@kevinrabun/judges 3.119.0 → 3.122.0

package/dist/commands/baseline.js

@@ -9,50 +9,10 @@
 // ──────────────────────────────────────────────────────────────────────────────
 import { createHash } from "crypto";
 import { readFileSync, writeFileSync, existsSync } from "fs";
-import { resolve, extname, relative } from "path";
+import { resolve, relative } from "path";
 import { evaluateWithTribunal } from "../evaluators/index.js";
 import { collectFiles } from "../cli.js";
-// ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".rb": "ruby",
-    ".php": "php",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".scala": "scala",
-    ".c": "c",
-    ".cpp": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-    ".yaml": "yaml",
-    ".yml": "yaml",
-    ".json": "json",
-    ".tf": "terraform",
-    ".hcl": "terraform",
-    ".sh": "bash",
-    ".bash": "bash",
-    ".ps1": "powershell",
-    ".psm1": "powershell",
-    ".dart": "dart",
-    ".sql": "sql",
-    ".bicep": "bicep",
-};
-function detectLanguage(filePath) {
-    if (filePath.toLowerCase().includes("dockerfile"))
-        return "dockerfile";
-    const ext = extname(filePath.toLowerCase());
-    return EXT_TO_LANG[ext];
-}
+import { detectLanguageFromPath as detectLanguage } from "../ext-to-lang.js";
 // ─── Fingerprinting ────────────────────────────────────────────────────────
 // Hash ruleId + title + normalized surrounding source context so that findings
 // survive line-number shifts caused by unrelated edits.

package/dist/commands/coverage.js

@@ -6,42 +6,10 @@
 //   const report = computeLanguageCoverage(fileList);
 //   console.log(formatCoverageReport(report));
 // ──────────────────────────────────────────────────────────────────────────────
-import { extname } from "path";
 import { normalizeLanguage } from "../language-patterns.js";
 import { JUDGES } from "../judges/index.js";
-// ─── Extension → Language mapping (mirrors CLI) ─────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".rb": "ruby",
-    ".php": "php",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".scala": "scala",
-    ".c": "c",
-    ".cpp": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-    ".yaml": "yaml",
-    ".yml": "yaml",
-    ".json": "json",
-    ".tf": "terraform",
-    ".hcl": "terraform",
-    ".sh": "bash",
-    ".bash": "bash",
-    ".ps1": "powershell",
-    ".psm1": "powershell",
-    ".bicep": "bicep",
-};
+// ─── Extension → Language mapping ────────────────────────────────────────────
+import { detectLanguageFromPath } from "../ext-to-lang.js";
 /**
  * Languages for which the Judges Panel has first-class evaluator coverage.
  * A language is "covered" if normalizeLanguage returns a recognized LangFamily
@@ -70,11 +38,7 @@ const COVERED_LANGUAGES = new Set([
  * Detect language from file path extension.
  */
 export function detectFileLanguage(filePath) {
-    const lower = filePath.toLowerCase();
-    if (lower.endsWith("dockerfile") || lower.includes("dockerfile."))
-        return "dockerfile";
-    const ext = extname(lower);
-    return EXT_TO_LANG[ext] ?? "unknown";
+    return detectLanguageFromPath(filePath) ?? "unknown";
 }
 /**
  * Count how many judges can evaluate a given language.

package/dist/commands/diff.js

@@ -6,7 +6,7 @@
 //   judges diff --file changes.patch --language typescript
 // ──────────────────────────────────────────────────────────────────────────────
 import { readFileSync, existsSync } from "fs";
-import { resolve, extname } from "path";
+import { resolve } from "path";
 import { evaluateDiff } from "../evaluators/index.js";
 /**
  * Parse a unified diff into hunks with changed line information.
@@ -79,43 +79,7 @@ function parseUnifiedDiff(diffText) {
     return hunks;
 }
 // ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".rb": "ruby",
-    ".php": "php",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".scala": "scala",
-    ".c": "c",
-    ".cpp": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-    ".yaml": "yaml",
-    ".yml": "yaml",
-    ".json": "json",
-    ".tf": "terraform",
-    ".hcl": "terraform",
-    ".sh": "bash",
-    ".bash": "bash",
-    ".ps1": "powershell",
-    ".psm1": "powershell",
-};
-function detectLanguage(filePath) {
-    const ext = extname(filePath.toLowerCase());
-    if (filePath.toLowerCase().includes("dockerfile"))
-        return "dockerfile";
-    return EXT_TO_LANG[ext];
-}
+import { detectLanguageFromPath as detectLanguage } from "../ext-to-lang.js";
 // ─── Deletion Analysis ──────────────────────────────────────────────────────
 /**
  * Patterns that indicate security-relevant code. When these are removed

