@kevinrabun/judges 3.20.3 → 3.20.5

package/CHANGELOG.md

@@ -2,6 +2,44 @@
 
 All notable changes to **@kevinrabun/judges** are documented here.
 
+## [3.20.5] — 2026-03-03
+
+### Fixed
+- **False positive reduction — 6 new heuristics + 4 extended patterns** — Added six new deterministic FP heuristics to `filterFalsePositiveHeuristics` and extended three existing pattern sets, addressing 12 high-confidence false positive categories identified in regulated-policy evaluations:
+  - **H12**: Distributed lock fallback — SCALE local-lock findings suppressed when Redlock/Redis/etcd/Consul/ZooKeeper distributed locking is present in the same module
+  - **H13**: Retry/backoff/fallback chain — SOV-001/REL resilience findings suppressed when retry with exponential backoff or multi-tier fallback (cache→online→bundled) is implemented
+  - **H14**: Constant definitions — I18N hardcoded-string findings suppressed when flagged lines are ALL_CAPS or `const` constant definitions (field-name keys, not user-facing text)
+  - **H15**: Bounded-dataset tree traversal — PERF/COST O(n²) findings suppressed when code traverses tree structures (chapters→sections→articles) or operates on documented bounded datasets
+  - **H16**: Read-only content fetch — SOV-002 cross-border findings suppressed when code fetches public/regulatory content with no personal data patterns
+  - **H17**: Cache-age/TTL context — COMP age-verification findings suppressed when "age" appears in cache/TTL context (cache_age, max_age, stale) with no user-age patterns (dob, minor, parental)
+  - **Extended WEB_ONLY_PREFIXES**: Added `I18N-` — i18n findings now gated to files with HTML/JSX/DOM patterns
+  - **Extended KEYWORD_IDENTIFIER_PATTERNS**: Broadened `age` regex to cover hyphenated/underscored cache-age, stale-age, fresh-age, and age-seconds/minutes/hours/days/ms/header patterns
+  - **Extended SAFE_IDIOM_PATTERNS**: Added 3 new entries — json.dumps/JSON.stringify for SOV-003 data-export findings, os.environ.get/process.env for DB-001 connection-string findings, and justified type:ignore/noqa/eslint-disable for SWDEV-001/CICD-003 suppression findings
+
+- **Judge system prompt anti-FP guidance** — Added `FALSE POSITIVE AVOIDANCE` sections to 9 judge system prompts, providing explicit instructions to avoid known false-positive patterns at the LLM generation layer:
+  - **performance.ts**: Tree traversal is O(n), not O(n²); bounded reference datasets; list comprehension flattening
+  - **scalability.ts**: Distributed lock with local fallback is correct graceful degradation; two-tier locking design
+  - **data-sovereignty.ts**: Retry/fallback ≡ circuit breaker; read-only reference data ≠ cross-border egress; internal serialization ≠ data export
+  - **compliance.ts**: Cache-age/TTL "age" ≠ user age verification
+  - **internationalization.ts**: Constant definitions ≠ user-facing strings; developer tools/MCP servers don't need i18n; sourced regulatory text
+  - **cost-effectiveness.ts**: Tree/hierarchy traversal; bounded reference datasets
+  - **database.ts**: Environment variable fallback defaults; in-memory/embedded database defaults
+  - **code-structure.ts**: Dict[str,Any] at JSON boundaries; large single-responsibility files; async nesting ≤4
+  - **software-practices.ts**: Justified suppression comments; minimum-viable async nesting; single-module cohesion
+
+### Tests
+- Added 17 new tests covering all 6 new FP heuristics (H12–H17), I18N web-only gating, safe idiom extensions (env var fallback, justified suppressions, json.dumps), with both positive (should suppress) and negative (should keep) test cases
+- All 1,574 tests pass (976 judges + 218 negative + 268 subsystems + 70 extension + 42 tool-routing)
+
+## [3.20.4] — 2026-03-03
+
+### Fixed
+- **Stale documentation counts** — Updated all references across README, docs, server.json, action.yml, package.json, Dockerfile, extension metadata, examples, and scripts from "35 judges" → "37 judges", "47 patches" → "53 patches", and test badge "1515" → "1557". Historical changelog entries left unchanged.
+
+### Tests
+- **Doc-claim verification tests** — Added 42 new tests covering: JUDGES array count assertion (exactly 37), judge schema validation (id, name, domain, description), unique judge ID enforcement, scoring penalty constants (critical=30, high=18, medium=10, low=5, info=2), confidence-weighted deductions, score floor/ceiling, positive signal bonuses (+3/+3/+3/+2/+2/+2/+2/+1/+1/+1 with cap at 15), verdict threshold logic (fail/warning/pass boundaries), and STRUCT threshold rules not previously covered: STRUCT-001 (CC>10), STRUCT-007 (file CC>40), STRUCT-008 (CC>20), STRUCT-010 (>150 lines).
+- All 1,557 tests pass (976 judges + 218 negative + 251 subsystems + 70 extension + 42 tool-routing)
+
 ## [3.20.3] — 2026-03-03
 
 ### Fixed

package/README.md

@@ -1,6 +1,6 @@
 # Judges Panel
 
-An MCP (Model Context Protocol) server that provides a panel of **35 specialized judges** to evaluate AI-generated code — acting as an independent quality gate regardless of which project is being reviewed. Combines **deterministic pattern matching & AST analysis** (instant, offline, zero LLM calls) with **LLM-powered deep-review prompts** that let your AI assistant perform expert-persona analysis across all 35 domains.
+An MCP (Model Context Protocol) server that provides a panel of **37 specialized judges** to evaluate AI-generated code — acting as an independent quality gate regardless of which project is being reviewed. Combines **deterministic pattern matching & AST analysis** (instant, offline, zero LLM calls) with **LLM-powered deep-review prompts** that let your AI assistant perform expert-persona analysis across all 37 domains.
 
 **Highlights:**
 - Includes an **App Builder Workflow (3-step)** demo for release decisions, plain-language risk summaries, and prioritized fixes — see [Try the Demo](#2-try-the-demo).
@@ -11,7 +11,7 @@ An MCP (Model Context Protocol) server that provides a panel of **35 specialized
 [![npm](https://img.shields.io/npm/v/@kevinrabun/judges)](https://www.npmjs.com/package/@kevinrabun/judges)
 [![npm downloads](https://img.shields.io/npm/dw/@kevinrabun/judges)](https://www.npmjs.com/package/@kevinrabun/judges)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![Tests](https://img.shields.io/badge/tests-1267-brightgreen)](https://github.com/KevinRabun/judges/actions)
+[![Tests](https://img.shields.io/badge/tests-1557-brightgreen)](https://github.com/KevinRabun/judges/actions)
 
