@kevinrabun/judges 3.115.3 → 3.116.0

package/dist/api.d.ts

@@ -8,12 +8,16 @@
  * const result = evaluateCode("const x = eval(input);", "typescript");
  * ```
  */
-export type { Severity, Verdict, Finding, Patch, LangFamily, JudgesConfig, RuleOverride, ProjectFile, ProjectVerdict, DiffVerdict, DependencyEntry, DependencyVerdict, JudgeEvaluation, TribunalVerdict, JudgeDefinition, EvaluationContextV2, EvidenceBundleV2, SpecializedFindingV2, TribunalVerdictV2, MustFixGateOptions, MustFixGateResult, AppBuilderWorkflowResult, PlainLanguageFinding, WorkflowTask, PolicyProfile, SuppressionRecord, SuppressionResult, } from "./types.js";
+export type { Severity, Verdict, Finding, Patch, LangFamily, JudgesConfig, RuleOverride, ProjectFile, ProjectVerdict, DiffVerdict, DependencyEntry, DependencyVerdict, JudgeEvaluation, TribunalVerdict, JudgeDefinition, EvaluationContextV2, EvidenceBundleV2, SpecializedFindingV2, TribunalVerdictV2, MustFixGateOptions, MustFixGateResult, AppBuilderWorkflowResult, PlainLanguageFinding, WorkflowTask, PolicyProfile, SuppressionRecord, SuppressionResult, ExecutionTrace, RuleTrace, StreamingBatch, JudgeSelectionContext, JudgeSelectionResult, SessionContext, } from "./types.js";
 export { JudgesError, ConfigError, EvaluationError, ParseError } from "./errors.js";
 export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
 export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
-export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
-export type { FindingDiff, NetChangeGateOptions, NetChangeGateResult } from "./evaluators/index.js";
+export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
+export type { FindingDiff, NetChangeGateOptions, NetChangeGateResult, EvaluationOptions } from "./evaluators/index.js";
+export { selectJudges } from "./evaluators/judge-selector.js";
+export { EvaluationSession, getGlobalSession, resetGlobalSession } from "./evaluation-session.js";
+export { getPreset, composePresets, PRESETS } from "./presets.js";
+export type { Preset } from "./presets.js";
 export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
 export { analyzeCrossFileTaint } from "./ast/cross-file-taint.js";
 export { buildSingleJudgeDeepReviewSection, buildTribunalDeepReviewSection, buildSimplifiedDeepReviewSection, isContentPolicyRefusal, DEEP_REVIEW_PROMPT_INTRO, DEEP_REVIEW_IDENTITY, } from "./tools/deep-review.js";

package/dist/api.js

@@ -15,7 +15,13 @@ export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loa
 // ─── Judge Registry ──────────────────────────────────────────────────────────
 export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
 // ─── Core Evaluation Functions ───────────────────────────────────────────────
-export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
+export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
+// ─── Adaptive Judge Selection ────────────────────────────────────────────────
+export { selectJudges } from "./evaluators/judge-selector.js";
+// ─── Evaluation Session ─────────────────────────────────────────────────────
+export { EvaluationSession, getGlobalSession, resetGlobalSession } from "./evaluation-session.js";
+// ─── Presets ─────────────────────────────────────────────────────────────────
+export { getPreset, composePresets, PRESETS } from "./presets.js";
 // ─── V2 Policy-Aware API ────────────────────────────────────────────────────
 export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
 // ─── Cross-File Taint Analysis ───────────────────────────────────────────────

package/dist/evaluation-session.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Evaluation session — persistent context that survives across multiple
+ * evaluation calls within the same session (MCP connection, VS Code
+ * extension lifetime, or CLI watch mode).
+ *
+ * Avoids redundant framework detection, capability scanning, and feedback
+ * loading. Tracks verdict evolution per file for stability detection.
+ */
+import type { SessionContext, TribunalVerdict } from "./types.js";
+/**
+ * An evaluation session that accumulates project knowledge across calls.
