@kevinrabun/judges 1.0.0

package/dist/evaluators/compliance.js

@@ -0,0 +1,213 @@
+export function analyzeCompliance(code, language) {
+    const findings = [];
+    const lines = code.split("\n");
+    const prefix = "COMP";
+    let ruleNum = 1;
+    // Detect PII handling without encryption
+    const piiFieldLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:ssn|social_security|tax_id|passport|national_id|driver_license)/i.test(line) && !/encrypt|hash|mask|redact/i.test(line)) {
+            piiFieldLines.push(i + 1);
+        }
+    });
+    if (piiFieldLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "PII field handled without protection",
+            description: "Personally Identifiable Information (SSN, passport, tax ID) must be encrypted at rest and in transit, and masked in logs.",
+            lineNumbers: piiFieldLines,
+            recommendation: "Encrypt PII fields, mask them in logs and UI displays, and ensure they are stored with column-level encryption.",
+            reference: "GDPR Article 32 / CCPA / HIPAA",
+        });
+    }
+    // Detect missing consent/opt-in checks
+    const trackingLines = [];
+    lines.forEach((line, i) => {
+        if (/analytics|tracking|telemetry|gtag|fbq|pixel|ga\s*\(/i.test(line)) {
+            trackingLines.push(i + 1);
+        }
+    });
+    const hasConsent = /consent|opt.?in|cookie.?banner|gdpr|accept.*cookie/i.test(code);
+    if (trackingLines.length > 0 && !hasConsent) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Tracking/analytics without consent check",
+            description: "Analytics and tracking scripts are loaded without checking for user consent, potentially violating GDPR and ePrivacy regulations.",
+            lineNumbers: trackingLines,
+            recommendation: "Implement a consent management system. Only load tracking scripts after obtaining explicit user consent.",
+            reference: "GDPR Article 6 / ePrivacy Directive",
+        });
+    }
+    // Detect data retention issues
+    const storeForeverLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:save|store|insert|persist|write)\s*\(/i.test(line) && /(?:user|personal|customer|patient|email|phone)/i.test(line)) {
+            const context = lines.slice(Math.max(0, i - 5), Math.min(lines.length, i + 5)).join("\n");
+            if (!/ttl|expir|retention|purge|delete.*after|archive/i.test(context)) {
+                storeForeverLines.push(i + 1);
+            }
+        }
+    });
+    if (storeForeverLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Personal data stored without retention policy",
+            description: "Personal data appears to be stored indefinitely without a defined retention period or cleanup mechanism.",
+            lineNumbers: storeForeverLines,
+            recommendation: "Define and implement data retention policies. Set TTLs, schedule purge jobs, or implement right-to-deletion workflows.",
+            reference: "GDPR Article 5(1)(e) Storage Limitation",
+        });
+    }
+    // Detect logging of sensitive information
+    const logSensitiveLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:console|logger|log)\.\w+\s*\(/.test(line) && /(?:password|token|secret|ssn|credit.?card|api.?key|auth)/i.test(line)) {
+            logSensitiveLines.push(i + 1);
+        }
+    });
+    if (logSensitiveLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Sensitive data in log statements",
+            description: "Logging sensitive information (passwords, tokens, SSNs, credit cards) creates compliance violations and security risks.",
+            lineNumbers: logSensitiveLines,
+            recommendation: "Never log sensitive data. Use redaction/masking utilities to sanitize log output. Audit all log statements.",
+            reference: "OWASP Logging Cheat Sheet / PCI DSS Requirement 3",
+        });
+    }
+    // Detect missing data classification markers
+    const dataModelLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:interface|class|type|schema|model)\s+\w*(?:User|Customer|Patient|Employee|Person)/i.test(line)) {
+            const context = lines.slice(i, Math.min(lines.length, i + 15)).join("\n");
+            if (!/classification|sensitivity|pii|confidential|restricted|public/i.test(context)) {
+                dataModelLines.push(i + 1);
+            }
+        }
+    });
+    if (dataModelLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Data model lacks classification markers",
+            description: "Data models containing personal information should include data classification metadata to guide handling policies.",
+            lineNumbers: dataModelLines,
+            recommendation: "Add data classification comments or decorators (e.g., @PII, @Confidential) to help enforce appropriate handling.",
+            reference: "Data Classification Best Practices",
+        });
+    }
+    // Detect credit card number patterns (PCI DSS)
+    const cardNumberLines = [];
