npm - @kevinrabun/judges-cli - Versions diffs - 3.124.0 - Mend

@kevinrabun/judges-cli 3.124.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1745) hide show

package/README.md +24 -0
package/agents/accessibility.judge.md +44 -0
package/agents/agent-instructions.judge.md +44 -0
package/agents/ai-code-safety.judge.md +55 -0
package/agents/api-contract.judge.md +37 -0
package/agents/api-design.judge.md +55 -0
package/agents/authentication.judge.md +61 -0
package/agents/backwards-compatibility.judge.md +44 -0
package/agents/caching.judge.md +44 -0
package/agents/ci-cd.judge.md +44 -0
package/agents/cloud-readiness.judge.md +51 -0
package/agents/code-structure.judge.md +48 -0
package/agents/compliance.judge.md +47 -0
package/agents/concurrency.judge.md +46 -0
package/agents/configuration-management.judge.md +44 -0
package/agents/cost-effectiveness.judge.md +40 -0
package/agents/cybersecurity.judge.md +61 -0
package/agents/data-security.judge.md +48 -0
package/agents/data-sovereignty.judge.md +58 -0
package/agents/database.judge.md +49 -0
package/agents/dependency-health.judge.md +46 -0
package/agents/documentation.judge.md +53 -0
package/agents/error-handling.judge.md +53 -0
package/agents/ethics-bias.judge.md +46 -0
package/agents/false-positive-review.judge.md +85 -0
package/agents/framework-safety.judge.md +47 -0
package/agents/hallucination-detection.judge.md +46 -0
package/agents/iac-security.judge.md +45 -0
package/agents/intent-alignment.judge.md +44 -0
package/agents/internationalization.judge.md +42 -0
package/agents/logging-privacy.judge.md +44 -0
package/agents/logic-review.judge.md +34 -0
package/agents/maintainability.judge.md +44 -0
package/agents/model-fingerprint.judge.md +31 -0
package/agents/multi-turn-coherence.judge.md +36 -0
package/agents/observability.judge.md +52 -0
package/agents/over-engineering.judge.md +48 -0
package/agents/performance.judge.md +44 -0
package/agents/portability.judge.md +44 -0
package/agents/rate-limiting.judge.md +53 -0
package/agents/reliability.judge.md +55 -0
package/agents/scalability.judge.md +50 -0
package/agents/security.judge.md +62 -0
package/agents/software-practices.judge.md +54 -0
package/agents/testing.judge.md +52 -0
package/agents/ux.judge.md +44 -0
package/bin/judges.js +8 -0
package/dist/a2a-protocol.d.ts +136 -0
package/dist/a2a-protocol.js +218 -0
package/dist/agent-loader.d.ts +107 -0
package/dist/agent-loader.js +260 -0
package/dist/api.d.ts +169 -0
package/dist/api.js +195 -0
package/dist/ast/cross-file-taint.d.ts +42 -0
package/dist/ast/cross-file-taint.js +679 -0
package/dist/ast/index.d.ts +25 -0
package/dist/ast/index.js +148 -0
package/dist/ast/structural-parser.d.ts +2 -0
package/dist/ast/structural-parser.js +756 -0
package/dist/ast/taint-tracker.d.ts +48 -0
package/dist/ast/taint-tracker.js +1033 -0
package/dist/ast/tree-sitter-ast.d.ts +33 -0
package/dist/ast/tree-sitter-ast.js +1164 -0
package/dist/ast/types.d.ts +50 -0
package/dist/ast/types.js +7 -0
package/dist/audit-trail.d.ts +245 -0
package/dist/audit-trail.js +257 -0
package/dist/auto-tune.d.ts +146 -0
package/dist/auto-tune.js +373 -0
package/dist/cache.d.ts +53 -0
package/dist/cache.js +86 -0
package/dist/calibration.d.ts +108 -0
package/dist/calibration.js +219 -0
package/dist/cli-dispatch.d.ts +7 -0
package/dist/cli-dispatch.js +654 -0
package/dist/cli-formatters.d.ts +6 -0
package/dist/cli-formatters.js +186 -0
package/dist/cli-helpers.d.ts +29 -0
package/dist/cli-helpers.js +129 -0
package/dist/cli.d.ts +30 -0
package/dist/cli.js +1487 -0
package/dist/commands/adoption-report.d.ts +7 -0
package/dist/commands/adoption-report.js +218 -0
package/dist/commands/adoption-track.d.ts +4 -0
package/dist/commands/adoption-track.js +246 -0
package/dist/commands/ai-gate.d.ts +7 -0
package/dist/commands/ai-gate.js +212 -0
package/dist/commands/ai-model-trust.d.ts +16 -0
package/dist/commands/ai-model-trust.js +234 -0
package/dist/commands/ai-output-compare.d.ts +8 -0
package/dist/commands/ai-output-compare.js +202 -0
package/dist/commands/ai-pattern-trend.d.ts +8 -0
package/dist/commands/ai-pattern-trend.js +223 -0
package/dist/commands/ai-prompt-audit.d.ts +22 -0
package/dist/commands/ai-prompt-audit.js +254 -0
package/dist/commands/ai-provenance.d.ts +4 -0
package/dist/commands/ai-provenance.js +247 -0
package/dist/commands/api-audit.d.ts +8 -0
package/dist/commands/api-audit.js +359 -0
package/dist/commands/api-misuse.d.ts +4 -0
package/dist/commands/api-misuse.js +260 -0
package/dist/commands/api-versioning-audit.d.ts +5 -0
package/dist/commands/api-versioning-audit.js +233 -0
package/dist/commands/approve-chain.d.ts +7 -0
package/dist/commands/approve-chain.js +234 -0
package/dist/commands/arch-audit.d.ts +8 -0
package/dist/commands/arch-audit.js +283 -0
package/dist/commands/assertion-density.d.ts +4 -0
package/dist/commands/assertion-density.js +263 -0
package/dist/commands/assign-findings.d.ts +36 -0
package/dist/commands/assign-findings.js +177 -0
package/dist/commands/async-safety.d.ts +4 -0
package/dist/commands/async-safety.js +266 -0
package/dist/commands/audit-bundle.d.ts +28 -0
package/dist/commands/audit-bundle.js +234 -0
package/dist/commands/audit-trail.d.ts +17 -0
package/dist/commands/audit-trail.js +154 -0
package/dist/commands/auto-approve.d.ts +4 -0
package/dist/commands/auto-approve.js +188 -0
package/dist/commands/auto-calibrate.d.ts +14 -0
package/dist/commands/auto-calibrate.js +106 -0
package/dist/commands/auto-detect.d.ts +61 -0
package/dist/commands/auto-detect.js +328 -0
package/dist/commands/auto-fix.d.ts +17 -0
package/dist/commands/auto-fix.js +240 -0
package/dist/commands/auto-triage.d.ts +31 -0
package/dist/commands/auto-triage.js +125 -0
package/dist/commands/baseline.d.ts +47 -0
package/dist/commands/baseline.js +353 -0
package/dist/commands/batch-review.d.ts +4 -0
package/dist/commands/batch-review.js +180 -0
package/dist/commands/benchmark-advanced.d.ts +14 -0
package/dist/commands/benchmark-advanced.js +5057 -0
package/dist/commands/benchmark-ai-agents.d.ts +8 -0
package/dist/commands/benchmark-ai-agents.js +4123 -0
package/dist/commands/benchmark-ai-output.d.ts +9 -0
package/dist/commands/benchmark-ai-output.js +365 -0
package/dist/commands/benchmark-compliance-ethics.d.ts +8 -0
package/dist/commands/benchmark-compliance-ethics.js +3060 -0
package/dist/commands/benchmark-expanded-2.d.ts +12 -0
package/dist/commands/benchmark-expanded-2.js +5530 -0
package/dist/commands/benchmark-expanded.d.ts +12 -0
package/dist/commands/benchmark-expanded.js +2599 -0
package/dist/commands/benchmark-infrastructure.d.ts +8 -0
package/dist/commands/benchmark-infrastructure.js +2882 -0
package/dist/commands/benchmark-languages.d.ts +8 -0
package/dist/commands/benchmark-languages.js +1963 -0
package/dist/commands/benchmark-quality-ops.d.ts +8 -0
package/dist/commands/benchmark-quality-ops.js +3415 -0
package/dist/commands/benchmark-security-deep.d.ts +9 -0
package/dist/commands/benchmark-security-deep.js +2335 -0
package/dist/commands/benchmark.d.ts +233 -0
package/dist/commands/benchmark.js +3214 -0
package/dist/commands/blame-review.d.ts +4 -0
package/dist/commands/blame-review.js +266 -0
package/dist/commands/boundary-enforce.d.ts +5 -0
package/dist/commands/boundary-enforce.js +255 -0
package/dist/commands/build-optimize.d.ts +6 -0
package/dist/commands/build-optimize.js +256 -0
package/dist/commands/burndown.d.ts +26 -0
package/dist/commands/burndown.js +179 -0
package/dist/commands/cache-audit.d.ts +4 -0
package/dist/commands/cache-audit.js +219 -0
package/dist/commands/calibration-dashboard.d.ts +1 -0
package/dist/commands/calibration-dashboard.js +294 -0
package/dist/commands/calibration-share.d.ts +30 -0
package/dist/commands/calibration-share.js +182 -0
package/dist/commands/chat-notify.d.ts +8 -0
package/dist/commands/chat-notify.js +258 -0
package/dist/commands/ci-template.d.ts +14 -0
package/dist/commands/ci-template.js +211 -0
package/dist/commands/ci-templates.d.ts +9 -0
package/dist/commands/ci-templates.js +89 -0
package/dist/commands/clarity-score.d.ts +8 -0
package/dist/commands/clarity-score.js +260 -0
package/dist/commands/clone-detect.d.ts +4 -0
package/dist/commands/clone-detect.js +232 -0
package/dist/commands/coach-mode.d.ts +7 -0
package/dist/commands/coach-mode.js +229 -0
package/dist/commands/code-health.d.ts +4 -0
package/dist/commands/code-health.js +195 -0
package/dist/commands/code-owner-suggest.d.ts +16 -0
package/dist/commands/code-owner-suggest.js +214 -0
package/dist/commands/code-similarity.d.ts +8 -0
package/dist/commands/code-similarity.js +231 -0
package/dist/commands/comment-drift.d.ts +4 -0
package/dist/commands/comment-drift.js +228 -0
package/dist/commands/commit-hygiene.d.ts +5 -0
package/dist/commands/commit-hygiene.js +175 -0
package/dist/commands/community-patterns.d.ts +1 -0
package/dist/commands/community-patterns.js +131 -0
package/dist/commands/compare-runs.d.ts +37 -0
package/dist/commands/compare-runs.js +228 -0
package/dist/commands/completion-audit.d.ts +4 -0
package/dist/commands/completion-audit.js +296 -0
package/dist/commands/completions.d.ts +1 -0
package/dist/commands/completions.js +257 -0
package/dist/commands/compliance-map.d.ts +8 -0
package/dist/commands/compliance-map.js +374 -0
package/dist/commands/compliance-report.d.ts +34 -0
package/dist/commands/compliance-report.js +161 -0
package/dist/commands/compliance-weight.d.ts +8 -0
package/dist/commands/compliance-weight.js +272 -0
package/dist/commands/config-drift.d.ts +24 -0
package/dist/commands/config-drift.js +213 -0
package/dist/commands/config-lint.d.ts +4 -0
package/dist/commands/config-lint.js +187 -0
package/dist/commands/config-migrate.d.ts +43 -0
package/dist/commands/config-migrate.js +240 -0
package/dist/commands/config-share.d.ts +95 -0
package/dist/commands/config-share.js +406 -0
package/dist/commands/context-blind.d.ts +4 -0
package/dist/commands/context-blind.js +272 -0
package/dist/commands/context-inject.d.ts +8 -0
package/dist/commands/context-inject.js +211 -0
package/dist/commands/contract-verify.d.ts +4 -0
package/dist/commands/contract-verify.js +316 -0
package/dist/commands/correlate.d.ts +27 -0
package/dist/commands/correlate.js +241 -0
package/dist/commands/cost-forecast.d.ts +18 -0
package/dist/commands/cost-forecast.js +193 -0
package/dist/commands/coverage-map.d.ts +22 -0
package/dist/commands/coverage-map.js +222 -0
package/dist/commands/coverage.d.ts +40 -0
package/dist/commands/coverage.js +147 -0
package/dist/commands/cross-file-consistency.d.ts +4 -0
package/dist/commands/cross-file-consistency.js +254 -0
package/dist/commands/cross-pr-regression.d.ts +8 -0
package/dist/commands/cross-pr-regression.js +297 -0
package/dist/commands/custom-rule.d.ts +4 -0
package/dist/commands/custom-rule.js +210 -0
package/dist/commands/dead-code-detect.d.ts +4 -0
package/dist/commands/dead-code-detect.js +255 -0
package/dist/commands/dedup-report.d.ts +12 -0
package/dist/commands/dedup-report.js +137 -0
package/dist/commands/dep-audit.d.ts +52 -0
package/dist/commands/dep-audit.js +277 -0
package/dist/commands/dep-correlate.d.ts +8 -0
package/dist/commands/dep-correlate.js +207 -0
package/dist/commands/deploy-readiness.d.ts +5 -0
package/dist/commands/deploy-readiness.js +211 -0
package/dist/commands/deprecated.d.ts +47 -0
package/dist/commands/deprecated.js +201 -0
package/dist/commands/deps.d.ts +5 -0
package/dist/commands/deps.js +122 -0
package/dist/commands/design-audit.d.ts +8 -0
package/dist/commands/design-audit.js +301 -0
package/dist/commands/dev-score.d.ts +36 -0
package/dist/commands/dev-score.js +203 -0
package/dist/commands/diff-explain.d.ts +4 -0
package/dist/commands/diff-explain.js +142 -0
package/dist/commands/diff-only.d.ts +33 -0
package/dist/commands/diff-only.js +151 -0
package/dist/commands/diff-review.d.ts +4 -0
package/dist/commands/diff-review.js +190 -0
package/dist/commands/diff.d.ts +6 -0
package/dist/commands/diff.js +449 -0
package/dist/commands/digest.d.ts +19 -0
package/dist/commands/digest.js +221 -0
package/dist/commands/doc-drift.d.ts +8 -0
package/dist/commands/doc-drift.js +258 -0
package/dist/commands/doc-gen.d.ts +7 -0
package/dist/commands/doc-gen.js +208 -0
package/dist/commands/docs.d.ts +1 -0
package/dist/commands/docs.js +156 -0
package/dist/commands/doctor.d.ts +55 -0
package/dist/commands/doctor.js +362 -0
package/dist/commands/encoding-safety.d.ts +4 -0
package/dist/commands/encoding-safety.js +275 -0
package/dist/commands/error-taxonomy.d.ts +5 -0
package/dist/commands/error-taxonomy.js +226 -0
package/dist/commands/error-ux.d.ts +4 -0
package/dist/commands/error-ux.js +252 -0
package/dist/commands/event-leak.d.ts +4 -0
package/dist/commands/event-leak.js +262 -0
package/dist/commands/evidence-chain.d.ts +4 -0
package/dist/commands/evidence-chain.js +309 -0
package/dist/commands/example-leak.d.ts +4 -0
package/dist/commands/example-leak.js +232 -0
package/dist/commands/exception-consistency.d.ts +6 -0
package/dist/commands/exception-consistency.js +192 -0
package/dist/commands/exec-report.d.ts +8 -0
package/dist/commands/exec-report.js +271 -0
package/dist/commands/explain-finding.d.ts +7 -0
package/dist/commands/explain-finding.js +278 -0
package/dist/commands/false-negatives.d.ts +34 -0
package/dist/commands/false-negatives.js +165 -0
package/dist/commands/feedback-rules.d.ts +28 -0
package/dist/commands/feedback-rules.js +173 -0
package/dist/commands/feedback.d.ts +182 -0
package/dist/commands/feedback.js +550 -0
package/dist/commands/finding-age-analysis.d.ts +4 -0
package/dist/commands/finding-age-analysis.js +144 -0
package/dist/commands/finding-age-report.d.ts +4 -0
package/dist/commands/finding-age-report.js +154 -0
package/dist/commands/finding-age-tracker.d.ts +7 -0
package/dist/commands/finding-age-tracker.js +152 -0
package/dist/commands/finding-age.d.ts +4 -0
package/dist/commands/finding-age.js +145 -0
package/dist/commands/finding-ancestry-trace.d.ts +1 -0
package/dist/commands/finding-ancestry-trace.js +69 -0
package/dist/commands/finding-annotation-export.d.ts +1 -0
package/dist/commands/finding-annotation-export.js +97 -0
package/dist/commands/finding-annotation-layer.d.ts +4 -0
package/dist/commands/finding-annotation-layer.js +128 -0
package/dist/commands/finding-auto-categorize.d.ts +1 -0
package/dist/commands/finding-auto-categorize.js +109 -0
package/dist/commands/finding-auto-fix-suggest.d.ts +1 -0
package/dist/commands/finding-auto-fix-suggest.js +76 -0
package/dist/commands/finding-auto-fix.d.ts +4 -0
package/dist/commands/finding-auto-fix.js +188 -0
package/dist/commands/finding-auto-group.d.ts +4 -0
package/dist/commands/finding-auto-group.js +108 -0
package/dist/commands/finding-auto-label.d.ts +4 -0
package/dist/commands/finding-auto-label.js +220 -0
package/dist/commands/finding-auto-priority.d.ts +1 -0
