npm - @kevinrabun/judges - Versions diffs - 2.3.0 → 3.0.1 - Mend

@kevinrabun/judges 2.3.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

package/README.md +177 -12
package/dist/api.d.ts +40 -0
package/dist/api.d.ts.map +1 -0
package/dist/api.js +56 -0
package/dist/api.js.map +1 -0
package/dist/ast/cross-file-taint.d.ts +43 -0
package/dist/ast/cross-file-taint.d.ts.map +1 -0
package/dist/ast/cross-file-taint.js +713 -0
package/dist/ast/cross-file-taint.js.map +1 -0
package/dist/ast/index.d.ts +4 -0
package/dist/ast/index.d.ts.map +1 -1
package/dist/ast/index.js +5 -0
package/dist/ast/index.js.map +1 -1
package/dist/ast/structural-parser.d.ts.map +1 -1
package/dist/ast/structural-parser.js +66 -11
package/dist/ast/structural-parser.js.map +1 -1
package/dist/ast/taint-tracker.d.ts +35 -0
package/dist/ast/taint-tracker.d.ts.map +1 -0
package/dist/ast/taint-tracker.js +518 -0
package/dist/ast/taint-tracker.js.map +1 -0
package/dist/ast/types.d.ts +2 -0
package/dist/ast/types.d.ts.map +1 -1
package/dist/ast/typescript-ast.d.ts.map +1 -1
package/dist/ast/typescript-ast.js +25 -5
package/dist/ast/typescript-ast.js.map +1 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +10 -9
package/dist/config.js.map +1 -1
package/dist/dedup.d.ts +19 -0
package/dist/dedup.d.ts.map +1 -0
package/dist/dedup.js +222 -0
package/dist/dedup.js.map +1 -0
package/dist/errors.d.ts +37 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +57 -0
package/dist/errors.js.map +1 -0
package/dist/evaluators/accessibility.d.ts +1 -1
package/dist/evaluators/accessibility.d.ts.map +1 -1
package/dist/evaluators/accessibility.js +22 -16
package/dist/evaluators/accessibility.js.map +1 -1
package/dist/evaluators/agent-instructions.d.ts +1 -1
package/dist/evaluators/agent-instructions.d.ts.map +1 -1
package/dist/evaluators/agent-instructions.js +1 -2
package/dist/evaluators/agent-instructions.js.map +1 -1
package/dist/evaluators/ai-code-safety.d.ts +1 -1
package/dist/evaluators/ai-code-safety.d.ts.map +1 -1
package/dist/evaluators/ai-code-safety.js +2 -6
package/dist/evaluators/ai-code-safety.js.map +1 -1
package/dist/evaluators/api-design.d.ts +1 -1
package/dist/evaluators/api-design.d.ts.map +1 -1
package/dist/evaluators/api-design.js +2 -1
package/dist/evaluators/api-design.js.map +1 -1
package/dist/evaluators/app-builder.d.ts +34 -0
package/dist/evaluators/app-builder.d.ts.map +1 -0
package/dist/evaluators/app-builder.js +156 -0
package/dist/evaluators/app-builder.js.map +1 -0
package/dist/evaluators/authentication.d.ts +1 -1
package/dist/evaluators/authentication.d.ts.map +1 -1
package/dist/evaluators/authentication.js +2 -66
package/dist/evaluators/authentication.js.map +1 -1
package/dist/evaluators/backwards-compatibility.d.ts +1 -1
package/dist/evaluators/backwards-compatibility.d.ts.map +1 -1
package/dist/evaluators/backwards-compatibility.js.map +1 -1
package/dist/evaluators/caching.d.ts +1 -1
package/dist/evaluators/caching.d.ts.map +1 -1
package/dist/evaluators/caching.js.map +1 -1
package/dist/evaluators/ci-cd.d.ts +1 -1
package/dist/evaluators/ci-cd.d.ts.map +1 -1
package/dist/evaluators/ci-cd.js +4 -4
package/dist/evaluators/ci-cd.js.map +1 -1
package/dist/evaluators/cloud-readiness.d.ts +1 -1
package/dist/evaluators/cloud-readiness.d.ts.map +1 -1
package/dist/evaluators/cloud-readiness.js.map +1 -1
package/dist/evaluators/code-structure.d.ts +1 -1
package/dist/evaluators/code-structure.d.ts.map +1 -1
package/dist/evaluators/code-structure.js +2 -6
package/dist/evaluators/code-structure.js.map +1 -1
package/dist/evaluators/compliance.d.ts +1 -1
package/dist/evaluators/compliance.d.ts.map +1 -1
package/dist/evaluators/compliance.js +15 -6
package/dist/evaluators/compliance.js.map +1 -1
package/dist/evaluators/concurrency.d.ts +1 -1
package/dist/evaluators/concurrency.d.ts.map +1 -1
package/dist/evaluators/concurrency.js +9 -4
package/dist/evaluators/concurrency.js.map +1 -1
package/dist/evaluators/configuration-management.d.ts +1 -1
package/dist/evaluators/configuration-management.d.ts.map +1 -1
package/dist/evaluators/configuration-management.js +7 -2
package/dist/evaluators/configuration-management.js.map +1 -1
package/dist/evaluators/cost-effectiveness.d.ts +1 -1
package/dist/evaluators/cost-effectiveness.d.ts.map +1 -1
package/dist/evaluators/cost-effectiveness.js +1 -3
package/dist/evaluators/cost-effectiveness.js.map +1 -1
package/dist/evaluators/cybersecurity.d.ts +1 -1
package/dist/evaluators/cybersecurity.d.ts.map +1 -1
package/dist/evaluators/cybersecurity.js +50 -1
package/dist/evaluators/cybersecurity.js.map +1 -1
package/dist/evaluators/data-security.d.ts +1 -1
package/dist/evaluators/data-security.d.ts.map +1 -1
package/dist/evaluators/data-security.js +9 -66
package/dist/evaluators/data-security.js.map +1 -1