 ---
 
@@ -21,10 +21,10 @@ AI code generators (Copilot, Cursor, Claude, ChatGPT, etc.) write code fast —
 
 | | ESLint / Biome | SonarQube | Semgrep / CodeQL | **Judges** |
 |---|---|---|---|---|
-| **Scope** | Style + some bugs | Bugs + code smells | Security patterns | **35 domains**: security, cost, compliance, a11y, API design, cloud, UX, … |
+| **Scope** | Style + some bugs | Bugs + code smells | Security patterns | **37 domains**: security, cost, compliance, a11y, API design, cloud, UX, … |
 | **AI-generated code focus** | No | No | Partial | **Purpose-built** for AI output failure modes |
 | **Setup** | Config per project | Server + scanner | Cloud or local | **One command**: `npx @kevinrabun/judges eval file.ts` |
-| **Auto-fix patches** | Some | No | No | **47 deterministic patches** — instant, offline |
+| **Auto-fix patches** | Some | No | No | **53 deterministic patches** — instant, offline |
 | **Non-technical output** | No | Dashboard | No | **Plain-language findings** with What/Why/Next |
 | **MCP native** | No | No | No | **Yes** — works inside Copilot, Claude, Cursor |
 | **SARIF output** | No | Yes | Yes | **Yes** — upload to GitHub Code Scanning |
@@ -79,7 +79,7 @@ judges eval --min-score 80 src/api.ts
 # One-line summary for scripts
 judges eval --summary src/api.ts
 
-# List all 35 judges
+# List all 37 judges
 judges list
 ```
 
@@ -190,7 +190,7 @@ npm run build
 
 ### 2. Try the Demo
 
-Run the included demo to see all 35 judges evaluate a purposely flawed API server:
+Run the included demo to see all 37 judges evaluate a purposely flawed API server:
 
 ```bash
 npm run demo
@@ -293,7 +293,7 @@ Install the **[Judges Panel](https://marketplace.visualstudio.com/items?itemName
 
