npm - @kevinrabun/judges-cli - Versions diffs - 3.124.0 - Mend

@kevinrabun/judges-cli 3.124.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1745) hide show

package/README.md +24 -0
package/agents/accessibility.judge.md +44 -0
package/agents/agent-instructions.judge.md +44 -0
package/agents/ai-code-safety.judge.md +55 -0
package/agents/api-contract.judge.md +37 -0
package/agents/api-design.judge.md +55 -0
package/agents/authentication.judge.md +61 -0
package/agents/backwards-compatibility.judge.md +44 -0
package/agents/caching.judge.md +44 -0
package/agents/ci-cd.judge.md +44 -0
package/agents/cloud-readiness.judge.md +51 -0
package/agents/code-structure.judge.md +48 -0
package/agents/compliance.judge.md +47 -0
package/agents/concurrency.judge.md +46 -0
package/agents/configuration-management.judge.md +44 -0
package/agents/cost-effectiveness.judge.md +40 -0
package/agents/cybersecurity.judge.md +61 -0
package/agents/data-security.judge.md +48 -0
package/agents/data-sovereignty.judge.md +58 -0
package/agents/database.judge.md +49 -0
package/agents/dependency-health.judge.md +46 -0
package/agents/documentation.judge.md +53 -0
package/agents/error-handling.judge.md +53 -0
package/agents/ethics-bias.judge.md +46 -0
package/agents/false-positive-review.judge.md +85 -0
package/agents/framework-safety.judge.md +47 -0
package/agents/hallucination-detection.judge.md +46 -0
package/agents/iac-security.judge.md +45 -0
package/agents/intent-alignment.judge.md +44 -0
package/agents/internationalization.judge.md +42 -0
package/agents/logging-privacy.judge.md +44 -0
package/agents/logic-review.judge.md +34 -0
package/agents/maintainability.judge.md +44 -0
package/agents/model-fingerprint.judge.md +31 -0
package/agents/multi-turn-coherence.judge.md +36 -0
package/agents/observability.judge.md +52 -0
package/agents/over-engineering.judge.md +48 -0
package/agents/performance.judge.md +44 -0
package/agents/portability.judge.md +44 -0
package/agents/rate-limiting.judge.md +53 -0
package/agents/reliability.judge.md +55 -0
package/agents/scalability.judge.md +50 -0
package/agents/security.judge.md +62 -0
package/agents/software-practices.judge.md +54 -0
package/agents/testing.judge.md +52 -0
package/agents/ux.judge.md +44 -0
package/bin/judges.js +8 -0
package/dist/a2a-protocol.d.ts +136 -0
package/dist/a2a-protocol.js +218 -0
package/dist/agent-loader.d.ts +107 -0
package/dist/agent-loader.js +260 -0
package/dist/api.d.ts +169 -0
package/dist/api.js +195 -0
package/dist/ast/cross-file-taint.d.ts +42 -0
package/dist/ast/cross-file-taint.js +679 -0
package/dist/ast/index.d.ts +25 -0
package/dist/ast/index.js +148 -0
package/dist/ast/structural-parser.d.ts +2 -0
package/dist/ast/structural-parser.js +756 -0
package/dist/ast/taint-tracker.d.ts +48 -0
package/dist/ast/taint-tracker.js +1033 -0
package/dist/ast/tree-sitter-ast.d.ts +33 -0
package/dist/ast/tree-sitter-ast.js +1164 -0
package/dist/ast/types.d.ts +50 -0
package/dist/ast/types.js +7 -0
package/dist/audit-trail.d.ts +245 -0
package/dist/audit-trail.js +257 -0
package/dist/auto-tune.d.ts +146 -0
package/dist/auto-tune.js +373 -0
package/dist/cache.d.ts +53 -0
package/dist/cache.js +86 -0
package/dist/calibration.d.ts +108 -0
package/dist/calibration.js +219 -0
package/dist/cli-dispatch.d.ts +7 -0
package/dist/cli-dispatch.js +654 -0
package/dist/cli-formatters.d.ts +6 -0
package/dist/cli-formatters.js +186 -0
package/dist/cli-helpers.d.ts +29 -0
package/dist/cli-helpers.js +129 -0
package/dist/cli.d.ts +30 -0
package/dist/cli.js +1487 -0
package/dist/commands/adoption-report.d.ts +7 -0
package/dist/commands/adoption-report.js +218 -0
package/dist/commands/adoption-track.d.ts +4 -0
package/dist/commands/adoption-track.js +246 -0
package/dist/commands/ai-gate.d.ts +7 -0
package/dist/commands/ai-gate.js +212 -0
package/dist/commands/ai-model-trust.d.ts +16 -0
package/dist/commands/ai-model-trust.js +234 -0
package/dist/commands/ai-output-compare.d.ts +8 -0
package/dist/commands/ai-output-compare.js +202 -0
package/dist/commands/ai-pattern-trend.d.ts +8 -0
package/dist/commands/ai-pattern-trend.js +223 -0
package/dist/commands/ai-prompt-audit.d.ts +22 -0
package/dist/commands/ai-prompt-audit.js +254 -0
package/dist/commands/ai-provenance.d.ts +4 -0
package/dist/commands/ai-provenance.js +247 -0
package/dist/commands/api-audit.d.ts +8 -0
package/dist/commands/api-audit.js +359 -0
package/dist/commands/api-misuse.d.ts +4 -0
package/dist/commands/api-misuse.js +260 -0
package/dist/commands/api-versioning-audit.d.ts +5 -0
package/dist/commands/api-versioning-audit.js +233 -0
package/dist/commands/approve-chain.d.ts +7 -0
package/dist/commands/approve-chain.js +234 -0
package/dist/commands/arch-audit.d.ts +8 -0
package/dist/commands/arch-audit.js +283 -0
package/dist/commands/assertion-density.d.ts +4 -0
package/dist/commands/assertion-density.js +263 -0
package/dist/commands/assign-findings.d.ts +36 -0
package/dist/commands/assign-findings.js +177 -0
package/dist/commands/async-safety.d.ts +4 -0
package/dist/commands/async-safety.js +266 -0
package/dist/commands/audit-bundle.d.ts +28 -0
package/dist/commands/audit-bundle.js +234 -0
package/dist/commands/audit-trail.d.ts +17 -0
package/dist/commands/audit-trail.js +154 -0
package/dist/commands/auto-approve.d.ts +4 -0
package/dist/commands/auto-approve.js +188 -0
package/dist/commands/auto-calibrate.d.ts +14 -0
package/dist/commands/auto-calibrate.js +106 -0
package/dist/commands/auto-detect.d.ts +61 -0
package/dist/commands/auto-detect.js +328 -0
package/dist/commands/auto-fix.d.ts +17 -0
package/dist/commands/auto-fix.js +240 -0
package/dist/commands/auto-triage.d.ts +31 -0
package/dist/commands/auto-triage.js +125 -0
package/dist/commands/baseline.d.ts +47 -0
package/dist/commands/baseline.js +353 -0
package/dist/commands/batch-review.d.ts +4 -0
package/dist/commands/batch-review.js +180 -0
package/dist/commands/benchmark-advanced.d.ts +14 -0
package/dist/commands/benchmark-advanced.js +5057 -0
package/dist/commands/benchmark-ai-agents.d.ts +8 -0
package/dist/commands/benchmark-ai-agents.js +4123 -0
package/dist/commands/benchmark-ai-output.d.ts +9 -0
package/dist/commands/benchmark-ai-output.js +365 -0
package/dist/commands/benchmark-compliance-ethics.d.ts +8 -0
package/dist/commands/benchmark-compliance-ethics.js +3060 -0
package/dist/commands/benchmark-expanded-2.d.ts +12 -0
package/dist/commands/benchmark-expanded-2.js +5530 -0
package/dist/commands/benchmark-expanded.d.ts +12 -0
package/dist/commands/benchmark-expanded.js +2599 -0
package/dist/commands/benchmark-infrastructure.d.ts +8 -0
package/dist/commands/benchmark-infrastructure.js +2882 -0
package/dist/commands/benchmark-languages.d.ts +8 -0
package/dist/commands/benchmark-languages.js +1963 -0
package/dist/commands/benchmark-quality-ops.d.ts +8 -0
package/dist/commands/benchmark-quality-ops.js +3415 -0
package/dist/commands/benchmark-security-deep.d.ts +9 -0
package/dist/commands/benchmark-security-deep.js +2335 -0
package/dist/commands/benchmark.d.ts +233 -0
package/dist/commands/benchmark.js +3214 -0
package/dist/commands/blame-review.d.ts +4 -0
package/dist/commands/blame-review.js +266 -0
package/dist/commands/boundary-enforce.d.ts +5 -0
package/dist/commands/boundary-enforce.js +255 -0
package/dist/commands/build-optimize.d.ts +6 -0
package/dist/commands/build-optimize.js +256 -0
package/dist/commands/burndown.d.ts +26 -0
package/dist/commands/burndown.js +179 -0
package/dist/commands/cache-audit.d.ts +4 -0
package/dist/commands/cache-audit.js +219 -0
package/dist/commands/calibration-dashboard.d.ts +1 -0
package/dist/commands/calibration-dashboard.js +294 -0
package/dist/commands/calibration-share.d.ts +30 -0
package/dist/commands/calibration-share.js +182 -0
package/dist/commands/chat-notify.d.ts +8 -0
package/dist/commands/chat-notify.js +258 -0
package/dist/commands/ci-template.d.ts +14 -0
package/dist/commands/ci-template.js +211 -0
package/dist/commands/ci-templates.d.ts +9 -0
package/dist/commands/ci-templates.js +89 -0
package/dist/commands/clarity-score.d.ts +8 -0
package/dist/commands/clarity-score.js +260 -0
package/dist/commands/clone-detect.d.ts +4 -0
package/dist/commands/clone-detect.js +232 -0
package/dist/commands/coach-mode.d.ts +7 -0
package/dist/commands/coach-mode.js +229 -0
package/dist/commands/code-health.d.ts +4 -0
package/dist/commands/code-health.js +195 -0
package/dist/commands/code-owner-suggest.d.ts +16 -0
package/dist/commands/code-owner-suggest.js +214 -0
package/dist/commands/code-similarity.d.ts +8 -0
package/dist/commands/code-similarity.js +231 -0
package/dist/commands/comment-drift.d.ts +4 -0
package/dist/commands/comment-drift.js +228 -0
package/dist/commands/commit-hygiene.d.ts +5 -0
package/dist/commands/commit-hygiene.js +175 -0
package/dist/commands/community-patterns.d.ts +1 -0
package/dist/commands/community-patterns.js +131 -0
package/dist/commands/compare-runs.d.ts +37 -0
package/dist/commands/compare-runs.js +228 -0
package/dist/commands/completion-audit.d.ts +4 -0
package/dist/commands/completion-audit.js +296 -0
package/dist/commands/completions.d.ts +1 -0
package/dist/commands/completions.js +257 -0
package/dist/commands/compliance-map.d.ts +8 -0
package/dist/commands/compliance-map.js +374 -0
package/dist/commands/compliance-report.d.ts +34 -0
package/dist/commands/compliance-report.js +161 -0
package/dist/commands/compliance-weight.d.ts +8 -0
package/dist/commands/compliance-weight.js +272 -0
package/dist/commands/config-drift.d.ts +24 -0
package/dist/commands/config-drift.js +213 -0
package/dist/commands/config-lint.d.ts +4 -0
package/dist/commands/config-lint.js +187 -0
package/dist/commands/config-migrate.d.ts +43 -0
package/dist/commands/config-migrate.js +240 -0
package/dist/commands/config-share.d.ts +95 -0
package/dist/commands/config-share.js +406 -0
package/dist/commands/context-blind.d.ts +4 -0
package/dist/commands/context-blind.js +272 -0
package/dist/commands/context-inject.d.ts +8 -0
package/dist/commands/context-inject.js +211 -0
package/dist/commands/contract-verify.d.ts +4 -0
package/dist/commands/contract-verify.js +316 -0
package/dist/commands/correlate.d.ts +27 -0
package/dist/commands/correlate.js +241 -0
package/dist/commands/cost-forecast.d.ts +18 -0
package/dist/commands/cost-forecast.js +193 -0
package/dist/commands/coverage-map.d.ts +22 -0
package/dist/commands/coverage-map.js +222 -0
package/dist/commands/coverage.d.ts +40 -0
package/dist/commands/coverage.js +147 -0
package/dist/commands/cross-file-consistency.d.ts +4 -0
package/dist/commands/cross-file-consistency.js +254 -0
package/dist/commands/cross-pr-regression.d.ts +8 -0
package/dist/commands/cross-pr-regression.js +297 -0
package/dist/commands/custom-rule.d.ts +4 -0
package/dist/commands/custom-rule.js +210 -0
package/dist/commands/dead-code-detect.d.ts +4 -0
package/dist/commands/dead-code-detect.js +255 -0
package/dist/commands/dedup-report.d.ts +12 -0
package/dist/commands/dedup-report.js +137 -0
package/dist/commands/dep-audit.d.ts +52 -0
package/dist/commands/dep-audit.js +277 -0
package/dist/commands/dep-correlate.d.ts +8 -0
package/dist/commands/dep-correlate.js +207 -0
package/dist/commands/deploy-readiness.d.ts +5 -0
package/dist/commands/deploy-readiness.js +211 -0
package/dist/commands/deprecated.d.ts +47 -0
package/dist/commands/deprecated.js +201 -0
package/dist/commands/deps.d.ts +5 -0
package/dist/commands/deps.js +122 -0
package/dist/commands/design-audit.d.ts +8 -0
package/dist/commands/design-audit.js +301 -0
package/dist/commands/dev-score.d.ts +36 -0
package/dist/commands/dev-score.js +203 -0
package/dist/commands/diff-explain.d.ts +4 -0
package/dist/commands/diff-explain.js +142 -0
package/dist/commands/diff-only.d.ts +33 -0
package/dist/commands/diff-only.js +151 -0
package/dist/commands/diff-review.d.ts +4 -0
package/dist/commands/diff-review.js +190 -0
package/dist/commands/diff.d.ts +6 -0
package/dist/commands/diff.js +449 -0
package/dist/commands/digest.d.ts +19 -0
package/dist/commands/digest.js +221 -0
package/dist/commands/doc-drift.d.ts +8 -0
package/dist/commands/doc-drift.js +258 -0
package/dist/commands/doc-gen.d.ts +7 -0
package/dist/commands/doc-gen.js +208 -0
package/dist/commands/docs.d.ts +1 -0
package/dist/commands/docs.js +156 -0
package/dist/commands/doctor.d.ts +55 -0
package/dist/commands/doctor.js +362 -0
package/dist/commands/encoding-safety.d.ts +4 -0
package/dist/commands/encoding-safety.js +275 -0
package/dist/commands/error-taxonomy.d.ts +5 -0
package/dist/commands/error-taxonomy.js +226 -0
package/dist/commands/error-ux.d.ts +4 -0
package/dist/commands/error-ux.js +252 -0
package/dist/commands/event-leak.d.ts +4 -0
package/dist/commands/event-leak.js +262 -0
package/dist/commands/evidence-chain.d.ts +4 -0
package/dist/commands/evidence-chain.js +309 -0
package/dist/commands/example-leak.d.ts +4 -0
package/dist/commands/example-leak.js +232 -0
package/dist/commands/exception-consistency.d.ts +6 -0
package/dist/commands/exception-consistency.js +192 -0
package/dist/commands/exec-report.d.ts +8 -0
package/dist/commands/exec-report.js +271 -0
package/dist/commands/explain-finding.d.ts +7 -0
package/dist/commands/explain-finding.js +278 -0
package/dist/commands/false-negatives.d.ts +34 -0
package/dist/commands/false-negatives.js +165 -0
package/dist/commands/feedback-rules.d.ts +28 -0
package/dist/commands/feedback-rules.js +173 -0
package/dist/commands/feedback.d.ts +182 -0
package/dist/commands/feedback.js +550 -0
package/dist/commands/finding-age-analysis.d.ts +4 -0
package/dist/commands/finding-age-analysis.js +144 -0
package/dist/commands/finding-age-report.d.ts +4 -0
package/dist/commands/finding-age-report.js +154 -0
package/dist/commands/finding-age-tracker.d.ts +7 -0
package/dist/commands/finding-age-tracker.js +152 -0
package/dist/commands/finding-age.d.ts +4 -0
package/dist/commands/finding-age.js +145 -0
package/dist/commands/finding-ancestry-trace.d.ts +1 -0
package/dist/commands/finding-ancestry-trace.js +69 -0
package/dist/commands/finding-annotation-export.d.ts +1 -0
package/dist/commands/finding-annotation-export.js +97 -0
package/dist/commands/finding-annotation-layer.d.ts +4 -0
package/dist/commands/finding-annotation-layer.js +128 -0
package/dist/commands/finding-auto-categorize.d.ts +1 -0
package/dist/commands/finding-auto-categorize.js +109 -0
package/dist/commands/finding-auto-fix-suggest.d.ts +1 -0
package/dist/commands/finding-auto-fix-suggest.js +76 -0
package/dist/commands/finding-auto-fix.d.ts +4 -0
package/dist/commands/finding-auto-fix.js +188 -0
package/dist/commands/finding-auto-group.d.ts +4 -0
package/dist/commands/finding-auto-group.js +108 -0
package/dist/commands/finding-auto-label.d.ts +4 -0
package/dist/commands/finding-auto-label.js +220 -0
package/dist/commands/finding-auto-priority.d.ts +1 -0
package/dist/commands/finding-auto-priority.js +100 -0
package/dist/commands/finding-auto-suppress.d.ts +4 -0
package/dist/commands/finding-auto-suppress.js +126 -0
package/dist/commands/finding-auto-tag.d.ts +4 -0
package/dist/commands/finding-auto-tag.js +113 -0
package/dist/commands/finding-auto-triage.d.ts +4 -0
package/dist/commands/finding-auto-triage.js +108 -0
package/dist/commands/finding-autofix-preview.d.ts +4 -0
package/dist/commands/finding-autofix-preview.js +86 -0
package/dist/commands/finding-batch-resolve.d.ts +4 -0
package/dist/commands/finding-batch-resolve.js +165 -0
package/dist/commands/finding-batch-suppress.d.ts +4 -0
package/dist/commands/finding-batch-suppress.js +85 -0
package/dist/commands/finding-batch-triage.d.ts +1 -0
package/dist/commands/finding-batch-triage.js +90 -0
package/dist/commands/finding-blast-radius.d.ts +4 -0
package/dist/commands/finding-blast-radius.js +91 -0
package/dist/commands/finding-budget.d.ts +4 -0
package/dist/commands/finding-budget.js +232 -0
package/dist/commands/finding-category-map.d.ts +4 -0
package/dist/commands/finding-category-map.js +103 -0
package/dist/commands/finding-category-stats.d.ts +4 -0
package/dist/commands/finding-category-stats.js +104 -0
package/dist/commands/finding-category.d.ts +4 -0
package/dist/commands/finding-category.js +109 -0
package/dist/commands/finding-change-impact.d.ts +4 -0
package/dist/commands/finding-change-impact.js +107 -0
package/dist/commands/finding-cluster-analysis.d.ts +4 -0
package/dist/commands/finding-cluster-analysis.js +133 -0
package/dist/commands/finding-cluster-group.d.ts +4 -0
package/dist/commands/finding-cluster-group.js +105 -0
package/dist/commands/finding-cluster-summary.d.ts +1 -0
package/dist/commands/finding-cluster-summary.js +85 -0
package/dist/commands/finding-cluster.d.ts +4 -0
package/dist/commands/finding-cluster.js +157 -0
package/dist/commands/finding-code-context.d.ts +4 -0
package/dist/commands/finding-code-context.js +96 -0
package/dist/commands/finding-code-smell.d.ts +4 -0
package/dist/commands/finding-code-smell.js +113 -0
package/dist/commands/finding-compare-runs.d.ts +4 -0
package/dist/commands/finding-compare-runs.js +105 -0
package/dist/commands/finding-compliance-tag.d.ts +1 -0
package/dist/commands/finding-compliance-tag.js +106 -0
package/dist/commands/finding-confidence-boost.d.ts +1 -0
package/dist/commands/finding-confidence-boost.js +88 -0
package/dist/commands/finding-confidence-calibrate.d.ts +4 -0
package/dist/commands/finding-confidence-calibrate.js +111 -0
package/dist/commands/finding-confidence-filter.d.ts +4 -0
package/dist/commands/finding-confidence-filter.js +77 -0
package/dist/commands/finding-contest.d.ts +7 -0
package/dist/commands/finding-contest.js +192 -0
package/dist/commands/finding-context-enrich.d.ts +4 -0
package/dist/commands/finding-context-enrich.js +89 -0
package/dist/commands/finding-context-expand.d.ts +4 -0
package/dist/commands/finding-context-expand.js +102 -0
package/dist/commands/finding-context-link.d.ts +1 -0