+    lines.forEach((line, i) => {
+        if (/\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\b/.test(line)) {
+            cardNumberLines.push(i + 1);
+        }
+        if (/credit.?card|card.?number|ccn|pan\b|cardNumber/i.test(line) && !/mask|redact|encrypt|hash|tokenize|\*{4}/i.test(line)) {
+            cardNumberLines.push(i + 1);
+        }
+    });
+    if (cardNumberLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Credit card data handling detected",
+            description: "Credit card numbers must never be stored in plain text. PCI DSS requires tokenization, encryption, or use of a payment processor.",
+            lineNumbers: [...new Set(cardNumberLines)],
+            recommendation: "Use a PCI-compliant payment processor (Stripe, Braintree). Never store, log, or transmit raw card numbers. Tokenize immediately.",
+            reference: "PCI DSS Requirement 3: Protect Stored Cardholder Data",
+        });
+    }
+    // Detect HIPAA-relevant health data
+    const healthDataLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:diagnosis|medical_record|health_condition|prescription|treatment|patient_id|medical_history|lab_result)/i.test(line) && !/encrypt|hipaa|protected|phi\b/i.test(line)) {
+            healthDataLines.push(i + 1);
+        }
+    });
+    if (healthDataLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Protected Health Information without HIPAA safeguards",
+            description: "Health-related data fields detected without encryption or HIPAA compliance markers. PHI requires special handling under HIPAA.",
+            lineNumbers: healthDataLines,
+            recommendation: "Encrypt PHI at rest and in transit. Implement access controls, audit logging, and ensure BAA with cloud providers.",
+            reference: "HIPAA Security Rule / 45 CFR Part 164",
+        });
+    }
+    // Detect right-to-delete / data erasure gaps
+    const deleteEndpointExists = /delete.*user|erase.*data|remove.*account|right.?to.?delete|gdpr.*delete|data.?erasure/i.test(code);
+    const storesUserData = /(?:save|create|insert)\s*\(.*(?:user|customer|profile|account)/i.test(code);
+    if (storesUserData && !deleteEndpointExists) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No data deletion/erasure capability detected",
+            description: "User data is stored but no deletion mechanism exists. GDPR and CCPA require the ability to delete personal data on request.",
+            recommendation: "Implement a user data deletion endpoint that cascades across all storage systems (DB, cache, backups, third parties).",
+            reference: "GDPR Article 17: Right to Erasure / CCPA Right to Delete",
+        });
+    }
+    // Detect cookie handling without SameSite/Secure flags
+    const cookieLines = [];
+    lines.forEach((line, i) => {
+        if (/set-cookie|setCookie|cookie\s*\(/i.test(line) && !/sameSite|secure|httpOnly/i.test(line)) {
+            cookieLines.push(i + 1);
+        }
+    });
+    if (cookieLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Cookies set without security flags",
+            description: "Cookies are set without SameSite, Secure, or HttpOnly flags, which may violate security compliance standards.",
+            lineNumbers: cookieLines,
+            recommendation: "Set Secure, HttpOnly, and SameSite=Strict on sensitive cookies. Review cookie consent requirements per jurisdiction.",
+            reference: "OWASP Cookie Security / ePrivacy Directive",
+        });
+    }
+    // Detect age verification gaps
+    const ageRelatedLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:age|date.?of.?birth|dob|birthdate|birth_date|minor|child|under.?13|under.?16|coppa)/i.test(line)) {
+            ageRelatedLines.push(i + 1);
+        }
+    });
+    const hasAgeVerification = /age.?verif|age.?check|age.?gate|is.?minor|is.?adult|minimum.?age/i.test(code);
+    if (ageRelatedLines.length > 0 && !hasAgeVerification) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Age-related data without verification mechanism",
+            description: "Code references age or date of birth but has no age verification mechanism. COPPA, GDPR (under 16), and other laws require special handling for minors.",
+            lineNumbers: ageRelatedLines.slice(0, 5),
+            recommendation: "Implement age verification and parental consent flows for users under the applicable age threshold.",
+            reference: "COPPA / GDPR Article 8 / Age Appropriate Design Code",
+        });
+    }
+    // Detect audit trail gaps for regulated operations
+    const regulatedOpLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:transfer|payment|withdrawal|approve|sign|certify|authorize|attest)\s*[=(]/i.test(line)) {
+            regulatedOpLines.push(i + 1);
+        }
+    });
+    const hasAuditTrail = /audit|auditLog|audit_log|audit_trail|compliance_log/i.test(code);