+ */
+export declare class EvaluationSession {
+    private ctx;
+    constructor();
+    /** Get the current session context (read-only snapshot). */
+    getContext(): Readonly<SessionContext>;
+    /** Number of evaluations performed. */
+    get evaluationCount(): number;
+    /** Record detected frameworks (deduplicated). */
+    addFrameworks(frameworks: string[]): void;
+    /** Record detected project capabilities (e.g. "rate-limiting", "auth"). */
+    addCapabilities(caps: Iterable<string>): void;
+    /** Get accumulated capabilities for absence-based finding suppression. */
+    getCapabilities(): Set<string>;
+    /**
+     * Record an evaluation result for a file. Tracks verdict history
+     * so repeated evaluations can detect stability (converging scores).
+     */
+    recordEvaluation(filePath: string, code: string, verdict: TribunalVerdict): void;
+    /**
+     * Check if a file's verdict is stable — same score and finding count
+     * across the last N evaluations. Returns true if stable (skip re-eval).
+     */
+    isVerdictStable(filePath: string, minRuns?: number): boolean;
+    /**
+     * Check if a file has already been evaluated with the same content.
+     */
+    hasEvaluated(filePath: string, code: string): boolean;
+    /**
+     * Get verdict history for a file — most recent first.
+     */
+    getVerdictHistory(filePath: string): Array<{
+        score: number;
+        findingCount: number;
+        timestamp: string;
+    }>;
+    /** Reset the session (clear all accumulated context). */
+    reset(): void;
+    /**
+     * Record user feedback for a finding rule.
+     * tp = true positive, fp = false positive, wontfix = acknowledged but skipped.
+     */
+    recordFeedback(ruleId: string, verdict: "tp" | "fp" | "wontfix"): void;
+    /**
+     * Get a confidence penalty for a rule based on accumulated FP feedback.
+     * Returns a multiplier in (0, 1] — 1.0 means no penalty, lower means
+     * the rule has been flagged as FP frequently and confidence should be reduced.
+     *
+     * Formula: 1 / (1 + fpCount) — degrades smoothly as FP reports accumulate.
+     * A single FP report halves confidence; two reports reduce it to 1/3, etc.
+     */
+    getConfidencePenalty(ruleId: string): number;
+    /** Get the raw feedback tally for all rules. */
+    getFeedbackTally(): ReadonlyMap<string, {
+        tp: number;
+        fp: number;
+        wontfix: number;
+    }>;
+}
+/** Get or create the global evaluation session (shared across MCP calls). */
+export declare function getGlobalSession(): EvaluationSession;
+/** Reset the global session (for testing or explicit reset). */
+export declare function resetGlobalSession(): void;

package/dist/evaluation-session.js

@@ -0,0 +1,152 @@
+/**
+ * Evaluation session — persistent context that survives across multiple
+ * evaluation calls within the same session (MCP connection, VS Code
+ * extension lifetime, or CLI watch mode).
+ *
+ * Avoids redundant framework detection, capability scanning, and feedback
+ * loading. Tracks verdict evolution per file for stability detection.
+ */
+import { contentHash } from "./cache.js";
+/**
+ * An evaluation session that accumulates project knowledge across calls.
+ */
+export class EvaluationSession {
+    ctx;
+    constructor() {
+        this.ctx = {
+            frameworks: [],
+            capabilities: new Set(),
+            verdictHistory: new Map(),
+            evaluatedFiles: new Map(),
+            startedAt: new Date().toISOString(),
+            evaluationCount: 0,
+            feedbackTally: new Map(),
+        };
+    }
+    /** Get the current session context (read-only snapshot). */
+    getContext() {
+        return this.ctx;
+    }
+    /** Number of evaluations performed. */
+    get evaluationCount() {
+        return this.ctx.evaluationCount;
+    }
+    /** Record detected frameworks (deduplicated). */
+    addFrameworks(frameworks) {
+        const existing = new Set(this.ctx.frameworks);
+        for (const fw of frameworks) {
+            if (!existing.has(fw)) {
+                this.ctx.frameworks.push(fw);
+                existing.add(fw);
+            }
+        }
+    }
+    /** Record detected project capabilities (e.g. "rate-limiting", "auth"). */
+    addCapabilities(caps) {
+        for (const cap of caps) {
+            this.ctx.capabilities.add(cap);
+        }
+    }
+    /** Get accumulated capabilities for absence-based finding suppression. */
+    getCapabilities() {
+        return this.ctx.capabilities;
+    }
+    /**
+     * Record an evaluation result for a file. Tracks verdict history
+     * so repeated evaluations can detect stability (converging scores).