package/dist/commands/finding-context-link.js +94 -0
package/dist/commands/finding-context-summary.d.ts +1 -0
package/dist/commands/finding-context-summary.js +85 -0
package/dist/commands/finding-context-window.d.ts +4 -0
package/dist/commands/finding-context-window.js +126 -0
package/dist/commands/finding-context.d.ts +4 -0
package/dist/commands/finding-context.js +140 -0
package/dist/commands/finding-correlate.d.ts +4 -0
package/dist/commands/finding-correlate.js +88 -0
package/dist/commands/finding-correlation-map.d.ts +4 -0
package/dist/commands/finding-correlation-map.js +101 -0
package/dist/commands/finding-correlation.d.ts +4 -0
package/dist/commands/finding-correlation.js +103 -0
package/dist/commands/finding-cross-file-link.d.ts +1 -0
package/dist/commands/finding-cross-file-link.js +101 -0
package/dist/commands/finding-cross-ref.d.ts +4 -0
package/dist/commands/finding-cross-ref.js +98 -0
package/dist/commands/finding-cve-lookup.d.ts +4 -0
package/dist/commands/finding-cve-lookup.js +97 -0
package/dist/commands/finding-cwe-lookup.d.ts +4 -0
package/dist/commands/finding-cwe-lookup.js +148 -0
package/dist/commands/finding-cwe-map.d.ts +4 -0
package/dist/commands/finding-cwe-map.js +133 -0
package/dist/commands/finding-dedup-cross-file.d.ts +4 -0
package/dist/commands/finding-dedup-cross-file.js +95 -0
package/dist/commands/finding-dedup-cross.d.ts +4 -0
package/dist/commands/finding-dedup-cross.js +90 -0
package/dist/commands/finding-dedup-merge.d.ts +1 -0
package/dist/commands/finding-dedup-merge.js +107 -0
package/dist/commands/finding-dedup-report.d.ts +4 -0
package/dist/commands/finding-dedup-report.js +101 -0
package/dist/commands/finding-dedup-smart.d.ts +1 -0
package/dist/commands/finding-dedup-smart.js +109 -0
package/dist/commands/finding-deduplicate.d.ts +4 -0
package/dist/commands/finding-deduplicate.js +141 -0
package/dist/commands/finding-dependency-check.d.ts +4 -0
package/dist/commands/finding-dependency-check.js +119 -0
package/dist/commands/finding-dependency-impact.d.ts +1 -0
package/dist/commands/finding-dependency-impact.js +97 -0
package/dist/commands/finding-dependency-link.d.ts +4 -0
package/dist/commands/finding-dependency-link.js +73 -0
package/dist/commands/finding-dependency-risk.d.ts +4 -0
package/dist/commands/finding-dependency-risk.js +117 -0
package/dist/commands/finding-dependency-tree.d.ts +4 -0
package/dist/commands/finding-dependency-tree.js +116 -0
package/dist/commands/finding-diff-highlight.d.ts +4 -0
package/dist/commands/finding-diff-highlight.js +107 -0
package/dist/commands/finding-dismiss-workflow.d.ts +4 -0
package/dist/commands/finding-dismiss-workflow.js +119 -0
package/dist/commands/finding-duplicate-detect.d.ts +4 -0
package/dist/commands/finding-duplicate-detect.js +113 -0
package/dist/commands/finding-duplicate-rule.d.ts +4 -0
package/dist/commands/finding-duplicate-rule.js +103 -0
package/dist/commands/finding-effort-rank.d.ts +1 -0
package/dist/commands/finding-effort-rank.js +93 -0
package/dist/commands/finding-evidence-chain.d.ts +4 -0
package/dist/commands/finding-evidence-chain.js +147 -0
package/dist/commands/finding-evidence-collect.d.ts +4 -0
package/dist/commands/finding-evidence-collect.js +114 -0
package/dist/commands/finding-explain.d.ts +4 -0
package/dist/commands/finding-explain.js +93 -0
package/dist/commands/finding-export-csv.d.ts +4 -0
package/dist/commands/finding-export-csv.js +78 -0
package/dist/commands/finding-false-neg-check.d.ts +8 -0
package/dist/commands/finding-false-neg-check.js +139 -0
package/dist/commands/finding-false-positive-learn.d.ts +4 -0
package/dist/commands/finding-false-positive-learn.js +85 -0
package/dist/commands/finding-false-positive-log.d.ts +4 -0
package/dist/commands/finding-false-positive-log.js +150 -0
package/dist/commands/finding-false-positive.d.ts +4 -0
package/dist/commands/finding-false-positive.js +134 -0
package/dist/commands/finding-filter-view.d.ts +4 -0
package/dist/commands/finding-filter-view.js +107 -0
package/dist/commands/finding-fix-chain.d.ts +1 -0
package/dist/commands/finding-fix-chain.js +78 -0
package/dist/commands/finding-fix-estimate.d.ts +1 -0
package/dist/commands/finding-fix-estimate.js +95 -0
package/dist/commands/finding-fix-playbook.d.ts +1 -0
package/dist/commands/finding-fix-playbook.js +110 -0
package/dist/commands/finding-fix-priority.d.ts +4 -0
package/dist/commands/finding-fix-priority.js +98 -0
package/dist/commands/finding-fix-rate.d.ts +4 -0
package/dist/commands/finding-fix-rate.js +141 -0
package/dist/commands/finding-fix-suggest.d.ts +4 -0
package/dist/commands/finding-fix-suggest.js +88 -0
package/dist/commands/finding-fix-validation.d.ts +4 -0
package/dist/commands/finding-fix-validation.js +115 -0
package/dist/commands/finding-fix-verify.d.ts +4 -0
package/dist/commands/finding-fix-verify.js +198 -0
package/dist/commands/finding-group-by.d.ts +4 -0
package/dist/commands/finding-group-by.js +86 -0
package/dist/commands/finding-group.d.ts +15 -0
package/dist/commands/finding-group.js +164 -0
package/dist/commands/finding-groupby-file.d.ts +4 -0
package/dist/commands/finding-groupby-file.js +94 -0
package/dist/commands/finding-hotfix-suggest.d.ts +7 -0
package/dist/commands/finding-hotfix-suggest.js +170 -0
package/dist/commands/finding-hotspot-detect.d.ts +1 -0
package/dist/commands/finding-hotspot-detect.js +120 -0
package/dist/commands/finding-hotspot-map.d.ts +4 -0
package/dist/commands/finding-hotspot-map.js +106 -0
package/dist/commands/finding-hotspot.d.ts +4 -0
package/dist/commands/finding-hotspot.js +115 -0
package/dist/commands/finding-impact-radius.d.ts +1 -0
package/dist/commands/finding-impact-radius.js +94 -0
package/dist/commands/finding-impact-rank.d.ts +4 -0
package/dist/commands/finding-impact-rank.js +85 -0
package/dist/commands/finding-impact-score.d.ts +4 -0
package/dist/commands/finding-impact-score.js +123 -0
package/dist/commands/finding-impact.d.ts +4 -0
package/dist/commands/finding-impact.js +135 -0
package/dist/commands/finding-line-blame.d.ts +7 -0
package/dist/commands/finding-line-blame.js +129 -0
package/dist/commands/finding-link-graph.d.ts +4 -0
package/dist/commands/finding-link-graph.js +144 -0
package/dist/commands/finding-link.d.ts +4 -0
package/dist/commands/finding-link.js +128 -0
package/dist/commands/finding-merge-results.d.ts +4 -0
package/dist/commands/finding-merge-results.js +110 -0
package/dist/commands/finding-merge-strategy.d.ts +1 -0
package/dist/commands/finding-merge-strategy.js +84 -0
package/dist/commands/finding-metadata-enrich.d.ts +4 -0
package/dist/commands/finding-metadata-enrich.js +92 -0
package/dist/commands/finding-noise-filter.d.ts +7 -0
package/dist/commands/finding-noise-filter.js +140 -0
package/dist/commands/finding-noise-reduce.d.ts +1 -0
package/dist/commands/finding-noise-reduce.js +81 -0
package/dist/commands/finding-noise-score.d.ts +1 -0
package/dist/commands/finding-noise-score.js +93 -0
package/dist/commands/finding-owner-assign.d.ts +4 -0
package/dist/commands/finding-owner-assign.js +133 -0
package/dist/commands/finding-owner-notify.d.ts +1 -0
package/dist/commands/finding-owner-notify.js +121 -0
package/dist/commands/finding-ownership-assign.d.ts +4 -0
package/dist/commands/finding-ownership-assign.js +101 -0
package/dist/commands/finding-ownership-map.d.ts +4 -0
package/dist/commands/finding-ownership-map.js +118 -0
package/dist/commands/finding-patch-chain.d.ts +1 -0
package/dist/commands/finding-patch-chain.js +90 -0
package/dist/commands/finding-patch-preview.d.ts +4 -0
package/dist/commands/finding-patch-preview.js +103 -0
package/dist/commands/finding-pattern-detect.d.ts +4 -0
package/dist/commands/finding-pattern-detect.js +127 -0
package/dist/commands/finding-pattern-library.d.ts +4 -0
package/dist/commands/finding-pattern-library.js +145 -0
package/dist/commands/finding-pattern-match.d.ts +4 -0
package/dist/commands/finding-pattern-match.js +165 -0
package/dist/commands/finding-prioritize.d.ts +4 -0
package/dist/commands/finding-prioritize.js +119 -0
package/dist/commands/finding-priority-matrix.d.ts +4 -0
package/dist/commands/finding-priority-matrix.js +102 -0
package/dist/commands/finding-priority-queue.d.ts +4 -0
package/dist/commands/finding-priority-queue.js +131 -0
package/dist/commands/finding-priority-rank.d.ts +1 -0
package/dist/commands/finding-priority-rank.js +82 -0
package/dist/commands/finding-quality-gate.d.ts +4 -0
package/dist/commands/finding-quality-gate.js +107 -0
package/dist/commands/finding-rank.d.ts +4 -0
package/dist/commands/finding-rank.js +138 -0
package/dist/commands/finding-reachability-check.d.ts +4 -0
package/dist/commands/finding-reachability-check.js +102 -0
package/dist/commands/finding-reachability.d.ts +4 -0
package/dist/commands/finding-reachability.js +131 -0
package/dist/commands/finding-recurrence-check.d.ts +1 -0
package/dist/commands/finding-recurrence-check.js +103 -0
package/dist/commands/finding-recurrence-detect.d.ts +4 -0
package/dist/commands/finding-recurrence-detect.js +77 -0
package/dist/commands/finding-recurrence.d.ts +4 -0
package/dist/commands/finding-recurrence.js +135 -0
package/dist/commands/finding-regression-check.d.ts +4 -0
package/dist/commands/finding-regression-check.js +112 -0
package/dist/commands/finding-regression-detect.d.ts +1 -0
package/dist/commands/finding-regression-detect.js +86 -0
package/dist/commands/finding-related-rules.d.ts +4 -0
package/dist/commands/finding-related-rules.js +151 -0
package/dist/commands/finding-remediation-cost.d.ts +1 -0
package/dist/commands/finding-remediation-cost.js +79 -0
package/dist/commands/finding-remediation-plan.d.ts +4 -0
package/dist/commands/finding-remediation-plan.js +107 -0
package/dist/commands/finding-reopen-detect.d.ts +1 -0
package/dist/commands/finding-reopen-detect.js +77 -0
package/dist/commands/finding-repeat-detect.d.ts +1 -0
package/dist/commands/finding-repeat-detect.js +92 -0
package/dist/commands/finding-resolution-track.d.ts +4 -0
package/dist/commands/finding-resolution-track.js +150 -0
package/dist/commands/finding-resolution-tracker.d.ts +4 -0
package/dist/commands/finding-resolution-tracker.js +163 -0
package/dist/commands/finding-resolution-workflow.d.ts +1 -0
package/dist/commands/finding-resolution-workflow.js +91 -0
package/dist/commands/finding-resolution.d.ts +4 -0
package/dist/commands/finding-resolution.js +142 -0
package/dist/commands/finding-risk-label.d.ts +1 -0
package/dist/commands/finding-risk-label.js +72 -0
package/dist/commands/finding-risk-matrix.d.ts +4 -0
package/dist/commands/finding-risk-matrix.js +126 -0
package/dist/commands/finding-risk-score.d.ts +4 -0
package/dist/commands/finding-risk-score.js +95 -0
package/dist/commands/finding-root-cause.d.ts +4 -0
package/dist/commands/finding-root-cause.js +184 -0
package/dist/commands/finding-rule-explain.d.ts +4 -0
package/dist/commands/finding-rule-explain.js +140 -0
package/dist/commands/finding-scope-filter.d.ts +1 -0
package/dist/commands/finding-scope-filter.js +77 -0
package/dist/commands/finding-scope-impact.d.ts +1 -0
package/dist/commands/finding-scope-impact.js +83 -0
package/dist/commands/finding-search-index.d.ts +4 -0
package/dist/commands/finding-search-index.js +99 -0
package/dist/commands/finding-security-hotspot.d.ts +4 -0
package/dist/commands/finding-security-hotspot.js +175 -0
package/dist/commands/finding-severity-dist.d.ts +4 -0
package/dist/commands/finding-severity-dist.js +105 -0
package/dist/commands/finding-severity-drift.d.ts +4 -0
package/dist/commands/finding-severity-drift.js +92 -0
package/dist/commands/finding-severity-heatmap.d.ts +4 -0
package/dist/commands/finding-severity-heatmap.js +108 -0
package/dist/commands/finding-severity-histogram.d.ts +4 -0
package/dist/commands/finding-severity-histogram.js +66 -0
package/dist/commands/finding-severity-override.d.ts +4 -0
package/dist/commands/finding-severity-override.js +131 -0
package/dist/commands/finding-severity-rebalance.d.ts +1 -0
package/dist/commands/finding-severity-rebalance.js +108 -0
package/dist/commands/finding-severity-trend.d.ts +4 -0
package/dist/commands/finding-severity-trend.js +127 -0
package/dist/commands/finding-similar-match.d.ts +1 -0
package/dist/commands/finding-similar-match.js +112 -0
package/dist/commands/finding-snippet.d.ts +4 -0
package/dist/commands/finding-snippet.js +102 -0
package/dist/commands/finding-summary-digest.d.ts +7 -0
package/dist/commands/finding-summary-digest.js +145 -0
package/dist/commands/finding-suppress-pattern.d.ts +4 -0
package/dist/commands/finding-suppress-pattern.js +148 -0
package/dist/commands/finding-suppress.d.ts +4 -0
package/dist/commands/finding-suppress.js +164 -0
package/dist/commands/finding-suppression-audit.d.ts +4 -0
package/dist/commands/finding-suppression-audit.js +137 -0
package/dist/commands/finding-suppression-list.d.ts +4 -0
package/dist/commands/finding-suppression-list.js +119 -0
package/dist/commands/finding-suppression-log.d.ts +4 -0
package/dist/commands/finding-suppression-log.js +174 -0
package/dist/commands/finding-time-to-fix.d.ts +1 -0
package/dist/commands/finding-time-to-fix.js +98 -0
package/dist/commands/finding-timeline-view.d.ts +4 -0
package/dist/commands/finding-timeline-view.js +98 -0
package/dist/commands/finding-timeline.d.ts +4 -0
package/dist/commands/finding-timeline.js +143 -0
package/dist/commands/finding-top-offender.d.ts +1 -0
package/dist/commands/finding-top-offender.js +75 -0
package/dist/commands/finding-trace.d.ts +4 -0
package/dist/commands/finding-trace.js +118 -0
package/dist/commands/finding-trend-alert.d.ts +1 -0
package/dist/commands/finding-trend-alert.js +126 -0
package/dist/commands/finding-trend-analysis.d.ts +4 -0
package/dist/commands/finding-trend-analysis.js +95 -0
package/dist/commands/finding-trend-forecast.d.ts +4 -0
package/dist/commands/finding-trend-forecast.js +106 -0
package/dist/commands/finding-trend-report.d.ts +4 -0
package/dist/commands/finding-trend-report.js +107 -0
package/dist/commands/finding-trend.d.ts +4 -0
package/dist/commands/finding-trend.js +118 -0
package/dist/commands/fix-pr.d.ts +22 -0
package/dist/commands/fix-pr.js +286 -0
package/dist/commands/fix-suggest.d.ts +4 -0
package/dist/commands/fix-suggest.js +171 -0
package/dist/commands/fix-verify.d.ts +4 -0
package/dist/commands/fix-verify.js +123 -0
package/dist/commands/fix.d.ts +117 -0
package/dist/commands/fix.js +445 -0
package/dist/commands/focus-area.d.ts +5 -0
package/dist/commands/focus-area.js +192 -0
package/dist/commands/generate.d.ts +7 -0
package/dist/commands/generate.js +403 -0
package/dist/commands/governance.d.ts +31 -0
package/dist/commands/governance.js +202 -0
package/dist/commands/group-findings.d.ts +22 -0
package/dist/commands/group-findings.js +154 -0
package/dist/commands/guided-tour.d.ts +8 -0
package/dist/commands/guided-tour.js +287 -0
package/dist/commands/habit-tracker.d.ts +7 -0
package/dist/commands/habit-tracker.js +194 -0
package/dist/commands/hallucination-detect.d.ts +4 -0
package/dist/commands/hallucination-detect.js +350 -0
package/dist/commands/hallucination-score.d.ts +8 -0
package/dist/commands/hallucination-score.js +316 -0
package/dist/commands/help.d.ts +7 -0
package/dist/commands/help.js +302 -0
package/dist/commands/hook-install.d.ts +21 -0
package/dist/commands/hook-install.js +142 -0
package/dist/commands/hook.d.ts +8 -0
package/dist/commands/hook.js +145 -0
package/dist/commands/iac-lint.d.ts +7 -0
package/dist/commands/iac-lint.js +312 -0
package/dist/commands/idempotency-audit.d.ts +4 -0
package/dist/commands/idempotency-audit.js +222 -0
package/dist/commands/ignore-list.d.ts +18 -0
package/dist/commands/ignore-list.js +152 -0
package/dist/commands/impact-scan.d.ts +8 -0
package/dist/commands/impact-scan.js +281 -0
package/dist/commands/incident-response.d.ts +7 -0
package/dist/commands/incident-response.js +254 -0
package/dist/commands/incremental-review.d.ts +4 -0
package/dist/commands/incremental-review.js +236 -0
package/dist/commands/init.d.ts +10 -0
package/dist/commands/init.js +265 -0
package/dist/commands/input-guard.d.ts +4 -0
package/dist/commands/input-guard.js +255 -0
package/dist/commands/interactive-fix.d.ts +22 -0
package/dist/commands/interactive-fix.js +139 -0
package/dist/commands/judge-author.d.ts +7 -0
package/dist/commands/judge-author.js +260 -0
package/dist/commands/judge-config.d.ts +4 -0
package/dist/commands/judge-config.js +151 -0
package/dist/commands/judge-learn.d.ts +8 -0
package/dist/commands/judge-learn.js +217 -0
package/dist/commands/judge-reputation.d.ts +28 -0
package/dist/commands/judge-reputation.js +198 -0
package/dist/commands/kb.d.ts +40 -0
package/dist/commands/kb.js +228 -0
package/dist/commands/language-packs.d.ts +42 -0
package/dist/commands/language-packs.js +150 -0
package/dist/commands/learn.d.ts +26 -0
package/dist/commands/learn.js +288 -0
package/dist/commands/learning-path.d.ts +8 -0
package/dist/commands/learning-path.js +325 -0
package/dist/commands/license-scan.d.ts +8 -0
package/dist/commands/license-scan.js +183 -0
package/dist/commands/llm-benchmark-optimizer.d.ts +78 -0
package/dist/commands/llm-benchmark-optimizer.js +241 -0
package/dist/commands/llm-benchmark.d.ts +156 -0
package/dist/commands/llm-benchmark.js +670 -0
package/dist/commands/log-quality.d.ts +5 -0
package/dist/commands/log-quality.js +211 -0
package/dist/commands/logic-lint.d.ts +4 -0
package/dist/commands/logic-lint.js +255 -0
package/dist/commands/lsp.d.ts +23 -0
package/dist/commands/lsp.js +285 -0
package/dist/commands/merge-verdict.d.ts +4 -0
package/dist/commands/merge-verdict.js +287 -0
package/dist/commands/metrics-dashboard.d.ts +21 -0
package/dist/commands/metrics-dashboard.js +334 -0
package/dist/commands/metrics.d.ts +57 -0
package/dist/commands/metrics.js +241 -0
package/dist/commands/migration-safety.d.ts +5 -0
package/dist/commands/migration-safety.js +256 -0