package/dist/evaluators/data-sovereignty.d.ts +1 -1
package/dist/evaluators/data-sovereignty.d.ts.map +1 -1
package/dist/evaluators/data-sovereignty.js +4 -2
package/dist/evaluators/data-sovereignty.js.map +1 -1
package/dist/evaluators/database.d.ts +1 -1
package/dist/evaluators/database.d.ts.map +1 -1
package/dist/evaluators/database.js +3 -1
package/dist/evaluators/database.js.map +1 -1
package/dist/evaluators/dependencies.d.ts +6 -0
package/dist/evaluators/dependencies.d.ts.map +1 -0
package/dist/evaluators/dependencies.js +204 -0
package/dist/evaluators/dependencies.js.map +1 -0
package/dist/evaluators/dependency-health.d.ts +1 -1
package/dist/evaluators/dependency-health.d.ts.map +1 -1
package/dist/evaluators/dependency-health.js +198 -6
package/dist/evaluators/dependency-health.js.map +1 -1
package/dist/evaluators/documentation.d.ts +1 -1
package/dist/evaluators/documentation.d.ts.map +1 -1
package/dist/evaluators/documentation.js +5 -2
package/dist/evaluators/documentation.js.map +1 -1
package/dist/evaluators/error-handling.d.ts +1 -1
package/dist/evaluators/error-handling.d.ts.map +1 -1
package/dist/evaluators/error-handling.js.map +1 -1
package/dist/evaluators/ethics-bias.d.ts +1 -1
package/dist/evaluators/ethics-bias.d.ts.map +1 -1
package/dist/evaluators/ethics-bias.js +10 -5
package/dist/evaluators/ethics-bias.js.map +1 -1
package/dist/evaluators/framework-safety.d.ts +13 -0
package/dist/evaluators/framework-safety.d.ts.map +1 -0
package/dist/evaluators/framework-safety.js +424 -0
package/dist/evaluators/framework-safety.js.map +1 -0
package/dist/evaluators/index.d.ts +20 -24
package/dist/evaluators/index.d.ts.map +1 -1
package/dist/evaluators/index.js +294 -728
package/dist/evaluators/index.js.map +1 -1
package/dist/evaluators/internationalization.d.ts +1 -1
package/dist/evaluators/internationalization.d.ts.map +1 -1
package/dist/evaluators/internationalization.js +14 -6
package/dist/evaluators/internationalization.js.map +1 -1
package/dist/evaluators/logging-privacy.d.ts +1 -1
package/dist/evaluators/logging-privacy.d.ts.map +1 -1
package/dist/evaluators/logging-privacy.js +3 -1
package/dist/evaluators/logging-privacy.js.map +1 -1
package/dist/evaluators/maintainability.d.ts +1 -1
package/dist/evaluators/maintainability.d.ts.map +1 -1
package/dist/evaluators/maintainability.js +15 -9
package/dist/evaluators/maintainability.js.map +1 -1
package/dist/evaluators/observability.d.ts +1 -1
package/dist/evaluators/observability.d.ts.map +1 -1
package/dist/evaluators/observability.js +2 -1
package/dist/evaluators/observability.js.map +1 -1
package/dist/evaluators/performance.d.ts +1 -1
package/dist/evaluators/performance.d.ts.map +1 -1
package/dist/evaluators/performance.js +181 -4
package/dist/evaluators/performance.js.map +1 -1
package/dist/evaluators/portability.d.ts +1 -1
package/dist/evaluators/portability.d.ts.map +1 -1
package/dist/evaluators/portability.js +2 -1
package/dist/evaluators/portability.js.map +1 -1
package/dist/evaluators/project.d.ts +16 -0
package/dist/evaluators/project.d.ts.map +1 -0
package/dist/evaluators/project.js +353 -0
package/dist/evaluators/project.js.map +1 -0
package/dist/evaluators/rate-limiting.d.ts +1 -1
package/dist/evaluators/rate-limiting.d.ts.map +1 -1
package/dist/evaluators/rate-limiting.js.map +1 -1
package/dist/evaluators/reliability.d.ts +1 -1
package/dist/evaluators/reliability.d.ts.map +1 -1
package/dist/evaluators/reliability.js.map +1 -1
package/dist/evaluators/scalability.d.ts +1 -1
package/dist/evaluators/scalability.d.ts.map +1 -1
package/dist/evaluators/scalability.js +3 -1
package/dist/evaluators/scalability.js.map +1 -1
package/dist/evaluators/shared.d.ts +24 -2
package/dist/evaluators/shared.d.ts.map +1 -1
package/dist/evaluators/shared.js +190 -2
package/dist/evaluators/shared.js.map +1 -1
package/dist/evaluators/software-practices.d.ts +1 -1
package/dist/evaluators/software-practices.d.ts.map +1 -1
package/dist/evaluators/software-practices.js +3 -3
package/dist/evaluators/software-practices.js.map +1 -1
package/dist/evaluators/testing.d.ts +1 -1
package/dist/evaluators/testing.d.ts.map +1 -1
package/dist/evaluators/testing.js +12 -4
package/dist/evaluators/testing.js.map +1 -1
package/dist/evaluators/ux.d.ts +1 -1
package/dist/evaluators/ux.d.ts.map +1 -1
package/dist/evaluators/ux.js.map +1 -1
package/dist/evaluators/v2.d.ts +1 -1
package/dist/evaluators/v2.d.ts.map +1 -1
package/dist/evaluators/v2.js +13 -35
package/dist/evaluators/v2.js.map +1 -1
package/dist/formatters/sarif.d.ts +75 -0
package/dist/formatters/sarif.d.ts.map +1 -0
package/dist/formatters/sarif.js +93 -0
package/dist/formatters/sarif.js.map +1 -0
package/dist/index.d.ts +4 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +9 -806
package/dist/index.js.map +1 -1
package/dist/judges/accessibility.d.ts +1 -1