+     */
+    recordEvaluation(filePath, code, verdict) {
+        this.ctx.evaluationCount++;
+        const hash = contentHash(code, filePath);
+        this.ctx.evaluatedFiles.set(hash, filePath);
+        const history = this.ctx.verdictHistory.get(filePath) ?? [];
+        history.push({
+            score: verdict.overallScore,
+            findingCount: verdict.findings.length,
+            timestamp: verdict.timestamp,
+        });
+        // Keep last 10 evaluations per file
+        if (history.length > 10)
+            history.shift();
+        this.ctx.verdictHistory.set(filePath, history);
+    }
+    /**
+     * Check if a file's verdict is stable — same score and finding count
+     * across the last N evaluations. Returns true if stable (skip re-eval).
+     */
+    isVerdictStable(filePath, minRuns = 3) {
+        const history = this.ctx.verdictHistory.get(filePath);
+        if (!history || history.length < minRuns)
+            return false;
+        const recent = history.slice(-minRuns);
+        const firstScore = recent[0].score;
+        const firstCount = recent[0].findingCount;
+        return recent.every((h) => h.score === firstScore && h.findingCount === firstCount);
+    }
+    /**
+     * Check if a file has already been evaluated with the same content.
+     */
+    hasEvaluated(filePath, code) {
+        const hash = contentHash(code, filePath);
+        return this.ctx.evaluatedFiles.has(hash);
+    }
+    /**
+     * Get verdict history for a file — most recent first.
+     */
+    getVerdictHistory(filePath) {
+        return [...(this.ctx.verdictHistory.get(filePath) ?? [])].reverse();
+    }
+    /** Reset the session (clear all accumulated context). */
+    reset() {
+        this.ctx = {
+            frameworks: [],
+            capabilities: new Set(),
+            verdictHistory: new Map(),
+            evaluatedFiles: new Map(),
+            startedAt: new Date().toISOString(),
+            evaluationCount: 0,
+            feedbackTally: new Map(),
+        };
+    }
+    /**
+     * Record user feedback for a finding rule.
+     * tp = true positive, fp = false positive, wontfix = acknowledged but skipped.
+     */
+    recordFeedback(ruleId, verdict) {
+        const existing = this.ctx.feedbackTally.get(ruleId) ?? { tp: 0, fp: 0, wontfix: 0 };
+        existing[verdict]++;
+        this.ctx.feedbackTally.set(ruleId, existing);
+    }
+    /**
+     * Get a confidence penalty for a rule based on accumulated FP feedback.
+     * Returns a multiplier in (0, 1] — 1.0 means no penalty, lower means
+     * the rule has been flagged as FP frequently and confidence should be reduced.
+     *
+     * Formula: 1 / (1 + fpCount) — degrades smoothly as FP reports accumulate.
+     * A single FP report halves confidence; two reports reduce it to 1/3, etc.
+     */
+    getConfidencePenalty(ruleId) {
+        const tally = this.ctx.feedbackTally.get(ruleId);
+        if (!tally || tally.fp === 0)
+            return 1.0;
+        return 1 / (1 + tally.fp);
+    }
+    /** Get the raw feedback tally for all rules. */
+    getFeedbackTally() {
+        return this.ctx.feedbackTally;
+    }
+}
+// ─── Singleton for MCP Server / Extension lifetime ──────────────────────────
+let _globalSession;
+/** Get or create the global evaluation session (shared across MCP calls). */
+export function getGlobalSession() {
+    if (!_globalSession) {
+        _globalSession = new EvaluationSession();
+    }
+    return _globalSession;
+}
+/** Reset the global session (for testing or explicit reset). */
+export function resetGlobalSession() {
+    _globalSession?.reset();
+    _globalSession = undefined;
+}

package/dist/evaluators/index.d.ts

@@ -1,4 +1,4 @@
-import type { JudgeDefinition, JudgeEvaluation, TribunalVerdict, ProjectVerdict, DiffVerdict, Finding, MustFixGateOptions, JudgesConfig, SuppressionResult } from "../types.js";
+import type { JudgeDefinition, JudgeEvaluation, TribunalVerdict, ProjectVerdict, DiffVerdict, Finding, MustFixGateOptions, JudgesConfig, SuppressionResult, StreamingBatch } from "../types.js";
 import type { CodeStructure } from "../ast/types.js";
 import type { TaintFlow } from "../ast/taint-tracker.js";
 import { formatVerdictAsMarkdown, formatEvaluationAsMarkdown } from "./shared.js";
@@ -53,6 +53,12 @@ export interface EvaluationOptions {
      * Generated by `scanProjectCapabilities()` from the project evaluator.