package/dist/commands/model-report.d.ts +8 -0
package/dist/commands/model-report.js +194 -0
package/dist/commands/model-risk.d.ts +27 -0
package/dist/commands/model-risk.js +220 -0
package/dist/commands/monorepo.d.ts +37 -0
package/dist/commands/monorepo.js +232 -0
package/dist/commands/multi-lang-review.d.ts +4 -0
package/dist/commands/multi-lang-review.js +230 -0
package/dist/commands/noise-advisor.d.ts +29 -0
package/dist/commands/noise-advisor.js +170 -0
package/dist/commands/notify.d.ts +78 -0
package/dist/commands/notify.js +324 -0
package/dist/commands/null-safety-audit.d.ts +5 -0
package/dist/commands/null-safety-audit.js +221 -0
package/dist/commands/observability-gap.d.ts +5 -0
package/dist/commands/observability-gap.js +211 -0
package/dist/commands/onboard.d.ts +12 -0
package/dist/commands/onboard.js +178 -0
package/dist/commands/org-metrics.d.ts +23 -0
package/dist/commands/org-metrics.js +237 -0
package/dist/commands/org-policy.d.ts +7 -0
package/dist/commands/org-policy.js +207 -0
package/dist/commands/over-abstraction.d.ts +4 -0
package/dist/commands/over-abstraction.js +307 -0
package/dist/commands/override.d.ts +61 -0
package/dist/commands/override.js +268 -0
package/dist/commands/ownership-map.d.ts +5 -0
package/dist/commands/ownership-map.js +217 -0
package/dist/commands/parity.d.ts +30 -0
package/dist/commands/parity.js +212 -0
package/dist/commands/pattern-registry.d.ts +22 -0
package/dist/commands/pattern-registry.js +226 -0
package/dist/commands/perf-compare.d.ts +8 -0
package/dist/commands/perf-compare.js +245 -0
package/dist/commands/perf-hotspot.d.ts +7 -0
package/dist/commands/perf-hotspot.js +273 -0
package/dist/commands/phantom-import.d.ts +4 -0
package/dist/commands/phantom-import.js +260 -0
package/dist/commands/pii-scan.d.ts +7 -0
package/dist/commands/pii-scan.js +299 -0
package/dist/commands/plugin-search.d.ts +39 -0
package/dist/commands/plugin-search.js +327 -0
package/dist/commands/plugins.d.ts +12 -0
package/dist/commands/plugins.js +104 -0
package/dist/commands/policy-audit.d.ts +52 -0
package/dist/commands/policy-audit.js +160 -0
package/dist/commands/pr-quality-gate.d.ts +28 -0
package/dist/commands/pr-quality-gate.js +207 -0
package/dist/commands/pr-summary.d.ts +25 -0
package/dist/commands/pr-summary.js +187 -0
package/dist/commands/predict.d.ts +7 -0
package/dist/commands/predict.js +218 -0
package/dist/commands/privilege-path.d.ts +4 -0
package/dist/commands/privilege-path.js +233 -0
package/dist/commands/profile.d.ts +37 -0
package/dist/commands/profile.js +101 -0
package/dist/commands/prompt-replay.d.ts +7 -0
package/dist/commands/prompt-replay.js +176 -0
package/dist/commands/quality-gate.d.ts +69 -0
package/dist/commands/quality-gate.js +252 -0
package/dist/commands/query.d.ts +19 -0
package/dist/commands/query.js +229 -0
package/dist/commands/quick-check.d.ts +4 -0
package/dist/commands/quick-check.js +173 -0
package/dist/commands/recommend.d.ts +20 -0
package/dist/commands/recommend.js +282 -0
package/dist/commands/refactor-safety.d.ts +8 -0
package/dist/commands/refactor-safety.js +273 -0
package/dist/commands/reg-watch.d.ts +20 -0
package/dist/commands/reg-watch.js +219 -0
package/dist/commands/regression-alert.d.ts +31 -0
package/dist/commands/regression-alert.js +215 -0
package/dist/commands/remediation-lib.d.ts +8 -0
package/dist/commands/remediation-lib.js +265 -0
package/dist/commands/remediation.d.ts +20 -0
package/dist/commands/remediation.js +256 -0
package/dist/commands/report-template.d.ts +16 -0
package/dist/commands/report-template.js +290 -0
package/dist/commands/report.d.ts +12 -0
package/dist/commands/report.js +139 -0
package/dist/commands/resource-cleanup.d.ts +6 -0
package/dist/commands/resource-cleanup.js +235 -0
package/dist/commands/retro.d.ts +22 -0
package/dist/commands/retro.js +211 -0
package/dist/commands/retry-pattern-audit.d.ts +5 -0
package/dist/commands/retry-pattern-audit.js +215 -0
package/dist/commands/review-ab-test.d.ts +4 -0
package/dist/commands/review-ab-test.js +224 -0
package/dist/commands/review-access-log.d.ts +4 -0
package/dist/commands/review-access-log.js +65 -0
package/dist/commands/review-action-item-gen.d.ts +1 -0
package/dist/commands/review-action-item-gen.js +72 -0
package/dist/commands/review-adoption-metrics.d.ts +4 -0
package/dist/commands/review-adoption-metrics.js +95 -0
package/dist/commands/review-adoption-score.d.ts +1 -0
package/dist/commands/review-adoption-score.js +181 -0
package/dist/commands/review-ai-feedback-loop.d.ts +1 -0
package/dist/commands/review-ai-feedback-loop.js +116 -0
package/dist/commands/review-annotate.d.ts +4 -0
package/dist/commands/review-annotate.js +122 -0
package/dist/commands/review-annotation-export.d.ts +4 -0
package/dist/commands/review-annotation-export.js +105 -0
package/dist/commands/review-annotation.d.ts +4 -0
package/dist/commands/review-annotation.js +133 -0
package/dist/commands/review-api-export.d.ts +4 -0
package/dist/commands/review-api-export.js +98 -0
package/dist/commands/review-approval-criteria.d.ts +1 -0
package/dist/commands/review-approval-criteria.js +99 -0
package/dist/commands/review-approval-gate.d.ts +7 -0
package/dist/commands/review-approval-gate.js +190 -0
package/dist/commands/review-approval.d.ts +4 -0
package/dist/commands/review-approval.js +133 -0
package/dist/commands/review-archive-search.d.ts +4 -0
package/dist/commands/review-archive-search.js +70 -0
package/dist/commands/review-archive.d.ts +4 -0
package/dist/commands/review-archive.js +135 -0
package/dist/commands/review-audit-export.d.ts +4 -0
package/dist/commands/review-audit-export.js +93 -0
package/dist/commands/review-audit-log.d.ts +4 -0
package/dist/commands/review-audit-log.js +140 -0
package/dist/commands/review-audit-trail.d.ts +4 -0
package/dist/commands/review-audit-trail.js +96 -0
package/dist/commands/review-auto-merge.d.ts +4 -0
package/dist/commands/review-auto-merge.js +175 -0
package/dist/commands/review-badge.d.ts +4 -0
package/dist/commands/review-badge.js +152 -0
package/dist/commands/review-batch-files.d.ts +4 -0
package/dist/commands/review-batch-files.js +82 -0
package/dist/commands/review-batch-mode.d.ts +4 -0
package/dist/commands/review-batch-mode.js +97 -0
package/dist/commands/review-batch-run.d.ts +4 -0
package/dist/commands/review-batch-run.js +149 -0
package/dist/commands/review-benchmark-self.d.ts +4 -0
package/dist/commands/review-benchmark-self.js +140 -0
package/dist/commands/review-blame-map.d.ts +4 -0
package/dist/commands/review-blame-map.js +100 -0
package/dist/commands/review-branch-compare.d.ts +4 -0
package/dist/commands/review-branch-compare.js +108 -0
package/dist/commands/review-branch-policy.d.ts +4 -0
package/dist/commands/review-branch-policy.js +102 -0
package/dist/commands/review-bulk-action.d.ts +4 -0
package/dist/commands/review-bulk-action.js +109 -0
package/dist/commands/review-bulk-apply.d.ts +4 -0
package/dist/commands/review-bulk-apply.js +102 -0
package/dist/commands/review-cache-clear.d.ts +4 -0
package/dist/commands/review-cache-clear.js +160 -0
package/dist/commands/review-cache-warm.d.ts +4 -0
package/dist/commands/review-cache-warm.js +70 -0
package/dist/commands/review-cache.d.ts +22 -0
package/dist/commands/review-cache.js +134 -0
package/dist/commands/review-changelog-entry.d.ts +7 -0
package/dist/commands/review-changelog-entry.js +109 -0
package/dist/commands/review-changelog-gen.d.ts +4 -0
package/dist/commands/review-changelog-gen.js +117 -0
package/dist/commands/review-changelog-impact.d.ts +1 -0
package/dist/commands/review-changelog-impact.js +89 -0
package/dist/commands/review-checklist.d.ts +4 -0
package/dist/commands/review-checklist.js +144 -0
package/dist/commands/review-checkpoint.d.ts +4 -0
package/dist/commands/review-checkpoint.js +163 -0
package/dist/commands/review-ci-gate.d.ts +4 -0
package/dist/commands/review-ci-gate.js +114 -0
package/dist/commands/review-ci-insight.d.ts +1 -0
package/dist/commands/review-ci-insight.js +100 -0
package/dist/commands/review-ci-integration.d.ts +4 -0
package/dist/commands/review-ci-integration.js +125 -0
package/dist/commands/review-ci-status.d.ts +4 -0
package/dist/commands/review-ci-status.js +200 -0
package/dist/commands/review-cicd-integrate.d.ts +4 -0
package/dist/commands/review-cicd-integrate.js +122 -0
package/dist/commands/review-code-health-score.d.ts +1 -0
package/dist/commands/review-code-health-score.js +100 -0
package/dist/commands/review-code-owner.d.ts +7 -0
package/dist/commands/review-code-owner.js +164 -0
package/dist/commands/review-code-ownership.d.ts +1 -0
package/dist/commands/review-code-ownership.js +88 -0
package/dist/commands/review-comment.d.ts +4 -0
package/dist/commands/review-comment.js +165 -0
package/dist/commands/review-commit-hook.d.ts +7 -0
package/dist/commands/review-commit-hook.js +134 -0
package/dist/commands/review-commit-quality.d.ts +1 -0
package/dist/commands/review-commit-quality.js +94 -0
package/dist/commands/review-comparative.d.ts +4 -0
package/dist/commands/review-comparative.js +149 -0
package/dist/commands/review-compare-version.d.ts +4 -0
package/dist/commands/review-compare-version.js +108 -0
package/dist/commands/review-compare.d.ts +4 -0
package/dist/commands/review-compare.js +200 -0
package/dist/commands/review-compliance-check.d.ts +4 -0
package/dist/commands/review-compliance-check.js +202 -0
package/dist/commands/review-compliance-gate.d.ts +4 -0
package/dist/commands/review-compliance-gate.js +151 -0
package/dist/commands/review-compliance-map.d.ts +4 -0
package/dist/commands/review-compliance-map.js +110 -0
package/dist/commands/review-compliance-report.d.ts +4 -0
package/dist/commands/review-compliance-report.js +127 -0
package/dist/commands/review-confidence-explain.d.ts +1 -0
package/dist/commands/review-confidence-explain.js +99 -0
package/dist/commands/review-config-diff.d.ts +4 -0
package/dist/commands/review-config-diff.js +108 -0
package/dist/commands/review-config-export.d.ts +4 -0
package/dist/commands/review-config-export.js +124 -0
package/dist/commands/review-config-health.d.ts +1 -0
package/dist/commands/review-config-health.js +172 -0
package/dist/commands/review-config-migrate.d.ts +4 -0
package/dist/commands/review-config-migrate.js +123 -0
package/dist/commands/review-config-template.d.ts +4 -0
package/dist/commands/review-config-template.js +112 -0
package/dist/commands/review-config-validate.d.ts +4 -0
package/dist/commands/review-config-validate.js +110 -0
package/dist/commands/review-contract.d.ts +4 -0
package/dist/commands/review-contract.js +199 -0
package/dist/commands/review-coverage-gap.d.ts +4 -0
package/dist/commands/review-coverage-gap.js +120 -0
package/dist/commands/review-coverage-map.d.ts +4 -0
package/dist/commands/review-coverage-map.js +194 -0
package/dist/commands/review-custom-judge-config.d.ts +4 -0
package/dist/commands/review-custom-judge-config.js +103 -0
package/dist/commands/review-custom-judge.d.ts +4 -0
package/dist/commands/review-custom-judge.js +182 -0
package/dist/commands/review-custom-prompt.d.ts +4 -0
package/dist/commands/review-custom-prompt.js +170 -0
package/dist/commands/review-custom-rule.d.ts +4 -0
package/dist/commands/review-custom-rule.js +169 -0
package/dist/commands/review-dashboard-data.d.ts +4 -0
package/dist/commands/review-dashboard-data.js +142 -0
package/dist/commands/review-dashboard.d.ts +4 -0
package/dist/commands/review-dashboard.js +140 -0
package/dist/commands/review-data-retention.d.ts +4 -0
package/dist/commands/review-data-retention.js +119 -0
package/dist/commands/review-dependency-graph.d.ts +4 -0
package/dist/commands/review-dependency-graph.js +94 -0
package/dist/commands/review-dependency-review.d.ts +1 -0
package/dist/commands/review-dependency-review.js +104 -0
package/dist/commands/review-deployment-gate.d.ts +4 -0
package/dist/commands/review-deployment-gate.js +94 -0
package/dist/commands/review-depth.d.ts +4 -0
package/dist/commands/review-depth.js +142 -0
package/dist/commands/review-diff-annotate.d.ts +4 -0
package/dist/commands/review-diff-annotate.js +104 -0
package/dist/commands/review-diff-context.d.ts +4 -0
package/dist/commands/review-diff-context.js +158 -0
package/dist/commands/review-diff-highlight.d.ts +4 -0
package/dist/commands/review-diff-highlight.js +179 -0
package/dist/commands/review-diff-stats.d.ts +4 -0
package/dist/commands/review-diff-stats.js +90 -0
package/dist/commands/review-diff-summary.d.ts +4 -0
package/dist/commands/review-diff-summary.js +154 -0
package/dist/commands/review-digest-gen.d.ts +1 -0
package/dist/commands/review-digest-gen.js +100 -0
package/dist/commands/review-digest.d.ts +4 -0
package/dist/commands/review-digest.js +265 -0
package/dist/commands/review-dry-run.d.ts +4 -0
package/dist/commands/review-dry-run.js +120 -0
package/dist/commands/review-engagement-score.d.ts +1 -0
package/dist/commands/review-engagement-score.js +111 -0
package/dist/commands/review-env-check.d.ts +4 -0
package/dist/commands/review-env-check.js +115 -0
package/dist/commands/review-environment-config.d.ts +4 -0
package/dist/commands/review-environment-config.js +102 -0
package/dist/commands/review-escalation-path.d.ts +1 -0
package/dist/commands/review-escalation-path.js +86 -0
package/dist/commands/review-exclude-vendor.d.ts +4 -0
package/dist/commands/review-exclude-vendor.js +158 -0
package/dist/commands/review-explain.d.ts +5 -0
package/dist/commands/review-explain.js +194 -0
package/dist/commands/review-export-pdf.d.ts +7 -0
package/dist/commands/review-export-pdf.js +131 -0
package/dist/commands/review-export.d.ts +4 -0
package/dist/commands/review-export.js +179 -0
package/dist/commands/review-feedback-loop.d.ts +4 -0
package/dist/commands/review-feedback-loop.js +113 -0
package/dist/commands/review-feedback-summary.d.ts +1 -0
package/dist/commands/review-feedback-summary.js +130 -0
package/dist/commands/review-feedback.d.ts +4 -0
package/dist/commands/review-feedback.js +145 -0
package/dist/commands/review-file-complexity.d.ts +4 -0
package/dist/commands/review-file-complexity.js +137 -0
package/dist/commands/review-file-filter.d.ts +4 -0
package/dist/commands/review-file-filter.js +121 -0
package/dist/commands/review-file-stats.d.ts +4 -0
package/dist/commands/review-file-stats.js +130 -0
package/dist/commands/review-filter.d.ts +4 -0
package/dist/commands/review-filter.js +161 -0
package/dist/commands/review-finding-link.d.ts +7 -0
package/dist/commands/review-finding-link.js +115 -0
package/dist/commands/review-focus-area.d.ts +1 -0
package/dist/commands/review-focus-area.js +96 -0
package/dist/commands/review-focus.d.ts +4 -0
package/dist/commands/review-focus.js +196 -0
package/dist/commands/review-gate-config.d.ts +4 -0
package/dist/commands/review-gate-config.js +153 -0
package/dist/commands/review-gate.d.ts +4 -0
package/dist/commands/review-gate.js +212 -0
package/dist/commands/review-goal-track.d.ts +1 -0
package/dist/commands/review-goal-track.js +123 -0
package/dist/commands/review-guardrail.d.ts +4 -0
package/dist/commands/review-guardrail.js +155 -0
package/dist/commands/review-handoff.d.ts +4 -0
package/dist/commands/review-handoff.js +208 -0
package/dist/commands/review-health-check.d.ts +4 -0
package/dist/commands/review-health-check.js +148 -0
package/dist/commands/review-health-trend.d.ts +1 -0
package/dist/commands/review-health-trend.js +107 -0
package/dist/commands/review-history-compare.d.ts +4 -0
package/dist/commands/review-history-compare.js +93 -0
package/dist/commands/review-history-search.d.ts +4 -0
package/dist/commands/review-history-search.js +214 -0
package/dist/commands/review-ide-sync.d.ts +4 -0
package/dist/commands/review-ide-sync.js +91 -0
package/dist/commands/review-ignore-path.d.ts +4 -0
package/dist/commands/review-ignore-path.js +147 -0
package/dist/commands/review-ignore-pattern.d.ts +5 -0
package/dist/commands/review-ignore-pattern.js +138 -0
package/dist/commands/review-incident-link.d.ts +4 -0
package/dist/commands/review-incident-link.js +93 -0
package/dist/commands/review-incremental.d.ts +4 -0
package/dist/commands/review-incremental.js +128 -0
package/dist/commands/review-integration-health.d.ts +4 -0
package/dist/commands/review-integration-health.js +84 -0
package/dist/commands/review-integration-test.d.ts +4 -0
package/dist/commands/review-integration-test.js +145 -0
package/dist/commands/review-integration.d.ts +4 -0
package/dist/commands/review-integration.js +236 -0
package/dist/commands/review-interactive.d.ts +4 -0
package/dist/commands/review-interactive.js +85 -0
package/dist/commands/review-knowledge-capture.d.ts +1 -0
package/dist/commands/review-knowledge-capture.js +94 -0
package/dist/commands/review-language-profile.d.ts +4 -0
package/dist/commands/review-language-profile.js +72 -0
package/dist/commands/review-language-stats.d.ts +4 -0
package/dist/commands/review-language-stats.js +152 -0
package/dist/commands/review-lock-file.d.ts +4 -0
package/dist/commands/review-lock-file.js +153 -0
package/dist/commands/review-lock.d.ts +4 -0
package/dist/commands/review-lock.js +107 -0
package/dist/commands/review-log.d.ts +22 -0
package/dist/commands/review-log.js +164 -0
package/dist/commands/review-mentor-suggest.d.ts +1 -0
package/dist/commands/review-mentor-suggest.js +112 -0
package/dist/commands/review-merge-check.d.ts +4 -0
package/dist/commands/review-merge-check.js +101 -0
package/dist/commands/review-merge-config.d.ts +4 -0
package/dist/commands/review-merge-config.js +119 -0
package/dist/commands/review-merge-readiness.d.ts +1 -0
package/dist/commands/review-merge-readiness.js +90 -0
package/dist/commands/review-merge-request.d.ts +4 -0
package/dist/commands/review-merge-request.js +95 -0
package/dist/commands/review-merge.d.ts +4 -0
package/dist/commands/review-merge.js +145 -0
package/dist/commands/review-metric-export.d.ts +4 -0
package/dist/commands/review-metric-export.js +62 -0
