@kevinrabun/judges 1.2.0 → 1.4.0

package/README.md

@@ -1,6 +1,6 @@
 # Judges Panel
 
-An MCP (Model Context Protocol) server that provides a panel of **18 specialized judges** to evaluate AI-generated code — acting as an independent quality gate regardless of which project is being reviewed.
+An MCP (Model Context Protocol) server that provides a panel of **30 specialized judges** to evaluate AI-generated code — acting as an independent quality gate regardless of which project is being reviewed.
 
 [![CI](https://github.com/KevinRabun/judges/actions/workflows/ci.yml/badge.svg)](https://github.com/KevinRabun/judges/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/@kevinrabun/judges)](https://www.npmjs.com/package/@kevinrabun/judges)
@@ -21,7 +21,7 @@ npm run build
 
 ### 2. Try the Demo
 
-Run the included demo to see all 18 judges evaluate a purposely flawed API server:
+Run the included demo to see all 30 judges evaluate a purposely flawed API server:
 
 ```bash
 npm run demo
@@ -41,7 +41,7 @@ This evaluates [`examples/sample-vulnerable-api.ts`](examples/sample-vulnerable-
   Critical Issues : 15
   High Issues     : 17
   Total Findings  : 83
-  Judges Run      : 18
+  Judges Run      : 30
 
   Per-Judge Breakdown:
   ────────────────────────────────────────────────────────────────
@@ -63,6 +63,18 @@ This evaluates [`examples/sample-vulnerable-api.ts`](examples/sample-vulnerable-
   ⚠️  Judge Dependency Health        90/100    1 finding(s)
   ❌ Judge Concurrency               44/100    4 finding(s)
   ❌ Judge Ethics & Bias             65/100    2 finding(s)
+  ❌ Judge Maintainability           52/100    4 finding(s)
+  ❌ Judge Error Handling            27/100    3 finding(s)
+  ❌ Judge Authentication             0/100    4 finding(s)
+  ❌ Judge Database                   0/100    5 finding(s)
+  ❌ Judge Caching                   62/100    3 finding(s)
+  ❌ Judge Configuration Mgmt         0/100    3 finding(s)
+  ⚠️  Judge Backwards Compat         80/100    2 finding(s)
+  ⚠️  Judge Portability              72/100    2 finding(s)
+  ❌ Judge UX                        52/100    4 finding(s)
+  ❌ Judge Logging Privacy            0/100    4 finding(s)
+  ❌ Judge Rate Limiting             27/100    4 finding(s)
+  ⚠️  Judge CI/CD                    80/100    2 finding(s)
 ```
 
 ### 3. Run the Tests
@@ -71,7 +83,7 @@ This evaluates [`examples/sample-vulnerable-api.ts`](examples/sample-vulnerable-
 npm test
 ```
 
-Runs 184 automated tests covering all 18 judges, markdown formatters, and edge cases.
+Runs automated tests covering all 30 judges, markdown formatters, and edge cases.
 
 ### 4. Connect to Your Editor
 
@@ -135,6 +147,18 @@ Then use `judges` as the command in your MCP config (no `args` needed).
 | **Dependency Health** | Dependency Management | `DEPS-` | Version pinning, deprecated packages, supply chain |
 | **Concurrency** | Concurrency & Async Safety | `CONC-` | Race conditions, unbounded parallelism, missing await |
 | **Ethics & Bias** | Ethics & Bias | `ETHICS-` | Demographic logic, dark patterns, inclusive language |
+| **Maintainability** | Code Maintainability & Technical Debt | `MAINT-` | Any types, magic numbers, deep nesting, dead code, file length |
+| **Error Handling** | Error Handling & Fault Tolerance | `ERR-` | Empty catch blocks, missing error handlers, swallowed errors |
+| **Authentication** | Authentication & Authorization | `AUTH-` | Hardcoded creds, missing auth middleware, token in query params |
+| **Database** | Database Design & Query Efficiency | `DB-` | SQL injection, N+1 queries, connection pooling, transactions |
+| **Caching** | Caching Strategy & Data Freshness | `CACHE-` | Unbounded caches, missing TTL, no HTTP cache headers |
+| **Configuration Mgmt** | Configuration & Secrets Management | `CFG-` | Hardcoded secrets, missing env vars, config validation |
+| **Backwards Compat** | Backwards Compatibility & Versioning | `COMPAT-` | API versioning, breaking changes, response consistency |
+| **Portability** | Platform Portability & Vendor Independence | `PORTA-` | OS-specific paths, vendor lock-in, hardcoded hosts |
+| **UX** | User Experience & Interface Quality | `UX-` | Loading states, error messages, pagination, destructive actions |
