@kevinrabun/judges 3.20.4 → 3.20.6

package/CHANGELOG.md

@@ -2,6 +2,50 @@
 
 All notable changes to **@kevinrabun/judges** are documented here.
 
+## [3.20.6] — 2026-03-03
+
+### Fixed
+- **False positive reduction — 4 new heuristics (H18–H21) + 4 new pattern entries** — Proactive FP analysis adding heuristics and extending pattern arrays to reduce false positives across common code idioms:
+  - **H18**: Barrel/re-export file suppression — absence-based findings (ERR-001, OBS-001, etc.) suppressed on files where ≥80% of lines are re-exports, imports, comments, or blanks (index.ts, \_\_init\_\_.py, mod.rs barrel files)
+  - **H19**: Decorator/annotation security presence — AUTH absence findings suppressed when the file contains authentication decorators (`@login_required`, `[Authorize]`, `@PreAuthorize`, `@Secured`, `@RolesAllowed`, etc.)
+  - **H20**: Enum/union type definitions — keyword collision findings suppressed when all flagged lines are enum values or union type members containing security keywords as inert values (`Action.DELETE`, `type Method = "GET" | "DELETE"`)
+  - **H21**: Log/error message security keywords — findings triggered by `password`/`secret`/`token`/`credential` suppressed when all flagged lines are logging calls (`logger.error(...)`, `console.warn(...)`) describing the operation rather than leaking credentials; excludes LOGPRIV/LOG-* findings that flag the logging itself as the problem
+  - **Extended KEYWORD_IDENTIFIER_PATTERNS**: Added `key` pattern (matches `apiKeyHeader`, `primaryKey`, `foreignKey`, `keyVaultUrl` but NOT `apiKey` alone) and `hash` pattern (matches `contentHash`, `fileHash`, `checksumHash`, `hashCode`, `hashMap` — non-crypto contexts)
+  - **Extended SAFE_IDIOM_PATTERNS**: Added log/error message suppression for security keywords in logging calls (with LOGPRIV exclusion) and HTTP routing `app.delete()`/`router.delete()` suppression for data-deletion findings
+
+### Tests
+- 32 new tests covering all new heuristics and pattern entries: key/hash identifier collision (4), log/error message idiom (4), HTTP routing delete (3), barrel/re-export files (3), decorator security presence (4), enum/union type (4), log message keyword suppression (4), TP confidence edge cases (6)
+- 1606 tests, 0 failures
+
+## [3.20.5] — 2026-03-03
+
+### Fixed
+- **False positive reduction — 6 new heuristics + 4 extended patterns** — Added six new deterministic FP heuristics to `filterFalsePositiveHeuristics` and extended three existing pattern sets, addressing 12 high-confidence false positive categories identified in regulated-policy evaluations:
+  - **H12**: Distributed lock fallback — SCALE local-lock findings suppressed when Redlock/Redis/etcd/Consul/ZooKeeper distributed locking is present in the same module
+  - **H13**: Retry/backoff/fallback chain — SOV-001/REL resilience findings suppressed when retry with exponential backoff or multi-tier fallback (cache→online→bundled) is implemented
+  - **H14**: Constant definitions — I18N hardcoded-string findings suppressed when flagged lines are ALL_CAPS or `const` constant definitions (field-name keys, not user-facing text)
+  - **H15**: Bounded-dataset tree traversal — PERF/COST O(n²) findings suppressed when code traverses tree structures (chapters→sections→articles) or operates on documented bounded datasets
+  - **H16**: Read-only content fetch — SOV-002 cross-border findings suppressed when code fetches public/regulatory content with no personal data patterns
+  - **H17**: Cache-age/TTL context — COMP age-verification findings suppressed when "age" appears in cache/TTL context (cache_age, max_age, stale) with no user-age patterns (dob, minor, parental)
+  - **Extended WEB_ONLY_PREFIXES**: Added `I18N-` — i18n findings now gated to files with HTML/JSX/DOM patterns
+  - **Extended KEYWORD_IDENTIFIER_PATTERNS**: Broadened `age` regex to cover hyphenated/underscored cache-age, stale-age, fresh-age, and age-seconds/minutes/hours/days/ms/header patterns