package/dist/commands/review-milestone.d.ts +4 -0
package/dist/commands/review-milestone.js +136 -0
package/dist/commands/review-multi-repo-sync.d.ts +4 -0
package/dist/commands/review-multi-repo-sync.js +115 -0
package/dist/commands/review-multi-repo.d.ts +4 -0
package/dist/commands/review-multi-repo.js +145 -0
package/dist/commands/review-note.d.ts +4 -0
package/dist/commands/review-note.js +104 -0
package/dist/commands/review-notification-config.d.ts +4 -0
package/dist/commands/review-notification-config.js +122 -0
package/dist/commands/review-notification-digest.d.ts +4 -0
package/dist/commands/review-notification-digest.js +64 -0
package/dist/commands/review-notification.d.ts +4 -0
package/dist/commands/review-notification.js +126 -0
package/dist/commands/review-notify.d.ts +4 -0
package/dist/commands/review-notify.js +143 -0
package/dist/commands/review-offline.d.ts +4 -0
package/dist/commands/review-offline.js +125 -0
package/dist/commands/review-onboard-checklist.d.ts +4 -0
package/dist/commands/review-onboard-checklist.js +119 -0
package/dist/commands/review-onboard-wizard.d.ts +4 -0
package/dist/commands/review-onboard-wizard.js +92 -0
package/dist/commands/review-onboard.d.ts +4 -0
package/dist/commands/review-onboard.js +154 -0
package/dist/commands/review-onboarding-check.d.ts +1 -0
package/dist/commands/review-onboarding-check.js +93 -0
package/dist/commands/review-org-dashboard.d.ts +4 -0
package/dist/commands/review-org-dashboard.js +68 -0
package/dist/commands/review-output-filter.d.ts +4 -0
package/dist/commands/review-output-filter.js +112 -0
package/dist/commands/review-output-format.d.ts +4 -0
package/dist/commands/review-output-format.js +144 -0
package/dist/commands/review-output-transform.d.ts +4 -0
package/dist/commands/review-output-transform.js +119 -0
package/dist/commands/review-owner.d.ts +4 -0
package/dist/commands/review-owner.js +129 -0
package/dist/commands/review-parallel-diff.d.ts +4 -0
package/dist/commands/review-parallel-diff.js +146 -0
package/dist/commands/review-parallel-files.d.ts +7 -0
package/dist/commands/review-parallel-files.js +134 -0
package/dist/commands/review-parallel-run.d.ts +4 -0
package/dist/commands/review-parallel-run.js +116 -0
package/dist/commands/review-parallel.d.ts +4 -0
package/dist/commands/review-parallel.js +164 -0
package/dist/commands/review-perf-profile.d.ts +4 -0
package/dist/commands/review-perf-profile.js +98 -0
package/dist/commands/review-permission-model.d.ts +4 -0
package/dist/commands/review-permission-model.js +149 -0
package/dist/commands/review-pipeline-status.d.ts +4 -0
package/dist/commands/review-pipeline-status.js +54 -0
package/dist/commands/review-plugin-config.d.ts +4 -0
package/dist/commands/review-plugin-config.js +167 -0
package/dist/commands/review-plugin-list.d.ts +4 -0
package/dist/commands/review-plugin-list.js +99 -0
package/dist/commands/review-plugin-manage.d.ts +4 -0
package/dist/commands/review-plugin-manage.js +137 -0
package/dist/commands/review-plugin-status.d.ts +4 -0
package/dist/commands/review-plugin-status.js +53 -0
package/dist/commands/review-policy-enforce.d.ts +1 -0
package/dist/commands/review-policy-enforce.js +92 -0
package/dist/commands/review-policy-engine.d.ts +4 -0
package/dist/commands/review-policy-engine.js +135 -0
package/dist/commands/review-pr-comment-gen.d.ts +4 -0
package/dist/commands/review-pr-comment-gen.js +62 -0
package/dist/commands/review-pr-comment.d.ts +4 -0
package/dist/commands/review-pr-comment.js +106 -0
package/dist/commands/review-pr-label-suggest.d.ts +1 -0
package/dist/commands/review-pr-label-suggest.js +77 -0
package/dist/commands/review-pr-size-check.d.ts +1 -0
package/dist/commands/review-pr-size-check.js +98 -0
package/dist/commands/review-pr-template.d.ts +4 -0
package/dist/commands/review-pr-template.js +104 -0
package/dist/commands/review-preset-save.d.ts +4 -0
package/dist/commands/review-preset-save.js +159 -0
package/dist/commands/review-priority.d.ts +4 -0
package/dist/commands/review-priority.js +157 -0
package/dist/commands/review-profile.d.ts +4 -0
package/dist/commands/review-profile.js +168 -0
package/dist/commands/review-progress-bar.d.ts +4 -0
package/dist/commands/review-progress-bar.js +157 -0
package/dist/commands/review-progress-report.d.ts +1 -0
package/dist/commands/review-progress-report.js +95 -0
package/dist/commands/review-progress-track.d.ts +4 -0
package/dist/commands/review-progress-track.js +94 -0
package/dist/commands/review-quality-baseline.d.ts +1 -0
package/dist/commands/review-quality-baseline.js +134 -0
package/dist/commands/review-quality-gate.d.ts +1 -0
package/dist/commands/review-quality-gate.js +86 -0
package/dist/commands/review-quality-score.d.ts +4 -0
package/dist/commands/review-quality-score.js +127 -0
package/dist/commands/review-quality-trend.d.ts +4 -0
package/dist/commands/review-quality-trend.js +57 -0
package/dist/commands/review-queue.d.ts +33 -0
package/dist/commands/review-queue.js +225 -0
package/dist/commands/review-quickstart.d.ts +4 -0
package/dist/commands/review-quickstart.js +107 -0
package/dist/commands/review-quota-check.d.ts +4 -0
package/dist/commands/review-quota-check.js +97 -0
package/dist/commands/review-quota.d.ts +4 -0
package/dist/commands/review-quota.js +126 -0
package/dist/commands/review-rate-limit.d.ts +4 -0
package/dist/commands/review-rate-limit.js +130 -0
package/dist/commands/review-readiness-check.d.ts +1 -0
package/dist/commands/review-readiness-check.js +98 -0
package/dist/commands/review-receipt.d.ts +4 -0
package/dist/commands/review-receipt.js +220 -0
package/dist/commands/review-release-gate.d.ts +1 -0
package/dist/commands/review-release-gate.js +81 -0
package/dist/commands/review-replay.d.ts +8 -0
package/dist/commands/review-replay.js +264 -0
package/dist/commands/review-repo-onboard.d.ts +4 -0
package/dist/commands/review-repo-onboard.js +114 -0
package/dist/commands/review-report-archive.d.ts +4 -0
package/dist/commands/review-report-archive.js +100 -0
package/dist/commands/review-report-merge.d.ts +4 -0
package/dist/commands/review-report-merge.js +90 -0
package/dist/commands/review-report-pdf.d.ts +4 -0
package/dist/commands/review-report-pdf.js +163 -0
package/dist/commands/review-report-schedule.d.ts +4 -0
package/dist/commands/review-report-schedule.js +96 -0
package/dist/commands/review-retrospective.d.ts +1 -0
package/dist/commands/review-retrospective.js +118 -0
package/dist/commands/review-retry.d.ts +4 -0
package/dist/commands/review-retry.js +91 -0
package/dist/commands/review-review-cadence.d.ts +1 -0
package/dist/commands/review-review-cadence.js +85 -0
package/dist/commands/review-review-comments.d.ts +4 -0
package/dist/commands/review-review-comments.js +84 -0
package/dist/commands/review-reviewer-match.d.ts +1 -0
package/dist/commands/review-reviewer-match.js +108 -0
package/dist/commands/review-risk-matrix.d.ts +1 -0
package/dist/commands/review-risk-matrix.js +96 -0
package/dist/commands/review-risk-score.d.ts +4 -0
package/dist/commands/review-risk-score.js +156 -0
package/dist/commands/review-role-assignment.d.ts +4 -0
package/dist/commands/review-role-assignment.js +98 -0
package/dist/commands/review-rollback.d.ts +4 -0
package/dist/commands/review-rollback.js +171 -0
package/dist/commands/review-rollout-plan.d.ts +4 -0
package/dist/commands/review-rollout-plan.js +123 -0
package/dist/commands/review-rule-filter.d.ts +4 -0
package/dist/commands/review-rule-filter.js +116 -0
package/dist/commands/review-rule-stats.d.ts +4 -0
package/dist/commands/review-rule-stats.js +161 -0
package/dist/commands/review-sandbox.d.ts +4 -0
package/dist/commands/review-sandbox.js +191 -0
package/dist/commands/review-schedule.d.ts +4 -0
package/dist/commands/review-schedule.js +169 -0
package/dist/commands/review-scope-limit.d.ts +4 -0
package/dist/commands/review-scope-limit.js +100 -0
package/dist/commands/review-scope-lock.d.ts +7 -0
package/dist/commands/review-scope-lock.js +138 -0
package/dist/commands/review-scope-select.d.ts +4 -0
package/dist/commands/review-scope-select.js +98 -0
package/dist/commands/review-scope-suggest.d.ts +1 -0
package/dist/commands/review-scope-suggest.js +112 -0
package/dist/commands/review-scope.d.ts +4 -0
package/dist/commands/review-scope.js +197 -0
package/dist/commands/review-score-history.d.ts +4 -0
package/dist/commands/review-score-history.js +137 -0
package/dist/commands/review-security-posture.d.ts +1 -0
package/dist/commands/review-security-posture.js +105 -0
package/dist/commands/review-session-replay.d.ts +4 -0
package/dist/commands/review-session-replay.js +81 -0
package/dist/commands/review-session-save.d.ts +4 -0
package/dist/commands/review-session-save.js +173 -0
package/dist/commands/review-session.d.ts +4 -0
package/dist/commands/review-session.js +150 -0
package/dist/commands/review-skip-list.d.ts +4 -0
package/dist/commands/review-skip-list.js +135 -0
package/dist/commands/review-skip-rule.d.ts +4 -0
package/dist/commands/review-skip-rule.js +105 -0
package/dist/commands/review-sla-config.d.ts +4 -0
package/dist/commands/review-sla-config.js +88 -0
package/dist/commands/review-slack-format.d.ts +4 -0
package/dist/commands/review-slack-format.js +113 -0
package/dist/commands/review-snapshot-diff.d.ts +4 -0
package/dist/commands/review-snapshot-diff.js +100 -0
package/dist/commands/review-sprint-plan.d.ts +1 -0
package/dist/commands/review-sprint-plan.js +79 -0
package/dist/commands/review-stakeholder-notify.d.ts +1 -0
package/dist/commands/review-stakeholder-notify.js +134 -0
package/dist/commands/review-stakeholder-report.d.ts +4 -0
package/dist/commands/review-stakeholder-report.js +75 -0
package/dist/commands/review-stale-finding-clean.d.ts +1 -0
package/dist/commands/review-stale-finding-clean.js +81 -0
package/dist/commands/review-standup.d.ts +4 -0
package/dist/commands/review-standup.js +95 -0
package/dist/commands/review-stats.d.ts +4 -0
package/dist/commands/review-stats.js +175 -0
package/dist/commands/review-status-badge.d.ts +4 -0
package/dist/commands/review-status-badge.js +120 -0
package/dist/commands/review-streak.d.ts +4 -0
package/dist/commands/review-streak.js +150 -0
package/dist/commands/review-summary-dashboard.d.ts +4 -0
package/dist/commands/review-summary-dashboard.js +96 -0
package/dist/commands/review-summary-email.d.ts +4 -0
package/dist/commands/review-summary-email.js +102 -0
package/dist/commands/review-summary.d.ts +4 -0
package/dist/commands/review-summary.js +174 -0
package/dist/commands/review-tag-manager.d.ts +4 -0
package/dist/commands/review-tag-manager.js +128 -0
package/dist/commands/review-tag.d.ts +4 -0
package/dist/commands/review-tag.js +136 -0
package/dist/commands/review-team-analytics.d.ts +1 -0
package/dist/commands/review-team-analytics.js +94 -0
package/dist/commands/review-team-assign.d.ts +7 -0
package/dist/commands/review-team-assign.js +211 -0
package/dist/commands/review-team-coverage.d.ts +1 -0
package/dist/commands/review-team-coverage.js +95 -0
package/dist/commands/review-team-dashboard.d.ts +4 -0
package/dist/commands/review-team-dashboard.js +98 -0
package/dist/commands/review-team-rotation.d.ts +1 -0
package/dist/commands/review-team-rotation.js +99 -0
package/dist/commands/review-team-skill-map.d.ts +1 -0
package/dist/commands/review-team-skill-map.js +102 -0
package/dist/commands/review-team-stats.d.ts +4 -0
package/dist/commands/review-team-stats.js +97 -0
package/dist/commands/review-team-summary.d.ts +4 -0
package/dist/commands/review-team-summary.js +155 -0
package/dist/commands/review-team-velocity.d.ts +1 -0
package/dist/commands/review-team-velocity.js +103 -0
package/dist/commands/review-template-export.d.ts +4 -0
package/dist/commands/review-template-export.js +146 -0
package/dist/commands/review-template-library.d.ts +4 -0
package/dist/commands/review-template-library.js +155 -0
package/dist/commands/review-template-suggest.d.ts +1 -0
package/dist/commands/review-template-suggest.js +119 -0
package/dist/commands/review-template.d.ts +4 -0
package/dist/commands/review-template.js +212 -0
package/dist/commands/review-tenant-config.d.ts +4 -0
package/dist/commands/review-tenant-config.js +116 -0
package/dist/commands/review-threshold-tune.d.ts +4 -0
package/dist/commands/review-threshold-tune.js +135 -0
package/dist/commands/review-timeline.d.ts +4 -0
package/dist/commands/review-timeline.js +76 -0
package/dist/commands/review-token-budget.d.ts +4 -0
package/dist/commands/review-token-budget.js +117 -0
package/dist/commands/review-velocity-track.d.ts +1 -0
package/dist/commands/review-velocity-track.js +94 -0
package/dist/commands/review-watch-mode.d.ts +7 -0
package/dist/commands/review-watch-mode.js +132 -0
package/dist/commands/review-webhook-dispatch.d.ts +4 -0
package/dist/commands/review-webhook-dispatch.js +99 -0
package/dist/commands/review-webhook-notify.d.ts +4 -0
package/dist/commands/review-webhook-notify.js +145 -0
package/dist/commands/review-webhook.d.ts +4 -0
package/dist/commands/review-webhook.js +140 -0
package/dist/commands/review-whitelist.d.ts +4 -0
package/dist/commands/review-whitelist.js +150 -0
package/dist/commands/review-workflow-suggest.d.ts +1 -0
package/dist/commands/review-workflow-suggest.js +129 -0
package/dist/commands/review-workload-balance.d.ts +1 -0
package/dist/commands/review-workload-balance.js +86 -0
package/dist/commands/review-workspace-init.d.ts +4 -0
package/dist/commands/review-workspace-init.js +104 -0
package/dist/commands/review-workspace-scan.d.ts +4 -0
package/dist/commands/review-workspace-scan.js +144 -0
package/dist/commands/review.d.ts +155 -0
package/dist/commands/review.js +1114 -0
package/dist/commands/risk-heatmap.d.ts +7 -0
package/dist/commands/risk-heatmap.js +223 -0
package/dist/commands/rollback-safety.d.ts +4 -0
package/dist/commands/rollback-safety.js +191 -0
package/dist/commands/rule-catalog.d.ts +4 -0
package/dist/commands/rule-catalog.js +128 -0
package/dist/commands/rule-metrics.d.ts +43 -0
package/dist/commands/rule-metrics.js +113 -0
package/dist/commands/rule-owner.d.ts +30 -0
package/dist/commands/rule-owner.js +181 -0
package/dist/commands/rule-share.d.ts +34 -0
package/dist/commands/rule-share.js +202 -0
package/dist/commands/rule-test.d.ts +4 -0
package/dist/commands/rule-test.js +201 -0
package/dist/commands/rule.d.ts +114 -0
package/dist/commands/rule.js +295 -0
package/dist/commands/sbom-export.d.ts +7 -0
package/dist/commands/sbom-export.js +161 -0
package/dist/commands/scaffold-plugin.d.ts +15 -0
package/dist/commands/scaffold-plugin.js +270 -0
package/dist/commands/secret-age.d.ts +5 -0
package/dist/commands/secret-age.js +214 -0
package/dist/commands/secret-scan.d.ts +7 -0
package/dist/commands/secret-scan.js +244 -0
package/dist/commands/security-maturity.d.ts +7 -0
package/dist/commands/security-maturity.js +312 -0
package/dist/commands/security-theater.d.ts +4 -0
package/dist/commands/security-theater.js +278 -0
package/dist/commands/setup-wizard.d.ts +4 -0
package/dist/commands/setup-wizard.js +174 -0
package/dist/commands/severity-tune.d.ts +4 -0
package/dist/commands/severity-tune.js +208 -0
package/dist/commands/sla-track.d.ts +56 -0
package/dist/commands/sla-track.js +268 -0
package/dist/commands/smart-output.d.ts +38 -0
package/dist/commands/smart-output.js +175 -0
package/dist/commands/smart-select.d.ts +26 -0
package/dist/commands/smart-select.js +345 -0
package/dist/commands/snapshot.d.ts +139 -0
package/dist/commands/snapshot.js +478 -0
package/dist/commands/snippet-eval.d.ts +7 -0
package/dist/commands/snippet-eval.js +223 -0
package/dist/commands/spec-conform.d.ts +4 -0
package/dist/commands/spec-conform.js +304 -0
package/dist/commands/stale-pattern.d.ts +4 -0
package/dist/commands/stale-pattern.js +293 -0
package/dist/commands/state-integrity.d.ts +4 -0
package/dist/commands/state-integrity.js +283 -0
package/dist/commands/suppress.d.ts +39 -0
package/dist/commands/suppress.js +203 -0
package/dist/commands/team-config.d.ts +4 -0
package/dist/commands/team-config.js +234 -0
package/dist/commands/team-leaderboard.d.ts +24 -0
package/dist/commands/team-leaderboard.js +227 -0
package/dist/commands/team-rules-sync.d.ts +7 -0
package/dist/commands/team-rules-sync.js +250 -0
package/dist/commands/team-trust.d.ts +7 -0
package/dist/commands/team-trust.js +174 -0
package/dist/commands/test-correlate.d.ts +7 -0
package/dist/commands/test-correlate.js +221 -0
package/dist/commands/test-isolation.d.ts +5 -0
package/dist/commands/test-isolation.js +234 -0
package/dist/commands/test-quality.d.ts +5 -0
package/dist/commands/test-quality.js +160 -0
package/dist/commands/test-suggest.d.ts +8 -0
package/dist/commands/test-suggest.js +247 -0
package/dist/commands/ticket-sync.d.ts +25 -0
package/dist/commands/ticket-sync.js +235 -0
package/dist/commands/timeout-audit.d.ts +4 -0
package/dist/commands/timeout-audit.js +210 -0
package/dist/commands/trace.d.ts +64 -0
package/dist/commands/trace.js +245 -0
package/dist/commands/trend-report.d.ts +4 -0
package/dist/commands/trend-report.js +148 -0
package/dist/commands/triage.d.ts +15 -0
package/dist/commands/triage.js +171 -0
package/dist/commands/trust-adaptive.d.ts +8 -0
package/dist/commands/trust-adaptive.js +193 -0
package/dist/commands/trust-ramp.d.ts +29 -0
package/dist/commands/trust-ramp.js +189 -0
package/dist/commands/tune.d.ts +24 -0
package/dist/commands/tune.js +380 -0
package/dist/commands/type-boundary.d.ts +4 -0
package/dist/commands/type-boundary.js +235 -0
package/dist/commands/upload.d.ts +13 -0
package/dist/commands/upload.js +172 -0
package/dist/commands/validate-config.d.ts +16 -0
package/dist/commands/validate-config.js +267 -0
package/dist/commands/vendor-lock-detect.d.ts +7 -0
package/dist/commands/vendor-lock-detect.js +288 -0
package/dist/commands/vote.d.ts +31 -0
package/dist/commands/vote.js +200 -0
package/dist/commands/warm-cache.d.ts +30 -0