package/dist/commands/finding-auto-priority.js +100 -0
package/dist/commands/finding-auto-suppress.d.ts +4 -0
package/dist/commands/finding-auto-suppress.js +126 -0
package/dist/commands/finding-auto-tag.d.ts +4 -0
package/dist/commands/finding-auto-tag.js +113 -0
package/dist/commands/finding-auto-triage.d.ts +4 -0
package/dist/commands/finding-auto-triage.js +108 -0
package/dist/commands/finding-autofix-preview.d.ts +4 -0
package/dist/commands/finding-autofix-preview.js +86 -0
package/dist/commands/finding-batch-resolve.d.ts +4 -0
package/dist/commands/finding-batch-resolve.js +165 -0
package/dist/commands/finding-batch-suppress.d.ts +4 -0
package/dist/commands/finding-batch-suppress.js +85 -0
package/dist/commands/finding-batch-triage.d.ts +1 -0
package/dist/commands/finding-batch-triage.js +90 -0
package/dist/commands/finding-blast-radius.d.ts +4 -0
package/dist/commands/finding-blast-radius.js +91 -0
package/dist/commands/finding-budget.d.ts +4 -0
package/dist/commands/finding-budget.js +232 -0
package/dist/commands/finding-category-map.d.ts +4 -0
package/dist/commands/finding-category-map.js +103 -0
package/dist/commands/finding-category-stats.d.ts +4 -0
package/dist/commands/finding-category-stats.js +104 -0
package/dist/commands/finding-category.d.ts +4 -0
package/dist/commands/finding-category.js +109 -0
package/dist/commands/finding-change-impact.d.ts +4 -0
package/dist/commands/finding-change-impact.js +107 -0
package/dist/commands/finding-cluster-analysis.d.ts +4 -0
package/dist/commands/finding-cluster-analysis.js +133 -0
package/dist/commands/finding-cluster-group.d.ts +4 -0
package/dist/commands/finding-cluster-group.js +105 -0
package/dist/commands/finding-cluster-summary.d.ts +1 -0
package/dist/commands/finding-cluster-summary.js +85 -0
package/dist/commands/finding-cluster.d.ts +4 -0
package/dist/commands/finding-cluster.js +157 -0
package/dist/commands/finding-code-context.d.ts +4 -0
package/dist/commands/finding-code-context.js +96 -0
package/dist/commands/finding-code-smell.d.ts +4 -0
package/dist/commands/finding-code-smell.js +113 -0
package/dist/commands/finding-compare-runs.d.ts +4 -0
package/dist/commands/finding-compare-runs.js +105 -0
package/dist/commands/finding-compliance-tag.d.ts +1 -0
package/dist/commands/finding-compliance-tag.js +106 -0
package/dist/commands/finding-confidence-boost.d.ts +1 -0
package/dist/commands/finding-confidence-boost.js +88 -0
package/dist/commands/finding-confidence-calibrate.d.ts +4 -0
package/dist/commands/finding-confidence-calibrate.js +111 -0
package/dist/commands/finding-confidence-filter.d.ts +4 -0
package/dist/commands/finding-confidence-filter.js +77 -0
package/dist/commands/finding-contest.d.ts +7 -0
package/dist/commands/finding-contest.js +192 -0
package/dist/commands/finding-context-enrich.d.ts +4 -0
package/dist/commands/finding-context-enrich.js +89 -0
package/dist/commands/finding-context-expand.d.ts +4 -0
package/dist/commands/finding-context-expand.js +102 -0
package/dist/commands/finding-context-link.d.ts +1 -0
package/dist/commands/finding-context-link.js +94 -0
package/dist/commands/finding-context-summary.d.ts +1 -0
package/dist/commands/finding-context-summary.js +85 -0
package/dist/commands/finding-context-window.d.ts +4 -0
package/dist/commands/finding-context-window.js +126 -0
package/dist/commands/finding-context.d.ts +4 -0
package/dist/commands/finding-context.js +140 -0
package/dist/commands/finding-correlate.d.ts +4 -0
package/dist/commands/finding-correlate.js +88 -0
package/dist/commands/finding-correlation-map.d.ts +4 -0
package/dist/commands/finding-correlation-map.js +101 -0
package/dist/commands/finding-correlation.d.ts +4 -0
package/dist/commands/finding-correlation.js +103 -0
package/dist/commands/finding-cross-file-link.d.ts +1 -0
package/dist/commands/finding-cross-file-link.js +101 -0
package/dist/commands/finding-cross-ref.d.ts +4 -0
package/dist/commands/finding-cross-ref.js +98 -0
package/dist/commands/finding-cve-lookup.d.ts +4 -0
package/dist/commands/finding-cve-lookup.js +97 -0
package/dist/commands/finding-cwe-lookup.d.ts +4 -0
package/dist/commands/finding-cwe-lookup.js +148 -0
package/dist/commands/finding-cwe-map.d.ts +4 -0
package/dist/commands/finding-cwe-map.js +133 -0
package/dist/commands/finding-dedup-cross-file.d.ts +4 -0
package/dist/commands/finding-dedup-cross-file.js +95 -0
package/dist/commands/finding-dedup-cross.d.ts +4 -0
package/dist/commands/finding-dedup-cross.js +90 -0
package/dist/commands/finding-dedup-merge.d.ts +1 -0
package/dist/commands/finding-dedup-merge.js +107 -0
package/dist/commands/finding-dedup-report.d.ts +4 -0
package/dist/commands/finding-dedup-report.js +101 -0
package/dist/commands/finding-dedup-smart.d.ts +1 -0
package/dist/commands/finding-dedup-smart.js +109 -0
package/dist/commands/finding-deduplicate.d.ts +4 -0
package/dist/commands/finding-deduplicate.js +141 -0
package/dist/commands/finding-dependency-check.d.ts +4 -0
package/dist/commands/finding-dependency-check.js +119 -0
package/dist/commands/finding-dependency-impact.d.ts +1 -0
package/dist/commands/finding-dependency-impact.js +97 -0
package/dist/commands/finding-dependency-link.d.ts +4 -0
package/dist/commands/finding-dependency-link.js +73 -0
package/dist/commands/finding-dependency-risk.d.ts +4 -0
package/dist/commands/finding-dependency-risk.js +117 -0
package/dist/commands/finding-dependency-tree.d.ts +4 -0
package/dist/commands/finding-dependency-tree.js +116 -0
package/dist/commands/finding-diff-highlight.d.ts +4 -0
package/dist/commands/finding-diff-highlight.js +107 -0
package/dist/commands/finding-dismiss-workflow.d.ts +4 -0
package/dist/commands/finding-dismiss-workflow.js +119 -0
package/dist/commands/finding-duplicate-detect.d.ts +4 -0
package/dist/commands/finding-duplicate-detect.js +113 -0
package/dist/commands/finding-duplicate-rule.d.ts +4 -0
package/dist/commands/finding-duplicate-rule.js +103 -0
package/dist/commands/finding-effort-rank.d.ts +1 -0
package/dist/commands/finding-effort-rank.js +93 -0
package/dist/commands/finding-evidence-chain.d.ts +4 -0
package/dist/commands/finding-evidence-chain.js +147 -0
package/dist/commands/finding-evidence-collect.d.ts +4 -0
package/dist/commands/finding-evidence-collect.js +114 -0
package/dist/commands/finding-explain.d.ts +4 -0
package/dist/commands/finding-explain.js +93 -0
package/dist/commands/finding-export-csv.d.ts +4 -0
package/dist/commands/finding-export-csv.js +78 -0
package/dist/commands/finding-false-neg-check.d.ts +8 -0
package/dist/commands/finding-false-neg-check.js +139 -0
package/dist/commands/finding-false-positive-learn.d.ts +4 -0
package/dist/commands/finding-false-positive-learn.js +85 -0
package/dist/commands/finding-false-positive-log.d.ts +4 -0
package/dist/commands/finding-false-positive-log.js +150 -0
package/dist/commands/finding-false-positive.d.ts +4 -0
package/dist/commands/finding-false-positive.js +134 -0
package/dist/commands/finding-filter-view.d.ts +4 -0
package/dist/commands/finding-filter-view.js +107 -0
package/dist/commands/finding-fix-chain.d.ts +1 -0
package/dist/commands/finding-fix-chain.js +78 -0
package/dist/commands/finding-fix-estimate.d.ts +1 -0
package/dist/commands/finding-fix-estimate.js +95 -0
package/dist/commands/finding-fix-playbook.d.ts +1 -0
package/dist/commands/finding-fix-playbook.js +110 -0
package/dist/commands/finding-fix-priority.d.ts +4 -0
package/dist/commands/finding-fix-priority.js +98 -0
package/dist/commands/finding-fix-rate.d.ts +4 -0
package/dist/commands/finding-fix-rate.js +141 -0
package/dist/commands/finding-fix-suggest.d.ts +4 -0
package/dist/commands/finding-fix-suggest.js +88 -0
package/dist/commands/finding-fix-validation.d.ts +4 -0
package/dist/commands/finding-fix-validation.js +115 -0
package/dist/commands/finding-fix-verify.d.ts +4 -0
package/dist/commands/finding-fix-verify.js +198 -0
package/dist/commands/finding-group-by.d.ts +4 -0
package/dist/commands/finding-group-by.js +86 -0
package/dist/commands/finding-group.d.ts +15 -0
package/dist/commands/finding-group.js +164 -0
package/dist/commands/finding-groupby-file.d.ts +4 -0
package/dist/commands/finding-groupby-file.js +94 -0
package/dist/commands/finding-hotfix-suggest.d.ts +7 -0
package/dist/commands/finding-hotfix-suggest.js +170 -0
package/dist/commands/finding-hotspot-detect.d.ts +1 -0
package/dist/commands/finding-hotspot-detect.js +120 -0
package/dist/commands/finding-hotspot-map.d.ts +4 -0
package/dist/commands/finding-hotspot-map.js +106 -0
package/dist/commands/finding-hotspot.d.ts +4 -0
package/dist/commands/finding-hotspot.js +115 -0
package/dist/commands/finding-impact-radius.d.ts +1 -0
package/dist/commands/finding-impact-radius.js +94 -0
package/dist/commands/finding-impact-rank.d.ts +4 -0
package/dist/commands/finding-impact-rank.js +85 -0
package/dist/commands/finding-impact-score.d.ts +4 -0
package/dist/commands/finding-impact-score.js +123 -0
package/dist/commands/finding-impact.d.ts +4 -0
package/dist/commands/finding-impact.js +135 -0
package/dist/commands/finding-line-blame.d.ts +7 -0
package/dist/commands/finding-line-blame.js +129 -0
package/dist/commands/finding-link-graph.d.ts +4 -0
package/dist/commands/finding-link-graph.js +144 -0
package/dist/commands/finding-link.d.ts +4 -0
package/dist/commands/finding-link.js +128 -0
package/dist/commands/finding-merge-results.d.ts +4 -0
package/dist/commands/finding-merge-results.js +110 -0
package/dist/commands/finding-merge-strategy.d.ts +1 -0
package/dist/commands/finding-merge-strategy.js +84 -0
package/dist/commands/finding-metadata-enrich.d.ts +4 -0
package/dist/commands/finding-metadata-enrich.js +92 -0
package/dist/commands/finding-noise-filter.d.ts +7 -0
package/dist/commands/finding-noise-filter.js +140 -0
package/dist/commands/finding-noise-reduce.d.ts +1 -0
package/dist/commands/finding-noise-reduce.js +81 -0
package/dist/commands/finding-noise-score.d.ts +1 -0
package/dist/commands/finding-noise-score.js +93 -0
package/dist/commands/finding-owner-assign.d.ts +4 -0
package/dist/commands/finding-owner-assign.js +133 -0
package/dist/commands/finding-owner-notify.d.ts +1 -0
package/dist/commands/finding-owner-notify.js +121 -0
package/dist/commands/finding-ownership-assign.d.ts +4 -0
package/dist/commands/finding-ownership-assign.js +101 -0
package/dist/commands/finding-ownership-map.d.ts +4 -0
package/dist/commands/finding-ownership-map.js +118 -0
package/dist/commands/finding-patch-chain.d.ts +1 -0
package/dist/commands/finding-patch-chain.js +90 -0
package/dist/commands/finding-patch-preview.d.ts +4 -0
package/dist/commands/finding-patch-preview.js +103 -0
package/dist/commands/finding-pattern-detect.d.ts +4 -0
package/dist/commands/finding-pattern-detect.js +127 -0
package/dist/commands/finding-pattern-library.d.ts +4 -0
package/dist/commands/finding-pattern-library.js +145 -0
package/dist/commands/finding-pattern-match.d.ts +4 -0
package/dist/commands/finding-pattern-match.js +165 -0
package/dist/commands/finding-prioritize.d.ts +4 -0
package/dist/commands/finding-prioritize.js +119 -0
package/dist/commands/finding-priority-matrix.d.ts +4 -0
package/dist/commands/finding-priority-matrix.js +102 -0
package/dist/commands/finding-priority-queue.d.ts +4 -0
package/dist/commands/finding-priority-queue.js +131 -0
package/dist/commands/finding-priority-rank.d.ts +1 -0
package/dist/commands/finding-priority-rank.js +82 -0
package/dist/commands/finding-quality-gate.d.ts +4 -0
package/dist/commands/finding-quality-gate.js +107 -0
package/dist/commands/finding-rank.d.ts +4 -0
package/dist/commands/finding-rank.js +138 -0
package/dist/commands/finding-reachability-check.d.ts +4 -0
package/dist/commands/finding-reachability-check.js +102 -0
package/dist/commands/finding-reachability.d.ts +4 -0
package/dist/commands/finding-reachability.js +131 -0
package/dist/commands/finding-recurrence-check.d.ts +1 -0
package/dist/commands/finding-recurrence-check.js +103 -0
package/dist/commands/finding-recurrence-detect.d.ts +4 -0
package/dist/commands/finding-recurrence-detect.js +77 -0
package/dist/commands/finding-recurrence.d.ts +4 -0
package/dist/commands/finding-recurrence.js +135 -0
package/dist/commands/finding-regression-check.d.ts +4 -0
package/dist/commands/finding-regression-check.js +112 -0
package/dist/commands/finding-regression-detect.d.ts +1 -0
package/dist/commands/finding-regression-detect.js +86 -0
package/dist/commands/finding-related-rules.d.ts +4 -0
package/dist/commands/finding-related-rules.js +151 -0
package/dist/commands/finding-remediation-cost.d.ts +1 -0
package/dist/commands/finding-remediation-cost.js +79 -0
package/dist/commands/finding-remediation-plan.d.ts +4 -0
package/dist/commands/finding-remediation-plan.js +107 -0
package/dist/commands/finding-reopen-detect.d.ts +1 -0
package/dist/commands/finding-reopen-detect.js +77 -0
package/dist/commands/finding-repeat-detect.d.ts +1 -0
package/dist/commands/finding-repeat-detect.js +92 -0
package/dist/commands/finding-resolution-track.d.ts +4 -0
package/dist/commands/finding-resolution-track.js +150 -0
package/dist/commands/finding-resolution-tracker.d.ts +4 -0
package/dist/commands/finding-resolution-tracker.js +163 -0
package/dist/commands/finding-resolution-workflow.d.ts +1 -0
package/dist/commands/finding-resolution-workflow.js +91 -0
package/dist/commands/finding-resolution.d.ts +4 -0
package/dist/commands/finding-resolution.js +142 -0
package/dist/commands/finding-risk-label.d.ts +1 -0
package/dist/commands/finding-risk-label.js +72 -0
package/dist/commands/finding-risk-matrix.d.ts +4 -0
package/dist/commands/finding-risk-matrix.js +126 -0
package/dist/commands/finding-risk-score.d.ts +4 -0
package/dist/commands/finding-risk-score.js +95 -0
package/dist/commands/finding-root-cause.d.ts +4 -0
package/dist/commands/finding-root-cause.js +184 -0
package/dist/commands/finding-rule-explain.d.ts +4 -0
package/dist/commands/finding-rule-explain.js +140 -0
package/dist/commands/finding-scope-filter.d.ts +1 -0
package/dist/commands/finding-scope-filter.js +77 -0
package/dist/commands/finding-scope-impact.d.ts +1 -0
package/dist/commands/finding-scope-impact.js +83 -0
package/dist/commands/finding-search-index.d.ts +4 -0
package/dist/commands/finding-search-index.js +99 -0
package/dist/commands/finding-security-hotspot.d.ts +4 -0
package/dist/commands/finding-security-hotspot.js +175 -0
package/dist/commands/finding-severity-dist.d.ts +4 -0
package/dist/commands/finding-severity-dist.js +105 -0
package/dist/commands/finding-severity-drift.d.ts +4 -0
package/dist/commands/finding-severity-drift.js +92 -0
package/dist/commands/finding-severity-heatmap.d.ts +4 -0
package/dist/commands/finding-severity-heatmap.js +108 -0
package/dist/commands/finding-severity-histogram.d.ts +4 -0
package/dist/commands/finding-severity-histogram.js +66 -0
