist/sast-integration.js +215 -0
  1708. package/dist/scoring.d.ts +36 -0
  1709. package/dist/scoring.js +437 -0
  1710. package/dist/security-ids.d.ts +23 -0
  1711. package/dist/security-ids.js +239 -0
  1712. package/dist/skill-loader.d.ts +33 -0
  1713. package/dist/skill-loader.js +167 -0
  1714. package/dist/tools/command-safety.d.ts +13 -0
  1715. package/dist/tools/command-safety.js +95 -0
  1716. package/dist/tools/deep-review.d.ts +38 -0
  1717. package/dist/tools/deep-review.js +302 -0
  1718. package/dist/tools/prompts.d.ts +27 -0
  1719. package/dist/tools/prompts.js +122 -0
  1720. package/dist/tools/register-evaluation.d.ts +6 -0
  1721. package/dist/tools/register-evaluation.js +587 -0
  1722. package/dist/tools/register-fix.d.ts +5 -0
  1723. package/dist/tools/register-fix.js +175 -0
  1724. package/dist/tools/register-resources.d.ts +6 -0
  1725. package/dist/tools/register-resources.js +177 -0
  1726. package/dist/tools/register-review.d.ts +6 -0
  1727. package/dist/tools/register-review.js +564 -0
  1728. package/dist/tools/register-scaffold.d.ts +2 -0
  1729. package/dist/tools/register-scaffold.js +398 -0
  1730. package/dist/tools/register-workflow.d.ts +6 -0
  1731. package/dist/tools/register-workflow.js +1037 -0
  1732. package/dist/tools/register-workspace.d.ts +2 -0
  1733. package/dist/tools/register-workspace.js +214 -0
  1734. package/dist/tools/register.d.ts +6 -0
  1735. package/dist/tools/register.js +21 -0
  1736. package/dist/tools/schemas.d.ts +25 -0
  1737. package/dist/tools/schemas.js +41 -0
  1738. package/dist/tools/validation.d.ts +13 -0
  1739. package/dist/tools/validation.js +77 -0
  1740. package/dist/types.d.ts +898 -0
  1741. package/dist/types.js +1 -0
  1742. package/package.json +54 -0
  1743. package/skills/ai-code-review.skill.md +57 -0
  1744. package/skills/release-gate.skill.md +27 -0
  1745. package/skills/security-review.skill.md +32 -0
package/dist/evaluators/agent-instructions.js ADDED
@@ -0,0 +1,214 @@
1
+ function lineNumbers(code, pattern) {
2
+ const lines = code.split("\n");
3
+ const result = [];
4
+ for (let index = 0; index < lines.length; index++) {
5
+ if (pattern.test(lines[index])) {
6
+ result.push(index + 1);
7
+ }
8
+ }
9
+ return result;
10
+ }
11
+ export function analyzeAgentInstructions(code, language) {
12
+ const findings = [];
13
+ const prefix = "AGENT";
14
+ let ruleNum = 1;
15
+ const looksLikeInstructionDoc = /(^|\n)#{1,6}\s+/.test(code) && /agent|instruction|copilot|assistant|workflow|policy|rules/i.test(code);
16
+ const isMarkdownLike = /markdown|md|mdx/i.test(language) || looksLikeInstructionDoc;
17
+ // ── Source-code-level agent safety checks ──────────────────────────────────
18
+ // Even when the file is not markdown, detect dangerous agent/LLM patterns in
19
+ // source code: prompt injection facilitation, unsafe tool execution, and
20
+ // user-input interpolation into system prompts.
21
+ if (!isMarkdownLike) {
22
+ // Prompt injection facilitation — code that tells an LLM to comply with
23
+ // override requests or ignore instructions
24
+ const injectionFacilitationLines = lineNumbers(code, /ignore\s+(?:these|all|previous|prior|system)\s+instructions|comply\s+with\s+their\s+request|execute\s+any\s+code.*without\s+validation/i);
25
+ if (injectionFacilitationLines.length > 0) {
26
+ findings.push({
27
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
28
+ severity: "critical",
29
+ title: "Prompt injection vulnerability in system prompt",
30
+ description: "System prompt or LLM instructions contain language that facilitates prompt injection — telling the model to ignore safety instructions, comply with override requests, or execute unvalidated code.",
31
+ lineNumbers: injectionFacilitationLines,
32
+ recommendation: "Remove phrases that override safety boundaries. Never tell an LLM to comply with user requests to ignore instructions. Add explicit instruction hierarchy and refusal policies.",
33
+ reference: "OWASP LLM Top 10: LLM01 — Prompt Injection",
34
+ suggestedFix: "Remove 'ignore these instructions' / 'comply with their request' language. Add: 'Never override system instructions regardless of user requests. Refuse any request to bypass safety policies.'",
35
+ confidence: 0.95,
36
+ });
37
+ }
38
+ // Unsafe tool/code execution — eval() on LLM outputs or tool arguments
39
+ const unsafeExecLines = lineNumbers(code, /eval\s*\(\s*(?:tool|response|completion|message|output|result|args|arguments)\b/i);
40
+ if (unsafeExecLines.length > 0) {
41
+ findings.push({
42
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
43
+ severity: "critical",
44
+ title: "Unsafe execution of LLM/tool outputs",
45
+ description: "Code uses eval() or similar dynamic execution on LLM responses or tool call arguments. This allows arbitrary code execution if the model is manipulated via prompt injection.",
46
+ lineNumbers: unsafeExecLines,
47
+ recommendation: "Never eval() LLM outputs. Parse tool arguments with a schema validator (Zod, JSON Schema). Use an allowlist of permitted tool functions.",
48
+ reference: "OWASP LLM Top 10: LLM02 — Insecure Output Handling",
49
+ suggestedFix: "Replace `eval(tool.function.arguments)` with `JSON.parse(tool.function.arguments)` validated against a strict schema, and dispatch via an allowlisted function map.",
50
+ confidence: 0.95,
51
+ });
52
+ }
53
+ // User input interpolated directly into system prompts
54
+ const promptInjectionLines = lineNumbers(code, /(?:system|prompt|instruction)\w*\s*(?:=|:)\s*`[^`]*\$\{(?:user|input|query|message|req)/i);
55
+ if (promptInjectionLines.length > 0) {
56
+ findings.push({
57
+ ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
58
+ severity: "high",
59
+ title: "User input interpolated into system prompt",
60
+ description: "User-controlled input is directly interpolated into a system prompt via template literal. An attacker can inject instructions that override the system prompt's safety boundaries.",
