@kevinrabun/judges-cli 3.124.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1745) hide show
  1. package/README.md +24 -0
  2. package/agents/accessibility.judge.md +44 -0
  3. package/agents/agent-instructions.judge.md +44 -0
  4. package/agents/ai-code-safety.judge.md +55 -0
  5. package/agents/api-contract.judge.md +37 -0
  6. package/agents/api-design.judge.md +55 -0
  7. package/agents/authentication.judge.md +61 -0
  8. package/agents/backwards-compatibility.judge.md +44 -0
  9. package/agents/caching.judge.md +44 -0
  10. package/agents/ci-cd.judge.md +44 -0
  11. package/agents/cloud-readiness.judge.md +51 -0
  12. package/agents/code-structure.judge.md +48 -0
  13. package/agents/compliance.judge.md +47 -0
  14. package/agents/concurrency.judge.md +46 -0
  15. package/agents/configuration-management.judge.md +44 -0
  16. package/agents/cost-effectiveness.judge.md +40 -0
  17. package/agents/cybersecurity.judge.md +61 -0
  18. package/agents/data-security.judge.md +48 -0
  19. package/agents/data-sovereignty.judge.md +58 -0
  20. package/agents/database.judge.md +49 -0
  21. package/agents/dependency-health.judge.md +46 -0
  22. package/agents/documentation.judge.md +53 -0
  23. package/agents/error-handling.judge.md +53 -0
  24. package/agents/ethics-bias.judge.md +46 -0
  25. package/agents/false-positive-review.judge.md +85 -0
  26. package/agents/framework-safety.judge.md +47 -0
  27. package/agents/hallucination-detection.judge.md +46 -0
  28. package/agents/iac-security.judge.md +45 -0
  29. package/agents/intent-alignment.judge.md +44 -0
  30. package/agents/internationalization.judge.md +42 -0
  31. package/agents/logging-privacy.judge.md +44 -0
  32. package/agents/logic-review.judge.md +34 -0
  33. package/agents/maintainability.judge.md +44 -0
  34. package/agents/model-fingerprint.judge.md +31 -0
  35. package/agents/multi-turn-coherence.judge.md +36 -0
  36. package/agents/observability.judge.md +52 -0
  37. package/agents/over-engineering.judge.md +48 -0
  38. package/agents/performance.judge.md +44 -0
  39. package/agents/portability.judge.md +44 -0
  40. package/agents/rate-limiting.judge.md +53 -0
  41. package/agents/reliability.judge.md +55 -0
  42. package/agents/scalability.judge.md +50 -0
  43. package/agents/security.judge.md +62 -0
  44. package/agents/software-practices.judge.md +54 -0
  45. package/agents/testing.judge.md +52 -0
  46. package/agents/ux.judge.md +44 -0
  47. package/bin/judges.js +8 -0
  48. package/dist/a2a-protocol.d.ts +136 -0
  49. package/dist/a2a-protocol.js +218 -0
  50. package/dist/agent-loader.d.ts +107 -0
  51. package/dist/agent-loader.js +260 -0
  52. package/dist/api.d.ts +169 -0
  53. package/dist/api.js +195 -0
  54. package/dist/ast/cross-file-taint.d.ts +42 -0
  55. package/dist/ast/cross-file-taint.js +679 -0
  56. package/dist/ast/index.d.ts +25 -0
  57. package/dist/ast/index.js +148 -0
  58. package/dist/ast/structural-parser.d.ts +2 -0
  59. package/dist/ast/structural-parser.js +756 -0
  60. package/dist/ast/taint-tracker.d.ts +48 -0
  61. package/dist/ast/taint-tracker.js +1033 -0
  62. package/dist/ast/tree-sitter-ast.d.ts +33 -0
  63. package/dist/ast/tree-sitter-ast.js +1164 -0
  64. package/dist/ast/types.d.ts +50 -0
  65. package/dist/ast/types.js +7 -0
  66. package/dist/audit-trail.d.ts +245 -0
  67. package/dist/audit-trail.js +257 -0
  68. package/dist/auto-tune.d.ts +146 -0
  69. package/dist/auto-tune.js +373 -0
  70. package/dist/cache.d.ts +53 -0
  71. package/dist/cache.js +86 -0
  72. package/dist/calibration.d.ts +108 -0
  73. package/dist/calibration.js +219 -0
  74. package/dist/cli-dispatch.d.ts +7 -0
  75. package/dist/cli-dispatch.js +654 -0
  76. package/dist/cli-formatters.d.ts +6 -0
  77. package/dist/cli-formatters.js +186 -0
  78. package/dist/cli-helpers.d.ts +29 -0
  79. package/dist/cli-helpers.js +129 -0
  80. package/dist/cli.d.ts +30 -0
  81. package/dist/cli.js +1487 -0
  82. package/dist/commands/adoption-report.d.ts +7 -0
  83. package/dist/commands/adoption-report.js +218 -0
  84. package/dist/commands/adoption-track.d.ts +4 -0
  85. package/dist/commands/adoption-track.js +246 -0
  86. package/dist/commands/ai-gate.d.ts +7 -0
  87. package/dist/commands/ai-gate.js +212 -0
  88. package/dist/commands/ai-model-trust.d.ts +16 -0
  89. package/dist/commands/ai-model-trust.js +234 -0
  90. package/dist/commands/ai-output-compare.d.ts +8 -0
  91. package/dist/commands/ai-output-compare.js +202 -0
  92. package/dist/commands/ai-pattern-trend.d.ts +8 -0
  93. package/dist/commands/ai-pattern-trend.js +223 -0
  94. package/dist/commands/ai-prompt-audit.d.ts +22 -0
  95. package/dist/commands/ai-prompt-audit.js +254 -0
  96. package/dist/commands/ai-provenance.d.ts +4 -0
  97. package/dist/commands/ai-provenance.js +247 -0
  98. package/dist/commands/api-audit.d.ts +8 -0
  99. package/dist/commands/api-audit.js +359 -0
  100. package/dist/commands/api-misuse.d.ts +4 -0
  101. package/dist/commands/api-misuse.js +260 -0
  102. package/dist/commands/api-versioning-audit.d.ts +5 -0
  103. package/dist/commands/api-versioning-audit.js +233 -0
  104. package/dist/commands/approve-chain.d.ts +7 -0
  105. package/dist/commands/approve-chain.js +234 -0
  106. package/dist/commands/arch-audit.d.ts +8 -0
  107. package/dist/commands/arch-audit.js +283 -0
  108. package/dist/commands/assertion-density.d.ts +4 -0
  109. package/dist/commands/assertion-density.js +263 -0
  110. package/dist/commands/assign-findings.d.ts +36 -0
  111. package/dist/commands/assign-findings.js +177 -0
  112. package/dist/commands/async-safety.d.ts +4 -0
  113. package/dist/commands/async-safety.js +266 -0
  114. package/dist/commands/audit-bundle.d.ts +28 -0
  115. package/dist/commands/audit-bundle.js +234 -0
  116. package/dist/commands/audit-trail.d.ts +17 -0
  117. package/dist/commands/audit-trail.js +154 -0
  118. package/dist/commands/auto-approve.d.ts +4 -0
  119. package/dist/commands/auto-approve.js +188 -0
  120. package/dist/commands/auto-calibrate.d.ts +14 -0
  121. package/dist/commands/auto-calibrate.js +106 -0
  122. package/dist/commands/auto-detect.d.ts +61 -0
  123. package/dist/commands/auto-detect.js +328 -0
  124. package/dist/commands/auto-fix.d.ts +17 -0
  125. package/dist/commands/auto-fix.js +240 -0
  126. package/dist/commands/auto-triage.d.ts +31 -0
  127. package/dist/commands/auto-triage.js +125 -0
  128. package/dist/commands/baseline.d.ts +47 -0
  129. package/dist/commands/baseline.js +353 -0
  130. package/dist/commands/batch-review.d.ts +4 -0
  131. package/dist/commands/batch-review.js +180 -0
  132. package/dist/commands/benchmark-advanced.d.ts +14 -0
  133. package/dist/commands/benchmark-advanced.js +5057 -0
  134. package/dist/commands/benchmark-ai-agents.d.ts +8 -0
  135. package/dist/commands/benchmark-ai-agents.js +4123 -0
  136. package/dist/commands/benchmark-ai-output.d.ts +9 -0
  137. package/dist/commands/benchmark-ai-output.js +365 -0
  138. package/dist/commands/benchmark-compliance-ethics.d.ts +8 -0
  139. package/dist/commands/benchmark-compliance-ethics.js +3060 -0
  140. package/dist/commands/benchmark-expanded-2.d.ts +12 -0
  141. package/dist/commands/benchmark-expanded-2.js +5530 -0
  142. package/dist/commands/benchmark-expanded.d.ts +12 -0
  143. package/dist/commands/benchmark-expanded.js +2599 -0
  144. package/dist/commands/benchmark-infrastructure.d.ts +8 -0
  145. package/dist/commands/benchmark-infrastructure.js +2882 -0
  146. package/dist/commands/benchmark-languages.d.ts +8 -0
  147. package/dist/commands/benchmark-languages.js +1963 -0
  148. package/dist/commands/benchmark-quality-ops.d.ts +8 -0
  149. package/dist/commands/benchmark-quality-ops.js +3415 -0
  150. package/dist/commands/benchmark-security-deep.d.ts +9 -0
  151. package/dist/commands/benchmark-security-deep.js +2335 -0
  152. package/dist/commands/benchmark.d.ts +233 -0
  153. package/dist/commands/benchmark.js +3214 -0
  154. package/dist/commands/blame-review.d.ts +4 -0
  155. package/dist/commands/blame-review.js +266 -0
  156. package/dist/commands/boundary-enforce.d.ts +5 -0
  157. package/dist/commands/boundary-enforce.js +255 -0
  158. package/dist/commands/build-optimize.d.ts +6 -0
  159. package/dist/commands/build-optimize.js +256 -0
  160. package/dist/commands/burndown.d.ts +26 -0
  161. package/dist/commands/burndown.js +179 -0
  162. package/dist/commands/cache-audit.d.ts +4 -0
  163. package/dist/commands/cache-audit.js +219 -0
  164. package/dist/commands/calibration-dashboard.d.ts +1 -0
  165. package/dist/commands/calibration-dashboard.js +294 -0
  166. package/dist/commands/calibration-share.d.ts +30 -0
  167. package/dist/commands/calibration-share.js +182 -0
  168. package/dist/commands/chat-notify.d.ts +8 -0
  169. package/dist/commands/chat-notify.js +258 -0
  170. package/dist/commands/ci-template.d.ts +14 -0
  171. package/dist/commands/ci-template.js +211 -0
  172. package/dist/commands/ci-templates.d.ts +9 -0
  173. package/dist/commands/ci-templates.js +89 -0
  174. package/dist/commands/clarity-score.d.ts +8 -0
  175. package/dist/commands/clarity-score.js +260 -0
  176. package/dist/commands/clone-detect.d.ts +4 -0
  177. package/dist/commands/clone-detect.js +232 -0
  178. package/dist/commands/coach-mode.d.ts +7 -0
  179. package/dist/commands/coach-mode.js +229 -0
  180. package/dist/commands/code-health.d.ts +4 -0
  181. package/dist/commands/code-health.js +195 -0
  182. package/dist/commands/code-owner-suggest.d.ts +16 -0
  183. package/dist/commands/code-owner-suggest.js +214 -0
  184. package/dist/commands/code-similarity.d.ts +8 -0
  185. package/dist/commands/code-similarity.js +231 -0
  186. package/dist/commands/comment-drift.d.ts +4 -0
  187. package/dist/commands/comment-drift.js +228 -0
  188. package/dist/commands/commit-hygiene.d.ts +5 -0
  189. package/dist/commands/commit-hygiene.js +175 -0
  190. package/dist/commands/community-patterns.d.ts +1 -0
  191. package/dist/commands/community-patterns.js +131 -0
  192. package/dist/commands/compare-runs.d.ts +37 -0
  193. package/dist/commands/compare-runs.js +228 -0
  194. package/dist/commands/completion-audit.d.ts +4 -0
  195. package/dist/commands/completion-audit.js +296 -0
  196. package/dist/commands/completions.d.ts +1 -0
  197. package/dist/commands/completions.js +257 -0
  198. package/dist/commands/compliance-map.d.ts +8 -0
  199. package/dist/commands/compliance-map.js +374 -0
  200. package/dist/commands/compliance-report.d.ts +34 -0
  201. package/dist/commands/compliance-report.js +161 -0
  202. package/dist/commands/compliance-weight.d.ts +8 -0
  203. package/dist/commands/compliance-weight.js +272 -0
  204. package/dist/commands/config-drift.d.ts +24 -0
  205. package/dist/commands/config-drift.js +213 -0
  206. package/dist/commands/config-lint.d.ts +4 -0
  207. package/dist/commands/config-lint.js +187 -0
  208. package/dist/commands/config-migrate.d.ts +43 -0
  209. package/dist/commands/config-migrate.js +240 -0
  210. package/dist/commands/config-share.d.ts +95 -0
  211. package/dist/commands/config-share.js +406 -0
  212. package/dist/commands/context-blind.d.ts +4 -0
  213. package/dist/commands/context-blind.js +272 -0
  214. package/dist/commands/context-inject.d.ts +8 -0
  215. package/dist/commands/context-inject.js +211 -0
  216. package/dist/commands/contract-verify.d.ts +4 -0
  217. package/dist/commands/contract-verify.js +316 -0
  218. package/dist/commands/correlate.d.ts +27 -0
  219. package/dist/commands/correlate.js +241 -0
  220. package/dist/commands/cost-forecast.d.ts +18 -0
  221. package/dist/commands/cost-forecast.js +193 -0
  222. package/dist/commands/coverage-map.d.ts +22 -0
  223. package/dist/commands/coverage-map.js +222 -0
  224. package/dist/commands/coverage.d.ts +40 -0
  225. package/dist/commands/coverage.js +147 -0
  226. package/dist/commands/cross-file-consistency.d.ts +4 -0
  227. package/dist/commands/cross-file-consistency.js +254 -0
  228. package/dist/commands/cross-pr-regression.d.ts +8 -0
  229. package/dist/commands/cross-pr-regression.js +297 -0
  230. package/dist/commands/custom-rule.d.ts +4 -0
  231. package/dist/commands/custom-rule.js +210 -0
  232. package/dist/commands/dead-code-detect.d.ts +4 -0
  233. package/dist/commands/dead-code-detect.js +255 -0
  234. package/dist/commands/dedup-report.d.ts +12 -0
  235. package/dist/commands/dedup-report.js +137 -0
  236. package/dist/commands/dep-audit.d.ts +52 -0
  237. package/dist/commands/dep-audit.js +277 -0
  238. package/dist/commands/dep-correlate.d.ts +8 -0
  239. package/dist/commands/dep-correlate.js +207 -0
  240. package/dist/commands/deploy-readiness.d.ts +5 -0
  241. package/dist/commands/deploy-readiness.js +211 -0
  242. package/dist/commands/deprecated.d.ts +47 -0
  243. package/dist/commands/deprecated.js +201 -0
  244. package/dist/commands/deps.d.ts +5 -0
  245. package/dist/commands/deps.js +122 -0
  246. package/dist/commands/design-audit.d.ts +8 -0
  247. package/dist/commands/design-audit.js +301 -0
  248. package/dist/commands/dev-score.d.ts +36 -0
  249. package/dist/commands/dev-score.js +203 -0
  250. package/dist/commands/diff-explain.d.ts +4 -0
  251. package/dist/commands/diff-explain.js +142 -0
  252. package/dist/commands/diff-only.d.ts +33 -0
  253. package/dist/commands/diff-only.js +151 -0
  254. package/dist/commands/diff-review.d.ts +4 -0
  255. package/dist/commands/diff-review.js +190 -0
  256. package/dist/commands/diff.d.ts +6 -0
  257. package/dist/commands/diff.js +449 -0
  258. package/dist/commands/digest.d.ts +19 -0
  259. package/dist/commands/digest.js +221 -0
  260. package/dist/commands/doc-drift.d.ts +8 -0
  261. package/dist/commands/doc-drift.js +258 -0
  262. package/dist/commands/doc-gen.d.ts +7 -0
  263. package/dist/commands/doc-gen.js +208 -0
  264. package/dist/commands/docs.d.ts +1 -0
  265. package/dist/commands/docs.js +156 -0
  266. package/dist/commands/doctor.d.ts +55 -0
  267. package/dist/commands/doctor.js +362 -0
  268. package/dist/commands/encoding-safety.d.ts +4 -0
  269. package/dist/commands/encoding-safety.js +275 -0
  270. package/dist/commands/error-taxonomy.d.ts +5 -0
  271. package/dist/commands/error-taxonomy.js +226 -0
  272. package/dist/commands/error-ux.d.ts +4 -0
  273. package/dist/commands/error-ux.js +252 -0
  274. package/dist/commands/event-leak.d.ts +4 -0
  275. package/dist/commands/event-leak.js +262 -0
  276. package/dist/commands/evidence-chain.d.ts +4 -0
  277. package/dist/commands/evidence-chain.js +309 -0
  278. package/dist/commands/example-leak.d.ts +4 -0
  279. package/dist/commands/example-leak.js +232 -0
  280. package/dist/commands/exception-consistency.d.ts +6 -0
  281. package/dist/commands/exception-consistency.js +192 -0
  282. package/dist/commands/exec-report.d.ts +8 -0
  283. package/dist/commands/exec-report.js +271 -0
  284. package/dist/commands/explain-finding.d.ts +7 -0
  285. package/dist/commands/explain-finding.js +278 -0
  286. package/dist/commands/false-negatives.d.ts +34 -0
  287. package/dist/commands/false-negatives.js +165 -0
  288. package/dist/commands/feedback-rules.d.ts +28 -0
  289. package/dist/commands/feedback-rules.js +173 -0
  290. package/dist/commands/feedback.d.ts +182 -0
  291. package/dist/commands/feedback.js +550 -0
  292. package/dist/commands/finding-age-analysis.d.ts +4 -0
  293. package/dist/commands/finding-age-analysis.js +144 -0
  294. package/dist/commands/finding-age-report.d.ts +4 -0
  295. package/dist/commands/finding-age-report.js +154 -0
  296. package/dist/commands/finding-age-tracker.d.ts +7 -0
  297. package/dist/commands/finding-age-tracker.js +152 -0
  298. package/dist/commands/finding-age.d.ts +4 -0
  299. package/dist/commands/finding-age.js +145 -0
  300. package/dist/commands/finding-ancestry-trace.d.ts +1 -0
  301. package/dist/commands/finding-ancestry-trace.js +69 -0
  302. package/dist/commands/finding-annotation-export.d.ts +1 -0
  303. package/dist/commands/finding-annotation-export.js +97 -0
  304. package/dist/commands/finding-annotation-layer.d.ts +4 -0
  305. package/dist/commands/finding-annotation-layer.js +128 -0
  306. package/dist/commands/finding-auto-categorize.d.ts +1 -0
  307. package/dist/commands/finding-auto-categorize.js +109 -0
  308. package/dist/commands/finding-auto-fix-suggest.d.ts +1 -0
  309. package/dist/commands/finding-auto-fix-suggest.js +76 -0
  310. package/dist/commands/finding-auto-fix.d.ts +4 -0
  311. package/dist/commands/finding-auto-fix.js +188 -0
  312. package/dist/commands/finding-auto-group.d.ts +4 -0
  313. package/dist/commands/finding-auto-group.js +108 -0
  314. package/dist/commands/finding-auto-label.d.ts +4 -0
  315. package/dist/commands/finding-auto-label.js +220 -0
  316. package/dist/commands/finding-auto-priority.d.ts +1 -0
  317. package/dist/commands/finding-auto-priority.js +100 -0
  318. package/dist/commands/finding-auto-suppress.d.ts +4 -0
  319. package/dist/commands/finding-auto-suppress.js +126 -0
  320. package/dist/commands/finding-auto-tag.d.ts +4 -0
  321. package/dist/commands/finding-auto-tag.js +113 -0
  322. package/dist/commands/finding-auto-triage.d.ts +4 -0
  323. package/dist/commands/finding-auto-triage.js +108 -0
  324. package/dist/commands/finding-autofix-preview.d.ts +4 -0
  325. package/dist/commands/finding-autofix-preview.js +86 -0
  326. package/dist/commands/finding-batch-resolve.d.ts +4 -0
  327. package/dist/commands/finding-batch-resolve.js +165 -0
  328. package/dist/commands/finding-batch-suppress.d.ts +4 -0
  329. package/dist/commands/finding-batch-suppress.js +85 -0
  330. package/dist/commands/finding-batch-triage.d.ts +1 -0
  331. package/dist/commands/finding-batch-triage.js +90 -0
  332. package/dist/commands/finding-blast-radius.d.ts +4 -0
  333. package/dist/commands/finding-blast-radius.js +91 -0
  334. package/dist/commands/finding-budget.d.ts +4 -0
  335. package/dist/commands/finding-budget.js +232 -0
  336. package/dist/commands/finding-category-map.d.ts +4 -0
  337. package/dist/commands/finding-category-map.js +103 -0
  338. package/dist/commands/finding-category-stats.d.ts +4 -0
  339. package/dist/commands/finding-category-stats.js +104 -0
  340. package/dist/commands/finding-category.d.ts +4 -0
  341. package/dist/commands/finding-category.js +109 -0
  342. package/dist/commands/finding-change-impact.d.ts +4 -0
  343. package/dist/commands/finding-change-impact.js +107 -0
  344. package/dist/commands/finding-cluster-analysis.d.ts +4 -0
  345. package/dist/commands/finding-cluster-analysis.js +133 -0
  346. package/dist/commands/finding-cluster-group.d.ts +4 -0
  347. package/dist/commands/finding-cluster-group.js +105 -0
  348. package/dist/commands/finding-cluster-summary.d.ts +1 -0
  349. package/dist/commands/finding-cluster-summary.js +85 -0
  350. package/dist/commands/finding-cluster.d.ts +4 -0
  351. package/dist/commands/finding-cluster.js +157 -0
  352. package/dist/commands/finding-code-context.d.ts +4 -0
  353. package/dist/commands/finding-code-context.js +96 -0
  354. package/dist/commands/finding-code-smell.d.ts +4 -0
  355. package/dist/commands/finding-code-smell.js +113 -0
  356. package/dist/commands/finding-compare-runs.d.ts +4 -0
  357. package/dist/commands/finding-compare-runs.js +105 -0
  358. package/dist/commands/finding-compliance-tag.d.ts +1 -0
  359. package/dist/commands/finding-compliance-tag.js +106 -0
  360. package/dist/commands/finding-confidence-boost.d.ts +1 -0
  361. package/dist/commands/finding-confidence-boost.js +88 -0
  362. package/dist/commands/finding-confidence-calibrate.d.ts +4 -0
  363. package/dist/commands/finding-confidence-calibrate.js +111 -0
  364. package/dist/commands/finding-confidence-filter.d.ts +4 -0