+  - **Extended SAFE_IDIOM_PATTERNS**: Added 3 new entries — json.dumps/JSON.stringify for SOV-003 data-export findings, os.environ.get/process.env for DB-001 connection-string findings, and justified type:ignore/noqa/eslint-disable for SWDEV-001/CICD-003 suppression findings
+
+- **Judge system prompt anti-FP guidance** — Added `FALSE POSITIVE AVOIDANCE` sections to 9 judge system prompts, providing explicit instructions to avoid known false-positive patterns at the LLM generation layer:
+  - **performance.ts**: Tree traversal is O(n), not O(n²); bounded reference datasets; list comprehension flattening
+  - **scalability.ts**: Distributed lock with local fallback is correct graceful degradation; two-tier locking design
+  - **data-sovereignty.ts**: Retry/fallback ≡ circuit breaker; read-only reference data ≠ cross-border egress; internal serialization ≠ data export
+  - **compliance.ts**: Cache-age/TTL "age" ≠ user age verification
+  - **internationalization.ts**: Constant definitions ≠ user-facing strings; developer tools/MCP servers don't need i18n; sourced regulatory text
+  - **cost-effectiveness.ts**: Tree/hierarchy traversal; bounded reference datasets
+  - **database.ts**: Environment variable fallback defaults; in-memory/embedded database defaults
+  - **code-structure.ts**: Dict[str,Any] at JSON boundaries; large single-responsibility files; async nesting ≤4
+  - **software-practices.ts**: Justified suppression comments; minimum-viable async nesting; single-module cohesion
+
+### Tests
+- Added 17 new tests covering all 6 new FP heuristics (H12–H17), I18N web-only gating, safe idiom extensions (env var fallback, justified suppressions, json.dumps), with both positive (should suppress) and negative (should keep) test cases
+- All 1,574 tests pass (976 judges + 218 negative + 268 subsystems + 70 extension + 42 tool-routing)
+
 ## [3.20.4] — 2026-03-03
 
 ### Fixed

package/dist/evaluators/false-positive-review.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"false-positive-review.d.ts","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,iDAAiD;IACjD,OAAO,EAAE,OAAO,EAAE,CAAC;CACpB;AA6KD;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,OAAO,EAAE,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,cAAc,CAsBhB"}
+{"version":3,"file":"false-positive-review.d.ts","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAK3C,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,iDAAiD;IACjD,OAAO,EAAE,OAAO,EAAE,CAAC;CACpB;AA4ND;;;;;;;;;;;;GAYG;AACH,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,OAAO,EAAE,EACnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,cAAc,CAsBhB"}

package/dist/evaluators/false-positive-review.js

@@ -97,9 +97,9 @@ const CODE_ONLY_RULE_PREFIXES = [
  */
 const KEYWORD_IDENTIFIER_PATTERNS = [
     {
-        // "age" in cacheAge, maxAge, ttlAge, etc.
+        // "age" in cacheAge, maxAge, ttlAge, cache-age log, etc.
         trigger: /\bage\b/i,
-        identifierContext: /(?:cache|max|ttl|min|avg|token|cookie|session|expir)\s*age|age\s*(?:out|limit|check)/i,
+        identifierContext: /(?:cache|max|ttl|min|avg|token|cookie|session|expir|stale|fresh)\s*[-_]?\s*age|age\s*[-_]?\s*(?:out|limit|check|seconds|minutes|hours|days|ms|header)|\bcache[_-]age\b|\bmax[_-]age\b/i,
     },
     {
         // "delete" in deleteButton, onDelete, handleDelete, isDeleted
@@ -131,6 +131,18 @@ const KEYWORD_IDENTIFIER_PATTERNS = [
         trigger: /\bglobal\b.*\bstate\b|\bstate\b.*\bglobal\b/i,
         identifierContext: /^\s*global\s+\w+/,
     },
+    {
+        // "key" in apiKeyHeader, primaryKey, foreignKey, keyName, keyPath, key_vault
+        // Note: api/encryption/signing/public/private prefixes require a suffix after "key"
+        // (e.g. apiKeyHeader ✓, apiKey ✗) because "apiKey" alone often holds an actual key value.