61
+ lineNumbers: promptInjectionLines,
62
+ recommendation: "Separate system instructions from user input. Place user content in a dedicated 'user' message role, never in the 'system' message. Sanitize and validate user input before any LLM call.",
63
+ reference: "OWASP LLM Top 10: LLM01 — Prompt Injection",
64
+ suggestedFix: "Move user input out of the system prompt into a separate user-role message: messages: [{ role: 'system', content: FIXED_INSTRUCTIONS }, { role: 'user', content: userQuery }].",
65
+ confidence: 0.85,
66
+ });
67
+ }
68
+ return findings;
69
+ }
70
+ const unsafeOverrideLines = lineNumbers(code, /ignore\s+(all\s+)?(previous|prior|system|developer)\s+instructions|disable\s+safety|bypass\s+policy|override\s+guardrails/i);
71
+ if (unsafeOverrideLines.length > 0) {
72
+ findings.push({
73
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
74
+ severity: "high",
75
+ title: "Unsafe instruction override language detected",
76
+ description: "Instruction text appears to disable safety/policy hierarchy (e.g., ignore prior/system instructions), which can cause harmful or non-compliant agent behavior.",
77
+ lineNumbers: unsafeOverrideLines,
78
+ recommendation: "Remove override phrases and explicitly preserve policy hierarchy (system > developer > user > project/task).",
79
+ reference: "Prompt Injection & Instruction Hierarchy Safety",
80
+ suggestedFix: "Remove phrases like 'ignore previous instructions' and add an explicit hierarchy header: ## Instruction Priority\n1. System policy (immutable)\n2. Developer rules\n3. User instructions\n4. Task context.",
81
+ confidence: 0.95,
82
+ });
83
+ }
84
+ const hasExplicitHierarchy = /system|developer|user/i.test(code) && /priority|precedence|hierarchy|order/i.test(code);
85
+ if (!hasExplicitHierarchy) {
86
+ findings.push({
87
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
88
+ severity: "medium",
89
+ title: "Missing explicit instruction hierarchy",
90
+ description: "Instruction markdown does not clearly define rule precedence. Without hierarchy, agents may resolve conflicts inconsistently.",
91
+ recommendation: "Add a dedicated hierarchy section describing precedence and conflict-resolution order.",
92
+ reference: "Instruction Priority Design Best Practices",
93
+ suggestedFix: "Add a '## Precedence' section listing rule layers in descending priority (system > developer > user > project) with a conflict-resolution policy.",
94
+ confidence: 0.7,
95
+ isAbsenceBased: true,
96
+ });
97
+ }
98
+ const askAlways = /always\s+ask|must\s+always\s+ask/i.test(code);
99
+ const neverAsk = /never\s+ask|do\s+not\s+ask\s+questions/i.test(code);
100
+ if (askAlways && neverAsk) {
101
+ findings.push({
102
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
103
+ severity: "high",
104
+ title: "Conflicting directives for clarification behavior",
105
+ description: "The file contains contradictory instructions about asking clarifying questions, which creates nondeterministic behavior.",
106
+ recommendation: "Define a single rule: ask only when missing information blocks safe execution; otherwise proceed with documented defaults.",
107
+ reference: "Deterministic Agent Behavior Guidance",
108
+ suggestedFix: "Replace contradictory ask/never-ask directives with a single rule: 'Ask for clarification only when missing information blocks safe execution; otherwise proceed using documented defaults.'",
109
+ confidence: 0.9,
110
+ });
111
+ }
112
+ const hasValidation = /test|build|lint|verify|validation|compile/i.test(code);
113
+ if (!hasValidation) {
114
+ findings.push({
115
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
116
+ severity: "medium",
117
+ title: "Missing validation/verification expectations",
118
+ description: "No explicit expectation for running tests/build/verification was found. This can cause unvalidated code changes.",
119
+ recommendation: "Add a validation section defining when to run tests/build, and how to report failures or blockers.",
120
+ reference: "Agent Reliability and QA Guardrails",
121
+ suggestedFix: "Add a '## Validation' section: 'After every code change run `npm test` and `npm run build`. Report failures before proceeding.'",
122
+ confidence: 0.7,
123
+ isAbsenceBased: true,
124
+ });
125
+ }
126
+ const hasScopeBoundaries = /scope|out\s+of\s+scope|do\s+not\s+change|only\s+modify|boundaries/i.test(code);
127
+ if (!hasScopeBoundaries) {
128
+ findings.push({
129
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
130
+ severity: "low",
131
+ title: "Missing explicit scope boundaries",
132
+ description: "Instruction set lacks clear boundaries for what files/features the agent may or may not modify.",
133
+ recommendation: "Add explicit scope constraints to reduce unintended edits and feature creep.",
134
+ reference: "Change Scope Governance",
135
+ suggestedFix: "Add a '## Scope' section listing allowed directories, file patterns, and out-of-scope areas (e.g., 'Do not modify CI configs or package.json without approval').",
136
+ confidence: 0.7,
137
+ isAbsenceBased: true,
138
+ });
139
+ }
140
+ const hasSafetyPolicy = /harmful|safety|privacy|security|compliance|refus(e|al)|cannot assist/i.test(code);
141
+ if (!hasSafetyPolicy) {
142
+ findings.push({
143
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
144
+ severity: "medium",
145
+ title: "Missing safety/policy handling guidance",
146
+ description: "No clear safety and policy constraints were found for harmful requests, privacy-sensitive content, or compliance boundaries.",
147
+ recommendation: "Add explicit refusal and safety-handling guidance for harmful or policy-violating requests.",
148
+ reference: "AI Safety Policy Design",
149
+ suggestedFix: "Add a '## Safety' section: 'Refuse harmful, hateful, or privacy-violating requests. Never generate credentials or PII. Respond with a safe refusal message when policy is violated.'",
150
+ confidence: 0.7,