+    if (regulatedOpLines.length > 0 && !hasAuditTrail) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Regulated operations without audit trail",
+            description: "Financial or approval operations detected without audit logging. SOX, SOC2, and financial regulations require complete audit trails.",
+            lineNumbers: regulatedOpLines.slice(0, 5),
+            recommendation: "Implement immutable audit logging for all regulated operations. Log who, what, when, and the outcome.",
+            reference: "SOX Compliance / SOC2 Trust Criteria",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=compliance.js.map

package/dist/evaluators/compliance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/evaluators/compliance.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,yCAAyC;IACzC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAChI,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,2HAA2H;YACxI,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,gCAAgC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtE,aAAa,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpF,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,mIAAmI;YAChJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0GAA0G;YAC1H,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3H,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1F,IAAI,CAAC,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtE,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,0GAA0G;YACvH,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,wHAAwH;YACxI,SAAS,EAAE,yCAAyC;SACrD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5H,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,yHAAyH;YACtI,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,6GAA6G;YAC7H,SAAS,EAAE,mDAAmD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,uFAAuF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvG,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1E,IAAI,CAAC,gEAAgE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpF,cAAc,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,yCAAyC;YAChD,WAAW,EAAE,qHAAqH;YAClI,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,kHAAkH;YAClI,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,4FAA4F,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5G,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,IAAI,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3H,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,mIAAmI;YAChJ,WAAW,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;YAC1C,cAAc,EAAE,kIAAkI;YAClJ,SAAS,EAAE,uDAAuD;SACnE,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,6GAA6G,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7K,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,gIAAgI;YAC7I,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,oHAAoH;YACpI,SAAS,EAAE,uCAAuC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,oBAAoB,GAAG,wFAAwF,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjI,MAAM,cAAc,GAAG,iEAAiE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpG,IAAI,cAAc,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,6HAA6H;YAC1I,cAAc,EAAE,uHAAuH;YACvI,SAAS,EAAE,0DAA0D;SACtE,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9F,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,+GAA+G;YAC5H,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,sHAAsH;YACtI,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,yFAAyF,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzG,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,kBAAkB,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1G,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACtD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,iDAAiD;YACxD,WAAW,EAAE,yJAAyJ;YACtK,WAAW,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACxC,cAAc,EAAE,qGAAqG;YACrH,SAAS,EAAE,sDAAsD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,+EAA+E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/F,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,aAAa,GAAG,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxF,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QAClD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,sIAAsI;YACnJ,WAAW,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACzC,cAAc,EAAE,uGAAuG;YACvH,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/concurrency.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeConcurrency(code: string, language: string): Finding[];
+//# sourceMappingURL=concurrency.d.ts.map

package/dist/evaluators/concurrency.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"concurrency.d.ts","sourceRoot":"","sources":["../../src/evaluators/concurrency.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAqO5E"}

package/dist/evaluators/concurrency.js

@@ -0,0 +1,220 @@
+export function analyzeConcurrency(code, language) {
+    const findings = [];
+    const lines = code.split("\n");
+    const prefix = "CONC";
+    let ruleNum = 1;