 - **Inline diagnostics & quick-fixes** on every file save
 - **`@judges` chat participant** — type `@judges` in Copilot Chat, or just ask for a "judges panel review" and Copilot routes automatically
-- **Auto-configured MCP server** — all 35 expert-persona prompts available to Copilot with zero setup
+- **Auto-configured MCP server** — all 37 expert-persona prompts available to Copilot with zero setup
 
 ```bash
 code --install-extension kevinrabun.judges-panel
@@ -420,7 +420,7 @@ All commands support `--help` for usage details.
 
 ### `judges eval`
 
-Evaluate a file with all 35 judges or a single judge.
+Evaluate a file with all 37 judges or a single judge.
 
 | Flag | Description |
 |------|-------------|
@@ -667,13 +667,13 @@ The tribunal operates in three layers:
 
 2. **AST-Based Structural Analysis** — The Code Structure judge (`STRUCT-*` rules) uses real Abstract Syntax Tree parsing to measure cyclomatic complexity, nesting depth, function length, parameter count, dead code, and type safety with precision that regex cannot achieve. All supported languages — **TypeScript, JavaScript, Python, Rust, Go, Java, C#, and C++** — are parsed via **tree-sitter WASM grammars** (real syntax trees compiled to WebAssembly, in-process, zero native dependencies). A scope-tracking structural parser is kept as a fallback when WASM grammars are unavailable. No external AST server required.
 
-3. **LLM-Powered Deep Analysis (Prompts)** — The server exposes MCP prompts (e.g., `judge-data-security`, `full-tribunal`) that provide each judge's expert persona as a system prompt. When used by an LLM-based client (Copilot, Claude, Cursor, etc.), the host LLM performs deeper, context-aware probabilistic analysis beyond what static patterns can detect. This is where the `systemPrompt` on each judge comes alive — Judges itself makes no LLM calls, but it provides the expert criteria so your AI assistant can act as 35 specialized reviewers.
+3. **LLM-Powered Deep Analysis (Prompts)** — The server exposes MCP prompts (e.g., `judge-data-security`, `full-tribunal`) that provide each judge's expert persona as a system prompt. When used by an LLM-based client (Copilot, Claude, Cursor, etc.), the host LLM performs deeper, context-aware probabilistic analysis beyond what static patterns can detect. This is where the `systemPrompt` on each judge comes alive — Judges itself makes no LLM calls, but it provides the expert criteria so your AI assistant can act as 37 specialized reviewers.
 
 ---
 
 ## Composable by Design
 
-Judges Panel is a **dual-layer** review system: instant **deterministic tools** (offline, no API keys) for pattern and AST analysis, plus **35 expert-persona MCP prompts** that unlock LLM-powered deep analysis when connected to an AI client. It does not try to be a CVE scanner or a linter. Those capabilities belong in dedicated MCP servers that an AI agent can orchestrate alongside Judges.
+Judges Panel is a **dual-layer** review system: instant **deterministic tools** (offline, no API keys) for pattern and AST analysis, plus **37 expert-persona MCP prompts** that unlock LLM-powered deep analysis when connected to an AI client. It does not try to be a CVE scanner or a linter. Those capabilities belong in dedicated MCP servers that an AI agent can orchestrate alongside Judges.
 
 ### Built-in AST Analysis (v2.0.0+)
 
@@ -722,7 +722,7 @@ When your AI coding assistant connects to multiple MCP servers, each one contrib
 
 | Layer | What It Does | Example Servers |
 |-------|-------------|-----------------|
-| **Judges Panel** | 35-judge quality gate — security patterns, AST analysis, cost, scalability, a11y, compliance, sovereignty, ethics, dependency health, agent instruction governance, AI code safety, framework safety | This server |
+| **Judges Panel** | 37-judge quality gate — security patterns, AST analysis, cost, scalability, a11y, compliance, sovereignty, ethics, dependency health, agent instruction governance, AI code safety, framework safety | This server |
 | **CVE / SBOM** | Vulnerability scanning against live databases — known CVEs, license risks, supply chain | OSV, Snyk, Trivy, Grype MCP servers |
 | **Linting** | Language-specific style and correctness rules | ESLint, Ruff, Clippy MCP servers |
 | **Runtime Profiling** | Memory, CPU, latency measurement on running code | Custom profiling MCP servers |
@@ -876,7 +876,7 @@ Generated from https://github.com/microsoft/vscode on 2026-02-21T12:00:00.000Z.
 List all available judges with their domains and descriptions.
 
 ### `evaluate_code`
-Submit code to the **full judges panel**. All 35 judges evaluate independently and return a combined verdict.
+Submit code to the **full judges panel**. All 37 judges evaluate independently and return a combined verdict.
 
 | Parameter | Type | Required | Description |
 |-----------|------|----------|-------------|
@@ -900,7 +900,7 @@ Submit code to a **specific judge** for targeted review.
 | `config` | object | no | Inline configuration (see [Configuration](#configuration)) |
 
 ### `evaluate_project`
-Submit multiple files for **project-level analysis**. All 35 judges evaluate each file, plus cross-file architectural analysis detects code duplication, inconsistent error handling, and dependency cycles.
+Submit multiple files for **project-level analysis**. All 37 judges evaluate each file, plus cross-file architectural analysis detects code duplication, inconsistent error handling, and dependency cycles.
 
 | Parameter | Type | Required | Description |
 |-----------|------|----------|-------------|
@@ -911,7 +911,7 @@ Submit multiple files for **project-level analysis**. All 35 judges evaluate eac
 | `config` | object | no | Inline configuration (see [Configuration](#configuration)) |
 
 ### `evaluate_diff`
-Evaluate only the **changed lines** in a code diff. Runs all 35 judges on the full file but filters findings to lines you specify. Ideal for PR reviews and incremental analysis.
+Evaluate only the **changed lines** in a code diff. Runs all 37 judges on the full file but filters findings to lines you specify. Ideal for PR reviews and incremental analysis.
 
 | Parameter | Type | Required | Description |
 |-----------|------|----------|-------------|
@@ -979,7 +979,7 @@ Each judge has a corresponding prompt for LLM-powered deep analysis:
 | `judge-agent-instructions` | Deep review of agent instruction markdown quality and safety |
 | `judge-ai-code-safety` | Deep review of AI-generated code risks: prompt injection, insecure LLM output handling, debug defaults, missing validation |
 | `judge-framework-safety` | Deep review of framework-specific safety: React hooks, Express middleware, Next.js SSR/SSG, Angular/Vue patterns |
-| `full-tribunal` | All 35 judges in a single prompt |
+| `full-tribunal` | All 37 judges in a single prompt |
 
 ---
 
@@ -1101,7 +1101,7 @@ Each judge scores the code from **0 to 100**:
 - **WARNING** — Any high finding, any medium finding, or score < 80
 - **PASS** — Score ≥ 80 with no critical, high, or medium findings
 
-The **overall tribunal score** is the average of all 35 judges. The overall verdict fails if **any** judge fails.
+The **overall tribunal score** is the average of all 37 judges. The overall verdict fails if **any** judge fails.
 
 ---
 

package/dist/evaluators/false-positive-review.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"false-positive-review.d.ts","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,iDAAiD;IACjD,OAAO,EAAE,OAAO,EAAE,CAAC;CACpB;AA6KD;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,OAAO,EAAE,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,cAAc,CAsBhB"}
+{"version":3,"file":"false-positive-review.d.ts","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,iDAAiD;IACjD,OAAO,EAAE,OAAO,EAAE,CAAC;CACpB;AA+LD;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,OAAO,EAAE,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,cAAc,CAsBhB"}

package/dist/evaluators/false-positive-review.js

@@ -97,9 +97,9 @@ const CODE_ONLY_RULE_PREFIXES = [