package/dist/commands/warm-cache.js +165 -0
package/dist/commands/watch-judge.d.ts +7 -0
package/dist/commands/watch-judge.js +179 -0
package/dist/commands/watch.d.ts +22 -0
package/dist/commands/watch.js +147 -0
package/dist/comparison.d.ts +67 -0
package/dist/comparison.js +253 -0
package/dist/config.d.ts +108 -0
package/dist/config.js +694 -0
package/dist/context/context-snippets.d.ts +15 -0
package/dist/context/context-snippets.js +36 -0
package/dist/context/embedding-cache.d.ts +30 -0
package/dist/context/embedding-cache.js +48 -0
package/dist/data-adapter.d.ts +123 -0
package/dist/data-adapter.js +212 -0
package/dist/dedup.d.ts +105 -0
package/dist/dedup.js +606 -0
package/dist/disk-cache.d.ts +59 -0
package/dist/disk-cache.js +236 -0
package/dist/errors.d.ts +43 -0
package/dist/errors.js +63 -0
package/dist/escalation.d.ts +100 -0
package/dist/escalation.js +292 -0
package/dist/evaluation-session.d.ts +74 -0
package/dist/evaluation-session.js +152 -0
package/dist/evaluators/accessibility.d.ts +2 -0
package/dist/evaluators/accessibility.js +559 -0
package/dist/evaluators/agent-instructions.d.ts +2 -0
package/dist/evaluators/agent-instructions.js +214 -0
package/dist/evaluators/ai-code-safety.d.ts +8 -0
package/dist/evaluators/ai-code-safety.js +410 -0
package/dist/evaluators/api-contract.d.ts +9 -0
package/dist/evaluators/api-contract.js +203 -0
package/dist/evaluators/api-design.d.ts +2 -0
package/dist/evaluators/api-design.js +260 -0
package/dist/evaluators/app-builder.d.ts +33 -0
package/dist/evaluators/app-builder.js +155 -0
package/dist/evaluators/authentication.d.ts +2 -0
package/dist/evaluators/authentication.js +455 -0
package/dist/evaluators/backwards-compatibility.d.ts +2 -0
package/dist/evaluators/backwards-compatibility.js +168 -0
package/dist/evaluators/caching.d.ts +2 -0
package/dist/evaluators/caching.js +171 -0
package/dist/evaluators/ci-cd.d.ts +2 -0
package/dist/evaluators/ci-cd.js +218 -0
package/dist/evaluators/cloud-readiness.d.ts +2 -0
package/dist/evaluators/cloud-readiness.js +231 -0
package/dist/evaluators/code-structure.d.ts +21 -0
package/dist/evaluators/code-structure.js +195 -0
package/dist/evaluators/compliance.d.ts +2 -0
package/dist/evaluators/compliance.js +329 -0
package/dist/evaluators/concurrency.d.ts +2 -0
package/dist/evaluators/concurrency.js +307 -0
package/dist/evaluators/configuration-management.d.ts +2 -0
package/dist/evaluators/configuration-management.js +232 -0
package/dist/evaluators/cost-effectiveness.d.ts +2 -0
package/dist/evaluators/cost-effectiveness.js +418 -0
package/dist/evaluators/cybersecurity.d.ts +2 -0
package/dist/evaluators/cybersecurity.js +1197 -0
package/dist/evaluators/data-security.d.ts +2 -0
package/dist/evaluators/data-security.js +467 -0
package/dist/evaluators/data-sovereignty.d.ts +2 -0
package/dist/evaluators/data-sovereignty.js +495 -0
package/dist/evaluators/database.d.ts +2 -0
package/dist/evaluators/database.js +240 -0
package/dist/evaluators/dependencies.d.ts +5 -0
package/dist/evaluators/dependencies.js +228 -0
package/dist/evaluators/dependency-health.d.ts +2 -0
package/dist/evaluators/dependency-health.js +477 -0
package/dist/evaluators/documentation.d.ts +2 -0
package/dist/evaluators/documentation.js +432 -0
package/dist/evaluators/error-handling.d.ts +2 -0
package/dist/evaluators/error-handling.js +426 -0
package/dist/evaluators/ethics-bias.d.ts +2 -0
package/dist/evaluators/ethics-bias.js +263 -0
package/dist/evaluators/false-positive-review.d.ts +21 -0
package/dist/evaluators/false-positive-review.js +1246 -0
package/dist/evaluators/framework-rules.d.ts +58 -0
package/dist/evaluators/framework-rules.js +291 -0
package/dist/evaluators/framework-safety.d.ts +12 -0
package/dist/evaluators/framework-safety.js +1205 -0
package/dist/evaluators/hallucination-detection.d.ts +2 -0
package/dist/evaluators/hallucination-detection.js +1250 -0
package/dist/evaluators/iac-security.d.ts +8 -0
package/dist/evaluators/iac-security.js +701 -0
package/dist/evaluators/index.d.ts +167 -0
package/dist/evaluators/index.js +994 -0
package/dist/evaluators/intent-alignment.d.ts +18 -0
package/dist/evaluators/intent-alignment.js +405 -0
package/dist/evaluators/internationalization.d.ts +2 -0
package/dist/evaluators/internationalization.js +287 -0
package/dist/evaluators/judge-selector.d.ts +19 -0
package/dist/evaluators/judge-selector.js +141 -0
package/dist/evaluators/logging-privacy.d.ts +2 -0
package/dist/evaluators/logging-privacy.js +190 -0
package/dist/evaluators/logic-review.d.ts +2 -0
package/dist/evaluators/logic-review.js +289 -0
package/dist/evaluators/maintainability.d.ts +2 -0
package/dist/evaluators/maintainability.js +430 -0
package/dist/evaluators/model-fingerprint.d.ts +2 -0
package/dist/evaluators/model-fingerprint.js +151 -0
package/dist/evaluators/multi-turn-coherence.d.ts +13 -0
package/dist/evaluators/multi-turn-coherence.js +149 -0
package/dist/evaluators/observability.d.ts +2 -0
package/dist/evaluators/observability.js +238 -0
package/dist/evaluators/over-engineering.d.ts +2 -0
package/dist/evaluators/over-engineering.js +160 -0
package/dist/evaluators/performance.d.ts +2 -0
package/dist/evaluators/performance.js +649 -0
package/dist/evaluators/portability.d.ts +2 -0
package/dist/evaluators/portability.js +254 -0
package/dist/evaluators/project.d.ts +48 -0
package/dist/evaluators/project.js +817 -0
package/dist/evaluators/rate-limiting.d.ts +2 -0
package/dist/evaluators/rate-limiting.js +193 -0
package/dist/evaluators/recall-boost.d.ts +27 -0
package/dist/evaluators/recall-boost.js +409 -0
package/dist/evaluators/reliability.d.ts +2 -0
package/dist/evaluators/reliability.js +245 -0
package/dist/evaluators/scalability.d.ts +2 -0
package/dist/evaluators/scalability.js +230 -0
package/dist/evaluators/security.d.ts +12 -0
package/dist/evaluators/security.js +1013 -0
package/dist/evaluators/shared.d.ts +219 -0
package/dist/evaluators/shared.js +1169 -0
package/dist/evaluators/software-practices.d.ts +2 -0
package/dist/evaluators/software-practices.js +395 -0
package/dist/evaluators/suppressions.d.ts +49 -0
package/dist/evaluators/suppressions.js +185 -0
package/dist/evaluators/testing.d.ts +2 -0
package/dist/evaluators/testing.js +348 -0
package/dist/evaluators/ux.d.ts +2 -0
package/dist/evaluators/ux.js +309 -0
package/dist/evaluators/v2.d.ts +26 -0
package/dist/evaluators/v2.js +354 -0
package/dist/ext-to-lang.d.ts +16 -0
package/dist/ext-to-lang.js +60 -0
package/dist/feedback-loop.d.ts +62 -0
package/dist/feedback-loop.js +179 -0
package/dist/finding-lifecycle.d.ts +215 -0
package/dist/finding-lifecycle.js +547 -0
package/dist/fingerprint.d.ts +39 -0
package/dist/fingerprint.js +179 -0
package/dist/fix-history.d.ts +103 -0
package/dist/fix-history.js +164 -0
package/dist/formatters/badge.d.ts +16 -0
package/dist/formatters/badge.js +78 -0
package/dist/formatters/codeclimate.d.ts +24 -0
package/dist/formatters/codeclimate.js +80 -0
package/dist/formatters/csv.d.ts +16 -0
package/dist/formatters/csv.js +53 -0
package/dist/formatters/diagnostics.d.ts +81 -0
package/dist/formatters/diagnostics.js +152 -0
package/dist/formatters/github-actions.d.ts +6 -0
package/dist/formatters/github-actions.js +68 -0
package/dist/formatters/html.d.ts +12 -0
package/dist/formatters/html.js +194 -0
package/dist/formatters/junit.d.ts +6 -0
package/dist/formatters/junit.js +68 -0
package/dist/formatters/pdf.d.ts +12 -0
package/dist/formatters/pdf.js +114 -0
package/dist/formatters/sarif.d.ts +92 -0
package/dist/formatters/sarif.js +256 -0
package/dist/formatters/shared.d.ts +4 -0
package/dist/formatters/shared.js +29 -0
package/dist/git-diff.d.ts +62 -0
package/dist/git-diff.js +282 -0
package/dist/github-app.d.ts +152 -0
package/dist/github-app.js +716 -0
package/dist/import-resolver.d.ts +51 -0
package/dist/import-resolver.js +213 -0
package/dist/index.d.ts +4 -0
package/dist/index.js +38 -0
package/dist/judge-registry.d.ts +156 -0
package/dist/judge-registry.js +272 -0
package/dist/judges/accessibility.d.ts +2 -0
package/dist/judges/accessibility.js +46 -0
package/dist/judges/agent-instructions.d.ts +2 -0
package/dist/judges/agent-instructions.js +46 -0
package/dist/judges/ai-code-safety.d.ts +2 -0
package/dist/judges/ai-code-safety.js +57 -0
package/dist/judges/api-contract.d.ts +2 -0
package/dist/judges/api-contract.js +40 -0
package/dist/judges/api-design.d.ts +2 -0
package/dist/judges/api-design.js +57 -0
package/dist/judges/authentication.d.ts +2 -0
package/dist/judges/authentication.js +63 -0
package/dist/judges/backwards-compatibility.d.ts +2 -0
package/dist/judges/backwards-compatibility.js +46 -0
package/dist/judges/caching.d.ts +2 -0
package/dist/judges/caching.js +46 -0
package/dist/judges/ci-cd.d.ts +2 -0
package/dist/judges/ci-cd.js +46 -0
package/dist/judges/cloud-readiness.d.ts +2 -0
package/dist/judges/cloud-readiness.js +53 -0
package/dist/judges/code-structure.d.ts +2 -0
package/dist/judges/code-structure.js +50 -0
package/dist/judges/compliance.d.ts +2 -0
package/dist/judges/compliance.js +49 -0
package/dist/judges/concurrency.d.ts +2 -0
package/dist/judges/concurrency.js +48 -0
package/dist/judges/configuration-management.d.ts +2 -0
package/dist/judges/configuration-management.js +46 -0
package/dist/judges/cost-effectiveness.d.ts +2 -0
package/dist/judges/cost-effectiveness.js +42 -0
package/dist/judges/cybersecurity.d.ts +2 -0
package/dist/judges/cybersecurity.js +63 -0
package/dist/judges/data-security.d.ts +2 -0
package/dist/judges/data-security.js +50 -0
package/dist/judges/data-sovereignty.d.ts +2 -0
package/dist/judges/data-sovereignty.js +60 -0
package/dist/judges/database.d.ts +2 -0
package/dist/judges/database.js +51 -0
package/dist/judges/dependency-health.d.ts +2 -0
package/dist/judges/dependency-health.js +48 -0
package/dist/judges/documentation.d.ts +2 -0
package/dist/judges/documentation.js +55 -0
package/dist/judges/error-handling.d.ts +2 -0
package/dist/judges/error-handling.js +55 -0
package/dist/judges/ethics-bias.d.ts +2 -0
package/dist/judges/ethics-bias.js +48 -0
package/dist/judges/false-positive-review.d.ts +2 -0
package/dist/judges/false-positive-review.js +85 -0
package/dist/judges/framework-safety.d.ts +2 -0
package/dist/judges/framework-safety.js +49 -0
package/dist/judges/hallucination-detection.d.ts +2 -0
package/dist/judges/hallucination-detection.js +48 -0
package/dist/judges/iac-security.d.ts +2 -0
package/dist/judges/iac-security.js +47 -0
package/dist/judges/index.d.ts +88 -0
package/dist/judges/index.js +128 -0
package/dist/judges/intent-alignment.d.ts +2 -0
package/dist/judges/intent-alignment.js +46 -0
package/dist/judges/internationalization.d.ts +2 -0
package/dist/judges/internationalization.js +44 -0
package/dist/judges/logging-privacy.d.ts +2 -0
package/dist/judges/logging-privacy.js +46 -0
package/dist/judges/logic-review.d.ts +2 -0
package/dist/judges/logic-review.js +36 -0
package/dist/judges/maintainability.d.ts +2 -0
package/dist/judges/maintainability.js +46 -0
package/dist/judges/model-fingerprint.d.ts +2 -0
package/dist/judges/model-fingerprint.js +35 -0
package/dist/judges/multi-turn-coherence.d.ts +2 -0
package/dist/judges/multi-turn-coherence.js +39 -0
package/dist/judges/observability.d.ts +2 -0
package/dist/judges/observability.js +54 -0
package/dist/judges/over-engineering.d.ts +2 -0
package/dist/judges/over-engineering.js +50 -0
package/dist/judges/performance.d.ts +2 -0
package/dist/judges/performance.js +46 -0
package/dist/judges/portability.d.ts +2 -0
package/dist/judges/portability.js +46 -0
package/dist/judges/rate-limiting.d.ts +2 -0
package/dist/judges/rate-limiting.js +55 -0
package/dist/judges/reliability.d.ts +2 -0
package/dist/judges/reliability.js +57 -0
package/dist/judges/scalability.d.ts +2 -0
package/dist/judges/scalability.js +52 -0
package/dist/judges/security.d.ts +2 -0
package/dist/judges/security.js +64 -0
package/dist/judges/software-practices.d.ts +2 -0
package/dist/judges/software-practices.js +56 -0
package/dist/judges/testing.d.ts +2 -0
package/dist/judges/testing.js +54 -0
package/dist/judges/ux.d.ts +2 -0
package/dist/judges/ux.js +46 -0
package/dist/language-patterns.d.ts +653 -0
package/dist/language-patterns.js +851 -0
package/dist/parallel.d.ts +52 -0
package/dist/parallel.js +157 -0
package/dist/patches/apply.d.ts +15 -0
package/dist/patches/apply.js +37 -0
package/dist/patches/index.d.ts +9 -0
package/dist/patches/index.js +2544 -0
package/dist/plugins.d.ts +59 -0
package/dist/plugins.js +76 -0
package/dist/presets.d.ts +35 -0
package/dist/presets.js +406 -0
package/dist/probabilistic/llm-response-validator.d.ts +26 -0
package/dist/probabilistic/llm-response-validator.js +122 -0
package/dist/reports/public-repo-report.d.ts +42 -0
package/dist/reports/public-repo-report.js +579 -0
package/dist/review-conversation.d.ts +87 -0
package/dist/review-conversation.js +307 -0
package/dist/sast-integration.d.ts +112 -0
package/dist/sast-integration.js +215 -0
package/dist/scoring.d.ts +36 -0
package/dist/scoring.js +437 -0
package/dist/security-ids.d.ts +23 -0
package/dist/security-ids.js +239 -0
package/dist/skill-loader.d.ts +33 -0
package/dist/skill-loader.js +167 -0
package/dist/tools/command-safety.d.ts +13 -0
package/dist/tools/command-safety.js +95 -0
package/dist/tools/deep-review.d.ts +38 -0
package/dist/tools/deep-review.js +302 -0
package/dist/tools/prompts.d.ts +27 -0
package/dist/tools/prompts.js +122 -0
package/dist/tools/register-evaluation.d.ts +6 -0
package/dist/tools/register-evaluation.js +587 -0
package/dist/tools/register-fix.d.ts +5 -0
package/dist/tools/register-fix.js +175 -0
package/dist/tools/register-resources.d.ts +6 -0
package/dist/tools/register-resources.js +177 -0
package/dist/tools/register-review.d.ts +6 -0
package/dist/tools/register-review.js +564 -0
package/dist/tools/register-scaffold.d.ts +2 -0
package/dist/tools/register-scaffold.js +398 -0
package/dist/tools/register-workflow.d.ts +6 -0
package/dist/tools/register-workflow.js +1037 -0
package/dist/tools/register-workspace.d.ts +2 -0
package/dist/tools/register-workspace.js +214 -0
package/dist/tools/register.d.ts +6 -0
package/dist/tools/register.js +21 -0
package/dist/tools/schemas.d.ts +25 -0
package/dist/tools/schemas.js +41 -0
package/dist/tools/validation.d.ts +13 -0
package/dist/tools/validation.js +77 -0
package/dist/types.d.ts +898 -0
package/dist/types.js +1 -0
package/package.json +54 -0
package/skills/ai-code-review.skill.md +57 -0
package/skills/release-gate.skill.md +27 -0
package/skills/security-review.skill.md +32 -0

package/dist/evaluators/security.js ADDED Viewed

@@ -0,0 +1,1013 @@
+import { getLangFamily, testCode } from "./shared.js";
+/**
+ * General Security Posture evaluator.
+ *
+ * Produces SEC-prefixed findings for broad security anti-patterns:
+ * insecure data flows, weak cryptography, missing security controls,
+ * and unsafe code patterns across all supported languages.
+ *
+ * Complements domain-specific judges (CYBER, AUTH, DATA) by providing
+ * a holistic security assessment.
+ */
+export function analyzeSecurity(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "SEC";
+    const lang = getLangFamily(language);
+    const lines = code.split("\n");
+    // ── SEC-001: Untrusted input in database query construction ────────────
+    // Broad pattern: SQL keywords + string interpolation/concatenation
+    {
+        const sqlDataFlowLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Require 2+ SQL keywords on the same line to avoid matching UI labels
+            // like "Select ${user.name}" which contain a single SQL keyword.
+            const sqlKeywords = line.match(/\b(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE|SET|VALUES|INTO|JOIN|ORDER\s+BY|GROUP\s+BY)\b/gi) || [];
+            if (sqlKeywords.length < 2)
+                continue;
+            if (/\$\{/.test(line) || // template literal interpolation
+                /\+\s*\w/.test(line) || // string concatenation
+                /f["']/.test(line) || // Python f-string
+                /\.format\s*\(/.test(line) || // Python .format()
+                /String\.format/i.test(line) || // Java String.format
+                /fmt\.Sprintf/i.test(line) || // Go fmt.Sprintf
+                /%s/.test(line) // printf-style interpolation
+            ) {
+                sqlDataFlowLines.push(i + 1);
+            }
+        }
+        if (sqlDataFlowLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Untrusted input flows into database query construction",
+                description: "Database queries are built using dynamic string operations (concatenation, interpolation, or formatting) which can introduce injection vulnerabilities when user-controlled data is included.",
+                lineNumbers: sqlDataFlowLines,
+                recommendation: "Use parameterized queries or prepared statements exclusively. Separate SQL structure from data values.",
+                reference: "CWE-89",
+                suggestedFix: "Replace string building with parameterized queries: db.query('SELECT * FROM t WHERE id = $1', [id]).",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-002: Weak cryptographic algorithm for sensitive operations ──────
+    {
+        const weakCryptoLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/\b(?:md5|sha1|sha-1|DES|RC4|RC2|Blowfish)\b/i.test(line) &&
+                /\b(?:password|passwd|hash|digest|crypt|sign|verify|secret|token|credential)\b/i.test(line)) {
+                weakCryptoLines.push(i + 1);
+            }
+            // Also catch createHash('md5') or hashlib.md5() near password context
+            if (/(?:createHash|hashlib\.|MessageDigest\.getInstance|Hash(?:Algorithm)?)\s*\(\s*['"]?(?:md5|sha-?1)['"]?\s*\)/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 4)).join("\n");
+                if (/password|passwd|credential|secret|user/i.test(ctx)) {