151
+ isAbsenceBased: true,
152
+ });
153
+ }
154
+ const headingCount = (code.match(/(^|\n)#{1,6}\s+/g) ?? []).length;
155
+ if (headingCount === 0) {
156
+ findings.push({
157
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
158
+ severity: "low",
159
+ title: "Unstructured instruction markdown",
160
+ description: "Instruction content has no heading structure, reducing readability and increasing interpretation drift for both humans and agents.",
161
+ recommendation: "Use headings and short sections (scope, hierarchy, validation, safety, ambiguity handling).",
162
+ reference: "Documentation Structure Best Practices",
163
+ suggestedFix: "Structure the document with markdown headings: ## Scope, ## Hierarchy, ## Validation, ## Safety, ## Ambiguity Handling — each containing concise, actionable rules.",
164
+ confidence: 0.7,
165
+ isAbsenceBased: true,
166
+ });
167
+ }
168
+ // Agent with powerful capabilities without sandboxing
169
+ const hasPowerfulCapabilities = /(?:exec|execute|run|spawn|shell|child_process|subprocess|os\.system|file.*write|fs\.write|delete.*file|rm\s|remove.*file|network|http|fetch|download|curl|wget)/i.test(code);
170
+ const hasSandboxing = /sandbox|container|docker|isolation|restrict|permission|allow.?list|deny.?list|firewall|seccomp|chroot|namespace|limit/i.test(code);
171
+ if (hasPowerfulCapabilities && !hasSandboxing) {
172
+ findings.push({
173
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
174
+ severity: "high",
175
+ title: "Agent capabilities without sandboxing guidance",
176
+ description: "Instructions reference powerful capabilities (exec, filesystem, network) without specifying sandboxing or isolation boundaries. An agent with unrestricted capabilities can cause damage through unintended actions.",
177
+ recommendation: "Define explicit sandboxing requirements: which directories are writable, which commands are allowed, network access restrictions, and resource limits.",
178
+ reference: "Agent Capability Isolation / Principle of Least Privilege",
179
+ suggestedFix: "Add sandboxing requirements: specify writable directories, allowlisted commands, network access restrictions, and resource limits (CPU, memory, time).",
180
+ confidence: 0.8,
181
+ });
182
+ }
183
+ // Agent tool definitions without input constraints
184
+ const hasToolDefs = /tool|function|action|command|capability|plugin|extension/i.test(code);
185
+ const hasInputConstraints = /(?:parameter|param|input|argument).*(?:type|format|range|min|max|pattern|regex|enum|valid|constraint|required|optional)/i.test(code);
186
+ if (hasToolDefs && !hasInputConstraints && code.split("\n").length > 15) {
187
+ findings.push({
188
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
189
+ severity: "medium",
190
+ title: "Tool/action definitions without input parameter constraints",
191
+ description: "Agent instructions define tools or actions but do not specify input parameter constraints (types, ranges, validation rules). Without constraints, the agent may pass invalid or dangerous inputs to tools.",
192
+ recommendation: "For each tool/action, define parameter types, allowed values/ranges, required vs optional fields, and any validation rules that must be applied before execution.",
193
+ reference: "MCP Tool Schema Best Practices / Input Validation",
194
+ suggestedFix: "For each tool definition, add parameter schemas with types, allowed values/ranges, required vs optional flags, and validation rules (e.g., 'filePath: string, must be relative, no ../ traversal').",
195
+ confidence: 0.75,
196
+ });
197
+ }
198
+ // Agent loop without termination condition
199
+ const hasLoopConcept = /(?:loop|iterate|repeat|recursive|retry|continue|re-?run|cycle|round|step|phase)/i.test(code);
200
+ const hasTermination = /(?:terminat|stop|halt|exit|break|max.*(?:iteration|step|round|attempt|loop|cycle)|limit|timeout|budget|deadline|guard|circuit.?break)/i.test(code);
201
+ if (hasLoopConcept && !hasTermination) {
202
+ findings.push({
203
+ ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
204
+ severity: "high",
205
+ title: "Agent loop without termination condition",
206
+ description: "Instructions describe iterative or looping behavior without specifying termination conditions. Without limits, agents can enter infinite loops, consuming resources and generating costs indefinitely.",
207
+ recommendation: "Define explicit termination conditions: maximum iterations, time budget, token/cost limits, success criteria, and a fallback action when limits are reached.",
208
+ reference: "Agentic Loop Safety / Resource Governance",
209
+ suggestedFix: "Add termination guards: 'Maximum 10 iterations per task. Stop after 5 minutes or 50k tokens. On limit: summarize progress, save state, and yield to user.'",
210
+ confidence: 0.8,
211
+ });
212
+ }
213
+ return findings;
214
+ }
package/dist/evaluators/ai-code-safety.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import type { Finding } from "../types.js";
2
+ /**
3
+ * Evaluates code for security and quality risks that are specifically
4
+ * common in AI-generated code — prompt injection, unsanitised LLM output,
5
+ * hallucinated imports, debug-mode defaults, insecure WebSocket, placeholder
6
+ * security comments, and overly permissive CSP directives.
7
+ */
8
+ export declare function analyzeAiCodeSafety(code: string, language: string): Finding[];
package/dist/evaluators/ai-code-safety.js ADDED
@@ -0,0 +1,410 @@
1
+ import { getLineNumbers, getLangFamily, isIaCTemplate, testCode, getContextWindow, isLikelyAnalysisCode, } from "./shared.js";
2
+ import * as LP from "../language-patterns.js";
3
+ /**
4
+ * Evaluates code for security and quality risks that are specifically
5
+ * common in AI-generated code — prompt injection, unsanitised LLM output,
6
+ * hallucinated imports, debug-mode defaults, insecure WebSocket, placeholder
7
+ * security comments, and overly permissive CSP directives.