  */
 const KEYWORD_IDENTIFIER_PATTERNS = [
     {
-        // "age" in cacheAge, maxAge, ttlAge, etc.
+        // "age" in cacheAge, maxAge, ttlAge, cache-age log, etc.
         trigger: /\bage\b/i,
-        identifierContext: /(?:cache|max|ttl|min|avg|token|cookie|session|expir)\s*age|age\s*(?:out|limit|check)/i,
+        identifierContext: /(?:cache|max|ttl|min|avg|token|cookie|session|expir|stale|fresh)\s*[-_]?\s*age|age\s*[-_]?\s*(?:out|limit|check|seconds|minutes|hours|days|ms|header)|\bcache[_-]age\b|\bmax[_-]age\b/i,
     },
     {
         // "delete" in deleteButton, onDelete, handleDelete, isDeleted
@@ -153,6 +153,21 @@ const SAFE_IDIOM_PATTERNS = [
         findingPattern: /path\s*travers/i,
         safeContext: /(?:os\.path\.join|path\.join|Path\.Combine)\s*\(\s*["'`]/,
     },
+    {
+        // json.dumps / JSON.stringify flagged as data export/transfer by SOV judges
+        findingPattern: /data\s*(?:export|transfer|egress)|export\s*path|SOV-003/i,
+        safeContext: /json\.dumps\s*\(|JSON\.stringify\s*\(|json\.dump\s*\(/i,
+    },
+    {
+        // Connection string in env var fallback (os.environ.get / process.env)
+        findingPattern: /hardcoded.*(?:connection|database|db|redis|mongo|postgres|mysql)|connection.*string.*code|DB-001/i,
+        safeContext: /os\.environ\.get\s*\(|os\.getenv\s*\(|process\.env\.|System\.getenv\s*\(|Environment\.GetEnvironmentVariable\s*\(/i,
+    },
+    {
+        // Justified type: ignore / noqa suppression comments — not reckless suppression
+        findingPattern: /suppress|type.*ignore|noqa|lint.*disabl|SWDEV-001|CICD-003/i,
+        safeContext: /(?:#\s*type:\s*ignore|#\s*noqa|(?:\/\/|#)\s*eslint-disable).*(?:--|—|because|reason|\bfor\b|\bdue\b|\bruntyped\b|\bstubs\b|\bno\s+stubs)/i,
+    },
 ];
 // ─── Core Filter Function ───────────────────────────────────────────────────
 /**
@@ -291,7 +306,7 @@ function getFpReason(finding, lines, isIaC, fileCategory) {
     // ── 9. Web-only rules on non-web code ──
     // Accessibility, UX, and i18n rendering rules are only meaningful on files
     // that contain web-facing patterns (HTML, JSX, routes, templates, CSS).
-    const WEB_ONLY_PREFIXES = ["A11Y-", "UX-"];
+    const WEB_ONLY_PREFIXES = ["A11Y-", "UX-", "I18N-"];
     const isWebOnly = WEB_ONLY_PREFIXES.some((p) => finding.ruleId.startsWith(p));
     if (isWebOnly) {
         const hasWebPatterns = /<\w+[\s>]|className=|style=|href=|jsx|tsx|\.html|\.css|render\s*\(|dangerouslySetInnerHTML|innerHTML|document\.|window\.|querySelector|getElementById/i.test(lines.join("\n"));
@@ -321,10 +336,85 @@ function getFpReason(finding, lines, isIaC, fileCategory) {
             return "Absence-based finding on trivially small file — likely a false positive.";
         }
     }
-    // ── 12. (reserved — absence gating moved upstream to evaluateWithJudge) ──
-    // Absence-based rules are gated by projectMode in evaluateWithJudge():
-    // suppressed in single-file mode, allowed in project mode. No need for
-    // a file-level heuristic here.
+    // ── 12. Distributed lock presence suppresses local-lock scaling findings ──
+    // SCALE-001 flags local file/process locks, but if the same file implements
+    // distributed locking (Redlock, Redis lock, etcd, Consul, ZooKeeper), the
+    // local lock is a documented single-instance fallback, not a scaling issue.
+    if (/^SCALE-/.test(finding.ruleId) &&
+        /local.*lock|process.*lock|file.*lock|asyncio\.Lock|threading\.Lock/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const hasDistributedLock = /\bredlock\b|\bredis.*lock\b|\bdistributed.*lock\b|\betcd\b.*lock|\bconsul\b.*lock|\bzookeeper\b.*lock|\bLock\s*\(.*redis/i.test(fullCode);
+        if (hasDistributedLock) {
+            return "Local lock is a fallback — distributed locking (Redlock/Redis) is implemented in the same module.";
+        }
+    }
+    // ── 13. Retry/backoff/fallback suppresses resilience-pattern-absence findings ──
+    // SOV-001 and REL- rules flag missing circuit breakers, but if the code
+    // implements retry with backoff and/or a multi-tier fallback chain, it has
+    // equivalent or better resilience than a simple circuit breaker.
+    if (/^(?:SOV-001|REL-)/.test(finding.ruleId) &&
+        /circuit.?breaker|resilience|without.*(?:retry|fallback)/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const hasRetryPattern = /\bretry\b.*\b(?:backoff|exponential|delay)\b|\bbackoff\b.*\bretry\b|\btenacity\b|\bretrying\b|@retry\b|with_retry\b|fetch.*retry|retry.*fetch/i.test(fullCode);
+        const hasFallbackChain = /\bfallback\b.*\b(?:cache|bundled|default|local|offline)\b|(?:cache|bundled|default|local|offline)\b.*\bfallback\b/i.test(fullCode);
+        if (hasRetryPattern || hasFallbackChain) {
+            return "Retry/backoff and/or fallback chain detected — equivalent resilience pattern is implemented.";
+        }
+    }
+    // ── 14. Constant definitions suppress I18N hardcoded-string findings ──
+    // I18N-001 flags hardcoded strings, but constant definitions like
+    // _F_TITLE = 'title' are JSON field-name keys, not user-facing text.
+    if (/^I18N-/.test(finding.ruleId) && /hardcoded.*string/i.test(finding.title)) {
+        if (finding.lineNumbers && finding.lineNumbers.length > 0) {
+            const allConstants = finding.lineNumbers.every((ln) => {
+                const line = lines[ln - 1];
+                if (!line)
+                    return false;
+                const trimmed = line.trim();
+                // Python/JS/TS constant definitions: ALL_CAPS_NAME = "value" or const NAME = "value"
+                return (/^[A-Z_][A-Z_0-9]*\s*=\s*["']/.test(trimmed) ||
+                    /^(?:const|final|static\s+final)\s+\w+\s*=\s*["']/.test(trimmed) ||
+                    /^_[A-Z_][A-Z_0-9]*\s*=\s*["']/.test(trimmed));
+            });
+            if (allConstants) {
+                return "Flagged strings are constant definitions (field-name keys), not user-facing text.";
+            }
+        }
+    }
+    // ── 15. Bounded-dataset tree traversal suppresses O(n²) nested-loop findings ──
+    // PERF-002/COST-001 flag nested loops as O(n²), but tree traversals
+    // (chapters → sections → articles) iterate each item once — O(n total).
+    if (/^(?:PERF|COST)-/.test(finding.ruleId) && /nested.*loop|O\(n[²2]\)|quadratic/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        // Detect documented bounded datasets or tree-traversal patterns
+        const hasBoundedDatasetDoc = /\bbounded\b.*\b(?:dataset|corpus|data|size)\b|\bfixed[- ]size\b|\bO\(n\)\b|\bO\(total_/i.test(fullCode);
+        const hasTreeTraversal = /\bchapter|\bsection|\barticle|\bnode|\bchild(?:ren)?|\btree|\btravers/i.test(fullCode);
+        if (hasBoundedDatasetDoc || hasTreeTraversal) {
+            return "Nested iteration is a tree traversal over a bounded dataset — total work is O(n), not O(n²).";
+        }
+    }
+    // ── 16. Read-only content fetch suppresses cross-border data egress findings ──
+    // SOV-002 flags external API calls as cross-border data egress, but read-only
+    // fetches of public regulatory/reference content are not personal data transfers.
+    if (/^SOV-002/.test(finding.ruleId) && /cross.?border|data.*egress|jurisdiction/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const isReadOnlyFetch = /\bfetch\b.*\b(?:regulation|reference|content|static|public|gdpr|law)\b|\breadonly\b|\bread[_-]only\b/i.test(fullCode);
+        const noPersonalData = !/\buser[_-]?data\b|\bpersonal[_-]?data\b|\bpii\b|\bprofile\b.*\bdata\b/i.test(fullCode);
+        if (isReadOnlyFetch && noPersonalData) {
+            return "Read-only fetch of public/regulatory content — no personal data egress detected.";
+        }
+    }
+    // ── 17. Cache-age / TTL context suppresses compliance age-verification findings ──
+    // COMP-001 flags "age" as age-verification concern, but in cache/TTL contexts