+| **Logging Privacy** | Logging Privacy & Data Redaction | `LOGPRIV-` | PII in logs, token logging, structured logging, redaction |
+| **Rate Limiting** | Rate Limiting & Throttling | `RATE-` | Missing rate limits, unbounded queries, backoff strategy |
+| **CI/CD** | CI/CD Pipeline & Deployment Safety | `CICD-` | Test infrastructure, lint config, Docker tags, build scripts |
 
 ---
 
@@ -173,7 +197,7 @@ When your AI coding assistant connects to multiple MCP servers, each one contrib
 
 | Layer | What It Does | Example Servers |
 |-------|-------------|-----------------|
-| **Judges Panel** | 18-judge quality gate — security patterns, cost, scalability, a11y, compliance, ethics | This server |
+| **Judges Panel** | 30-judge quality gate — security patterns, cost, scalability, a11y, compliance, ethics | This server |
 | **AST Analysis** | Deep structural analysis — data flow, complexity metrics, dead code, type tracking | Tree-sitter, Semgrep, SonarQube MCP servers |
 | **CVE / SBOM** | Vulnerability scanning against live databases — known CVEs, license risks, supply chain | OSV, Snyk, Trivy, Grype MCP servers |
 | **Linting** | Language-specific style and correctness rules | ESLint, Ruff, Clippy MCP servers |
@@ -209,7 +233,7 @@ Each server returns structured findings. The AI synthesizes everything into a si
 List all available judges with their domains and descriptions.
 
 ### `evaluate_code`
-Submit code to the **full judges panel**. All 18 judges evaluate independently and return a combined verdict.
+Submit code to the **full judges panel**. All 30 judges evaluate independently and return a combined verdict.
 
 | Parameter | Type | Required | Description |
 |-----------|------|----------|-------------|
@@ -229,7 +253,7 @@ Submit code to a **specific judge** for targeted review.
 
 #### Judge IDs
 
-`data-security` · `cybersecurity` · `cost-effectiveness` · `scalability` · `cloud-readiness` · `software-practices` · `accessibility` · `api-design` · `reliability` · `observability` · `performance` · `compliance` · `testing` · `documentation` · `internationalization` · `dependency-health` · `concurrency` · `ethics-bias`
+`data-security` · `cybersecurity` · `cost-effectiveness` · `scalability` · `cloud-readiness` · `software-practices` · `accessibility` · `api-design` · `reliability` · `observability` · `performance` · `compliance` · `testing` · `documentation` · `internationalization` · `dependency-health` · `concurrency` · `ethics-bias` · `maintainability` · `error-handling` · `authentication` · `database` · `caching` · `configuration-management` · `backwards-compatibility` · `portability` · `ux` · `logging-privacy` · `rate-limiting` · `ci-cd`
 
 ---
 
@@ -257,7 +281,19 @@ Each judge has a corresponding prompt for LLM-powered deep analysis:
 | `judge-dependency-health` | Deep dependency health review |
 | `judge-concurrency` | Deep concurrency & async safety review |
 | `judge-ethics-bias` | Deep ethics & bias review |
-| `full-tribunal` | All 18 judges in a single prompt |
+| `judge-maintainability` | Deep maintainability & tech debt review |
+| `judge-error-handling` | Deep error handling review |
+| `judge-authentication` | Deep authentication & authorization review |
+| `judge-database` | Deep database design & query review |
+| `judge-caching` | Deep caching strategy review |
+| `judge-configuration-management` | Deep configuration & secrets review |
+| `judge-backwards-compatibility` | Deep backwards compatibility review |
+| `judge-portability` | Deep platform portability review |
+| `judge-ux` | Deep user experience review |
+| `judge-logging-privacy` | Deep logging privacy review |
+| `judge-rate-limiting` | Deep rate limiting review |
+| `judge-ci-cd` | Deep CI/CD pipeline review |
+| `full-tribunal` | All 30 judges in a single prompt |
 
 ---
 
@@ -278,7 +314,7 @@ Each judge scores the code from **0 to 100**:
 - **WARNING** — Any high finding, any medium finding, or score < 80
 - **PASS** — Score ≥ 80 with no critical, high, or medium findings
 
-The **overall tribunal score** is the average of all 18 judges. The overall verdict fails if **any** judge fails.
+The **overall tribunal score** is the average of all 30 judges. The overall verdict fails if **any** judge fails.