      */
     projectCapabilities?: Set<string>;
+    /**
+     * Enable adaptive judge selection — automatically skip judges that are
+     * irrelevant to the file's language, framework, or role. Reduces noise
+     * and improves performance. Defaults to false (run all judges).
+     */
+    adaptiveSelection?: boolean;
     /** @internal — pre-computed AST structure for the file (set by evaluateWithTribunal) */
     _astCache?: CodeStructure;
     /** @internal — pre-computed taint flows for the file (set by evaluateWithTribunal) */
@@ -88,6 +94,22 @@ export declare function evaluateWithJudge(judge: JudgeDefinition, code: string,
  * Run the full tribunal — all judges evaluate the code.
  */
 export declare function evaluateWithTribunal(code: string, language: string, context?: string, options?: EvaluationOptions): TribunalVerdict;
+/**
+ * Streaming tribunal evaluation — yields per-judge results as each judge
+ * completes, enabling progressive UI updates and early termination.
+ *
+ * Each yielded `StreamingBatch` contains the judge evaluation, execution
+ * trace, and running aggregate statistics.
+ *
+ * Usage:
+ * ```ts
+ * for await (const batch of evaluateWithTribunalStreaming(code, lang)) {
+ *   console.log(`${batch.judgeName}: ${batch.evaluation.findings.length} findings`);
+ *   if (batch.aggregate.criticalSoFar > 10) break; // early termination
+ * }
+ * ```
+ */
+export declare function evaluateWithTribunalStreaming(code: string, language: string, context?: string, options?: EvaluationOptions): AsyncGenerator<StreamingBatch>;
 export { scanProjectWideSecurityPatterns } from "./project.js";
 export declare function evaluateProject(files: Array<{
     path: string;

package/dist/evaluators/index.js

@@ -19,6 +19,8 @@ import { loadFeedbackStore } from "../commands/feedback.js";
 import { CROSS_FILE_SECURITY_CATEGORIES } from "./project.js";
 import { applyTriageFeedback, loadFindingStore } from "../finding-lifecycle.js";
 import { enrichWithSecurityIds } from "../security-ids.js";
+import { selectJudges } from "./judge-selector.js";
+import { getGlobalSession } from "../evaluation-session.js";
 // ── AST-aware post-processing ───────────────────────────────────────────────
 // ── Module-level caches for AST/taint results ───────────────────────────────
 const astStructureCache = new LRUCache(256);
@@ -390,7 +392,19 @@ function resolveJudgeSet(options) {
         const disabled = new Set(options.config.disabledJudges);
         judges = judges.filter((j) => !disabled.has(j.id));
     }
-    return judges;
+    // Adaptive judge selection — skip irrelevant judges based on file context
+    if (options?.adaptiveSelection && options.filePath) {
+        const fileCategory = classifyFile("", options.filePath.split(".").pop() ?? "", options.filePath);
+        const ctx = {
+            language: options.filePath.split(".").pop() ?? "unknown",
+            fileCategory,
+            filePath: options.filePath,
+            projectMode: options.projectMode,
+        };
+        const result = selectJudges(judges, ctx);
+        return { judges: result.selected, skipped: result.skipped };
+    }
+    return { judges };
 }
 /**
  * Check whether an absence-based finding is mitigated by a pre-scanned
@@ -649,7 +663,7 @@ export function evaluateWithTribunal(code, language, context, options) {
         ...(astResult ? { _astCache: astResult } : {}),
         ...(taintResult ? { _taintFlows: taintResult } : {}),
     };
-    const judges = resolveJudgeSet(enrichedOptions);
+    const { judges, skipped: skippedJudges } = resolveJudgeSet(enrichedOptions);
     const tribunalStart = performance.now();
     const evaluations = judges.map((judge) => {
         const start = performance.now();
@@ -776,7 +790,30 @@ export function evaluateWithTribunal(code, language, context, options) {
         // No triage data or error loading — continue without adjustment
     }
     const maxFindings = options?.maxFindingsPerFile ?? DEFAULT_MAX_FINDINGS_PER_FILE;
-    const cappedFindings = applyPerFileFindingCap(triageAdjusted, maxFindings);
+    // ── Session feedback calibration ──
+    // Apply confidence penalties from accumulated FP feedback in the
+    // current evaluation session. This is the real-time agentic loop:
+    // user marks findings as FP → session records it → subsequent
+    // evaluations automatically reduce confidence on those rules.