+        trigger: /\bkey\b/i,
+        identifierContext: /(?:primary|foreign|partition|sort|composite|cache)\s*[-_]?\s*key|(?:api|encryption|signing|public|private)\s*[-_]?\s*key\w+|key\s*[-_]?\s*(?:name|path|id|vault|ring|store|pair|size|length|spec|ref|alias|header|prefix|column|field|index)|\bkey[_-]vault\b|\bKeyVault\b/i,
+    },
+    {
+        // "hash" in fileHash, contentHash, checksumHash, hashCode — non-crypto contexts
+        trigger: /\bhash\b/i,
+        identifierContext: /(?:file|content|checksum|etag|commit|git|fingerprint|bucket|consistent)\s*[-_]?\s*hash|hash\s*[-_]?\s*(?:code|map|set|table|ring|key|value|function|sum|digest|string|name|id)|\bhashCode\b|\bhashMap\b|\bhashSet\b|\bgetHash\b|\bcomputeHash\b/i,
+    },
 ];
 /**
  * Standard-library / framework calls that are safe but trigger pattern
@@ -153,6 +165,33 @@ const SAFE_IDIOM_PATTERNS = [
         findingPattern: /path\s*travers/i,
         safeContext: /(?:os\.path\.join|path\.join|Path\.Combine)\s*\(\s*["'`]/,
     },
+    {
+        // json.dumps / JSON.stringify flagged as data export/transfer by SOV judges
+        findingPattern: /data\s*(?:export|transfer|egress)|export\s*path|SOV-003/i,
+        safeContext: /json\.dumps\s*\(|JSON\.stringify\s*\(|json\.dump\s*\(/i,
+    },
+    {
+        // Connection string in env var fallback (os.environ.get / process.env)
+        findingPattern: /hardcoded.*(?:connection|database|db|redis|mongo|postgres|mysql)|connection.*string.*code|DB-001/i,
+        safeContext: /os\.environ\.get\s*\(|os\.getenv\s*\(|process\.env\.|System\.getenv\s*\(|Environment\.GetEnvironmentVariable\s*\(/i,
+    },
+    {
+        // Justified type: ignore / noqa suppression comments — not reckless suppression
+        findingPattern: /suppress|type.*ignore|noqa|lint.*disabl|SWDEV-001|CICD-003/i,
+        safeContext: /(?:#\s*type:\s*ignore|#\s*noqa|(?:\/\/|#)\s*eslint-disable).*(?:--|—|because|reason|\bfor\b|\bdue\b|\bruntyped\b|\bstubs\b|\bno\s+stubs)/i,
+    },
+    {
+        // logger.error / log.warn / console.error containing security keywords in the message string
+        // Exclude findings that are specifically ABOUT credential logging (LOGPRIV, LOG-*)
+        findingPattern: /password|secret|token|credential|hardcoded/i,
+        safeContext: /(?:logger|log|console|logging)\s*\.\s*(?:error|warn|warning|info|debug|critical|fatal)\s*\(/i,
+        excludePattern: /\blog(?:ged|ging|s|file)?\b|LOGPRIV|^LOG-/i,
+    },
+    {
+        // HTTP routing method app.delete() / router.delete() — "delete" is an HTTP verb, not data destruction
+        findingPattern: /\bdelete\b.*(?:data|destruct|unprotect|unauthori)|dangerous.*delete/i,
+        safeContext: /(?:app|router|server|express|fastify|hapi|koa)\s*\.\s*delete\s*\(\s*["'`\/]|@(?:app|router)\s*\.\s*delete\s*\(/i,
+    },
 ];
 // ─── Core Filter Function ───────────────────────────────────────────────────
 /**
@@ -269,8 +308,12 @@ function getFpReason(finding, lines, isIaC, fileCategory) {
     }
     // ── 7. Safe standard-library idiom ──
     if (finding.lineNumbers && finding.lineNumbers.length > 0) {
-        for (const { findingPattern, safeContext } of SAFE_IDIOM_PATTERNS) {
+        for (const { findingPattern, safeContext, excludePattern } of SAFE_IDIOM_PATTERNS) {
             if (findingPattern.test(finding.title) || findingPattern.test(finding.ruleId)) {
+                // Skip safe-idiom suppression when the finding is about the very thing we'd suppress
+                if (excludePattern && (excludePattern.test(finding.title) || excludePattern.test(finding.ruleId))) {
+                    continue;
+                }
                 const hasSafeCtx = finding.lineNumbers.some((ln) => {
                     const line = lines[ln - 1];
                     return line !== undefined && safeContext.test(line);
@@ -291,7 +334,7 @@ function getFpReason(finding, lines, isIaC, fileCategory) {
     // ── 9. Web-only rules on non-web code ──
     // Accessibility, UX, and i18n rendering rules are only meaningful on files
     // that contain web-facing patterns (HTML, JSX, routes, templates, CSS).