package/dist/commands/finding-severity-override.d.ts +4 -0
package/dist/commands/finding-severity-override.js +131 -0
package/dist/commands/finding-severity-rebalance.d.ts +1 -0
package/dist/commands/finding-severity-rebalance.js +108 -0
package/dist/commands/finding-severity-trend.d.ts +4 -0
package/dist/commands/finding-severity-trend.js +127 -0
package/dist/commands/finding-similar-match.d.ts +1 -0
package/dist/commands/finding-similar-match.js +112 -0
package/dist/commands/finding-snippet.d.ts +4 -0
package/dist/commands/finding-snippet.js +102 -0
package/dist/commands/finding-summary-digest.d.ts +7 -0
package/dist/commands/finding-summary-digest.js +145 -0
package/dist/commands/finding-suppress-pattern.d.ts +4 -0
package/dist/commands/finding-suppress-pattern.js +148 -0
package/dist/commands/finding-suppress.d.ts +4 -0
package/dist/commands/finding-suppress.js +164 -0
package/dist/commands/finding-suppression-audit.d.ts +4 -0
package/dist/commands/finding-suppression-audit.js +137 -0
package/dist/commands/finding-suppression-list.d.ts +4 -0
package/dist/commands/finding-suppression-list.js +119 -0
package/dist/commands/finding-suppression-log.d.ts +4 -0
package/dist/commands/finding-suppression-log.js +174 -0
package/dist/commands/finding-time-to-fix.d.ts +1 -0
package/dist/commands/finding-time-to-fix.js +98 -0
package/dist/commands/finding-timeline-view.d.ts +4 -0
package/dist/commands/finding-timeline-view.js +98 -0
package/dist/commands/finding-timeline.d.ts +4 -0
package/dist/commands/finding-timeline.js +143 -0
package/dist/commands/finding-top-offender.d.ts +1 -0
package/dist/commands/finding-top-offender.js +75 -0
package/dist/commands/finding-trace.d.ts +4 -0
package/dist/commands/finding-trace.js +118 -0
package/dist/commands/finding-trend-alert.d.ts +1 -0
package/dist/commands/finding-trend-alert.js +126 -0
package/dist/commands/finding-trend-analysis.d.ts +4 -0
package/dist/commands/finding-trend-analysis.js +95 -0
package/dist/commands/finding-trend-forecast.d.ts +4 -0
package/dist/commands/finding-trend-forecast.js +106 -0
package/dist/commands/finding-trend-report.d.ts +4 -0
package/dist/commands/finding-trend-report.js +107 -0
package/dist/commands/finding-trend.d.ts +4 -0
package/dist/commands/finding-trend.js +118 -0
package/dist/commands/fix-pr.d.ts +22 -0
package/dist/commands/fix-pr.js +286 -0
package/dist/commands/fix-suggest.d.ts +4 -0
package/dist/commands/fix-suggest.js +171 -0
package/dist/commands/fix-verify.d.ts +4 -0
package/dist/commands/fix-verify.js +123 -0
package/dist/commands/fix.d.ts +117 -0
package/dist/commands/fix.js +445 -0
package/dist/commands/focus-area.d.ts +5 -0
package/dist/commands/focus-area.js +192 -0
package/dist/commands/generate.d.ts +7 -0
package/dist/commands/generate.js +403 -0
package/dist/commands/governance.d.ts +31 -0
package/dist/commands/governance.js +202 -0
package/dist/commands/group-findings.d.ts +22 -0
package/dist/commands/group-findings.js +154 -0
package/dist/commands/guided-tour.d.ts +8 -0
package/dist/commands/guided-tour.js +287 -0
package/dist/commands/habit-tracker.d.ts +7 -0
package/dist/commands/habit-tracker.js +194 -0
package/dist/commands/hallucination-detect.d.ts +4 -0
package/dist/commands/hallucination-detect.js +350 -0
package/dist/commands/hallucination-score.d.ts +8 -0
package/dist/commands/hallucination-score.js +316 -0
package/dist/commands/help.d.ts +7 -0
package/dist/commands/help.js +302 -0
package/dist/commands/hook-install.d.ts +21 -0
package/dist/commands/hook-install.js +142 -0
package/dist/commands/hook.d.ts +8 -0
package/dist/commands/hook.js +145 -0
package/dist/commands/iac-lint.d.ts +7 -0
package/dist/commands/iac-lint.js +312 -0
package/dist/commands/idempotency-audit.d.ts +4 -0
package/dist/commands/idempotency-audit.js +222 -0
package/dist/commands/ignore-list.d.ts +18 -0
package/dist/commands/ignore-list.js +152 -0
package/dist/commands/impact-scan.d.ts +8 -0
package/dist/commands/impact-scan.js +281 -0
package/dist/commands/incident-response.d.ts +7 -0
package/dist/commands/incident-response.js +254 -0
package/dist/commands/incremental-review.d.ts +4 -0
package/dist/commands/incremental-review.js +236 -0
package/dist/commands/init.d.ts +10 -0
package/dist/commands/init.js +265 -0
package/dist/commands/input-guard.d.ts +4 -0
package/dist/commands/input-guard.js +255 -0
package/dist/commands/interactive-fix.d.ts +22 -0
package/dist/commands/interactive-fix.js +139 -0
package/dist/commands/judge-author.d.ts +7 -0
package/dist/commands/judge-author.js +260 -0
package/dist/commands/judge-config.d.ts +4 -0
package/dist/commands/judge-config.js +151 -0
package/dist/commands/judge-learn.d.ts +8 -0
package/dist/commands/judge-learn.js +217 -0
package/dist/commands/judge-reputation.d.ts +28 -0
package/dist/commands/judge-reputation.js +198 -0
package/dist/commands/kb.d.ts +40 -0
package/dist/commands/kb.js +228 -0
package/dist/commands/language-packs.d.ts +42 -0
package/dist/commands/language-packs.js +150 -0
package/dist/commands/learn.d.ts +26 -0
package/dist/commands/learn.js +288 -0
package/dist/commands/learning-path.d.ts +8 -0
package/dist/commands/learning-path.js +325 -0
package/dist/commands/license-scan.d.ts +8 -0
package/dist/commands/license-scan.js +183 -0
package/dist/commands/llm-benchmark-optimizer.d.ts +78 -0
package/dist/commands/llm-benchmark-optimizer.js +241 -0
package/dist/commands/llm-benchmark.d.ts +156 -0
package/dist/commands/llm-benchmark.js +670 -0
package/dist/commands/log-quality.d.ts +5 -0
package/dist/commands/log-quality.js +211 -0
package/dist/commands/logic-lint.d.ts +4 -0
package/dist/commands/logic-lint.js +255 -0
package/dist/commands/lsp.d.ts +23 -0
package/dist/commands/lsp.js +285 -0
package/dist/commands/merge-verdict.d.ts +4 -0
package/dist/commands/merge-verdict.js +287 -0
package/dist/commands/metrics-dashboard.d.ts +21 -0
package/dist/commands/metrics-dashboard.js +334 -0
package/dist/commands/metrics.d.ts +57 -0
package/dist/commands/metrics.js +241 -0
package/dist/commands/migration-safety.d.ts +5 -0
package/dist/commands/migration-safety.js +256 -0
package/dist/commands/model-report.d.ts +8 -0
package/dist/commands/model-report.js +194 -0
package/dist/commands/model-risk.d.ts +27 -0
package/dist/commands/model-risk.js +220 -0
package/dist/commands/monorepo.d.ts +37 -0
package/dist/commands/monorepo.js +232 -0
package/dist/commands/multi-lang-review.d.ts +4 -0
package/dist/commands/multi-lang-review.js +230 -0
package/dist/commands/noise-advisor.d.ts +29 -0
package/dist/commands/noise-advisor.js +170 -0
package/dist/commands/notify.d.ts +78 -0
package/dist/commands/notify.js +324 -0
package/dist/commands/null-safety-audit.d.ts +5 -0
package/dist/commands/null-safety-audit.js +221 -0
package/dist/commands/observability-gap.d.ts +5 -0
package/dist/commands/observability-gap.js +211 -0
package/dist/commands/onboard.d.ts +12 -0
package/dist/commands/onboard.js +178 -0
package/dist/commands/org-metrics.d.ts +23 -0
package/dist/commands/org-metrics.js +237 -0
package/dist/commands/org-policy.d.ts +7 -0
package/dist/commands/org-policy.js +207 -0
package/dist/commands/over-abstraction.d.ts +4 -0
package/dist/commands/over-abstraction.js +307 -0
package/dist/commands/override.d.ts +61 -0
package/dist/commands/override.js +268 -0
package/dist/commands/ownership-map.d.ts +5 -0
package/dist/commands/ownership-map.js +217 -0
package/dist/commands/parity.d.ts +30 -0
package/dist/commands/parity.js +212 -0
package/dist/commands/pattern-registry.d.ts +22 -0
package/dist/commands/pattern-registry.js +226 -0
package/dist/commands/perf-compare.d.ts +8 -0
package/dist/commands/perf-compare.js +245 -0
package/dist/commands/perf-hotspot.d.ts +7 -0
package/dist/commands/perf-hotspot.js +273 -0
package/dist/commands/phantom-import.d.ts +4 -0
package/dist/commands/phantom-import.js +260 -0
package/dist/commands/pii-scan.d.ts +7 -0
package/dist/commands/pii-scan.js +299 -0
package/dist/commands/plugin-search.d.ts +39 -0
package/dist/commands/plugin-search.js +327 -0
package/dist/commands/plugins.d.ts +12 -0
package/dist/commands/plugins.js +104 -0
package/dist/commands/policy-audit.d.ts +52 -0
package/dist/commands/policy-audit.js +160 -0
package/dist/commands/pr-quality-gate.d.ts +28 -0
package/dist/commands/pr-quality-gate.js +207 -0
package/dist/commands/pr-summary.d.ts +25 -0
package/dist/commands/pr-summary.js +187 -0
package/dist/commands/predict.d.ts +7 -0
package/dist/commands/predict.js +218 -0
package/dist/commands/privilege-path.d.ts +4 -0
package/dist/commands/privilege-path.js +233 -0
package/dist/commands/profile.d.ts +37 -0
package/dist/commands/profile.js +101 -0
package/dist/commands/prompt-replay.d.ts +7 -0
package/dist/commands/prompt-replay.js +176 -0
package/dist/commands/quality-gate.d.ts +69 -0
package/dist/commands/quality-gate.js +252 -0
package/dist/commands/query.d.ts +19 -0
package/dist/commands/query.js +229 -0
package/dist/commands/quick-check.d.ts +4 -0
package/dist/commands/quick-check.js +173 -0
package/dist/commands/recommend.d.ts +20 -0
package/dist/commands/recommend.js +282 -0
package/dist/commands/refactor-safety.d.ts +8 -0
package/dist/commands/refactor-safety.js +273 -0
package/dist/commands/reg-watch.d.ts +20 -0
package/dist/commands/reg-watch.js +219 -0
package/dist/commands/regression-alert.d.ts +31 -0
package/dist/commands/regression-alert.js +215 -0
package/dist/commands/remediation-lib.d.ts +8 -0
package/dist/commands/remediation-lib.js +265 -0
package/dist/commands/remediation.d.ts +20 -0
package/dist/commands/remediation.js +256 -0
package/dist/commands/report-template.d.ts +16 -0
package/dist/commands/report-template.js +290 -0
package/dist/commands/report.d.ts +12 -0
package/dist/commands/report.js +139 -0
package/dist/commands/resource-cleanup.d.ts +6 -0
package/dist/commands/resource-cleanup.js +235 -0
package/dist/commands/retro.d.ts +22 -0
package/dist/commands/retro.js +211 -0
package/dist/commands/retry-pattern-audit.d.ts +5 -0
package/dist/commands/retry-pattern-audit.js +215 -0
package/dist/commands/review-ab-test.d.ts +4 -0
package/dist/commands/review-ab-test.js +224 -0
package/dist/commands/review-access-log.d.ts +4 -0
package/dist/commands/review-access-log.js +65 -0
package/dist/commands/review-action-item-gen.d.ts +1 -0
package/dist/commands/review-action-item-gen.js +72 -0
package/dist/commands/review-adoption-metrics.d.ts +4 -0
package/dist/commands/review-adoption-metrics.js +95 -0
package/dist/commands/review-adoption-score.d.ts +1 -0
package/dist/commands/review-adoption-score.js +181 -0
package/dist/commands/review-ai-feedback-loop.d.ts +1 -0
package/dist/commands/review-ai-feedback-loop.js +116 -0
package/dist/commands/review-annotate.d.ts +4 -0
package/dist/commands/review-annotate.js +122 -0
package/dist/commands/review-annotation-export.d.ts +4 -0
package/dist/commands/review-annotation-export.js +105 -0
package/dist/commands/review-annotation.d.ts +4 -0
package/dist/commands/review-annotation.js +133 -0
package/dist/commands/review-api-export.d.ts +4 -0
package/dist/commands/review-api-export.js +98 -0
package/dist/commands/review-approval-criteria.d.ts +1 -0
package/dist/commands/review-approval-criteria.js +99 -0
package/dist/commands/review-approval-gate.d.ts +7 -0
package/dist/commands/review-approval-gate.js +190 -0
package/dist/commands/review-approval.d.ts +4 -0
package/dist/commands/review-approval.js +133 -0
package/dist/commands/review-archive-search.d.ts +4 -0
package/dist/commands/review-archive-search.js +70 -0
package/dist/commands/review-archive.d.ts +4 -0
package/dist/commands/review-archive.js +135 -0
package/dist/commands/review-audit-export.d.ts +4 -0
package/dist/commands/review-audit-export.js +93 -0
package/dist/commands/review-audit-log.d.ts +4 -0
package/dist/commands/review-audit-log.js +140 -0
package/dist/commands/review-audit-trail.d.ts +4 -0
package/dist/commands/review-audit-trail.js +96 -0
package/dist/commands/review-auto-merge.d.ts +4 -0
package/dist/commands/review-auto-merge.js +175 -0
package/dist/commands/review-badge.d.ts +4 -0
package/dist/commands/review-badge.js +152 -0
package/dist/commands/review-batch-files.d.ts +4 -0
package/dist/commands/review-batch-files.js +82 -0
package/dist/commands/review-batch-mode.d.ts +4 -0
package/dist/commands/review-batch-mode.js +97 -0
package/dist/commands/review-batch-run.d.ts +4 -0
package/dist/commands/review-batch-run.js +149 -0
package/dist/commands/review-benchmark-self.d.ts +4 -0
package/dist/commands/review-benchmark-self.js +140 -0
package/dist/commands/review-blame-map.d.ts +4 -0
package/dist/commands/review-blame-map.js +100 -0
package/dist/commands/review-branch-compare.d.ts +4 -0
package/dist/commands/review-branch-compare.js +108 -0
package/dist/commands/review-branch-policy.d.ts +4 -0
package/dist/commands/review-branch-policy.js +102 -0
package/dist/commands/review-bulk-action.d.ts +4 -0
package/dist/commands/review-bulk-action.js +109 -0
package/dist/commands/review-bulk-apply.d.ts +4 -0
package/dist/commands/review-bulk-apply.js +102 -0
package/dist/commands/review-cache-clear.d.ts +4 -0
package/dist/commands/review-cache-clear.js +160 -0
package/dist/commands/review-cache-warm.d.ts +4 -0
package/dist/commands/review-cache-warm.js +70 -0
package/dist/commands/review-cache.d.ts +22 -0
package/dist/commands/review-cache.js +134 -0
package/dist/commands/review-changelog-entry.d.ts +7 -0
package/dist/commands/review-changelog-entry.js +109 -0
package/dist/commands/review-changelog-gen.d.ts +4 -0
package/dist/commands/review-changelog-gen.js +117 -0
package/dist/commands/review-changelog-impact.d.ts +1 -0
package/dist/commands/review-changelog-impact.js +89 -0
package/dist/commands/review-checklist.d.ts +4 -0
package/dist/commands/review-checklist.js +144 -0
package/dist/commands/review-checkpoint.d.ts +4 -0
package/dist/commands/review-checkpoint.js +163 -0
package/dist/commands/review-ci-gate.d.ts +4 -0
package/dist/commands/review-ci-gate.js +114 -0
package/dist/commands/review-ci-insight.d.ts +1 -0
package/dist/commands/review-ci-insight.js +100 -0
package/dist/commands/review-ci-integration.d.ts +4 -0
package/dist/commands/review-ci-integration.js +125 -0
package/dist/commands/review-ci-status.d.ts +4 -0
package/dist/commands/review-ci-status.js +200 -0
package/dist/commands/review-cicd-integrate.d.ts +4 -0
package/dist/commands/review-cicd-integrate.js +122 -0
package/dist/commands/review-code-health-score.d.ts +1 -0
package/dist/commands/review-code-health-score.js +100 -0
package/dist/commands/review-code-owner.d.ts +7 -0
package/dist/commands/review-code-owner.js +164 -0
package/dist/commands/review-code-ownership.d.ts +1 -0
package/dist/commands/review-code-ownership.js +88 -0
package/dist/commands/review-comment.d.ts +4 -0
package/dist/commands/review-comment.js +165 -0