package/dist/judges/accessibility.d.ts.map +1 -1
package/dist/judges/agent-instructions.d.ts +1 -1
package/dist/judges/agent-instructions.d.ts.map +1 -1
package/dist/judges/ai-code-safety.d.ts +1 -1
package/dist/judges/ai-code-safety.d.ts.map +1 -1
package/dist/judges/api-design.d.ts +1 -1
package/dist/judges/api-design.d.ts.map +1 -1
package/dist/judges/authentication.d.ts +1 -1
package/dist/judges/authentication.d.ts.map +1 -1
package/dist/judges/backwards-compatibility.d.ts +1 -1
package/dist/judges/backwards-compatibility.d.ts.map +1 -1
package/dist/judges/caching.d.ts +1 -1
package/dist/judges/caching.d.ts.map +1 -1
package/dist/judges/ci-cd.d.ts +1 -1
package/dist/judges/ci-cd.d.ts.map +1 -1
package/dist/judges/cloud-readiness.d.ts +1 -1
package/dist/judges/cloud-readiness.d.ts.map +1 -1
package/dist/judges/code-structure.d.ts +1 -1
package/dist/judges/code-structure.d.ts.map +1 -1
package/dist/judges/code-structure.js +7 -1
package/dist/judges/code-structure.js.map +1 -1
package/dist/judges/compliance.d.ts +1 -1
package/dist/judges/compliance.d.ts.map +1 -1
package/dist/judges/concurrency.d.ts +1 -1
package/dist/judges/concurrency.d.ts.map +1 -1
package/dist/judges/configuration-management.d.ts +1 -1
package/dist/judges/configuration-management.d.ts.map +1 -1
package/dist/judges/cost-effectiveness.d.ts +1 -1
package/dist/judges/cost-effectiveness.d.ts.map +1 -1
package/dist/judges/cybersecurity.d.ts +1 -1
package/dist/judges/cybersecurity.d.ts.map +1 -1
package/dist/judges/data-security.d.ts +1 -1
package/dist/judges/data-security.d.ts.map +1 -1
package/dist/judges/data-sovereignty.d.ts +1 -1
package/dist/judges/data-sovereignty.d.ts.map +1 -1
package/dist/judges/database.d.ts +1 -1
package/dist/judges/database.d.ts.map +1 -1
package/dist/judges/dependency-health.d.ts +1 -1
package/dist/judges/dependency-health.d.ts.map +1 -1
package/dist/judges/documentation.d.ts +1 -1
package/dist/judges/documentation.d.ts.map +1 -1
package/dist/judges/error-handling.d.ts +1 -1
package/dist/judges/error-handling.d.ts.map +1 -1
package/dist/judges/ethics-bias.d.ts +1 -1
package/dist/judges/ethics-bias.d.ts.map +1 -1
package/dist/judges/framework-safety.d.ts +3 -0
package/dist/judges/framework-safety.d.ts.map +1 -0
package/dist/judges/framework-safety.js +31 -0
package/dist/judges/framework-safety.js.map +1 -0
package/dist/judges/index.d.ts +1 -1
package/dist/judges/index.d.ts.map +1 -1
package/dist/judges/index.js +74 -0
package/dist/judges/index.js.map +1 -1
package/dist/judges/internationalization.d.ts +1 -1
package/dist/judges/internationalization.d.ts.map +1 -1
package/dist/judges/logging-privacy.d.ts +1 -1
package/dist/judges/logging-privacy.d.ts.map +1 -1
package/dist/judges/maintainability.d.ts +1 -1
package/dist/judges/maintainability.d.ts.map +1 -1
package/dist/judges/observability.d.ts +1 -1
package/dist/judges/observability.d.ts.map +1 -1
package/dist/judges/performance.d.ts +1 -1
package/dist/judges/performance.d.ts.map +1 -1
package/dist/judges/portability.d.ts +1 -1
package/dist/judges/portability.d.ts.map +1 -1
package/dist/judges/rate-limiting.d.ts +1 -1
package/dist/judges/rate-limiting.d.ts.map +1 -1
package/dist/judges/reliability.d.ts +1 -1
package/dist/judges/reliability.d.ts.map +1 -1
package/dist/judges/scalability.d.ts +1 -1
package/dist/judges/scalability.d.ts.map +1 -1
package/dist/judges/software-practices.d.ts +1 -1
package/dist/judges/software-practices.d.ts.map +1 -1
package/dist/judges/testing.d.ts +1 -1
package/dist/judges/testing.d.ts.map +1 -1
package/dist/judges/ux.d.ts +1 -1
package/dist/judges/ux.d.ts.map +1 -1
package/dist/language-patterns.d.ts +37 -0
package/dist/language-patterns.d.ts.map +1 -1
package/dist/language-patterns.js +58 -3
package/dist/language-patterns.js.map +1 -1
package/dist/patches/index.d.ts +10 -0
package/dist/patches/index.d.ts.map +1 -0
package/dist/patches/index.js +533 -0
package/dist/patches/index.js.map +1 -0
package/dist/reports/public-repo-report.d.ts +1 -1
package/dist/reports/public-repo-report.d.ts.map +1 -1
package/dist/scoring.d.ts +18 -0
package/dist/scoring.d.ts.map +1 -0
package/dist/scoring.js +178 -0
package/dist/scoring.js.map +1 -0
package/dist/tools/deep-review.d.ts +4 -0
package/dist/tools/deep-review.d.ts.map +1 -0
package/dist/tools/deep-review.js +56 -0
package/dist/tools/deep-review.js.map +1 -0
package/dist/tools/prompts.d.ts +8 -0
package/dist/tools/prompts.d.ts.map +1 -0
package/dist/tools/prompts.js +66 -0
package/dist/tools/prompts.js.map +1 -0
package/dist/tools/register-evaluation.d.ts +7 -0
package/dist/tools/register-evaluation.d.ts.map +1 -0
package/dist/tools/register-evaluation.js +303 -0
package/dist/tools/register-evaluation.js.map +1 -0
package/dist/tools/register-workflow.d.ts +7 -0
package/dist/tools/register-workflow.d.ts.map +1 -0