+    // (cache_age, max_age, stale), "age" refers to data freshness, not user age.
+    if (/^COMP-/.test(finding.ruleId) && /\bage\b/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const isCacheAgeContext = /\bcache[_-]?age\b|\bmax[_-]?age\b|\bttl\b.*\bage\b|\bstale\b.*\bage\b|\bage\b.*\bseconds\b|\bage\b.*\bexpir/i.test(fullCode);
+        const noUserAgeContext = !/\bdate[_-]?of[_-]?birth\b|\bdob\b|\bminor\b|\bparental\b|\bage[_-]?verif/i.test(fullCode);
+        if (isCacheAgeContext && noUserAgeContext) {
+            return "Term 'age' appears in cache/TTL context (data freshness), not user age verification.";
+        }
+    }
     return null;
 }
 //# sourceMappingURL=false-positive-review.js.map

package/dist/evaluators/false-positive-review.js.map

@@ -1 +1 @@
-{"version":3,"file":"false-positive-review.js","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,iFAAiF;AAGjF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAW9F,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,sBAAsB,GAAG;IAC7B,QAAQ,EAAE,yDAAyD;IACnE,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,yCAAyC;IACnD,MAAM,EAAE,uCAAuC;IAC/C,KAAK,EAAE,wCAAwC;IAC/C,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,6CAA6C;IACtD,KAAK,EAAE,yCAAyC;IAChD,OAAO,EAAE,oCAAoC;CAC9C,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAa;IACxC,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,oCAAoC;IAC9C,MAAM,EAAE,sCAAsC;IAC9C,QAAQ,EAAE,wCAAwC;IAClD,MAAM,EAAE,yCAAyC;IACjD,MAAM,EAAE,8CAA8C;IACtD,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,0CAA0C;IACnD,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,+CAA+C;IACzD,QAAQ,EAAE,+CAA+C;IACzD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,8CAA8C;IACvD,QAAQ,EAAE,wCAAwC;IAClD,KAAK,EAAE,4CAA4C;IACnD,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,0CAA0C;IACnD,UAAU,EAAE,4CAA4C;IACxD,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,kDAAkD;IAC3D,MAAM,EAAE,uCAAuC;CAChD,CAAC;AAEF;;;;GAIG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ,EAAE,gDAAgD;IAC1D,OAAO,EAAE,qDAAqD;IAC9D,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,0CAA0C;IACpD,MAAM,EAAE,0CAA0C;IAClD,KAAK,EAAE,6CAA6C;IACpD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,kDAAkD;IAC3D,KAAK,EAAE,sCAAsC;IAC7C,OAAO,EAAE,qCAAqC;IAC9C,MAAM,EAAE,iDAAiD;IACzD,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,oDAAoD;IAC9D,MAAM,EAAE,+CAA+C;IACvD,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,oDAAoD;IAC7D,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,yCAAyC;IAClD,MAAM,EAAE,uCAAuC;IAC/C,OAAO,EAAE,gDAAgD;IACzD,MAAM,EAAE,qCAAqC;IAC7C,UAAU,EAAE,yCAAyC;IACrD,MAAM,EAAE,sCAAsC;IAC9C,OAAO,EAAE,uDAAuD;IAChE,QAAQ,EAAE,oDAAoD;CAC/D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,2BAA2B,GAK5B;IACH;QACE,0CAA0C;QAC1C,OAAO,EAAE,UAAU;QACnB,iBAAiB,EAAE,uFAAuF;KAC3G;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,kLAAkL;KACrL;IACD;QACE,uDAAuD;QACvD,OAAO,EAAE,WAAW;QACpB,iBAAiB,EAAE,4FAA4F;KAChH;IACD;QACE,6EAA6E;QAC7E,OAAO,EAAE,eAAe;QACxB,iBAAiB,EACf,6JAA6J;KAChK;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,sIAAsI;KACzI;IACD;QACE,sEAAsE;QACtE,OAAO,EAAE,YAAY;QACrB,iBAAiB,EACf,qKAAqK;KACxK;IACD;QACE,uEAAuE;QACvE,OAAO,EAAE,8CAA8C;QACvD,iBAAiB,EAAE,kBAAkB;KACtC;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,mBAAmB,GAKpB;IACH;QACE,mCAAmC;QACnC,cAAc,EAAE,+CAA+C;QAC/D,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,0DAA0D;QAC1D,cAAc,EAAE,mCAAmC;QACnD,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,8EAA8E;QAC9E,cAAc,EAAE,iBAAiB;QACjC,WAAW,EAAE,0DAA0D;KACxE;CACF,CAAC;AAEF,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAmB,EACnB,IAAY,EACZ,QAAgB,EAChB,QAAiB;IAEjB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,yBAAyB,MAAM,EAAE,EAAE,CAAC,CAAC;QACrG,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAe,EAAE,KAAc,EAAE,YAAoB;IAC1F,4DAA4D;IAC5D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,4BAA4B,OAAO,CAAC,MAAM,sDAAsD,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,YAAY,KAAK,MAAM,IAAI,YAAY,KAAK,aAAa,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,wBAAwB,OAAO,CAAC,MAAM,gCAAgC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,qBAAqB,OAAO,CAAC,MAAM,8CAA8C,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,6FAA6F,CAAC;QACvG,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACzD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,OAAO,CACL,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvB,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvD,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,6EAA6E,CAAC;QACvF,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/D,KAAK,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,2BAA2B,EAAE,CAAC;YACzE,IAAI,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,CAAC;oBACxB,OAAO,8EAA8E,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAClE,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBACjD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,CAAC,CAAC,CAAC;gBACH,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,kFAAkF,CAAC;gBAC5F,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,gFAAgF;IAChF,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;QAC5F,OAAO,6FAA6F,CAAC;IACvG,CAAC;IAED,0CAA0C;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,cAAc,GAClB,wJAAwJ,CAAC,IAAI,CAC3J,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACjB,CAAC;QACJ,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,iBAAiB,OAAO,CAAC,MAAM,2DAA2D,CAAC;QACpG,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,kEAAkE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,yEAAyE;IACzE,8DAA8D;IAC9D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,IAAI,gBAAgB,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,0EAA0E,CAAC;QACpF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,uEAAuE;IACvE,uEAAuE;IACvE,+BAA+B;IAE/B,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"false-positive-review.js","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,iFAAiF;AAGjF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAW9F,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,sBAAsB,GAAG;IAC7B,QAAQ,EAAE,yDAAyD;IACnE,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,yCAAyC;IACnD,MAAM,EAAE,uCAAuC;IAC/C,KAAK,EAAE,wCAAwC;IAC/C,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,6CAA6C;IACtD,KAAK,EAAE,yCAAyC;IAChD,OAAO,EAAE,oCAAoC;CAC9C,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAa;IACxC,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,oCAAoC;IAC9C,MAAM,EAAE,sCAAsC;IAC9C,QAAQ,EAAE,wCAAwC;IAClD,MAAM,EAAE,yCAAyC;IACjD,MAAM,EAAE,8CAA8C;IACtD,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,0CAA0C;IACnD,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,+CAA+C;IACzD,QAAQ,EAAE,+CAA+C;IACzD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,8CAA8C;IACvD,QAAQ,EAAE,wCAAwC;IAClD,KAAK,EAAE,4CAA4C;IACnD,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,0CAA0C;IACnD,UAAU,EAAE,4CAA4C;IACxD,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,kDAAkD;IAC3D,MAAM,EAAE,uCAAuC;CAChD,CAAC;AAEF;;;;GAIG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ,EAAE,gDAAgD;IAC1D,OAAO,EAAE,qDAAqD;IAC9D,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,0CAA0C;IACpD,MAAM,EAAE,0CAA0C;IAClD,KAAK,EAAE,6CAA6C;IACpD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,kDAAkD;IAC3D,KAAK,EAAE,sCAAsC;IAC7C,OAAO,EAAE,qCAAqC;IAC9C,MAAM,EAAE,iDAAiD;IACzD,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,oDAAoD;IAC9D,MAAM,EAAE,+CAA+C;IACvD,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,oDAAoD;IAC7D,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,yCAAyC;IAClD,MAAM,EAAE,uCAAuC;IAC/C,OAAO,EAAE,gDAAgD;IACzD,MAAM,EAAE,qCAAqC;IAC7C,UAAU,EAAE,yCAAyC;IACrD,MAAM,EAAE,sCAAsC;IAC9C,OAAO,EAAE,uDAAuD;IAChE,QAAQ,EAAE,oDAAoD;CAC/D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,2BAA2B,GAK5B;IACH;QACE,yDAAyD;QACzD,OAAO,EAAE,UAAU;QACnB,iBAAiB,EACf,wLAAwL;KAC3L;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,kLAAkL;KACrL;IACD;QACE,uDAAuD;QACvD,OAAO,EAAE,WAAW;QACpB,iBAAiB,EAAE,4FAA4F;KAChH;IACD;QACE,6EAA6E;QAC7E,OAAO,EAAE,eAAe;QACxB,iBAAiB,EACf,6JAA6J;KAChK;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,sIAAsI;KACzI;IACD;QACE,sEAAsE;QACtE,OAAO,EAAE,YAAY;QACrB,iBAAiB,EACf,qKAAqK;KACxK;IACD;QACE,uEAAuE;QACvE,OAAO,EAAE,8CAA8C;QACvD,iBAAiB,EAAE,kBAAkB;KACtC;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,mBAAmB,GAKpB;IACH;QACE,mCAAmC;QACnC,cAAc,EAAE,+CAA+C;QAC/D,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,0DAA0D;QAC1D,cAAc,EAAE,mCAAmC;QACnD,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,8EAA8E;QAC9E,cAAc,EAAE,iBAAiB;QACjC,WAAW,EAAE,0DAA0D;KACxE;IACD;QACE,4EAA4E;QAC5E,cAAc,EAAE,0DAA0D;QAC1E,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,uEAAuE;QACvE,cAAc,EAAE,mGAAmG;QACnH,WAAW,EACT,oHAAoH;KACvH;IACD;QACE,gFAAgF;QAChF,cAAc,EAAE,6DAA6D;QAC7E,WAAW,EACT,2IAA2I;KAC9I;CACF,CAAC;AAEF,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAmB,EACnB,IAAY,EACZ,QAAgB,EAChB,QAAiB;IAEjB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,yBAAyB,MAAM,EAAE,EAAE,CAAC,CAAC;QACrG,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAe,EAAE,KAAc,EAAE,YAAoB;IAC1F,4DAA4D;IAC5D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,4BAA4B,OAAO,CAAC,MAAM,sDAAsD,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,YAAY,KAAK,MAAM,IAAI,YAAY,KAAK,aAAa,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,wBAAwB,OAAO,CAAC,MAAM,gCAAgC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,qBAAqB,OAAO,CAAC,MAAM,8CAA8C,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,6FAA6F,CAAC;QACvG,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACzD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,OAAO,CACL,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvB,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvD,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,6EAA6E,CAAC;QACvF,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/D,KAAK,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,2BAA2B,EAAE,CAAC;YACzE,IAAI,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,CAAC;oBACxB,OAAO,8EAA8E,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAClE,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBACjD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,CAAC,CAAC,CAAC;gBACH,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,kFAAkF,CAAC;gBAC5F,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,gFAAgF;IAChF,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;QAC5F,OAAO,6FAA6F,CAAC;IACvG,CAAC;IAED,0CAA0C;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,cAAc,GAClB,wJAAwJ,CAAC,IAAI,CAC3J,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACjB,CAAC;QACJ,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,iBAAiB,OAAO,CAAC,MAAM,2DAA2D,CAAC;QACpG,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,kEAAkE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,yEAAyE;IACzE,8DAA8D;IAC9D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,IAAI,gBAAgB,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,0EAA0E,CAAC;QACpF,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,0EAA0E;IAC1E,4EAA4E;IAC5E,IACE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAC9B,qEAAqE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EACzF,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,kBAAkB,GACtB,2HAA2H,CAAC,IAAI,CAC9H,QAAQ,CACT,CAAC;QACJ,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,mGAAmG,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,kFAAkF;IAClF,wEAAwE;IACxE,2EAA2E;IAC3E,iEAAiE;IACjE,IACE,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAC9E,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,eAAe,GACnB,gJAAgJ,CAAC,IAAI,CACnJ,QAAQ,CACT,CAAC;QACJ,MAAM,gBAAgB,GACpB,oHAAoH,CAAC,IAAI,CACvH,QAAQ,CACT,CAAC;QACJ,IAAI,eAAe,IAAI,gBAAgB,EAAE,CAAC;YACxC,OAAO,8FAA8F,CAAC;QACxG,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,kEAAkE;IAClE,qEAAqE;IACrE,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;gBACpD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3B,IAAI,CAAC,IAAI;oBAAE,OAAO,KAAK,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,qFAAqF;gBACrF,OAAO,CACL,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC;oBAC5C,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC;oBAChE,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAC9C,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,mFAAmF,CAAC;YAC7F,CAAC;QACH,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvG,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,gEAAgE;QAChE,MAAM,oBAAoB,GACxB,yFAAyF,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3G,MAAM,gBAAgB,GAAG,wEAAwE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjH,IAAI,oBAAoB,IAAI,gBAAgB,EAAE,CAAC;YAC7C,OAAO,8FAA8F,CAAC;QACxG,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,8EAA8E;IAC9E,kFAAkF;IAClF,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,0CAA0C,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACtG,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,eAAe,GACnB,uGAAuG,CAAC,IAAI,CAC1G,QAAQ,CACT,CAAC;QACJ,MAAM,cAAc,GAAG,CAAC,wEAAwE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChH,IAAI,eAAe,IAAI,cAAc,EAAE,CAAC;YACtC,OAAO,kFAAkF,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,oFAAoF;IACpF,8EAA8E;IAC9E,6EAA6E;IAC7E,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,iBAAiB,GACrB,8GAA8G,CAAC,IAAI,CACjH,QAAQ,CACT,CAAC;QACJ,MAAM,gBAAgB,GAAG,CAAC,2EAA2E,CAAC,IAAI,CACxG,QAAQ,CACT,CAAC;QACF,IAAI,iBAAiB,IAAI,gBAAgB,EAAE,CAAC;YAC1C,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/judges/code-structure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"code-structure.d.ts","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,kBAAkB,EAAE,eAuChC,CAAC"}
+{"version":3,"file":"code-structure.d.ts","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,kBAAkB,EAAE,eA4ChC,CAAC"}

package/dist/judges/code-structure.js

@@ -35,6 +35,11 @@ ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has structural problems and actively hunt for complexity, dead code, and over-sized functions. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.
 - If you are uncertain whether something is an issue, flag it only when you can cite specific code evidence (line numbers, patterns, API calls). Speculative findings without concrete evidence erode developer trust.
-- Absence of findings does not mean the code is well-structured. It means your analysis reached its limits. State this explicitly.`,
+- Absence of findings does not mean the code is well-structured. It means your analysis reached its limits. State this explicitly.
+
+FALSE POSITIVE AVOIDANCE:
+- **Dict[str, Any] at serialization boundaries**: When code deserializes JSON (json.loads, JSON.parse, API responses), Dict[str, Any] / Record<string, any> is the correct type until schema validation narrows it. Do not flag dynamic types at JSON I/O boundaries when the schema is defined elsewhere (Pydantic model, TypedDict, Zod schema).
+- **Large single-responsibility files**: A file that implements one cohesive loader/parser/handler (single class, one public entry point) does not violate SRP even if it is >300 lines. Only flag STRUCT-007 when a file handles multiple unrelated concerns.
+- **Async nesting**: async/await with try/except adds inherent nesting depth. If nesting is <=4 and follows a standard async error-handling pattern, do not flag it as excessive.`,
 };
 //# sourceMappingURL=code-structure.js.map

package/dist/judges/code-structure.js.map

@@ -1 +1 @@
-{"version":3,"file":"code-structure.js","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,sBAAsB;IAC5B,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,uQAAuQ;IACzQ,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mIA+BmH;CAClI,CAAC"}
+{"version":3,"file":"code-structure.js","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,sBAAsB;IAC5B,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,uQAAuQ;IACzQ,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kLAoCkK;CACjL,CAAC"}

package/dist/judges/compliance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,eAAe,EAAE,eAiC7B,CAAC"}