  365. package/dist/commands/finding-confidence-filter.js +77 -0
  366. package/dist/commands/finding-contest.d.ts +7 -0
  367. package/dist/commands/finding-contest.js +192 -0
  368. package/dist/commands/finding-context-enrich.d.ts +4 -0
  369. package/dist/commands/finding-context-enrich.js +89 -0
  370. package/dist/commands/finding-context-expand.d.ts +4 -0
  371. package/dist/commands/finding-context-expand.js +102 -0
  372. package/dist/commands/finding-context-link.d.ts +1 -0
  373. package/dist/commands/finding-context-link.js +94 -0
  374. package/dist/commands/finding-context-summary.d.ts +1 -0
  375. package/dist/commands/finding-context-summary.js +85 -0
  376. package/dist/commands/finding-context-window.d.ts +4 -0
  377. package/dist/commands/finding-context-window.js +126 -0
  378. package/dist/commands/finding-context.d.ts +4 -0
  379. package/dist/commands/finding-context.js +140 -0
  380. package/dist/commands/finding-correlate.d.ts +4 -0
  381. package/dist/commands/finding-correlate.js +88 -0
  382. package/dist/commands/finding-correlation-map.d.ts +4 -0
  383. package/dist/commands/finding-correlation-map.js +101 -0
  384. package/dist/commands/finding-correlation.d.ts +4 -0
  385. package/dist/commands/finding-correlation.js +103 -0
  386. package/dist/commands/finding-cross-file-link.d.ts +1 -0
  387. package/dist/commands/finding-cross-file-link.js +101 -0
  388. package/dist/commands/finding-cross-ref.d.ts +4 -0
  389. package/dist/commands/finding-cross-ref.js +98 -0
  390. package/dist/commands/finding-cve-lookup.d.ts +4 -0
  391. package/dist/commands/finding-cve-lookup.js +97 -0
  392. package/dist/commands/finding-cwe-lookup.d.ts +4 -0
  393. package/dist/commands/finding-cwe-lookup.js +148 -0
  394. package/dist/commands/finding-cwe-map.d.ts +4 -0
  395. package/dist/commands/finding-cwe-map.js +133 -0
  396. package/dist/commands/finding-dedup-cross-file.d.ts +4 -0
  397. package/dist/commands/finding-dedup-cross-file.js +95 -0
  398. package/dist/commands/finding-dedup-cross.d.ts +4 -0
  399. package/dist/commands/finding-dedup-cross.js +90 -0
  400. package/dist/commands/finding-dedup-merge.d.ts +1 -0
  401. package/dist/commands/finding-dedup-merge.js +107 -0
  402. package/dist/commands/finding-dedup-report.d.ts +4 -0
  403. package/dist/commands/finding-dedup-report.js +101 -0
  404. package/dist/commands/finding-dedup-smart.d.ts +1 -0
  405. package/dist/commands/finding-dedup-smart.js +109 -0
  406. package/dist/commands/finding-deduplicate.d.ts +4 -0
  407. package/dist/commands/finding-deduplicate.js +141 -0
  408. package/dist/commands/finding-dependency-check.d.ts +4 -0
  409. package/dist/commands/finding-dependency-check.js +119 -0
  410. package/dist/commands/finding-dependency-impact.d.ts +1 -0
  411. package/dist/commands/finding-dependency-impact.js +97 -0
  412. package/dist/commands/finding-dependency-link.d.ts +4 -0
  413. package/dist/commands/finding-dependency-link.js +73 -0
  414. package/dist/commands/finding-dependency-risk.d.ts +4 -0
  415. package/dist/commands/finding-dependency-risk.js +117 -0
  416. package/dist/commands/finding-dependency-tree.d.ts +4 -0
  417. package/dist/commands/finding-dependency-tree.js +116 -0
  418. package/dist/commands/finding-diff-highlight.d.ts +4 -0
  419. package/dist/commands/finding-diff-highlight.js +107 -0
  420. package/dist/commands/finding-dismiss-workflow.d.ts +4 -0
  421. package/dist/commands/finding-dismiss-workflow.js +119 -0
  422. package/dist/commands/finding-duplicate-detect.d.ts +4 -0
  423. package/dist/commands/finding-duplicate-detect.js +113 -0
  424. package/dist/commands/finding-duplicate-rule.d.ts +4 -0
  425. package/dist/commands/finding-duplicate-rule.js +103 -0
  426. package/dist/commands/finding-effort-rank.d.ts +1 -0
  427. package/dist/commands/finding-effort-rank.js +93 -0
  428. package/dist/commands/finding-evidence-chain.d.ts +4 -0
  429. package/dist/commands/finding-evidence-chain.js +147 -0
  430. package/dist/commands/finding-evidence-collect.d.ts +4 -0
  431. package/dist/commands/finding-evidence-collect.js +114 -0
  432. package/dist/commands/finding-explain.d.ts +4 -0
  433. package/dist/commands/finding-explain.js +93 -0
  434. package/dist/commands/finding-export-csv.d.ts +4 -0
  435. package/dist/commands/finding-export-csv.js +78 -0
  436. package/dist/commands/finding-false-neg-check.d.ts +8 -0
  437. package/dist/commands/finding-false-neg-check.js +139 -0
  438. package/dist/commands/finding-false-positive-learn.d.ts +4 -0
  439. package/dist/commands/finding-false-positive-learn.js +85 -0
  440. package/dist/commands/finding-false-positive-log.d.ts +4 -0
  441. package/dist/commands/finding-false-positive-log.js +150 -0
  442. package/dist/commands/finding-false-positive.d.ts +4 -0
  443. package/dist/commands/finding-false-positive.js +134 -0
  444. package/dist/commands/finding-filter-view.d.ts +4 -0
  445. package/dist/commands/finding-filter-view.js +107 -0
  446. package/dist/commands/finding-fix-chain.d.ts +1 -0
  447. package/dist/commands/finding-fix-chain.js +78 -0
  448. package/dist/commands/finding-fix-estimate.d.ts +1 -0
  449. package/dist/commands/finding-fix-estimate.js +95 -0
  450. package/dist/commands/finding-fix-playbook.d.ts +1 -0
  451. package/dist/commands/finding-fix-playbook.js +110 -0
  452. package/dist/commands/finding-fix-priority.d.ts +4 -0
  453. package/dist/commands/finding-fix-priority.js +98 -0
  454. package/dist/commands/finding-fix-rate.d.ts +4 -0
  455. package/dist/commands/finding-fix-rate.js +141 -0
  456. package/dist/commands/finding-fix-suggest.d.ts +4 -0
  457. package/dist/commands/finding-fix-suggest.js +88 -0
  458. package/dist/commands/finding-fix-validation.d.ts +4 -0
  459. package/dist/commands/finding-fix-validation.js +115 -0
  460. package/dist/commands/finding-fix-verify.d.ts +4 -0
  461. package/dist/commands/finding-fix-verify.js +198 -0
  462. package/dist/commands/finding-group-by.d.ts +4 -0
  463. package/dist/commands/finding-group-by.js +86 -0
  464. package/dist/commands/finding-group.d.ts +15 -0
  465. package/dist/commands/finding-group.js +164 -0
  466. package/dist/commands/finding-groupby-file.d.ts +4 -0
  467. package/dist/commands/finding-groupby-file.js +94 -0
  468. package/dist/commands/finding-hotfix-suggest.d.ts +7 -0
  469. package/dist/commands/finding-hotfix-suggest.js +170 -0
  470. package/dist/commands/finding-hotspot-detect.d.ts +1 -0
  471. package/dist/commands/finding-hotspot-detect.js +120 -0
  472. package/dist/commands/finding-hotspot-map.d.ts +4 -0
  473. package/dist/commands/finding-hotspot-map.js +106 -0
  474. package/dist/commands/finding-hotspot.d.ts +4 -0
  475. package/dist/commands/finding-hotspot.js +115 -0
  476. package/dist/commands/finding-impact-radius.d.ts +1 -0
  477. package/dist/commands/finding-impact-radius.js +94 -0
  478. package/dist/commands/finding-impact-rank.d.ts +4 -0
  479. package/dist/commands/finding-impact-rank.js +85 -0
  480. package/dist/commands/finding-impact-score.d.ts +4 -0
  481. package/dist/commands/finding-impact-score.js +123 -0
  482. package/dist/commands/finding-impact.d.ts +4 -0
  483. package/dist/commands/finding-impact.js +135 -0
  484. package/dist/commands/finding-line-blame.d.ts +7 -0
  485. package/dist/commands/finding-line-blame.js +129 -0
  486. package/dist/commands/finding-link-graph.d.ts +4 -0
  487. package/dist/commands/finding-link-graph.js +144 -0
  488. package/dist/commands/finding-link.d.ts +4 -0
  489. package/dist/commands/finding-link.js +128 -0
  490. package/dist/commands/finding-merge-results.d.ts +4 -0
  491. package/dist/commands/finding-merge-results.js +110 -0
  492. package/dist/commands/finding-merge-strategy.d.ts +1 -0
  493. package/dist/commands/finding-merge-strategy.js +84 -0
  494. package/dist/commands/finding-metadata-enrich.d.ts +4 -0
  495. package/dist/commands/finding-metadata-enrich.js +92 -0
  496. package/dist/commands/finding-noise-filter.d.ts +7 -0
  497. package/dist/commands/finding-noise-filter.js +140 -0
  498. package/dist/commands/finding-noise-reduce.d.ts +1 -0
  499. package/dist/commands/finding-noise-reduce.js +81 -0
  500. package/dist/commands/finding-noise-score.d.ts +1 -0
  501. package/dist/commands/finding-noise-score.js +93 -0
  502. package/dist/commands/finding-owner-assign.d.ts +4 -0
  503. package/dist/commands/finding-owner-assign.js +133 -0
  504. package/dist/commands/finding-owner-notify.d.ts +1 -0
  505. package/dist/commands/finding-owner-notify.js +121 -0
  506. package/dist/commands/finding-ownership-assign.d.ts +4 -0
  507. package/dist/commands/finding-ownership-assign.js +101 -0
  508. package/dist/commands/finding-ownership-map.d.ts +4 -0
  509. package/dist/commands/finding-ownership-map.js +118 -0
  510. package/dist/commands/finding-patch-chain.d.ts +1 -0
  511. package/dist/commands/finding-patch-chain.js +90 -0
  512. package/dist/commands/finding-patch-preview.d.ts +4 -0
  513. package/dist/commands/finding-patch-preview.js +103 -0
  514. package/dist/commands/finding-pattern-detect.d.ts +4 -0
  515. package/dist/commands/finding-pattern-detect.js +127 -0
  516. package/dist/commands/finding-pattern-library.d.ts +4 -0
  517. package/dist/commands/finding-pattern-library.js +145 -0
  518. package/dist/commands/finding-pattern-match.d.ts +4 -0
  519. package/dist/commands/finding-pattern-match.js +165 -0
  520. package/dist/commands/finding-prioritize.d.ts +4 -0
  521. package/dist/commands/finding-prioritize.js +119 -0
  522. package/dist/commands/finding-priority-matrix.d.ts +4 -0
  523. package/dist/commands/finding-priority-matrix.js +102 -0
  524. package/dist/commands/finding-priority-queue.d.ts +4 -0
  525. package/dist/commands/finding-priority-queue.js +131 -0
  526. package/dist/commands/finding-priority-rank.d.ts +1 -0
  527. package/dist/commands/finding-priority-rank.js +82 -0
  528. package/dist/commands/finding-quality-gate.d.ts +4 -0
  529. package/dist/commands/finding-quality-gate.js +107 -0
  530. package/dist/commands/finding-rank.d.ts +4 -0
  531. package/dist/commands/finding-rank.js +138 -0
  532. package/dist/commands/finding-reachability-check.d.ts +4 -0
  533. package/dist/commands/finding-reachability-check.js +102 -0
  534. package/dist/commands/finding-reachability.d.ts +4 -0
  535. package/dist/commands/finding-reachability.js +131 -0
  536. package/dist/commands/finding-recurrence-check.d.ts +1 -0
  537. package/dist/commands/finding-recurrence-check.js +103 -0
  538. package/dist/commands/finding-recurrence-detect.d.ts +4 -0
  539. package/dist/commands/finding-recurrence-detect.js +77 -0
  540. package/dist/commands/finding-recurrence.d.ts +4 -0
  541. package/dist/commands/finding-recurrence.js +135 -0
  542. package/dist/commands/finding-regression-check.d.ts +4 -0
  543. package/dist/commands/finding-regression-check.js +112 -0
  544. package/dist/commands/finding-regression-detect.d.ts +1 -0
  545. package/dist/commands/finding-regression-detect.js +86 -0
  546. package/dist/commands/finding-related-rules.d.ts +4 -0
  547. package/dist/commands/finding-related-rules.js +151 -0
  548. package/dist/commands/finding-remediation-cost.d.ts +1 -0
  549. package/dist/commands/finding-remediation-cost.js +79 -0
  550. package/dist/commands/finding-remediation-plan.d.ts +4 -0
  551. package/dist/commands/finding-remediation-plan.js +107 -0
  552. package/dist/commands/finding-reopen-detect.d.ts +1 -0
  553. package/dist/commands/finding-reopen-detect.js +77 -0
  554. package/dist/commands/finding-repeat-detect.d.ts +1 -0
  555. package/dist/commands/finding-repeat-detect.js +92 -0
  556. package/dist/commands/finding-resolution-track.d.ts +4 -0
  557. package/dist/commands/finding-resolution-track.js +150 -0
  558. package/dist/commands/finding-resolution-tracker.d.ts +4 -0
  559. package/dist/commands/finding-resolution-tracker.js +163 -0
  560. package/dist/commands/finding-resolution-workflow.d.ts +1 -0
  561. package/dist/commands/finding-resolution-workflow.js +91 -0
  562. package/dist/commands/finding-resolution.d.ts +4 -0
  563. package/dist/commands/finding-resolution.js +142 -0
  564. package/dist/commands/finding-risk-label.d.ts +1 -0
  565. package/dist/commands/finding-risk-label.js +72 -0
  566. package/dist/commands/finding-risk-matrix.d.ts +4 -0
  567. package/dist/commands/finding-risk-matrix.js +126 -0
  568. package/dist/commands/finding-risk-score.d.ts +4 -0
  569. package/dist/commands/finding-risk-score.js +95 -0
  570. package/dist/commands/finding-root-cause.d.ts +4 -0
  571. package/dist/commands/finding-root-cause.js +184 -0
  572. package/dist/commands/finding-rule-explain.d.ts +4 -0
  573. package/dist/commands/finding-rule-explain.js +140 -0
  574. package/dist/commands/finding-scope-filter.d.ts +1 -0
  575. package/dist/commands/finding-scope-filter.js +77 -0
  576. package/dist/commands/finding-scope-impact.d.ts +1 -0
  577. package/dist/commands/finding-scope-impact.js +83 -0
  578. package/dist/commands/finding-search-index.d.ts +4 -0
  579. package/dist/commands/finding-search-index.js +99 -0
  580. package/dist/commands/finding-security-hotspot.d.ts +4 -0
  581. package/dist/commands/finding-security-hotspot.js +175 -0
  582. package/dist/commands/finding-severity-dist.d.ts +4 -0
  583. package/dist/commands/finding-severity-dist.js +105 -0
  584. package/dist/commands/finding-severity-drift.d.ts +4 -0
  585. package/dist/commands/finding-severity-drift.js +92 -0
  586. package/dist/commands/finding-severity-heatmap.d.ts +4 -0
  587. package/dist/commands/finding-severity-heatmap.js +108 -0
  588. package/dist/commands/finding-severity-histogram.d.ts +4 -0
  589. package/dist/commands/finding-severity-histogram.js +66 -0
  590. package/dist/commands/finding-severity-override.d.ts +4 -0
  591. package/dist/commands/finding-severity-override.js +131 -0
  592. package/dist/commands/finding-severity-rebalance.d.ts +1 -0
  593. package/dist/commands/finding-severity-rebalance.js +108 -0
  594. package/dist/commands/finding-severity-trend.d.ts +4 -0
  595. package/dist/commands/finding-severity-trend.js +127 -0
  596. package/dist/commands/finding-similar-match.d.ts +1 -0
  597. package/dist/commands/finding-similar-match.js +112 -0
  598. package/dist/commands/finding-snippet.d.ts +4 -0
  599. package/dist/commands/finding-snippet.js +102 -0
  600. package/dist/commands/finding-summary-digest.d.ts +7 -0
  601. package/dist/commands/finding-summary-digest.js +145 -0
  602. package/dist/commands/finding-suppress-pattern.d.ts +4 -0
  603. package/dist/commands/finding-suppress-pattern.js +148 -0
  604. package/dist/commands/finding-suppress.d.ts +4 -0
  605. package/dist/commands/finding-suppress.js +164 -0
  606. package/dist/commands/finding-suppression-audit.d.ts +4 -0
  607. package/dist/commands/finding-suppression-audit.js +137 -0
  608. package/dist/commands/finding-suppression-list.d.ts +4 -0
  609. package/dist/commands/finding-suppression-list.js +119 -0
  610. package/dist/commands/finding-suppression-log.d.ts +4 -0
  611. package/dist/commands/finding-suppression-log.js +174 -0
  612. package/dist/commands/finding-time-to-fix.d.ts +1 -0
  613. package/dist/commands/finding-time-to-fix.js +98 -0
  614. package/dist/commands/finding-timeline-view.d.ts +4 -0
  615. package/dist/commands/finding-timeline-view.js +98 -0
  616. package/dist/commands/finding-timeline.d.ts +4 -0
  617. package/dist/commands/finding-timeline.js +143 -0
  618. package/dist/commands/finding-top-offender.d.ts +1 -0
  619. package/dist/commands/finding-top-offender.js +75 -0
  620. package/dist/commands/finding-trace.d.ts +4 -0
  621. package/dist/commands/finding-trace.js +118 -0
  622. package/dist/commands/finding-trend-alert.d.ts +1 -0
  623. package/dist/commands/finding-trend-alert.js +126 -0
  624. package/dist/commands/finding-trend-analysis.d.ts +4 -0
  625. package/dist/commands/finding-trend-analysis.js +95 -0
  626. package/dist/commands/finding-trend-forecast.d.ts +4 -0
  627. package/dist/commands/finding-trend-forecast.js +106 -0
  628. package/dist/commands/finding-trend-report.d.ts +4 -0
  629. package/dist/commands/finding-trend-report.js +107 -0
  630. package/dist/commands/finding-trend.d.ts +4 -0
  631. package/dist/commands/finding-trend.js +118 -0
  632. package/dist/commands/fix-pr.d.ts +22 -0
  633. package/dist/commands/fix-pr.js +286 -0
  634. package/dist/commands/fix-suggest.d.ts +4 -0
  635. package/dist/commands/fix-suggest.js +171 -0
  636. package/dist/commands/fix-verify.d.ts +4 -0
  637. package/dist/commands/fix-verify.js +123 -0
  638. package/dist/commands/fix.d.ts +117 -0
  639. package/dist/commands/fix.js +445 -0
  640. package/dist/commands/focus-area.d.ts +5 -0
  641. package/dist/commands/focus-area.js +192 -0
  642. package/dist/commands/generate.d.ts +7 -0
  643. package/dist/commands/generate.js +403 -0
  644. package/dist/commands/governance.d.ts +31 -0
  645. package/dist/commands/governance.js +202 -0
  646. package/dist/commands/group-findings.d.ts +22 -0
  647. package/dist/commands/group-findings.js +154 -0
  648. package/dist/commands/guided-tour.d.ts +8 -0
  649. package/dist/commands/guided-tour.js +287 -0
  650. package/dist/commands/habit-tracker.d.ts +7 -0
  651. package/dist/commands/habit-tracker.js +194 -0
  652. package/dist/commands/hallucination-detect.d.ts +4 -0
  653. package/dist/commands/hallucination-detect.js +350 -0
  654. package/dist/commands/hallucination-score.d.ts +8 -0
  655. package/dist/commands/hallucination-score.js +316 -0
  656. package/dist/commands/help.d.ts +7 -0
  657. package/dist/commands/help.js +302 -0
  658. package/dist/commands/hook-install.d.ts +21 -0
  659. package/dist/commands/hook-install.js +142 -0
  660. package/dist/commands/hook.d.ts +8 -0
  661. package/dist/commands/hook.js +145 -0
  662. package/dist/commands/iac-lint.d.ts +7 -0
  663. package/dist/commands/iac-lint.js +312 -0
  664. package/dist/commands/idempotency-audit.d.ts +4 -0
  665. package/dist/commands/idempotency-audit.js +222 -0
  666. package/dist/commands/ignore-list.d.ts +18 -0
  667. package/dist/commands/ignore-list.js +152 -0
  668. package/dist/commands/impact-scan.d.ts +8 -0
  669. package/dist/commands/impact-scan.js +281 -0
  670. package/dist/commands/incident-response.d.ts +7 -0
  671. package/dist/commands/incident-response.js +254 -0
  672. package/dist/commands/incremental-review.d.ts +4 -0
  673. package/dist/commands/incremental-review.js +236 -0
  674. package/dist/commands/init.d.ts +10 -0
  675. package/dist/commands/init.js +265 -0
  676. package/dist/commands/input-guard.d.ts +4 -0
  677. package/dist/commands/input-guard.js +255 -0
  678. package/dist/commands/interactive-fix.d.ts +22 -0
  679. package/dist/commands/interactive-fix.js +139 -0
  680. package/dist/commands/judge-author.d.ts +7 -0
  681. package/dist/commands/judge-author.js +260 -0
  682. package/dist/commands/judge-config.d.ts +4 -0
  683. package/dist/commands/judge-config.js +151 -0
  684. package/dist/commands/judge-learn.d.ts +8 -0
  685. package/dist/commands/judge-learn.js +217 -0
  686. package/dist/commands/judge-reputation.d.ts +28 -0
  687. package/dist/commands/judge-reputation.js +198 -0
  688. package/dist/commands/kb.d.ts +40 -0
  689. package/dist/commands/kb.js +228 -0
  690. package/dist/commands/language-packs.d.ts +42 -0
  691. package/dist/commands/language-packs.js +150 -0
  692. package/dist/commands/learn.d.ts +26 -0
  693. package/dist/commands/learn.js +288 -0
  694. package/dist/commands/learning-path.d.ts +8 -0
  695. package/dist/commands/learning-path.js +325 -0
  696. package/dist/commands/license-scan.d.ts +8 -0
  697. package/dist/commands/license-scan.js +183 -0