+    let sessionAdjusted = triageAdjusted;
+    try {
+        const session = getGlobalSession();
+        const tally = session.getFeedbackTally();
+        if (tally.size > 0) {
+            sessionAdjusted = triageAdjusted.map((f) => {
+                const penalty = session.getConfidencePenalty(f.ruleId);
+                if (penalty < 1.0) {
+                    const adjusted = clampConfidence((f.confidence ?? 0.5) * penalty);
+                    return { ...f, confidence: adjusted };
+                }
+                return f;
+            });
+        }
+    }
+    catch {
+        // Session feedback calibration failure is non-fatal
+    }
+    const cappedFindings = applyPerFileFindingCap(sessionAdjusted, maxFindings);
     // ── Confidence-based tiering for progressive disclosure ──
     // Tag each finding with a disclosure tier so downstream consumers (CLI,
     // formatters, VS Code extension) can show only high-confidence findings
@@ -863,6 +900,129 @@ export function evaluateWithTribunal(code, language, context, options) {
     }
     return result;
 }
+// ─── Streaming Evaluation ────────────────────────────────────────────────────
+/**
+ * Streaming tribunal evaluation — yields per-judge results as each judge
+ * completes, enabling progressive UI updates and early termination.
+ *
+ * Each yielded `StreamingBatch` contains the judge evaluation, execution
+ * trace, and running aggregate statistics.
+ *
+ * Usage:
+ * ```ts
+ * for await (const batch of evaluateWithTribunalStreaming(code, lang)) {
+ *   console.log(`${batch.judgeName}: ${batch.evaluation.findings.length} findings`);
+ *   if (batch.aggregate.criticalSoFar > 10) break; // early termination
+ * }
+ * ```
+ */
+export async function* evaluateWithTribunalStreaming(code, language, context, options) {
+    const includeAst = options?.includeAstFindings ?? true;
+    const hash = contentHash(code, language);
+    let astResult = options?._astCache;
+    if (!astResult && includeAst) {
+        astResult = astStructureCache.get(hash);
+        if (!astResult) {
+            astResult = analyzeStructure(code, language);
+            astStructureCache.set(hash, astResult);
+        }
+    }
+    let taintResult = options?._taintFlows;
+    if (!taintResult) {
+        taintResult = taintFlowCache.get(hash);
+        if (!taintResult) {
+            taintResult = analyzeTaintFlows(code, language);
+            taintFlowCache.set(hash, taintResult);
+        }
+    }
+    const enrichedOptions = {
+        ...options,
+        ...(astResult ? { _astCache: astResult } : {}),
+        ...(taintResult ? { _taintFlows: taintResult } : {}),
+    };
+    const { judges, skipped: skippedJudges } = resolveJudgeSet(enrichedOptions);
+    const totalJudges = judges.length;
+    let completedJudges = 0;
+    let findingsSoFar = 0;
+    let criticalSoFar = 0;
+    let highSoFar = 0;
+    let scoreSum = 0;
+    let hasFailure = false;
+    let hasWarning = false;
+    for (const judge of judges) {
+        const start = performance.now();
+        const evaluation = evaluateWithJudge(judge, code, language, context, enrichedOptions);
+        const durationMs = Math.round(performance.now() - start);
+        evaluation.durationMs = durationMs;
+        completedJudges++;
+        findingsSoFar += evaluation.findings.length;
+        criticalSoFar += evaluation.findings.filter((f) => f.severity === "critical").length;
+        highSoFar += evaluation.findings.filter((f) => f.severity === "high").length;
+        scoreSum += evaluation.score;
+        if (evaluation.verdict === "fail")
+            hasFailure = true;
+        if (evaluation.verdict === "warning")
+            hasWarning = true;
+        const trace = {
+            judgeId: judge.id,
+            judgeName: judge.name,
+            durationMs,
+            rules: buildRuleTraces(evaluation),
+            rawFindingCount: evaluation.findings.length,
+            finalFindingCount: evaluation.findings.length,
+            ...(astResult
+                ? {
+                    astResolution: {
+                        functionsAnalyzed: astResult.functions.length,
+                        maxComplexity: Math.max(0, ...astResult.functions.map((f) => f.cyclomaticComplexity)),
+                        taintFlowsDetected: taintResult?.length ?? 0,
+                    },
+                }
+                : {}),
+        };
+        const currentVerdict = hasFailure ? "fail" : hasWarning ? "warning" : "pass";
+        yield {
+            judgeId: judge.id,
+            judgeName: judge.name,
+            evaluation,
+            trace,
+            aggregate: {
+                completedJudges,
+                totalJudges,
+                findingsSoFar,
+                criticalSoFar,
+                highSoFar,
+                currentScore: Math.round(scoreSum / completedJudges),
+                currentVerdict,
+            },
+            done: completedJudges === totalJudges,
+        };
+        // Yield to the event loop between judges for responsiveness
+        await new Promise((r) => setTimeout(r, 0));
+    }
+}
+/**
+ * Build rule-level traces from a judge evaluation for observability.