+{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,eAAe,EAAE,eAoC7B,CAAC"}

package/dist/judges/compliance.js

@@ -25,6 +25,9 @@ RULES FOR YOUR EVALUATION:
 - Recommend both code changes and process changes where applicable.
 - Score from 0-100 where 100 means fully compliant.
 
+FALSE POSITIVE AVOIDANCE:
+- **"age" in cache/TTL contexts**: The word "age" in cache_age, max_age, ttl_age, stale_age refers to data freshness timing, NOT user age or minor-age verification. Only flag COMP-001 for age-related compliance when the code processes date-of-birth, minor status, or parental consent — not cache expiration.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has compliance gaps and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/compliance.js.map

@@ -1 +1 @@
-{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,iCAAiC;IACzC,WAAW,EACT,6JAA6J;IAC/J,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;6HAyB6G;CAC5H,CAAC"}
+{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,iCAAiC;IACzC,WAAW,EACT,6JAA6J;IAC/J,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;6HA4B6G;CAC5H,CAAC"}

package/dist/judges/cost-effectiveness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cost-effectiveness.d.ts","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAgCpC,CAAC"}
+{"version":3,"file":"cost-effectiveness.d.ts","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAoCpC,CAAC"}

package/dist/judges/cost-effectiveness.js

@@ -24,6 +24,10 @@ RULES FOR YOUR EVALUATION:
 - Consider both runtime cost and developer productivity cost.
 - Score from 0-100 where 100 means optimally cost-effective.
 
+FALSE POSITIVE AVOIDANCE:
+- **Tree/hierarchy traversal**: Nested loops that iterate parent → children (e.g., chapters → sections → articles) visit each element once. Total work is O(total_items), NOT O(n²). Only flag quadratic cost when two independent collections are cross-joined.
+- **Bounded reference datasets**: Loaders for fixed-size data (regulations, schemas, configs with <1000 items) have bounded cost regardless of algorithm choice. Do not flag these as scaling cost concerns.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code wastes resources and actively hunt for inefficiencies. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/cost-effectiveness.js.map

@@ -1 +1 @@
-{"version":3,"file":"cost-effectiveness.js","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,yCAAyC;IACjD,WAAW,EACT,sJAAsJ;IACxJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;kIAwBkH;CACjI,CAAC"}
+{"version":3,"file":"cost-effectiveness.js","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,yCAAyC;IACjD,WAAW,EACT,sJAAsJ;IACxJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;kIA4BkH;CACjI,CAAC"}

package/dist/judges/data-sovereignty.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,eAiDlC,CAAC"}
+{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,eAsDlC,CAAC"}

package/dist/judges/data-sovereignty.js

@@ -41,6 +41,11 @@ RULES FOR YOUR EVALUATION:
 - Recommend concrete remediations: region pinning, BYOK, provider abstraction, circuit breakers, audit logging, and data export APIs.
 - Score from 0-100 where 100 means strong sovereignty posture across data, technology, and operations.
 
+FALSE POSITIVE AVOIDANCE:
+- **Retry/backoff with fallback chain**: When code implements retry with exponential backoff AND a multi-tier fallback (cache → online → bundled/default), this IS an equivalent or superior resilience pattern to a circuit breaker. Do NOT flag SOV-001 for missing circuit breakers when retry+fallback is present.
+- **Read-only reference data fetches**: Fetching public regulatory text, schemas, or reference data from a URL is NOT cross-border personal data egress. Only flag SOV-002 when the outbound call transmits personal data (PII, user profiles, tenant data), not when it reads static public content.
+- **Internal serialization**: json.dumps() / JSON.stringify() used for internal search indexing, caching, or logging is NOT a data export path. Only flag SOV-003 when serialization feeds an outbound transfer endpoint (HTTP response, file export, queue publish with external consumer).
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume sovereignty controls are missing unless explicitly shown.
 - Never praise or compliment the code. Report only gaps, risks, and deficiencies.

package/dist/judges/data-sovereignty.js.map

@@ -1 +1 @@
-{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,+CAA+C;IACvD,WAAW,EACT,iPAAiP;IACnP,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFAyCoE;CACnF,CAAC"}
+{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,+CAA+C;IACvD,WAAW,EACT,iPAAiP;IACnP,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFA8CoE;CACnF,CAAC"}

package/dist/judges/database.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,aAAa,EAAE,eAiC3B,CAAC"}
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,aAAa,EAAE,eAqC3B,CAAC"}

package/dist/judges/database.js

@@ -25,6 +25,10 @@ RULES FOR YOUR EVALUATION:
 - Flag patterns that will degrade as data volume grows.
 - Score from 0-100 where 100 means excellent database practices.
 
+FALSE POSITIVE AVOIDANCE:
+- **Environment variable fallback defaults**: Connection strings in os.environ.get('DB_URL', 'sqlite:///default.db') or process.env.DB_URL || 'localhost' are standard development defaults, NOT hardcoded production credentials. Only flag DB-001 when a connection string with real credentials appears outside an env-var fallback pattern.
+- **In-memory/embedded databases as defaults**: SQLite, DuckDB, or H2 defaults are normal for local development and testing. Flag only when production deployment docs are missing, not the default value itself.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume database usage is unsafe and inefficient and actively hunt for problems. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/database.js.map

@@ -1 +1 @@
-{"version":3,"file":"database.js","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,aAAa,GAAoB;IAC5C,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE,oCAAoC;IAC5C,WAAW,EACT,uKAAuK;IACzK,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;iIAyBiH;CAChI,CAAC"}
+{"version":3,"file":"database.js","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,aAAa,GAAoB;IAC5C,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE,oCAAoC;IAC5C,WAAW,EACT,uKAAuK;IACzK,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iIA6BiH;CAChI,CAAC"}

package/dist/judges/internationalization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"internationalization.d.ts","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,yBAAyB,EAAE,eAiCvC,CAAC"}
+{"version":3,"file":"internationalization.d.ts","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,yBAAyB,EAAE,eAsCvC,CAAC"}

package/dist/judges/internationalization.js

@@ -25,6 +25,11 @@ RULES FOR YOUR EVALUATION:
 - Consider the impact on languages with different scripts (CJK, Arabic, Thai, Devanagari).
 - Score from 0-100 where 100 means fully internationalization-ready.
 
+FALSE POSITIVE AVOIDANCE:
+- **Internal constant definitions**: Constants like _F_TITLE = 'title' or FIELD_NAME = 'name' are JSON/API field-name keys for internal data processing, NOT user-facing strings. Only flag I18N-001 when strings are rendered to end-user UIs (HTML, templates, CLI output messages), not when they are dictionary lookup keys or schema field names.
+- **Developer tools / MCP servers / CLI tools**: Projects that output to developer consoles, AI agents, or machine-readable formats (Markdown, JSON, SARIF) do not require i18n. Only flag I18N when the project has a user-facing UI requiring translation.
+- **Sourced regulatory/legal text**: Content loaded from regulatory sources (laws, standards) in its original language does not require translation.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code will break in non-English locales and actively hunt for i18n defects. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/internationalization.js.map