 
 ---
 
@@ -292,12 +328,12 @@ judges/
 │   ├── evaluators/           # Pattern-based analysis engine for each judge
 │   │   ├── index.ts          # evaluateWithJudge(), evaluateWithTribunal()
 │   │   ├── shared.ts         # Scoring, verdict logic, markdown formatters
-│   │   └── *.ts              # One analyzer per judge (18 files)
+│   │   └── *.ts              # One analyzer per judge (30 files)
 │   └── judges/               # Judge definitions (id, name, domain, system prompt)
 │       ├── index.ts          # JUDGES array, getJudge(), getJudgeSummaries()
-│       └── *.ts              # One definition per judge (18 files)
+│       └── *.ts              # One definition per judge (30 files)
 ├── examples/
-│   ├── sample-vulnerable-api.ts  # Intentionally flawed code (triggers all 18 judges)
+│   ├── sample-vulnerable-api.ts  # Intentionally flawed code (triggers all 30 judges)
 │   └── demo.ts                   # Run: npm run demo
 ├── tests/
 │   └── judges.test.ts            # Run: npm test (184 tests)
@@ -315,7 +351,7 @@ judges/
 |---------|-------------|
 | `npm run build` | Compile TypeScript to `dist/` |
 | `npm run dev` | Watch mode — recompile on save |
-| `npm test` | Run the full test suite (184 tests) |
+| `npm test` | Run the full test suite |
 | `npm run demo` | Run the sample tribunal demo |
 | `npm start` | Start the MCP server |
 | `npm run clean` | Remove `dist/` |

package/dist/evaluators/authentication.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeAuthentication(code: string, language: string): Finding[];
+//# sourceMappingURL=authentication.d.ts.map

package/dist/evaluators/authentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CAoL/E"}

package/dist/evaluators/authentication.js

@@ -0,0 +1,170 @@
+import { getLineNumbers } from "./shared.js";
+export function analyzeAuthentication(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "AUTH";
+    // Hardcoded credentials
+    const credentialPattern = /(?:password|passwd|pwd|secret|api_?key|apikey|token|auth_?token)\s*[:=]\s*["'`][^"'`]{3,}/gi;
+    const credentialLines = getLineNumbers(code, credentialPattern);
+    if (credentialLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Hardcoded credentials in source code",
+            description: `Found ${credentialLines.length} instance(s) of what appears to be hardcoded credentials. Credentials in source code are exposed in version control and cannot be rotated without redeployment.`,
+            lineNumbers: credentialLines,
+            recommendation: "Use environment variables or a secrets manager (Azure Key Vault, AWS Secrets Manager, HashiCorp Vault). Never commit credentials to version control.",
+            reference: "OWASP: Credential Management / CWE-798",
+        });
+    }
+    // No auth middleware on routes
+    const hasRoutes = /app\.(get|post|put|delete|patch)\s*\(\s*["'`]/gi.test(code);
+    const hasAuthMiddleware = /(?:authenticate|authorize|requireAuth|ensureAuth|isAuthenticated|verifyToken|passport\.authenticate|jwt\.verify|auth\(\)|protect|guard|requireLogin)/gi.test(code);
+    if (hasRoutes && !hasAuthMiddleware && code.split("\n").length > 20) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "API routes without authentication middleware",
+            description: "API endpoints are defined without any visible authentication middleware. Any client can access these endpoints without proving their identity.",
+            recommendation: "Apply authentication middleware to routes that require it. Use app.use(authMiddleware) for global protection or per-route middleware for selective protection.",
+            reference: "OWASP API Security Top 10: API2 — Broken Authentication",
+        });
+    }
+    // Token in query parameters
+    const tokenQueryPattern = /req\.query\.(?:token|api_?key|auth|secret|password|access_token)/gi;
+    const tokenQueryLines = getLineNumbers(code, tokenQueryPattern);
+    if (tokenQueryLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Sensitive tokens passed in query parameters",
+            description: "Authentication tokens or API keys are read from query parameters. Query params appear in server logs, browser history, referrer headers, and proxy logs.",
+            lineNumbers: tokenQueryLines,
+            recommendation: "Pass tokens in the Authorization header (Bearer scheme) or in httpOnly cookies. Never use query parameters for sensitive credentials.",
+            reference: "OWASP: Transport Layer Security / RFC 6750",
+        });
+    }
+    // Weak password hashing
+    const weakHashPattern = /createHash\s*\(\s*["'`](?:md5|sha1|sha256)["'`]\)|(?:md5|sha1)\s*\(/gi;
+    const weakHashLines = getLineNumbers(code, weakHashPattern);
+    if (weakHashLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "Weak hashing algorithm for credentials",
+            description: "MD5, SHA1, or SHA256 are fast hash algorithms unsuitable for password storage. They can be brute-forced at billions of hashes per second.",