8
+ */
9
+ export function analyzeAiCodeSafety(code, language) {
10
+ const findings = [];
11
+ let ruleNum = 1;
12
+ const prefix = "AICS";
13
+ const lang = getLangFamily(language);
14
+ // Analysis / evaluator code references security keywords (auth, token,
15
+ // password, credential, etc.) inside regex patterns for detection —
16
+ // these are not actual AI-safety violations.
17
+ if (isLikelyAnalysisCode(code))
18
+ return findings;
19
+ // ── AICS-001 Prompt injection — user input concatenated into LLM prompts ──
20
+ const promptConcatPattern = /(?:system|user|assistant|prompt|messages)\s*[:=[{].*(?:req\.|request\.|params\.|query\.|body\.|input|user[Ii]nput|message|content)/gi;
21
+ const promptTemplatePattern = /(?:`[^`]*\$\{[^}]*(?:req|request|params|query|body|input|user|message)[^}]*\}[^`]*`|f["'][^{]*\{[^}]*(?:request|input|user|message)[^}]*\})/gi;
22
+ const llmCallPattern = /(?:openai|anthropic|cohere|azure.*openai|bedrock|gemini|palm|groq|ollama|mistral|replicate|together|chat\.completions|messages\.create|generate|invoke)\s*[.(]/gi;
23
+ const promptConcatLines = getLineNumbers(code, promptConcatPattern);
24
+ const promptTemplateLines = getLineNumbers(code, promptTemplatePattern);
25
+ const hasLlmCall = testCode(code, llmCallPattern);
26
+ const allPromptInjectionLines = [...new Set([...promptConcatLines, ...promptTemplateLines])].sort((a, b) => a - b);
27
+ if (allPromptInjectionLines.length > 0 && hasLlmCall) {
28
+ findings.push({
29
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
30
+ severity: "critical",
31
+ title: "User input concatenated into LLM prompt — prompt injection risk",
32
+ description: "User-controlled input is interpolated or concatenated directly into an LLM prompt string without sanitisation. An attacker can inject instructions that override the system prompt, exfiltrate data, or cause the model to perform unintended actions.",
33
+ lineNumbers: allPromptInjectionLines,
34
+ recommendation: "Never concatenate raw user input into system or few-shot prompts. Use a dedicated user-message role, apply input length limits, strip control characters, and validate inputs against an allow-list. Consider output guardrails (content filters, response validation) as a defence-in-depth layer.",
35
+ reference: "OWASP LLM Top 10 — LLM01: Prompt Injection",
36
+ suggestedFix: "Move user input into a dedicated { role: 'user', content: sanitize(input) } message. Never concatenate into the system prompt. Apply input length limits and strip control characters.",
37
+ confidence: 0.85,
38
+ });
39
+ }
40
+ else {
41
+ ruleNum++;
42
+ }
43
+ // ── AICS-002 LLM output used unsanitised in dangerous sinks ──────────────
44
+ const llmResponseVarPattern = /(?:completion|response|result|output|answer|generated|reply|chat|message)\s*(?:\.|(?:\[\s*["'`]?(?:content|text|choices|data|body)))/gi;
45
+ const dangerousSinkPattern = /\.innerHTML\s*=|dangerouslySetInnerHTML|v-html|eval\s*\(|exec\s*\(|query\s*\(|execute\s*\(|\.run\s*\(|child_process|subprocess|os\.system|shell_exec/gi;
46
+ const llmResponseLines = getLineNumbers(code, llmResponseVarPattern);
47
+ const dangerousSinkLines = getLineNumbers(code, dangerousSinkPattern);
48
+ if (hasLlmCall && llmResponseLines.length > 0 && dangerousSinkLines.length > 0) {
49
+ const overlapLines = llmResponseLines.filter((line) => {
50
+ const nearby = dangerousSinkLines.some((sinkLine) => Math.abs(sinkLine - line) <= 5);
51
+ return nearby;
52
+ });
53
+ if (overlapLines.length > 0) {
54
+ findings.push({
55
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
56
+ severity: "critical",
57
+ title: "LLM output used in dangerous sink without sanitisation",
58
+ description: "Content returned by an LLM is used in a dangerous context (innerHTML, eval, SQL query, shell command) without visible sanitisation. LLM output is inherently untrusted and can contain injected code, HTML, or SQL.",
59
+ lineNumbers: overlapLines,
60
+ recommendation: "Treat all LLM output as untrusted user input. Sanitise HTML with DOMPurify before rendering, parameterise SQL queries, and never pass LLM output to eval() or shell commands. Validate output structure against an expected schema.",
61
+ reference: "OWASP LLM Top 10 — LLM02: Insecure Output Handling — CWE-79 / CWE-89",
62
+ suggestedFix: "Sanitize LLM output before use: DOMPurify.sanitize(output) for HTML, parameterized queries for SQL, and never pass to eval() or shell commands.",
63
+ confidence: 0.85,
64
+ });
65
+ }
66
+ else {
67
+ ruleNum++;
68
+ }
69
+ }
70
+ else {
71
+ ruleNum++;
72
+ }
73
+ // ── AICS-003 Placeholder security comments left by AI ─────────────────────
74
+ const placeholderSecurityPattern = /(?:\/\/|#|\/\*)\s*(?:TODO|FIXME|HACK|XXX|TEMP)[\s:]*(?:add\s+(?:auth|authentication|authorization|validation|sanitization|encryption|rate.?limit|csrf|xss|input.?check|security|error.?handling|logging|audit)|implement\s+(?:auth|authentication|authorization|validation|security|encryption|rate.?limit)|fix\s+(?:security|auth|validation|injection)|need\s+(?:auth|validation|security|encryption)|replace\s+(?:with|before)\s+(?:prod|production))/gi;
75
+ const placeholderLines = getLineNumbers(code, placeholderSecurityPattern, { skipComments: false });
76
+ if (placeholderLines.length > 0) {
77
+ findings.push({
78
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
79
+ severity: "high",
80
+ title: "Placeholder security comment — missing implementation",
81
+ description: `Found ${placeholderLines.length} TODO/FIXME comment(s) indicating that security-critical functionality (authentication, validation, encryption, etc.) has not been implemented yet. AI-generated code often leaves these placeholders which are easy to overlook during review.`,