package/dist/tools/register-workflow.js +395 -0
package/dist/tools/register-workflow.js.map +1 -0
package/dist/tools/register.d.ts +7 -0
package/dist/tools/register.d.ts.map +1 -0
package/dist/tools/register.js +14 -0
package/dist/tools/register.js.map +1 -0
package/dist/tools/schemas.d.ts +26 -0
package/dist/tools/schemas.d.ts.map +1 -0
package/dist/tools/schemas.js +42 -0
package/dist/tools/schemas.js.map +1 -0
package/dist/types.d.ts +29 -2
package/dist/types.d.ts.map +1 -1
package/package.json +42 -3
package/server.json +51 -3

package/dist/scoring.js ADDED Viewed

@@ -0,0 +1,178 @@
+/**
+ * Confidence Scoring, Must-Fix Gate & File-Type Gating
+ *
+ * Extracted from the evaluators monolith for clean separation of concerns.
+ * Handles confidence estimation for findings, the must-fix safety gate,
+ * and absence-based finding suppression for non-server files.
+ */
+// ─── Must-Fix Gate ───────────────────────────────────────────────────────────
+const DEFAULT_MUST_FIX_PREFIXES = [
+    "AUTH-",
+    "CYBER-",
+    "DATA-",
+    "ERR-",
+    "REL-",
+    "RATE-",
+    "DB-",
+    "COMP-",
+    "LOGPRIV-",
+    "AICS-",
+];
+export function evaluateMustFixGate(findings, options) {
+    if (!options?.enabled) {
+        return undefined;
+    }
+    const minConfidence = clampConfidence(options.minConfidence ?? 0.85);
+    const prefixes = options.dangerousRulePrefixes?.length ? options.dangerousRulePrefixes : DEFAULT_MUST_FIX_PREFIXES;
+    const dangerSignal = /(injection|command\s*execution|sql|xss|ssrf|deseriali[sz]ation|auth(?:entication|orization)?\s*bypass|hardcoded\s+(?:secret|credential|password|token)|unsafe\s+eval|\beval\(|\bexec\()/i;
+    const matched = findings.filter((finding) => {
+        const severityMatch = finding.severity === "critical" || finding.severity === "high";
+        if (!severityMatch)
+            return false;
+        const confidence = finding.confidence ?? 0;
+        if (confidence < minConfidence)
+            return false;
+        const prefixMatch = prefixes.some((prefix) => finding.ruleId.startsWith(prefix));
+        const contentMatch = dangerSignal.test(`${finding.title} ${finding.description} ${finding.recommendation}`);
+        return prefixMatch || contentMatch;
+    });
+    const matchedRuleIds = [...new Set(matched.map((finding) => finding.ruleId))];
+    const triggered = matched.length > 0;
+    return {
+        enabled: true,
+        triggered,
+        minConfidence,
+        matchedCount: matched.length,
+        matchedRuleIds,
+        summary: triggered
+            ? `Must-fix gate triggered by ${matched.length} high-confidence dangerous finding(s).`
+            : "Must-fix gate passed with no high-confidence dangerous findings.",
+    };
+}
+// ─── Confidence Estimation ───────────────────────────────────────────────────
+export function clampConfidence(value) {
+    if (!Number.isFinite(value))
+        return 0;
+    return Math.max(0, Math.min(1, value));
+}
+export function estimateFindingConfidence(finding) {
+    const existing = typeof finding.confidence === "number" ? finding.confidence : undefined;
+    if (typeof existing === "number" && Number.isFinite(existing)) {
+        return clampConfidence(existing);
+    }
+    let score = 0.4;
+    // ── Evidence tier 1: Line-level precision ──────────────────────────────
+    const lineCount = finding.lineNumbers?.length ?? 0;
+    if (lineCount === 0) {
+        score -= 0.15;
+    }
+    else if (lineCount <= 3) {
+        score += 0.22;
+    }
+    else if (lineCount <= 8) {
+        score += 0.14;
+    }
+    else {
+        score += 0.06;
+    }
+    // ── Evidence tier 2: Pattern-match specificity ─────────────────────────
+    const descLower = finding.description.toLowerCase();
+    const hasExactApiMatch = /\b(?:eval|exec|innerHTML|dangerouslySetInnerHTML|createConnection|query)\b/i.test(finding.description) ||
+        /\b(?:document\.write|child_process|\.exec\(|\.execSync)\b/i.test(finding.description);
+    const hasCveReference = /CVE-\d{4}-\d+/i.test(finding.description + (finding.reference ?? ""));
+    const hasCweReference = /CWE-\d+/i.test(finding.description + (finding.reference ?? ""));
+    if (hasExactApiMatch)
+        score += 0.12;
+    if (hasCveReference)
+        score += 0.08;
+    if (hasCweReference)
+        score += 0.05;
+    // ── Evidence tier 3: Structured evidence ───────────────────────────────
+    const hasReference = Boolean(finding.reference);
+    const hasSuggestedFix = Boolean(finding.suggestedFix);
+    const hasRichDescription = finding.description.length >= 120;
+    const hasRichRecommendation = finding.recommendation.length >= 90;
+    if (hasReference)
+        score += 0.06;
+    if (hasSuggestedFix)
+        score += 0.08;