+            lineNumbers: weakHashLines,
+            recommendation: "Use bcrypt, scrypt, or Argon2 for password hashing. These algorithms are intentionally slow and include salt by default.",
+            reference: "OWASP Password Storage Cheat Sheet / NIST 800-63b",
+        });
+    }
+    // No RBAC / authorization checks
+    const hasRoleCheck = /role|permission|isAdmin|isOwner|canAccess|authorize|requiredRole|hasPermission|checkPermission/gi.test(code);
+    if (hasRoutes && !hasRoleCheck && code.split("\n").length > 40) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No authorization / role-based access control detected",
+            description: "No role or permission checks found. Without authorization, any authenticated user could access any resource, including admin functions.",
+            recommendation: "Implement role-based access control (RBAC) or attribute-based access control (ABAC). Check permissions at each endpoint or resource access.",
+            reference: "OWASP API Security Top 10: API5 — Broken Function Level Authorization",
+        });
+    }
+    // JWT without verification
+    const hasJwt = /jwt|jsonwebtoken|jose/gi.test(code);
+    const hasJwtVerify = /jwt\.verify|jwtVerify|verifyToken|jose\.jwtVerify/gi.test(code);
+    const hasJwtSign = /jwt\.sign|jwtSign|signToken/gi.test(code);
+    if (hasJwt && hasJwtSign && !hasJwtVerify) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "JWT tokens signed but never verified",
+            description: "JWT tokens are being created but no verification logic is visible. Tokens could be tampered with or forged without the server detecting it.",
+            recommendation: "Always verify JWT tokens on every request: check signature, expiration (exp), issuer (iss), and audience (aud).",
+            reference: "RFC 7519: JWT / OWASP JWT Cheat Sheet",
+        });
+    }
+    // Disabled TLS / certificate validation
+    const tlsDisabledPattern = /NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*["'`]?0|rejectUnauthorized\s*:\s*false|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true/gi;
+    const tlsLines = getLineNumbers(code, tlsDisabledPattern);
+    if (tlsLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "critical",
+            title: "TLS certificate validation disabled",
+            description: "TLS certificate verification is disabled, allowing man-in-the-middle attacks. Authentication credentials sent over this connection can be intercepted.",
+            lineNumbers: tlsLines,
+            recommendation: "Never disable TLS verification in production. Fix certificate issues properly. Use CA bundles for self-signed certs in development only.",
+            reference: "CWE-295: Improper Certificate Validation",
+        });
+    }
+    // No session expiration / no token expiry
+    const hasSession = /session|express-session|cookie-session|SessionMiddleware/gi.test(code);
+    const hasExpiry = /maxAge|expires|expiresIn|exp:|ttl|timeout.*session|cookie.*max/gi.test(code);
+    if (hasSession && !hasExpiry) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Sessions without expiration configured",
+            description: "Session middleware is used without visible expiration settings. Sessions that never expire allow stolen session tokens to be used indefinitely.",
+            recommendation: "Set session maxAge (e.g., 30 minutes for sensitive apps). Implement idle timeout. Invalidate sessions on password change or logout.",
+            reference: "OWASP Session Management Cheat Sheet",
+        });
+    }
+    // Weak password policy — no complexity enforcement
+    const hasUserRegistration = /register|signup|sign.?up|createUser|create.*user|new.*user/gi.test(code);
+    const hasPasswordPolicy = /minLength|minimum.*length|password.*length|complexity|strongPassword|zxcvbn|password.*policy|password.*require/gi.test(code);
+    if (hasUserRegistration && !hasPasswordPolicy) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No password complexity enforcement",
+            description: "User registration logic without visible password policy. Users can set weak passwords like '123456' or 'password', which are trivially guessable.",
+            recommendation: "Enforce minimum password length (12+ chars), check against known breached passwords (HaveIBeenPwned API), and use a strength estimator like zxcvbn.",
+            reference: "NIST 800-63b / OWASP Password Guidelines",
+        });
+    }
+    // No account lockout after failed attempts
+    const hasLogin = /login|signin|sign.?in|authenticate|verifyPassword|checkPassword/gi.test(code);
+    const hasLockout = /lockout|lock.*out|attempt|maxAttempt|failedAttempt|rateLimitLogin|brute.?force|account.*lock/gi.test(code);
+    if (hasLogin && !hasLockout) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "No account lockout after failed login attempts",