-    const WEB_ONLY_PREFIXES = ["A11Y-", "UX-"];
+    const WEB_ONLY_PREFIXES = ["A11Y-", "UX-", "I18N-"];
     const isWebOnly = WEB_ONLY_PREFIXES.some((p) => finding.ruleId.startsWith(p));
     if (isWebOnly) {
         const hasWebPatterns = /<\w+[\s>]|className=|style=|href=|jsx|tsx|\.html|\.css|render\s*\(|dangerouslySetInnerHTML|innerHTML|document\.|window\.|querySelector|getElementById/i.test(lines.join("\n"));
@@ -321,10 +364,164 @@ function getFpReason(finding, lines, isIaC, fileCategory) {
             return "Absence-based finding on trivially small file — likely a false positive.";
         }
     }
-    // ── 12. (reserved — absence gating moved upstream to evaluateWithJudge) ──
-    // Absence-based rules are gated by projectMode in evaluateWithJudge():
-    // suppressed in single-file mode, allowed in project mode. No need for
-    // a file-level heuristic here.
+    // ── 12. Distributed lock presence suppresses local-lock scaling findings ──
+    // SCALE-001 flags local file/process locks, but if the same file implements
+    // distributed locking (Redlock, Redis lock, etcd, Consul, ZooKeeper), the
+    // local lock is a documented single-instance fallback, not a scaling issue.
+    if (/^SCALE-/.test(finding.ruleId) &&
+        /local.*lock|process.*lock|file.*lock|asyncio\.Lock|threading\.Lock/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const hasDistributedLock = /\bredlock\b|\bredis.*lock\b|\bdistributed.*lock\b|\betcd\b.*lock|\bconsul\b.*lock|\bzookeeper\b.*lock|\bLock\s*\(.*redis/i.test(fullCode);
+        if (hasDistributedLock) {
+            return "Local lock is a fallback — distributed locking (Redlock/Redis) is implemented in the same module.";
+        }
+    }
+    // ── 13. Retry/backoff/fallback suppresses resilience-pattern-absence findings ──
+    // SOV-001 and REL- rules flag missing circuit breakers, but if the code
+    // implements retry with backoff and/or a multi-tier fallback chain, it has
+    // equivalent or better resilience than a simple circuit breaker.
+    if (/^(?:SOV-001|REL-)/.test(finding.ruleId) &&
+        /circuit.?breaker|resilience|without.*(?:retry|fallback)/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const hasRetryPattern = /\bretry\b.*\b(?:backoff|exponential|delay)\b|\bbackoff\b.*\bretry\b|\btenacity\b|\bretrying\b|@retry\b|with_retry\b|fetch.*retry|retry.*fetch/i.test(fullCode);
+        const hasFallbackChain = /\bfallback\b.*\b(?:cache|bundled|default|local|offline)\b|(?:cache|bundled|default|local|offline)\b.*\bfallback\b/i.test(fullCode);
+        if (hasRetryPattern || hasFallbackChain) {
+            return "Retry/backoff and/or fallback chain detected — equivalent resilience pattern is implemented.";
+        }
+    }
+    // ── 14. Constant definitions suppress I18N hardcoded-string findings ──
+    // I18N-001 flags hardcoded strings, but constant definitions like
+    // _F_TITLE = 'title' are JSON field-name keys, not user-facing text.
+    if (/^I18N-/.test(finding.ruleId) && /hardcoded.*string/i.test(finding.title)) {
+        if (finding.lineNumbers && finding.lineNumbers.length > 0) {
+            const allConstants = finding.lineNumbers.every((ln) => {
+                const line = lines[ln - 1];
+                if (!line)
+                    return false;
+                const trimmed = line.trim();
+                // Python/JS/TS constant definitions: ALL_CAPS_NAME = "value" or const NAME = "value"
+                return (/^[A-Z_][A-Z_0-9]*\s*=\s*["']/.test(trimmed) ||
+                    /^(?:const|final|static\s+final)\s+\w+\s*=\s*["']/.test(trimmed) ||
+                    /^_[A-Z_][A-Z_0-9]*\s*=\s*["']/.test(trimmed));
+            });
+            if (allConstants) {
+                return "Flagged strings are constant definitions (field-name keys), not user-facing text.";
+            }
+        }
+    }
+    // ── 15. Bounded-dataset tree traversal suppresses O(n²) nested-loop findings ──
+    // PERF-002/COST-001 flag nested loops as O(n²), but tree traversals
+    // (chapters → sections → articles) iterate each item once — O(n total).