  698. package/dist/commands/llm-benchmark-optimizer.d.ts +78 -0
  699. package/dist/commands/llm-benchmark-optimizer.js +241 -0
  700. package/dist/commands/llm-benchmark.d.ts +156 -0
  701. package/dist/commands/llm-benchmark.js +670 -0
  702. package/dist/commands/log-quality.d.ts +5 -0
  703. package/dist/commands/log-quality.js +211 -0
  704. package/dist/commands/logic-lint.d.ts +4 -0
  705. package/dist/commands/logic-lint.js +255 -0
  706. package/dist/commands/lsp.d.ts +23 -0
  707. package/dist/commands/lsp.js +285 -0
  708. package/dist/commands/merge-verdict.d.ts +4 -0
  709. package/dist/commands/merge-verdict.js +287 -0
  710. package/dist/commands/metrics-dashboard.d.ts +21 -0
  711. package/dist/commands/metrics-dashboard.js +334 -0
  712. package/dist/commands/metrics.d.ts +57 -0
  713. package/dist/commands/metrics.js +241 -0
  714. package/dist/commands/migration-safety.d.ts +5 -0
  715. package/dist/commands/migration-safety.js +256 -0
  716. package/dist/commands/model-report.d.ts +8 -0
  717. package/dist/commands/model-report.js +194 -0
  718. package/dist/commands/model-risk.d.ts +27 -0
  719. package/dist/commands/model-risk.js +220 -0
  720. package/dist/commands/monorepo.d.ts +37 -0
  721. package/dist/commands/monorepo.js +232 -0
  722. package/dist/commands/multi-lang-review.d.ts +4 -0
  723. package/dist/commands/multi-lang-review.js +230 -0
  724. package/dist/commands/noise-advisor.d.ts +29 -0
  725. package/dist/commands/noise-advisor.js +170 -0
  726. package/dist/commands/notify.d.ts +78 -0
  727. package/dist/commands/notify.js +324 -0
  728. package/dist/commands/null-safety-audit.d.ts +5 -0
  729. package/dist/commands/null-safety-audit.js +221 -0
  730. package/dist/commands/observability-gap.d.ts +5 -0
  731. package/dist/commands/observability-gap.js +211 -0
  732. package/dist/commands/onboard.d.ts +12 -0
  733. package/dist/commands/onboard.js +178 -0
  734. package/dist/commands/org-metrics.d.ts +23 -0
  735. package/dist/commands/org-metrics.js +237 -0
  736. package/dist/commands/org-policy.d.ts +7 -0
  737. package/dist/commands/org-policy.js +207 -0
  738. package/dist/commands/over-abstraction.d.ts +4 -0
  739. package/dist/commands/over-abstraction.js +307 -0
  740. package/dist/commands/override.d.ts +61 -0
  741. package/dist/commands/override.js +268 -0
  742. package/dist/commands/ownership-map.d.ts +5 -0
  743. package/dist/commands/ownership-map.js +217 -0
  744. package/dist/commands/parity.d.ts +30 -0
  745. package/dist/commands/parity.js +212 -0
  746. package/dist/commands/pattern-registry.d.ts +22 -0
  747. package/dist/commands/pattern-registry.js +226 -0
  748. package/dist/commands/perf-compare.d.ts +8 -0
  749. package/dist/commands/perf-compare.js +245 -0
  750. package/dist/commands/perf-hotspot.d.ts +7 -0
  751. package/dist/commands/perf-hotspot.js +273 -0
  752. package/dist/commands/phantom-import.d.ts +4 -0
  753. package/dist/commands/phantom-import.js +260 -0
  754. package/dist/commands/pii-scan.d.ts +7 -0
  755. package/dist/commands/pii-scan.js +299 -0
  756. package/dist/commands/plugin-search.d.ts +39 -0
  757. package/dist/commands/plugin-search.js +327 -0
  758. package/dist/commands/plugins.d.ts +12 -0
  759. package/dist/commands/plugins.js +104 -0
  760. package/dist/commands/policy-audit.d.ts +52 -0
  761. package/dist/commands/policy-audit.js +160 -0
  762. package/dist/commands/pr-quality-gate.d.ts +28 -0
  763. package/dist/commands/pr-quality-gate.js +207 -0
  764. package/dist/commands/pr-summary.d.ts +25 -0
  765. package/dist/commands/pr-summary.js +187 -0
  766. package/dist/commands/predict.d.ts +7 -0
  767. package/dist/commands/predict.js +218 -0
  768. package/dist/commands/privilege-path.d.ts +4 -0
  769. package/dist/commands/privilege-path.js +233 -0
  770. package/dist/commands/profile.d.ts +37 -0
  771. package/dist/commands/profile.js +101 -0
  772. package/dist/commands/prompt-replay.d.ts +7 -0
  773. package/dist/commands/prompt-replay.js +176 -0
  774. package/dist/commands/quality-gate.d.ts +69 -0
  775. package/dist/commands/quality-gate.js +252 -0
  776. package/dist/commands/query.d.ts +19 -0
  777. package/dist/commands/query.js +229 -0
  778. package/dist/commands/quick-check.d.ts +4 -0
  779. package/dist/commands/quick-check.js +173 -0
  780. package/dist/commands/recommend.d.ts +20 -0
  781. package/dist/commands/recommend.js +282 -0
  782. package/dist/commands/refactor-safety.d.ts +8 -0
  783. package/dist/commands/refactor-safety.js +273 -0
  784. package/dist/commands/reg-watch.d.ts +20 -0
  785. package/dist/commands/reg-watch.js +219 -0
  786. package/dist/commands/regression-alert.d.ts +31 -0
  787. package/dist/commands/regression-alert.js +215 -0
  788. package/dist/commands/remediation-lib.d.ts +8 -0
  789. package/dist/commands/remediation-lib.js +265 -0
  790. package/dist/commands/remediation.d.ts +20 -0
  791. package/dist/commands/remediation.js +256 -0
  792. package/dist/commands/report-template.d.ts +16 -0
  793. package/dist/commands/report-template.js +290 -0
  794. package/dist/commands/report.d.ts +12 -0
  795. package/dist/commands/report.js +139 -0
  796. package/dist/commands/resource-cleanup.d.ts +6 -0
  797. package/dist/commands/resource-cleanup.js +235 -0
  798. package/dist/commands/retro.d.ts +22 -0
  799. package/dist/commands/retro.js +211 -0
  800. package/dist/commands/retry-pattern-audit.d.ts +5 -0
  801. package/dist/commands/retry-pattern-audit.js +215 -0
  802. package/dist/commands/review-ab-test.d.ts +4 -0
  803. package/dist/commands/review-ab-test.js +224 -0
  804. package/dist/commands/review-access-log.d.ts +4 -0
  805. package/dist/commands/review-access-log.js +65 -0
  806. package/dist/commands/review-action-item-gen.d.ts +1 -0
  807. package/dist/commands/review-action-item-gen.js +72 -0
  808. package/dist/commands/review-adoption-metrics.d.ts +4 -0
  809. package/dist/commands/review-adoption-metrics.js +95 -0
  810. package/dist/commands/review-adoption-score.d.ts +1 -0
  811. package/dist/commands/review-adoption-score.js +181 -0
  812. package/dist/commands/review-ai-feedback-loop.d.ts +1 -0
  813. package/dist/commands/review-ai-feedback-loop.js +116 -0
  814. package/dist/commands/review-annotate.d.ts +4 -0
  815. package/dist/commands/review-annotate.js +122 -0
  816. package/dist/commands/review-annotation-export.d.ts +4 -0
  817. package/dist/commands/review-annotation-export.js +105 -0
  818. package/dist/commands/review-annotation.d.ts +4 -0
  819. package/dist/commands/review-annotation.js +133 -0
  820. package/dist/commands/review-api-export.d.ts +4 -0
  821. package/dist/commands/review-api-export.js +98 -0
  822. package/dist/commands/review-approval-criteria.d.ts +1 -0
  823. package/dist/commands/review-approval-criteria.js +99 -0
  824. package/dist/commands/review-approval-gate.d.ts +7 -0
  825. package/dist/commands/review-approval-gate.js +190 -0
  826. package/dist/commands/review-approval.d.ts +4 -0
  827. package/dist/commands/review-approval.js +133 -0
  828. package/dist/commands/review-archive-search.d.ts +4 -0
  829. package/dist/commands/review-archive-search.js +70 -0
  830. package/dist/commands/review-archive.d.ts +4 -0
  831. package/dist/commands/review-archive.js +135 -0
  832. package/dist/commands/review-audit-export.d.ts +4 -0
  833. package/dist/commands/review-audit-export.js +93 -0
  834. package/dist/commands/review-audit-log.d.ts +4 -0
  835. package/dist/commands/review-audit-log.js +140 -0
  836. package/dist/commands/review-audit-trail.d.ts +4 -0
  837. package/dist/commands/review-audit-trail.js +96 -0
  838. package/dist/commands/review-auto-merge.d.ts +4 -0
  839. package/dist/commands/review-auto-merge.js +175 -0
  840. package/dist/commands/review-badge.d.ts +4 -0
  841. package/dist/commands/review-badge.js +152 -0
  842. package/dist/commands/review-batch-files.d.ts +4 -0
  843. package/dist/commands/review-batch-files.js +82 -0
  844. package/dist/commands/review-batch-mode.d.ts +4 -0
  845. package/dist/commands/review-batch-mode.js +97 -0
  846. package/dist/commands/review-batch-run.d.ts +4 -0
  847. package/dist/commands/review-batch-run.js +149 -0
  848. package/dist/commands/review-benchmark-self.d.ts +4 -0
  849. package/dist/commands/review-benchmark-self.js +140 -0
  850. package/dist/commands/review-blame-map.d.ts +4 -0
  851. package/dist/commands/review-blame-map.js +100 -0
  852. package/dist/commands/review-branch-compare.d.ts +4 -0
  853. package/dist/commands/review-branch-compare.js +108 -0
  854. package/dist/commands/review-branch-policy.d.ts +4 -0
  855. package/dist/commands/review-branch-policy.js +102 -0
  856. package/dist/commands/review-bulk-action.d.ts +4 -0
  857. package/dist/commands/review-bulk-action.js +109 -0
  858. package/dist/commands/review-bulk-apply.d.ts +4 -0
  859. package/dist/commands/review-bulk-apply.js +102 -0
  860. package/dist/commands/review-cache-clear.d.ts +4 -0
  861. package/dist/commands/review-cache-clear.js +160 -0
  862. package/dist/commands/review-cache-warm.d.ts +4 -0
  863. package/dist/commands/review-cache-warm.js +70 -0
  864. package/dist/commands/review-cache.d.ts +22 -0
  865. package/dist/commands/review-cache.js +134 -0
  866. package/dist/commands/review-changelog-entry.d.ts +7 -0
  867. package/dist/commands/review-changelog-entry.js +109 -0
  868. package/dist/commands/review-changelog-gen.d.ts +4 -0
  869. package/dist/commands/review-changelog-gen.js +117 -0
  870. package/dist/commands/review-changelog-impact.d.ts +1 -0
  871. package/dist/commands/review-changelog-impact.js +89 -0
  872. package/dist/commands/review-checklist.d.ts +4 -0
  873. package/dist/commands/review-checklist.js +144 -0
  874. package/dist/commands/review-checkpoint.d.ts +4 -0
  875. package/dist/commands/review-checkpoint.js +163 -0
  876. package/dist/commands/review-ci-gate.d.ts +4 -0
  877. package/dist/commands/review-ci-gate.js +114 -0
  878. package/dist/commands/review-ci-insight.d.ts +1 -0
  879. package/dist/commands/review-ci-insight.js +100 -0
  880. package/dist/commands/review-ci-integration.d.ts +4 -0
  881. package/dist/commands/review-ci-integration.js +125 -0
  882. package/dist/commands/review-ci-status.d.ts +4 -0
  883. package/dist/commands/review-ci-status.js +200 -0
  884. package/dist/commands/review-cicd-integrate.d.ts +4 -0
  885. package/dist/commands/review-cicd-integrate.js +122 -0
  886. package/dist/commands/review-code-health-score.d.ts +1 -0
  887. package/dist/commands/review-code-health-score.js +100 -0
  888. package/dist/commands/review-code-owner.d.ts +7 -0
  889. package/dist/commands/review-code-owner.js +164 -0
  890. package/dist/commands/review-code-ownership.d.ts +1 -0
  891. package/dist/commands/review-code-ownership.js +88 -0
  892. package/dist/commands/review-comment.d.ts +4 -0
  893. package/dist/commands/review-comment.js +165 -0
  894. package/dist/commands/review-commit-hook.d.ts +7 -0
  895. package/dist/commands/review-commit-hook.js +134 -0
  896. package/dist/commands/review-commit-quality.d.ts +1 -0
  897. package/dist/commands/review-commit-quality.js +94 -0
  898. package/dist/commands/review-comparative.d.ts +4 -0
  899. package/dist/commands/review-comparative.js +149 -0
  900. package/dist/commands/review-compare-version.d.ts +4 -0
  901. package/dist/commands/review-compare-version.js +108 -0
  902. package/dist/commands/review-compare.d.ts +4 -0
  903. package/dist/commands/review-compare.js +200 -0
  904. package/dist/commands/review-compliance-check.d.ts +4 -0
  905. package/dist/commands/review-compliance-check.js +202 -0
  906. package/dist/commands/review-compliance-gate.d.ts +4 -0
  907. package/dist/commands/review-compliance-gate.js +151 -0
  908. package/dist/commands/review-compliance-map.d.ts +4 -0
  909. package/dist/commands/review-compliance-map.js +110 -0
  910. package/dist/commands/review-compliance-report.d.ts +4 -0
  911. package/dist/commands/review-compliance-report.js +127 -0
  912. package/dist/commands/review-confidence-explain.d.ts +1 -0
  913. package/dist/commands/review-confidence-explain.js +99 -0
  914. package/dist/commands/review-config-diff.d.ts +4 -0
  915. package/dist/commands/review-config-diff.js +108 -0
  916. package/dist/commands/review-config-export.d.ts +4 -0
  917. package/dist/commands/review-config-export.js +124 -0
  918. package/dist/commands/review-config-health.d.ts +1 -0
  919. package/dist/commands/review-config-health.js +172 -0
  920. package/dist/commands/review-config-migrate.d.ts +4 -0
  921. package/dist/commands/review-config-migrate.js +123 -0
  922. package/dist/commands/review-config-template.d.ts +4 -0
  923. package/dist/commands/review-config-template.js +112 -0
  924. package/dist/commands/review-config-validate.d.ts +4 -0
  925. package/dist/commands/review-config-validate.js +110 -0
  926. package/dist/commands/review-contract.d.ts +4 -0
  927. package/dist/commands/review-contract.js +199 -0
  928. package/dist/commands/review-coverage-gap.d.ts +4 -0
  929. package/dist/commands/review-coverage-gap.js +120 -0
  930. package/dist/commands/review-coverage-map.d.ts +4 -0
  931. package/dist/commands/review-coverage-map.js +194 -0
  932. package/dist/commands/review-custom-judge-config.d.ts +4 -0
  933. package/dist/commands/review-custom-judge-config.js +103 -0
  934. package/dist/commands/review-custom-judge.d.ts +4 -0
  935. package/dist/commands/review-custom-judge.js +182 -0
  936. package/dist/commands/review-custom-prompt.d.ts +4 -0
  937. package/dist/commands/review-custom-prompt.js +170 -0
  938. package/dist/commands/review-custom-rule.d.ts +4 -0
  939. package/dist/commands/review-custom-rule.js +169 -0
  940. package/dist/commands/review-dashboard-data.d.ts +4 -0
  941. package/dist/commands/review-dashboard-data.js +142 -0
  942. package/dist/commands/review-dashboard.d.ts +4 -0
  943. package/dist/commands/review-dashboard.js +140 -0
  944. package/dist/commands/review-data-retention.d.ts +4 -0
  945. package/dist/commands/review-data-retention.js +119 -0
  946. package/dist/commands/review-dependency-graph.d.ts +4 -0
  947. package/dist/commands/review-dependency-graph.js +94 -0
  948. package/dist/commands/review-dependency-review.d.ts +1 -0
  949. package/dist/commands/review-dependency-review.js +104 -0
  950. package/dist/commands/review-deployment-gate.d.ts +4 -0
  951. package/dist/commands/review-deployment-gate.js +94 -0
  952. package/dist/commands/review-depth.d.ts +4 -0
  953. package/dist/commands/review-depth.js +142 -0
  954. package/dist/commands/review-diff-annotate.d.ts +4 -0
  955. package/dist/commands/review-diff-annotate.js +104 -0
  956. package/dist/commands/review-diff-context.d.ts +4 -0
  957. package/dist/commands/review-diff-context.js +158 -0
  958. package/dist/commands/review-diff-highlight.d.ts +4 -0
  959. package/dist/commands/review-diff-highlight.js +179 -0
  960. package/dist/commands/review-diff-stats.d.ts +4 -0
  961. package/dist/commands/review-diff-stats.js +90 -0
  962. package/dist/commands/review-diff-summary.d.ts +4 -0
  963. package/dist/commands/review-diff-summary.js +154 -0
  964. package/dist/commands/review-digest-gen.d.ts +1 -0
  965. package/dist/commands/review-digest-gen.js +100 -0
  966. package/dist/commands/review-digest.d.ts +4 -0
  967. package/dist/commands/review-digest.js +265 -0
  968. package/dist/commands/review-dry-run.d.ts +4 -0
  969. package/dist/commands/review-dry-run.js +120 -0
  970. package/dist/commands/review-engagement-score.d.ts +1 -0
  971. package/dist/commands/review-engagement-score.js +111 -0
  972. package/dist/commands/review-env-check.d.ts +4 -0
  973. package/dist/commands/review-env-check.js +115 -0
  974. package/dist/commands/review-environment-config.d.ts +4 -0
  975. package/dist/commands/review-environment-config.js +102 -0
  976. package/dist/commands/review-escalation-path.d.ts +1 -0
  977. package/dist/commands/review-escalation-path.js +86 -0
  978. package/dist/commands/review-exclude-vendor.d.ts +4 -0
  979. package/dist/commands/review-exclude-vendor.js +158 -0
  980. package/dist/commands/review-explain.d.ts +5 -0
  981. package/dist/commands/review-explain.js +194 -0
  982. package/dist/commands/review-export-pdf.d.ts +7 -0
  983. package/dist/commands/review-export-pdf.js +131 -0
  984. package/dist/commands/review-export.d.ts +4 -0
  985. package/dist/commands/review-export.js +179 -0
  986. package/dist/commands/review-feedback-loop.d.ts +4 -0
  987. package/dist/commands/review-feedback-loop.js +113 -0
  988. package/dist/commands/review-feedback-summary.d.ts +1 -0
  989. package/dist/commands/review-feedback-summary.js +130 -0
  990. package/dist/commands/review-feedback.d.ts +4 -0
  991. package/dist/commands/review-feedback.js +145 -0
  992. package/dist/commands/review-file-complexity.d.ts +4 -0
  993. package/dist/commands/review-file-complexity.js +137 -0
  994. package/dist/commands/review-file-filter.d.ts +4 -0
  995. package/dist/commands/review-file-filter.js +121 -0
  996. package/dist/commands/review-file-stats.d.ts +4 -0
  997. package/dist/commands/review-file-stats.js +130 -0
  998. package/dist/commands/review-filter.d.ts +4 -0
  999. package/dist/commands/review-filter.js +161 -0
  1000. package/dist/commands/review-finding-link.d.ts +7 -0
  1001. package/dist/commands/review-finding-link.js +115 -0
  1002. package/dist/commands/review-focus-area.d.ts +1 -0
  1003. package/dist/commands/review-focus-area.js +96 -0
  1004. package/dist/commands/review-focus.d.ts +4 -0
  1005. package/dist/commands/review-focus.js +196 -0
  1006. package/dist/commands/review-gate-config.d.ts +4 -0
  1007. package/dist/commands/review-gate-config.js +153 -0
  1008. package/dist/commands/review-gate.d.ts +4 -0
  1009. package/dist/commands/review-gate.js +212 -0
  1010. package/dist/commands/review-goal-track.d.ts +1 -0
  1011. package/dist/commands/review-goal-track.js +123 -0
  1012. package/dist/commands/review-guardrail.d.ts +4 -0
  1013. package/dist/commands/review-guardrail.js +155 -0
  1014. package/dist/commands/review-handoff.d.ts +4 -0
  1015. package/dist/commands/review-handoff.js +208 -0
  1016. package/dist/commands/review-health-check.d.ts +4 -0
  1017. package/dist/commands/review-health-check.js +148 -0
  1018. package/dist/commands/review-health-trend.d.ts +1 -0
  1019. package/dist/commands/review-health-trend.js +107 -0
  1020. package/dist/commands/review-history-compare.d.ts +4 -0
  1021. package/dist/commands/review-history-compare.js +93 -0
  1022. package/dist/commands/review-history-search.d.ts +4 -0
  1023. package/dist/commands/review-history-search.js +214 -0
  1024. package/dist/commands/review-ide-sync.d.ts +4 -0
  1025. package/dist/commands/review-ide-sync.js +91 -0
  1026. package/dist/commands/review-ignore-path.d.ts +4 -0
  1027. package/dist/commands/review-ignore-path.js +147 -0
  1028. package/dist/commands/review-ignore-pattern.d.ts +5 -0
  1029. package/dist/commands/review-ignore-pattern.js +138 -0
  1030. package/dist/commands/review-incident-link.d.ts +4 -0
  1031. package/dist/commands/review-incident-link.js +93 -0
  1032. package/dist/commands/review-incremental.d.ts +4 -0
  1033. package/dist/commands/review-incremental.js +128 -0
  1034. package/dist/commands/review-integration-health.d.ts +4 -0
  1035. package/dist/commands/review-integration-health.js +84 -0
  1036. package/dist/commands/review-integration-test.d.ts +4 -0
  1037. package/dist/commands/review-integration-test.js +145 -0
  1038. package/dist/commands/review-integration.d.ts +4 -0
  1039. package/dist/commands/review-integration.js +236 -0
  1040. package/dist/commands/review-interactive.d.ts +4 -0
  1041. package/dist/commands/review-interactive.js +85 -0