+            description: "Login logic without account lockout or rate limiting. Attackers can brute-force passwords by trying unlimited login attempts.",
+            recommendation: "Implement progressive delays or temporary lockout after 5-10 failed attempts. Use rate limiting on login endpoints. Consider CAPTCHA for repeated failures.",
+            reference: "OWASP Brute Force Prevention / CWE-307",
+        });
+    }
+    // Cookie without Secure and HttpOnly flags
+    const cookiePattern = /(?:cookie|Cookie|set-cookie|setCookie|res\.cookie)\s*\(/gi;
+    const cookieLines = getLineNumbers(code, cookiePattern);
+    const hasSecureFlags = /secure\s*:\s*true|httpOnly\s*:\s*true|HttpOnly|Secure/g.test(code);
+    if (cookieLines.length > 0 && !hasSecureFlags) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "Cookies set without Secure/HttpOnly flags",
+            description: "Cookies are set without Secure (HTTPS-only) or HttpOnly (no JS access) flags. This exposes cookies to interception and XSS-based theft.",
+            lineNumbers: cookieLines,
+            recommendation: "Set cookies with { secure: true, httpOnly: true, sameSite: 'strict' }. Use Secure for all auth cookies. HttpOnly prevents JavaScript access.",
+            reference: "OWASP Secure Cookie Best Practices / CWE-614",
+        });
+    }
+    // No CSRF protection
+    const hasFormPost = /app\.post\s*\(|method\s*=\s*["']POST/gi.test(code);
+    const hasCsrf = /csrf|csurf|xsrf|_token|csrfToken|antiForgery|X-CSRF|X-XSRF/gi.test(code);
+    if (hasFormPost && !hasCsrf && hasSession) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "high",
+            title: "No CSRF protection on form submissions",
+            description: "POST endpoints with session-based auth but no CSRF tokens. Attackers can craft pages that submit forms on behalf of authenticated users.",
+            recommendation: "Use CSRF tokens (csurf middleware, Django CSRF, Rails authenticity_token). Set SameSite=Strict on cookies. Use custom headers for API calls.",
+            reference: "OWASP CSRF Prevention Cheat Sheet / CWE-352",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=authentication.js.map

package/dist/evaluators/authentication.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.js","sourceRoot":"","sources":["../../src/evaluators/authentication.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,UAAU,qBAAqB,CAAC,IAAY,EAAE,QAAgB;IAClE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,MAAM,CAAC;IAEtB,wBAAwB;IACxB,MAAM,iBAAiB,GAAG,6FAA6F,CAAC;IACxH,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAChE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,SAAS,eAAe,CAAC,MAAM,iKAAiK;YAC7M,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,sJAAsJ;YACtK,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,SAAS,GAAG,iDAAiD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/E,MAAM,iBAAiB,GAAG,wJAAwJ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9L,IAAI,SAAS,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,8CAA8C;YACrD,WAAW,EAAE,gJAAgJ;YAC7J,cAAc,EAAE,gKAAgK;YAChL,SAAS,EAAE,yDAAyD;SACrE,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,iBAAiB,GAAG,oEAAoE,CAAC;IAC/F,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAChE,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,6CAA6C;YACpD,WAAW,EAAE,0JAA0J;YACvK,WAAW,EAAE,eAAe;YAC5B,cAAc,EAAE,uIAAuI;YACvJ,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,wBAAwB;IACxB,MAAM,eAAe,GAAG,uEAAuE,CAAC;IAChG,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,2IAA2I;YACxJ,WAAW,EAAE,aAAa;YAC1B,cAAc,EAAE,0HAA0H;YAC1I,SAAS,EAAE,mDAAmD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,MAAM,YAAY,GAAG,kGAAkG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnI,IAAI,SAAS,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC/D,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,yIAAyI;YACtJ,cAAc,EAAE,6IAA6I;YAC7J,SAAS,EAAE,uEAAuE;SACnF,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,MAAM,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,qDAAqD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtF,MAAM,UAAU,GAAG,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9D,IAAI,MAAM,IAAI,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,6IAA6I;YAC1J,cAAc,EAAE,iHAAiH;YACjI,SAAS,EAAE,uCAAuC;SACnD,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,kBAAkB,GAAG,8HAA8H,CAAC;IAC1J,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,UAAU;YACpB,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,wJAAwJ;YACrK,WAAW,EAAE,QAAQ;YACrB,cAAc,EAAE,0IAA0I;YAC1J,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,UAAU,GAAG,4DAA4D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,MAAM,SAAS,GAAG,kEAAkE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,IAAI,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,iJAAiJ;YAC9J,cAAc,EAAE,qIAAqI;YACrJ,SAAS,EAAE,sCAAsC;SAClD,CAAC,CAAC;IACL,CAAC;IAED,