+    if (hasRichDescription)
+        score += 0.03;
+    if (hasRichRecommendation)
+        score += 0.03;
+    // ── Evidence tier 4: Absence-based findings are inherently lower confidence
+    const absenceKeywords = [
+        "no .* found",
+        "missing",
+        "absent",
+        "not detected",
+        "should (?:have|include|implement)",
+        "consider (?:adding|implementing)",
+    ];
+    const isAbsenceLike = absenceKeywords.some((kw) => new RegExp(kw, "i").test(descLower));
+    if (isAbsenceLike && lineCount === 0) {
+        score -= 0.1;
+    }
+    // ── Noisy evaluator cap: prevent low-evidence findings from inflating ──
+    const richEvidenceCount = [
+        hasReference,
+        hasSuggestedFix,
+        hasRichDescription,
+        hasRichRecommendation,
+        hasExactApiMatch,
+        lineCount > 0,
+    ].filter(Boolean).length;
+    const noisyPrefixes = ["API-", "COMP-", "CONC-", "CYBER-", "DB-", "DEPS-", "ETHICS-", "LOGPRIV-", "OBS-", "PERF-"];
+    if (noisyPrefixes.some((prefix) => finding.ruleId.startsWith(prefix)) && richEvidenceCount < 4) {
+        score = Math.min(score, 0.89);
+    }
+    return Number(clampConfidence(score).toFixed(2));
+}
+export function applyConfidenceThreshold(findings, options) {
+    const minConfidence = clampConfidence(options?.minConfidence ?? 0);
+    const normalized = findings.map((finding) => ({
+        ...finding,
+        confidence: estimateFindingConfidence(finding),
+    }));
+    if (minConfidence <= 0) {
+        return normalized;
+    }
+    return normalized.filter((finding) => (finding.confidence ?? 0) >= minConfidence);
+}
+// ─── Absence-Based Finding Gating ────────────────────────────────────────────
+/**
+ * Rule ID prefixes whose absence-based findings should be suppressed on
+ * non-server files. These are evaluators that primarily check for missing
+ * infrastructure (rate limiting, health checks, auth middleware, etc.)
+ * which would be meaningless on utility/type/test files.
+ */
+const ABSENCE_GATED_PREFIXES = [
+    "RATE-",
+    "AUTH-",
+    "OBS-",
+    "CLOUD-",
+    "CICD-",
+    "CACHE-",
+    "COMPAT-",
+    "API-",
+    "CFG-",
+    "SCALE-",
+    "REL-",
+];
+export function isAbsenceBasedFinding(finding) {
+    if (finding.lineNumbers && finding.lineNumbers.length > 0) {
+        return false;
+    }
+    if (!ABSENCE_GATED_PREFIXES.some((p) => finding.ruleId.startsWith(p))) {
+        return false;
+    }
+    const hasAbsenceTitle = /^No\s|(?:not|without|missing|no)\s.*(?:detected|configured|set|defined|endpoint|middleware|protection|handler|strategy|limiting)|(?:without|lacks?|missing)\s/i.test(finding.title);
+    if (!hasAbsenceTitle)
+        return false;
+    const projectLevelKeywords = /\b(?:ci[\s/]cd|pipeline|deployment|infrastructure|monitoring|alerting|backup)\b/i;
+    if (projectLevelKeywords.test(finding.title)) {
+        return false;
+    }
+    return true;
+}
+//# sourceMappingURL=scoring.js.map

package/dist/scoring.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"scoring.js","sourceRoot":"","sources":["../src/scoring.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAWH,gFAAgF;AAEhF,MAAM,yBAAyB,GAAG;IAChC,OAAO;IACP,QAAQ;IACR,OAAO;IACP,MAAM;IACN,MAAM;IACN,OAAO;IACP,KAAK;IACL,OAAO;IACP,UAAU;IACV,OAAO;CACR,CAAC;AAEF,MAAM,UAAU,mBAAmB,CAAC,QAAmB,EAAE,OAA4B;IACnF,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IAEnH,MAAM,YAAY,GAChB,0LAA0L,CAAC;IAE7L,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;QAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC;QACrF,IAAI,CAAC,aAAa;YAAE,OAAO,KAAK,CAAC;QAEjC,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC;QAC3C,IAAI,UAAU,GAAG,aAAa;YAAE,OAAO,KAAK,CAAC;QAE7C,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;QACzF,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;QAC5G,OAAO,WAAW,IAAI,YAAY,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,OAAO;QACL,OAAO,EAAE,IAAI;QACb,SAAS;QACT,aAAa;QACb,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,cAAc;QACd,OAAO,EAAE,SAAS;YAChB,CAAC,CAAC,8BAA8B,OAAO,CAAC,MAAM,wCAAwC;YACtF,CAAC,CAAC,kEAAkE;KACvE,CAAC;AACJ,CAAC;AAED,gFAAgF;AAEhF,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAgB;IACxD,MAAM,QAAQ,GAAG,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IACzF,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,0EAA0E;IAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,EAAE,MAAM,IAAI,CAAC,CAAC;IACnD,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QAC1B,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;SAAM,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QAC1B,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;SAAM,CAAC;QACN,KAAK,IAAI,IAAI,CAAC;IAChB,CAAC;IAED,0EAA0E;IAC1E,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IACpD,MAAM,gBAAgB,GACpB,6EAA6E,