package/dist/commands/review-commit-hook.d.ts +7 -0
package/dist/commands/review-commit-hook.js +134 -0
package/dist/commands/review-commit-quality.d.ts +1 -0
package/dist/commands/review-commit-quality.js +94 -0
package/dist/commands/review-comparative.d.ts +4 -0
package/dist/commands/review-comparative.js +149 -0
package/dist/commands/review-compare-version.d.ts +4 -0
package/dist/commands/review-compare-version.js +108 -0
package/dist/commands/review-compare.d.ts +4 -0
package/dist/commands/review-compare.js +200 -0
package/dist/commands/review-compliance-check.d.ts +4 -0
package/dist/commands/review-compliance-check.js +202 -0
package/dist/commands/review-compliance-gate.d.ts +4 -0
package/dist/commands/review-compliance-gate.js +151 -0
package/dist/commands/review-compliance-map.d.ts +4 -0
package/dist/commands/review-compliance-map.js +110 -0
package/dist/commands/review-compliance-report.d.ts +4 -0
package/dist/commands/review-compliance-report.js +127 -0
package/dist/commands/review-confidence-explain.d.ts +1 -0
package/dist/commands/review-confidence-explain.js +99 -0
package/dist/commands/review-config-diff.d.ts +4 -0
package/dist/commands/review-config-diff.js +108 -0
package/dist/commands/review-config-export.d.ts +4 -0
package/dist/commands/review-config-export.js +124 -0
package/dist/commands/review-config-health.d.ts +1 -0
package/dist/commands/review-config-health.js +172 -0
package/dist/commands/review-config-migrate.d.ts +4 -0
package/dist/commands/review-config-migrate.js +123 -0
package/dist/commands/review-config-template.d.ts +4 -0
package/dist/commands/review-config-template.js +112 -0
package/dist/commands/review-config-validate.d.ts +4 -0
package/dist/commands/review-config-validate.js +110 -0
package/dist/commands/review-contract.d.ts +4 -0
package/dist/commands/review-contract.js +199 -0
package/dist/commands/review-coverage-gap.d.ts +4 -0
package/dist/commands/review-coverage-gap.js +120 -0
package/dist/commands/review-coverage-map.d.ts +4 -0
package/dist/commands/review-coverage-map.js +194 -0
package/dist/commands/review-custom-judge-config.d.ts +4 -0
package/dist/commands/review-custom-judge-config.js +103 -0
package/dist/commands/review-custom-judge.d.ts +4 -0
package/dist/commands/review-custom-judge.js +182 -0
package/dist/commands/review-custom-prompt.d.ts +4 -0
package/dist/commands/review-custom-prompt.js +170 -0
package/dist/commands/review-custom-rule.d.ts +4 -0
package/dist/commands/review-custom-rule.js +169 -0
package/dist/commands/review-dashboard-data.d.ts +4 -0
package/dist/commands/review-dashboard-data.js +142 -0
package/dist/commands/review-dashboard.d.ts +4 -0
package/dist/commands/review-dashboard.js +140 -0
package/dist/commands/review-data-retention.d.ts +4 -0
package/dist/commands/review-data-retention.js +119 -0
package/dist/commands/review-dependency-graph.d.ts +4 -0
package/dist/commands/review-dependency-graph.js +94 -0
package/dist/commands/review-dependency-review.d.ts +1 -0
package/dist/commands/review-dependency-review.js +104 -0
package/dist/commands/review-deployment-gate.d.ts +4 -0
package/dist/commands/review-deployment-gate.js +94 -0
package/dist/commands/review-depth.d.ts +4 -0
package/dist/commands/review-depth.js +142 -0
package/dist/commands/review-diff-annotate.d.ts +4 -0
package/dist/commands/review-diff-annotate.js +104 -0
package/dist/commands/review-diff-context.d.ts +4 -0
package/dist/commands/review-diff-context.js +158 -0
package/dist/commands/review-diff-highlight.d.ts +4 -0
package/dist/commands/review-diff-highlight.js +179 -0
package/dist/commands/review-diff-stats.d.ts +4 -0
package/dist/commands/review-diff-stats.js +90 -0
package/dist/commands/review-diff-summary.d.ts +4 -0
package/dist/commands/review-diff-summary.js +154 -0
package/dist/commands/review-digest-gen.d.ts +1 -0
package/dist/commands/review-digest-gen.js +100 -0
package/dist/commands/review-digest.d.ts +4 -0
package/dist/commands/review-digest.js +265 -0
package/dist/commands/review-dry-run.d.ts +4 -0
package/dist/commands/review-dry-run.js +120 -0
package/dist/commands/review-engagement-score.d.ts +1 -0
package/dist/commands/review-engagement-score.js +111 -0
package/dist/commands/review-env-check.d.ts +4 -0
package/dist/commands/review-env-check.js +115 -0
package/dist/commands/review-environment-config.d.ts +4 -0
package/dist/commands/review-environment-config.js +102 -0
package/dist/commands/review-escalation-path.d.ts +1 -0
package/dist/commands/review-escalation-path.js +86 -0
package/dist/commands/review-exclude-vendor.d.ts +4 -0
package/dist/commands/review-exclude-vendor.js +158 -0
package/dist/commands/review-explain.d.ts +5 -0
package/dist/commands/review-explain.js +194 -0
package/dist/commands/review-export-pdf.d.ts +7 -0
package/dist/commands/review-export-pdf.js +131 -0
package/dist/commands/review-export.d.ts +4 -0
package/dist/commands/review-export.js +179 -0
package/dist/commands/review-feedback-loop.d.ts +4 -0
package/dist/commands/review-feedback-loop.js +113 -0
package/dist/commands/review-feedback-summary.d.ts +1 -0
package/dist/commands/review-feedback-summary.js +130 -0
package/dist/commands/review-feedback.d.ts +4 -0
package/dist/commands/review-feedback.js +145 -0
package/dist/commands/review-file-complexity.d.ts +4 -0
package/dist/commands/review-file-complexity.js +137 -0
package/dist/commands/review-file-filter.d.ts +4 -0
package/dist/commands/review-file-filter.js +121 -0
package/dist/commands/review-file-stats.d.ts +4 -0
package/dist/commands/review-file-stats.js +130 -0
package/dist/commands/review-filter.d.ts +4 -0
package/dist/commands/review-filter.js +161 -0
package/dist/commands/review-finding-link.d.ts +7 -0
package/dist/commands/review-finding-link.js +115 -0
package/dist/commands/review-focus-area.d.ts +1 -0
package/dist/commands/review-focus-area.js +96 -0
package/dist/commands/review-focus.d.ts +4 -0
package/dist/commands/review-focus.js +196 -0
package/dist/commands/review-gate-config.d.ts +4 -0
package/dist/commands/review-gate-config.js +153 -0
package/dist/commands/review-gate.d.ts +4 -0
package/dist/commands/review-gate.js +212 -0
package/dist/commands/review-goal-track.d.ts +1 -0
package/dist/commands/review-goal-track.js +123 -0
package/dist/commands/review-guardrail.d.ts +4 -0
package/dist/commands/review-guardrail.js +155 -0
package/dist/commands/review-handoff.d.ts +4 -0
package/dist/commands/review-handoff.js +208 -0
package/dist/commands/review-health-check.d.ts +4 -0
package/dist/commands/review-health-check.js +148 -0
package/dist/commands/review-health-trend.d.ts +1 -0
package/dist/commands/review-health-trend.js +107 -0
package/dist/commands/review-history-compare.d.ts +4 -0
package/dist/commands/review-history-compare.js +93 -0
package/dist/commands/review-history-search.d.ts +4 -0
package/dist/commands/review-history-search.js +214 -0
package/dist/commands/review-ide-sync.d.ts +4 -0
package/dist/commands/review-ide-sync.js +91 -0
package/dist/commands/review-ignore-path.d.ts +4 -0
package/dist/commands/review-ignore-path.js +147 -0
package/dist/commands/review-ignore-pattern.d.ts +5 -0
package/dist/commands/review-ignore-pattern.js +138 -0
package/dist/commands/review-incident-link.d.ts +4 -0
package/dist/commands/review-incident-link.js +93 -0
package/dist/commands/review-incremental.d.ts +4 -0
package/dist/commands/review-incremental.js +128 -0
package/dist/commands/review-integration-health.d.ts +4 -0
package/dist/commands/review-integration-health.js +84 -0
package/dist/commands/review-integration-test.d.ts +4 -0
package/dist/commands/review-integration-test.js +145 -0
package/dist/commands/review-integration.d.ts +4 -0
package/dist/commands/review-integration.js +236 -0
package/dist/commands/review-interactive.d.ts +4 -0
package/dist/commands/review-interactive.js +85 -0
package/dist/commands/review-knowledge-capture.d.ts +1 -0
package/dist/commands/review-knowledge-capture.js +94 -0
package/dist/commands/review-language-profile.d.ts +4 -0
package/dist/commands/review-language-profile.js +72 -0
package/dist/commands/review-language-stats.d.ts +4 -0
package/dist/commands/review-language-stats.js +152 -0
package/dist/commands/review-lock-file.d.ts +4 -0
package/dist/commands/review-lock-file.js +153 -0
package/dist/commands/review-lock.d.ts +4 -0
package/dist/commands/review-lock.js +107 -0
package/dist/commands/review-log.d.ts +22 -0
package/dist/commands/review-log.js +164 -0
package/dist/commands/review-mentor-suggest.d.ts +1 -0
package/dist/commands/review-mentor-suggest.js +112 -0
package/dist/commands/review-merge-check.d.ts +4 -0
package/dist/commands/review-merge-check.js +101 -0
package/dist/commands/review-merge-config.d.ts +4 -0
package/dist/commands/review-merge-config.js +119 -0
package/dist/commands/review-merge-readiness.d.ts +1 -0
package/dist/commands/review-merge-readiness.js +90 -0
package/dist/commands/review-merge-request.d.ts +4 -0
package/dist/commands/review-merge-request.js +95 -0
package/dist/commands/review-merge.d.ts +4 -0
package/dist/commands/review-merge.js +145 -0
package/dist/commands/review-metric-export.d.ts +4 -0
package/dist/commands/review-metric-export.js +62 -0
package/dist/commands/review-milestone.d.ts +4 -0
package/dist/commands/review-milestone.js +136 -0
package/dist/commands/review-multi-repo-sync.d.ts +4 -0
package/dist/commands/review-multi-repo-sync.js +115 -0
package/dist/commands/review-multi-repo.d.ts +4 -0
package/dist/commands/review-multi-repo.js +145 -0
package/dist/commands/review-note.d.ts +4 -0
package/dist/commands/review-note.js +104 -0
package/dist/commands/review-notification-config.d.ts +4 -0
package/dist/commands/review-notification-config.js +122 -0
package/dist/commands/review-notification-digest.d.ts +4 -0
package/dist/commands/review-notification-digest.js +64 -0
package/dist/commands/review-notification.d.ts +4 -0
package/dist/commands/review-notification.js +126 -0
package/dist/commands/review-notify.d.ts +4 -0
package/dist/commands/review-notify.js +143 -0
package/dist/commands/review-offline.d.ts +4 -0
package/dist/commands/review-offline.js +125 -0
package/dist/commands/review-onboard-checklist.d.ts +4 -0
package/dist/commands/review-onboard-checklist.js +119 -0
package/dist/commands/review-onboard-wizard.d.ts +4 -0
package/dist/commands/review-onboard-wizard.js +92 -0
package/dist/commands/review-onboard.d.ts +4 -0
package/dist/commands/review-onboard.js +154 -0
package/dist/commands/review-onboarding-check.d.ts +1 -0
package/dist/commands/review-onboarding-check.js +93 -0
package/dist/commands/review-org-dashboard.d.ts +4 -0
package/dist/commands/review-org-dashboard.js +68 -0
package/dist/commands/review-output-filter.d.ts +4 -0
package/dist/commands/review-output-filter.js +112 -0
package/dist/commands/review-output-format.d.ts +4 -0
package/dist/commands/review-output-format.js +144 -0
package/dist/commands/review-output-transform.d.ts +4 -0
package/dist/commands/review-output-transform.js +119 -0
package/dist/commands/review-owner.d.ts +4 -0
package/dist/commands/review-owner.js +129 -0
package/dist/commands/review-parallel-diff.d.ts +4 -0
package/dist/commands/review-parallel-diff.js +146 -0
package/dist/commands/review-parallel-files.d.ts +7 -0
package/dist/commands/review-parallel-files.js +134 -0
package/dist/commands/review-parallel-run.d.ts +4 -0
package/dist/commands/review-parallel-run.js +116 -0
package/dist/commands/review-parallel.d.ts +4 -0
package/dist/commands/review-parallel.js +164 -0
package/dist/commands/review-perf-profile.d.ts +4 -0
package/dist/commands/review-perf-profile.js +98 -0
package/dist/commands/review-permission-model.d.ts +4 -0
package/dist/commands/review-permission-model.js +149 -0
package/dist/commands/review-pipeline-status.d.ts +4 -0
package/dist/commands/review-pipeline-status.js +54 -0
package/dist/commands/review-plugin-config.d.ts +4 -0
package/dist/commands/review-plugin-config.js +167 -0
package/dist/commands/review-plugin-list.d.ts +4 -0
package/dist/commands/review-plugin-list.js +99 -0
package/dist/commands/review-plugin-manage.d.ts +4 -0
package/dist/commands/review-plugin-manage.js +137 -0
package/dist/commands/review-plugin-status.d.ts +4 -0
package/dist/commands/review-plugin-status.js +53 -0
package/dist/commands/review-policy-enforce.d.ts +1 -0
package/dist/commands/review-policy-enforce.js +92 -0
package/dist/commands/review-policy-engine.d.ts +4 -0
package/dist/commands/review-policy-engine.js +135 -0
package/dist/commands/review-pr-comment-gen.d.ts +4 -0
package/dist/commands/review-pr-comment-gen.js +62 -0
package/dist/commands/review-pr-comment.d.ts +4 -0
package/dist/commands/review-pr-comment.js +106 -0
package/dist/commands/review-pr-label-suggest.d.ts +1 -0
package/dist/commands/review-pr-label-suggest.js +77 -0
package/dist/commands/review-pr-size-check.d.ts +1 -0
package/dist/commands/review-pr-size-check.js +98 -0
package/dist/commands/review-pr-template.d.ts +4 -0
package/dist/commands/review-pr-template.js +104 -0
package/dist/commands/review-preset-save.d.ts +4 -0
package/dist/commands/review-preset-save.js +159 -0
package/dist/commands/review-priority.d.ts +4 -0
package/dist/commands/review-priority.js +157 -0
package/dist/commands/review-profile.d.ts +4 -0
package/dist/commands/review-profile.js +168 -0
package/dist/commands/review-progress-bar.d.ts +4 -0
package/dist/commands/review-progress-bar.js +157 -0
package/dist/commands/review-progress-report.d.ts +1 -0
package/dist/commands/review-progress-report.js +95 -0
package/dist/commands/review-progress-track.d.ts +4 -0
package/dist/commands/review-progress-track.js +94 -0
package/dist/commands/review-quality-baseline.d.ts +1 -0
package/dist/commands/review-quality-baseline.js +134 -0
package/dist/commands/review-quality-gate.d.ts +1 -0
package/dist/commands/review-quality-gate.js +86 -0
package/dist/commands/review-quality-score.d.ts +4 -0
package/dist/commands/review-quality-score.js +127 -0
package/dist/commands/review-quality-trend.d.ts +4 -0
package/dist/commands/review-quality-trend.js +57 -0
package/dist/commands/review-queue.d.ts +33 -0
package/dist/commands/review-queue.js +225 -0
package/dist/commands/review-quickstart.d.ts +4 -0
package/dist/commands/review-quickstart.js +107 -0
package/dist/commands/review-quota-check.d.ts +4 -0
package/dist/commands/review-quota-check.js +97 -0
package/dist/commands/review-quota.d.ts +4 -0
package/dist/commands/review-quota.js +126 -0
package/dist/commands/review-rate-limit.d.ts +4 -0
package/dist/commands/review-rate-limit.js +130 -0
package/dist/commands/review-readiness-check.d.ts +1 -0
package/dist/commands/review-readiness-check.js +98 -0
package/dist/commands/review-receipt.d.ts +4 -0
package/dist/commands/review-receipt.js +220 -0
package/dist/commands/review-release-gate.d.ts +1 -0