mDAAmD;IACnD,MAAM,mBAAmB,GAAG,8DAA8D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtG,MAAM,iBAAiB,GAAG,kHAAkH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxJ,IAAI,mBAAmB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,oCAAoC;YAC3C,WAAW,EAAE,mJAAmJ;YAChK,cAAc,EAAE,qJAAqJ;YACrK,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,QAAQ,GAAG,mEAAmE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChG,MAAM,UAAU,GAAG,gGAAgG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/H,IAAI,QAAQ,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,gDAAgD;YACvD,WAAW,EAAE,+HAA+H;YAC5I,cAAc,EAAE,6JAA6J;YAC7K,SAAS,EAAE,wCAAwC;SACpD,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,MAAM,aAAa,GAAG,2DAA2D,CAAC;IAClF,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3F,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,2CAA2C;YAClD,WAAW,EAAE,yIAAyI;YACtJ,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,8CAA8C;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,MAAM,WAAW,GAAG,wCAAwC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,8DAA8D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1F,IAAI,WAAW,IAAI,CAAC,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,0IAA0I;YACvJ,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,6CAA6C;SACzD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/backwards-compatibility.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeBackwardsCompatibility(code: string, language: string): Finding[];
+//# sourceMappingURL=backwards-compatibility.d.ts.map

package/dist/evaluators/backwards-compatibility.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backwards-compatibility.d.ts","sourceRoot":"","sources":["../../src/evaluators/backwards-compatibility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,6BAA6B,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA0JvF"}

package/dist/evaluators/backwards-compatibility.js

@@ -0,0 +1,146 @@
+import { getLineNumbers } from "./shared.js";
+export function analyzeBackwardsCompatibility(code, language) {
+    const findings = [];
+    let ruleNum = 1;
+    const prefix = "COMPAT";
+    // No API versioning
+    const hasApiRoutes = /app\.(get|post|put|delete|patch)\s*\(\s*["'`]\/api\//gi.test(code);
+    const hasVersioning = /\/api\/v\d|\/v\d\/|api-version|x-api-version|accept-version/gi.test(code);
+    if (hasApiRoutes && !hasVersioning) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "API endpoints without versioning",
+            description: "API routes are defined under /api/ without a version prefix (e.g., /api/v1/). Without versioning, any changes to the API risk breaking existing consumers.",
+            recommendation: "Add version prefixes to API routes: /api/v1/users. This allows old and new versions to coexist during migration. Use URL, header, or query param versioning.",
+            reference: "API Versioning Best Practices / RESTful API Design",
+        });
+    }
+    // Deprecated API indicators without deprecation headers
+    const hasDeprecated = /deprecated|@deprecated|obsolete|legacy/gi.test(code);
+    const hasDeprecationHeader = /Deprecation|Sunset|X-Deprecated/gi.test(code);
+    if (hasDeprecated && !hasDeprecationHeader) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Deprecated code without API deprecation headers",
+            description: "Code is marked as deprecated in comments or annotations but no HTTP deprecation headers (Deprecation, Sunset) are set. API consumers won't know features are being retired.",
+            recommendation: "Set HTTP Deprecation and Sunset headers on deprecated endpoints. Document alternatives. Communicate timeline to consumers.",
+            reference: "RFC 8594: The Sunset HTTP Header / API Lifecycle Management",
+        });
+    }
+    // Direct field deletion in response objects
+    const deleteFieldPattern = /delete\s+\w+\.\w+/gi;
+    const deleteLines = getLineNumbers(code, deleteFieldPattern);
+    if (deleteLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Field deletion could break consumers",
+            description: "Fields are deleted from objects before sending responses. If this is an API response, removing previously available fields is a breaking change.",
+            lineNumbers: deleteLines,
+            recommendation: "Instead of deleting fields, use a response DTO/mapper that explicitly selects which fields to include. Version the API when removing fields.",
+            reference: "Backwards-Compatible API Evolution",
+        });
+    }
+    // Response type changes (sending different structures)
+    const mixedResponsePattern = /res\.json\s*\(\s*(?:\{|\[)/g;
+    const responseLines = getLineNumbers(code, /res\.json\s*\(/g);
+    if (responseLines.length > 2) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "info",
+            title: "Multiple response formats — verify contract consistency",