  1042. package/dist/commands/review-knowledge-capture.d.ts +1 -0
  1043. package/dist/commands/review-knowledge-capture.js +94 -0
  1044. package/dist/commands/review-language-profile.d.ts +4 -0
  1045. package/dist/commands/review-language-profile.js +72 -0
  1046. package/dist/commands/review-language-stats.d.ts +4 -0
  1047. package/dist/commands/review-language-stats.js +152 -0
  1048. package/dist/commands/review-lock-file.d.ts +4 -0
  1049. package/dist/commands/review-lock-file.js +153 -0
  1050. package/dist/commands/review-lock.d.ts +4 -0
  1051. package/dist/commands/review-lock.js +107 -0
  1052. package/dist/commands/review-log.d.ts +22 -0
  1053. package/dist/commands/review-log.js +164 -0
  1054. package/dist/commands/review-mentor-suggest.d.ts +1 -0
  1055. package/dist/commands/review-mentor-suggest.js +112 -0
  1056. package/dist/commands/review-merge-check.d.ts +4 -0
  1057. package/dist/commands/review-merge-check.js +101 -0
  1058. package/dist/commands/review-merge-config.d.ts +4 -0
  1059. package/dist/commands/review-merge-config.js +119 -0
  1060. package/dist/commands/review-merge-readiness.d.ts +1 -0
  1061. package/dist/commands/review-merge-readiness.js +90 -0
  1062. package/dist/commands/review-merge-request.d.ts +4 -0
  1063. package/dist/commands/review-merge-request.js +95 -0
  1064. package/dist/commands/review-merge.d.ts +4 -0
  1065. package/dist/commands/review-merge.js +145 -0
  1066. package/dist/commands/review-metric-export.d.ts +4 -0
  1067. package/dist/commands/review-metric-export.js +62 -0
  1068. package/dist/commands/review-milestone.d.ts +4 -0
  1069. package/dist/commands/review-milestone.js +136 -0
  1070. package/dist/commands/review-multi-repo-sync.d.ts +4 -0
  1071. package/dist/commands/review-multi-repo-sync.js +115 -0
  1072. package/dist/commands/review-multi-repo.d.ts +4 -0
  1073. package/dist/commands/review-multi-repo.js +145 -0
  1074. package/dist/commands/review-note.d.ts +4 -0
  1075. package/dist/commands/review-note.js +104 -0
  1076. package/dist/commands/review-notification-config.d.ts +4 -0
  1077. package/dist/commands/review-notification-config.js +122 -0
  1078. package/dist/commands/review-notification-digest.d.ts +4 -0
  1079. package/dist/commands/review-notification-digest.js +64 -0
  1080. package/dist/commands/review-notification.d.ts +4 -0
  1081. package/dist/commands/review-notification.js +126 -0
  1082. package/dist/commands/review-notify.d.ts +4 -0
  1083. package/dist/commands/review-notify.js +143 -0
  1084. package/dist/commands/review-offline.d.ts +4 -0
  1085. package/dist/commands/review-offline.js +125 -0
  1086. package/dist/commands/review-onboard-checklist.d.ts +4 -0
  1087. package/dist/commands/review-onboard-checklist.js +119 -0
  1088. package/dist/commands/review-onboard-wizard.d.ts +4 -0
  1089. package/dist/commands/review-onboard-wizard.js +92 -0
  1090. package/dist/commands/review-onboard.d.ts +4 -0
  1091. package/dist/commands/review-onboard.js +154 -0
  1092. package/dist/commands/review-onboarding-check.d.ts +1 -0
  1093. package/dist/commands/review-onboarding-check.js +93 -0
  1094. package/dist/commands/review-org-dashboard.d.ts +4 -0
  1095. package/dist/commands/review-org-dashboard.js +68 -0
  1096. package/dist/commands/review-output-filter.d.ts +4 -0
  1097. package/dist/commands/review-output-filter.js +112 -0
  1098. package/dist/commands/review-output-format.d.ts +4 -0
  1099. package/dist/commands/review-output-format.js +144 -0
  1100. package/dist/commands/review-output-transform.d.ts +4 -0
  1101. package/dist/commands/review-output-transform.js +119 -0
  1102. package/dist/commands/review-owner.d.ts +4 -0
  1103. package/dist/commands/review-owner.js +129 -0
  1104. package/dist/commands/review-parallel-diff.d.ts +4 -0
  1105. package/dist/commands/review-parallel-diff.js +146 -0
  1106. package/dist/commands/review-parallel-files.d.ts +7 -0
  1107. package/dist/commands/review-parallel-files.js +134 -0
  1108. package/dist/commands/review-parallel-run.d.ts +4 -0
  1109. package/dist/commands/review-parallel-run.js +116 -0
  1110. package/dist/commands/review-parallel.d.ts +4 -0
  1111. package/dist/commands/review-parallel.js +164 -0
  1112. package/dist/commands/review-perf-profile.d.ts +4 -0
  1113. package/dist/commands/review-perf-profile.js +98 -0
  1114. package/dist/commands/review-permission-model.d.ts +4 -0
  1115. package/dist/commands/review-permission-model.js +149 -0
  1116. package/dist/commands/review-pipeline-status.d.ts +4 -0
  1117. package/dist/commands/review-pipeline-status.js +54 -0
  1118. package/dist/commands/review-plugin-config.d.ts +4 -0
  1119. package/dist/commands/review-plugin-config.js +167 -0
  1120. package/dist/commands/review-plugin-list.d.ts +4 -0
  1121. package/dist/commands/review-plugin-list.js +99 -0
  1122. package/dist/commands/review-plugin-manage.d.ts +4 -0
  1123. package/dist/commands/review-plugin-manage.js +137 -0
  1124. package/dist/commands/review-plugin-status.d.ts +4 -0
  1125. package/dist/commands/review-plugin-status.js +53 -0
  1126. package/dist/commands/review-policy-enforce.d.ts +1 -0
  1127. package/dist/commands/review-policy-enforce.js +92 -0
  1128. package/dist/commands/review-policy-engine.d.ts +4 -0
  1129. package/dist/commands/review-policy-engine.js +135 -0
  1130. package/dist/commands/review-pr-comment-gen.d.ts +4 -0
  1131. package/dist/commands/review-pr-comment-gen.js +62 -0
  1132. package/dist/commands/review-pr-comment.d.ts +4 -0
  1133. package/dist/commands/review-pr-comment.js +106 -0
  1134. package/dist/commands/review-pr-label-suggest.d.ts +1 -0
  1135. package/dist/commands/review-pr-label-suggest.js +77 -0
  1136. package/dist/commands/review-pr-size-check.d.ts +1 -0
  1137. package/dist/commands/review-pr-size-check.js +98 -0
  1138. package/dist/commands/review-pr-template.d.ts +4 -0
  1139. package/dist/commands/review-pr-template.js +104 -0
  1140. package/dist/commands/review-preset-save.d.ts +4 -0
  1141. package/dist/commands/review-preset-save.js +159 -0
  1142. package/dist/commands/review-priority.d.ts +4 -0
  1143. package/dist/commands/review-priority.js +157 -0
  1144. package/dist/commands/review-profile.d.ts +4 -0
  1145. package/dist/commands/review-profile.js +168 -0
  1146. package/dist/commands/review-progress-bar.d.ts +4 -0
  1147. package/dist/commands/review-progress-bar.js +157 -0
  1148. package/dist/commands/review-progress-report.d.ts +1 -0
  1149. package/dist/commands/review-progress-report.js +95 -0
  1150. package/dist/commands/review-progress-track.d.ts +4 -0
  1151. package/dist/commands/review-progress-track.js +94 -0
  1152. package/dist/commands/review-quality-baseline.d.ts +1 -0
  1153. package/dist/commands/review-quality-baseline.js +134 -0
  1154. package/dist/commands/review-quality-gate.d.ts +1 -0
  1155. package/dist/commands/review-quality-gate.js +86 -0
  1156. package/dist/commands/review-quality-score.d.ts +4 -0
  1157. package/dist/commands/review-quality-score.js +127 -0
  1158. package/dist/commands/review-quality-trend.d.ts +4 -0
  1159. package/dist/commands/review-quality-trend.js +57 -0
  1160. package/dist/commands/review-queue.d.ts +33 -0
  1161. package/dist/commands/review-queue.js +225 -0
  1162. package/dist/commands/review-quickstart.d.ts +4 -0
  1163. package/dist/commands/review-quickstart.js +107 -0
  1164. package/dist/commands/review-quota-check.d.ts +4 -0
  1165. package/dist/commands/review-quota-check.js +97 -0
  1166. package/dist/commands/review-quota.d.ts +4 -0
  1167. package/dist/commands/review-quota.js +126 -0
  1168. package/dist/commands/review-rate-limit.d.ts +4 -0
  1169. package/dist/commands/review-rate-limit.js +130 -0
  1170. package/dist/commands/review-readiness-check.d.ts +1 -0
  1171. package/dist/commands/review-readiness-check.js +98 -0
  1172. package/dist/commands/review-receipt.d.ts +4 -0
  1173. package/dist/commands/review-receipt.js +220 -0
  1174. package/dist/commands/review-release-gate.d.ts +1 -0
  1175. package/dist/commands/review-release-gate.js +81 -0
  1176. package/dist/commands/review-replay.d.ts +8 -0
  1177. package/dist/commands/review-replay.js +264 -0
  1178. package/dist/commands/review-repo-onboard.d.ts +4 -0
  1179. package/dist/commands/review-repo-onboard.js +114 -0
  1180. package/dist/commands/review-report-archive.d.ts +4 -0
  1181. package/dist/commands/review-report-archive.js +100 -0
  1182. package/dist/commands/review-report-merge.d.ts +4 -0
  1183. package/dist/commands/review-report-merge.js +90 -0
  1184. package/dist/commands/review-report-pdf.d.ts +4 -0
  1185. package/dist/commands/review-report-pdf.js +163 -0
  1186. package/dist/commands/review-report-schedule.d.ts +4 -0
  1187. package/dist/commands/review-report-schedule.js +96 -0
  1188. package/dist/commands/review-retrospective.d.ts +1 -0
  1189. package/dist/commands/review-retrospective.js +118 -0
  1190. package/dist/commands/review-retry.d.ts +4 -0
  1191. package/dist/commands/review-retry.js +91 -0
  1192. package/dist/commands/review-review-cadence.d.ts +1 -0
  1193. package/dist/commands/review-review-cadence.js +85 -0
  1194. package/dist/commands/review-review-comments.d.ts +4 -0
  1195. package/dist/commands/review-review-comments.js +84 -0
  1196. package/dist/commands/review-reviewer-match.d.ts +1 -0
  1197. package/dist/commands/review-reviewer-match.js +108 -0
  1198. package/dist/commands/review-risk-matrix.d.ts +1 -0
  1199. package/dist/commands/review-risk-matrix.js +96 -0
  1200. package/dist/commands/review-risk-score.d.ts +4 -0
  1201. package/dist/commands/review-risk-score.js +156 -0
  1202. package/dist/commands/review-role-assignment.d.ts +4 -0
  1203. package/dist/commands/review-role-assignment.js +98 -0
  1204. package/dist/commands/review-rollback.d.ts +4 -0
  1205. package/dist/commands/review-rollback.js +171 -0
  1206. package/dist/commands/review-rollout-plan.d.ts +4 -0
  1207. package/dist/commands/review-rollout-plan.js +123 -0
  1208. package/dist/commands/review-rule-filter.d.ts +4 -0
  1209. package/dist/commands/review-rule-filter.js +116 -0
  1210. package/dist/commands/review-rule-stats.d.ts +4 -0
  1211. package/dist/commands/review-rule-stats.js +161 -0
  1212. package/dist/commands/review-sandbox.d.ts +4 -0
  1213. package/dist/commands/review-sandbox.js +191 -0
  1214. package/dist/commands/review-schedule.d.ts +4 -0
  1215. package/dist/commands/review-schedule.js +169 -0
  1216. package/dist/commands/review-scope-limit.d.ts +4 -0
  1217. package/dist/commands/review-scope-limit.js +100 -0
  1218. package/dist/commands/review-scope-lock.d.ts +7 -0
  1219. package/dist/commands/review-scope-lock.js +138 -0
  1220. package/dist/commands/review-scope-select.d.ts +4 -0
  1221. package/dist/commands/review-scope-select.js +98 -0
  1222. package/dist/commands/review-scope-suggest.d.ts +1 -0
  1223. package/dist/commands/review-scope-suggest.js +112 -0
  1224. package/dist/commands/review-scope.d.ts +4 -0
  1225. package/dist/commands/review-scope.js +197 -0
  1226. package/dist/commands/review-score-history.d.ts +4 -0
  1227. package/dist/commands/review-score-history.js +137 -0
  1228. package/dist/commands/review-security-posture.d.ts +1 -0
  1229. package/dist/commands/review-security-posture.js +105 -0
  1230. package/dist/commands/review-session-replay.d.ts +4 -0
  1231. package/dist/commands/review-session-replay.js +81 -0
  1232. package/dist/commands/review-session-save.d.ts +4 -0
  1233. package/dist/commands/review-session-save.js +173 -0
  1234. package/dist/commands/review-session.d.ts +4 -0
  1235. package/dist/commands/review-session.js +150 -0
  1236. package/dist/commands/review-skip-list.d.ts +4 -0
  1237. package/dist/commands/review-skip-list.js +135 -0
  1238. package/dist/commands/review-skip-rule.d.ts +4 -0
  1239. package/dist/commands/review-skip-rule.js +105 -0
  1240. package/dist/commands/review-sla-config.d.ts +4 -0
  1241. package/dist/commands/review-sla-config.js +88 -0
  1242. package/dist/commands/review-slack-format.d.ts +4 -0
  1243. package/dist/commands/review-slack-format.js +113 -0
  1244. package/dist/commands/review-snapshot-diff.d.ts +4 -0
  1245. package/dist/commands/review-snapshot-diff.js +100 -0
  1246. package/dist/commands/review-sprint-plan.d.ts +1 -0
  1247. package/dist/commands/review-sprint-plan.js +79 -0
  1248. package/dist/commands/review-stakeholder-notify.d.ts +1 -0
  1249. package/dist/commands/review-stakeholder-notify.js +134 -0
  1250. package/dist/commands/review-stakeholder-report.d.ts +4 -0
  1251. package/dist/commands/review-stakeholder-report.js +75 -0
  1252. package/dist/commands/review-stale-finding-clean.d.ts +1 -0
  1253. package/dist/commands/review-stale-finding-clean.js +81 -0
  1254. package/dist/commands/review-standup.d.ts +4 -0
  1255. package/dist/commands/review-standup.js +95 -0
  1256. package/dist/commands/review-stats.d.ts +4 -0
  1257. package/dist/commands/review-stats.js +175 -0
  1258. package/dist/commands/review-status-badge.d.ts +4 -0
  1259. package/dist/commands/review-status-badge.js +120 -0
  1260. package/dist/commands/review-streak.d.ts +4 -0
  1261. package/dist/commands/review-streak.js +150 -0
  1262. package/dist/commands/review-summary-dashboard.d.ts +4 -0
  1263. package/dist/commands/review-summary-dashboard.js +96 -0
  1264. package/dist/commands/review-summary-email.d.ts +4 -0
  1265. package/dist/commands/review-summary-email.js +102 -0
  1266. package/dist/commands/review-summary.d.ts +4 -0
  1267. package/dist/commands/review-summary.js +174 -0
  1268. package/dist/commands/review-tag-manager.d.ts +4 -0
  1269. package/dist/commands/review-tag-manager.js +128 -0
  1270. package/dist/commands/review-tag.d.ts +4 -0
  1271. package/dist/commands/review-tag.js +136 -0
  1272. package/dist/commands/review-team-analytics.d.ts +1 -0
  1273. package/dist/commands/review-team-analytics.js +94 -0
  1274. package/dist/commands/review-team-assign.d.ts +7 -0
  1275. package/dist/commands/review-team-assign.js +211 -0
  1276. package/dist/commands/review-team-coverage.d.ts +1 -0
  1277. package/dist/commands/review-team-coverage.js +95 -0
  1278. package/dist/commands/review-team-dashboard.d.ts +4 -0
  1279. package/dist/commands/review-team-dashboard.js +98 -0
  1280. package/dist/commands/review-team-rotation.d.ts +1 -0
  1281. package/dist/commands/review-team-rotation.js +99 -0
  1282. package/dist/commands/review-team-skill-map.d.ts +1 -0
  1283. package/dist/commands/review-team-skill-map.js +102 -0
  1284. package/dist/commands/review-team-stats.d.ts +4 -0
  1285. package/dist/commands/review-team-stats.js +97 -0
  1286. package/dist/commands/review-team-summary.d.ts +4 -0
  1287. package/dist/commands/review-team-summary.js +155 -0
  1288. package/dist/commands/review-team-velocity.d.ts +1 -0
  1289. package/dist/commands/review-team-velocity.js +103 -0
  1290. package/dist/commands/review-template-export.d.ts +4 -0
  1291. package/dist/commands/review-template-export.js +146 -0
  1292. package/dist/commands/review-template-library.d.ts +4 -0
  1293. package/dist/commands/review-template-library.js +155 -0
  1294. package/dist/commands/review-template-suggest.d.ts +1 -0
  1295. package/dist/commands/review-template-suggest.js +119 -0
  1296. package/dist/commands/review-template.d.ts +4 -0
  1297. package/dist/commands/review-template.js +212 -0
  1298. package/dist/commands/review-tenant-config.d.ts +4 -0
  1299. package/dist/commands/review-tenant-config.js +116 -0
  1300. package/dist/commands/review-threshold-tune.d.ts +4 -0
  1301. package/dist/commands/review-threshold-tune.js +135 -0
  1302. package/dist/commands/review-timeline.d.ts +4 -0
  1303. package/dist/commands/review-timeline.js +76 -0
  1304. package/dist/commands/review-token-budget.d.ts +4 -0
  1305. package/dist/commands/review-token-budget.js +117 -0
  1306. package/dist/commands/review-velocity-track.d.ts +1 -0
  1307. package/dist/commands/review-velocity-track.js +94 -0
  1308. package/dist/commands/review-watch-mode.d.ts +7 -0
  1309. package/dist/commands/review-watch-mode.js +132 -0
  1310. package/dist/commands/review-webhook-dispatch.d.ts +4 -0
  1311. package/dist/commands/review-webhook-dispatch.js +99 -0
  1312. package/dist/commands/review-webhook-notify.d.ts +4 -0
  1313. package/dist/commands/review-webhook-notify.js +145 -0
  1314. package/dist/commands/review-webhook.d.ts +4 -0
  1315. package/dist/commands/review-webhook.js +140 -0
  1316. package/dist/commands/review-whitelist.d.ts +4 -0
  1317. package/dist/commands/review-whitelist.js +150 -0
  1318. package/dist/commands/review-workflow-suggest.d.ts +1 -0
  1319. package/dist/commands/review-workflow-suggest.js +129 -0
  1320. package/dist/commands/review-workload-balance.d.ts +1 -0
  1321. package/dist/commands/review-workload-balance.js +86 -0
  1322. package/dist/commands/review-workspace-init.d.ts +4 -0
  1323. package/dist/commands/review-workspace-init.js +104 -0
  1324. package/dist/commands/review-workspace-scan.d.ts +4 -0
  1325. package/dist/commands/review-workspace-scan.js +144 -0
  1326. package/dist/commands/review.d.ts +155 -0
  1327. package/dist/commands/review.js +1114 -0
  1328. package/dist/commands/risk-heatmap.d.ts +7 -0
  1329. package/dist/commands/risk-heatmap.js +223 -0
  1330. package/dist/commands/rollback-safety.d.ts +4 -0
  1331. package/dist/commands/rollback-safety.js +191 -0
  1332. package/dist/commands/rule-catalog.d.ts +4 -0
  1333. package/dist/commands/rule-catalog.js +128 -0
  1334. package/dist/commands/rule-metrics.d.ts +43 -0
  1335. package/dist/commands/rule-metrics.js +113 -0
  1336. package/dist/commands/rule-owner.d.ts +30 -0
  1337. package/dist/commands/rule-owner.js +181 -0
  1338. package/dist/commands/rule-share.d.ts +34 -0
  1339. package/dist/commands/rule-share.js +202 -0
  1340. package/dist/commands/rule-test.d.ts +4 -0
  1341. package/dist/commands/rule-test.js +201 -0
  1342. package/dist/commands/rule.d.ts +114 -0
  1343. package/dist/commands/rule.js +295 -0
  1344. package/dist/commands/sbom-export.d.ts +7 -0
  1345. package/dist/commands/sbom-export.js +161 -0
  1346. package/dist/commands/scaffold-plugin.d.ts +15 -0
  1347. package/dist/commands/scaffold-plugin.js +270 -0
  1348. package/dist/commands/secret-age.d.ts +5 -0
  1349. package/dist/commands/secret-age.js +214 -0
  1350. package/dist/commands/secret-scan.d.ts +7 -0
  1351. package/dist/commands/secret-scan.js +244 -0
  1352. package/dist/commands/security-maturity.d.ts +7 -0
  1353. package/dist/commands/security-maturity.js +312 -0
  1354. package/dist/commands/security-theater.d.ts +4 -0
  1355. package/dist/commands/security-theater.js +278 -0
  1356. package/dist/commands/setup-wizard.d.ts +4 -0
  1357. package/dist/commands/setup-wizard.js +174 -0
  1358. package/dist/commands/severity-tune.d.ts +4 -0
  1359. package/dist/commands/severity-tune.js +208 -0
  1360. package/dist/commands/sla-track.d.ts +56 -0
  1361. package/dist/commands/sla-track.js +268 -0
  1362. package/dist/commands/smart-output.d.ts +38 -0
  1363. package/dist/commands/smart-output.js +175 -0
  1364. package/dist/commands/smart-select.d.ts +26 -0
  1365. package/dist/commands/smart-select.js +345 -0
  1366. package/dist/commands/snapshot.d.ts +139 -0
  1367. package/dist/commands/snapshot.js +478 -0
  1368. package/dist/commands/snippet-eval.d.ts +7 -0
  1369. package/dist/commands/snippet-eval.js +223 -0
  1370. package/dist/commands/spec-conform.d.ts +4 -0
  1371. package/dist/commands/spec-conform.js +304 -0
  1372. package/dist/commands/stale-pattern.d.ts +4 -0
  1373. package/dist/commands/stale-pattern.js +293 -0
  1374. package/dist/commands/state-integrity.d.ts +4 -0