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;QACvG,4DAA4D,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzF,MAAM,eAAe,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/F,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,OAAO,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;IAEzF,IAAI,gBAAgB;QAAE,KAAK,IAAI,IAAI,CAAC;IACpC,IAAI,eAAe;QAAE,KAAK,IAAI,IAAI,CAAC;IACnC,IAAI,eAAe;QAAE,KAAK,IAAI,IAAI,CAAC;IAEnC,0EAA0E;IAC1E,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC,MAAM,IAAI,GAAG,CAAC;IAC7D,MAAM,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAAC,MAAM,IAAI,EAAE,CAAC;IAElE,IAAI,YAAY;QAAE,KAAK,IAAI,IAAI,CAAC;IAChC,IAAI,eAAe;QAAE,KAAK,IAAI,IAAI,CAAC;IACnC,IAAI,kBAAkB;QAAE,KAAK,IAAI,IAAI,CAAC;IACtC,IAAI,qBAAqB;QAAE,KAAK,IAAI,IAAI,CAAC;IAEzC,6EAA6E;IAC7E,MAAM,eAAe,GAAG;QACtB,aAAa;QACb,SAAS;QACT,QAAQ;QACR,cAAc;QACd,mCAAmC;QACnC,kCAAkC;KACnC,CAAC;IACF,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACxF,IAAI,aAAa,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACrC,KAAK,IAAI,GAAG,CAAC;IACf,CAAC;IAED,0EAA0E;IAC1E,MAAM,iBAAiB,GAAG;QACxB,YAAY;QACZ,eAAe;QACf,kBAAkB;QAClB,qBAAqB;QACrB,gBAAgB;QAChB,SAAS,GAAG,CAAC;KACd,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IAEzB,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAEnH,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;QAC/F,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,OAAO,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,QAAmB,EAAE,OAAwB;IACpF,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,EAAE,aAAa,IAAI,CAAC,CAAC,CAAC;IAEnE,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC5C,GAAG,OAAO;QACV,UAAU,EAAE,yBAAyB,CAAC,OAAO,CAAC;KAC/C,CAAC,CAAC,CAAC;IAEJ,IAAI,aAAa,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,aAAa,CAAC,CAAC;AACpF,CAAC;AAED,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,sBAAsB,GAAG;IAC7B,OAAO;IACP,OAAO;IACP,MAAM;IACN,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,SAAS;IACT,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;CACP,CAAC;AAEF,MAAM,UAAU,qBAAqB,CAAC,OAAgB;IACpD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,eAAe,GACnB,gKAAgK,CAAC,IAAI,CACnK,OAAO,CAAC,KAAK,CACd,CAAC;IACJ,IAAI,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IAEnC,MAAM,oBAAoB,GAAG,kFAAkF,CAAC;IAChH,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC7C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/tools/deep-review.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { JudgeDefinition } from "../types.js";
+export declare function buildSingleJudgeDeepReviewSection(judge: JudgeDefinition, language: string, context?: string): string;
+export declare function buildTribunalDeepReviewSection(judges: JudgeDefinition[], language: string, context?: string): string;
+//# sourceMappingURL=deep-review.d.ts.map

package/dist/tools/deep-review.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"deep-review.d.ts","sourceRoot":"","sources":["../../src/tools/deep-review.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,wBAAgB,iCAAiC,CAAC,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CAyBpH;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,CA8BpH"}

package/dist/tools/deep-review.js ADDED Viewed

@@ -0,0 +1,56 @@
+// ─── Deep Review Section Builders ────────────────────────────────────────────
+// These functions append each judge's expert criteria to tool output,
+// turning pattern-only results into hybrid evaluations. The calling LLM
+// uses these criteria to perform deep contextual analysis beyond static
+// pattern matching.
+// ──────────────────────────────────────────────────────────────────────────────
+export function buildSingleJudgeDeepReviewSection(judge, language, context) {
+    let md = `\n\n---\n\n`;
+    md += `## 🔍 Deep Contextual Review Required\n\n`;
+    md += `> **The pattern-based findings above are a starting point only.** `;
+    md += `Static pattern matching cannot evaluate semantic correctness, architectural coherence, `;
+    md += `business logic validity, cross-module data flow, or context-dependent implications.\n>\n`;
+    md += `> **You MUST now perform a thorough contextual review** of the ${language} code using the expert criteria below. `;
+    md += `Identify issues that pattern matching cannot catch. Incorporate both the pattern findings above AND your own deep analysis into a final, unified evaluation.\n\n`;
+    if (context) {
+        md += `**Context provided:** ${context}\n\n`;
+    }
+    md += `### ${judge.name} — ${judge.domain}\n\n`;
+    md += `${judge.systemPrompt}\n\n`;
+    md += `### Response Format\n\n`;
+    md += `Provide your deep review as additional findings using the same format:\n`;
+    md += `- Rule ID prefix: \`${judge.rulePrefix}-\`\n`;
+    md += `- Severity levels: critical / high / medium / low / info\n`;