package/dist/commands/fix-pr.js

@@ -20,30 +20,9 @@ import { tmpdir } from "os";
 import { evaluateWithTribunal } from "../evaluators/index.js";
 import { applyPatches } from "./fix.js";
 import { parseGitHubRepo, runGit, tryRunGit } from "../tools/command-safety.js";
-// ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".cpp": "cpp",
-    ".cc": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-};
-const SUPPORTED_EXTENSIONS = new Set(Object.keys(EXT_TO_LANG));
+import { detectLanguageFromPath, SUPPORTED_EXTENSIONS } from "../ext-to-lang.js";
 function detectLanguage(filePath) {
-    const base = filePath.toLowerCase();
-    if (base.endsWith("dockerfile") || base.includes("dockerfile."))
-        return "dockerfile";
-    return EXT_TO_LANG[extname(base)] || "typescript";
+    return detectLanguageFromPath(filePath) ?? "typescript";
 }
 // ─── File Collection ────────────────────────────────────────────────────────
 function collectFiles(dir, maxFiles = 200) {

package/dist/commands/fix.js

@@ -10,36 +10,12 @@
  *   judges fix src/app.ts --judge cyber   # Fixes from one judge only
  */
 import { existsSync, readFileSync, writeFileSync } from "fs";
-import { resolve, extname } from "path";
+import { resolve } from "path";
 import { evaluateWithTribunal, evaluateWithJudge } from "../evaluators/index.js";
 import { getJudge } from "../judges/index.js";
-// ─── Language Detection (shared with cli.ts) ────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".cpp": "cpp",
-    ".cc": "cpp",
-    ".cxx": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-    ".ps1": "powershell",
-    ".psm1": "powershell",
-};
+import { detectLanguageFromPath } from "../ext-to-lang.js";
 function detectLanguage(filePath) {
-    const base = filePath.toLowerCase();
-    if (base.endsWith("dockerfile") || base.includes("dockerfile."))
-        return "dockerfile";
-    const ext = extname(base);
-    return EXT_TO_LANG[ext] || "typescript";
+    return detectLanguageFromPath(filePath) ?? "typescript";
 }
 const SEVERITY_RANK = {
     critical: 5,

package/dist/commands/llm-benchmark.d.ts

@@ -82,6 +82,13 @@ export interface LlmCaseResult {
  * Matches patterns like CYBER-001, SEC-003, AUTH-001, etc.
  */
 export declare function getValidRulePrefixes(): Set<string>;
+/**
+ * Valid prefixes for tribunal mode — excludes meta-judges that are not
+ * included in the tribunal prompt (INTENT, COH, MFPR, FPR, OVER).
+ * Findings with these prefixes are hallucinated by the LLM and should
+ * not be scored.
+ */
+export declare function getTribunalValidPrefixes(): Set<string>;
 export declare function parseLlmRuleIds(response: string): string[];
 /**
  * Preferred entrypoint: extract findings from raw LLM text with validation. Falls back to regex rule-id scan.