  1375. package/dist/commands/state-integrity.js +283 -0
  1376. package/dist/commands/suppress.d.ts +39 -0
  1377. package/dist/commands/suppress.js +203 -0
  1378. package/dist/commands/team-config.d.ts +4 -0
  1379. package/dist/commands/team-config.js +234 -0
  1380. package/dist/commands/team-leaderboard.d.ts +24 -0
  1381. package/dist/commands/team-leaderboard.js +227 -0
  1382. package/dist/commands/team-rules-sync.d.ts +7 -0
  1383. package/dist/commands/team-rules-sync.js +250 -0
  1384. package/dist/commands/team-trust.d.ts +7 -0
  1385. package/dist/commands/team-trust.js +174 -0
  1386. package/dist/commands/test-correlate.d.ts +7 -0
  1387. package/dist/commands/test-correlate.js +221 -0
  1388. package/dist/commands/test-isolation.d.ts +5 -0
  1389. package/dist/commands/test-isolation.js +234 -0
  1390. package/dist/commands/test-quality.d.ts +5 -0
  1391. package/dist/commands/test-quality.js +160 -0
  1392. package/dist/commands/test-suggest.d.ts +8 -0
  1393. package/dist/commands/test-suggest.js +247 -0
  1394. package/dist/commands/ticket-sync.d.ts +25 -0
  1395. package/dist/commands/ticket-sync.js +235 -0
  1396. package/dist/commands/timeout-audit.d.ts +4 -0
  1397. package/dist/commands/timeout-audit.js +210 -0
  1398. package/dist/commands/trace.d.ts +64 -0
  1399. package/dist/commands/trace.js +245 -0
  1400. package/dist/commands/trend-report.d.ts +4 -0
  1401. package/dist/commands/trend-report.js +148 -0
  1402. package/dist/commands/triage.d.ts +15 -0
  1403. package/dist/commands/triage.js +171 -0
  1404. package/dist/commands/trust-adaptive.d.ts +8 -0
  1405. package/dist/commands/trust-adaptive.js +193 -0
  1406. package/dist/commands/trust-ramp.d.ts +29 -0
  1407. package/dist/commands/trust-ramp.js +189 -0
  1408. package/dist/commands/tune.d.ts +24 -0
  1409. package/dist/commands/tune.js +380 -0
  1410. package/dist/commands/type-boundary.d.ts +4 -0
  1411. package/dist/commands/type-boundary.js +235 -0
  1412. package/dist/commands/upload.d.ts +13 -0
  1413. package/dist/commands/upload.js +172 -0
  1414. package/dist/commands/validate-config.d.ts +16 -0
  1415. package/dist/commands/validate-config.js +267 -0
  1416. package/dist/commands/vendor-lock-detect.d.ts +7 -0
  1417. package/dist/commands/vendor-lock-detect.js +288 -0
  1418. package/dist/commands/vote.d.ts +31 -0
  1419. package/dist/commands/vote.js +200 -0
  1420. package/dist/commands/warm-cache.d.ts +30 -0
  1421. package/dist/commands/warm-cache.js +165 -0
  1422. package/dist/commands/watch-judge.d.ts +7 -0
  1423. package/dist/commands/watch-judge.js +179 -0
  1424. package/dist/commands/watch.d.ts +22 -0
  1425. package/dist/commands/watch.js +147 -0
  1426. package/dist/comparison.d.ts +67 -0
  1427. package/dist/comparison.js +253 -0
  1428. package/dist/config.d.ts +108 -0
  1429. package/dist/config.js +694 -0
  1430. package/dist/context/context-snippets.d.ts +15 -0
  1431. package/dist/context/context-snippets.js +36 -0
  1432. package/dist/context/embedding-cache.d.ts +30 -0
  1433. package/dist/context/embedding-cache.js +48 -0
  1434. package/dist/data-adapter.d.ts +123 -0
  1435. package/dist/data-adapter.js +212 -0
  1436. package/dist/dedup.d.ts +105 -0
  1437. package/dist/dedup.js +606 -0
  1438. package/dist/disk-cache.d.ts +59 -0
  1439. package/dist/disk-cache.js +236 -0
  1440. package/dist/errors.d.ts +43 -0
  1441. package/dist/errors.js +63 -0
  1442. package/dist/escalation.d.ts +100 -0
  1443. package/dist/escalation.js +292 -0
  1444. package/dist/evaluation-session.d.ts +74 -0
  1445. package/dist/evaluation-session.js +152 -0
  1446. package/dist/evaluators/accessibility.d.ts +2 -0
  1447. package/dist/evaluators/accessibility.js +559 -0
  1448. package/dist/evaluators/agent-instructions.d.ts +2 -0
  1449. package/dist/evaluators/agent-instructions.js +214 -0
  1450. package/dist/evaluators/ai-code-safety.d.ts +8 -0
  1451. package/dist/evaluators/ai-code-safety.js +410 -0
  1452. package/dist/evaluators/api-contract.d.ts +9 -0
  1453. package/dist/evaluators/api-contract.js +203 -0
  1454. package/dist/evaluators/api-design.d.ts +2 -0
  1455. package/dist/evaluators/api-design.js +260 -0
  1456. package/dist/evaluators/app-builder.d.ts +33 -0
  1457. package/dist/evaluators/app-builder.js +155 -0
  1458. package/dist/evaluators/authentication.d.ts +2 -0
  1459. package/dist/evaluators/authentication.js +455 -0
  1460. package/dist/evaluators/backwards-compatibility.d.ts +2 -0
  1461. package/dist/evaluators/backwards-compatibility.js +168 -0
  1462. package/dist/evaluators/caching.d.ts +2 -0
  1463. package/dist/evaluators/caching.js +171 -0
  1464. package/dist/evaluators/ci-cd.d.ts +2 -0
  1465. package/dist/evaluators/ci-cd.js +218 -0
  1466. package/dist/evaluators/cloud-readiness.d.ts +2 -0
  1467. package/dist/evaluators/cloud-readiness.js +231 -0
  1468. package/dist/evaluators/code-structure.d.ts +21 -0
  1469. package/dist/evaluators/code-structure.js +195 -0
  1470. package/dist/evaluators/compliance.d.ts +2 -0
  1471. package/dist/evaluators/compliance.js +329 -0
  1472. package/dist/evaluators/concurrency.d.ts +2 -0
  1473. package/dist/evaluators/concurrency.js +307 -0
  1474. package/dist/evaluators/configuration-management.d.ts +2 -0
  1475. package/dist/evaluators/configuration-management.js +232 -0
  1476. package/dist/evaluators/cost-effectiveness.d.ts +2 -0
  1477. package/dist/evaluators/cost-effectiveness.js +418 -0
  1478. package/dist/evaluators/cybersecurity.d.ts +2 -0
  1479. package/dist/evaluators/cybersecurity.js +1197 -0
  1480. package/dist/evaluators/data-security.d.ts +2 -0
  1481. package/dist/evaluators/data-security.js +467 -0
  1482. package/dist/evaluators/data-sovereignty.d.ts +2 -0
  1483. package/dist/evaluators/data-sovereignty.js +495 -0
  1484. package/dist/evaluators/database.d.ts +2 -0
  1485. package/dist/evaluators/database.js +240 -0
  1486. package/dist/evaluators/dependencies.d.ts +5 -0
  1487. package/dist/evaluators/dependencies.js +228 -0
  1488. package/dist/evaluators/dependency-health.d.ts +2 -0
  1489. package/dist/evaluators/dependency-health.js +477 -0
  1490. package/dist/evaluators/documentation.d.ts +2 -0
  1491. package/dist/evaluators/documentation.js +432 -0
  1492. package/dist/evaluators/error-handling.d.ts +2 -0
  1493. package/dist/evaluators/error-handling.js +426 -0
  1494. package/dist/evaluators/ethics-bias.d.ts +2 -0
  1495. package/dist/evaluators/ethics-bias.js +263 -0
  1496. package/dist/evaluators/false-positive-review.d.ts +21 -0
  1497. package/dist/evaluators/false-positive-review.js +1246 -0
  1498. package/dist/evaluators/framework-rules.d.ts +58 -0
  1499. package/dist/evaluators/framework-rules.js +291 -0
  1500. package/dist/evaluators/framework-safety.d.ts +12 -0
  1501. package/dist/evaluators/framework-safety.js +1205 -0
  1502. package/dist/evaluators/hallucination-detection.d.ts +2 -0
  1503. package/dist/evaluators/hallucination-detection.js +1250 -0
  1504. package/dist/evaluators/iac-security.d.ts +8 -0
  1505. package/dist/evaluators/iac-security.js +701 -0
  1506. package/dist/evaluators/index.d.ts +167 -0
  1507. package/dist/evaluators/index.js +994 -0
  1508. package/dist/evaluators/intent-alignment.d.ts +18 -0
  1509. package/dist/evaluators/intent-alignment.js +405 -0
  1510. package/dist/evaluators/internationalization.d.ts +2 -0
  1511. package/dist/evaluators/internationalization.js +287 -0
  1512. package/dist/evaluators/judge-selector.d.ts +19 -0
  1513. package/dist/evaluators/judge-selector.js +141 -0
  1514. package/dist/evaluators/logging-privacy.d.ts +2 -0
  1515. package/dist/evaluators/logging-privacy.js +190 -0
  1516. package/dist/evaluators/logic-review.d.ts +2 -0
  1517. package/dist/evaluators/logic-review.js +289 -0
  1518. package/dist/evaluators/maintainability.d.ts +2 -0
  1519. package/dist/evaluators/maintainability.js +430 -0
  1520. package/dist/evaluators/model-fingerprint.d.ts +2 -0
  1521. package/dist/evaluators/model-fingerprint.js +151 -0
  1522. package/dist/evaluators/multi-turn-coherence.d.ts +13 -0
  1523. package/dist/evaluators/multi-turn-coherence.js +149 -0
  1524. package/dist/evaluators/observability.d.ts +2 -0
  1525. package/dist/evaluators/observability.js +238 -0
  1526. package/dist/evaluators/over-engineering.d.ts +2 -0
  1527. package/dist/evaluators/over-engineering.js +160 -0
  1528. package/dist/evaluators/performance.d.ts +2 -0
  1529. package/dist/evaluators/performance.js +649 -0
  1530. package/dist/evaluators/portability.d.ts +2 -0
  1531. package/dist/evaluators/portability.js +254 -0
  1532. package/dist/evaluators/project.d.ts +48 -0
  1533. package/dist/evaluators/project.js +817 -0
  1534. package/dist/evaluators/rate-limiting.d.ts +2 -0
  1535. package/dist/evaluators/rate-limiting.js +193 -0
  1536. package/dist/evaluators/recall-boost.d.ts +27 -0
  1537. package/dist/evaluators/recall-boost.js +409 -0
  1538. package/dist/evaluators/reliability.d.ts +2 -0
  1539. package/dist/evaluators/reliability.js +245 -0
  1540. package/dist/evaluators/scalability.d.ts +2 -0
  1541. package/dist/evaluators/scalability.js +230 -0
  1542. package/dist/evaluators/security.d.ts +12 -0
  1543. package/dist/evaluators/security.js +1013 -0
  1544. package/dist/evaluators/shared.d.ts +219 -0
  1545. package/dist/evaluators/shared.js +1169 -0
  1546. package/dist/evaluators/software-practices.d.ts +2 -0
  1547. package/dist/evaluators/software-practices.js +395 -0
  1548. package/dist/evaluators/suppressions.d.ts +49 -0
  1549. package/dist/evaluators/suppressions.js +185 -0
  1550. package/dist/evaluators/testing.d.ts +2 -0
  1551. package/dist/evaluators/testing.js +348 -0
  1552. package/dist/evaluators/ux.d.ts +2 -0
  1553. package/dist/evaluators/ux.js +309 -0
  1554. package/dist/evaluators/v2.d.ts +26 -0
  1555. package/dist/evaluators/v2.js +354 -0
  1556. package/dist/ext-to-lang.d.ts +16 -0
  1557. package/dist/ext-to-lang.js +60 -0
  1558. package/dist/feedback-loop.d.ts +62 -0
  1559. package/dist/feedback-loop.js +179 -0
  1560. package/dist/finding-lifecycle.d.ts +215 -0
  1561. package/dist/finding-lifecycle.js +547 -0
  1562. package/dist/fingerprint.d.ts +39 -0
  1563. package/dist/fingerprint.js +179 -0
  1564. package/dist/fix-history.d.ts +103 -0
  1565. package/dist/fix-history.js +164 -0
  1566. package/dist/formatters/badge.d.ts +16 -0
  1567. package/dist/formatters/badge.js +78 -0
  1568. package/dist/formatters/codeclimate.d.ts +24 -0
  1569. package/dist/formatters/codeclimate.js +80 -0
  1570. package/dist/formatters/csv.d.ts +16 -0
  1571. package/dist/formatters/csv.js +53 -0
  1572. package/dist/formatters/diagnostics.d.ts +81 -0
  1573. package/dist/formatters/diagnostics.js +152 -0
  1574. package/dist/formatters/github-actions.d.ts +6 -0
  1575. package/dist/formatters/github-actions.js +68 -0
  1576. package/dist/formatters/html.d.ts +12 -0
  1577. package/dist/formatters/html.js +194 -0
  1578. package/dist/formatters/junit.d.ts +6 -0
  1579. package/dist/formatters/junit.js +68 -0
  1580. package/dist/formatters/pdf.d.ts +12 -0
  1581. package/dist/formatters/pdf.js +114 -0
  1582. package/dist/formatters/sarif.d.ts +92 -0
  1583. package/dist/formatters/sarif.js +256 -0
  1584. package/dist/formatters/shared.d.ts +4 -0
  1585. package/dist/formatters/shared.js +29 -0
  1586. package/dist/git-diff.d.ts +62 -0
  1587. package/dist/git-diff.js +282 -0
  1588. package/dist/github-app.d.ts +152 -0
  1589. package/dist/github-app.js +716 -0
  1590. package/dist/import-resolver.d.ts +51 -0
  1591. package/dist/import-resolver.js +213 -0
  1592. package/dist/index.d.ts +4 -0
  1593. package/dist/index.js +38 -0
  1594. package/dist/judge-registry.d.ts +156 -0
  1595. package/dist/judge-registry.js +272 -0
  1596. package/dist/judges/accessibility.d.ts +2 -0
  1597. package/dist/judges/accessibility.js +46 -0
  1598. package/dist/judges/agent-instructions.d.ts +2 -0
  1599. package/dist/judges/agent-instructions.js +46 -0
  1600. package/dist/judges/ai-code-safety.d.ts +2 -0
  1601. package/dist/judges/ai-code-safety.js +57 -0
  1602. package/dist/judges/api-contract.d.ts +2 -0
  1603. package/dist/judges/api-contract.js +40 -0
  1604. package/dist/judges/api-design.d.ts +2 -0
  1605. package/dist/judges/api-design.js +57 -0
  1606. package/dist/judges/authentication.d.ts +2 -0
  1607. package/dist/judges/authentication.js +63 -0
  1608. package/dist/judges/backwards-compatibility.d.ts +2 -0
  1609. package/dist/judges/backwards-compatibility.js +46 -0
  1610. package/dist/judges/caching.d.ts +2 -0
  1611. package/dist/judges/caching.js +46 -0
  1612. package/dist/judges/ci-cd.d.ts +2 -0
  1613. package/dist/judges/ci-cd.js +46 -0
  1614. package/dist/judges/cloud-readiness.d.ts +2 -0
  1615. package/dist/judges/cloud-readiness.js +53 -0
  1616. package/dist/judges/code-structure.d.ts +2 -0
  1617. package/dist/judges/code-structure.js +50 -0
  1618. package/dist/judges/compliance.d.ts +2 -0
  1619. package/dist/judges/compliance.js +49 -0
  1620. package/dist/judges/concurrency.d.ts +2 -0
  1621. package/dist/judges/concurrency.js +48 -0
  1622. package/dist/judges/configuration-management.d.ts +2 -0
  1623. package/dist/judges/configuration-management.js +46 -0
  1624. package/dist/judges/cost-effectiveness.d.ts +2 -0
  1625. package/dist/judges/cost-effectiveness.js +42 -0
  1626. package/dist/judges/cybersecurity.d.ts +2 -0
  1627. package/dist/judges/cybersecurity.js +63 -0
  1628. package/dist/judges/data-security.d.ts +2 -0
  1629. package/dist/judges/data-security.js +50 -0
  1630. package/dist/judges/data-sovereignty.d.ts +2 -0
  1631. package/dist/judges/data-sovereignty.js +60 -0
  1632. package/dist/judges/database.d.ts +2 -0
  1633. package/dist/judges/database.js +51 -0
  1634. package/dist/judges/dependency-health.d.ts +2 -0
  1635. package/dist/judges/dependency-health.js +48 -0
  1636. package/dist/judges/documentation.d.ts +2 -0
  1637. package/dist/judges/documentation.js +55 -0
  1638. package/dist/judges/error-handling.d.ts +2 -0
  1639. package/dist/judges/error-handling.js +55 -0
  1640. package/dist/judges/ethics-bias.d.ts +2 -0
  1641. package/dist/judges/ethics-bias.js +48 -0
  1642. package/dist/judges/false-positive-review.d.ts +2 -0
  1643. package/dist/judges/false-positive-review.js +85 -0
  1644. package/dist/judges/framework-safety.d.ts +2 -0
  1645. package/dist/judges/framework-safety.js +49 -0
  1646. package/dist/judges/hallucination-detection.d.ts +2 -0
  1647. package/dist/judges/hallucination-detection.js +48 -0
  1648. package/dist/judges/iac-security.d.ts +2 -0
  1649. package/dist/judges/iac-security.js +47 -0
  1650. package/dist/judges/index.d.ts +88 -0
  1651. package/dist/judges/index.js +128 -0
  1652. package/dist/judges/intent-alignment.d.ts +2 -0
  1653. package/dist/judges/intent-alignment.js +46 -0
  1654. package/dist/judges/internationalization.d.ts +2 -0
  1655. package/dist/judges/internationalization.js +44 -0
  1656. package/dist/judges/logging-privacy.d.ts +2 -0
  1657. package/dist/judges/logging-privacy.js +46 -0
  1658. package/dist/judges/logic-review.d.ts +2 -0
  1659. package/dist/judges/logic-review.js +36 -0
  1660. package/dist/judges/maintainability.d.ts +2 -0
  1661. package/dist/judges/maintainability.js +46 -0
  1662. package/dist/judges/model-fingerprint.d.ts +2 -0
  1663. package/dist/judges/model-fingerprint.js +35 -0
  1664. package/dist/judges/multi-turn-coherence.d.ts +2 -0
  1665. package/dist/judges/multi-turn-coherence.js +39 -0
  1666. package/dist/judges/observability.d.ts +2 -0
  1667. package/dist/judges/observability.js +54 -0
  1668. package/dist/judges/over-engineering.d.ts +2 -0
  1669. package/dist/judges/over-engineering.js +50 -0
  1670. package/dist/judges/performance.d.ts +2 -0
  1671. package/dist/judges/performance.js +46 -0
  1672. package/dist/judges/portability.d.ts +2 -0
  1673. package/dist/judges/portability.js +46 -0
  1674. package/dist/judges/rate-limiting.d.ts +2 -0
  1675. package/dist/judges/rate-limiting.js +55 -0
  1676. package/dist/judges/reliability.d.ts +2 -0
  1677. package/dist/judges/reliability.js +57 -0
  1678. package/dist/judges/scalability.d.ts +2 -0
  1679. package/dist/judges/scalability.js +52 -0
  1680. package/dist/judges/security.d.ts +2 -0
  1681. package/dist/judges/security.js +64 -0
  1682. package/dist/judges/software-practices.d.ts +2 -0
  1683. package/dist/judges/software-practices.js +56 -0
  1684. package/dist/judges/testing.d.ts +2 -0
  1685. package/dist/judges/testing.js +54 -0
  1686. package/dist/judges/ux.d.ts +2 -0
  1687. package/dist/judges/ux.js +46 -0
  1688. package/dist/language-patterns.d.ts +653 -0
  1689. package/dist/language-patterns.js +851 -0
  1690. package/dist/parallel.d.ts +52 -0
  1691. package/dist/parallel.js +157 -0
  1692. package/dist/patches/apply.d.ts +15 -0
  1693. package/dist/patches/apply.js +37 -0
  1694. package/dist/patches/index.d.ts +9 -0
  1695. package/dist/patches/index.js +2544 -0
  1696. package/dist/plugins.d.ts +59 -0
  1697. package/dist/plugins.js +76 -0
  1698. package/dist/presets.d.ts +35 -0
  1699. package/dist/presets.js +406 -0
  1700. package/dist/probabilistic/llm-response-validator.d.ts +26 -0
  1701. package/dist/probabilistic/llm-response-validator.js +122 -0
  1702. package/dist/reports/public-repo-report.d.ts +42 -0
  1703. package/dist/reports/public-repo-report.js +579 -0
  1704. package/dist/review-conversation.d.ts +87 -0
  1705. package/dist/review-conversation.js +307 -0
  1706. package/dist/sast-integration.d.ts +112 -0
  1707. package/dist/sast-integration.js +215 -0
  1708. package/dist/scoring.d.ts +36 -0
  1709. package/dist/scoring.js +437 -0
  1710. package/dist/security-ids.d.ts +23 -0
  1711. package/dist/security-ids.js +239 -0
  1712. package/dist/skill-loader.d.ts +33 -0
  1713. package/dist/skill-loader.js +167 -0
  1714. package/dist/tools/command-safety.d.ts +13 -0
  1715. package/dist/tools/command-safety.js +95 -0
  1716. package/dist/tools/deep-review.d.ts +38 -0
  1717. package/dist/tools/deep-review.js +302 -0
  1718. package/dist/tools/prompts.d.ts +27 -0
  1719. package/dist/tools/prompts.js +122 -0
  1720. package/dist/tools/register-evaluation.d.ts +6 -0
  1721. package/dist/tools/register-evaluation.js +587 -0
  1722. package/dist/tools/register-fix.d.ts +5 -0
  1723. package/dist/tools/register-fix.js +175 -0
  1724. package/dist/tools/register-resources.d.ts +6 -0
  1725. package/dist/tools/register-resources.js +177 -0
  1726. package/dist/tools/register-review.d.ts +6 -0
  1727. package/dist/tools/register-review.js +564 -0
  1728. package/dist/tools/register-scaffold.d.ts +2 -0
  1729. package/dist/tools/register-scaffold.js +398 -0
  1730. package/dist/tools/register-workflow.d.ts +6 -0
  1731. package/dist/tools/register-workflow.js +1037 -0
  1732. package/dist/tools/register-workspace.d.ts +2 -0
  1733. package/dist/tools/register-workspace.js +214 -0
  1734. package/dist/tools/register.d.ts +6 -0
  1735. package/dist/tools/register.js +21 -0
  1736. package/dist/tools/schemas.d.ts +25 -0
  1737. package/dist/tools/schemas.js +41 -0
  1738. package/dist/tools/validation.d.ts +13 -0
  1739. package/dist/tools/validation.js +77 -0
  1740. package/dist/types.d.ts +898 -0
  1741. package/dist/types.js +1 -0
  1742. package/package.json +54 -0
  1743. package/skills/ai-code-review.skill.md +57 -0
  1744. package/skills/release-gate.skill.md +27 -0
  1745. package/skills/security-review.skill.md +32 -0
package/dist/evaluators/framework-safety.js ADDED
@@ -0,0 +1,1205 @@
1
+ import { getLineNumbers, getLangFamily, isCommentLine, testCode } from "./shared.js";
2
+ /**
3
+ * Framework-specific deep safety rules.