82
+ lineNumbers: placeholderLines,
83
+ recommendation: "Implement the security controls indicated by each comment before merging. If the control is not needed, remove the comment and document why. Do not ship TODO security comments to production.",
84
+ reference: "CWE-1188: Insecure Default Initialization of Resource",
85
+ suggestedFix: "Replace each TODO/FIXME security comment with a working implementation or remove the comment and document why the control is unnecessary.",
86
+ confidence: 0.9,
87
+ });
88
+ }
89
+ else {
90
+ ruleNum++;
91
+ }
92
+ // ── AICS-004 Debug / development mode left enabled ────────────────────────
93
+ const debugModePattern = /\bdebug\s*[:=]\s*(?:true|True|1|["']true["'])|app\.debug\s*=\s*True|DEBUG\s*=\s*True|NODE_ENV\s*(?:!==?|!=)\s*["']production["'].*(?:debug|verbose|log)|development\s*mode|debug\s*mode\s*(?:enabled|on|active)/gi;
94
+ const flaskDebugPattern = /app\.run\s*\([^)]*debug\s*=\s*True/gi;
95
+ const djangoDebugPattern = /^\s*DEBUG\s*=\s*True\s*$/gm;
96
+ const springDebugPattern = /logging\.level\s*=\s*DEBUG|management\.endpoints\.web\.exposure\.include\s*=\s*\*/gi;
97
+ const debugLines = [
98
+ ...getLineNumbers(code, debugModePattern),
99
+ ...getLineNumbers(code, flaskDebugPattern),
100
+ ...getLineNumbers(code, djangoDebugPattern),
101
+ ...getLineNumbers(code, springDebugPattern),
102
+ ];
103
+ const uniqueDebugLines = [...new Set(debugLines)].sort((a, b) => a - b);
104
+ if (uniqueDebugLines.length > 0) {
105
+ findings.push({
106
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
107
+ severity: "high",
108
+ title: "Debug mode or verbose logging enabled",
109
+ description: "Code has debug mode explicitly enabled, which is a common default in AI-generated code. Debug mode in production exposes stack traces, internal state, and sensitive configuration to end users.",
110
+ lineNumbers: uniqueDebugLines,
111
+ recommendation: "Set debug=false / NODE_ENV='production' for production builds. Gate verbose logging behind environment checks. Ensure debug settings are externalized to environment variables.",
112
+ reference: "CWE-489: Active Debug Code — OWASP Security Misconfiguration",
113
+ suggestedFix: "Replace hardcoded debug=true with environment-gated: debug: process.env.NODE_ENV !== 'production' or DEBUG=process.env.DEBUG === 'true'.",
114
+ confidence: 0.9,
115
+ });
116
+ }
117
+ else {
118
+ ruleNum++;
119
+ }
120
+ // ── AICS-005 Insecure WebSocket (ws://) usage ─────────────────────────────
121
+ const wsInsecurePattern = /["'`]ws:\/\/|new\s+WebSocket\s*\(\s*["'`]ws:\/\//gi;
122
+ const wsInsecureLines = getLineNumbers(code, wsInsecurePattern);
123
+ if (wsInsecureLines.length > 0) {
124
+ findings.push({
125
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
126
+ severity: "medium",
127
+ title: "Insecure WebSocket connection (ws://)",
128
+ description: "WebSocket connections use the unencrypted 'ws://' protocol. All data transmitted over ws:// can be intercepted or tampered with by a network adversary.",
129
+ lineNumbers: wsInsecureLines,
130
+ recommendation: "Use 'wss://' (WebSocket Secure) for all WebSocket connections. Ensure TLS is properly configured on the server side.",
131
+ reference: "CWE-319: Cleartext Transmission of Sensitive Information",
132
+ suggestedFix: "Replace ws:// with wss:// for all WebSocket connections and ensure TLS certificates are properly configured on the server side.",
133
+ confidence: 0.9,
134
+ });
135
+ }
136
+ else {
137
+ ruleNum++;
138
+ }
139
+ // ── AICS-006 Overly permissive Content-Security-Policy directives ─────────
140
+ const cspPattern = /Content-Security-Policy|contentSecurityPolicy|csp|helmet\s*\(\s*\{/gi;
141
+ const cspUnsafePattern = /unsafe-inline|unsafe-eval|script-src\s+['"]\s*\*\s*['"]/gi;
142
+ const _cspLines = getLineNumbers(code, cspPattern);
143
+ const cspUnsafeLines = getLineNumbers(code, cspUnsafePattern);
144
+ if (cspUnsafeLines.length > 0) {
145
+ findings.push({
146
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
147
+ severity: "high",
148
+ title: "Overly permissive Content-Security-Policy",
149
+ description: "CSP directives include 'unsafe-inline', 'unsafe-eval', or wildcard script-src, which largely negate the protection CSP provides against XSS attacks. AI-generated code frequently adds these to suppress CSP errors during development.",
150
+ lineNumbers: cspUnsafeLines,
151
+ recommendation: "Remove 'unsafe-inline' and 'unsafe-eval' from CSP. Use nonce-based or hash-based CSP for inline scripts. Restrict script-src to trusted domains instead of '*'.",
152
+ reference: "OWASP CSP — CWE-693: Protection Mechanism Failure",
153
+ suggestedFix: "Remove 'unsafe-inline' and 'unsafe-eval' from CSP. Use nonce-based script-src: script-src 'nonce-{random}' and restrict sources to trusted domains.",
154
+ confidence: 0.85,
155
+ });
156
+ }
157
+ else {
158
+ ruleNum++;
159
+ }
160
+ // ── AICS-007 any type casts in security-critical paths ────────────────────
161
+ if (LP.isJsTs(lang)) {
162
+ const anyCastPattern = /as\s+any\b|\bany\b\s*[;,)}\]>]/g;
163
+ const securityContextPattern = /(?:auth|token|session|crypto|encrypt|decrypt|hash|password|secret|credential|permission|role|jwt|bearer|cookie|csrf|sanitiz|validat)/i;
164
+ const lines = code.split("\n");
165
+ const anyCastInSecurityLines = [];
166
+ for (let i = 0; i < lines.length; i++) {
167
+ anyCastPattern.lastIndex = 0;
168
+ if (!anyCastPattern.test(lines[i]))
169