package/dist/commands/review-release-gate.js +81 -0
package/dist/commands/review-replay.d.ts +8 -0
package/dist/commands/review-replay.js +264 -0
package/dist/commands/review-repo-onboard.d.ts +4 -0
package/dist/commands/review-repo-onboard.js +114 -0
package/dist/commands/review-report-archive.d.ts +4 -0
package/dist/commands/review-report-archive.js +100 -0
package/dist/commands/review-report-merge.d.ts +4 -0
package/dist/commands/review-report-merge.js +90 -0
package/dist/commands/review-report-pdf.d.ts +4 -0
package/dist/commands/review-report-pdf.js +163 -0
package/dist/commands/review-report-schedule.d.ts +4 -0
package/dist/commands/review-report-schedule.js +96 -0
package/dist/commands/review-retrospective.d.ts +1 -0
package/dist/commands/review-retrospective.js +118 -0
package/dist/commands/review-retry.d.ts +4 -0
package/dist/commands/review-retry.js +91 -0
package/dist/commands/review-review-cadence.d.ts +1 -0
package/dist/commands/review-review-cadence.js +85 -0
package/dist/commands/review-review-comments.d.ts +4 -0
package/dist/commands/review-review-comments.js +84 -0
package/dist/commands/review-reviewer-match.d.ts +1 -0
package/dist/commands/review-reviewer-match.js +108 -0
package/dist/commands/review-risk-matrix.d.ts +1 -0
package/dist/commands/review-risk-matrix.js +96 -0
package/dist/commands/review-risk-score.d.ts +4 -0
package/dist/commands/review-risk-score.js +156 -0
package/dist/commands/review-role-assignment.d.ts +4 -0
package/dist/commands/review-role-assignment.js +98 -0
package/dist/commands/review-rollback.d.ts +4 -0
package/dist/commands/review-rollback.js +171 -0
package/dist/commands/review-rollout-plan.d.ts +4 -0
package/dist/commands/review-rollout-plan.js +123 -0
package/dist/commands/review-rule-filter.d.ts +4 -0
package/dist/commands/review-rule-filter.js +116 -0
package/dist/commands/review-rule-stats.d.ts +4 -0
package/dist/commands/review-rule-stats.js +161 -0
package/dist/commands/review-sandbox.d.ts +4 -0
package/dist/commands/review-sandbox.js +191 -0
package/dist/commands/review-schedule.d.ts +4 -0
package/dist/commands/review-schedule.js +169 -0
package/dist/commands/review-scope-limit.d.ts +4 -0
package/dist/commands/review-scope-limit.js +100 -0
package/dist/commands/review-scope-lock.d.ts +7 -0
package/dist/commands/review-scope-lock.js +138 -0
package/dist/commands/review-scope-select.d.ts +4 -0
package/dist/commands/review-scope-select.js +98 -0
package/dist/commands/review-scope-suggest.d.ts +1 -0
package/dist/commands/review-scope-suggest.js +112 -0
package/dist/commands/review-scope.d.ts +4 -0
package/dist/commands/review-scope.js +197 -0
package/dist/commands/review-score-history.d.ts +4 -0
package/dist/commands/review-score-history.js +137 -0
package/dist/commands/review-security-posture.d.ts +1 -0
package/dist/commands/review-security-posture.js +105 -0
package/dist/commands/review-session-replay.d.ts +4 -0
package/dist/commands/review-session-replay.js +81 -0
package/dist/commands/review-session-save.d.ts +4 -0
package/dist/commands/review-session-save.js +173 -0
package/dist/commands/review-session.d.ts +4 -0
package/dist/commands/review-session.js +150 -0
package/dist/commands/review-skip-list.d.ts +4 -0
package/dist/commands/review-skip-list.js +135 -0
package/dist/commands/review-skip-rule.d.ts +4 -0
package/dist/commands/review-skip-rule.js +105 -0
package/dist/commands/review-sla-config.d.ts +4 -0
package/dist/commands/review-sla-config.js +88 -0
package/dist/commands/review-slack-format.d.ts +4 -0
package/dist/commands/review-slack-format.js +113 -0
package/dist/commands/review-snapshot-diff.d.ts +4 -0
package/dist/commands/review-snapshot-diff.js +100 -0
package/dist/commands/review-sprint-plan.d.ts +1 -0
package/dist/commands/review-sprint-plan.js +79 -0
package/dist/commands/review-stakeholder-notify.d.ts +1 -0
package/dist/commands/review-stakeholder-notify.js +134 -0
package/dist/commands/review-stakeholder-report.d.ts +4 -0
package/dist/commands/review-stakeholder-report.js +75 -0
package/dist/commands/review-stale-finding-clean.d.ts +1 -0
package/dist/commands/review-stale-finding-clean.js +81 -0
package/dist/commands/review-standup.d.ts +4 -0
package/dist/commands/review-standup.js +95 -0
package/dist/commands/review-stats.d.ts +4 -0
package/dist/commands/review-stats.js +175 -0
package/dist/commands/review-status-badge.d.ts +4 -0
package/dist/commands/review-status-badge.js +120 -0
package/dist/commands/review-streak.d.ts +4 -0
package/dist/commands/review-streak.js +150 -0
package/dist/commands/review-summary-dashboard.d.ts +4 -0
package/dist/commands/review-summary-dashboard.js +96 -0
package/dist/commands/review-summary-email.d.ts +4 -0
package/dist/commands/review-summary-email.js +102 -0
package/dist/commands/review-summary.d.ts +4 -0
package/dist/commands/review-summary.js +174 -0
package/dist/commands/review-tag-manager.d.ts +4 -0
package/dist/commands/review-tag-manager.js +128 -0
package/dist/commands/review-tag.d.ts +4 -0
package/dist/commands/review-tag.js +136 -0
package/dist/commands/review-team-analytics.d.ts +1 -0
package/dist/commands/review-team-analytics.js +94 -0
package/dist/commands/review-team-assign.d.ts +7 -0
package/dist/commands/review-team-assign.js +211 -0
package/dist/commands/review-team-coverage.d.ts +1 -0
package/dist/commands/review-team-coverage.js +95 -0
package/dist/commands/review-team-dashboard.d.ts +4 -0
package/dist/commands/review-team-dashboard.js +98 -0
package/dist/commands/review-team-rotation.d.ts +1 -0
package/dist/commands/review-team-rotation.js +99 -0
package/dist/commands/review-team-skill-map.d.ts +1 -0
package/dist/commands/review-team-skill-map.js +102 -0
package/dist/commands/review-team-stats.d.ts +4 -0
package/dist/commands/review-team-stats.js +97 -0
package/dist/commands/review-team-summary.d.ts +4 -0
package/dist/commands/review-team-summary.js +155 -0
package/dist/commands/review-team-velocity.d.ts +1 -0
package/dist/commands/review-team-velocity.js +103 -0
package/dist/commands/review-template-export.d.ts +4 -0
package/dist/commands/review-template-export.js +146 -0
package/dist/commands/review-template-library.d.ts +4 -0
package/dist/commands/review-template-library.js +155 -0
package/dist/commands/review-template-suggest.d.ts +1 -0
package/dist/commands/review-template-suggest.js +119 -0
package/dist/commands/review-template.d.ts +4 -0
package/dist/commands/review-template.js +212 -0
package/dist/commands/review-tenant-config.d.ts +4 -0
package/dist/commands/review-tenant-config.js +116 -0
package/dist/commands/review-threshold-tune.d.ts +4 -0
package/dist/commands/review-threshold-tune.js +135 -0
package/dist/commands/review-timeline.d.ts +4 -0
package/dist/commands/review-timeline.js +76 -0
package/dist/commands/review-token-budget.d.ts +4 -0
package/dist/commands/review-token-budget.js +117 -0
package/dist/commands/review-velocity-track.d.ts +1 -0
package/dist/commands/review-velocity-track.js +94 -0
package/dist/commands/review-watch-mode.d.ts +7 -0
package/dist/commands/review-watch-mode.js +132 -0
package/dist/commands/review-webhook-dispatch.d.ts +4 -0
package/dist/commands/review-webhook-dispatch.js +99 -0
package/dist/commands/review-webhook-notify.d.ts +4 -0
package/dist/commands/review-webhook-notify.js +145 -0
package/dist/commands/review-webhook.d.ts +4 -0
package/dist/commands/review-webhook.js +140 -0
package/dist/commands/review-whitelist.d.ts +4 -0
package/dist/commands/review-whitelist.js +150 -0
package/dist/commands/review-workflow-suggest.d.ts +1 -0
package/dist/commands/review-workflow-suggest.js +129 -0
package/dist/commands/review-workload-balance.d.ts +1 -0
package/dist/commands/review-workload-balance.js +86 -0
package/dist/commands/review-workspace-init.d.ts +4 -0
package/dist/commands/review-workspace-init.js +104 -0
package/dist/commands/review-workspace-scan.d.ts +4 -0
package/dist/commands/review-workspace-scan.js +144 -0
package/dist/commands/review.d.ts +155 -0
package/dist/commands/review.js +1114 -0
package/dist/commands/risk-heatmap.d.ts +7 -0
package/dist/commands/risk-heatmap.js +223 -0
package/dist/commands/rollback-safety.d.ts +4 -0
package/dist/commands/rollback-safety.js +191 -0
package/dist/commands/rule-catalog.d.ts +4 -0
package/dist/commands/rule-catalog.js +128 -0
package/dist/commands/rule-metrics.d.ts +43 -0
package/dist/commands/rule-metrics.js +113 -0
package/dist/commands/rule-owner.d.ts +30 -0
package/dist/commands/rule-owner.js +181 -0
package/dist/commands/rule-share.d.ts +34 -0
package/dist/commands/rule-share.js +202 -0
package/dist/commands/rule-test.d.ts +4 -0
package/dist/commands/rule-test.js +201 -0
package/dist/commands/rule.d.ts +114 -0
package/dist/commands/rule.js +295 -0
package/dist/commands/sbom-export.d.ts +7 -0
package/dist/commands/sbom-export.js +161 -0
package/dist/commands/scaffold-plugin.d.ts +15 -0
package/dist/commands/scaffold-plugin.js +270 -0
package/dist/commands/secret-age.d.ts +5 -0
package/dist/commands/secret-age.js +214 -0
package/dist/commands/secret-scan.d.ts +7 -0
package/dist/commands/secret-scan.js +244 -0
package/dist/commands/security-maturity.d.ts +7 -0
package/dist/commands/security-maturity.js +312 -0
package/dist/commands/security-theater.d.ts +4 -0
package/dist/commands/security-theater.js +278 -0
package/dist/commands/setup-wizard.d.ts +4 -0
package/dist/commands/setup-wizard.js +174 -0
package/dist/commands/severity-tune.d.ts +4 -0
package/dist/commands/severity-tune.js +208 -0
package/dist/commands/sla-track.d.ts +56 -0
package/dist/commands/sla-track.js +268 -0
package/dist/commands/smart-output.d.ts +38 -0
package/dist/commands/smart-output.js +175 -0
package/dist/commands/smart-select.d.ts +26 -0
package/dist/commands/smart-select.js +345 -0
package/dist/commands/snapshot.d.ts +139 -0
package/dist/commands/snapshot.js +478 -0
package/dist/commands/snippet-eval.d.ts +7 -0
package/dist/commands/snippet-eval.js +223 -0
package/dist/commands/spec-conform.d.ts +4 -0
package/dist/commands/spec-conform.js +304 -0
package/dist/commands/stale-pattern.d.ts +4 -0
package/dist/commands/stale-pattern.js +293 -0
package/dist/commands/state-integrity.d.ts +4 -0
package/dist/commands/state-integrity.js +283 -0
package/dist/commands/suppress.d.ts +39 -0
package/dist/commands/suppress.js +203 -0
package/dist/commands/team-config.d.ts +4 -0
package/dist/commands/team-config.js +234 -0
package/dist/commands/team-leaderboard.d.ts +24 -0
package/dist/commands/team-leaderboard.js +227 -0
package/dist/commands/team-rules-sync.d.ts +7 -0
package/dist/commands/team-rules-sync.js +250 -0
package/dist/commands/team-trust.d.ts +7 -0
package/dist/commands/team-trust.js +174 -0
package/dist/commands/test-correlate.d.ts +7 -0
package/dist/commands/test-correlate.js +221 -0
package/dist/commands/test-isolation.d.ts +5 -0
package/dist/commands/test-isolation.js +234 -0
package/dist/commands/test-quality.d.ts +5 -0
package/dist/commands/test-quality.js +160 -0
package/dist/commands/test-suggest.d.ts +8 -0
package/dist/commands/test-suggest.js +247 -0
package/dist/commands/ticket-sync.d.ts +25 -0
package/dist/commands/ticket-sync.js +235 -0
package/dist/commands/timeout-audit.d.ts +4 -0
package/dist/commands/timeout-audit.js +210 -0
package/dist/commands/trace.d.ts +64 -0
package/dist/commands/trace.js +245 -0
package/dist/commands/trend-report.d.ts +4 -0
package/dist/commands/trend-report.js +148 -0
package/dist/commands/triage.d.ts +15 -0
package/dist/commands/triage.js +171 -0
package/dist/commands/trust-adaptive.d.ts +8 -0
package/dist/commands/trust-adaptive.js +193 -0
package/dist/commands/trust-ramp.d.ts +29 -0
package/dist/commands/trust-ramp.js +189 -0
package/dist/commands/tune.d.ts +24 -0
package/dist/commands/tune.js +380 -0
package/dist/commands/type-boundary.d.ts +4 -0
package/dist/commands/type-boundary.js +235 -0
package/dist/commands/upload.d.ts +13 -0
package/dist/commands/upload.js +172 -0
package/dist/commands/validate-config.d.ts +16 -0
package/dist/commands/validate-config.js +267 -0
package/dist/commands/vendor-lock-detect.d.ts +7 -0
package/dist/commands/vendor-lock-detect.js +288 -0
package/dist/commands/vote.d.ts +31 -0
package/dist/commands/vote.js +200 -0
package/dist/commands/warm-cache.d.ts +30 -0
package/dist/commands/warm-cache.js +165 -0
package/dist/commands/watch-judge.d.ts +7 -0
package/dist/commands/watch-judge.js +179 -0
package/dist/commands/watch.d.ts +22 -0
package/dist/commands/watch.js +147 -0
package/dist/comparison.d.ts +67 -0
package/dist/comparison.js +253 -0
package/dist/config.d.ts +108 -0
package/dist/config.js +694 -0
package/dist/context/context-snippets.d.ts +15 -0
package/dist/context/context-snippets.js +36 -0
package/dist/context/embedding-cache.d.ts +30 -0
package/dist/context/embedding-cache.js +48 -0
package/dist/data-adapter.d.ts +123 -0
package/dist/data-adapter.js +212 -0
package/dist/dedup.d.ts +105 -0
package/dist/dedup.js +606 -0
package/dist/disk-cache.d.ts +59 -0
package/dist/disk-cache.js +236 -0
package/dist/errors.d.ts +43 -0
package/dist/errors.js +63 -0
package/dist/escalation.d.ts +100 -0
package/dist/escalation.js +292 -0
package/dist/evaluation-session.d.ts +74 -0
package/dist/evaluation-session.js +152 -0
package/dist/evaluators/accessibility.d.ts +2 -0
package/dist/evaluators/accessibility.js +559 -0
package/dist/evaluators/agent-instructions.d.ts +2 -0
package/dist/evaluators/agent-instructions.js +214 -0
package/dist/evaluators/ai-code-safety.d.ts +8 -0
package/dist/evaluators/ai-code-safety.js +410 -0
package/dist/evaluators/api-contract.d.ts +9 -0
package/dist/evaluators/api-contract.js +203 -0
package/dist/evaluators/api-design.d.ts +2 -0
package/dist/evaluators/api-design.js +260 -0
package/dist/evaluators/app-builder.d.ts +33 -0
package/dist/evaluators/app-builder.js +155 -0
package/dist/evaluators/authentication.d.ts +2 -0
package/dist/evaluators/authentication.js +455 -0
package/dist/evaluators/backwards-compatibility.d.ts +2 -0
package/dist/evaluators/backwards-compatibility.js +168 -0
package/dist/evaluators/caching.d.ts +2 -0
package/dist/evaluators/caching.js +171 -0
package/dist/evaluators/ci-cd.d.ts +2 -0
package/dist/evaluators/ci-cd.js +218 -0
package/dist/evaluators/cloud-readiness.d.ts +2 -0
package/dist/evaluators/cloud-readiness.js +231 -0
package/dist/evaluators/code-structure.d.ts +21 -0
package/dist/evaluators/code-structure.js +195 -0
package/dist/evaluators/compliance.d.ts +2 -0
package/dist/evaluators/compliance.js +329 -0
package/dist/evaluators/concurrency.d.ts +2 -0
package/dist/evaluators/concurrency.js +307 -0
package/dist/evaluators/configuration-management.d.ts +2 -0
package/dist/evaluators/configuration-management.js +232 -0
package/dist/evaluators/cost-effectiveness.d.ts +2 -0
package/dist/evaluators/cost-effectiveness.js +418 -0