+    // Detect unbounded Promise.all
+    const promiseAllLines = [];
+    lines.forEach((line, i) => {
+        if (/Promise\.all\s*\(\s*\w+\.map/i.test(line)) {
+            const context = lines.slice(Math.max(0, i - 3), Math.min(lines.length, i + 5)).join("\n");
+            if (!/chunk|batch|limit|throttle|pLimit|p-limit|concurrency|pool/i.test(context)) {
+                promiseAllLines.push(i + 1);
+            }
+        }
+    });
+    if (promiseAllLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Unbounded Promise.all with dynamic array",
+            description: "Using Promise.all with a mapped array without concurrency limits can overwhelm resources (database connections, API rate limits, memory).",
+            lineNumbers: promiseAllLines,
+            recommendation: "Use a concurrency limiter (p-limit, p-map with concurrency option) or batch the operations. Consider Promise.allSettled for fault tolerance.",
+            reference: "Node.js Concurrency Patterns",
+        });
+    }
+    // Detect shared mutable state
+    const globalMutableLines = [];
+    const globalVarPattern = /^(?:let|var)\s+\w+\s*=\s*(?:\[|\{|0|""|\d)/i;
+    lines.forEach((line, i) => {
+        if (globalVarPattern.test(line.trim())) {
+            // Check if used in async context
+            const restOfFile = lines.slice(i + 1).join("\n");
+            const varName = line.trim().match(/(?:let|var)\s+(\w+)/)?.[1];
+            if (varName && /async\s|\.then\s*\(/i.test(restOfFile) && new RegExp(`\\b${varName}\\b`).test(restOfFile)) {
+                globalMutableLines.push(i + 1);
+            }
+        }
+    });
+    if (globalMutableLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Shared mutable state in async context",
+            description: "Module-level mutable variables accessed from async functions can cause race conditions and data corruption.",
+            lineNumbers: globalMutableLines,
+            recommendation: "Use request-scoped/context-scoped state, atomic operations, or proper synchronization mechanisms instead of shared mutable variables.",
+            reference: "Concurrency: Shared State Hazards",
+        });
+    }
+    // Detect missing await
+    const missingAwaitLines = [];
+    lines.forEach((line, i) => {
+        // Detect promise-returning calls without await in async context
+        if (/^\s*\w+\.(save|update|delete|insert|remove|send|post|put|fetch)\s*\(/i.test(line) && !/await|return|\.then|\.catch/i.test(line)) {
+            // Check if we're in an async function
+            const prevCode = lines.slice(Math.max(0, i - 20), i).join("\n");
+            if (/async\s+(?:function|\(|=>)/i.test(prevCode)) {
+                missingAwaitLines.push(i + 1);
+            }
+        }
+    });
+    if (missingAwaitLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Potentially missing await on async operation",
+            description: "Async operations without await fire-and-forget, meaning errors are silently lost and operations may not complete before the response is sent.",
+            lineNumbers: missingAwaitLines,
+            recommendation: "Add await to async operations, or explicitly handle the returned promise with .catch(). Use ESLint's no-floating-promises rule.",
+            reference: "Async/Await Error Handling",
+        });
+    }
+    // Detect async operations in loops without understanding of ordering
+    const awaitInLoopLines = [];
+    lines.forEach((line, i) => {
+        if (/for\s*\(|for\s+await|while\s*\(/.test(line)) {
+            const loopBody = lines.slice(i + 1, Math.min(lines.length, i + 15)).join("\n");
+            const awaitCount = (loopBody.match(/await\s/g) || []).length;
+            if (awaitCount > 0) {
+                awaitInLoopLines.push(i + 1);
+            }
+        }
+    });
+    if (awaitInLoopLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Sequential await in loop",
+            description: "Using await inside a loop processes items sequentially. If operations are independent, this unnecessarily serializes them.",
+            lineNumbers: awaitInLoopLines,
+            recommendation: "For independent operations, collect promises and use Promise.all() (with concurrency limits). Keep sequential only if order matters.",
+            reference: "Async Patterns: Parallel vs Sequential",
+        });
+    }
+    // Detect setInterval without cleanup
+    const setIntervalLines = [];
+    lines.forEach((line, i) => {
+        if (/setInterval\s*\(/i.test(line)) {
+            setIntervalLines.push(i + 1);
+        }
+    });
+    const hasClearInterval = /clearInterval/i.test(code);
+    if (setIntervalLines.length > 0 && !hasClearInterval) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "setInterval without clearInterval",
+            description: "Intervals without cleanup continue running after the component/module is no longer needed, causing memory leaks and unexpected behavior.",