+ */
+function buildRuleTraces(evaluation) {
+    const ruleMap = new Map();
+    for (const f of evaluation.findings) {
+        const existing = ruleMap.get(f.ruleId);
+        if (existing) {
+            existing.count++;
+            existing.peakConf = Math.max(existing.peakConf, f.confidence ?? 0.5);
+        }
+        else {
+            ruleMap.set(f.ruleId, { count: 1, peakConf: f.confidence ?? 0.5 });
+        }
+    }
+    return [...ruleMap.entries()].map(([ruleId, { count, peakConf }]) => ({
+        ruleId,
+        matched: true,
+        findingCount: count,
+        peakConfidence: peakConf,
+    }));
+}
 // ─── Project-level Multi-file Analysis (delegated to project.ts) ─────────────
 import { evaluateProject as _evaluateProject } from "./project.js";
 export { scanProjectWideSecurityPatterns } from "./project.js";

package/dist/evaluators/judge-selector.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Adaptive judge selection — picks only the judges relevant to a given file
+ * based on language, framework, file role, and project context.
+ *
+ * Eliminates wasted work (e.g. running "testing" judge on a Dockerfile,
+ * or "iac-security" on a React component) while keeping the full panel
+ * available for explicit requests.
+ */
+import type { JudgeDefinition, JudgeSelectionContext, JudgeSelectionResult } from "../types.js";
+/**
+ * Select the most relevant judges for a given file context.
+ *
+ * Strategy:
+ * 1. Always include core judges (security, false-positive-review)
+ * 2. Skip judges with language incompatibility
+ * 3. Skip judges irrelevant to the file category
+ * 4. Return selection with skip reasons for observability
+ */
+export declare function selectJudges(judges: JudgeDefinition[], ctx: JudgeSelectionContext): JudgeSelectionResult;

package/dist/evaluators/judge-selector.js

@@ -0,0 +1,141 @@
+/**
+ * Adaptive judge selection — picks only the judges relevant to a given file
+ * based on language, framework, file role, and project context.
+ *
+ * Eliminates wasted work (e.g. running "testing" judge on a Dockerfile,
+ * or "iac-security" on a React component) while keeping the full panel
+ * available for explicit requests.
+ */
+// ─── Language → judge relevance ──────────────────────────────────────────────
+/**
+ * Judges that are ONLY relevant for specific language families.
+ * If the language isn't listed, the judge is skipped.
+ * Most judges are language-agnostic and not listed here.
+ */
+const LANGUAGE_SPECIFIC = {
+    // IaC judges only apply to infrastructure languages
+    "iac-security": new Set(["terraform", "bicep", "arm", "dockerfile", "yaml"]),
+};
+/**
+ * Judges to SKIP for specific languages — inverse of above.
+ * E.g. testing patterns don't apply to SQL or Dockerfile.