package/dist/evaluators/cybersecurity.d.ts +2 -0
package/dist/evaluators/cybersecurity.js +1197 -0
package/dist/evaluators/data-security.d.ts +2 -0
package/dist/evaluators/data-security.js +467 -0
package/dist/evaluators/data-sovereignty.d.ts +2 -0
package/dist/evaluators/data-sovereignty.js +495 -0
package/dist/evaluators/database.d.ts +2 -0
package/dist/evaluators/database.js +240 -0
package/dist/evaluators/dependencies.d.ts +5 -0
package/dist/evaluators/dependencies.js +228 -0
package/dist/evaluators/dependency-health.d.ts +2 -0
package/dist/evaluators/dependency-health.js +477 -0
package/dist/evaluators/documentation.d.ts +2 -0
package/dist/evaluators/documentation.js +432 -0
package/dist/evaluators/error-handling.d.ts +2 -0
package/dist/evaluators/error-handling.js +426 -0
package/dist/evaluators/ethics-bias.d.ts +2 -0
package/dist/evaluators/ethics-bias.js +263 -0
package/dist/evaluators/false-positive-review.d.ts +21 -0
package/dist/evaluators/false-positive-review.js +1246 -0
package/dist/evaluators/framework-rules.d.ts +58 -0
package/dist/evaluators/framework-rules.js +291 -0
package/dist/evaluators/framework-safety.d.ts +12 -0
package/dist/evaluators/framework-safety.js +1205 -0
package/dist/evaluators/hallucination-detection.d.ts +2 -0
package/dist/evaluators/hallucination-detection.js +1250 -0
package/dist/evaluators/iac-security.d.ts +8 -0
package/dist/evaluators/iac-security.js +701 -0
package/dist/evaluators/index.d.ts +167 -0
package/dist/evaluators/index.js +994 -0
package/dist/evaluators/intent-alignment.d.ts +18 -0
package/dist/evaluators/intent-alignment.js +405 -0
package/dist/evaluators/internationalization.d.ts +2 -0
package/dist/evaluators/internationalization.js +287 -0
package/dist/evaluators/judge-selector.d.ts +19 -0
package/dist/evaluators/judge-selector.js +141 -0
package/dist/evaluators/logging-privacy.d.ts +2 -0
package/dist/evaluators/logging-privacy.js +190 -0
package/dist/evaluators/logic-review.d.ts +2 -0
package/dist/evaluators/logic-review.js +289 -0
package/dist/evaluators/maintainability.d.ts +2 -0
package/dist/evaluators/maintainability.js +430 -0
package/dist/evaluators/model-fingerprint.d.ts +2 -0
package/dist/evaluators/model-fingerprint.js +151 -0
package/dist/evaluators/multi-turn-coherence.d.ts +13 -0
package/dist/evaluators/multi-turn-coherence.js +149 -0
package/dist/evaluators/observability.d.ts +2 -0
package/dist/evaluators/observability.js +238 -0
package/dist/evaluators/over-engineering.d.ts +2 -0
package/dist/evaluators/over-engineering.js +160 -0
package/dist/evaluators/performance.d.ts +2 -0
package/dist/evaluators/performance.js +649 -0
package/dist/evaluators/portability.d.ts +2 -0
package/dist/evaluators/portability.js +254 -0
package/dist/evaluators/project.d.ts +48 -0
package/dist/evaluators/project.js +817 -0
package/dist/evaluators/rate-limiting.d.ts +2 -0
package/dist/evaluators/rate-limiting.js +193 -0
package/dist/evaluators/recall-boost.d.ts +27 -0
package/dist/evaluators/recall-boost.js +409 -0
package/dist/evaluators/reliability.d.ts +2 -0
package/dist/evaluators/reliability.js +245 -0
package/dist/evaluators/scalability.d.ts +2 -0
package/dist/evaluators/scalability.js +230 -0
package/dist/evaluators/security.d.ts +12 -0
package/dist/evaluators/security.js +1013 -0
package/dist/evaluators/shared.d.ts +219 -0
package/dist/evaluators/shared.js +1169 -0
package/dist/evaluators/software-practices.d.ts +2 -0
package/dist/evaluators/software-practices.js +395 -0
package/dist/evaluators/suppressions.d.ts +49 -0
package/dist/evaluators/suppressions.js +185 -0
package/dist/evaluators/testing.d.ts +2 -0
package/dist/evaluators/testing.js +348 -0
package/dist/evaluators/ux.d.ts +2 -0
package/dist/evaluators/ux.js +309 -0
package/dist/evaluators/v2.d.ts +26 -0
package/dist/evaluators/v2.js +354 -0
package/dist/ext-to-lang.d.ts +16 -0
package/dist/ext-to-lang.js +60 -0
package/dist/feedback-loop.d.ts +62 -0
package/dist/feedback-loop.js +179 -0
package/dist/finding-lifecycle.d.ts +215 -0
package/dist/finding-lifecycle.js +547 -0
package/dist/fingerprint.d.ts +39 -0
package/dist/fingerprint.js +179 -0
package/dist/fix-history.d.ts +103 -0
package/dist/fix-history.js +164 -0
package/dist/formatters/badge.d.ts +16 -0
package/dist/formatters/badge.js +78 -0
package/dist/formatters/codeclimate.d.ts +24 -0
package/dist/formatters/codeclimate.js +80 -0
package/dist/formatters/csv.d.ts +16 -0
package/dist/formatters/csv.js +53 -0
package/dist/formatters/diagnostics.d.ts +81 -0
package/dist/formatters/diagnostics.js +152 -0
package/dist/formatters/github-actions.d.ts +6 -0
package/dist/formatters/github-actions.js +68 -0
package/dist/formatters/html.d.ts +12 -0
package/dist/formatters/html.js +194 -0
package/dist/formatters/junit.d.ts +6 -0
package/dist/formatters/junit.js +68 -0
package/dist/formatters/pdf.d.ts +12 -0
package/dist/formatters/pdf.js +114 -0
package/dist/formatters/sarif.d.ts +92 -0
package/dist/formatters/sarif.js +256 -0
package/dist/formatters/shared.d.ts +4 -0
package/dist/formatters/shared.js +29 -0
package/dist/git-diff.d.ts +62 -0
package/dist/git-diff.js +282 -0
package/dist/github-app.d.ts +152 -0
package/dist/github-app.js +716 -0
package/dist/import-resolver.d.ts +51 -0
package/dist/import-resolver.js +213 -0
package/dist/index.d.ts +4 -0
package/dist/index.js +38 -0
package/dist/judge-registry.d.ts +156 -0
package/dist/judge-registry.js +272 -0
package/dist/judges/accessibility.d.ts +2 -0
package/dist/judges/accessibility.js +46 -0
package/dist/judges/agent-instructions.d.ts +2 -0
package/dist/judges/agent-instructions.js +46 -0
package/dist/judges/ai-code-safety.d.ts +2 -0
package/dist/judges/ai-code-safety.js +57 -0
package/dist/judges/api-contract.d.ts +2 -0
package/dist/judges/api-contract.js +40 -0
package/dist/judges/api-design.d.ts +2 -0
package/dist/judges/api-design.js +57 -0
package/dist/judges/authentication.d.ts +2 -0
package/dist/judges/authentication.js +63 -0
package/dist/judges/backwards-compatibility.d.ts +2 -0
package/dist/judges/backwards-compatibility.js +46 -0
package/dist/judges/caching.d.ts +2 -0
package/dist/judges/caching.js +46 -0
package/dist/judges/ci-cd.d.ts +2 -0
package/dist/judges/ci-cd.js +46 -0
package/dist/judges/cloud-readiness.d.ts +2 -0
package/dist/judges/cloud-readiness.js +53 -0
package/dist/judges/code-structure.d.ts +2 -0
package/dist/judges/code-structure.js +50 -0
package/dist/judges/compliance.d.ts +2 -0
package/dist/judges/compliance.js +49 -0
package/dist/judges/concurrency.d.ts +2 -0
package/dist/judges/concurrency.js +48 -0
package/dist/judges/configuration-management.d.ts +2 -0
package/dist/judges/configuration-management.js +46 -0
package/dist/judges/cost-effectiveness.d.ts +2 -0
package/dist/judges/cost-effectiveness.js +42 -0
package/dist/judges/cybersecurity.d.ts +2 -0
package/dist/judges/cybersecurity.js +63 -0
package/dist/judges/data-security.d.ts +2 -0
package/dist/judges/data-security.js +50 -0
package/dist/judges/data-sovereignty.d.ts +2 -0
package/dist/judges/data-sovereignty.js +60 -0
package/dist/judges/database.d.ts +2 -0
package/dist/judges/database.js +51 -0
package/dist/judges/dependency-health.d.ts +2 -0
package/dist/judges/dependency-health.js +48 -0
package/dist/judges/documentation.d.ts +2 -0
package/dist/judges/documentation.js +55 -0
package/dist/judges/error-handling.d.ts +2 -0
package/dist/judges/error-handling.js +55 -0
package/dist/judges/ethics-bias.d.ts +2 -0
package/dist/judges/ethics-bias.js +48 -0
package/dist/judges/false-positive-review.d.ts +2 -0
package/dist/judges/false-positive-review.js +85 -0
package/dist/judges/framework-safety.d.ts +2 -0
package/dist/judges/framework-safety.js +49 -0
package/dist/judges/hallucination-detection.d.ts +2 -0
package/dist/judges/hallucination-detection.js +48 -0
package/dist/judges/iac-security.d.ts +2 -0
package/dist/judges/iac-security.js +47 -0
package/dist/judges/index.d.ts +88 -0
package/dist/judges/index.js +128 -0
package/dist/judges/intent-alignment.d.ts +2 -0
package/dist/judges/intent-alignment.js +46 -0
package/dist/judges/internationalization.d.ts +2 -0
package/dist/judges/internationalization.js +44 -0
package/dist/judges/logging-privacy.d.ts +2 -0
package/dist/judges/logging-privacy.js +46 -0
package/dist/judges/logic-review.d.ts +2 -0
package/dist/judges/logic-review.js +36 -0
package/dist/judges/maintainability.d.ts +2 -0
package/dist/judges/maintainability.js +46 -0
package/dist/judges/model-fingerprint.d.ts +2 -0
package/dist/judges/model-fingerprint.js +35 -0
package/dist/judges/multi-turn-coherence.d.ts +2 -0
package/dist/judges/multi-turn-coherence.js +39 -0
package/dist/judges/observability.d.ts +2 -0
package/dist/judges/observability.js +54 -0
package/dist/judges/over-engineering.d.ts +2 -0
package/dist/judges/over-engineering.js +50 -0
package/dist/judges/performance.d.ts +2 -0
package/dist/judges/performance.js +46 -0
package/dist/judges/portability.d.ts +2 -0
package/dist/judges/portability.js +46 -0
package/dist/judges/rate-limiting.d.ts +2 -0
package/dist/judges/rate-limiting.js +55 -0
package/dist/judges/reliability.d.ts +2 -0
package/dist/judges/reliability.js +57 -0
package/dist/judges/scalability.d.ts +2 -0
package/dist/judges/scalability.js +52 -0
package/dist/judges/security.d.ts +2 -0
package/dist/judges/security.js +64 -0
package/dist/judges/software-practices.d.ts +2 -0
package/dist/judges/software-practices.js +56 -0
package/dist/judges/testing.d.ts +2 -0
package/dist/judges/testing.js +54 -0
package/dist/judges/ux.d.ts +2 -0
package/dist/judges/ux.js +46 -0
package/dist/language-patterns.d.ts +653 -0
package/dist/language-patterns.js +851 -0
package/dist/parallel.d.ts +52 -0
package/dist/parallel.js +157 -0
package/dist/patches/apply.d.ts +15 -0
package/dist/patches/apply.js +37 -0
package/dist/patches/index.d.ts +9 -0
package/dist/patches/index.js +2544 -0
package/dist/plugins.d.ts +59 -0
package/dist/plugins.js +76 -0
package/dist/presets.d.ts +35 -0
package/dist/presets.js +406 -0
package/dist/probabilistic/llm-response-validator.d.ts +26 -0
package/dist/probabilistic/llm-response-validator.js +122 -0
package/dist/reports/public-repo-report.d.ts +42 -0
package/dist/reports/public-repo-report.js +579 -0
package/dist/review-conversation.d.ts +87 -0
package/dist/review-conversation.js +307 -0
package/dist/sast-integration.d.ts +112 -0
package/dist/sast-integration.js +215 -0
package/dist/scoring.d.ts +36 -0
package/dist/scoring.js +437 -0
package/dist/security-ids.d.ts +23 -0
package/dist/security-ids.js +239 -0
package/dist/skill-loader.d.ts +33 -0
package/dist/skill-loader.js +167 -0
package/dist/tools/command-safety.d.ts +13 -0
package/dist/tools/command-safety.js +95 -0
package/dist/tools/deep-review.d.ts +38 -0
package/dist/tools/deep-review.js +302 -0
package/dist/tools/prompts.d.ts +27 -0
package/dist/tools/prompts.js +122 -0
package/dist/tools/register-evaluation.d.ts +6 -0
package/dist/tools/register-evaluation.js +587 -0
package/dist/tools/register-fix.d.ts +5 -0
package/dist/tools/register-fix.js +175 -0
package/dist/tools/register-resources.d.ts +6 -0
package/dist/tools/register-resources.js +177 -0
package/dist/tools/register-review.d.ts +6 -0
package/dist/tools/register-review.js +564 -0
package/dist/tools/register-scaffold.d.ts +2 -0
package/dist/tools/register-scaffold.js +398 -0
package/dist/tools/register-workflow.d.ts +6 -0
package/dist/tools/register-workflow.js +1037 -0
package/dist/tools/register-workspace.d.ts +2 -0
package/dist/tools/register-workspace.js +214 -0
package/dist/tools/register.d.ts +6 -0
package/dist/tools/register.js +21 -0
package/dist/tools/schemas.d.ts +25 -0
package/dist/tools/schemas.js +41 -0
package/dist/tools/validation.d.ts +13 -0
package/dist/tools/validation.js +77 -0
package/dist/types.d.ts +898 -0
package/dist/types.js +1 -0
package/package.json +54 -0
package/skills/ai-code-review.skill.md +57 -0
package/skills/release-gate.skill.md +27 -0
package/skills/security-review.skill.md +32 -0

package/dist/evaluators/iac-security.js ADDED Viewed

@@ -0,0 +1,701 @@
+import { getLineNumbers, getLangLineNumbers, getLangFamily, testCode, looksLikeIaCSecretValue } from "./shared.js";
+import * as LP from "../language-patterns.js";
+/**
+ * Deterministic evaluator for Infrastructure as Code (Terraform, Bicep, ARM).
+ *
+ * Detects security misconfigurations, hardcoded secrets, missing encryption,
+ * overly permissive network/IAM rules, and IaC best-practice violations.
+ */
+export function analyzeIacSecurity(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "IAC";
+    const lang = getLangFamily(language);
+    // Detect YAML IaC content (Docker Compose, Kubernetes manifests)
+    const isYamlIaC = lang === "unknown" && (/^\s*(?:apiVersion|kind)\s*:/m.test(code) || /^\s*services\s*:/m.test(code));
+    // Skip non-IaC languages entirely (allow YAML IaC through)
+    if (!LP.isIaC(lang) && !isYamlIaC)
+        return findings;
+    // ── IAC-001: Hardcoded secrets / passwords / keys ─────────────────────
+    const rawSecretLines = getLangLineNumbers(code, language, LP.IAC_HARDCODED_SECRET);
+    // Post-filter: reject lines where the matched value is a boolean-string,
+    // enum identifier, or known non-secret config value (e.g., 'false',
+    // 'GuestAttestation', 'SystemAssigned').
+    const codeLines = code.split("\n");
+    const secretLines = rawSecretLines.filter((ln) => {
+        const line = codeLines[ln - 1] ?? "";
+        // Extract the quoted value from the IaC property assignment
+        const valMatch = /(?:password|secret|key|token|apiKey|accessKey|connectionString|api_key|access_key|secret_key|connection_string|value)\s*[:=]\s*['"]([^'"]+)['"]/i.exec(line);
+        if (!valMatch)
+            return true; // keep if we can't parse — let it through
+        return looksLikeIaCSecretValue(valMatch[1]);
+    });
+    if (secretLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Hardcoded secrets in infrastructure code",
+            description: "Passwords, API keys, or secrets are hardcoded directly in IaC definitions. These values are stored in version control and visible to anyone with repository access.",
+            lineNumbers: secretLines,
+            recommendation: "Use a secrets manager (Azure Key Vault, AWS Secrets Manager, HashiCorp Vault) or reference secrets via variables/parameters that are injected at deployment time. Never commit plaintext secrets.",
+            reference: "CIS Benchmark: Secrets Management",
+            suggestedFix: lang === "terraform"
+                ? "Replace the hardcoded value with a variable reference: `var.admin_password` and mark it `sensitive = true`."
+                : lang === "bicep"
+                    ? "Use a `@secure()` parameter decorator: `@secure() param adminPassword string` and pass via Key Vault reference."
