npm - @kevinrabun/judges - Versions diffs - 3.117.2 → 3.117.4 - Mend

@kevinrabun/judges 3.117.2 → 3.117.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +21 -7
package/dist/api.d.ts +3 -3
package/dist/api.js +3 -3
package/dist/evaluators/index.js +14 -10
package/package.json +1 -1
package/server.json +2 -2

package/README.md CHANGED Viewed

@@ -15,7 +15,7 @@ An MCP (Model Context Protocol) server that provides a panel of **45 specialized
 [![npm](https://img.shields.io/npm/v/@kevinrabun/judges)](https://www.npmjs.com/package/@kevinrabun/judges)
 [![npm downloads](https://img.shields.io/npm/dw/@kevinrabun/judges)](https://www.npmjs.com/package/@kevinrabun/judges)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![Tests](https://img.shields.io/badge/tests-1666-brightgreen)](https://github.com/KevinRabun/judges/actions)
+[![Tests](https://img.shields.io/badge/tests-2370-brightgreen)](https://github.com/KevinRabun/judges/actions)
 > 🔰 **Packages**
 > - **CLI**: `@kevinrabun/judges-cli` → binary `judges` (use `npx @kevinrabun/judges-cli eval --file app.ts`).
@@ -84,7 +84,7 @@ npx @kevinrabun/judges mcp
 ## Why Judges?
-AI code generators (Copilot, Cursor, Claude, ChatGPT, etc.) write code fast — but they routinely produce **insecure defaults, missing auth, hardcoded secrets, and poor error handling**. Human reviewers catch some of this, but nobody reviews 44 dimensions consistently.
+AI code generators (Copilot, Cursor, Claude, ChatGPT, etc.) write code fast — but they routinely produce **insecure defaults, missing auth, hardcoded secrets, and poor error handling**. Human reviewers catch some of this, but nobody reviews 45 dimensions consistently.
 | | ESLint / Biome | SonarQube | Semgrep / CodeQL | **Judges** |
 |---|---|---|---|---|
@@ -550,13 +550,13 @@ Evaluate a file with all 45 judges or a single judge.
 | `--file <path>` / positional | File to evaluate |
 | `--judge <id>` / `-j <id>` | Single judge mode |
 | `--language <lang>` / `-l <lang>` | Language hint (auto-detected from extension) |
-| `--format <fmt>` / `-f <fmt>` | Output format: `text`, `json`, `sarif`, `markdown`, `html`, `junit`, `codeclimate` |
+| `--format <fmt>` / `-f <fmt>` | Output format: `text`, `json`, `sarif`, `markdown`, `html`, `pdf`, `junit`, `codeclimate`, `github-actions` |
 | `--output <path>` / `-o <path>` | Write output to file |
 | `--fail-on-findings` | Exit with code 1 if verdict is FAIL |
 | `--baseline <path>` / `-b <path>` | JSON baseline file — suppress known findings |
 | `--summary` | Print a single summary line (ideal for scripts) |
 | `--config <path>` | Load a `.judgesrc` / `.judgesrc.json` config file |
-| `--preset <name>` | Use a named preset: `strict`, `lenient`, `security-only`, `startup`, `compliance`, `performance` |
+| `--preset <name>` | Use a named preset (see [Named Presets](#named-presets) for all 18 options) |
 | `--min-score <n>` | Exit with code 1 if overall score is below this threshold |
 | `--verbose` | Print timing and debug information |
 | `--quiet` | Suppress non-essential output |
@@ -696,10 +696,24 @@ Use `--preset` to apply pre-configured evaluation settings:
 |--------|-------------|
 | `strict` | All severities, all judges — maximum thoroughness |
 | `lenient` | Only high and critical findings — fast and focused |
-| `security-only` | Security judges only — cybersecurity, data-security, authentication, logging-privacy |
+| `security-only` | Security-focused — disables non-security judges (cost, scalability, docs, a11y, i18n, UX, etc.) |
 | `startup` | Skip compliance, sovereignty, i18n judges — move fast |
 | `compliance` | Only compliance, data-sovereignty, authentication — regulatory focus |
 | `performance` | Only performance, scalability, caching, cost-effectiveness |
+| `react` | Tuned for React/Next.js apps — enables accessibility, XSS protection |
+| `express` | Tuned for Express.js APIs — middleware security, auth, CORS, rate limiting |
+| `fastapi` | Tuned for Python FastAPI — input validation, async patterns, API security |
+| `django` | Tuned for Django apps — template security, ORM misuse, CSRF |
+| `spring-boot` | Tuned for Java Spring Boot — injection, configuration, actuator security |
+| `rails` | Tuned for Ruby on Rails — mass assignment, CSRF, SQL injection |
+| `nextjs` | Tuned for Next.js — server/client security, API routes, SSR/ISR |