package/dist/commands/llm-benchmark.js

@@ -30,6 +30,15 @@ export const TRIBUNAL_JUDGES = JUDGES.filter((j) => !TRIBUNAL_EXCLUDED_PREFIXES.
 export function getValidRulePrefixes() {
     return new Set(JUDGES.map((j) => j.rulePrefix));
 }
+/**
+ * Valid prefixes for tribunal mode — excludes meta-judges that are not
+ * included in the tribunal prompt (INTENT, COH, MFPR, FPR, OVER).
+ * Findings with these prefixes are hallucinated by the LLM and should
+ * not be scored.
+ */
+export function getTribunalValidPrefixes() {
+    return new Set(TRIBUNAL_JUDGES.map((j) => j.rulePrefix));
+}
 export function parseLlmRuleIds(response) {
     const validPrefixes = getValidRulePrefixes();
     const pattern = /\b([A-Z]{2,})-(\d{3})\b/g;
@@ -174,6 +183,14 @@ export function selectStratifiedSample(cases, targetSize) {
  * Returns a fully populated LlmCaseResult.
  */
 export function scoreLlmCase(tc, detectedRuleIds, rawResponse, tokensUsed) {
+    // ── Prefix-level FP deduplication ─────────────────────────────────────
+    // TPs are counted per-expected-rule using prefix matching: a single
+    // detected CYBER-xxx satisfies all expected CYBER-yyy rules.
+    // FPs should use symmetric counting: each erroneously-firing judge prefix
+    // counts as ONE false positive regardless of how many rule IDs the LLM
+    // generates for that prefix.  This prevents verbose LLM output from
+    // inflating the FP metric (e.g. CYBER-001…005 on clean code = 1 FP,
+    // not 5).
     const detectedPrefixes = new Set(detectedRuleIds.map((r) => r.split("-")[0]));
     const matchedExpected = tc.expectedRuleIds.filter((expected) => {
         const prefix = expected.split("-")[0];
@@ -189,7 +206,7 @@ export function scoreLlmCase(tc, detectedRuleIds, rawResponse, tokensUsed) {
     // doesn't match any expected prefix (prevents silent over-reporting).
     const isCleanCase = tc.expectedRuleIds.length === 0;
     const expectedPrefixes = new Set(tc.expectedRuleIds.map((r) => r.split("-")[0]));
-    const falsePositiveIds = isCleanCase
+    const falsePositiveIdsRaw = isCleanCase
         ? detectedRuleIds
         : tc.unexpectedRuleIds
             ? detectedRuleIds.filter((found) => {
@@ -200,6 +217,15 @@ export function scoreLlmCase(tc, detectedRuleIds, rawResponse, tokensUsed) {
                 const prefix = found.split("-")[0];
                 return !expectedPrefixes.has(prefix);
             });
+    // Deduplicate FPs by prefix — keep one representative rule ID per prefix
+    const fpPrefixSeen = new Set();
+    const falsePositiveIds = falsePositiveIdsRaw.filter((id) => {
+        const prefix = id.split("-")[0];
+        if (fpPrefixSeen.has(prefix))
+            return false;
+        fpPrefixSeen.add(prefix);
+        return true;
+    });
     const casePassed = isCleanCase ? falsePositiveIds.length === 0 : matchedExpected.length > 0;
     return {
         caseId: tc.id,

package/dist/commands/quality-gate.js

@@ -159,18 +159,7 @@ export function parseQualityGateConfig(obj) {
     return Object.keys(gates).length > 0 ? gates : undefined;
 }
 // ─── CLI Runner ─────────────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".cpp": "cpp",
-};
+import { EXT_TO_LANG } from "../ext-to-lang.js";
 export function runQualityGate(argv) {
     if (argv.includes("--help") || argv.includes("-h")) {
         console.log(`

package/dist/commands/review-parallel.js

@@ -4,25 +4,7 @@
 import { readFileSync, existsSync, readdirSync } from "fs";
 import { join, extname } from "path";
 // ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".py": "python",
-    ".java": "java",
-    ".cs": "csharp",
-    ".go": "go",
-    ".rs": "rust",
-    ".rb": "ruby",
-    ".php": "php",
-    ".cpp": "cpp",
-    ".c": "c",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".scala": "scala",
-};
-const SOURCE_EXTS = new Set(Object.keys(EXT_TO_LANG));
+import { SUPPORTED_EXTENSIONS as SOURCE_EXTS, EXT_TO_LANG } from "../ext-to-lang.js";
 // ─── File Discovery ─────────────────────────────────────────────────────────
 function discoverFiles(dir, maxFiles) {
     const files = [];

package/dist/commands/review.js

@@ -16,7 +16,7 @@
 import { execFileSync } from "child_process";
 import { readFileSync, writeFileSync, unlinkSync } from "fs";
 import { tmpdir } from "os";
-import { resolve, join, extname } from "path";
+import { resolve, join } from "path";
 import { createHash } from "node:crypto";
 import { evaluateDiff, evaluateWithTribunal } from "../evaluators/index.js";
 import { evaluateProject } from "../evaluators/project.js";
@@ -63,38 +63,7 @@ function hashBody(body) {
     return createHash("sha1").update(body).digest("hex").slice(0, 8);
 }
 // ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".rb": "ruby",
-    ".php": "php",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".tf": "terraform",
-    ".hcl": "terraform",
-    ".bicep": "bicep",
-    ".sh": "bash",
-    ".ps1": "powershell",
-    ".c": "c",
-    ".cpp": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-};
-function detectLanguage(filePath) {
-    const ext = extname(filePath.toLowerCase());
-    if (filePath.toLowerCase().includes("dockerfile"))
-        return "dockerfile";
-    return EXT_TO_LANG[ext];
-}
+import { detectLanguageFromPath as detectLanguage } from "../ext-to-lang.js";
 // ─── Severity Helpers ───────────────────────────────────────────────────────
 const SEVERITY_ORDER = ["critical", "high", "medium", "low", "info"];
 function severityRank(s) {