+            description: `Found ${responseLines.length} response points. Verify that all endpoints follow a consistent response envelope (e.g., { data, error, meta }). Inconsistent response shapes are a compatibility hazard.`,
+            lineNumbers: responseLines.slice(0, 5),
+            recommendation: "Use a consistent response envelope across all endpoints. Define response schemas (OpenAPI/Swagger) to enforce contracts.",
+            reference: "API Contract Design / JSON:API Specification",
+        });
+    }
+    // No semver in package version
+    const packageVersionPattern = /"version"\s*:\s*"(?:0\.0\.|[^"]*-alpha|[^"]*-beta)/gi;
+    const packageVersionLines = getLineNumbers(code, packageVersionPattern);
+    if (packageVersionLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "info",
+            title: "Pre-release version — backwards compatibility expectations unclear",
+            description: "Package version indicates a pre-release or 0.x version. Consumers may not know what compatibility guarantees exist.",
+            lineNumbers: packageVersionLines,
+            recommendation: "Document backwards compatibility policy. Use semver: major bumps for breaking changes, minor for features, patch for fixes.",
+            reference: "Semantic Versioning (semver.org)",
+        });
+    }
+    // Renamed or removed exports
+    const commentedExportPattern = /\/\/\s*export\s+(?:function|class|const|let|type|interface)\s+\w+/g;
+    const commentedExportLines = getLineNumbers(code, commentedExportPattern);
+    if (commentedExportLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Commented-out exports may indicate removed API surface",
+            description: `Found ${commentedExportLines.length} commented-out export(s). If these were previously published, removing them is a breaking change for consumers.`,
+            lineNumbers: commentedExportLines,
+            recommendation: "Re-export removed symbols as deprecated wrappers. Mark them @deprecated with a migration guide. Remove only in the next major version.",
+            reference: "Semantic Versioning / API Deprecation Lifecycle",
+        });
+    }
+    // Changed function signatures — optional to required parameter
+    const requiredAfterOptionalPattern = /\w+\?:\s*\w+[^)]*,\s*\w+\s*:\s*\w+/g;
+    const sigChangeLines = getLineNumbers(code, requiredAfterOptionalPattern);
+    if (sigChangeLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "Function signature with required params after optional — potential breaking change",
+            description: "Required parameters placed after optional parameters can break callers who relied on positional arguments.",
+            lineNumbers: sigChangeLines,
+            recommendation: "Keep required parameters before optional ones. Use options objects for functions with many parameters to allow adding fields without breaking callers.",
+            reference: "API Design: Function Signature Evolution",
+        });
+    }
+    // Enum/union type removals
+    const enumPattern = /enum\s+\w+\s*\{[^}]*\}/g;
+    const enumMatches = code.match(enumPattern) || [];
+    const hasDeprecatedEnumComment = /\/\/.*deprecated.*enum|\/\/.*removed.*value/gi.test(code);
+    if (enumMatches.length > 0 && hasDeprecatedEnumComment) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Enum value changes may break consumers",
+            description: "Enums with deprecated or removed values detected. Removing enum values is a breaking change for anything serializing or deserializing these values.",
+            recommendation: "Never remove enum values in minor releases. Mark values as deprecated. If numeric, keep the slot allocated. Provide migration mapping for removed values.",
+            reference: "Breaking Changes in Enums / Protocol Buffers Reserved Fields",
+        });
+    }
+    // Changing HTTP methods on endpoints (POST mapping doing DELETE work, etc.)
+    const deleteViaPostPattern = /app\.post\s*\([^)]*(?:delete|remove|destroy)/gi;
+    const deleteViaPostLines = getLineNumbers(code, deleteViaPostPattern);
+    if (deleteViaPostLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "low",
+            title: "HTTP method mismatch — destructive action via POST",
+            description: "Destructive operations (delete, remove) are exposed via POST instead of DELETE. If these were originally DELETE endpoints, the method change breaks REST clients.",
+            lineNumbers: deleteViaPostLines,
+            recommendation: "Use appropriate HTTP methods: DELETE for removal, PUT/PATCH for updates. If migrating methods, keep the old method working during a deprecation period.",
+            reference: "RESTful API Design / HTTP Method Semantics",
+        });
+    }
+    // Breaking serialization changes (renaming JSON fields)
+    const fieldRenamePattern = /\/\/\s*(?:renamed|was|previously|old name|formerly)\s*[:=]?\s*\w+/gi;
+    const fieldRenameLines = getLineNumbers(code, fieldRenamePattern);