+                    weakCryptoLines.push(i + 1);
+                }
+            }
+        }
+        const uniqueLines = [...new Set(weakCryptoLines)].sort((a, b) => a - b);
+        if (uniqueLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Weak cryptographic algorithm used for sensitive operations",
+                description: "A cryptographically weak algorithm (MD5, SHA-1, DES, RC4) is used in a security-sensitive context. These algorithms have known collision or brute-force vulnerabilities.",
+                lineNumbers: uniqueLines,
+                recommendation: "Use bcrypt, scrypt, or Argon2 for password hashing. Use SHA-256+ or AES-256-GCM for general cryptographic operations.",
+                reference: "CWE-327 / CWE-328",
+                suggestedFix: "Replace MD5/SHA1 with bcrypt for passwords: await bcrypt.hash(password, 12). For general hashing use SHA-256.",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-003: Uncontrolled file system access with dynamic paths ─────────
+    {
+        const fsAccessLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/\b(?:readFile|readFileSync|createReadStream|writeFile|writeFileSync|readdir|unlink|stat|access|open|sendFile|fs\.\w+)\s*\(/i.test(line) ||
+                /\b(?:os\.(?:Open|ReadFile)|ioutil\.ReadFile|File\.(?:read|open|new)|file_get_contents|fopen)\s*\(/i.test(line)) {
+                // Check if user input is involved (exclude compound identifiers like InputDir, userHome)
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:req\.|request\.|params\.|query\.|body\.|\bargs\.|argv|\binput\s*[=:[(.]|\buser\s*[=:[(.])/i.test(ctx) &&
+                    /(?:\+|`[^`]*\$\{|\.format|path\.join|Path\.Combine|filepath\.Join|os\.path\.join)/i.test(ctx)) {
+                    fsAccessLines.push(i + 1);
+                }
+            }
+        }
+        if (fsAccessLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Uncontrolled file system access with dynamic path construction",
+                description: "File system operations use paths constructed from external input without validation, potentially allowing access to arbitrary files via directory traversal sequences.",
+                lineNumbers: fsAccessLines,
+                recommendation: "Validate and canonicalize file paths. Ensure resolved paths stay within an allowed base directory. Reject paths containing '..' sequences.",
+                reference: "CWE-22 / CWE-73",
+                suggestedFix: "Validate: const safe = path.resolve(BASE, userInput); if (!safe.startsWith(BASE)) throw new Error('blocked');",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-004: Sensitive data transmitted over unencrypted channel ────────
+    {
+        const httpInsecureLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/["'`]http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0|example\.com|test)[^"'`\s]+/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 2), Math.min(lines.length, i + 3)).join("\n");
+                if (/\b(?:fetch|axios|request|http\.get|requests\.|urllib|HttpClient|curl|api|auth|login|password|token|payment|secret|key|credential)\b/i.test(ctx)) {
+                    httpInsecureLines.push(i + 1);
+                }
+            }
+        }
+        if (httpInsecureLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Sensitive data transmitted over unencrypted channel",
+                description: "HTTP (non-TLS) URLs are used in contexts involving sensitive operations or data. Network traffic can be intercepted by attackers on the same network.",
+                lineNumbers: httpInsecureLines,
+                recommendation: "Use HTTPS for all production endpoints. Enforce TLS for any communication involving authentication, tokens, or sensitive data.",
+                reference: "CWE-319 / CWE-523",
+                suggestedFix: "Replace http:// with https:// for all production endpoints.",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-005: API endpoint without input validation or sanitization ──────
+    {
+        const hasEndpoints = testCode(code, /app\.(?:get|post|put|patch|delete)\s*\(/gi) ||
+            testCode(code, /@(?:app\.route|Get|Post|Put|Patch|Delete|RequestMapping)\b/gi) ||
+            testCode(code, /router\.(?:get|post|put|patch|delete)\s*\(/gi) ||
+            testCode(code, /func\s+\w+\s*\(\s*w\s+http\.ResponseWriter/gi);
+        const hasValidation = testCode(code, /\b(?:joi|zod|yup|ajv|validate|validator|class-validator|express-validator)\b/gi) ||
+            testCode(code, /\b(?:parseInt|parseFloat|Number\(|isNaN|typeof\s+\w+\s*[!=]==?\s*["'](?:string|number|boolean)["'])\b/gi) ||
+            testCode(code, /\b(?:Schema|schema|ValidationError|validate|sanitize|escape|trim)\b/gi) ||
+            testCode(code, /\.(?:required|min|max|length|email|url|uuid|regex|pattern|matches)\s*\(/gi) ||
+            // Pydantic / FastAPI / Django form/serializer validation
+            testCode(code, /\b(?:BaseModel|Field\s*\(|EmailStr|HttpUrl|constr|conint|confloat|Serializer|Form\b|ModelForm\b)\b/gi);
+        if (hasEndpoints && !hasValidation && lines.length > 10) {
+            // Find the endpoint handler lines
+            const endpointLines = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/app\.(?:get|post|put|patch|delete)\s*\(|router\.(?:get|post|put|patch|delete)\s*\(/i.test(lines[i])) {
+                    endpointLines.push(i + 1);
+                }
+            }
+            if (endpointLines.length > 0) {
+                findings.push({
+                    ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                    severity: "high",
+                    title: "API endpoint processes external input without validation",
+                    description: "Endpoint handlers accept and use external input (request body, query parameters, URL parameters) without any visible input validation or sanitization.",
+                    lineNumbers: endpointLines,
+                    recommendation: "Add input validation using a schema library (Joi, Zod, Yup) or built-in validation. Validate types, ranges, formats, and lengths for all input fields.",
+                    reference: "CWE-20: Improper Input Validation",
+                    suggestedFix: "Add schema validation: const schema = z.object({ field: z.string().min(1).max(100) }); const data = schema.parse(req.body);",
+                    confidence: 0.7,
+                });
+            }
+        }
+    }
+    // ── SEC-006: Missing essential security middleware ──────────────────────
+    {
+        const hasExpress = testCode(code, /express\(\)|require\s*\(\s*['"]express['"]\s*\)|from\s+['"]express['"]/gi);
+        const hasHelmet = testCode(code, /helmet\b/gi);
+        const hasCors = testCode(code, /\bcors\b/gi);
+        const hasCsrf = testCode(code, /csrf|csurf/gi);
+        const hasRateLimit = testCode(code, /rate.?limit/gi);
+        if (hasExpress && !hasHelmet && lines.length > 10) {
+            const expressLines = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/express\(\)|require\s*\(\s*['"]express['"]\)/i.test(lines[i])) {
+                    expressLines.push(i + 1);
+                }
+            }
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Web framework missing essential security hardening",
+                description: "Express/Node.js application does not use security middleware (Helmet) to set protective HTTP headers (CSP, HSTS, X-Frame-Options, etc.)." +
+                    (!hasCors ? " CORS configuration is also missing." : "") +
+                    (!hasCsrf ? " CSRF protection is not configured." : "") +
+                    (!hasRateLimit ? " Rate limiting is not configured." : ""),
+                lineNumbers: expressLines.length > 0 ? expressLines : undefined,
+                recommendation: "Add helmet() middleware for security headers, CORS configuration, CSRF protection, and rate limiting.",
+                reference: "OWASP Secure Headers Project",
+                suggestedFix: "Add: app.use(helmet()); app.use(cors({ origin: ALLOWED_ORIGINS })); app.use(csrf()); app.use(rateLimit({ windowMs: 15*60*1000, max: 100 }));",
+                confidence: 0.75,
+            });
+        }
+    }
+    // ── SEC-007: Server-side request to user-controlled URL ────────────────
+    {
+        const ssrfLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Direct: fetch(req.query.url) / axios.get(req.body.url)
+            if (/\b(?:fetch|axios|http\.get|https\.get|requests\.get|urllib|HttpClient|WebClient|reqwest|httpx|aiohttp)\s*\(/i.test(line) &&
+                /(?:req\.|request\.|params\.|query\.|body\.|args\.|input)/i.test(line)) {
+                ssrfLines.push(i + 1);
+            }
+            // Java: new URL(userInput).openConnection() or URL constructed from request parameter
+            if (/\bnew\s+URL\s*\(/i.test(line) &&
+                /(?:req\.|request\.|getParameter|params|query|body|args|input)/i.test(line)) {
+                ssrfLines.push(i + 1);
+            }
+            // Ruby: URI.open / Kernel.open with user input
+            if (/\b(?:URI\.open|Kernel\.open|open\()\s*/i.test(line) &&
+                /(?:params\[|request\.|args|input|user|url)/i.test(line)) {
+                ssrfLines.push(i + 1);
+            }
+            // Indirect: variable assigned from req, then used in fetch
+            if (/\b(?:fetch|axios|http\.get|https\.get|requests\.get|requests\.request)\s*\(\s*(\w+)/i.test(line)) {
+                const match = line.match(/\b(?:fetch|axios|http\.get|requests\.get)\s*\(\s*(\w+)/i);
+                if (match) {
+                    const varName = match[1];
+                    if (varName && !/^['"`]/.test(varName) && varName !== "undefined" && varName !== "null") {
+                        const ctx = lines.slice(Math.max(0, i - 10), i).join("\n");
+                        const assignRe = new RegExp(`(?:const|let|var|\\w+)\\s*${varName}\\s*[:=]\\s*.*(?:req\\.|request\\.|params\\.|query\\.|body\\.|args\\.|input|url)`, "i");
+                        if (assignRe.test(ctx)) {
+                            ssrfLines.push(i + 1);
+                        }
+                    }
+                }
+            }
+        }
+        const uniqueSsrf = [...new Set(ssrfLines)].sort((a, b) => a - b);
+        if (uniqueSsrf.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Server-side HTTP request to user-controlled destination",
+                description: "A URL derived from user input is passed to a server-side HTTP client, allowing attackers to probe internal services, cloud metadata endpoints (169.254.169.254), or exfiltrate data.",
+                lineNumbers: uniqueSsrf,
+                recommendation: "Validate URLs against an allowlist of permitted domains. Block internal/private IP ranges. Use a URL parser to verify the scheme and host before making requests.",
+                reference: "CWE-918",
+                suggestedFix: "Validate: const url = new URL(input); if (!ALLOWED_HOSTS.includes(url.hostname)) throw new Error('blocked');",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-008: Unsafe recursive object merge allowing property injection ──
+    {
+        const mergeLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Object.assign, spread, _.merge, _.extend, deep merge with user input
+            if (/(?:Object\.assign|deepMerge|deepExtend|_\.merge|_\.extend|_\.defaultsDeep|lodash\.merge|merge\(|extend\()\s*\(/i.test(line) &&
+                /(?:req\.|request\.|body\.|params\.|query\.|input|user)/i.test(line)) {
+                mergeLines.push(i + 1);
+            }
+            // Recursive property assignment from user input
+            if (/\[.*(?:req\.|request\.|body\.|input|key|prop)\s*\]/i.test(line) && /\s*=\s*/.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 3)).join("\n");
+                if (/\b(?:for|while|forEach|Object\.keys|Object\.entries)\b/i.test(ctx)) {
+                    mergeLines.push(i + 1);
+                }
+            }
+        }
+        if (mergeLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Unsafe recursive object merge allowing property injection",
+                description: "User-controlled input is merged into objects via recursive merge/extend operations, allowing attackers to inject __proto__, constructor, or prototype properties to modify object behavior globally.",
+                lineNumbers: mergeLines,
+                recommendation: "Use a merge function that blocks prototype keys. Validate/whitelist allowed properties before merging. Freeze prototypes where possible.",
+                reference: "CWE-1321",
+                suggestedFix: "Filter dangerous keys: const safeData = Object.fromEntries(Object.entries(input).filter(([k]) => !['__proto__', 'constructor', 'prototype'].includes(k)));",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-009: Token verification without algorithm restriction ───────────
+    {
+        const jwtLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/jwt\.verify|jwt\.decode|jose\.jwtVerify|jsonwebtoken/i.test(line)) {
+                // Skip import/require statements — they're not verification calls
+                if (/^\s*import\b/.test(line) || /\brequire\s*\(/.test(line))
+                    continue;
+                const ctx = lines.slice(Math.max(0, i - 2), Math.min(lines.length, i + 5)).join("\n");
+                // Check if algorithms is specified in options
+                if (!/algorithms\s*[=:]/.test(ctx) && !/algorithm\s*[=:]/.test(ctx)) {
+                    jwtLines.push(i + 1);
+                }
+                // Check for 'none' algorithm explicitly allowed
+                if (/['"]none['"]/i.test(ctx)) {
+                    jwtLines.push(i + 1);
+                }
+            }
+            // Java/C# JWT verification without algorithm check
+            if (/JwtParser|JWTVerifier|TokenValidationParameters|JwtSecurityTokenHandler/i.test(line)) {
+                const ctx = lines.slice(i, Math.min(lines.length, i + 8)).join("\n");
+                if (!/(?:algorithms|signatureAlgorithm|ValidAlgorithms)\s*[=:]/i.test(ctx)) {
+                    jwtLines.push(i + 1);
+                }
+            }
+        }
+        const uniqueJwt = [...new Set(jwtLines)].sort((a, b) => a - b);
+        if (uniqueJwt.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Token verification without algorithm restriction",
+                description: "JWT/token verification does not restrict the allowed signing algorithms. This can allow 'none' algorithm attacks where an attacker submits unsigned tokens that are accepted as valid.",
+                lineNumbers: uniqueJwt,
+                recommendation: "Always specify allowed algorithms explicitly: jwt.verify(token, secret, { algorithms: ['HS256'] }). Never allow the 'none' algorithm.",
+                reference: "CWE-345 / CWE-347",
+                suggestedFix: "Add algorithm restriction: jwt.verify(token, secret, { algorithms: ['HS256'] });",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-010: Direct user input in data modification without field filtering ──
+    {
+        const massAssignLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // req.body spread into DB operations
+            if (/(?:\.create|\.update\w*|\.insert|\.findOneAndUpdate|\.updateOne|\.save|\.set|Model\.\w+|db\.\w+)\s*\(/i.test(line) &&
+                /(?:req\.body|request\.body|\.\.\.req\.body|\.\.\.request\.body|\breq\.body\b)/i.test(line)) {
+                massAssignLines.push(i + 1);
+            }
+            // Spread in object literal for DB
+            if (/\{\s*\.\.\.req\.body|\{\s*\.\.\.request\.body/i.test(line)) {
+                const ctx = lines.slice(i, Math.min(lines.length, i + 5)).join("\n");
+                if (/(?:\.create|\.update|\.save|query|Model)/i.test(ctx)) {
+                    massAssignLines.push(i + 1);
+                }
+            }
+        }
+        const uniqueMass = [...new Set(massAssignLines)].sort((a, b) => a - b);
+        if (uniqueMass.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Direct user input in data modification without field filtering",
+                description: "Request body is passed directly to database create/update operations without field whitelisting. Attackers can inject unexpected fields (isAdmin, role, price) to escalate privileges.",
+                lineNumbers: uniqueMass,
+                recommendation: "Explicitly pick allowed fields: const { name, email } = req.body; Model.update({ name, email }). Use DTOs or validation schemas.",
+                reference: "CWE-915",
+                suggestedFix: "Whitelist fields: const { name, email } = req.body; await Model.update({ name, email });",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-011: Unvalidated redirect destination ──────────────────────────
+    {
+        const redirectLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/(?:res\.redirect|response\.redirect|Response\.Redirect|redirect\(|redirect_to\s|sendRedirect|header\s*\(\s*['"]Location)/i.test(line) &&
+                /(?:req\.|request\.|params\[|params\.|query\.|body\.|args\.|input|url)/i.test(line)) {
+                redirectLines.push(i + 1);
+            }
+            // Indirect: redirect with a variable from user input
+            if (/(?:res\.redirect|response\.redirect|redirect_to\s|redirect)\s*\(?\s*(\w+)/i.test(line)) {
+                const match = line.match(/(?:res\.redirect|response\.redirect|redirect_to\s|redirect)\s*\(?\s*(\w+)/i);
+                if (match) {
+                    const varName = match[1];
+                    if (varName &&
+                        !/^['"`]/.test(varName) &&
+                        varName !== "undefined" &&