+    md += `- Include: title, description, affected lines, recommendation, and reference\n`;
+    md += `- After all findings, provide an updated score (0-100) and final verdict (PASS/WARNING/FAIL)\n`;
+    md += `- The final verdict must account for BOTH the pattern findings AND your contextual findings\n`;
+    return md;
+}
+export function buildTribunalDeepReviewSection(judges, language, context) {
+    let md = `\n\n---\n\n`;
+    md += `## 🔍 Deep Contextual Review Required\n\n`;
+    md += `> **The pattern-based tribunal findings above are a starting point only.** `;
+    md += `Static pattern matching cannot evaluate semantic correctness, architectural coherence, `;
+    md += `business logic validity, cross-module data flow, or context-dependent implications.\n>\n`;
+    md += `> **You MUST now perform a thorough contextual review** of the ${language} code from the perspective of ALL ${judges.length} judges below. `;
+    md += `Identify issues that pattern matching cannot catch. Incorporate both the pattern findings above AND your own deep analysis into a final, unified tribunal verdict.\n\n`;
+    if (context) {
+        md += `**Context provided:** ${context}\n\n`;
+    }
+    for (const judge of judges) {
+        md += `### ${judge.name} — ${judge.domain}\n\n`;
+        md += `${judge.systemPrompt}\n\n`;
+        md += `---\n\n`;
+    }
+    md += `### Response Format\n\n`;
+    md += `For each judge, provide any additional findings your contextual analysis uncovers using:\n`;
+    md += `- The judge's rule ID prefix\n`;
+    md += `- Severity levels: critical / high / medium / low / info\n`;
+    md += `- Include: title, description, affected lines, recommendation, and reference\n\n`;
+    md += `Then provide an **OVERALL UPDATED TRIBUNAL VERDICT** that accounts for BOTH the pattern findings AND your contextual findings:\n`;
+    md += `- Per-judge scores (0-100) and verdicts\n`;
+    md += `- Overall score and verdict (PASS/WARNING/FAIL)\n`;
+    md += `- Executive summary of the most critical issues\n`;
+    return md;
+}
+//# sourceMappingURL=deep-review.js.map

package/dist/tools/deep-review.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"deep-review.js","sourceRoot":"","sources":["../../src/tools/deep-review.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,sEAAsE;AACtE,wEAAwE;AACxE,wEAAwE;AACxE,oBAAoB;AACpB,iFAAiF;AAIjF,MAAM,UAAU,iCAAiC,CAAC,KAAsB,EAAE,QAAgB,EAAE,OAAgB;IAC1G,IAAI,EAAE,GAAG,aAAa,CAAC;IACvB,EAAE,IAAI,2CAA2C,CAAC;IAClD,EAAE,IAAI,oEAAoE,CAAC;IAC3E,EAAE,IAAI,yFAAyF,CAAC;IAChG,EAAE,IAAI,0FAA0F,CAAC;IACjG,EAAE,IAAI,kEAAkE,QAAQ,yCAAyC,CAAC;IAC1H,EAAE,IAAI,kKAAkK,CAAC;IAEzK,IAAI,OAAO,EAAE,CAAC;QACZ,EAAE,IAAI,yBAAyB,OAAO,MAAM,CAAC;IAC/C,CAAC;IAED,EAAE,IAAI,OAAO,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,MAAM,MAAM,CAAC;IAChD,EAAE,IAAI,GAAG,KAAK,CAAC,YAAY,MAAM,CAAC;IAElC,EAAE,IAAI,yBAAyB,CAAC;IAChC,EAAE,IAAI,0EAA0E,CAAC;IACjF,EAAE,IAAI,uBAAuB,KAAK,CAAC,UAAU,OAAO,CAAC;IACrD,EAAE,IAAI,4DAA4D,CAAC;IACnE,EAAE,IAAI,gFAAgF,CAAC;IACvF,EAAE,IAAI,gGAAgG,CAAC;IACvG,EAAE,IAAI,+FAA+F,CAAC;IAEtG,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAyB,EAAE,QAAgB,EAAE,OAAgB;IAC1G,IAAI,EAAE,GAAG,aAAa,CAAC;IACvB,EAAE,IAAI,2CAA2C,CAAC;IAClD,EAAE,IAAI,6EAA6E,CAAC;IACpF,EAAE,IAAI,yFAAyF,CAAC;IAChG,EAAE,IAAI,0FAA0F,CAAC;IACjG,EAAE,IAAI,kEAAkE,QAAQ,qCAAqC,MAAM,CAAC,MAAM,iBAAiB,CAAC;IACpJ,EAAE,IAAI,wKAAwK,CAAC;IAE/K,IAAI,OAAO,EAAE,CAAC;QACZ,EAAE,IAAI,yBAAyB,OAAO,MAAM,CAAC;IAC/C,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,EAAE,IAAI,OAAO,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,MAAM,MAAM,CAAC;QAChD,EAAE,IAAI,GAAG,KAAK,CAAC,YAAY,MAAM,CAAC;QAClC,EAAE,IAAI,SAAS,CAAC;IAClB,CAAC;IAED,EAAE,IAAI,yBAAyB,CAAC;IAChC,EAAE,IAAI,4FAA4F,CAAC;IACnG,EAAE,IAAI,gCAAgC,CAAC;IACvC,EAAE,IAAI,4DAA4D,CAAC;IACnE,EAAE,IAAI,kFAAkF,CAAC;IACzF,EAAE,IAAI,kIAAkI,CAAC;IACzI,EAAE,IAAI,2CAA2C,CAAC;IAClD,EAAE,IAAI,mDAAmD,CAAC;IAC1D,EAAE,IAAI,mDAAmD,CAAC;IAE1D,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/tools/prompts.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/**
+ * Register all MCP prompts on the given server:
+ *  - One per-judge prompt (`judge-{id}`) for single-persona deep reviews
+ *  - A `full-tribunal` prompt that convenes all judges at once
+ */
+export declare function registerPrompts(server: McpServer): void;
+//# sourceMappingURL=prompts.d.ts.map

package/dist/tools/prompts.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAIzE;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAqEvD"}

package/dist/tools/prompts.js ADDED Viewed

@@ -0,0 +1,66 @@
+// ─── MCP Prompt Registrations ────────────────────────────────────────────────
+// Expose judge system prompts as MCP prompts so LLM-based clients can use
+// them for deeper, AI-powered analysis beyond pattern matching.