4
+ *
5
+ * Detects misuse patterns unique to popular frameworks that generic rules miss:
6
+ * - React: hook violations, unsafe lifecycle, XSS via dangerouslySetInnerHTML
7
+ * - Express/Koa/Fastify: middleware ordering, body-parser pitfalls, error middleware
8
+ * - Next.js: SSR data leaks, getServerSideProps security, API route exposure
9
+ * - Angular: bypassSecurityTrust, template injection, zone.js anti-patterns
10
+ * - Vue: v-html without sanitization, computed vs watch misuse
11
+ */
12
+ export function analyzeFrameworkSafety(code, language) {
13
+ const findings = [];
14
+ const lines = code.split("\n");
15
+ let ruleNum = 1;
16
+ const prefix = "FW";
17
+ const lang = getLangFamily(language);
18
+ // ── JS/TS Frameworks ──────────────────────────────────────────────────────
19
+ if (lang === "javascript" || lang === "typescript") {
20
+ // ── React Hook Violations ────────────────────────────────────────────────
21
+ // Conditional hook call — breaks Rules of Hooks
22
+ const conditionalHookLines = [];
23
+ let inConditional = 0;
24
+ for (let i = 0; i < lines.length; i++) {
25
+ const line = lines[i];
26
+ if (isCommentLine(line))
27
+ continue;
28
+ if (/\bif\s*\(|\bswitch\s*\(|\?\s*$/.test(line))
29
+ inConditional++;
30
+ if (inConditional > 0 &&
31
+ /\buse(?:State|Effect|Memo|Callback|Ref|Context|Reducer|LayoutEffect|ImperativeHandle|DebugValue)\s*\(/i.test(line)) {
32
+ conditionalHookLines.push(i + 1);
33
+ }
34
+ if (/^\s*\}/.test(line) && inConditional > 0)
35
+ inConditional--;
36
+ }
37
+ if (conditionalHookLines.length > 0) {
38
+ findings.push({
39
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
40
+ severity: "critical",
41
+ title: "React hook called conditionally — Rules of Hooks violation",
42
+ description: "Hooks must be called at the top level of a React component/custom hook, never inside conditions, loops, or nested functions. Conditional hooks cause stale state and render crashes.",
43
+ lineNumbers: conditionalHookLines,
44
+ recommendation: "Move hook calls to the top level of the component. Use the hook's value conditionally instead of calling the hook conditionally.",
45
+ reference: "React Rules of Hooks — https://react.dev/reference/rules/rules-of-hooks",
46
+ suggestedFix: "Move the hook call outside the if block: const [value, setValue] = useState(initial); then use value conditionally.",
47
+ confidence: 0.9,
48
+ });
49
+ }
50
+ // Hook inside loop
51
+ const hookInLoopLines = [];
52
+ let inLoop = 0;
53
+ for (let i = 0; i < lines.length; i++) {
54
+ const line = lines[i];
55
+ if (isCommentLine(line))
56
+ continue;
57
+ if (/\bfor\s*\(|\bwhile\s*\(|\.forEach\s*\(|\.map\s*\(/.test(line))
58
+ inLoop++;
59
+ if (inLoop > 0 && /\buse(?:State|Effect|Memo|Callback|Ref|Context|Reducer)\s*\(/i.test(line)) {
60
+ hookInLoopLines.push(i + 1);
61
+ }
62
+ if (/^\s*\}/.test(line) && inLoop > 0)
63
+ inLoop--;
64
+ }
65
+ if (hookInLoopLines.length > 0) {
66
+ findings.push({
67
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
68
+ severity: "critical",
69
+ title: "React hook called inside a loop — Rules of Hooks violation",
70
+ description: "Hooks must not be called inside loops. The number of hook calls must be the same on every render. Looped hooks cause unpredictable state corruption.",
71
+ lineNumbers: hookInLoopLines,
72
+ recommendation: "Extract the looped logic into a child component that uses its own hooks, or restructure to call hooks at the top level with array state.",
73
+ reference: "React Rules of Hooks — https://react.dev/reference/rules/rules-of-hooks",
74
+ confidence: 0.9,
75
+ });
76
+ }
77
+ // useEffect with missing cleanup for subscriptions/timers
78
+ const effectNoCleanupLines = [];
79
+ for (let i = 0; i < lines.length; i++) {
80
+ if (isCommentLine(lines[i]))
81
+ continue;
82
+ if (/\buseEffect\s*\(\s*\(\s*\)\s*=>\s*\{/.test(lines[i])) {
83
+ const effectBody = lines.slice(i, Math.min(lines.length, i + 20)).join("\n");
84
+ const hasSubscription = /addEventListener|subscribe|setInterval|setTimeout|\.on\(|\.listen\(|socket\.|EventSource|WebSocket/.test(effectBody);
85
+ const hasCleanup = /return\s*\(\s*\)\s*=>|return\s*\(\)\s*=>|return\s+function|removeEventListener|unsubscribe|clearInterval|clearTimeout|\.off\(|\.close\(/.test(effectBody);
86
+ if (hasSubscription && !hasCleanup) {
87
+ effectNoCleanupLines.push(i + 1);
88
+ }
89
+ }
90
+ }
91
+ if (effectNoCleanupLines.length > 0) {
92
+ findings.push({
93
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
94
+ severity: "high",
95
+ title: "useEffect subscribes without cleanup — memory leak risk",
96
+ description: "useEffect sets up event listeners, timers, or subscriptions but does not return a cleanup function. On unmount or re-render, old subscriptions accumulate, causing memory leaks.",
97
+ lineNumbers: effectNoCleanupLines,
98
+ recommendation: "Return a cleanup function from useEffect that removes listeners/clears timers: return () => { window.removeEventListener('resize', handler); };",
99
+ reference: "React useEffect cleanup — https://react.dev/reference/react/useEffect",
100
+ suggestedFix: "Add cleanup: useEffect(() => { const id = setInterval(fn, 1000); return () => clearInterval(id); }, []);",
101
+ confidence: 0.85,
102
+ });
103
+ }
104
+ // useEffect with object/array literal as dependency → infinite re-render
105
+ const effectObjDepLines = [];
106
+ for (let i = 0; i < lines.length; i++) {
107
+ if (isCommentLine(lines[i]))
108
+ continue;
109
+ if (/\buseEffect\s*\(/.test(lines[i]) || /\buseMemo\s*\(/.test(lines[i]) || /\buseCallback\s*\(/.test(lines[i])) {
110
+ const ctx = lines.slice(i, Math.min(lines.length, i + 5)).join(" ");
111
+ // Matches dep arrays containing inline object/array literals: [{ ... }] or [[ ... ]]
112
+ if (/\],\s*\[(?:[^\]]*\{[^}]*\}|[^\]]*\[[^\]]*\])/.test(ctx)) {
113
+ effectObjDepLines.push(i + 1);
114
+ }
115
+ }
116
+ }
117
+ if (effectObjDepLines.length > 0) {
118
+ findings.push({
119
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
120
+ severity: "high",
121
+ title: "Inline object/array in hook dependency array — infinite re-render",
122
+ description: "Object or array literals in useEffect/useMemo/useCallback dependency arrays create new references every render, causing the hook to fire on every render cycle.",
123
+ lineNumbers: effectObjDepLines,
124
+ recommendation: "Extract the object/array to a useMemo or define it outside the component. Compare by primitive values or use a stable reference.",
125
+ reference: "React hook dependency array — https://react.dev/reference/react/useEffect",
126
+ confidence: 0.8,
127
+ });
128
+ }
129
+ // setState in useEffect without dependency guard → infinite loop
130
+ const setStateInEffectLines = [];
131
+ for (let i = 0; i < lines.length; i++) {
132
+ if (isCommentLine(lines[i]))
133
+ continue;
134
+ if (/\buseEffect\s*\(\s*\(\s*\)\s*=>\s*\{/.test(lines[i])) {
135
+ const effectCtx = lines.slice(i, Math.min(lines.length, i + 15)).join("\n");
136
+ const hasSetState = /\bset\w+\s*\(/.test(effectCtx);
137
+ const hasDeps = /\],\s*\[/.test(effectCtx) || /\}\s*,\s*\[\s*\]/.test(effectCtx);
138
+ if (hasSetState && !hasDeps) {
139
+ setStateInEffectLines.push(i + 1);
140
+ }
141
+ }
142
+ }
143
+ if (setStateInEffectLines.length > 0) {
144
+ findings.push({
145
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
146
+ severity: "high",
147
+ title: "setState in useEffect without dependency array — potential infinite loop",
148
+ description: "Calling setState inside a useEffect with no dependency array causes the component to re-render, which re-runs the effect, which calls setState again — infinite loop.",
149
+ lineNumbers: setStateInEffectLines,
150
+ recommendation: "Add a dependency array to useEffect. Use an empty array [] for mount-only effects, or specify the values that should trigger re-run.",
151
+ reference: "React useEffect — https://react.dev/reference/react/useEffect",
152
+ confidence: 0.8,
153
+ });
154
+ }
155
+ // ── Express/Koa/Fastify Middleware Rules ─────────────────────────────────
156
+ // Error-handling middleware position (Express error middleware must be last)
157
+ const expressErrorMwLines = [];
158
+ const hasExpressApp = testCode(code, /\bexpress\s*\(\s*\)|require\s*\(\s*["']express["']\s*\)|from\s+["']express["']/i);
159
+ if (hasExpressApp) {
160
+ let lastErrorMw = -1;
161
+ let hasRouteAfterErrorMw = false;
162
+ for (let i = 0; i < lines.length; i++) {
163
+ if (isCommentLine(lines[i]))
164
+ continue;
165
+ // Express error middleware: app.use((err, req, res, next) => {})
166
+ if (/app\.use\s*\(\s*(?:function\s*\(\s*err|(?:\(\s*err\s*,\s*req\s*,\s*res\s*,\s*next\s*\))|(?:\(\s*error\s*,\s*req\s*,\s*res\s*,\s*next\s*\)))/i.test(lines[i])) {
167
+ lastErrorMw = i;
168
+ }
169
+ // Route registered after error middleware
170
+ if (lastErrorMw >= 0 &&
171
+ i > lastErrorMw &&
172
+ /app\.(?:get|post|put|patch|delete|all)\s*\(\s*["']/i.test(lines[i])) {
173
+ hasRouteAfterErrorMw = true;
174
+ expressErrorMwLines.push(i + 1);
175
+ }
176
+ }
177
+ if (hasRouteAfterErrorMw && lastErrorMw >= 0) {
178
+ findings.push({
179
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
180
+ severity: "high",
181
+ title: "Express error middleware registered before routes",
182
+ description: "Express error-handling middleware (4-parameter function) is registered before route handlers. Routes added after it won't have their errors caught, leading to unhandled rejections.",
183
+ lineNumbers: [lastErrorMw + 1, ...expressErrorMwLines],
184
+ recommendation: "Move error-handling middleware to after all route registrations: first register all routes, then app.use(errorHandler).",
185
+ reference: "Express Error Handling — https://expressjs.com/en/guide/error-handling.html",
186
+ suggestedFix: "Move app.use((err, req, res, next) => { ... }) to the very end, after all app.get/post/put/delete routes.",
187
+ confidence: 0.9,
188
+ });
189
+ }
190
+ // CORS before auth middleware (information leak)
191
+ let corsLine = -1;
192
+ let authLine = -1;
193
+ for (let i = 0; i < lines.length; i++) {
194
+ if (isCommentLine(lines[i]))
195
+ continue;
196
+ if (/app\.use\s*\(\s*cors\s*\(/i.test(lines[i]) && corsLine < 0)
197
+ corsLine = i;
198
+ if (/app\.use\s*\(.*(?:passport|auth|jwt|bearer|session)\b/i.test(lines[i]) && authLine < 0)
199
+ authLine = i;
200
+ }
201
+ // Body parser without size limit
202
+ const bodyParserNoLimitLines = [];
203
+ for (let i = 0; i < lines.length; i++) {
204
+ if (isCommentLine(lines[i]))
205
+ continue;
206
+ if (/(?:express\.json|bodyParser\.json|express\.urlencoded|bodyParser\.urlencoded)\s*\(\s*\)/i.test(lines[i])) {
207
+ bodyParserNoLimitLines.push(i + 1);
208
+ }
209
+ }
210
+ if (bodyParserNoLimitLines.length >= 2) {
211
+ findings.push({
212
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
213
+ severity: "medium",
214
+ title: "Express body parser without size limit — DoS risk",
215
+ description: "Body parser middleware is configured without a payload size limit. Attackers can send extremely large request bodies to exhaust server memory.",
216
+ lineNumbers: bodyParserNoLimitLines,
217
+ recommendation: "Set a limit: express.json({ limit: '1mb' }) or express.urlencoded({ limit: '1mb', extended: true }).",
218
+ reference: "Express Body Parser — https://expressjs.com/en/api.html#express.json",
219
+ suggestedFix: "Add limit: app.use(express.json({ limit: '1mb' }));",
220
+ confidence: 0.9,
221
+ });
222
+ }
223
+ // Express static serving from project root
224
+ const staticRootLines = getLineNumbers(code, /express\.static\s*\(\s*(?:__dirname|["']\.\/?["']|["']\.\.\/?\/?["']|process\.cwd\(\))\s*\)/gi);
225
+ if (staticRootLines.length > 0) {
226
+ findings.push({
227
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
228
+ severity: "high",
229
+ title: "Express.static serves project root or parent — file exposure risk",
230
+ description: "express.static is configured to serve the project root directory. This exposes source code, .env files, package.json, and other sensitive files to the internet.",
231
+ lineNumbers: staticRootLines,
232
+ recommendation: "Serve a dedicated directory: express.static(path.join(__dirname, 'public')). Never serve the project root.",
233
+ reference: "Express Static Files — https://expressjs.com/en/starter/static-files.html",
234
+ suggestedFix: "Change to: app.use(express.static(path.join(__dirname, 'public')));",
235
+ confidence: 0.95,
236
+ });
237
+ }
238
+ // Missing helmet() or security headers middleware
239
+ const hasHelmet = testCode(code, /helmet\s*\(|require\s*\(\s*["']helmet["']\)|from\s+["']helmet["']/i);
240
+ const hasRoutes = testCode(code, /app\.(?:get|post|put|patch|delete)\s*\(\s*["']/i);
241
+ if (!hasHelmet && hasRoutes && lines.length > 50) {
242
+ findings.push({
243
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
244
+ severity: "medium",
245
+ title: "Express app without helmet() — missing security headers",
246
+ description: "No security headers middleware (helmet) detected in Express app. Without it, responses lack X-Content-Type-Options, X-Frame-Options, CSP, and other defensive headers.",
247
+ lineNumbers: [1],
248
+ recommendation: "Install and use helmet: npm install helmet, then app.use(helmet()). This sets 11 security headers with sensible defaults.",
249
+ reference: "Helmet.js — https://helmetjs.github.io/",
250
+ suggestedFix: "Add: import helmet from 'helmet'; app.use(helmet());",
251
+ confidence: 0.8,
252
+ });
253
+ }
254
+ // Trust proxy not set when behind reverse proxy
255
+ const hasTrustProxy = testCode(code, /app\.set\s*\(\s*["']trust proxy["']|trustProxy|trust_proxy/i);
256
+ const hasRateLimit = testCode(code, /rateLimit|rate-limit|express-rate-limit/i);
257
+ const hasProxy = testCode(code, /nginx|reverse.?proxy|load.?balanc|X-Forwarded/i);
258
+ if (!hasTrustProxy && (hasRateLimit || hasProxy) && lines.length > 80) {
259
+ findings.push({
260
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
261
+ severity: "medium",
262
+ title: "Express 'trust proxy' not configured behind reverse proxy",
263
+ description: "Rate limiting and IP-based security won't work correctly behind a reverse proxy without 'trust proxy'. All requests appear from 127.0.0.1, making per-IP rate limiting ineffective.",
264
+ lineNumbers: [1],
265
+ recommendation: "Set app.set('trust proxy', 1) when behind one proxy, or 'trust proxy' to the number of proxies in the chain.",
266
+ reference: "Express trust proxy — https://expressjs.com/en/guide/behind-proxies.html",
267
+ confidence: 0.75,
268
+ });
269
+ }
270
+ }
271
+ // ── Next.js SSR Security ────────────────────────────────────────────────
272
+ // getServerSideProps leaking secrets to client
273
+ const gssp = /export\s+(?:async\s+)?function\s+getServerSideProps|getStaticProps/;
274
+ if (gssp.test(code)) {
275
+ const serverPropLines = [];
276
+ for (let i = 0; i < lines.length; i++) {
277
+ if (isCommentLine(lines[i]))
278
+ continue;
279
+ if (gssp.test(lines[i])) {
280
+ const fnBody = lines.slice(i, Math.min(lines.length, i + 30)).join("\n");
281
+ // Checks if secrets/env vars are returned in props without filtering
282
+ if (/process\.env\.\w+/.test(fnBody) && /return\s*\{[^}]*props\s*:/i.test(fnBody)) {
283
+ const propReturn = fnBody.match(/props\s*:\s*\{([^}]*)\}/);
284
+ if (propReturn && /process\.env|secret|key|token|password|api_key/i.test(propReturn[1])) {
285
+ serverPropLines.push(i + 1);
286
+ }
287
+ }
288
+ }
289
+ }
290
+ if (serverPropLines.length > 0) {
291
+ findings.push({
292
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
293
+ severity: "critical",
294
+ title: "Next.js getServerSideProps leaks secrets to client props",
295
+ description: "Server-side environment variables or secrets are passed directly in getServerSideProps/getStaticProps return props. These values are serialized into the page HTML and visible to anyone.",
296
+ lineNumbers: serverPropLines,
297
+ recommendation: "Never pass secrets, API keys, or sensitive env vars in props. Use them server-side only and return sanitized results.",
298
+ reference: "Next.js Data Fetching — https://nextjs.org/docs/basic-features/data-fetching",
299
+ suggestedFix: "Use secrets server-side only: const data = await fetch(url, { headers: { Authorization: process.env.API_KEY } }); return { props: { data } };",
300
+ confidence: 0.9,
301
+ });
302
+ }
303
+ }
304
+ // Next.js API routes without authentication checks
305
+ const nextApiRoutePattern = /export\s+(?:default\s+)?(?:async\s+)?function\s+handler|export\s+(?:default\s+)?(?:async\s+)?\(\s*req\s*(?::\s*\w+)?\s*,\s*res\s*(?::\s*\w+)?\s*\)/;
306
+ const isNextApiRoute = /pages\/api\/|app\/api\//i.test(language) ||
307
+ (testCode(code, nextApiRoutePattern) && testCode(code, /NextApiRequest|NextRequest/i));
308
+ if (isNextApiRoute) {
309
+ const hasAuthCheck = /getSession|getServerSession|getToken|auth\(\)|withAuth|requireAuth|session\?\.user|req\.headers\.authorization|Bearer/i.test(code);
310
+ if (!hasAuthCheck) {
311
+ const handlerLine = lines.findIndex((l) => nextApiRoutePattern.test(l));
312
+ findings.push({
313
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
314
+ severity: "high",
315
+ title: "Next.js API route without authentication check",
316
+ description: "API route handler does not check for user session, auth token, or authorization. This endpoint is publicly accessible to anyone who knows the URL.",
317
+ lineNumbers: [Math.max(1, handlerLine + 1)],
318
+ recommendation: "Add authentication: const session = await getServerSession(req, res, authOptions); if (!session) return res.status(401).json({ error: 'Unauthorized' });",
319
+ reference: "Next.js API Routes Auth — https://nextjs.org/docs/authentication",
320
+ suggestedFix: "Add auth guard: if (!req.headers.authorization) return res.status(401).json({ error: 'Unauthorized' });",
321
+ confidence: 0.8,
322
+ });
323
+ }
324
+ }
325
+ // ── Angular Security ──────────────────────────────────────────────────────
326
+ // bypassSecurityTrustHtml/Url/ResourceUrl/Style/Script
327
+ const bypassLines = getLineNumbers(code, /bypassSecurityTrust(?:Html|Url|ResourceUrl|Style|Script)\s*\(/gi);
328
+ if (bypassLines.length > 0) {
329
+ findings.push({
330
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
331
+ severity: "critical",
332
+ title: "Angular DomSanitizer bypass — XSS risk",
333
+ description: "bypassSecurityTrustHtml/Url/Script explicitly disables Angular's built-in XSS protection. If the input contains user-controlled data, this creates a direct XSS vulnerability.",
334
+ lineNumbers: bypassLines,
335
+ recommendation: "Avoid bypassing the sanitizer. If you must render dynamic HTML, sanitize it first with DOMPurify or validate against a strict whitelist. Document why the bypass is necessary.",
336
+ reference: "Angular Security — https://angular.io/guide/security",
337
+ suggestedFix: "Use DOMPurify before bypass: this.sanitizer.bypassSecurityTrustHtml(DOMPurify.sanitize(userHtml));",
338
+ confidence: 0.95,
339
+ });
340
+ }
341
+ // ── Vue Security ──────────────────────────────────────────────────────────
342
+ // v-html with dynamic data
343
+ const vHtmlLines = getLineNumbers(code, /v-html\s*=\s*["'](?!\s*$)/gi);
344
+ if (vHtmlLines.length > 0) {
345
+ const hasVueSanitize = testCode(code, /DOMPurify|sanitize|xss|purify/i);
346
+ if (!hasVueSanitize) {
347
+ findings.push({
348
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
349
+ severity: "high",
350
+ title: "Vue v-html without sanitization — XSS vulnerability",
351
+ description: "v-html renders raw HTML content. If the data source includes user input, this is a direct XSS vector. Unlike interpolation ({{ }}), v-html does not escape content.",
352
+ lineNumbers: vHtmlLines,
353
+ recommendation: "Sanitize with DOMPurify before using v-html, or use text interpolation {{ }} wherever possible. Consider vue-sanitize or vue-dompurify-html.",
354
+ reference: "Vue Security — https://vuejs.org/guide/best-practices/security.html",
355
+ suggestedFix: 'Sanitize: computed: { safeHtml() { return DOMPurify.sanitize(this.rawHtml); } } and use v-html="safeHtml".',
356
+ confidence: 0.85,
357
+ });
358
+ }
359
+ }
360
+ // ── General Framework Patterns ────────────────────────────────────────────
361
+ // Inline arrow functions in JSX event handlers (re-render performance)
362
+ const inlineHandlerLines = [];
363
+ for (let i = 0; i < lines.length; i++) {
364
+ if (isCommentLine(lines[i]))
365
+ continue;
366
+ if (/\bon\w+=\{(?:\(\)\s*=>|\(\w+\)\s*=>|function\s*\()/.test(lines[i])) {
367
+ inlineHandlerLines.push(i + 1);
368
+ }
369
+ }
370
+ if (inlineHandlerLines.length > 6) {
371
+ findings.push({
372
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
373
+ severity: "low",
374
+ title: "Excessive inline arrow functions in JSX event handlers",
375
+ description: `${inlineHandlerLines.length} inline arrow functions in JSX event handlers detected. Each creates a new function on every render, preventing React.memo optimizations on child components.`,
376
+ lineNumbers: inlineHandlerLines.slice(0, 5),
377
+ recommendation: "Extract handlers using useCallback or define methods outside JSX: const handleClick = useCallback(() => { ... }, [deps]);",
378
+ reference: "React Performance — https://react.dev/reference/react/useCallback",
379
+ confidence: 0.75,
380
+ });
381
+ }
382
+ // React key prop using array index in dynamic lists
383
+ const keyIndexLines = [];
384
+ for (let i = 0; i < lines.length; i++) {
385
+ if (isCommentLine(lines[i]))
386
+ continue;
387
+ if (/key\s*=\s*\{\s*(?:index|i|idx|key)\s*\}/.test(lines[i]) &&
388
+ /\.map\s*\(/.test(lines[Math.max(0, i - 5)] + lines.slice(Math.max(0, i - 5), i).join(" "))) {
389
+ keyIndexLines.push(i + 1);
390
+ }
391
+ }
392
+ if (keyIndexLines.length > 0) {
393
+ findings.push({
394
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
395
+ severity: "medium",
396
+ title: "React key prop using array index — may cause render bugs",
397
+ description: "Using array index as React key causes issues when items are reordered, added, or removed. React associates state with wrong components, leading to subtle UI bugs.",
398
+ lineNumbers: keyIndexLines,
399
+ recommendation: "Use a stable unique identifier as key: key={item.id} instead of key={index}. If items have no natural id, generate one during data creation.",
400
+ reference: "React Keys — https://react.dev/learn/rendering-lists#keeping-list-items-in-order-with-key",
401
+ confidence: 0.8,
402
+ });
403
+ }
404
+ // React state mutation instead of immutable update
405
+ const stateMutationLines = [];
406
+ for (let i = 0; i < lines.length; i++) {
407
+ const line = lines[i];
408
+ if (isCommentLine(line))
409
+ continue;
410
+ // Detect patterns like: state.items.push(...), state.count++, state.obj.field = ...