+| `terraform` | Tuned for Terraform/OpenTofu IaC — infrastructure security, compliance |
+| `kubernetes` | Tuned for K8s manifests — security contexts, RBAC, resource limits |
+| `onboarding` | Smart defaults for first-time adoption — suppresses noisy rules |
+| `fintech` | Financial services — PCI DSS, cryptography, authentication, audit |
+| `healthtech` | Healthcare — HIPAA compliance, data sovereignty, encryption, audit trails |
+| `saas` | Multi-tenant SaaS — tenant isolation, rate limiting, scalability |
+| `government` | Government/public sector — compliance, sovereignty, authentication |
 ```bash
 judges eval --preset security-only src/api.ts
@@ -1155,13 +1169,13 @@ Create a `.judgesrc.json` (or `.judgesrc`) file in your project root to customiz
 | Field | Type | Default | Description |
 |-------|------|---------|-------------|
 | `$schema` | `string` | — | JSON Schema URL for IDE validation |
-| `preset` | `string` | — | Named preset: `strict`, `lenient`, `security-only`, `startup`, `compliance`, `performance` |
+| `preset` | `string` | — | Named preset (see [Named Presets](#named-presets) for all 18 options) |
 | `minSeverity` | `string` | `"info"` | Minimum severity to report: `critical` · `high` · `medium` · `low` · `info` |
 | `disabledRules` | `string[]` | `[]` | Rule IDs or prefix wildcards to suppress (e.g. `"COST-*"`, `"SEC-003"`) |
 | `disabledJudges` | `string[]` | `[]` | Judge IDs to skip entirely (e.g. `"cost-effectiveness"`) |
 | `ruleOverrides` | `object` | `{}` | Per-rule overrides keyed by rule ID or wildcard — `{ disabled?: boolean, severity?: string }` |
 | `languages` | `string[]` | `[]` | Restrict analysis to specific languages (empty = all) |
-| `format` | `string` | `"text"` | Default output format: `text` · `json` · `sarif` · `markdown` · `html` · `junit` · `codeclimate` |
+| `format` | `string` | `"text"` | Default output format: `text` · `json` · `sarif` · `markdown` · `html` · `pdf` · `junit` · `codeclimate` · `github-actions` |
 | `failOnFindings` | `boolean` | `false` | Exit code 1 when verdict is `fail` — useful for CI gates |
 | `baseline` | `string` | `""` | Path to a baseline JSON file — matching findings are suppressed |

package/dist/api.d.ts CHANGED Viewed

@@ -10,13 +10,13 @@
  */
 export type { Severity, Verdict, Finding, Patch, LangFamily, JudgesConfig, RuleOverride, ProjectFile, ProjectVerdict, DiffVerdict, DependencyEntry, DependencyVerdict, JudgeEvaluation, TribunalVerdict, JudgeDefinition, EvaluationContextV2, EvidenceBundleV2, SpecializedFindingV2, TribunalVerdictV2, MustFixGateOptions, MustFixGateResult, AppBuilderWorkflowResult, PlainLanguageFinding, WorkflowTask, PolicyProfile, SuppressionRecord, SuppressionResult, ExecutionTrace, RuleTrace, StreamingBatch, JudgeSelectionContext, JudgeSelectionResult, SessionContext, } from "./types.js";
 export { JudgesError, ConfigError, EvaluationError, ParseError } from "./errors.js";
-export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
+export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadConfigFile, expandEnvPlaceholders, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, validateJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
 export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
-export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
+export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, crossFileDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
 export type { FindingDiff, NetChangeGateOptions, NetChangeGateResult, EvaluationOptions } from "./evaluators/index.js";
 export { selectJudges } from "./evaluators/judge-selector.js";
 export { EvaluationSession, getGlobalSession, resetGlobalSession } from "./evaluation-session.js";
-export { getPreset, composePresets, PRESETS } from "./presets.js";
+export { getPreset, composePresets, listPresets, PRESETS } from "./presets.js";
 export type { Preset } from "./presets.js";
 export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
 export { analyzeCrossFileTaint } from "./ast/cross-file-taint.js";

package/dist/api.js CHANGED Viewed

@@ -11,17 +11,17 @@
 // ─── Errors ──────────────────────────────────────────────────────────────────
 export { JudgesError, ConfigError, EvaluationError, ParseError } from "./errors.js";
 // ─── Config ──────────────────────────────────────────────────────────────────