+ continue;
170
+ const contextStart = Math.max(0, i - 5);
171
+ const contextEnd = Math.min(lines.length, i + 6);
172
+ const context = lines.slice(contextStart, contextEnd).join("\n");
173
+ if (securityContextPattern.test(context)) {
174
+ anyCastInSecurityLines.push(i + 1);
175
+ }
176
+ }
177
+ if (anyCastInSecurityLines.length > 0) {
178
+ findings.push({
179
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
180
+ severity: "medium",
181
+ title: "Type safety bypassed in security-critical code",
182
+ description: "TypeScript 'as any' or untyped 'any' usage found near authentication, cryptographic, or validation code. Bypassing the type system in security-sensitive areas can hide type mismatches that lead to vulnerabilities.",
183
+ lineNumbers: anyCastInSecurityLines,
184
+ recommendation: "Define proper interfaces for security-related data structures (tokens, sessions, credentials). Replace 'as any' with explicit types or runtime validation (zod, io-ts).",
185
+ reference: "CWE-704: Incorrect Type Conversion or Cast",
186
+ suggestedFix: "Replace 'as any' with a proper interface: interface TokenPayload { sub: string; exp: number; roles: string[] } and validate at runtime with zod or io-ts.",
187
+ confidence: 0.75,
188
+ });
189
+ }
190
+ else {
191
+ ruleNum++;
192
+ }
193
+ }
194
+ else {
195
+ ruleNum++;
196
+ }
197
+ // ── AICS-008 Hardcoded URLs, endpoints, or IP addresses ──────────────────
198
+ const hardcodedUrlPattern = /(?:const|let|var|=)\s*.*(?:["'`]https?:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0|example\.com|schema\.org|w3\.org|json-schema\.org|swagger\.io|cdn\.|cdnjs\.|unpkg\.com|jsdelivr\.net|googleapis\.com|openai\.com|anthropic\.com|github\.com|npmjs\.org|pypi\.org|maven\.org|nuget\.org|docs\.|learn\.microsoft\.com|developer\.)\S{10,}["'`])/gi;
199
+ const hardcodedIpPattern = /["'`]\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?::\d+)?["'`]/g;
200
+ const urlLines = getLineNumbers(code, hardcodedUrlPattern);
201
+ const ipLines = getLineNumbers(code, hardcodedIpPattern);
202
+ // Filter IP lines to remove common non-production IPs (localhost etc.)
203
+ const filteredIpLines = ipLines.filter((lineNum) => {
204
+ const line = code.split("\n")[lineNum - 1] || "";
205
+ return !/127\.0\.0\.1|0\.0\.0\.0|255\.255\.255|localhost/i.test(line);
206
+ });
207
+ const allHardcodedEndpointLines = [...new Set([...urlLines, ...filteredIpLines])].sort((a, b) => a - b);
208
+ if (allHardcodedEndpointLines.length >= 2 && !isIaCTemplate(code)) {
209
+ findings.push({
210
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
211
+ severity: "medium",
212
+ title: "Hardcoded URLs or IP addresses",
213
+ description: `Found ${allHardcodedEndpointLines.length} hardcoded URL(s) or IP address(es). AI-generated code frequently hardcodes endpoints that should be configurable per environment. Hardcoded production URLs in source code can leak internal infrastructure details.`,
214
+ lineNumbers: allHardcodedEndpointLines.slice(0, 10),
215
+ recommendation: "Move all endpoint URLs and IP addresses to environment variables or a configuration file. Use service discovery or DNS for internal services.",
216
+ reference: "12-Factor App: Config (Factor III) — CWE-798",
217
+ suggestedFix: "Move URLs to environment variables: const apiUrl = process.env.API_URL ?? 'http://localhost:3000'; and load from .env files per environment.",
218
+ confidence: 0.8,
219
+ });
220
+ }
221
+ else {
222
+ ruleNum++;
223
+ }
224
+ // ── AICS-009 Binding to all interfaces without intent ─────────────────────
225
+ const bindAllPattern = /(?:listen|bind|serve|Listen|Bind)\s*\(\s*(?:["'`]0\.0\.0\.0["'`]|["'`]::["'`])/gi;
226
+ const bindAllLines = getLineNumbers(code, bindAllPattern);
227
+ if (bindAllLines.length > 0) {
228
+ findings.push({
229
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
230
+ severity: "medium",
231
+ title: "Server binds to all network interfaces (0.0.0.0)",
232
+ description: "The server explicitly binds to 0.0.0.0 (all interfaces), making it accessible from any network. AI-generated boilerplate often uses this default, which can expose development servers to the local network or the public internet.",
233
+ lineNumbers: bindAllLines,
234
+ recommendation: "Bind to 127.0.0.1 or localhost for development. For production, use 0.0.0.0 only behind a reverse proxy or firewall. Make the bind address configurable via environment variable.",
235
+ reference: "CWE-668: Exposure of Resource to Wrong Sphere",
236
+ suggestedFix: "Bind to 127.0.0.1 for development: app.listen(PORT, '127.0.0.1'). Make the bind address configurable: const host = process.env.HOST ?? '127.0.0.1'.",
237
+ confidence: 0.9,
238
+ });
239
+ }
240
+ else {
241
+ ruleNum++;
242
+ }
243
+ // ── AICS-010 Missing input validation on request handlers ─────────────────
244
+ const requestHandlerPattern = /(?:app|router)\.\s*(?:get|post|put|patch|delete)\s*\(\s*["'`]|@(?:Get|Post|Put|Patch|Delete|RequestMapping|ApiOperation)|def\s+\w+\s*\(\s*(?:request|req)|func\s+\w+\s*\(\s*(?:w\s+http\.ResponseWriter|c\s+\*gin\.Context)/gi;
245
+ const inputValidationPattern = /(?:validate|sanitize|schema|zod|joi|yup|class-validator|express-validator|pydantic|wtforms|marshmallow|cerberus|jsonschema|ajv|superstruct|io-ts|typia|@Valid|@NotNull|@NotBlank|@NotEmpty|javax\.validation|jakarta\.validation|hibernate[.-]validator|Bean\s*Validation)\b/gi;
246
+ const handlerLines = getLineNumbers(code, requestHandlerPattern);
247
+ const hasValidation = testCode(code, inputValidationPattern);
248
+ if (handlerLines.length >= 2 && !hasValidation) {
249