+                    : 'Use a Key Vault reference in ARM parameters: `"reference": { "keyVault": { "id": "..." }, "secretName": "..." }`.',
+            confidence: 0.95,
+        });
+    }
+    // ── IAC-002: Missing encryption at rest ───────────────────────────────
+    const encryptionLines = getLangLineNumbers(code, language, LP.IAC_MISSING_ENCRYPTION);
+    if (encryptionLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Encryption at rest disabled",
+            description: "One or more resources have encryption at rest explicitly disabled. Data stored without encryption is vulnerable to unauthorized access if storage media is compromised.",
+            lineNumbers: encryptionLines,
+            recommendation: "Enable encryption at rest for all storage resources. Use platform-managed keys (PMK) at minimum, or customer-managed keys (CMK) via Key Vault for stronger control.",
+            reference: "CIS Azure/AWS Benchmark: Encryption at Rest",
+            suggestedFix: lang === "terraform"
+                ? "Set `encryption_at_rest_enabled = true` or remove the property to use the secure default."
+                : lang === "bicep"
+                    ? "Set `encryption: { status: 'Enabled' }` or use the default (enabled)."
+                    : 'Set `"encryption": { "status": "Enabled" }` in the resource properties.',
+            confidence: 0.9,
+        });
+    }
+    // ── IAC-003: Missing HTTPS / TLS enforcement ──────────────────────────
+    const httpsLines = getLangLineNumbers(code, language, LP.IAC_MISSING_HTTPS);
+    if (httpsLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "HTTPS/TLS not enforced",
+            description: "Transport security is not enforced — HTTP traffic is allowed or TLS minimum version is set below 1.2. Data in transit is vulnerable to interception and man-in-the-middle attacks.",
+            lineNumbers: httpsLines,
+            recommendation: "Enforce HTTPS-only communication and set minimum TLS version to 1.2 or higher. Disable plaintext HTTP listeners.",
+            reference: "CIS Benchmark: Data in Transit / TLS Configuration",
+            suggestedFix: lang === "terraform"
+                ? 'Set `https_only = true` and `min_tls_version = "TLS1_2"`.'
+                : lang === "bicep"
+                    ? "Set `httpsOnly: true` and `minTlsVersion: '1.2'`."
+                    : 'Set `"httpsOnly": true` and `"minTlsVersion": "1.2"` in properties.',
+            confidence: 0.9,
+        });
+    }
+    // ── IAC-004: Public access enabled ────────────────────────────────────
+    const publicAccessLines = getLangLineNumbers(code, language, LP.IAC_PUBLIC_ACCESS);
+    if (publicAccessLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Public access enabled on resource",
+            description: "One or more resources are configured with public network access enabled. This exposes the resource to the internet and increases the attack surface.",
+            lineNumbers: publicAccessLines,
+            recommendation: "Disable public access and use private endpoints or VNet integration. If public access is required, restrict it with firewall rules or IP allowlists.",
+            reference: "CIS Benchmark: Network Security / Private Endpoints",
+            suggestedFix: lang === "terraform"
+                ? "Set `public_network_access_enabled = false` and configure a private endpoint."
+                : lang === "bicep"
+                    ? "Set `publicNetworkAccess: 'Disabled'` and add a private endpoint resource."
+                    : 'Set `"publicNetworkAccess": "Disabled"` and define a private endpoint resource.',
+            confidence: 0.9,
+        });
+    }
+    // ── IAC-005: Overly permissive network rules ──────────────────────────
+    const openNetLinesRaw = getLangLineNumbers(code, language, LP.IAC_OPEN_NETWORK);
+    // Filter out egress rules — allowing all outbound traffic (0.0.0.0/0)
+    // in egress blocks is standard practice and not a security concern.
+    const iacLines = code.split("\n");
+    const openNetLines = openNetLinesRaw.filter((ln) => {
+        // Look backwards from the flagged line for an enclosing egress block
+        for (let j = ln - 2; j >= 0 && j >= ln - 15; j--) {
+            const prev = iacLines[j]?.trim();
+            if (!prev)
+                continue;
+            if (/^egress\s*\{/i.test(prev) || prev === "egress {")
+                return false;
+            // Stop searching if we hit another block type
+            if (/^(?:ingress|resource|data)\s*[\s{("]/i.test(prev))
+                break;
+        }
+        return true;
+    });
+    if (openNetLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Overly permissive network rules (0.0.0.0/0 or wildcard)",
+            description: "Network security rules allow traffic from any source (0.0.0.0/0) or to any port (*). This effectively disables network-level access control and exposes resources to the entire internet.",
+            lineNumbers: openNetLines,
+            recommendation: "Restrict CIDR blocks to known IP ranges. Use specific port ranges instead of wildcards. Apply the principle of least privilege to all NSG/security group rules.",
+            reference: "CIS Benchmark: Network Security Groups",
+            suggestedFix: lang === "terraform"
+                ? 'Replace `cidr_blocks = ["0.0.0.0/0"]` with specific CIDR ranges and restrict port ranges.'
+                : lang === "bicep"
+                    ? "Replace `sourceAddressPrefix: '*'` with specific IP ranges and restrict port ranges."
+                    : 'Replace `"sourceAddressPrefix": "*"` with specific IP ranges.',
+            confidence: 0.95,
+        });
+    }
+    // ── IAC-006: Overly permissive IAM / RBAC ─────────────────────────────
+    const iamLines = getLangLineNumbers(code, language, LP.IAC_OVERPERMISSIVE_IAM);
+    if (iamLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Overly permissive IAM/RBAC assignment",
+            description: "IAM policies or role assignments use wildcard permissions ('*') or the Owner built-in role. This grants far more access than needed and violates the principle of least privilege.",
+            lineNumbers: iamLines,
+            recommendation: "Use the most restrictive role that meets the requirement (e.g. Reader, Contributor for specific resource types). Define custom roles with minimal required permissions.",
+            reference: "CIS Benchmark: Identity & Access Management",
+            suggestedFix: lang === "terraform"
+                ? 'Replace `actions = ["*"]` with specific permissions like `["Microsoft.Storage/storageAccounts/read"]`.'
+                : lang === "bicep"
+                    ? "Use a scoped role like 'Reader' or 'Storage Blob Data Reader' instead of 'Owner'."
+                    : 'Replace wildcard `"actions": ["*"]` with specific actions.',
+            confidence: 0.9,
+        });
+    }
+    // ── IAC-007: Missing logging / monitoring ─────────────────────────────
+    const loggingLines = getLangLineNumbers(code, language, LP.IAC_MISSING_LOGGING);
+    if (loggingLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Logging or monitoring disabled",
+            description: "Diagnostic settings or logging is explicitly disabled on one or more resources. Without logging, security incidents and operational issues cannot be detected or investigated.",
+            lineNumbers: loggingLines,
+            recommendation: "Enable diagnostic settings on all resources. Send logs to a Log Analytics workspace or storage account for retention. Configure alerts for critical events.",
+            reference: "CIS Benchmark: Logging & Monitoring",
+            suggestedFix: lang === "terraform"
+                ? "Set `enable_logging = true` and add an `azurerm_monitor_diagnostic_setting` resource."
+                : lang === "bicep"
+                    ? "Add a `Microsoft.Insights/diagnosticSettings` child resource with appropriate log categories enabled."
+                    : 'Add a `"Microsoft.Insights/diagnosticSettings"` resource linked to a Log Analytics workspace.',
+            confidence: 0.85,
+        });
+    }
+    // ── IAC-008: Hardcoded resource locations ──────────────────────────────
+    const locationLines = getLangLineNumbers(code, language, LP.IAC_HARDCODED_LOCATION);
+    if (locationLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Hardcoded resource location",
+            description: "Resource locations are hardcoded to specific Azure/AWS regions instead of being parameterized. This prevents reuse across environments and complicates multi-region deployments.",
+            lineNumbers: locationLines,
+            recommendation: "Use a variable or parameter for the location. In Terraform, use `var.location`. In Bicep, use `param location string = resourceGroup().location`. In ARM, use `[parameters('location')]`.",
+            reference: "IaC Best Practices: Parameterization",
+            suggestedFix: lang === "terraform"
+                ? 'Replace the hardcoded location with `var.location` and define `variable "location" { type = string }`.'
+                : lang === "bicep"
+                    ? "Replace the hardcoded location with `location` parameter: `param location string = resourceGroup().location`."
+                    : "Replace the hardcoded location with `[parameters('location')]` and add a `location` parameter.",
+            confidence: 0.85,
+        });
+    }
+    // ── IAC-009: Insecure TLS defaults ────────────────────────────────────
+    const insecureDefaultLines = getLangLineNumbers(code, language, LP.IAC_INSECURE_DEFAULT);
+    if (insecureDefaultLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Insecure TLS version configured",
+            description: "TLS minimum version is set to 1.0 or 1.1, both of which are deprecated and vulnerable to known attacks (POODLE, BEAST). Only TLS 1.2+ should be used.",
+            lineNumbers: insecureDefaultLines,
+            recommendation: "Set the minimum TLS version to 1.2. TLS 1.0 and 1.1 are deprecated by RFC 8996 (March 2021) and should not be used.",
+            reference: "RFC 8996 / CIS Benchmark: TLS Configuration",
+            suggestedFix: lang === "terraform"
+                ? 'Set `min_tls_version = "TLS1_2"` or `min_tls_version = "1.2"`.'
+                : lang === "bicep"
+                    ? "Set `minTlsVersion: '1.2'`."
+                    : 'Set `"minTlsVersion": "1.2"`.',
+            confidence: 0.9,
+        });
+    }
+    // ── IAC-010: Missing backup / DR configuration ────────────────────────
+    const backupLines = getLangLineNumbers(code, language, LP.IAC_MISSING_BACKUP);
+    if (backupLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Backup or disaster recovery disabled",
+            description: "Backup or geo-redundant backup is explicitly disabled. Without backups, data loss from accidental deletion, corruption, or ransomware is irrecoverable.",
+            lineNumbers: backupLines,
+            recommendation: "Enable automated backups with appropriate retention periods. Enable geo-redundant backup for production databases. Test backup restoration regularly.",
+            reference: "CIS Benchmark: Backup & Recovery",
+            suggestedFix: lang === "terraform"
+                ? "Set `geo_redundant_backup_enabled = true` and configure backup retention."
+                : lang === "bicep"
+                    ? "Set `geoRedundantBackup: 'Enabled'` and configure backup retention policies."
+                    : 'Set `"geoRedundantBackup": "Enabled"` in the resource properties.',
+            confidence: 0.85,
+        });
+    }
+    // ── IAC-011: Absence — no resource definitions found ──────────────────
+    const resourceLines = getLangLineNumbers(code, language, LP.IAC_RESOURCE_DEF);
+    if (resourceLines.length === 0 && code.split("\n").length > 5) {
+        // Only flag on files that are long enough to plausibly be IaC but define no resources
+        // (skip very short files like variable files, module references, etc.)
+        const hasModuleOrVariable = testCode(code, /(?:variable\s+"|module\s+"|param\s+|var\s+\w+\s*=|"parameters"\s*:)/i);
+        if (!hasModuleOrVariable) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "info",
+                title: "No IaC resource definitions detected",
+                description: "This file appears to be an IaC file but contains no resource definitions. It may be incomplete or a data-only/variable-only file.",
+                recommendation: "Verify this file is complete. If it is a variables or locals file, no action is needed. If it should contain infrastructure definitions, add the required resource blocks.",
+                reference: "IaC Best Practices: File Organization",
+                confidence: 0.5,
+            });
+        }
+    }
+    // ── IAC-012: Terraform-specific: no required_providers ────────────────
+    if (lang === "terraform") {
+        const hasRequiredProviders = testCode(code, /required_providers\s*\{/i);
+        const hasProvider = testCode(code, /provider\s+"[^"]+"\s*\{/i);
+        if (hasProvider && !hasRequiredProviders) {
+            const providerLines = getLineNumbers(code, /provider\s+"[^"]+"\s*\{/i);
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Missing required_providers block",
+                description: "Providers are used but no `required_providers` block specifies version constraints. This can lead to unexpected behavior when provider versions change.",
+                lineNumbers: providerLines,
+                recommendation: 'Add a `terraform { required_providers { ... } }` block with version constraints (e.g. `version = "~> 3.0"`).',
+                reference: "Terraform Best Practices: Provider Version Constraints",
+                suggestedFix: 'Add `terraform { required_providers { azurerm = { source = "hashicorp/azurerm" version = "~> 3.0" } } }`.',
+                confidence: 0.8,
+            });
+        }
+    }
+    // ── IAC-013: Terraform-specific: no backend configuration ─────────────
+    if (lang === "terraform") {
+        const hasBackend = testCode(code, /backend\s+"[^"]+"\s*\{/i);
+        const hasTerraformBlock = testCode(code, /terraform\s*\{/i);
+        // Reusable modules define variables/outputs but not backends — skip
+        const isTerraformModule = /\bvariable\s+"[^"]+"\s*\{/i.test(code) && !/\bprovider\s+"[^"]+"\s*\{/i.test(code);
+        if (hasTerraformBlock && !hasBackend && !isTerraformModule) {
+            const terraformLines = getLineNumbers(code, /terraform\s*\{/i);
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "No remote backend configured",
+                description: "Terraform state is stored locally by default. Local state prevents team collaboration, has no locking, and risks data loss.",
+                lineNumbers: terraformLines,
+                recommendation: 'Configure a remote backend (e.g. `backend "azurerm"`, `backend "s3"`, or Terraform Cloud) with state locking enabled.',
+                reference: "Terraform Best Practices: Remote State",
+                suggestedFix: 'Add `backend "azurerm" { resource_group_name = "..." storage_account_name = "..." container_name = "tfstate" key = "terraform.tfstate" }`.',
+                confidence: 0.7,
+            });
+        }
+    }
+    // ── IAC-014: Bicep-specific: no @secure() on sensitive parameters ─────
+    if (lang === "bicep") {
+        const paramLines = code.split("\n");
+        for (let i = 0; i < paramLines.length; i++) {
+            const line = paramLines[i];
+            if (/param\s+\w*(?:password|secret|key|token|connectionString)\w*\s+string/i.test(line)) {
+                // Skip resource-name parameters where "key"/"secret"/"token" is part of a
+                // compound resource name (e.g., keyVaultName, keyVaultUri, secretName,
+                // tokenServiceUrl) — these hold identifiers, not secrets.