-export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
+export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadConfigFile, expandEnvPlaceholders, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, validateJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
 // ─── Judge Registry ──────────────────────────────────────────────────────────
 export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
 // ─── Core Evaluation Functions ───────────────────────────────────────────────
-export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
+export { evaluateWithJudge, evaluateWithTribunal, evaluateWithTribunalStreaming, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, crossFileDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, scanProjectWideSecurityPatterns, } from "./evaluators/index.js";
 // ─── Adaptive Judge Selection ────────────────────────────────────────────────
 export { selectJudges } from "./evaluators/judge-selector.js";
 // ─── Evaluation Session ─────────────────────────────────────────────────────
 export { EvaluationSession, getGlobalSession, resetGlobalSession } from "./evaluation-session.js";
 // ─── Presets ─────────────────────────────────────────────────────────────────
-export { getPreset, composePresets, PRESETS } from "./presets.js";
+export { getPreset, composePresets, listPresets, PRESETS } from "./presets.js";
 // ─── V2 Policy-Aware API ────────────────────────────────────────────────────
 export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
 // ─── Cross-File Taint Analysis ───────────────────────────────────────────────

package/dist/evaluators/index.js CHANGED Viewed

@@ -435,16 +435,8 @@ export function evaluateWithJudge(judge, code, language, context, options) {
             : undefined;
         findings.push(...judge.analyze(code, language, analyzeCtx));
     }
-    // ── Recall boost: supplementary patterns for weak-recall categories ──
-    const boostResult = applyRecallBoost(code, language);
-    if (boostResult.findings.length > 0) {
-        // Deduplicate: only add boost findings whose ruleId isn't already present
-        for (const bf of boostResult.findings) {
-            if (!findings.some((f) => f.ruleId === bf.ruleId)) {
-                findings.push(bf);
-            }
-        }
-    }
+    // NOTE: Recall boost (applyRecallBoost) is applied once in evaluateWithTribunal()
+    // rather than per-judge, to avoid generating N duplicate boost findings.
     // ── Absence gating ──
     // Absence-based findings ("no rate limiting", "no monitoring", etc.) are
     // project-level concerns that cannot be accurately assessed from a single
@@ -706,6 +698,18 @@ export function evaluateWithTribunal(code, language, context, options) {
             ? "warning"
             : "pass";
     const rawFindings = evaluations.flatMap((e) => e.findings);
+    // ── Recall boost (once, not per-judge) ──
+    // Apply supplementary recall-boost patterns a single time and merge into
+    // the raw findings before cross-evaluator dedup. Previously this ran
+    // inside evaluateWithJudge(), producing N identical copies per judge.
+    const boostResult = applyRecallBoost(code, language);
+    if (boostResult.findings.length > 0) {
+        for (const bf of boostResult.findings) {
+            if (!rawFindings.some((f) => f.ruleId === bf.ruleId)) {
+                rawFindings.push(bf);
+            }
+        }
+    }
     const dedupedFindings = crossEvaluatorDedup(rawFindings);
     const { filtered: fpFiltered } = filterFalsePositiveHeuristics(dedupedFindings, code, language, enrichedOptions?.filePath);
     const configFiltered = applyConfig(fpFiltered, options?.config);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kevinrabun/judges",
-  "version": "3.117.2",
+  "version": "3.117.4",
   "description": "45 specialized judges that evaluate AI-generated code for security, cost, and quality.",
   "mcpName": "io.github.KevinRabun/judges",
   "type": "module",

package/server.json CHANGED Viewed

@@ -7,12 +7,12 @@
     "url": "https://github.com/kevinrabun/judges",
     "source": "github"
   },
-  "version": "3.117.2",
+  "version": "3.117.4",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@kevinrabun/judges",
-      "version": "3.117.2",
+      "version": "3.117.4",
       "transport": {
         "type": "stdio"
       }