+            lineNumbers: setIntervalLines,
+            recommendation: "Store the interval ID and call clearInterval in cleanup/unmount/dispose handlers.",
+            reference: "Resource Cleanup Patterns",
+        });
+    }
+    // Detect race condition patterns with read-modify-write
+    const readModifyWriteLines = [];
+    lines.forEach((line, i) => {
+        if (/await\s+\w+\.(get|find|read|load)\s*\(/i.test(line)) {
+            const nextLines = lines.slice(i + 1, Math.min(lines.length, i + 10)).join("\n");
+            if (/await\s+\w+\.(save|update|set|write|put)\s*\(/i.test(nextLines)) {
+                readModifyWriteLines.push(i + 1);
+            }
+        }
+    });
+    if (readModifyWriteLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Potential read-modify-write race condition",
+            description: "Reading a value, modifying it, and writing it back without atomicity can cause lost updates when concurrent operations overlap.",
+            lineNumbers: readModifyWriteLines,
+            recommendation: "Use atomic operations (findOneAndUpdate, INCR), optimistic locking (version field), or database transactions.",
+            reference: "Race Conditions / Optimistic Concurrency Control",
+        });
+    }
+    // Detect worker/thread creation without pool
+    const workerLines = [];
+    lines.forEach((line, i) => {
+        if (/new\s+Worker\s*\(|new\s+Thread\s*\(|threading\.Thread\s*\(|Thread\.start/i.test(line)) {
+            workerLines.push(i + 1);
+        }
+    });
+    const hasPool = /pool|WorkerPool|ThreadPool|threadpool|ExecutorService/i.test(code);
+    if (workerLines.length > 0 && !hasPool) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Worker/thread creation without pooling",
+            description: "Creating new workers or threads per request is expensive and can exhaust system resources under load.",
+            lineNumbers: workerLines,
+            recommendation: "Use a worker/thread pool with a bounded size. Reuse workers for subsequent tasks.",
+            reference: "Thread Pool Pattern / Worker Pools",
+        });
+    }
+    // Detect callback-based async mixed with promises
+    const mixedAsyncLines = [];
+    lines.forEach((line, i) => {
+        if (/function\s*\(\s*(?:err|error)\s*,\s*(?:data|result|res)\s*\)/i.test(line)) {
+            const context = lines.slice(Math.max(0, i - 10), i).join("\n");
+            if (/async\s|Promise|\.then\s*\(/i.test(context)) {
+                mixedAsyncLines.push(i + 1);
+            }
+        }
+    });
+    if (mixedAsyncLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Mixed callback and promise async patterns",
+            description: "Mixing callbacks with promises/async-await in the same code path is error-prone and makes error handling inconsistent.",
+            lineNumbers: mixedAsyncLines,
+            recommendation: "Standardize on async/await. Wrap callback-based APIs with util.promisify() or manual Promise wrappers.",
+            reference: "Node.js util.promisify / Async Patterns",
+        });
+    }
+    // Detect mutex/lock-free concurrent data access
+    const concurrentDataLines = [];
+    lines.forEach((line, i) => {
+        if (/(?:Map|Set|Array|Object)\s*\(\s*\)/i.test(line) && /shared|global|cache|store|registry/i.test(line)) {
+            const restOfFile = lines.slice(i + 1).join("\n");
+            if (/async\s|Promise|\.then\s*\(/i.test(restOfFile) && !/mutex|lock|semaphore|synchronized|atomic/i.test(restOfFile)) {
+                concurrentDataLines.push(i + 1);
+            }
+        }
+    });
+    if (concurrentDataLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Shared data structure without synchronization",
+            description: "Data structures labeled as shared/global/cache are used in async contexts without any synchronization mechanism.",
+            lineNumbers: concurrentDataLines,
+            recommendation: "Use ConcurrentHashMap (Java), Mutex/RWLock (Go/Rust), or atomic operations. In Node.js, consider request-scoped state.",
+            reference: "Concurrent Data Access Patterns",
+        });
+    }
+    // Detect deadlock-prone patterns (nested locks/awaits)
+    const nestedAwaitLines = [];
+    lines.forEach((line, i) => {
+        if (/await\s+.*lock|acquire\s*\(/i.test(line)) {
+            const innerBlock = lines.slice(i + 1, Math.min(lines.length, i + 20)).join("\n");
+            if (/await\s+.*lock|acquire\s*\(/i.test(innerBlock)) {
+                nestedAwaitLines.push(i + 1);
+            }
+        }
+    });
+    if (nestedAwaitLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Potential deadlock: nested lock acquisition",
+            description: "Acquiring locks inside other lock scopes can cause deadlocks when two operations acquire locks in different orders.",
+            lineNumbers: nestedAwaitLines,