@@ -1 +1 @@
-{"version":3,"file":"internationalization.js","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,EAAE,EAAE,sBAAsB;IAC1B,IAAI,EAAE,4BAA4B;IAClC,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,oJAAoJ;IACtJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;8IAyB8H;CAC7I,CAAC"}
+{"version":3,"file":"internationalization.js","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,EAAE,EAAE,sBAAsB;IAC1B,IAAI,EAAE,4BAA4B;IAClC,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,oJAAoJ;IACtJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8IA8B8H;CAC7I,CAAC"}

package/dist/judges/performance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"performance.d.ts","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAmC9B,CAAC"}
+{"version":3,"file":"performance.d.ts","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAwC9B,CAAC"}

package/dist/judges/performance.js

@@ -27,6 +27,11 @@ RULES FOR YOUR EVALUATION:
 - Distinguish between premature optimization and genuine hot-path issues.
 - Score from 0-100 where 100 means optimally performant.
 
+FALSE POSITIVE AVOIDANCE:
+- **Nested loops on tree structures**: When inner loops iterate over children/members of the outer item (e.g., chapters → sections → articles), the total work is O(total_items), NOT O(n²). Do not flag tree traversals or parent-child iteration as quadratic complexity.
+- **Bounded reference data**: Loaders for fixed-size datasets (regulations, schemas, configs) operate on bounded input. Do not flag O(n²) when the dataset is documented as bounded and small (e.g., <1000 items).
+- **List comprehensions flattening trees**: A comprehension that flattens nested structures visits each leaf once — it is not a cross-join.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has performance problems and actively hunt for bottlenecks. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/performance.js.map

@@ -1 +1 @@
-{"version":3,"file":"performance.js","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,kKAAkK;IACpK,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;8HA2B8G;CAC7H,CAAC"}
+{"version":3,"file":"performance.js","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,kKAAkK;IACpK,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8HAgC8G;CAC7H,CAAC"}

package/dist/judges/scalability.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scalability.d.ts","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAiC9B,CAAC"}
+{"version":3,"file":"scalability.d.ts","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAqC9B,CAAC"}

package/dist/judges/scalability.js

@@ -25,6 +25,10 @@ RULES FOR YOUR EVALUATION:
 - Recommend specific architectural patterns (CQRS, event sourcing, circuit breakers, etc.).
 - Score from 0-100 where 100 means fully scalable with no bottlenecks.
 
+FALSE POSITIVE AVOIDANCE:
+- **Distributed lock with local fallback**: When code implements a distributed lock (Redlock, Redis lock, etcd, Consul) as the primary mechanism AND uses a local lock (asyncio.Lock, threading.Lock) as a documented single-instance fallback, do NOT flag the local lock as a scaling issue. This is a correct graceful-degradation pattern.
+- **Two-tier locking**: If comments document a two-tier design (distributed for multi-instance, local for single-instance), accept the design. A compliance/dev tool should still function without external infrastructure.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code will not scale and actively hunt for bottlenecks. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/scalability.js.map

@@ -1 +1 @@
-{"version":3,"file":"scalability.js","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,2BAA2B;IACnC,WAAW,EACT,+JAA+J;IACjK,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;2HAyB2G;CAC1H,CAAC"}
+{"version":3,"file":"scalability.js","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,2BAA2B;IACnC,WAAW,EACT,+JAA+J;IACjK,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2HA6B2G;CAC1H,CAAC"}

package/dist/judges/software-practices.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"software-practices.d.ts","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAmCpC,CAAC"}
+{"version":3,"file":"software-practices.d.ts","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAwCpC,CAAC"}

package/dist/judges/software-practices.js

@@ -27,6 +27,11 @@ RULES FOR YOUR EVALUATION:
 - Reference Clean Code (Robert Martin), SOLID, DRY, KISS, YAGNI where applicable.
 - Score from 0-100 where 100 means exemplary software engineering.
 
+FALSE POSITIVE AVOIDANCE:
+- **Justified suppression comments**: type: ignore, noqa, eslint-disable, and similar comments that include a rationale (e.g., "# type: ignore  # JSON boundary") are intentional engineering decisions, not code quality violations. Only flag SWDEV-001 for bare suppressions without justification.
+- **Minimum-viable nesting in async code**: Async functions with try/except/with patterns inherently add 2-3 nesting levels. Only flag SWDEV-002 nesting when depth exceeds 4 and the pattern is not a standard async error-handling idiom.
+- **Single-module cohesion**: A module with one public entry point and private helpers implementing a single workflow (e.g., load → parse → index) is cohesive even if it has many private methods. Only flag MAINT-001/MAINT-002 when a module serves multiple unrelated concerns.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has engineering quality problems and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/software-practices.js.map

@@ -1 +1 @@
-{"version":3,"file":"software-practices.js","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,mDAAmD;IAC3D,WAAW,EACT,6LAA6L;IAC/L,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;uIA2BuH;CACtI,CAAC"}
+{"version":3,"file":"software-practices.js","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,mDAAmD;IAC3D,WAAW,EACT,6LAA6L;IAC/L,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uIAgCuH;CACtI,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@kevinrabun/judges",
-  "version": "3.20.3",
-  "description": "35 specialized judges that evaluate AI-generated code for security, cost, and quality.",
+  "version": "3.20.5",
+  "description": "37 specialized judges that evaluate AI-generated code for security, cost, and quality.",
   "mcpName": "io.github.KevinRabun/judges",
   "type": "module",
   "main": "dist/index.js",

package/server.json

@@ -2,17 +2,17 @@
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "io.github.KevinRabun/judges",
   "title": "Judges Panel",
-  "description": "35 judges that evaluate AI-generated code for security, cost, and quality with built-in AST.",
+  "description": "37 judges that evaluate AI-generated code for security, cost, and quality with built-in AST.",
   "repository": {
     "url": "https://github.com/kevinrabun/judges",
     "source": "github"
   },
-  "version": "3.20.3",
+  "version": "3.20.5",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@kevinrabun/judges",
-      "version": "3.20.3",
+      "version": "3.20.5",
       "transport": {
         "type": "stdio"
       }
@@ -21,7 +21,7 @@
   "tools": [
     {
       "name": "evaluate_code",
-      "description": "Submit code to the full 35-judge tribunal for security, cost, and quality analysis. Handles all code types including application code, infrastructure-as-code (Bicep, Terraform, ARM), and configuration files."
+      "description": "Submit code to the full 37-judge tribunal for security, cost, and quality analysis. Handles all code types including application code, infrastructure-as-code (Bicep, Terraform, ARM), and configuration files."
     },
     {
       "name": "evaluate_code_single_judge",
@@ -59,7 +59,7 @@
   "prompts": [
     {
       "name": "full-tribunal",
-      "description": "Convene all 35 judges for a comprehensive LLM-powered deep review."
+      "description": "Convene all 37 judges for a comprehensive LLM-powered deep review."
     },
     {
       "name": "judge-{id}",