+ */
+const LANGUAGE_SKIP = {
+    testing: new Set(["sql", "dockerfile", "terraform", "bicep", "arm", "yaml"]),
+    documentation: new Set(["sql", "dockerfile", "terraform", "bicep", "arm"]),
+    "code-structure": new Set(["sql", "dockerfile", "yaml"]),
+    ux: new Set(["sql", "dockerfile", "terraform", "bicep", "arm", "bash", "powershell"]),
+    accessibility: new Set(["sql", "dockerfile", "terraform", "bicep", "arm", "bash", "powershell"]),
+    internationalization: new Set(["sql", "dockerfile", "terraform", "bicep", "arm"]),
+    concurrency: new Set(["sql", "dockerfile", "terraform", "bicep", "arm", "yaml"]),
+    "over-engineering": new Set(["sql", "dockerfile", "terraform", "bicep", "arm", "yaml"]),
+};
+// ─── File category → judge relevance ────────────────────────────────────────
+/**
+ * Judges to skip when evaluating test files — noise reduction.
+ */
+const SKIP_FOR_TESTS = new Set([
+    "documentation",
+    "rate-limiting",
+    "scalability",
+    "cloud-readiness",
+    "ci-cd",
+    "configuration-management",
+    "cost-effectiveness",
+    "data-sovereignty",
+    "compliance",
+    "internationalization",
+    "ux",
+    "accessibility",
+    "observability",
+]);
+/**
+ * Judges to skip for config/manifest files.
+ */
+const SKIP_FOR_CONFIG = new Set([
+    "testing",
+    "documentation",
+    "code-structure",
+    "error-handling",
+    "performance",
+    "concurrency",
+    "scalability",
+    "ux",
+    "accessibility",
+    "internationalization",
+    "over-engineering",
+    "backwards-compatibility",
+    "maintainability",
+]);
+/**
+ * Judges to skip for IaC files (Terraform, Bicep, ARM, Dockerfile).
+ */
+const SKIP_FOR_IAC = new Set([
+    "testing",
+    "code-structure",
+    "concurrency",
+    "over-engineering",
+    "ux",
+    "accessibility",
+    "internationalization",
+    "api-design",
+    "api-contract",
+    "backwards-compatibility",
+    "hallucination-detection",
+    "multi-turn-coherence",
+    "model-fingerprint",
+]);
+// ─── Core judges that always run ─────────────────────────────────────────────
+/** These judges run unconditionally — they cover universally applicable concerns. */
+const ALWAYS_RUN = new Set(["security", "cybersecurity", "false-positive-review"]);
+// ─── Selection logic ─────────────────────────────────────────────────────────
+/**
+ * Select the most relevant judges for a given file context.
+ *
+ * Strategy:
+ * 1. Always include core judges (security, false-positive-review)
+ * 2. Skip judges with language incompatibility
+ * 3. Skip judges irrelevant to the file category
+ * 4. Return selection with skip reasons for observability
+ */
+export function selectJudges(judges, ctx) {
+    const selected = [];
+    const skipped = [];
+    const lang = ctx.language.toLowerCase();
+    const cat = ctx.fileCategory?.toLowerCase() ?? "";
+    for (const judge of judges) {
+        // Core judges always run
+        if (ALWAYS_RUN.has(judge.id)) {
+            selected.push(judge);
+            continue;
+        }
+        // Language-specific judge: skip if language not in its set
+        const langOnly = LANGUAGE_SPECIFIC[judge.id];
+        if (langOnly && !langOnly.has(lang)) {
+            skipped.push({ judgeId: judge.id, reason: `not relevant for language: ${lang}` });
+            continue;
+        }
+        // Language skip: judge not useful for this language
+        const langSkip = LANGUAGE_SKIP[judge.id];
+        if (langSkip && langSkip.has(lang)) {
+            skipped.push({ judgeId: judge.id, reason: `skipped for language: ${lang}` });
+            continue;
+        }
+        // File category gating
+        if (cat === "test" && SKIP_FOR_TESTS.has(judge.id)) {
+            skipped.push({ judgeId: judge.id, reason: "not relevant for test files" });
+            continue;
+        }
+        if (cat === "config" && SKIP_FOR_CONFIG.has(judge.id)) {
+            skipped.push({ judgeId: judge.id, reason: "not relevant for config files" });
+            continue;
+        }
+        if ((cat === "iac" || lang === "terraform" || lang === "bicep" || lang === "arm" || lang === "dockerfile") &&
+            SKIP_FOR_IAC.has(judge.id)) {
+            skipped.push({ judgeId: judge.id, reason: "not relevant for infrastructure code" });
+            continue;
+        }
+        selected.push(judge);
+    }
+    return { selected, skipped };
+}