@kevinrabun/judges 3.121.0 → 3.122.0

package/dist/config.js

@@ -12,7 +12,7 @@ import { matchGlobPath } from "./tools/command-safety.js";
 export function expandEnvPlaceholders(content) {
     if (!content)
         return content;
-    return content.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    return content.replace(/\$\{([^}]{1,100})\}/g, (_match, varName) => {
         const envVal = process.env[varName];
         return envVal !== undefined ? envVal : "";
     });

package/dist/probabilistic/llm-response-validator.js

@@ -5,7 +5,7 @@ const SEVERITY_SET = new Set(["critical", "high", "medium", "low", "info"]);
  * Attempt to parse a JSON payload embedded in LLM output. Supports fenced code blocks and raw JSON.
  */
 function parseJsonBlock(text) {
-    const fenceMatch = text.match(/```(?:json)?\s*([\s\S]*?)```/i);
+    const fenceMatch = text.match(/```(?:json)?[ \t]*\n([\s\S]*?)\n[ \t]*```/i) ?? text.match(/```(?:json)?[ \t]*([\s\S]*?)```/i);
     if (fenceMatch) {
         try {
             return JSON.parse(fenceMatch[1]);

package/dist/reports/public-repo-report.js

@@ -215,7 +215,15 @@ function countBySeverity(findings) {
 function compileExcludeRegexes(patterns) {
     if (!patterns || patterns.length === 0)
         return [];
-    return patterns.map((pattern) => new RegExp(pattern, "i"));
+    return patterns.map((pattern) => {
+        try {
+            return new RegExp(pattern, "i");
+        }
+        catch {
+            // Invalid regex from user input — treat as literal string match
+            return new RegExp(pattern.replace(/[.*+?^${}()|[\]\\]/g, "\\$&"), "i");
+        }
+    });
 }
 function isLikelyNonProductionPath(path) {
     return /(^|\/)(test|tests|__tests__|spec|specs|e2e)(\/|\.|$)|\.(?:test|tests|spec|specs|e2e)\.[^/]+$|mock|fixture|fixtures|(^|\/)docs(-|\/)i18n(\/|$)|(^|\/)docs(\/|$)/i.test(path);

package/dist/skill-loader.js

@@ -25,7 +25,7 @@ export function parseSkillFrontmatter(raw) {
             i++;
             continue;
         }
-        const kv = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*)\s*:\s*(.*)$/);
+        const kv = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*)[ \t]*:[ \t]*(.*)$/);
         if (!kv) {
             i++;
             continue;
@@ -64,9 +64,10 @@ export function parseSkillFrontmatter(raw) {
         if (typeof value === "string" && ((value.startsWith("[") && value.endsWith("]")) || value.includes(","))) {
             // simple array parsing: split on comma
             const normalized = value
-                .replace(/^\s*\[/, "")
-                .replace(/\]\s*$/, "")
-                .split(/\s*,\s*/)
+                .replace(/^[ \t]*\[/, "")
+                .replace(/\][ \t]*$/, "")
+                .split(",")
+                .map((s) => s.trim())
                 .filter(Boolean);
             value = normalized;
         }
@@ -93,13 +94,15 @@ export function validateSkillFrontmatter(meta, sourcePath) {
         agents: Array.isArray(meta.agents)
             ? meta.agents
             : String(meta.agents ?? "")
-                .split(/\s*,\s*/)
+                .split(",")
+                .map((s) => s.trim())
                 .filter(Boolean),
         tags: Array.isArray(meta.tags)
             ? meta.tags
             : meta.tags
                 ? String(meta.tags)
-                    .split(/\s*,\s*/)
+                    .split(",")
+                    .map((s) => s.trim())
                     .filter(Boolean)
                 : undefined,
         priority: meta.priority ? Number(meta.priority) : 10,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kevinrabun/judges",
-  "version": "3.121.0",
+  "version": "3.122.0",
   "description": "45 specialized judges that evaluate AI-generated code for security, cost, and quality.",
   "mcpName": "io.github.KevinRabun/judges",
   "type": "module",

package/server.json

@@ -7,12 +7,12 @@
     "url": "https://github.com/kevinrabun/judges",
     "source": "github"
   },
-  "version": "3.121.0",
+  "version": "3.122.0",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@kevinrabun/judges",
-      "version": "3.121.0",
+      "version": "3.122.0",
       "transport": {
         "type": "stdio"
       }

package/src/skill-loader.ts

@@ -44,7 +44,7 @@ export function parseSkillFrontmatter(raw: string): { meta: SkillMeta; body: str
       i++;
       continue;
     }
-    const kv = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*)\s*:\s*(.*)$/);
+    const kv = line.match(/^([a-zA-Z_][a-zA-Z0-9_-]*)[ \t]*:[ \t]*(.*)$/);
     if (!kv) {
       i++;
       continue;
@@ -85,9 +85,10 @@ export function parseSkillFrontmatter(raw: string): { meta: SkillMeta; body: str
     if (typeof value === "string" && ((value.startsWith("[") && value.endsWith("]")) || value.includes(","))) {
       // simple array parsing: split on comma
       const normalized = (value as string)
-        .replace(/^\s*\[/, "")
-        .replace(/\]\s*$/, "")
-        .split(/\s*,\s*/)
+        .replace(/^[ \t]*\[/, "")
+        .replace(/\][ \t]*$/, "")
+        .split(",")
+        .map((s) => s.trim())
         .filter(Boolean);
       value = normalized;
     } else if (
@@ -117,13 +118,15 @@ export function validateSkillFrontmatter(meta: SkillMeta, sourcePath: string): S
     agents: Array.isArray(meta.agents)
       ? (meta.agents as string[])
       : String(meta.agents ?? "")
-          .split(/\s*,\s*/)
+          .split(",")
+          .map((s) => s.trim())
           .filter(Boolean),
     tags: Array.isArray(meta.tags)
       ? (meta.tags as string[])
       : meta.tags
         ? String(meta.tags)
-            .split(/\s*,\s*/)
+            .split(",")
+            .map((s) => s.trim())
             .filter(Boolean)
         : undefined,
     priority: meta.priority ? Number(meta.priority) : 10,