+            recommendation: "Acquire locks in a consistent order, use lock-free algorithms, or use a single coarser lock. Add deadlock detection/timeouts.",
+            reference: "Deadlock Prevention / Lock Ordering",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=concurrency.js.map

package/dist/evaluators/concurrency.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"concurrency.js","sourceRoot":"","sources":["../../src/evaluators/concurrency.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAgB;IAC/D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC;IACtB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,+BAA+B;IAC/B,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1F,IAAI,CAAC,6DAA6D,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjF,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,0CAA0C;YACjD,WAAW,EAAE,2IAA2I;YACxJ,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,8BAA8B;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,kBAAkB,GAAa,EAAE,CAAC;IACxC,MAAM,gBAAgB,GAAG,6CAA6C,CAAC;IACvE,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YACvC,iCAAiC;YACjC,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,OAAO,IAAI,sBAAsB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1G,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,uCAAuC;YAC9C,WAAW,EAAE,6GAA6G;YAC1H,WAAW,EAAE,kBAAkB;YAC/B,cAAc,EAAE,uIAAuI;YACvJ,SAAS,EAAE,mCAAmC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,uBAAuB;IACvB,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,gEAAgE;QAChE,IAAI,uEAAuE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACrI,sCAAsC;YACtC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,IAAI,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjD,iBAAiB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,+IAA+I;YAC5J,WAAW,EAAE,iBAAiB;YAC9B,cAAc,EAAE,iIAAiI;YACjJ,SAAS,EAAE,4BAA4B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,qEAAqE;IACrE,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjD,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,UAAU,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;YAC7D,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;gBACnB,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,0BAA0B;YACjC,WAAW,EAAE,4HAA4H;YACzI,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,sIAAsI;YACtJ,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,qCAAqC;IACrC,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EAAE,0IAA0I;YACvJ,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,mFAAmF;YACnG,SAAS,EAAE,2BAA2B;SACvC,CAAC,CAAC;IACL,CAAC;IAED,wDAAwD;IACxD,MAAM,oBAAoB,GAAa,EAAE,CAAC;IAC1C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChF,IAAI,gDAAgD,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrE,oBAAoB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,4CAA4C;YACnD,WAAW,EAAE,iIAAiI;YAC9I,WAAW,EAAE,oBAAoB;YACjC,cAAc,EAAE,+GAA+G;YAC/H,SAAS,EAAE,kDAAkD;SAC9D,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,MAAM,WAAW,GAAa,EAAE,CAAC;IACjC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,2EAA2E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3F,WAAW,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,uGAAuG;YACpH,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,mFAAmF;YACnG,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,kDAAkD;IAClD,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,+DAA+D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/E,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/D,IAAI,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,2CAA2C;YAClD,WAAW,EAAE,wHAAwH;YACrI,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,wGAAwG;YACxH,SAAS,EAAE,yCAAyC;SACrD,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,MAAM,mBAAmB,GAAa,EAAE,CAAC;IACzC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,qCAAqC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzG,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,8BAA8B,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,2CAA2C,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACrH,mBAAmB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,kHAAkH;YAC/H,WAAW,EAAE,mBAAmB;YAChC,cAAc,EAAE,wHAAwH;YACxI,SAAS,EAAE,iCAAiC;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjF,IAAI,8BAA8B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;gBACpD,gBAAgB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IACH,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,6CAA6C;YACpD,WAAW,EAAE,qHAAqH;YAClI,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,+HAA+H;YAC/I,SAAS,EAAE,qCAAqC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/cost-effectiveness.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeCostEffectiveness(code: string, language: string): Finding[];
+//# sourceMappingURL=cost-effectiveness.d.ts.map

package/dist/evaluators/cost-effectiveness.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-effectiveness.d.ts","sourceRoot":"","sources":["../../src/evaluators/cost-effectiveness.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAyNlF"}