+    if (fieldRenameLines.length > 0) {
+        findings.push({
+            ruleId: `${prefix}-${String(ruleNum++).padStart(3, "0")}`,
+            severity: "medium",
+            title: "Possible field rename — breaking serialization change",
+            description: `Found ${fieldRenameLines.length} comment(s) suggesting renamed fields. Renaming JSON response fields breaks API clients that depend on the old names.`,
+            lineNumbers: fieldRenameLines,
+            recommendation: "Include both old and new field names during a transition period. Mark the old field as deprecated. Remove only in the next major version.",
+            reference: "API Versioning / Backwards-Compatible JSON Evolution",
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=backwards-compatibility.js.map

package/dist/evaluators/backwards-compatibility.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"backwards-compatibility.js","sourceRoot":"","sources":["../../src/evaluators/backwards-compatibility.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,UAAU,6BAA6B,CAAC,IAAY,EAAE,QAAgB;IAC1E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,QAAQ,CAAC;IAExB,oBAAoB;IACpB,MAAM,YAAY,GAAG,wDAAwD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzF,MAAM,aAAa,GAAG,+DAA+D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjG,IAAI,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,kCAAkC;YACzC,WAAW,EAAE,4JAA4J;YACzK,cAAc,EAAE,8JAA8J;YAC9K,SAAS,EAAE,oDAAoD;SAChE,CAAC,CAAC;IACL,CAAC;IAED,wDAAwD;IACxD,MAAM,aAAa,GAAG,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5E,MAAM,oBAAoB,GAAG,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5E,IAAI,aAAa,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,iDAAiD;YACxD,WAAW,EAAE,6KAA6K;YAC1L,cAAc,EAAE,4HAA4H;YAC5I,SAAS,EAAE,6DAA6D;SACzE,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;IACjD,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAC7D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,kJAAkJ;YAC/J,WAAW,EAAE,WAAW;YACxB,cAAc,EAAE,8IAA8I;YAC9J,SAAS,EAAE,oCAAoC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,MAAM,oBAAoB,GAAG,6BAA6B,CAAC;IAC3D,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAC9D,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,yDAAyD;YAChE,WAAW,EAAE,SAAS,aAAa,CAAC,MAAM,2KAA2K;YACrN,WAAW,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;YACtC,cAAc,EAAE,0HAA0H;YAC1I,SAAS,EAAE,8CAA8C;SAC1D,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,MAAM,qBAAqB,GAAG,sDAAsD,CAAC;IACrF,MAAM,mBAAmB,GAAG,cAAc,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACxE,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,oEAAoE;YAC3E,WAAW,EAAE,qHAAqH;YAClI,WAAW,EAAE,mBAAmB;YAChC,cAAc,EAAE,6HAA6H;YAC7I,SAAS,EAAE,kCAAkC;SAC9C,CAAC,CAAC;IACL,CAAC;IAED,6BAA6B;IAC7B,MAAM,sBAAsB,GAAG,oEAAoE,CAAC;IACpG,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;IAC1E,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wDAAwD;YAC/D,WAAW,EAAE,SAAS,oBAAoB,CAAC,MAAM,iHAAiH;YAClK,WAAW,EAAE,oBAAoB;YACjC,cAAc,EAAE,wIAAwI;YACxJ,SAAS,EAAE,iDAAiD;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,+DAA+D;IAC/D,MAAM,4BAA4B,GAAG,qCAAqC,CAAC;IAC3E,MAAM,cAAc,GAAG,cAAc,CAAC,IAAI,EAAE,4BAA4B,CAAC,CAAC;IAC1E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,oFAAoF;YAC3F,WAAW,EAAE,4GAA4G;YACzH,WAAW,EAAE,cAAc;YAC3B,cAAc,EAAE,wJAAwJ;YACxK,SAAS,EAAE,0CAA0C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,2BAA2B;IAC3B,MAAM,WAAW,GAAG,yBAAyB,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,wBAAwB,GAAG,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5F,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,wBAAwB,EAAE,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,qJAAqJ;YAClK,cAAc,EAAE,2JAA2J;YAC3K,SAAS,EAAE,8DAA8D;SAC1E,CAAC,CAAC;IACL,CAAC;IAED,4EAA4E;IAC5E,MAAM,oBAAoB,GAAG,gDAAgD,CAAC;IAC9E,MAAM,kBAAkB,GAAG,cAAc,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;IACtE,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,KAAK;YACf,KAAK,EAAE,oDAAoD;YAC3D,WAAW,EAAE,mKAAmK;YAChL,WAAW,EAAE,kBAAkB;YAC/B,cAAc,EAAE,yJAAyJ;YACzK,SAAS,EAAE,4CAA4C;SACxD,CAAC,CAAC;IACL,CAAC;IAED,wDAAwD;IACxD,MAAM,kBAAkB,GAAG,qEAAqE,CAAC;IACjG,MAAM,gBAAgB,GAAG,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;IAClE,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACzD,QAAQ,EAAE,QAAQ;YAClB,KAAK,EAAE,uDAAuD;YAC9D,WAAW,EAAE,SAAS,gBAAgB,CAAC,MAAM,uHAAuH;YACpK,WAAW,EAAE,gBAAgB;YAC7B,cAAc,EAAE,2IAA2I;YAC3J,SAAS,EAAE,sDAAsD;SAClE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/evaluators/caching.d.ts

@@ -0,0 +1,3 @@
+import { Finding } from "../types.js";
+export declare function analyzeCaching(code: string, language: string): Finding[];
+//# sourceMappingURL=caching.d.ts.map

package/dist/evaluators/caching.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"caching.d.ts","sourceRoot":"","sources":["../../src/evaluators/caching.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,EAAE,CA0JxE"}