package/dist/commands/rule-test.js

@@ -34,21 +34,7 @@ function collectFiles(dirPath) {
     return results;
 }
 // ─── Language matching ──────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".py": "python",
-    ".go": "go",
-    ".rs": "rust",
-    ".java": "java",
-    ".cs": "csharp",
-    ".cpp": "cpp",
-    ".c": "c",
-    ".rb": "ruby",
-    ".php": "php",
-};
+import { EXT_TO_LANG } from "../ext-to-lang.js";
 function matchesLanguage(filePath, languages) {
     if (!languages || languages.length === 0)
         return true;

package/dist/commands/tune.js

@@ -14,37 +14,10 @@
  *   judges tune --max-files 20         # Limit sample size
  */
 import { existsSync, readFileSync, readdirSync, statSync, writeFileSync } from "fs";
-import { resolve, extname, join } from "path";
+import { resolve, join } from "path";
 import { evaluateWithTribunal } from "../evaluators/index.js";
 import { PRESETS } from "../presets.js";
-// ─── Language Detection ─────────────────────────────────────────────────────
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".rb": "ruby",
-    ".php": "php",
-    ".swift": "swift",
-    ".kt": "kotlin",
-    ".tf": "terraform",
-    ".hcl": "terraform",
-    ".bicep": "bicep",
-    ".sh": "bash",
-};
-function detectLanguage(filePath) {
-    const ext = extname(filePath.toLowerCase());
-    if (filePath.toLowerCase().includes("dockerfile"))
-        return "dockerfile";
-    return EXT_TO_LANG[ext];
-}
+import { detectLanguageFromPath as detectLanguage } from "../ext-to-lang.js";
 // ─── Framework Detection ────────────────────────────────────────────────────
 function detectFramework(dir) {
     const signals = [];

package/dist/commands/watch.js

@@ -11,50 +11,11 @@ import { existsSync, readFileSync, statSync, watch as fsWatch } from "fs";
 import { resolve, extname, join, relative } from "path";
 import { evaluateWithTribunal, evaluateWithJudge } from "../evaluators/index.js";
 import { getJudge } from "../judges/index.js";
+import { detectLanguageFromPath, SUPPORTED_EXTENSIONS } from "../ext-to-lang.js";
 // ─── Language Detection ─────────────────────────────────────────────────────
-const WATCH_EXTENSIONS = new Set([
-    ".ts",
-    ".tsx",
-    ".js",
-    ".jsx",
-    ".mjs",
-    ".cjs",
-    ".py",
-    ".rs",
-    ".go",
-    ".java",
-    ".cs",
-    ".cpp",
-    ".cc",
-    ".cxx",
-    ".h",
-    ".hpp",
-    ".ps1",
-    ".psm1",
-]);
-const EXT_TO_LANG = {
-    ".ts": "typescript",
-    ".tsx": "typescript",
-    ".js": "javascript",
-    ".jsx": "javascript",
-    ".mjs": "javascript",
-    ".cjs": "javascript",
-    ".py": "python",
-    ".rs": "rust",
-    ".go": "go",
-    ".java": "java",
-    ".cs": "csharp",
-    ".cpp": "cpp",
-    ".cc": "cpp",
-    ".cxx": "cpp",
-    ".h": "c",
-    ".hpp": "cpp",
-    ".ps1": "powershell",
-    ".psm1": "powershell",
-};
+const WATCH_EXTENSIONS = SUPPORTED_EXTENSIONS;
 function detectLanguage(filePath) {
-    const ext = extname(filePath.toLowerCase());
-    return EXT_TO_LANG[ext] || "typescript";
+    return detectLanguageFromPath(filePath) ?? "typescript";
 }
 export function parseWatchArgs(argv) {
     const args = {

package/dist/config.js

@@ -12,7 +12,7 @@ import { matchGlobPath } from "./tools/command-safety.js";
 export function expandEnvPlaceholders(content) {
     if (!content)
         return content;
-    return content.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    return content.replace(/\$\{([^}]{1,100})\}/g, (_match, varName) => {
         const envVal = process.env[varName];
         return envVal !== undefined ? envVal : "";
     });