+// ──────────────────────────────────────────────────────────────────────────────
+import { z } from "zod";
+import { JUDGES } from "../judges/index.js";
+/**
+ * Register all MCP prompts on the given server:
+ *  - One per-judge prompt (`judge-{id}`) for single-persona deep reviews
+ *  - A `full-tribunal` prompt that convenes all judges at once
+ */
+export function registerPrompts(server) {
+    // Per-judge prompts
+    for (const judge of JUDGES) {
+        server.prompt(`judge-${judge.id}`, `Use the ${judge.name} persona to perform a deep ${judge.domain} review of code. This prompt provides the judge's expert criteria for LLM-powered analysis that goes beyond pattern matching.`, {
+            code: z.string().describe("The source code to evaluate"),
+            language: z.string().describe("The programming language"),
+            context: z.string().optional().describe("Additional context about the code"),
+        }, async ({ code, language, context }) => {
+            const userMessage = `Please evaluate the following ${language} code:\n\n\`\`\`${language}\n${code}\n\`\`\`` +
+                (context ? `\n\nAdditional context: ${context}` : "") +
+                `\n\nProvide your evaluation as structured findings with rule IDs (prefix: ${judge.rulePrefix}-), severity levels (critical/high/medium/low/info), descriptions, and actionable recommendations. End with an overall score (0-100) and verdict (pass/warning/fail).`;
+            return {
+                messages: [
+                    {
+                        role: "user",
+                        content: {
+                            type: "text",
+                            text: userMessage,
+                        },
+                    },
+                ],
+            };
+        });
+    }
+    // Full tribunal prompt
+    server.prompt("full-tribunal", `Convene the full Judges Panel — all ${JUDGES.length} judges evaluate the code in their respective domains and produce a combined verdict.`, {
+        code: z.string().describe("The source code to evaluate"),
+        language: z.string().describe("The programming language"),
+        context: z.string().optional().describe("Additional context about the code"),
+    }, async ({ code, language, context }) => {
+        const judgeInstructions = JUDGES.map((j) => `### ${j.name} — ${j.domain}\n${j.systemPrompt}`).join("\n\n---\n\n");
+        const userMessage = `You are the Judges Panel — a panel of ${JUDGES.length} expert judges who independently evaluate code for quality, security, and operational readiness.\n\n` +
+            `Evaluate the following ${language} code from the perspective of ALL ${JUDGES.length} judges below. For each judge, provide:\n` +
+            `1. Judge name and domain\n` +
+            `2. Verdict (PASS / WARNING / FAIL)\n` +
+            `3. Score (0-100)\n` +
+            `4. Specific findings with rule IDs, severity, and recommendations\n\n` +
+            `Then provide an OVERALL TRIBUNAL VERDICT that synthesizes all judges' input.\n\n` +
+            `## The Judges\n\n${judgeInstructions}\n\n` +
+            `## Code to Evaluate\n\n\`\`\`${language}\n${code}\n\`\`\`` +
+            (context ? `\n\n## Additional Context\n${context}` : "");
+        return {
+            messages: [
+                {
+                    role: "user",
+                    content: {
+                        type: "text",
+                        text: userMessage,
+                    },
+                },
+            ],
+        };
+    });
+}
+//# sourceMappingURL=prompts.js.map

package/dist/tools/prompts.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,0EAA0E;AAC1E,gEAAgE;AAChE,iFAAiF;AAGjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAiB;IAC/C,oBAAoB;IACpB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CACX,SAAS,KAAK,CAAC,EAAE,EAAE,EACnB,WAAW,KAAK,CAAC,IAAI,8BAA8B,KAAK,CAAC,MAAM,+HAA+H,EAC9L;YACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;SAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;YACpC,MAAM,WAAW,GACf,iCAAiC,QAAQ,mBAAmB,QAAQ,KAAK,IAAI,UAAU;gBACvF,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrD,6EAA6E,KAAK,CAAC,UAAU,uKAAuK,CAAC;YAEvQ,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAe;wBACrB,OAAO,EAAE;4BACP,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,WAAW;yBAClB;qBACF;iBACF;aACF,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,uBAAuB;IACvB,MAAM,CAAC,MAAM,CACX,eAAe,EACf,uCAAuC,MAAM,CAAC,MAAM,uFAAuF,EAC3I;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;QACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;KAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;QACpC,MAAM,iBAAiB,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAElH,MAAM,WAAW,GACf,yCAAyC,MAAM,CAAC,MAAM,sGAAsG;YAC5J,0BAA0B,QAAQ,qCAAqC,MAAM,CAAC,MAAM,2CAA2C;YAC/H,4BAA4B;YAC5B,sCAAsC;YACtC,oBAAoB;YACpB,uEAAuE;YACvE,kFAAkF;YAClF,oBAAoB,iBAAiB,MAAM;YAC3C,gCAAgC,QAAQ,KAAK,IAAI,UAAU;YAC3D,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAE3D,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE;wBACP,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,WAAW;qBAClB;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/tools/register-evaluation.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/**
+ * Register evaluation-focused tools: get_judges, evaluate_code,
+ * evaluate_code_single_judge, and evaluate_v2.
+ */
+export declare function registerEvaluationTools(server: McpServer): void;
+//# sourceMappingURL=register-evaluation.d.ts.map

package/dist/tools/register-evaluation.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"register-evaluation.d.ts","sourceRoot":"","sources":["../../src/tools/register-evaluation.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAczE;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAK/D"}