+                        varName !== "null" &&
+                        varName.length > 1) {
+                        const ctx = lines.slice(Math.max(0, i - 8), i).join("\n");
+                        const assignRe = new RegExp(`(?:const|let|var)?\\s*${varName}\\s*[:=]\\s*.*(?:req\\.|request\\.|query\\.|params\\.|body\\.)`, "i");
+                        if (assignRe.test(ctx)) {
+                            redirectLines.push(i + 1);
+                        }
+                    }
+                }
+            }
+        }
+        const uniqueRedirect = [...new Set(redirectLines)].sort((a, b) => a - b);
+        if (uniqueRedirect.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Unvalidated redirect to user-controlled destination",
+                description: "HTTP redirect uses a URL derived from user input without validation. Attackers can redirect users to phishing sites or malicious pages.",
+                lineNumbers: uniqueRedirect,
+                recommendation: "Validate redirect URLs against an allowlist of permitted destinations. Only allow relative paths or known domains.",
+                reference: "CWE-601",
+                suggestedFix: "Validate: const url = new URL(target, req.headers.origin); if (!ALLOWED_HOSTS.includes(url.hostname)) throw new Error('blocked');",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-012: Non-constant-time secret comparison ───────────────────────
+    {
+        const timingLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (/(?:===?|!==?)\s*(?:signature|secret|token|hmac|hash|digest|apiKey|api_key|expected|computed)/i.test(line) ||
+                /(?:signature|secret|token|hmac|hash|digest|apiKey|api_key|expected|computed)\s*(?:===?|!==?)/i.test(line)) {
+                // Skip test assertions (assert x == expected, expect(...).toEqual(expected), etc.)
+                if (/\bassert\b|\bexpect\b|\bshould\b|it\s*\(|test\s*\(|describe\s*\(/i.test(line))
+                    continue;
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 6)).join("\n");
+                if (!/timingSafeEqual|constantTimeCompare|hmac\.Equal|secure_compare|constant_time_compare|compare_digest|MessageDigest\.isEqual/i.test(ctx)) {
+                    timingLines.push(i + 1);
+                }
+            }
+        }
+        if (timingLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Non-constant-time comparison of cryptographic material",
+                description: "Secrets, tokens, or signatures are compared using standard equality operators which leak timing information. Attackers can determine correct values byte-by-byte by measuring response time differences.",
+                lineNumbers: timingLines,
+                recommendation: "Use constant-time comparison functions: crypto.timingSafeEqual() (Node.js), hmac.Equal() (Go), hmac.compare_digest() (Python).",
+                reference: "CWE-208",
+                suggestedFix: "Replace === with: crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-013: XML processing without entity restriction ─────────────────
+    {
+        const xxeLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Java: DocumentBuilderFactory, SAXParserFactory, XMLInputFactory without setFeature
+            if (/(?:DocumentBuilderFactory|SAXParserFactory|XMLInputFactory|XMLReader|TransformerFactory)\.new/i.test(line)) {
+                const ctxLines = lines.slice(i, Math.min(lines.length, i + 10));
+                // Strip comment lines to avoid false negatives from "// Missing: setFeature(...)" annotations
+                const ctxCode = ctxLines.filter((l) => !/^\s*(?:\/\/|\/\*|\*[\s/]|\*$|#)/.test(l)).join("\n");
+                if (!/setFeature\s*\(.*(?:FEATURE_SECURE_PROCESSING|XMLConstants\.FEATURE_SECURE_PROCESSING|disallow-doctype-decl|external-general-entities)/i.test(ctxCode) &&
+                    !/setProperty.*ACCESS_EXTERNAL/i.test(ctxCode)) {
+                    xxeLines.push(i + 1);
+                }
+            }
+            // Python: xml.etree, lxml without defused
+            if (/(?:ElementTree\.parse|etree\.(?:parse|fromstring|XMLParser)|minidom\.parse|xml\.sax\.parse|lxml\.etree)\s*\(/i.test(line)) {
+                const fullCode = lines.join("\n");
+                if (!/defusedxml|defused/i.test(fullCode)) {
+                    xxeLines.push(i + 1);
+                }
+            }
+            // C#: XmlReader, XmlDocument without DtdProcessing.Prohibit
+            if (/(?:XmlReader\.Create|XmlDocument\(\)|XDocument\.Load)\b/i.test(line)) {
+                const ctx = lines.slice(i, Math.min(lines.length, i + 8)).join("\n");
+                if (!/DtdProcessing\.Prohibit|DtdProcessing\s*=\s*DtdProcessing\.Prohibit|ProhibitDtd/i.test(ctx)) {
+                    xxeLines.push(i + 1);
+                }
+            }
+        }
+        if (xxeLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "XML processing without external entity restriction",
+                description: "XML parsers are used without disabling external entity resolution, enabling XXE attacks that can read local files, perform SSRF, or cause denial of service.",
+                lineNumbers: xxeLines,
+                recommendation: "Disable external entity processing: set FEATURE_SECURE_PROCESSING, disallow-doctype-decl, or use defusedxml (Python). In C#, set DtdProcessing.Prohibit.",
+                reference: "CWE-611",
+                suggestedFix: "Java: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Python: import defusedxml.ElementTree as ET",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-014: Unsafe memory operations without safety documentation ─────
+    if (lang === "rust") {
+        const unsafeLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            if (/\bunsafe\s*\{/.test(lines[i])) {
+                unsafeLines.push(i + 1);
+            }
+        }
+        if (unsafeLines.length > 0) {
+            const fullCode = lines.join("\n");
+            if (!/\/\/\s*SAFETY\s*:|\/\/\s*UNSAFE\s*:/i.test(fullCode)) {
+                findings.push({
+                    ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                    severity: "high",
+                    title: "Unsafe memory operations without safety invariant documentation",
+                    description: "Unsafe code blocks bypass memory safety guarantees without documenting the safety invariants that must hold. This risks buffer overflows, use-after-free, and data races.",
+                    lineNumbers: unsafeLines,
+                    recommendation: "Document safety invariants with // SAFETY: comments. Minimize unsafe scope. Prefer safe abstractions where possible.",
+                    reference: "CWE-119 / CWE-787",
+                    suggestedFix: "Add: // SAFETY: <explain why this is safe> above each unsafe block.",
+                    confidence: 0.85,
+                });
+            }
+        }
+    }
+    // ── SEC-015: Deserialization of untrusted data ─────────────────────────
+    {
+        const deserLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Python pickle/yaml/marshal
+            if (/\b(?:pickle\.loads?|yaml\.(?:load|unsafe_load)|marshal\.loads?)\s*\(/i.test(line)) {
+                deserLines.push(i + 1);
+            }
+            // Java ObjectInputStream
+            if (/\b(?:ObjectInputStream|XMLDecoder|readObject|readUnshared)\b/i.test(line)) {
+                deserLines.push(i + 1);
+            }
+            // PHP unserialize
+            if (/\bunserialize\s*\(/i.test(line)) {
+                deserLines.push(i + 1);
+            }
+            // Ruby Marshal.load
+            if (/\bMarshal\.load\b/i.test(line)) {
+                deserLines.push(i + 1);
+            }
+            // .NET BinaryFormatter
+            if (/\bBinaryFormatter\.Deserialize\b/i.test(line)) {
+                deserLines.push(i + 1);
+            }
+        }
+        if (deserLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Deserialization of data from untrusted sources",
+                description: "Unsafe deserialization functions (pickle, ObjectInputStream, Marshal, BinaryFormatter) process data that may originate from untrusted sources, enabling remote code execution.",
+                lineNumbers: deserLines,
+                recommendation: "Never deserialize untrusted data. Use JSON for data exchange with schema validation. Avoid pickle, ObjectInputStream, Marshal for user-facing inputs.",
+                reference: "CWE-502",
+                suggestedFix: "Replace with safe alternatives: JSON with schema validation, data transfer objects, or type-safe serialization formats.",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-016: Command injection / code execution with user input ────────
+    {
+        const cmdInjLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Go exec.Command("sh", "-c", ... + variable)
+            if (/exec\.Command\s*\(\s*["'](?:sh|bash|cmd)['"]/i.test(line) && /\+/.test(line)) {
+                cmdInjLines.push(i + 1);
+            }
+            // Ruby backtick/system/exec with interpolation
+            if (/`[^`]*#\{[^}]*(?:params|input|user|request)[^}]*\}[^`]*`/i.test(line)) {
+                cmdInjLines.push(i + 1);
+            }
+            if (/\b(?:system|exec|spawn)\s*\(\s*["'][^"']*#\{/i.test(line)) {
+                cmdInjLines.push(i + 1);
+            }
+            // Python eval/exec with user input
+            if (/\b(?:eval|exec)\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:request\.|args\.get|input\(|params|query|body|form\.|POST|GET)/i.test(ctx)) {
+                    cmdInjLines.push(i + 1);
+                }
+            }
+            // Python subprocess with shell=True and user input
+            if (/\bsubprocess\.(?:run|call|Popen|check_output|check_call)\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 5)).join("\n");
+                if (/shell\s*=\s*True/i.test(ctx)) {
+                    // Check for user input in the command string (f-string, format, concatenation)
+                    if (/(?:f["']|\$\{|\.format\s*\(|\+\s*\w|request\.|args\.get|params|query|body|input)/i.test(ctx)) {
+                        cmdInjLines.push(i + 1);
+                    }
+                }
+            }
+            // PHP system/exec/passthru/shell_exec with user input variables
+            if (/\b(?:system|exec|passthru|shell_exec|popen)\s*\(/i.test(line) &&
+                /\$_(?:GET|POST|REQUEST)\[|(?:\.\s*\$|\$\w+)/i.test(line)) {
+                cmdInjLines.push(i + 1);
+            }
+        }
+        const uniqueCmd = [...new Set(cmdInjLines)].sort((a, b) => a - b);
+        if (uniqueCmd.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Command injection via unsanitized user input",
+                description: "User-controlled input is passed to command execution functions (exec, system, eval) without sanitization, allowing attackers to execute arbitrary commands on the server.",
+                lineNumbers: uniqueCmd,
+                recommendation: "Never pass user input directly to command execution functions. Use parameterized APIs, allowlists, or sandboxed execution environments.",
+                reference: "CWE-78 / CWE-94",
+                suggestedFix: "Use parameterized exec: exec.Command('ping', '-c', '4', host) instead of shell string concatenation.",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-017: Server-side template injection (SSTI) ─────────────────────
+    {
+        const sstiLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Python render_template_string / Jinja2 from_string / Template() with user input
+            if (/(?:render_template_string|from_string|Template)\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:request\.|params|args\.get|input|user|form\.|query)/i.test(ctx)) {
+                    sstiLines.push(i + 1);
+                }
+            }
+            // String formatting used to build templates with user input
+            if (/f["'].*\{.*(?:username|name|user|input).*\}/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 3)).join("\n");
+                if (/(?:render_template_string|render|template|html)/i.test(ctx)) {
+                    sstiLines.push(i + 1);
+                }
+            }
+        }
+        const uniqueSsti = [...new Set(sstiLines)].sort((a, b) => a - b);
+        if (uniqueSsti.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Server-side template injection with user-controlled content",
+                description: "User input is used to construct or render server-side templates, allowing attackers to execute arbitrary code through template expressions.",
+                lineNumbers: uniqueSsti,
+                recommendation: "Never pass user input to template rendering functions. Use pre-defined templates with data binding instead of dynamic template construction.",
+                reference: "CWE-1336",
+                suggestedFix: "Use render_template('page.html', data=user_data) instead of render_template_string(user_input).",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-018: Path traversal via file path construction with user input ──
+    {
+        const pathTravLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // C# Path.Combine, Go filepath.Join, Python os.path.join with user-derived args
+            if (/(?:Path\.Combine|filepath\.Join|os\.path\.join|path\.join)\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 10), Math.min(lines.length, i + 3)).join("\n");
+                // Check for user input in method params, route params, request data
+                if (/(?:filename|file|filepath|path|name)\s*[=:]/i.test(ctx) &&
+                    /(?:\[Http|@app\.route|@Get|@Post|func\s+\w+.*http\.ResponseWriter|def\s+\w+.*request|params\[)/i.test(ctx)) {
+                    pathTravLines.push(i + 1);
+                }
+            }
+            // Direct: file operations using user-derived variable without traversal guard
+            if (/(?:os\.Open|os\.ReadFile|ioutil\.ReadFile|File\.read|http\.ServeFile|PhysicalFile|send_file)\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 8), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:filepath\.Join|Path\.Combine|os\.path\.join|path\.join)/i.test(ctx) &&
+                    !/(?:Contains\s*\(\s*"\.\."|strings\.Contains|filepath\.Rel|path\.resolve|realpath|Clean)/i.test(ctx) &&
+                    /(?:\[Http|@app\.route|@Get|@Post|func\s+\w+.*http\.ResponseWriter|def\s+\w+.*request|params\[|r\.FormValue|request\.|req\.)/i.test(ctx)) {
+                    pathTravLines.push(i + 1);
+                }
+            }
+        }
+        const uniquePath = [...new Set(pathTravLines)].sort((a, b) => a - b);
+        if (uniquePath.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Path traversal via user-controlled file path construction",
+                description: "File paths are constructed using user input via join functions (Path.Combine, filepath.Join) without traversal validation, allowing access to files outside the intended directory.",
+                lineNumbers: uniquePath,
+                recommendation: "Validate resolved paths stay within the base directory. Reject paths containing '..'. Use path canonicalization and check that the final path starts with the base directory.",
+                reference: "CWE-22 / CWE-73",
+                suggestedFix: "Validate: resolved := filepath.Clean(filepath.Join(base, input)); if !strings.HasPrefix(resolved, base) { return error }",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-019: Weak random number generator for security operations ──────
+    {
+        const weakRandLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Java: new Random() for tokens/sessions/keys
+            if (/\bnew\s+Random\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 5)).join("\n");
+                if (/\b(?:token|session|secret|key|password|salt|nonce|otp|code|id)\b/i.test(ctx)) {
+                    weakRandLines.push(i + 1);
+                }
+            }
+            // Math.random() in security context
+            if (/\bMath\.random\s*\(\)/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 5)).join("\n");
+                if (/\b(?:token|session|secret|key|password|salt|nonce|otp|code)\b/i.test(ctx)) {
+                    weakRandLines.push(i + 1);
+                }
+            }
+        }
+        if (weakRandLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Weak random number generator used for security-sensitive operations",
+                description: "A non-cryptographic random number generator (java.util.Random, Math.random()) is used to generate tokens, session IDs, or other security-sensitive values. These are predictable and can be exploited.",
+                lineNumbers: weakRandLines,
+                recommendation: "Use cryptographically secure random generators: SecureRandom (Java), crypto.randomBytes (Node.js), secrets module (Python).",
+                reference: "CWE-330 / CWE-338",
+                suggestedFix: "Replace with SecureRandom: new SecureRandom().nextBytes(bytes) (Java), crypto.randomBytes(32) (Node.js).",
+                confidence: 0.9,
+            });
+        }
+    }
+    // ── SEC-020: Static IV or insecure cryptographic configuration ────────
+    {
+        const cryptoMiscLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Static/hardcoded IV — matches variable names containing iv/IV with hardcoded values
+            if (/(?:static\s*IV|\b(?:iv|IV)\b\s*[:=]\s*(?:\[\]byte\s*\(|["'[])| var\s+\w*[Ii][Vv]\s*=)/i.test(line)) {
+                cryptoMiscLines.push(i + 1);
+            }
+            // Broader IV detection: const/let/var STATIC_IV =, nonce = "...", etc.