+                if (/param\s+\w*(?:Name|Uri|Url|Endpoint|Id|ResourceGroup|Location|Sku|Region|Type)\s+string/i.test(line)) {
+                    continue;
+                }
+                // Check if the preceding line has @secure()
+                const prevLine = i > 0 ? paramLines[i - 1] : "";
+                if (!/@secure\(\)/.test(prevLine)) {
+                    findings.push({
+                        ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                        severity: "high",
+                        title: "Sensitive parameter without @secure() decorator",
+                        description: `Parameter on line ${i + 1} appears to hold a secret but is not decorated with \`@secure()\`. Without this decorator, the value may be logged in deployment history and visible in the Azure portal.`,
+                        lineNumbers: [i + 1],
+                        recommendation: "Add the `@secure()` decorator on the line above the parameter declaration.",
+                        reference: "Bicep Best Practices: Secure Parameters",
+                        suggestedFix: `Add \`@secure()\` on the line before the parameter: \`@secure()\\nparam ${line.trim()}\`.`,
+                        confidence: 0.9,
+                    });
+                }
+            }
+        }
+    }
+    // ── IAC-015: ARM-specific: parameters with defaultValue for secrets ───
+    if (lang === "arm") {
+        // Multi-line pattern: match secret param names whose object contains a defaultValue
+        const secretParamPattern = /"(?:adminPassword|password|secret|key|connectionString)"\s*:\s*\{[^}]*"defaultValue"\s*:\s*"[^"]+"/gis;
+        const matches = [...code.matchAll(secretParamPattern)];
+        if (matches.length > 0) {
+            const lineNums = matches.map((m) => {
+                const idx = m.index ?? 0;
+                return code.slice(0, idx).split("\n").length;
+            });
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "ARM template secret parameter has default value",
+                description: "Sensitive parameters (passwords, keys) have hardcoded default values in the ARM template. Default values are stored in the template file and visible in version control.",
+                lineNumbers: lineNums,
+                recommendation: 'Remove the `defaultValue` from sensitive parameters and use `"type": "securestring"`. Reference secrets from Key Vault in the parameter file.',
+                reference: "ARM Template Best Practices: Secure Parameters",
+                suggestedFix: 'Change the parameter type to `"type": "securestring"` and remove the `"defaultValue"` property. Use Key Vault references at deployment time.',
+                confidence: 0.95,
+            });
+        }
+    }
+    // ── IAC-016: Docker-specific: privileged mode, USER directive, secrets ─
+    if (lang === "dockerfile") {
+        const dockerLines = code.split("\n");
+        const privilegedLines = [];
+        const dockerSecretEnvLines = [];
+        let hasUserDirective = false;
+        for (let i = 0; i < dockerLines.length; i++) {
+            const line = dockerLines[i];
+            // Detect --privileged flag in RUN docker commands
+            if (/--privileged/i.test(line)) {
+                privilegedLines.push(i + 1);
+            }
+            // Detect USER directive (means container changes user)
+            if (/^\s*USER\s+/i.test(line)) {
+                hasUserDirective = true;
+            }
+            // Detect secrets in ENV directives
+            if (/^\s*ENV\s+\w*(?:password|passwd|pwd|secret|api_?key|token|private_key|db_pass)\w*[\s=]+/i.test(line)) {
+                if (!/\$\{?\w+\}?/.test(line)) {
+                    dockerSecretEnvLines.push(i + 1);
+                }
+            }
+        }
+        if (privilegedLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Docker container running in privileged mode",
+                description: "The --privileged flag gives the container full access to the host, effectively disabling all security boundaries. A compromised container can take over the host.",
+                lineNumbers: privilegedLines,
+                recommendation: "Remove --privileged. Use specific capabilities (--cap-add) only for what is needed. Use securityContext.privileged: false in Kubernetes.",
+                reference: "CIS Docker Benchmark: Container Runtime Security",
+                suggestedFix: "Remove --privileged and use granular capabilities: docker run --cap-add NET_ADMIN instead of --privileged.",
+                confidence: 0.95,
+            });
+        }
+        // Only flag missing USER if the Dockerfile has RUN commands (not just a trivial FROM)
+        const hasRunCmd = /^\s*RUN\s+/im.test(code);
+        if (hasRunCmd && !hasUserDirective && dockerLines.length > 5) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Docker container running as root",
+                description: "No USER directive found — the container runs as root by default. If compromised, the attacker has root privileges inside the container.",
+                recommendation: "Add a USER directive to run as a non-root user: USER 1001 or USER appuser. Create the user in a preceding RUN step.",
+                reference: "CIS Docker Benchmark: Container Security",
+                suggestedFix: "Add before the final CMD/ENTRYPOINT: RUN adduser -D appuser && USER appuser",
+                confidence: 0.8,
+            });
+        }
+        if (dockerSecretEnvLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Secrets exposed in Dockerfile ENV directive",
+                description: "Secrets are hardcoded in ENV directives. These values are baked into the image layer and visible to anyone who can pull the image.",
+                lineNumbers: dockerSecretEnvLines,
+                recommendation: "Use Docker secrets, build-time ARG with --secret, or inject secrets at runtime via environment variables from the orchestrator.",
+                reference: "CIS Docker Benchmark: Image Security",
+                suggestedFix: "Remove hardcoded secrets from ENV. Use runtime injection: docker run -e SECRET_KEY=$SECRET_KEY or Docker secrets.",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── IAC-020: Terraform S3 public ACL / public access blocks ───────────
+    if (lang === "terraform") {
+        const s3PublicLines = [];
+        const tfLines = code.split("\n");
+        for (let i = 0; i < tfLines.length; i++) {
+            const line = tfLines[i];
+            // S3 bucket with public-read or public-read-write ACL
+            if (/acl\s*=\s*["']public-read(?:-write)?["']/i.test(line)) {
+                s3PublicLines.push(i + 1);
+            }
+            // S3 public access block explicitly disabled
+            if (/block_public_acls\s*=\s*false|block_public_policy\s*=\s*false|ignore_public_acls\s*=\s*false|restrict_public_buckets\s*=\s*false/i.test(line)) {
+                s3PublicLines.push(i + 1);
+            }
+        }
+        if (s3PublicLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "S3 bucket with public access enabled",
+                description: "S3 bucket has a public ACL or public access block settings are disabled, allowing anyone on the internet to access the bucket contents.",
+                lineNumbers: s3PublicLines,
+                recommendation: "Set acl to 'private' and enable all public access block settings. Use bucket policies for controlled access.",
+                reference: "CIS AWS Benchmark: S3 Bucket Security",
+                suggestedFix: 'Set acl = "private" and configure aws_s3_bucket_public_access_block with block_public_acls = true, block_public_policy = true.',
+                confidence: 0.95,
+            });
+        }
+    }
+    // ── YAML IaC: Docker Compose and Kubernetes manifests ─────────────────
+    if (isYamlIaC) {
+        const yamlLines = code.split("\n");
+        const yamlSecretLines = [];
+        const yamlPrivilegedLines = [];
+        for (let i = 0; i < yamlLines.length; i++) {
+            const line = yamlLines[i];
+            // Detect privileged containers (Docker Compose + K8s)
+            if (/^\s*privileged\s*:\s*true/i.test(line)) {
+                yamlPrivilegedLines.push(i + 1);
+            }
+            // network_mode: host (Docker Compose)
+            if (/^\s*network_mode\s*:\s*['"]?host['"]?/i.test(line)) {
+                yamlPrivilegedLines.push(i + 1);
+            }
+            // allowPrivilegeEscalation: true (K8s)
+            if (/^\s*allowPrivilegeEscalation\s*:\s*true/i.test(line)) {
+                yamlPrivilegedLines.push(i + 1);
+            }
+            // Hardcoded secrets in YAML environment variables
+            // Docker Compose: PASSWORD=value or KEY: value patterns
+            if (/(?:PASSWORD|SECRET|API_KEY|ACCESS_KEY|PRIVATE_KEY|TOKEN)\s*[:=]\s*["']?\w{3,}/i.test(line)) {
+                // Exclude references to external secrets (${{ secrets.XXX }}) and variables (${VAR})
+                if (!/\$\{[{]?\s*(?:secrets\.|\w+\s*$)|valueFrom/i.test(line)) {
+                    yamlSecretLines.push(i + 1);
+                }
+            }
+            // K8s env value: "plaintext-password" pattern
+            if (/^\s*value\s*:\s*["'](?![\s"']*$)\S+/i.test(line)) {
+                const ctx = yamlLines.slice(Math.max(0, i - 3), i + 1).join("\n");
+                if (/\bname\s*:\s*\S*(?:PASSWORD|SECRET|KEY|TOKEN)\b/i.test(ctx)) {
+                    yamlSecretLines.push(i + 1);
+                }
+            }
+        }
+        if (yamlPrivilegedLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Container running in privileged mode",
+                description: "Containers are configured with elevated privileges (privileged: true, host networking, or privilege escalation). A compromised container can take over the host.",
+                lineNumbers: yamlPrivilegedLines,
+                recommendation: "Remove privileged: true. Use specific securityContext options only as needed. Avoid host networking.",
+                reference: "CIS Docker/Kubernetes Benchmark: Container Security",
+                suggestedFix: "Set privileged: false, allowPrivilegeEscalation: false, and use read-only root filesystem where possible.",
+                confidence: 0.95,
+            });
+        }
+        if (yamlSecretLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Hardcoded secrets in YAML infrastructure code",
+                description: "Passwords, API keys, or secrets are hardcoded in Docker Compose or Kubernetes manifests. These values are stored in version control and visible to anyone with repository access.",
+                lineNumbers: yamlSecretLines,
+                recommendation: "Use secrets management: Docker secrets, Kubernetes Secrets with external secret operators, or reference environment variables from a secure vault.",
+                reference: "CIS Benchmark: Secrets Management",
+                suggestedFix: "Replace plaintext values with secret references: use Docker secrets, K8s external-secrets, or environment variable injection from a vault.",
+                confidence: 0.9,
+            });
+        }
+        // K8s: runAsNonRoot not set or runAsRoot
+        const k8sRootLines = [];
+        for (let i = 0; i < yamlLines.length; i++) {
+            const line = yamlLines[i];
+            if (/^\s*runAsNonRoot\s*:\s*false/i.test(line)) {
+                k8sRootLines.push(i + 1);
+            }
+            if (/^\s*runAsUser\s*:\s*0\b/i.test(line)) {
+                k8sRootLines.push(i + 1);
+            }
+        }
+        if (k8sRootLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Kubernetes container running as root user",
+                description: "Container security context allows running as root (runAsNonRoot: false or runAsUser: 0). A compromised container running as root increases the blast radius.",
+                lineNumbers: k8sRootLines,
+                recommendation: "Set runAsNonRoot: true and specify a non-zero runAsUser in the pod or container securityContext.",
+                reference: "CIS Kubernetes Benchmark: Pod Security",
+                suggestedFix: "Add to securityContext: runAsNonRoot: true, runAsUser: 1000, readOnlyRootFilesystem: true.",
+                confidence: 0.9,
+            });
+        }
+        // K8s: missing resource limits
+        const hasContainers = /^\s*containers\s*:/m.test(code);
+        const hasLimits = /^\s*limits\s*:/m.test(code);
+        if (hasContainers && !hasLimits) {
+            const containerLineNums = [];
+            for (let i = 0; i < yamlLines.length; i++) {
+                if (/^\s*-\s*name\s*:/i.test(yamlLines[i]) &&
+                    /containers/i.test(yamlLines.slice(Math.max(0, i - 5), i).join("\n"))) {
+                    containerLineNums.push(i + 1);
+                }
+            }
+            if (containerLineNums.length > 0) {
+                findings.push({
+                    ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                    severity: "medium",
+                    title: "Kubernetes container without resource limits",
+                    description: "Containers do not specify resource limits (CPU/memory). Without limits, a runaway container can starve other workloads and cause node instability.",
+                    lineNumbers: containerLineNums.slice(0, 5),
+                    recommendation: "Set resources.limits.cpu and resources.limits.memory for every container to prevent resource exhaustion.",
+                    reference: "CIS Kubernetes Benchmark: Resource Management",
+                    suggestedFix: "Add resources: { limits: { cpu: '500m', memory: '256Mi' }, requests: { cpu: '100m', memory: '128Mi' } }.",
+                    confidence: 0.75,
+                });
+            }
+        }
+        // K8s: readOnlyRootFilesystem not set
+        const hasReadOnly = /readOnlyRootFilesystem\s*:\s*true/m.test(code);
+        if (hasContainers && !hasReadOnly) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Container filesystem is writable",
+                description: "Kubernetes containers do not set readOnlyRootFilesystem: true. A writable filesystem allows attackers to install malicious tools or modify binaries.",
+                recommendation: "Set securityContext.readOnlyRootFilesystem: true and use emptyDir volumes for paths that need writes.",
+                reference: "CIS Kubernetes Benchmark: Container Security",
+                suggestedFix: "Add to container securityContext: readOnlyRootFilesystem: true. Mount emptyDir for /tmp and other writable paths.",
+                confidence: 0.7,
+                isAbsenceBased: true,
+            });
+        }
+    }
+    // ── IAC: Missing resource tags ────────────────────────────────────────
+    if (lang === "terraform") {
+        const hasResources = /resource\s+"[^"]+"\s+"[^"]+"\s*\{/i.test(code);
+        const hasTags = /tags\s*=\s*\{/i.test(code) || /tags\s*=\s*merge\(/i.test(code) || /default_tags\s*\{/i.test(code);
+        // Count distinct resource blocks — skip on small configs with ≤3 resources
+        const resourceCount = (code.match(/resource\s+"[^"]+"\s+"[^"]+"\s*\{/gi) || []).length;
+        if (hasResources && !hasTags && resourceCount >= 4) {
+            const resourceDefLines = [];
+            const tfLines2 = code.split("\n");
+            for (let i = 0; i < tfLines2.length; i++) {
+                if (/resource\s+"[^"]+"\s+"[^"]+"\s*\{/i.test(tfLines2[i])) {
+                    resourceDefLines.push(i + 1);
+                }
+            }
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Resources without tags",
+                description: "Terraform resources are defined without tags. Tags are essential for cost tracking, ownership, environment identification, and automated governance.",
+                lineNumbers: resourceDefLines.slice(0, 5),
+                recommendation: "Add a tags block to all resources. Use a common set of tags (environment, owner, project, cost-center) and consider using default_tags in the provider block.",
+                reference: "Cloud Best Practices: Resource Tagging",
+                suggestedFix: 'Add tags = { Environment = var.environment, Project = var.project, Owner = var.owner, ManagedBy = "Terraform" } to each resource.',
+                confidence: 0.7,
+            });
+        }
+    }
+    // ── IAC: Managed identity not used (password-based auth in IaC) ─────
+    if (lang === "terraform" || lang === "bicep" || lang === "arm") {
+        const passwordAuthLines = [];
+        const lines = code.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/admin_username\s*=|administratorLogin\s*[:=]/i.test(line)) {
+                const ctx = lines.slice(i, Math.min(lines.length, i + 10)).join("\n");
+                if (/admin_password\s*=|administratorLoginPassword\s*[:=]/i.test(ctx) && !/identity\s*[:={]/i.test(ctx)) {
+                    passwordAuthLines.push(i + 1);
+                }
+            }
+        }
+        if (passwordAuthLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Password-based authentication without managed identity",
+                description: "Resources use admin username/password authentication without a managed identity configured. Managed identities eliminate the need for credential management and rotation.",
+                lineNumbers: passwordAuthLines,
+                recommendation: "Configure a system-assigned or user-assigned managed identity and use Azure AD/Entra ID authentication where supported.",
+                reference: "Azure Well-Architected Framework: Identity",
+                suggestedFix: lang === "terraform"
+                    ? 'Add identity { type = "SystemAssigned" } to the resource and use Azure AD authentication.'
+                    : "Add identity: { type: 'SystemAssigned' } and configure Azure AD authentication.",
+                confidence: 0.75,
+            });
+        }
+    }
+    // ── IAC: Database firewall allows all Azure services ──────────────────
+    if (lang === "terraform" || lang === "bicep" || lang === "arm") {
+        const allAzureLines = [];
+        const lines = code.split("\n");
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // "Allow all Azure services" firewall rule: start=0.0.0.0 end=0.0.0.0
+            if (/start_ip_address\s*=\s*["']0\.0\.0\.0/i.test(line) || /startIpAddress\s*[:=]\s*['"]0\.0\.0\.0/i.test(line)) {
+                const ctx = lines.slice(i, Math.min(lines.length, i + 5)).join("\n");
+                if (/end_ip_address\s*=\s*["']0\.0\.0\.0/i.test(ctx) || /endIpAddress\s*[:=]\s*['"]0\.0\.0\.0/i.test(ctx)) {
+                    allAzureLines.push(i + 1);
+                }
+            }
+        }
+        if (allAzureLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Database firewall allows all Azure services",
+                description: "A firewall rule with start and end IP of 0.0.0.0 allows any Azure service (including other tenants) to access the database. This is overly permissive.",
+                lineNumbers: allAzureLines,
+                recommendation: "Remove the 'Allow Azure services' rule and use private endpoints or VNet service endpoints for secure connectivity.",
+                reference: "CIS Azure Benchmark: Database Security",
+                suggestedFix: "Remove the 0.0.0.0-0.0.0.0 firewall rule and configure a private endpoint for the database instead.",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── IAC: Dockerfile ADD instead of COPY ───────────────────────────────
+    if (lang === "dockerfile") {
+        const addLines = [];
+        const dockerLines2 = code.split("\n");
+        for (let i = 0; i < dockerLines2.length; i++) {
+            const line = dockerLines2[i];
+            if (/^\s*ADD\s+/i.test(line) &&
+                !/^\s*ADD\s+https?:\/\//i.test(line) &&
+                !/\.tar|\.gz|\.tgz|\.bz2|\.xz/i.test(line)) {
+                addLines.push(i + 1);
+            }
+        }
+        if (addLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Dockerfile uses ADD instead of COPY",
+                description: "The ADD instruction has implicit tar extraction and remote URL fetching that can introduce unexpected behavior. COPY is more explicit and predictable.",
+                lineNumbers: addLines,
+                recommendation: "Use COPY instead of ADD for local file copies. Only use ADD when you specifically need tar auto-extraction or remote URL downloading.",
+                reference: "Dockerfile Best Practices: COPY vs ADD",
+                suggestedFix: "Replace ADD with COPY for simple file copies: COPY ./app /app instead of ADD ./app /app.",
+                confidence: 0.8,
+            });
+        }
+        // Dockerfile: latest tag in FROM
+        const latestTagLines = [];
+        for (let i = 0; i < dockerLines2.length; i++) {
+            const line = dockerLines2[i];
+            if (/^\s*FROM\s+\S+:latest\b/i.test(line) ||
+                (/^\s*FROM\s+\S+\s/i.test(line) && !/:/i.test(line.split(/\s+/)[1] ?? ""))) {
+                latestTagLines.push(i + 1);
+            }
+        }
+        if (latestTagLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "medium",
+                title: "Dockerfile FROM uses latest or untagged image",
+                description: "Using :latest or untagged base images leads to non-reproducible builds. The image content can change unexpectedly between builds.",
+                lineNumbers: latestTagLines,
+                recommendation: "Pin base images to a specific version tag or digest: FROM node:20-alpine instead of FROM node:latest.",
+                reference: "Dockerfile Best Practices: Image Pinning",
+                suggestedFix: "Pin the image version: FROM node:20-alpine or FROM node@sha256:abc123... for maximum reproducibility.",
+                confidence: 0.85,
+            });
+        }
+    }
+    return findings;
+}