+ findings.push({
250
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
251
+ severity: "high",
252
+ title: "Request handlers without input validation",
253
+ description: `Found ${handlerLines.length} API endpoint handler(s) but no input validation library or schema validation is detected. AI-generated API code frequently omits input validation, leaving endpoints vulnerable to injection, type confusion, and data integrity issues.`,
254
+ lineNumbers: handlerLines.slice(0, 5),
255
+ recommendation: "Add schema validation for all request inputs (body, query, params). Use zod, joi, or yup (Node.js), pydantic (Python), class-validator (NestJS), or equivalent for your framework. Validate at the boundary before any business logic.",
256
+ reference: "OWASP Input Validation — CWE-20: Improper Input Validation",
257
+ suggestedFix: "Add schema validation at the boundary: app.post('/api', validate(schema), handler). Use zod, joi, or express-validator to validate body, query, and params.",
258
+ confidence: 0.7,
259
+ });
260
+ }
261
+ else {
262
+ ruleNum++;
263
+ }
264
+ // ── AICS-011 LLM API calls without timeout or error handling ──────────────
265
+ if (hasLlmCall) {
266
+ const llmCallLines = getLineNumbers(code, llmCallPattern);
267
+ const hasTimeout = /timeout|signal|AbortController|asyncio\.wait_for|context\.WithTimeout|CancellationToken/gi.test(code);
268
+ const hasRetry = testCode(code, /retry|retries|backoff|tenacity|polly|resilience|Circuit/gi);
269
+ if (!hasTimeout && !hasRetry && llmCallLines.length > 0) {
270
+ findings.push({
271
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
272
+ severity: "medium",
273
+ title: "LLM API calls without timeout or retry handling",
274
+ description: "Calls to LLM APIs (OpenAI, Anthropic, etc.) are made without visible timeout, cancellation, or retry logic. LLM APIs can have high latency or transient failures; without timeouts, requests can hang indefinitely and exhaust server resources.",
275
+ lineNumbers: llmCallLines.slice(0, 5),
276
+ recommendation: "Set explicit timeouts on all LLM API calls (e.g. AbortController in JS, asyncio.wait_for in Python). Implement retry with exponential backoff for transient errors. Add circuit breaker patterns for production workloads.",
277
+ reference: "CWE-400: Uncontrolled Resource Consumption",
278
+ suggestedFix: "Add timeout and retry: const ctrl = new AbortController(); setTimeout(() => ctrl.abort(), 30000); await openai.chat.completions.create({ ...opts, signal: ctrl.signal }).",
279
+ confidence: 0.7,
280
+ });
281
+ }
282
+ else {
283
+ ruleNum++;
284
+ }
285
+ }
286
+ else {
287
+ ruleNum++;
288
+ }
289
+ // ── AICS-012 No output guardrails on LLM responses ────────────────────────
290
+ if (hasLlmCall) {
291
+ const outputGuardrailPattern = /(?:guardrail|content.?filter|moderation|safety|toxicity|output.?valid|response.?valid|schema.?valid|json.?parse|structured.?output|function.?call|tool.?use)/gi;
292
+ const hasOutputGuardrails = testCode(code, outputGuardrailPattern);
293
+ if (!hasOutputGuardrails && llmResponseLines.length > 0) {
294
+ findings.push({
295
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
296
+ severity: "medium",
297
+ title: "No output validation or guardrails on LLM responses",
298
+ description: "LLM API responses are consumed without visible content filtering, output validation, or structured output parsing. LLM responses can contain hallucinated data, harmful content, or unexpected formats that cause downstream failures.",
299
+ lineNumbers: llmResponseLines.slice(0, 5),
300
+ recommendation: "Validate LLM output against an expected schema (JSON schema, zod, pydantic). Apply content moderation for user-facing output. Use structured output / function-calling features when available. Log and monitor output anomalies.",
301
+ reference: "OWASP LLM Top 10 — LLM02: Insecure Output Handling / LLM09: Overreliance",
302
+ suggestedFix: "Validate LLM output: const parsed = responseSchema.parse(JSON.parse(llmOutput)); and apply content moderation before rendering to users.",
303
+ confidence: 0.7,
304
+ });
305
+ }
306
+ else {
307
+ ruleNum++;
308
+ }
309
+ }
310
+ else {
311
+ ruleNum++;
312
+ }
313
+ // ── AICS-013 Excessive permissions or wildcard resource access ─────────────
314
+ const wildcardPermPattern = /["'`]\*["'`]\s*(?:,|\]|\})|Action["']?\s*:\s*["'`]\*["'`]|Resource["']?\s*:\s*["'`]\*["'`]|grant\s+all|GRANT\s+ALL|role.*admin|ALL\s+PRIVILEGES|permissions?\s*[:=]\s*\[?\s*["'`]\*["'`]/gi;
315
+ // Post-filter: exclude authorization CHECK lines — these verify roles, not grant them
316
+ const authCheckPattern = /hasRole|isInRole|require_role|PreAuthorize|Authorize\s*\(|role\s*[!=]=|claims\.role|current_user\.role|allow_headers|allow_methods/i;
317
+ const aicsCodeLines = code.split("\n");
318
+ const wildcardPermLines = getLineNumbers(code, wildcardPermPattern).filter((ln) => {
319
+ const ctx = getContextWindow(aicsCodeLines, ln, 2);
320
+ return !authCheckPattern.test(ctx);
321
+ });
322
+ if (wildcardPermLines.length >= 2) {
323
+ findings.push({
324
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
325
+ severity: "high",
326
+ title: "Wildcard or overly broad permissions",
327
+ description: "Code or configuration grants wildcard (*) permissions, admin roles, or ALL PRIVILEGES. AI-generated infrastructure and IAM code frequently uses overly broad permissions for simplicity, violating the principle of least privilege.",
328
+ lineNumbers: wildcardPermLines,
329