+            if (/\b(?:const|let|var|val)\s+\w*(?:_iv|_IV|IV|Iv|_nonce|NONCE)\w*\s*=/.test(line)) {
+                // Must be assigned a hardcoded value (string, buffer, byte array)
+                if (/(?:Buffer\.from|new\s+Uint8Array|\[\]byte|"[^"]+"|'[^']+'|\[\s*\d)/.test(line)) {
+                    cryptoMiscLines.push(i + 1);
+                }
+            }
+            // ECB-like mode: manual block-by-block encryption without chain/GCM
+            if (/block\.Encrypt\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join("\n");
+                if (/for\s|range\s|BlockSize/i.test(ctx) && !/GCM|CBC|CTR|cipher\.NewGCM/i.test(ctx)) {
+                    cryptoMiscLines.push(i + 1);
+                }
+            }
+            // ECB mode explicitly selected
+            if (/['"](?:aes-\d+-ecb|ECB|DES-ECB|des-ecb)['"]|cipher\.NewCipher\b/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 3)).join("\n");
+                if (!/GCM|NewGCM|AEAD/i.test(ctx)) {
+                    cryptoMiscLines.push(i + 1);
+                }
+            }
+            // DES/3DES/RC4 usage (known broken ciphers)
+            if (/['"](?:des(?:-ede3)?(?:-cbc|-ecb)?|rc4|RC4)['"]|DES\.(?:encrypt|decrypt|new)/i.test(line)) {
+                cryptoMiscLines.push(i + 1);
+            }
+        }
+        const uniqueCrypto = [...new Set(cryptoMiscLines)].sort((a, b) => a - b);
+        if (uniqueCrypto.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "high",
+                title: "Insecure cryptographic configuration",
+                description: "Static/hardcoded initialization vectors (IVs) or manual ECB-like encryption without proper chaining mode. Static IVs allow ciphertext analysis, and ECB mode preserves plaintext patterns.",
+                lineNumbers: uniqueCrypto,
+                recommendation: "Use a random IV/nonce for each encryption operation. Use authenticated encryption modes (AES-GCM). Never reuse IVs with the same key.",
+                reference: "CWE-329 / CWE-327",
+                suggestedFix: "Generate random IV: make([]byte, 12) filled with crypto/rand (Go), crypto.randomBytes(12) (Node.js). Use GCM mode.",
+                confidence: 0.85,
+            });
+        }
+    }
+    // ── SEC-021: TLS certificate verification disabled ─────────────────────
+    {
+        const tlsSkipLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Go: InsecureSkipVerify: true
+            if (/InsecureSkipVerify\s*:\s*true/i.test(line)) {
+                tlsSkipLines.push(i + 1);
+            }
+            // Python: verify=False in requests
+            if (/verify\s*=\s*False/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 2)).join("\n");
+                if (/requests\.|urllib|httpx|aiohttp/i.test(ctx)) {
+                    tlsSkipLines.push(i + 1);
+                }
+            }
+            // Node.js: rejectUnauthorized: false
+            if (/rejectUnauthorized\s*:\s*false/i.test(line)) {
+                tlsSkipLines.push(i + 1);
+            }
+            // C#: ServerCertificateCustomValidationCallback that always returns true
+            if (/ServerCertificateCustomValidationCallback\s*=.*=>\s*true/i.test(line)) {
+                tlsSkipLines.push(i + 1);
+            }
+        }
+        if (tlsSkipLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+                severity: "critical",
+                title: "TLS certificate verification disabled",
+                description: "TLS certificate verification is explicitly disabled, allowing man-in-the-middle attacks. Attackers on the network can intercept and modify all traffic.",
+                lineNumbers: tlsSkipLines,
+                recommendation: "Enable TLS certificate verification in production. Use proper CA certificates. Only disable verification in test environments with clear environment guards.",
+                reference: "CWE-295",
+                suggestedFix: "Remove InsecureSkipVerify/rejectUnauthorized=false and configure proper CA certificates.",
+                confidence: 0.95,
+            });
+        }
+    }
+    // ── SEC-022: Format string attack with user input ──────────────────────
+    {
+        const fmtLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Python: user_string.format(...) or template.format(key=user_input)
+            if (/\.format\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:request\.|args\.get|input\(|params|query|form\.)/i.test(ctx)) {
+                    // Check if the format target itself comes from user input (allow cross-line match)
+                    if (/(?:request|args|input|params|query|form)\b[\s\S]*\.format\s*\(/i.test(ctx)) {
+                        fmtLines.push(i + 1);
+                    }
+                }
+            }
+        }
+        if (fmtLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "high",
+                title: "Format string attack with user-controlled template",
+                description: "A user-controlled string is used as a format template. Attackers can access object attributes and globals via format specifiers like {self.__class__.__init__.__globals__}.",
+                lineNumbers: fmtLines,
+                recommendation: "Never use user input as a format string template. Use safe string concatenation or template engines with sandboxed rendering.",
+                reference: "CWE-134",
+                suggestedFix: "Use safe rendering: output = f'Hello, {name}' with pre-validated name, or use a template engine with auto-escaping.",
+                confidence: 0.85,
+            });
+        }
+    }
+    ruleNum++; // advance past SEC-022
+    // ── SEC-023: C/C++ unsafe memory functions ─────────────────────────────
+    if (lang === "cpp") {
+        const unsafeMemLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // strcpy, strcat, sprintf, gets, sscanf — no bounds checking
+            if (/\b(?:strcpy|strcat|sprintf|gets|sscanf|wcscpy|wcscat|swprintf)\s*\(/i.test(line)) {
+                unsafeMemLines.push(i + 1);
+            }
+            // memcpy with potentially unbounded size from user input
+            if (/\bmemcpy\s*\(/.test(line) && /sizeof\s*\(\s*\w+\s*\)/.test(line) === false) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 2)).join("\n");
+                if (/strlen|input|user|request|param|argv|read/i.test(ctx)) {
+                    unsafeMemLines.push(i + 1);
+                }
+            }
+            // Use-after-free: free() followed by use of same pointer
+            if (/\bfree\s*\(\s*(\w+)\s*\)/.test(line)) {
+                const match = line.match(/\bfree\s*\(\s*(\w+)\s*\)/);
+                if (match) {
+                    const varName = match[1];
+                    const after = lines.slice(i + 1, Math.min(lines.length, i + 6)).join("\n");
+                    const useRe = new RegExp(`\\b${varName}\\b(?!\\s*=\\s*NULL|\\s*=\\s*nullptr|\\s*=\\s*0)`, "i");
+                    if (useRe.test(after)) {
+                        unsafeMemLines.push(i + 1);
+                    }
+                }
+            }
+        }
+        if (unsafeMemLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Unsafe memory functions without bounds checking",
+                description: "Functions like strcpy, gets, sprintf, and strcat perform no bounds checking and are primary sources of buffer overflow vulnerabilities. Use-after-free patterns also detected.",
+                lineNumbers: [...new Set(unsafeMemLines)].sort((a, b) => a - b),
+                recommendation: "Replace with bounds-checked alternatives: strncpy/strlcpy, snprintf, fgets, strncat. Set freed pointers to NULL. Consider using std::string in C++.",
+                reference: "CWE-120 / CWE-416",
+                suggestedFix: "strcpy(dest, src) → strncpy(dest, src, sizeof(dest)-1); gets(buf) → fgets(buf, sizeof(buf), stdin);",
+                confidence: 0.95,
+            });
+        }
+    }
+    ruleNum++; // advance past SEC-023
+    // ── SEC-024: NoSQL injection via unsanitized query objects ─────────────
+    {
+        const nosqlLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // MongoDB-style: collection.find/deleteMany/updateMany with raw user input
+            if (/\.(?:find|findOne|findOneAndUpdate|findOneAndDelete|updateOne|updateMany|deleteOne|deleteMany|aggregate|countDocuments)\s*\(/i.test(line)) {
+                // Direct user input in the function call
+                if (/(?:req\.body|req\.query|req\.params|request\.body|request\.args)/i.test(line)) {
+                    nosqlLines.push(i + 1);
+                }
+                // Indirect: check if the argument variable was assigned from user input
+                const match = line.match(/\.(?:find|findOne|findOneAndUpdate|findOneAndDelete|deleteMany|updateMany)\s*\(\s*(\w+)/i);
+                if (match && match[1]) {
+                    const varName = match[1];
+                    if (!/^['"`{[]/.test(varName) && !/^(?:null|undefined|true|false|\d)/.test(varName)) {
+                        const ctx = lines.slice(Math.max(0, i - 8), i).join("\n");
+                        const assignRe = new RegExp(`(?:const|let|var)\\s+${varName}\\s*=\\s*.*(?:req\\.body|req\\.query|req\\.params|request\\.body|request\\.args)`, "i");
+                        if (assignRe.test(ctx)) {
+                            nosqlLines.push(i + 1);
+                        }
+                    }
+                }
+            }
+            // MongoDB $where with string (code injection)
+            if (/\$where\s*:\s*['"`]/.test(line)) {
+                nosqlLines.push(i + 1);
+            }
+        }
+        if (nosqlLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "critical",
+                title: "NoSQL injection via unsanitized query object",
+                description: "User input is passed directly as a query filter to NoSQL database operations. Attackers can inject operators like $gt, $ne, or $where to bypass authentication or extract data.",
+                lineNumbers: [...new Set(nosqlLines)].sort((a, b) => a - b),
+                recommendation: "Validate and sanitize query objects. Use explicit field selection instead of passing raw request body. Strip MongoDB operators ($gt, $ne, $regex, $where) from user input.",
+                reference: "CWE-943",
+                suggestedFix: "const filter = { status: req.body.status }; // whitelist fields instead of: collection.find(req.body)",
+                confidence: 0.9,
+            });
+        }
+    }
+    ruleNum++; // advance past SEC-024
+    // ── SEC-025: CORS wildcard origin with credentials ─────────────────────
+    {
+        const corsLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Python Flask-CORS: origins="*" + supports_credentials=True
+            if (/origins?\s*[:=]\s*["']\*["']/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join("\n");
+                if (/(?:supports_credentials|credentials)\s*[:=]\s*(?:True|true)/i.test(ctx)) {
+                    corsLines.push(i + 1);
+                }
+            }
+            // Express cors: origin: "*" + credentials: true
+            if (/origin\s*:\s*["']\*["']|origin\s*:\s*true/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join("\n");
+                if (/credentials\s*:\s*true/i.test(ctx)) {
+                    corsLines.push(i + 1);
+                }
+            }
+            // Raw header: Access-Control-Allow-Origin: *
+            if (/Access-Control-Allow-Origin['":\s]*\*/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 3)).join("\n");
+                if (/Access-Control-Allow-Credentials['":\s]*true/i.test(ctx)) {
+                    corsLines.push(i + 1);
+                }
+            }
+        }
+        if (corsLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "high",
+                title: "CORS wildcard origin with credentials enabled",
+                description: "Setting Access-Control-Allow-Origin to '*' while enabling credentials is a dangerous misconfiguration. Browsers block this combination, but misconfigurations in server handling can still leak session cookies to arbitrary origins.",
+                lineNumbers: corsLines,
+                recommendation: "Use an explicit allowlist of origins instead of '*' when credentials are required. Validate the Origin header against trusted domains.",
+                reference: "CWE-346 / CWE-942",
+                suggestedFix: "Replace origin='*' with specific allowed origins: CORS(app, origins=['https://myapp.com'], supports_credentials=True)",
+                confidence: 0.9,
+            });
+        }
+    }
+    ruleNum++; // advance past SEC-025
+    // ── SEC-026: Elixir atom exhaustion from user input ────────────────────
+    {
+        const atomLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // String.to_atom or String.to_existing_atom from user input
+            if (/String\.to_atom\s*\(/i.test(line)) {
+                const ctx = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 2)).join("\n");
+                if (/(?:params|conn\.params|request|body|query|input|assigns)/i.test(ctx)) {
+                    atomLines.push(i + 1);
+                }
+            }
+        }
+        if (atomLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "high",
+                title: "Atom exhaustion from uncontrolled user input",
+                description: "Converting user input to atoms via String.to_atom/1 can exhaust the atom table (atoms are never garbage collected), leading to a denial-of-service crash of the BEAM VM.",
+                lineNumbers: atomLines,
+                recommendation: "Use String.to_existing_atom/1 instead, which only converts to atoms that already exist. Alternatively, use a whitelist of allowed values.",
+                reference: "CWE-400",
+                suggestedFix: "String.to_atom(input) → String.to_existing_atom(input) or validate: if input in ~w(index show), do: ...",
+                confidence: 0.95,
+            });
+        }
+    }
+    ruleNum++; // advance past SEC-026
+    // ── SEC-027: Dynamic code execution (loadstring, eval equivalents) ─────
+    {
+        const dynCodeLines = [];
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            // Lua: loadstring / load with user input (code execution)
+            if (/\b(?:loadstring|load)\s*\(\s*(\w+)/i.test(line)) {
+                const match = line.match(/\b(?:loadstring|load)\s*\(\s*(\w+)/i);
+                if (match && !/^['"`]/.test(match[1])) {
+                    dynCodeLines.push(i + 1);
+                }
+            }
+        }
+        if (dynCodeLines.length > 0) {
+            findings.push({
+                ruleId: `${prefix}-${String(ruleNum).padStart(3, "0")}`,
+                severity: "critical",
+                title: "Dynamic code execution with potentially untrusted input",
+                description: "Functions like loadstring (Lua) compile and execute strings as code. When called with untrusted input, attackers can execute arbitrary code on the server.",
+                lineNumbers: dynCodeLines,
+                recommendation: "Avoid loadstring/load with external input. Use a sandboxed environment or whitelist of allowed operations. Consider using a data-driven approach instead of code generation.",
+                reference: "CWE-94",
+                suggestedFix: "Replace loadstring(code) with a safe dispatch table: actions[command](args) using pre-defined functions.",
+                confidence: 0.85,
+            });
+        }
+    }
+    return findings;
+}