411
+ if (/\bstate\.\w+\.(?:push|pop|shift|unshift|splice|sort|reverse)\s*\(/.test(line) ||
412
+ /\bstate\.\w+\s*(?:\+\+|--)/.test(line) ||
413
+ /\bstate\.\w+\.\w+\s*=\s*/.test(line)) {
414
+ stateMutationLines.push(i + 1);
415
+ }
416
+ }
417
+ if (stateMutationLines.length > 0) {
418
+ findings.push({
419
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
420
+ severity: "high",
421
+ title: "Direct state mutation instead of immutable update",
422
+ description: "State object is mutated directly (push, splice, assignment). React/Redux won't detect the change, causing stale renders and bugs. State updates must be immutable.",
423
+ lineNumbers: stateMutationLines,
424
+ recommendation: "Use immutable patterns: setState(prev => ({ ...prev, items: [...prev.items, newItem] })) or use immer/structuredClone for complex updates.",
425
+ reference: "React Updating State — https://react.dev/learn/updating-objects-in-state",
426
+ suggestedFix: "Replace state.items.push(x) with setItems(prev => [...prev, x]); or use immer: produce(state, draft => { draft.items.push(x); });",
427
+ confidence: 0.85,
428
+ });
429
+ }
430
+ // dangerouslySetInnerHTML without sanitization
431
+ const dangerousHtmlLines = getLineNumbers(code, /dangerouslySetInnerHTML\s*=\s*\{\s*\{\s*__html\s*:/gi);
432
+ if (dangerousHtmlLines.length > 0) {
433
+ const hasSanitizer = testCode(code, /DOMPurify|sanitize|purify|xss|sanitizeHtml/i);
434
+ if (!hasSanitizer) {
435
+ findings.push({
436
+ ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
437
+ severity: "critical",
438
+ title: "dangerouslySetInnerHTML without DOMPurify — XSS vulnerability",
439
+ description: "dangerouslySetInnerHTML injects raw HTML without any sanitization detected in scope. This is a direct XSS vector if the data includes user input.",
440
+ lineNumbers: dangerousHtmlLines,
441
+ recommendation: "Always sanitize with DOMPurify: dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(html) }}. Better yet, use a Markdown renderer or React component tree instead of raw HTML.",
442
+ reference: "React DOM Elements — https://react.dev/reference/react-dom/components/common#dangerously-setting-the-inner-html",
443
+ suggestedFix: "Add DOMPurify: dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(htmlContent) }}",
444
+ confidence: 0.95,
445
+ });
446
+ }
447
+ }
448
+ } // end JS/TS frameworks
449
+ // ── Django / Flask (Python) ───────────────────────────────────────────────
450
+ if (lang === "python") {
451
+ const hasDjango = testCode(code, /from\s+django\b|import\s+django\b/i);
452
+ const hasFlask = testCode(code, /from\s+flask\b|import\s+flask\b/i);
453
+ const hasFastAPI = testCode(code, /from\s+fastapi\b|import\s+fastapi\b/i);
454
+ // Django: DEBUG = True in production-like settings
455
+ if (hasDjango) {
456
+ const debugTrueLines = getLineNumbers(code, /^\s*DEBUG\s*=\s*True\b/gm);
457
+ if (debugTrueLines.length > 0) {
458
+ findings.push({
459
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
460
+ severity: "critical",
461
+ title: "Django DEBUG=True — must be False in production",
462
+ description: "DEBUG=True exposes stack traces, SQL queries, and full settings to end users on error pages. This leaks secrets and internal architecture details.",
463
+ lineNumbers: debugTrueLines,
464
+ recommendation: "Set DEBUG = False in production settings. Use environment variables: DEBUG = os.environ.get('DEBUG', 'False') == 'True'.",
465
+ reference: "Django Settings — https://docs.djangoproject.com/en/5.0/ref/settings/#debug",
466
+ confidence: 0.9,
467
+ });
468
+ }
469
+ // Django: ALLOWED_HOSTS = ['*']
470
+ const wildcardHostLines = getLineNumbers(code, /ALLOWED_HOSTS\s*=\s*\[\s*["']\*["']\s*\]/gm);
471
+ if (wildcardHostLines.length > 0) {
472
+ findings.push({
473
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
474
+ severity: "high",
475
+ title: "Django ALLOWED_HOSTS=['*'] — host header injection risk",
476
+ description: "Wildcard ALLOWED_HOSTS disables host header validation, enabling cache poisoning and password-reset email poisoning attacks.",
477
+ lineNumbers: wildcardHostLines,
478
+ recommendation: "Set ALLOWED_HOSTS to specific domains: ALLOWED_HOSTS = ['example.com', 'www.example.com'].",
479
+ reference: "Django ALLOWED_HOSTS — https://docs.djangoproject.com/en/5.0/ref/settings/#allowed-hosts",
480
+ confidence: 0.9,
481
+ });
482
+ }
483
+ // Django: raw SQL queries (SQL injection via string formatting)
484
+ const rawSqlLines = getLineNumbers(code, /\.raw\s*\(\s*f["']|\.raw\s*\(\s*["'].*%s|\.extra\s*\(\s*(?:where|select)\s*=|cursor\.execute\s*\(\s*f["']|cursor\.execute\s*\(\s*["'].*%/gm);
485
+ if (rawSqlLines.length > 0) {
486
+ findings.push({
487
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
488
+ severity: "critical",
489
+ title: "Django raw SQL with string interpolation — SQL injection",
490
+ description: "Raw SQL queries use f-strings or % formatting with user data. Django's ORM parameterizes queries automatically; raw queries with string formatting bypass this protection.",
491
+ lineNumbers: rawSqlLines,
492
+ recommendation: "Use parameterized queries: Model.objects.raw('SELECT * FROM t WHERE id = %s', [user_id]) or use the ORM.",
493
+ reference: "Django SQL Injection — https://docs.djangoproject.com/en/5.0/topics/security/#sql-injection-protection",
494
+ confidence: 0.9,
495
+ });
496
+ }
497
+ // Django: SECRET_KEY hardcoded
498
+ const secretKeyLines = getLineNumbers(code, /^\s*SECRET_KEY\s*=\s*["'][^"']{8,}["']/gm);
499
+ if (secretKeyLines.length > 0) {
500
+ findings.push({
501
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
502
+ severity: "critical",
503
+ title: "Django SECRET_KEY hardcoded — credential exposure",
504
+ description: "SECRET_KEY is hardcoded in source code. This key is used for session signing, CSRF tokens, and cryptographic operations. If leaked, attackers can forge sessions.",
505
+ lineNumbers: secretKeyLines,
506
+ recommendation: "Load from environment: SECRET_KEY = os.environ['SECRET_KEY']. Never commit secrets to version control.",
507
+ reference: "Django SECRET_KEY — https://docs.djangoproject.com/en/5.0/ref/settings/#secret-key",
508
+ confidence: 0.9,
509
+ });
510
+ }
511
+ // Django: @csrf_exempt decorator
512
+ const csrfExemptLines = getLineNumbers(code, /@csrf_exempt/gm);
513
+ if (csrfExemptLines.length > 0) {
514
+ findings.push({
515
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
516
+ severity: "high",
517
+ title: "Django @csrf_exempt — CSRF protection disabled",
518
+ description: "CSRF protection is explicitly disabled on this view. Attackers can trick authenticated users into executing unintended actions via crafted forms on malicious sites.",
519
+ lineNumbers: csrfExemptLines,
520
+ recommendation: "Remove @csrf_exempt and ensure CSRF tokens are included in forms. For APIs, use Django REST Framework's session or token authentication which handles CSRF differently.",
521
+ reference: "Django CSRF — https://docs.djangoproject.com/en/5.0/ref/csrf/",
522
+ confidence: 0.9,
523
+ });
524
+ }
525
+ // Django: |safe template filter
526
+ const safeFilterLines = getLineNumbers(code, /\{\{.*\|\s*safe\s*\}\}/gm);
527
+ if (safeFilterLines.length > 0) {
528
+ findings.push({
529
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
530
+ severity: "high",
531
+ title: "Django |safe filter — XSS vulnerability",
532
+ description: "The |safe template filter marks content as safe for HTML rendering, bypassing Django's auto-escaping. If the content includes user input, this is an XSS vector.",
533
+ lineNumbers: safeFilterLines,
534
+ recommendation: "Remove |safe and let Django auto-escape. If raw HTML is needed, sanitize with bleach or django-bleach before marking safe.",
535
+ reference: "Django Templates — https://docs.djangoproject.com/en/5.0/ref/templates/builtins/#safe",
536
+ confidence: 0.85,
537
+ });
538
+ }
539
+ }
540
+ // Flask: app.run(debug=True)
541
+ if (hasFlask) {
542
+ const flaskDebugLines = getLineNumbers(code, /app\.run\s*\([^)]*debug\s*=\s*True/gm);
543
+ if (flaskDebugLines.length > 0) {
544
+ findings.push({
545
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
546
+ severity: "critical",
547
+ title: "Flask debug mode enabled — remote code execution risk",
548
+ description: "Flask's debug mode exposes an interactive debugger with code execution capabilities. The Werkzeug debugger allows arbitrary Python execution if the debugger PIN is guessed or leaked.",
549
+ lineNumbers: flaskDebugLines,
550
+ recommendation: "Never use debug=True in production. Use environment variables: app.run(debug=os.environ.get('FLASK_DEBUG', False)).",
551
+ reference: "Flask Security — https://flask.palletsprojects.com/en/3.0.x/debugging/",
552
+ confidence: 0.95,
553
+ });
554
+ }
555
+ // Flask: render_template_string with user input
556
+ const renderStringLines = getLineNumbers(code, /render_template_string\s*\(/gm);
557
+ if (renderStringLines.length > 0) {
558
+ findings.push({
559
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
560
+ severity: "critical",
561
+ title: "Flask render_template_string — server-side template injection (SSTI)",
562
+ description: "render_template_string evaluates Jinja2 templates from dynamic strings. If user input reaches the template string, attackers can execute arbitrary Python code via SSTI (e.g., {{config}}). ",
563
+ lineNumbers: renderStringLines,
564
+ recommendation: "Use render_template with file-based templates instead. Never pass user input into template strings.",
565
+ reference: "Flask SSTI — https://flask.palletsprojects.com/en/3.0.x/api/#flask.render_template_string",
566
+ confidence: 0.9,
567
+ });
568
+ }
569
+ // Flask: SECRET_KEY hardcoded
570
+ const flaskSecretLines = getLineNumbers(code, /app\.(?:secret_key|config\s*\[\s*["']SECRET_KEY["']\s*\])\s*=\s*["'][^"']{4,}["']/gm);
571
+ if (flaskSecretLines.length > 0) {
572
+ findings.push({
573
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
574
+ severity: "critical",
575
+ title: "Flask SECRET_KEY hardcoded — session forgery risk",
576
+ description: "SECRET_KEY is hardcoded in source code. This key signs session cookies. If leaked, attackers can forge authenticated sessions for any user.",
577
+ lineNumbers: flaskSecretLines,
578
+ recommendation: "Load from environment: app.secret_key = os.environ['SECRET_KEY']. Use python-dotenv for development.",
579
+ reference: "Flask Sessions — https://flask.palletsprojects.com/en/3.0.x/quickstart/#sessions",
580
+ confidence: 0.9,
581
+ });
582
+ }
583
+ // Flask: Markup() or |safe with user data
584
+ const markupLines = getLineNumbers(code, /Markup\s*\(\s*f["']|Markup\s*\(\s*.*\+/gm);
585
+ if (markupLines.length > 0) {
586
+ findings.push({
587
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
588
+ severity: "high",
589
+ title: "Flask Markup() with string interpolation — XSS risk",
590
+ description: "Markup() marks strings as safe HTML. Using f-strings or concatenation with user data inside Markup() bypasses Jinja2's auto-escaping.",
591
+ lineNumbers: markupLines,
592
+ recommendation: "Use Markup.escape() for user data, or avoid Markup() entirely — let Jinja2 auto-escape: {{ variable }}.",
593
+ reference: "Flask Markup — https://markupsafe.palletsprojects.com/en/2.1.x/",
594
+ confidence: 0.85,
595
+ });
596
+ }
597
+ }
598
+ // FastAPI: no dependency injection for auth
599
+ if (hasFastAPI) {
600
+ const routeNoDepLines = [];
601
+ for (let i = 0; i < lines.length; i++) {
602
+ if (isCommentLine(lines[i]))
603
+ continue;
604
+ // Route decorator without Depends(...)
605
+ if (/^@(?:app|router)\.(?:get|post|put|delete|patch)\s*\(/i.test(lines[i].trim())) {
606
+ // Check if function has Depends() parameter within next 5 lines
607
+ const funcLines = lines.slice(i, Math.min(i + 6, lines.length)).join(" ");
608
+ if (/(?:async\s+)?def\s+\w+/.test(funcLines) && !/Depends\s*\(/.test(funcLines)) {
609
+ // Check if it looks like it needs auth (has db access, returns sensitive data)
610
+ const bodyEnd = Math.min(i + 20, lines.length);
611
+ const bodyChunk = lines.slice(i, bodyEnd).join(" ");
612
+ if (/(?:session|db|database|query|update|delete|password|email|user)/i.test(bodyChunk)) {
613
+ routeNoDepLines.push(i + 1);
614
+ }
615
+ }
616
+ }
617
+ }
618
+ if (routeNoDepLines.length > 0) {
619
+ findings.push({
620
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
621
+ severity: "medium",
622
+ title: "FastAPI route with data access but no dependency injection for auth",
623
+ description: "Route handlers access database or sensitive data without a Depends() parameter for authentication. FastAPI's dependency injection system should enforce auth at the route level.",
624
+ lineNumbers: routeNoDepLines,
625
+ recommendation: "Add auth dependency: async def endpoint(current_user: User = Depends(get_current_user)). Use OAuth2PasswordBearer or similar.",
626
+ reference: "FastAPI Security — https://fastapi.tiangolo.com/tutorial/security/",
627
+ confidence: 0.7,
628
+ isAbsenceBased: true,
629
+ });
630
+ }
631
+ }
632
+ // ── v3.35.0 — Additional Django patterns ──
633
+ if (hasDjango) {
634
+ // Django: SESSION_COOKIE_SECURE = False
635
+ const insecureSessionLines = getLineNumbers(code, /^\s*SESSION_COOKIE_SECURE\s*=\s*False\b/gm);
636
+ if (insecureSessionLines.length > 0) {
637
+ findings.push({
638
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
639
+ severity: "high",
640
+ title: "Django SESSION_COOKIE_SECURE=False — session hijacking over HTTP",
641
+ description: "Session cookies are sent over unencrypted HTTP connections. Attackers on the same network can intercept session cookies via passive sniffing.",
642
+ lineNumbers: insecureSessionLines,
643
+ recommendation: "Set SESSION_COOKIE_SECURE = True. Also set CSRF_COOKIE_SECURE = True and SECURE_SSL_REDIRECT = True.",
644
+ reference: "Django Security — https://docs.djangoproject.com/en/5.0/ref/settings/#session-cookie-secure",
645
+ confidence: 0.9,
646
+ });
647
+ }
648
+ // Django: SECURE_SSL_REDIRECT = False
649
+ const noSslRedirectLines = getLineNumbers(code, /^\s*SECURE_SSL_REDIRECT\s*=\s*False\b/gm);
650
+ if (noSslRedirectLines.length > 0) {
651
+ findings.push({
652
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
653
+ severity: "medium",
654
+ title: "Django SECURE_SSL_REDIRECT=False — no HTTPS enforcement",
655
+ description: "HTTP requests are not redirected to HTTPS. Sensitive data including credentials and session tokens may be transmitted in cleartext.",
656
+ lineNumbers: noSslRedirectLines,
657
+ recommendation: "Set SECURE_SSL_REDIRECT = True in production settings.",
658
+ reference: "Django SSL — https://docs.djangoproject.com/en/5.0/ref/settings/#secure-ssl-redirect",
659
+ confidence: 0.85,
660
+ });
661
+ }
662
+ // Django: mark_safe() with variable input
663
+ const markSafeLines = getLineNumbers(code, /mark_safe\s*\(\s*(?:f["']|.*\+|\w+(?:\.\w+)*\s*\))/gm);
664
+ if (markSafeLines.length > 0) {
665
+ findings.push({
666
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
667
+ severity: "high",
668
+ title: "Django mark_safe() with dynamic content — XSS vulnerability",
669
+ description: "mark_safe() is called with f-strings, concatenation, or variable input. This bypasses Django's auto-escaping and can introduce XSS when user-controlled data is included.",
670
+ lineNumbers: markSafeLines,
671
+ recommendation: "Use format_html() instead of mark_safe() for dynamic content: format_html('<b>{}</b>', user_input).",
672
+ reference: "Django mark_safe — https://docs.djangoproject.com/en/5.0/ref/utils/#django.utils.safestring.mark_safe",
673
+ confidence: 0.85,
674
+ });
675
+ }
676
+ // Django: FILE_UPLOAD_PERMISSIONS too permissive
677
+ const uploadPermLines = getLineNumbers(code, /FILE_UPLOAD_PERMISSIONS\s*=\s*0o?7[0-7]{2}/gm);
678
+ if (uploadPermLines.length > 0) {
679
+ findings.push({
680
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
681
+ severity: "medium",
682
+ title: "Django FILE_UPLOAD_PERMISSIONS too permissive",
683
+ description: "Uploaded files are created with world-readable or world-writable permissions. This may allow other system users to read or modify uploaded files.",
684
+ lineNumbers: uploadPermLines,
685
+ recommendation: "Set FILE_UPLOAD_PERMISSIONS = 0o644 to restrict access to owner-writable, group/world-readable.",
686
+ reference: "Django File Uploads — https://docs.djangoproject.com/en/5.0/ref/settings/#file-upload-permissions",
687
+ confidence: 0.8,
688
+ });
689
+ }
690
+ // Django: using globals() or locals() in render context
691
+ const localsRenderLines = getLineNumbers(code, /render\s*\([^)]*(?:locals|globals)\s*\(\s*\)/gm);
692
+ if (localsRenderLines.length > 0) {
693
+ findings.push({
694
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
695
+ severity: "medium",
696
+ title: "Django render() with locals()/globals() — data exposure",
697
+ description: "Passing locals() or globals() as template context exposes all local/global variables to the template, potentially leaking sensitive data like database connections, secrets, or internal state.",
698
+ lineNumbers: localsRenderLines,
699
+ recommendation: "Pass an explicit context dictionary: render(request, 'template.html', {'user': user, 'items': items}).",
700
+ reference: "Django Views — https://docs.djangoproject.com/en/5.0/topics/http/shortcuts/#render",
701
+ confidence: 0.8,
702
+ });
703
+ }
704
+ }
705
+ // ── v3.35.0 — Additional Flask patterns ──
706
+ if (hasFlask) {
707
+ // Flask: send_file with user-controlled path (path traversal)
708
+ const sendFilePaths = getLineNumbers(code, /send_file\s*\(\s*(?:request\.|f["']|os\.path\.join\s*\([^)]*request\.)/gm);
709
+ if (sendFilePaths.length > 0) {
710
+ findings.push({
711
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
712
+ severity: "critical",
713
+ title: "Flask send_file with user input — path traversal",
714
+ description: "send_file() uses user-controlled input to determine the file path. Attackers can use ../ sequences to read arbitrary files from the server.",
715
+ lineNumbers: sendFilePaths,
716
+ recommendation: "Use send_from_directory() with a fixed base directory, or validate the filename with secure_filename().",
717
+ reference: "Flask send_file — https://flask.palletsprojects.com/en/3.0.x/api/#flask.send_file",
718
+ confidence: 0.9,
719
+ });
720
+ }
721
+ // Flask: session without SECRET_KEY
722
+ const sessionNoKeyLines = [];
723
+ if (/session\[/.test(code) && !/secret_key|SECRET_KEY/.test(code)) {
724
+ const sessionUseLines = getLineNumbers(code, /session\[/gm);
725
+ sessionNoKeyLines.push(...sessionUseLines);
726
+ }
727
+ if (sessionNoKeyLines.length > 0) {
728
+ findings.push({
729
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
730
+ severity: "high",
731
+ title: "Flask session used without SECRET_KEY in file",
732
+ description: "Flask sessions are used but no SECRET_KEY is configured in this file. Without a strong secret key, session cookies can be tampered with or forged.",
733
+ lineNumbers: sessionNoKeyLines,
734
+ recommendation: "Set app.secret_key = os.environ['SECRET_KEY'] before using sessions. Ensure the key is cryptographically random.",
735
+ reference: "Flask Sessions — https://flask.palletsprojects.com/en/3.0.x/quickstart/#sessions",
736
+ confidence: 0.65,
737
+ isAbsenceBased: true,
738
+ });
739
+ }
740
+ }
741
+ }
742
+ // ── Spring Boot (Java) ────────────────────────────────────────────────────
743
+ if (lang === "java") {
744
+ const hasSpring = testCode(code, /import\s+org\.springframework\b|@SpringBootApplication|@RestController|@Controller/i);
745
+ if (hasSpring) {
746
+ // Spring: CSRF disabled
747
+ const csrfDisabledLines = getLineNumbers(code, /\.csrf\s*\(\s*\)\s*\.disable\s*\(\s*\)|csrf\s*\.\s*disable\s*\(\s*\)/gm);
748
+ if (csrfDisabledLines.length > 0) {
749
+ findings.push({
750
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
751
+ severity: "high",
752
+ title: "Spring Security CSRF protection disabled",
753
+ description: "CSRF protection is explicitly disabled in Spring Security configuration. For browser-based applications, this allows cross-site request forgery attacks.",
754
+ lineNumbers: csrfDisabledLines,
755
+ recommendation: 'Keep CSRF enabled for browser-based apps. If this is a purely stateless API with token auth, document the decision. For REST APIs, consider using csrf().ignoringRequestMatchers("/api/**").',
756
+ reference: "Spring CSRF — https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html",
757
+ confidence: 0.85,
758
+ });
759
+ }
760
+ // Spring: @Query with string concatenation (SQL injection)
761
+ const queryInjectionLines = getLineNumbers(code, /@Query\s*\(\s*["'].*\+\s*|@Query\s*\(\s*["'].*\$\{|nativeQuery\s*=\s*true[^)]*\+/gm);
762
+ if (queryInjectionLines.length > 0) {
763
+ findings.push({
764
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
765
+ severity: "critical",
766
+ title: "Spring @Query with string concatenation — SQL injection",
767
+ description: "JPA @Query annotation uses string concatenation or interpolation to build SQL. This bypasses JPA's parameterized query protection and enables SQL injection.",
768
+ lineNumbers: queryInjectionLines,
769
+ recommendation: 'Use parameterized queries with ?1, ?2 or :paramName placeholders: @Query("SELECT u FROM User u WHERE u.name = :name").',
770
+ reference: "Spring Data JPA — https://docs.spring.io/spring-data/jpa/reference/jpa/query-methods.html",
771
+ confidence: 0.9,
772
+ });
773
+ }
774
+ // Spring: @CrossOrigin("*") — permissive CORS
775
+ const corsWildcardLines = getLineNumbers(code, /@CrossOrigin\s*\(\s*(?:["']\*["']|origins\s*=\s*["']\*["'])\s*\)/gm);
776
+ if (corsWildcardLines.length > 0) {
777
+ findings.push({
778
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
779
+ severity: "high",
780
+ title: 'Spring @CrossOrigin("*") — permissive CORS',
781
+ description: "Wildcard CORS allows any origin to make authenticated requests. Combined with credentials, this enables cross-origin data theft.",
782
+ lineNumbers: corsWildcardLines,
783
+ recommendation: 'Restrict origins to specific domains: @CrossOrigin(origins = "https://app.example.com").',
784
+ reference: "Spring CORS — https://docs.spring.io/spring-framework/reference/web/webmvc-cors.html",
785
+ confidence: 0.9,
786
+ });
787
+ }
788
+ // Spring: @RequestMapping without method restriction
789
+ const requestMappingNoMethodLines = [];
790
+ for (let i = 0; i < lines.length; i++) {
791
+ if (isCommentLine(lines[i]))
792
+ continue;
793
+ if (/@RequestMapping\s*\(\s*["']/.test(lines[i]) && !/method\s*=/.test(lines[i])) {
794
+ requestMappingNoMethodLines.push(i + 1);
795
+ }
796
+ }
797
+ if (requestMappingNoMethodLines.length >= 2) {
798
+ findings.push({
799
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
800
+ severity: "medium",
801
+ title: "Spring @RequestMapping without HTTP method — accepts all methods",
802
+ description: "@RequestMapping without method restriction responds to GET, POST, PUT, DELETE, and all other HTTP methods. This expands the attack surface unnecessarily.",
803
+ lineNumbers: requestMappingNoMethodLines,
804
+ recommendation: 'Use specific annotations: @GetMapping, @PostMapping, @PutMapping, @DeleteMapping. Or specify method: @RequestMapping(value="/path", method=RequestMethod.GET).',
805
+ reference: "Spring MVC — https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller.html",
806
+ confidence: 0.85,
807
+ });
808
+ }
809
+ // Spring: Exposing entity directly in REST response (data leak)
810
+ const entityInResponseLines = [];
811
+ for (let i = 0; i < lines.length; i++) {
812
+ if (isCommentLine(lines[i]))
813