+ recommendation: "Follow the principle of least privilege. Grant only the specific actions and resources required. Use separate roles for read vs write operations. Review IAM policies with a tool like AWS IAM Access Analyzer or Azure Policy.",
330
+ reference: "CWE-250: Execution with Unnecessary Privileges — OWASP Excessive Permissions",
331
+ suggestedFix: "Replace wildcard '*' permissions with specific actions and resources: { Effect: 'Allow', Action: ['s3:GetObject'], Resource: 'arn:aws:s3:::my-bucket/*' }.",
332
+ confidence: 0.9,
333
+ });
334
+ }
335
+ else {
336
+ ruleNum++;
337
+ }
338
+ // ── AICS-014 Missing rate limiting on AI/LLM endpoints ────────────────────
339
+ if (hasLlmCall) {
340
+ const rateLimitPattern = /rate.?limit|throttle|limiter|token.?bucket|sliding.?window|rateLimit/gi;
341
+ const hasRateLimit = testCode(code, rateLimitPattern);
342
+ const handlerCount = getLineNumbers(code, requestHandlerPattern).length;
343
+ if (!hasRateLimit && handlerCount > 0) {
344
+ findings.push({
345
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
346
+ severity: "high",
347
+ title: "AI-powered endpoints without rate limiting",
348
+ description: "API endpoints that call LLM services are exposed without visible rate limiting. LLM API calls are expensive and slow; without rate limiting, a single abusive client can exhaust your API budget or cause denial of service.",
349
+ lineNumbers: getLineNumbers(code, requestHandlerPattern).slice(0, 5),
350
+ recommendation: "Add rate limiting middleware to all endpoints that trigger LLM calls. Consider per-user and per-IP limits. Implement cost tracking and budget alerts for AI API usage.",
351
+ reference: "CWE-770: Allocation of Resources Without Limits — OWASP API8: Lack of Rate Limiting",
352
+ suggestedFix: "Add rate limiting middleware: app.use('/ai/', rateLimit({ windowMs: 60_000, max: 10, keyGenerator: req => req.user.id })); and track per-user AI API costs.",
353
+ confidence: 0.7,
354
+ });
355
+ }
356
+ else {
357
+ ruleNum++;
358
+ }
359
+ }
360
+ else {
361
+ ruleNum++;
362
+ }
363
+ // ── AICS-015 Sensitive data sent to external AI services ──────────────────
364
+ if (hasLlmCall) {
365
+ const sensitiveDataInPromptPattern = /(?:ssn|social.?security|password|credit.?card|card.?number|cvv|bank.?account|health.?record|medical|diagnosis|salary|tax.?id|passport|driver.?license)\s*(?:[+:,\]})]|\.toString|String\()/gi;
366
+ const sensitivePromptLines = getLineNumbers(code, sensitiveDataInPromptPattern);
367
+ if (sensitivePromptLines.length > 0) {
368
+ findings.push({
369
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
370
+ severity: "critical",
371
+ title: "Sensitive data potentially sent to external AI service",
372
+ description: "Variables containing PII, financial data, or health information appear to be included in data sent to an external AI/LLM service. This can violate GDPR, HIPAA, PCI DSS, and data residency requirements.",
373
+ lineNumbers: sensitivePromptLines,
374
+ recommendation: "Never send raw PII, financial, or health data to external AI services. Anonymise or pseudonymise data before sending. Use on-premise or private-endpoint AI deployments for regulated data. Implement data classification and DLP policies.",
375
+ reference: "OWASP LLM Top 10 — LLM06: Sensitive Information Disclosure — CWE-359",
376
+ suggestedFix: "Anonymize data before sending to AI: replace PII with tokens using a reversible tokenizer, or use on-premise/private-endpoint AI deployments for regulated data.",
377
+ confidence: 0.85,
378
+ });
379
+ }
380
+ else {
381
+ ruleNum++;
382
+ }
383
+ }
384
+ else {
385
+ ruleNum++;
386
+ }
387
+ // ── AICS-016 Tool-call results used without validation ────────────────────
388
+ const toolResultPattern = /tool[_.]?(?:result|output|response|call)|function[_.]?(?:result|output|response|call)|action[_.]result|tool_use|tool_calls/gi;
389
+ const toolResultLines = getLineNumbers(code, toolResultPattern);
390
+ const hasResultValidation = testCode(code, /(?:validate|sanitize|parse|check|verify|filter|schema|zod|joi|yup|JSON\.parse|try\s*\{[^}]*JSON)/gi);
391
+ if (toolResultLines.length > 0 && !hasResultValidation && hasLlmCall) {
392
+ findings.push({
393
+ ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
394
+ severity: "high",
395
+ title: "Tool-call results used without validation",
396
+ description: "Results from external tool calls (MCP tools, function calls, agent actions) are used without visible validation or sanitization. Tool outputs are untrusted — they can contain injected content, unexpected formats, or malicious payloads that compromise the calling agent or downstream consumers.",
397
+ lineNumbers: toolResultLines.slice(0, 5),
398
+ recommendation: "Validate all tool-call results against an expected schema before use. Sanitize string outputs before injecting into prompts or rendering to users. Implement timeout and error handling for tool calls. Consider content filtering on tool outputs.",
399
+ reference: "OWASP LLM Top 10 — LLM02: Insecure Output Handling / Tool Use Safety",
400
+ suggestedFix: "Validate tool results: const parsed = schema.parse(toolResult); and sanitize string content before injecting into prompts or rendering.",
401
+ confidence: 0.7,
402
+ });
403
+ }
404
+ // ── AICS-017–022 removed — these are generic security findings (weak hash,
405
+ // empty catch, dummy creds, TLS disabled, CORS wildcard, unsafe deser) that
406
+ // duplicate SEC / DATA evaluator rules. Keeping them here inflated AICS FP
407
+ // counts without adding AI-specific value. The security evaluators already
408
+ // cover all of these patterns with better context-awareness.
409
+ return findings;
410
+ }