+ continue;
814
+ // Method returning @Entity-annotated class directly
815
+ if (/public\s+(?:ResponseEntity<)?(?:List<)?(?:User|Account|Customer|Admin|Employee|Person)\b/.test(lines[i]) &&
816
+ /@(?:Get|Post|Put|Delete)Mapping|@RequestMapping/.test(lines.slice(Math.max(0, i - 3), i).join(" "))) {
817
+ entityInResponseLines.push(i + 1);
818
+ }
819
+ }
820
+ if (entityInResponseLines.length > 0) {
821
+ findings.push({
822
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
823
+ severity: "medium",
824
+ title: "Spring REST endpoint returns JPA entity directly — data exposure risk",
825
+ description: "REST endpoints return JPA entity objects directly, which may include sensitive fields (passwords, internal IDs, audit timestamps) that shouldn't be exposed to clients.",
826
+ lineNumbers: entityInResponseLines,
827
+ recommendation: "Use DTOs (Data Transfer Objects) or @JsonIgnore to control serialized fields. Consider Spring's @JsonView for different serialization profiles.",
828
+ reference: "Spring REST Best Practices — https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-controller.html",
829
+ confidence: 0.75,
830
+ isAbsenceBased: true,
831
+ });
832
+ }
833
+ // Spring: Actuator endpoints exposed without security
834
+ const actuatorLines = getLineNumbers(code, /management\.endpoints\.web\.exposure\.include\s*=\s*\*/gm);
835
+ if (actuatorLines.length > 0) {
836
+ findings.push({
837
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
838
+ severity: "high",
839
+ title: "Spring Boot Actuator — all endpoints exposed",
840
+ description: "All actuator endpoints are exposed (include=*), including /env, /heapdump, /beans which leak secrets, memory contents, and internal configuration.",
841
+ lineNumbers: actuatorLines,
842
+ recommendation: "Expose only needed endpoints: management.endpoints.web.exposure.include=health,info,metrics. Secure with Spring Security.",
843
+ reference: "Spring Actuator — https://docs.spring.io/spring-boot/reference/actuator/endpoints.html",
844
+ confidence: 0.95,
845
+ });
846
+ }
847
+ // ── v3.35.0 — Additional Spring Boot patterns ──
848
+ // Spring: @RequestBody without @Valid/@Validated
849
+ const noValidationLines = [];
850
+ for (let i = 0; i < lines.length; i++) {
851
+ if (isCommentLine(lines[i]))
852
+ continue;
853
+ if (/@RequestBody\b/.test(lines[i]) && !/@Valid\b|@Validated\b/.test(lines[i])) {
854
+ noValidationLines.push(i + 1);
855
+ }
856
+ }
857
+ if (noValidationLines.length >= 2) {
858
+ findings.push({
859
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
860
+ severity: "medium",
861
+ title: "Spring @RequestBody without @Valid — no input validation",
862
+ description: "Request bodies are deserialized without Bean Validation. Invalid or malicious data passes directly to business logic without constraint checks.",
863
+ lineNumbers: noValidationLines,
864
+ recommendation: "Add @Valid annotation: public ResponseEntity<?> create(@Valid @RequestBody UserDto dto). Define constraints on the DTO with @NotNull, @Size, @Email, etc.",
865
+ reference: "Spring Validation — https://docs.spring.io/spring-framework/reference/core/validation.html",
866
+ confidence: 0.75,
867
+ isAbsenceBased: true,
868
+ });
869
+ }
870
+ // Spring: permitAll on sensitive paths
871
+ const permitAllLines = getLineNumbers(code, /\.requestMatchers\s*\([^)]*(?:admin|user|account|api\/v|manage|config)[^)]*\)\s*\.permitAll\s*\(\s*\)/gim);
872
+ if (permitAllLines.length > 0) {
873
+ findings.push({
874
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
875
+ severity: "high",
876
+ title: "Spring Security permitAll() on sensitive path",
877
+ description: "Paths containing admin, user, account, or management keywords are configured with permitAll(), allowing unauthenticated access to likely sensitive endpoints.",
878
+ lineNumbers: permitAllLines,
879
+ recommendation: 'Use authenticated() or hasRole(): .requestMatchers("/admin/**").hasRole("ADMIN").',
880
+ reference: "Spring Security Authorization — https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html",
881
+ confidence: 0.8,
882
+ });
883
+ }
884
+ // Spring: ObjectMapper with default typing enabled (deserialization attack)
885
+ const defaultTypingLines = getLineNumbers(code, /enableDefaultTyping|activateDefaultTyping|DefaultTyping\.NON_FINAL/gm);
886
+ if (defaultTypingLines.length > 0) {
887
+ findings.push({
888
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
889
+ severity: "critical",
890
+ title: "Jackson default typing enabled — deserialization vulnerability",
891
+ description: "Jackson ObjectMapper has default typing enabled, which allows attackers to specify arbitrary classes during deserialization. This can lead to remote code execution via gadget chains.",
892
+ lineNumbers: defaultTypingLines,
893
+ recommendation: "Remove enableDefaultTyping(). Use @JsonTypeInfo on specific classes instead. Configure PolymorphicTypeValidator to restrict allowed types.",
894
+ reference: "Jackson Deserialization — https://github.com/FasterXML/jackson-databind/issues/2326",
895
+ confidence: 0.95,
896
+ });
897
+ }
898
+ // Spring: Hardcoded credentials in application.properties/YAML
899
+ const springCredLines = getLineNumbers(code, /(?:spring\.datasource\.password|spring\.mail\.password|spring\.security\.user\.password)\s*=\s*[^\s$\{]+/gm);
900
+ if (springCredLines.length > 0) {
901
+ findings.push({
902
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
903
+ severity: "critical",
904
+ title: "Spring Boot hardcoded credentials in configuration",
905
+ description: "Database, mail, or security passwords are hardcoded in configuration files. These credentials will be committed to version control and exposed to anyone with repository access.",
906
+ lineNumbers: springCredLines,
907
+ recommendation: "Use environment variables: spring.datasource.password=${DB_PASSWORD}. Use Spring Cloud Config or Vault for secrets management.",
908
+ reference: "Spring Externalized Config — https://docs.spring.io/spring-boot/reference/features/external-config.html",
909
+ confidence: 0.9,
910
+ });
911
+ }
912
+ // Spring: Logging sensitive data
913
+ const logSensitiveLines = getLineNumbers(code, /(?:log|logger|LOG)\.\w+\s*\([^)]*(?:password|secret|token|apiKey|credentials|ssn|creditCard)/gim);
914
+ if (logSensitiveLines.length > 0) {
915
+ findings.push({
916
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
917
+ severity: "high",
918
+ title: "Spring logging sensitive data — credential exposure",
919
+ description: "Sensitive data such as passwords, secrets, or tokens appears in log statements. Log files are often stored with weaker access controls and retained for extended periods.",
920
+ lineNumbers: logSensitiveLines,
921
+ recommendation: "Remove sensitive data from log statements. Use structured logging with field masking. Never log raw passwords or tokens.",
922
+ reference: "OWASP Logging — https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html",
923
+ confidence: 0.8,
924
+ });
925
+ }
926
+ }
927
+ }
928
+ // ── ASP.NET Core (C#) ─────────────────────────────────────────────────────
929
+ if (lang === "csharp") {
930
+ const hasAspNet = testCode(code, /using\s+Microsoft\.AspNetCore\b|WebApplication\b|IApplicationBuilder\b|\[ApiController\]|\[HttpGet|MapGet|MapPost/i);
931
+ if (hasAspNet) {
932
+ // ASP.NET: CORS wildcard
933
+ const corsAnyLines = getLineNumbers(code, /\.AllowAnyOrigin\s*\(\s*\)|WithOrigins\s*\(\s*["']\*["']\s*\)/gm);
934
+ if (corsAnyLines.length > 0) {
935
+ findings.push({
936
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
937
+ severity: "high",
938
+ title: "ASP.NET Core CORS allows any origin",
939
+ description: "CORS policy is configured with AllowAnyOrigin() or wildcard. This allows any website to make authenticated cross-origin requests to your API.",
940
+ lineNumbers: corsAnyLines,
941
+ recommendation: 'Restrict to specific origins: builder.WithOrigins("https://app.example.com"). Never combine AllowAnyOrigin with AllowCredentials.',
942
+ reference: "ASP.NET CORS — https://learn.microsoft.com/aspnet/core/security/cors",
943
+ confidence: 0.9,
944
+ });
945
+ }
946
+ // ASP.NET: Anti-forgery disabled
947
+ const antiForgeryOffLines = getLineNumbers(code, /\[IgnoreAntiforgeryToken\]|\[ValidateAntiForgeryToken\s*\(\s*false\s*\)\]|options\.SuppressAntiforgery/gm);
948
+ if (antiForgeryOffLines.length > 0) {
949
+ findings.push({
950
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
951
+ severity: "high",
952
+ title: "ASP.NET anti-forgery token validation disabled",
953
+ description: "Anti-forgery (CSRF) token validation is disabled for this endpoint. Browser-based clients are vulnerable to cross-site request forgery attacks.",
954
+ lineNumbers: antiForgeryOffLines,
955
+ recommendation: "Remove [IgnoreAntiforgeryToken] for browser-facing endpoints. For pure API endpoints with bearer token auth, document the exception.",
956
+ reference: "ASP.NET Anti-forgery — https://learn.microsoft.com/aspnet/core/security/anti-request-forgery",
957
+ confidence: 0.85,
958
+ });
959
+ }
960
+ // ASP.NET: SQL injection via string interpolation
961
+ const sqlInjectionLines = getLineNumbers(code, /(?:ExecuteSqlRaw|FromSqlRaw|SqlQuery)\s*\(\s*\$"|\.ExecuteReader\s*\(\s*\$"|SqlCommand\s*\(\s*\$"/gm);
962
+ if (sqlInjectionLines.length > 0) {
963
+ findings.push({
964
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
965
+ severity: "critical",
966
+ title: "ASP.NET raw SQL with string interpolation — SQL injection",
967
+ description: 'Raw SQL methods use C# string interpolation ($""), which embeds user input directly. EF Core\'s FromSqlInterpolated automatically parameterizes; FromSqlRaw does not.',
968
+ lineNumbers: sqlInjectionLines,
969
+ recommendation: 'Use FromSqlInterpolated() which auto-parameterizes: context.Users.FromSqlInterpolated($"SELECT * FROM Users WHERE Id = {id}").',
970
+ reference: "EF Core Raw SQL — https://learn.microsoft.com/ef/core/querying/sql-queries",
971
+ confidence: 0.9,
972
+ });
973
+ }
974
+ // ASP.NET: Exception details exposed
975
+ const devExceptionLines = getLineNumbers(code, /app\.UseDeveloperExceptionPage\s*\(\s*\)/gm);
976
+ if (devExceptionLines.length > 0) {
977
+ const isConditional = testCode(code, /if\s*\(\s*(?:app\.Environment\.IsDevelopment|env\.IsDevelopment)\s*\(\s*\)\s*\)[^}]*UseDeveloperExceptionPage/);
978
+ if (!isConditional) {
979
+ findings.push({
980
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
981
+ severity: "high",
982
+ title: "ASP.NET UseDeveloperExceptionPage without environment check",
983
+ description: "Developer exception page is enabled unconditionally. In production, this exposes stack traces, source code, and environment variables to users.",
984
+ lineNumbers: devExceptionLines,
985
+ recommendation: "Wrap in environment check: if (app.Environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); }",
986
+ reference: "ASP.NET Error Handling — https://learn.microsoft.com/aspnet/core/fundamentals/error-handling",
987
+ confidence: 0.85,
988
+ });
989
+ }
990
+ }
991
+ // ASP.NET: Hardcoded connection strings
992
+ const connStringLines = getLineNumbers(code, /["'](?:Server|Data Source)\s*=\s*[^"']*;.*(?:Password|Pwd)\s*=\s*[^"']*["']/gm);
993
+ if (connStringLines.length > 0) {
994
+ findings.push({
995
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
996
+ severity: "critical",
997
+ title: "ASP.NET hardcoded connection string with credentials",
998
+ description: "Database connection string with embedded password is hardcoded in source code. This exposes database credentials if the code is committed to version control.",
999
+ lineNumbers: connStringLines,
1000
+ recommendation: 'Use configuration: builder.Configuration.GetConnectionString("DefaultConnection"). Store secrets in Azure Key Vault or user-secrets for development.',
1001
+ reference: "ASP.NET Configuration — https://learn.microsoft.com/aspnet/core/fundamentals/configuration",
1002
+ confidence: 0.9,
1003
+ });
1004
+ }
1005
+ // ASP.NET: [AllowAnonymous] on sensitive endpoints
1006
+ const allowAnonLines = [];
1007
+ for (let i = 0; i < lines.length; i++) {
1008
+ if (/\[AllowAnonymous\]/.test(lines[i])) {
1009
+ // Check if next few lines have sensitive operation names
1010
+ const chunk = lines.slice(i, Math.min(i + 5, lines.length)).join(" ");
1011
+ if (/(?:Delete|Update|Admin|Create|Modify|Write|Upload|Execute)/i.test(chunk)) {
1012
+ allowAnonLines.push(i + 1);
1013
+ }
1014
+ }
1015
+ }
1016
+ if (allowAnonLines.length > 0) {
1017
+ findings.push({
1018
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1019
+ severity: "high",
1020
+ title: "ASP.NET [AllowAnonymous] on sensitive operation",
1021
+ description: "[AllowAnonymous] allows unauthenticated access to endpoints that perform write, delete, or admin operations. This likely bypasses intended authorization.",
1022
+ lineNumbers: allowAnonLines,
1023
+ recommendation: 'Remove [AllowAnonymous] and use [Authorize] with appropriate roles: [Authorize(Roles = "Admin")].',
1024
+ reference: "ASP.NET Authorization — https://learn.microsoft.com/aspnet/core/security/authorization/simple",
1025
+ confidence: 0.8,
1026
+ });
1027
+ }
1028
+ // ── v3.35.0 — Additional ASP.NET Core patterns ──
1029
+ // ASP.NET: Missing HTTPS redirection
1030
+ if (/WebApplication\.Create|builder\.Build\(\)/.test(code) && !/UseHttpsRedirection/.test(code)) {
1031
+ findings.push({
1032
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1033
+ severity: "medium",
1034
+ title: "ASP.NET missing UseHttpsRedirection — no HTTPS enforcement",
1035
+ description: "The application does not call app.UseHttpsRedirection(). HTTP requests are not automatically redirected to HTTPS, allowing sensitive data to be transmitted in cleartext.",
1036
+ lineNumbers: [1],
1037
+ recommendation: "Add app.UseHttpsRedirection() in the middleware pipeline before app.UseAuthorization().",
1038
+ reference: "ASP.NET HTTPS — https://learn.microsoft.com/aspnet/core/security/enforcing-ssl",
1039
+ confidence: 0.7,
1040
+ isAbsenceBased: true,
1041
+ });
1042
+ }
1043
+ // ASP.NET: Unsafe model binding (OverpostTo/Bind with too many properties)
1044
+ const bindAllLines = getLineNumbers(code, /\[Bind\s*\(\s*\)\s*\]|\.Entry\s*\(\s*\w+\s*\)\.CurrentValues\.SetValues/gm);
1045
+ if (bindAllLines.length > 0) {
1046
+ findings.push({
1047
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1048
+ severity: "high",
1049
+ title: "ASP.NET mass assignment — unsafe model binding",
1050
+ description: "Models are bound without specifying which properties to include. Attackers can set properties they shouldn't have access to (e.g., IsAdmin, Role, Price) via extra form fields.",
1051
+ lineNumbers: bindAllLines,
1052
+ recommendation: 'Use DTOs or [Bind(Include = "Name,Email")] to explicitly whitelist bindable properties. Never bind entity models directly from user input.',
1053
+ reference: "ASP.NET Model Binding — https://learn.microsoft.com/aspnet/core/mvc/models/model-binding",
1054
+ confidence: 0.75,
1055
+ });
1056
+ }
1057
+ // ASP.NET: Logging with string interpolation (structured logging bypass)
1058
+ const logInterpolationLines = getLineNumbers(code, /_?(?:logger|log|Logger|Log)\.\w+\s*\(\s*\$/gm);
1059
+ if (logInterpolationLines.length > 0) {
1060
+ findings.push({
1061
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1062
+ severity: "low",
1063
+ title: "ASP.NET string interpolation in logging — structured logging bypass",
1064
+ description: 'Using $"..." in ILogger calls bypasses structured logging. Log aggregation tools cannot parse or filter by parameters when they are pre-interpolated into the message string.',
1065
+ lineNumbers: logInterpolationLines,
1066
+ recommendation: 'Use message templates: _logger.LogInformation("User {UserId} logged in", userId) instead of $"User {userId} logged in".',
1067
+ reference: "ASP.NET Logging — https://learn.microsoft.com/aspnet/core/fundamentals/logging",
1068
+ confidence: 0.8,
1069
+ });
1070
+ }
1071
+ // ASP.NET: Returning ProblemDetails with sensitive info
1072
+ const problemDetailsLines = getLineNumbers(code, /Problem\s*\(\s*(?:detail|title)\s*:\s*(?:ex\.Message|exception\.Message|e\.Message|err\.Message)/gm);
1073
+ if (problemDetailsLines.length > 0) {
1074
+ findings.push({
1075
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1076
+ severity: "medium",
1077
+ title: "ASP.NET ProblemDetails with exception message — information disclosure",
1078
+ description: "Exception messages are passed directly to ProblemDetails responses. In production, this leaks internal error details, stack traces, and potentially sensitive data to API consumers.",
1079
+ lineNumbers: problemDetailsLines,
1080
+ recommendation: 'Return generic messages: Problem(detail: "An error occurred"). Log the full exception server-side. Use exception filters for centralized error handling.',
1081
+ reference: "ASP.NET Error Handling — https://learn.microsoft.com/aspnet/core/web-api/handle-errors",
1082
+ confidence: 0.8,
1083
+ });
1084
+ }
1085
+ // ASP.NET: Missing authorization on controller
1086
+ const controllerNoAuthLines = [];
1087
+ for (let i = 0; i < lines.length; i++) {
1088
+ if (/\[ApiController\]/.test(lines[i])) {
1089
+ const chunk = lines.slice(Math.max(0, i - 3), i + 1).join(" ");
1090
+ if (!/\[Authorize|AllowAnonymous/.test(chunk)) {
1091
+ controllerNoAuthLines.push(i + 1);
1092
+ }
1093
+ }
1094
+ }
1095
+ if (controllerNoAuthLines.length > 0) {
1096
+ findings.push({
1097
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1098
+ severity: "medium",
1099
+ title: "ASP.NET [ApiController] without [Authorize] — no default auth",
1100
+ description: "API controller does not have [Authorize] attribute. All endpoints on this controller are accessible without authentication unless individually decorated.",
1101
+ lineNumbers: controllerNoAuthLines,
1102
+ recommendation: "Add [Authorize] at the controller level and use [AllowAnonymous] for specific public endpoints: [Authorize] [ApiController] public class UsersController.",
1103
+ reference: "ASP.NET Authorization — https://learn.microsoft.com/aspnet/core/security/authorization/simple",
1104
+ confidence: 0.65,
1105
+ isAbsenceBased: true,
1106
+ });
1107
+ }
1108
+ }
1109
+ }
1110
+ // ── Gin / Echo / Fiber (Go) ───────────────────────────────────────────────
1111
+ if (lang === "go") {
1112
+ const hasGin = testCode(code, /["']github\.com\/gin-gonic\/gin["']|gin\.Default\s*\(\s*\)|gin\.New\s*\(\s*\)/i);
1113
+ const hasEcho = testCode(code, /["']github\.com\/labstack\/echo["']|echo\.New\s*\(\s*\)/i);
1114
+ const hasFiber = testCode(code, /["']github\.com\/gofiber\/fiber["']|fiber\.New\s*\(\s*\)/i);
1115
+ if (hasGin || hasEcho || hasFiber) {
1116
+ // Go: Binding without validation
1117
+ const bindNoValidateLines = [];
1118
+ for (let i = 0; i < lines.length; i++) {
1119
+ if (isCommentLine(lines[i]))
1120
+ continue;
1121
+ if (/\.(?:Bind|ShouldBind|BindJSON|ShouldBindJSON)\s*\(/.test(lines[i])) {
1122
+ // Check for validate tag usage
1123
+ const bodyEnd = Math.min(i + 10, lines.length);
1124
+ const bodyChunk = lines.slice(i, bodyEnd).join(" ");
1125
+ if (!/validate\.Struct|binding:"required|validator\.Validate/.test(bodyChunk)) {
1126
+ bindNoValidateLines.push(i + 1);
1127
+ }
1128
+ }
1129
+ }
1130
+ if (bindNoValidateLines.length > 0) {
1131
+ findings.push({
1132
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1133
+ severity: "medium",
1134
+ title: "Go HTTP binding without input validation",
1135
+ description: 'Request data is bound to structs without validation. Without struct tag validation (binding:"required") or explicit validator calls, malformed or malicious input may proceed unchecked.',
1136
+ lineNumbers: bindNoValidateLines,
1137
+ recommendation: 'Use struct tags: `json:"name" binding:"required,min=1,max=100"` with ShouldBindJSON, or validate explicitly with go-playground/validator.',
1138
+ reference: "Gin Validation — https://gin-gonic.com/docs/examples/binding-and-validation/",
1139
+ confidence: 0.75,
1140
+ isAbsenceBased: true,
1141
+ });
1142
+ }
1143
+ // Go: SQL query string building
1144
+ const goSqlInjectionLines = getLineNumbers(code, /(?:db\.(?:Query|Exec|QueryRow)|tx\.(?:Query|Exec|QueryRow))\s*\(\s*(?:fmt\.Sprintf|.*\+\s*)/gm);
1145
+ if (goSqlInjectionLines.length > 0) {
1146
+ findings.push({
1147
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1148
+ severity: "critical",
1149
+ title: "Go SQL query with string formatting — SQL injection",
1150
+ description: "SQL queries use fmt.Sprintf or string concatenation to embed values. Go's database/sql library supports parameterized queries ($1, ?) that prevent SQL injection.",
1151
+ lineNumbers: goSqlInjectionLines,
1152
+ recommendation: 'Use parameterized queries: db.Query("SELECT * FROM users WHERE id = $1", userID).',
1153
+ reference: "Go database/sql — https://pkg.go.dev/database/sql",
1154
+ confidence: 0.9,
1155
+ });
1156
+ }
1157
+ // Go: Gin TrustedProxies not configured
1158
+ if (hasGin) {
1159
+ const hasTrustedProxies = testCode(code, /\.SetTrustedProxies\s*\(|TrustedProxies/i);
1160
+ const hasProxyHint = testCode(code, /proxy|nginx|loadbalanc|X-Forwarded|CDN/i);
1161
+ if (!hasTrustedProxies && hasProxyHint) {
1162
+ findings.push({
1163
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1164
+ severity: "medium",
1165
+ title: "Gin TrustedProxies not configured — IP spoofing risk",
1166
+ description: "Gin router doesn't configure SetTrustedProxies() despite proxy references. Without this, any client can spoof X-Forwarded-For to bypass IP-based security.",
1167
+ lineNumbers: [1],
1168
+ recommendation: 'Set trusted proxies: router.SetTrustedProxies([]string{"10.0.0.0/8"}) or router.SetTrustedProxies(nil) to disable header reading.',
1169
+ reference: "Gin Trusted Proxies — https://gin-gonic.com/docs/quickstart/#don-t-trust-all-proxies",
1170
+ confidence: 0.75,
1171
+ isAbsenceBased: true,
1172
+ });
1173
+ }
1174
+ }
1175
+ // Go: Serving static files from project root
1176
+ const goStaticRootLines = getLineNumbers(code, /\.Static\s*\(\s*["']\/["']\s*,\s*["']\.["']\s*\)/gm);
1177
+ if (goStaticRootLines.length > 0) {
1178
+ findings.push({
1179
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
1180
+ severity: "high",
1181
+ title: "Go HTTP static file server at project root — file exposure",
1182
+ description: "Static file handler serves from the project root directory, exposing source code, .env files, go.sum, and other sensitive files.",
1183
+ lineNumbers: goStaticRootLines,
1184
+ recommendation: 'Serve from a dedicated directory: router.Static("/static", "./public").',
1185
+ confidence: 0.9,
1186
+ });
1187
+ }
1188
+ // Go: html/template with unescaped content
1189
+ const unsafeTemplateLines = getLineNumbers(code, /template\.HTML\s*\(|\.Funcs\s*\(.*"safe|"noescape"/gm);
1190
+ if (unsafeTemplateLines.length > 0) {
1191
+ findings.push({
1192
+ ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`, // eslint-disable-line no-useless-assignment
1193
+ severity: "high",
1194
+ title: "Go template with unsafe HTML casting — XSS risk",
1195
+ description: "template.HTML() casts strings to unescaped HTML, bypassing Go's template auto-escaping. If user input reaches this cast, it's an XSS vulnerability.",
1196
+ lineNumbers: unsafeTemplateLines,
1197
+ recommendation: "Avoid template.HTML(). Let Go's html/template auto-escape content. If raw HTML is needed, sanitize with bluemonday first.",
1198
+ reference: "Go html/template — https://pkg.go.dev/html/template",
1199
+ confidence: 0.85,
1200
+ });
1201
+ }
1202
+ }
1203
+ }
1204
+ return findings;
1205
+ }