+    if (/^(?:PERF|COST)-/.test(finding.ruleId) && /nested.*loop|O\(n[²2]\)|quadratic/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        // Detect documented bounded datasets or tree-traversal patterns
+        const hasBoundedDatasetDoc = /\bbounded\b.*\b(?:dataset|corpus|data|size)\b|\bfixed[- ]size\b|\bO\(n\)\b|\bO\(total_/i.test(fullCode);
+        const hasTreeTraversal = /\bchapter|\bsection|\barticle|\bnode|\bchild(?:ren)?|\btree|\btravers/i.test(fullCode);
+        if (hasBoundedDatasetDoc || hasTreeTraversal) {
+            return "Nested iteration is a tree traversal over a bounded dataset — total work is O(n), not O(n²).";
+        }
+    }
+    // ── 16. Read-only content fetch suppresses cross-border data egress findings ──
+    // SOV-002 flags external API calls as cross-border data egress, but read-only
+    // fetches of public regulatory/reference content are not personal data transfers.
+    if (/^SOV-002/.test(finding.ruleId) && /cross.?border|data.*egress|jurisdiction/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const isReadOnlyFetch = /\bfetch\b.*\b(?:regulation|reference|content|static|public|gdpr|law)\b|\breadonly\b|\bread[_-]only\b/i.test(fullCode);
+        const noPersonalData = !/\buser[_-]?data\b|\bpersonal[_-]?data\b|\bpii\b|\bprofile\b.*\bdata\b/i.test(fullCode);
+        if (isReadOnlyFetch && noPersonalData) {
+            return "Read-only fetch of public/regulatory content — no personal data egress detected.";
+        }
+    }
+    // ── 17. Cache-age / TTL context suppresses compliance age-verification findings ──
+    // COMP-001 flags "age" as age-verification concern, but in cache/TTL contexts
+    // (cache_age, max_age, stale), "age" refers to data freshness, not user age.
+    if (/^COMP-/.test(finding.ruleId) && /\bage\b/i.test(finding.title)) {
+        const fullCode = lines.join("\n");
+        const isCacheAgeContext = /\bcache[_-]?age\b|\bmax[_-]?age\b|\bttl\b.*\bage\b|\bstale\b.*\bage\b|\bage\b.*\bseconds\b|\bage\b.*\bexpir/i.test(fullCode);
+        const noUserAgeContext = !/\bdate[_-]?of[_-]?birth\b|\bdob\b|\bminor\b|\bparental\b|\bage[_-]?verif/i.test(fullCode);
+        if (isCacheAgeContext && noUserAgeContext) {
+            return "Term 'age' appears in cache/TTL context (data freshness), not user age verification.";
+        }
+    }
+    // ── 18. Barrel / re-export files suppress absence-based findings ──
+    // Index files (index.ts, __init__.py, mod.rs) that primarily re-export
+    // other modules trigger absence-based findings like "missing error handling"
+    // or "missing validation" despite having no logic to validate.
+    if (finding.isAbsenceBased) {
+        const totalLines = lines.length;
+        const reExportLines = lines.filter((l) => {
+            const t = l.trim();
+            return (/^export\s+\{/.test(t) ||
+                /^export\s+\*\s+from\s/.test(t) ||
+                /^export\s+(?:default\s+)?(?:type\s+)?\w+\s+from\s/.test(t) ||
+                /^from\s+\S+\s+import\s/.test(t) ||
+                /^import\s/.test(t) ||
+                /^__all__\s*=/.test(t) ||
+                /^pub\s+(?:mod|use)\s/.test(t) ||
+                t.length === 0 ||
+                /^\s*(?:\/\/|\/\*|\*|#|$)/.test(t));
+        }).length;
+        if (totalLines > 0 && reExportLines / totalLines >= 0.8) {
+            return "File is primarily re-exports/barrel — absence-based rules do not apply to aggregation modules.";
+        }
+    }
+    // ── 19. Decorator/annotation security presence suppresses AUTH absence findings ──
+    // If the file contains authentication/authorization decorators or annotations,
+    // absence-based AUTH- findings claiming "missing authentication" are FPs —
+    // the auth IS present via the decorator.
+    if (/^AUTH-/.test(finding.ruleId) && finding.isAbsenceBased) {
+        const fullCode = lines.join("\n");
+        const hasSecurityDecorator = /@login_required|@requires_auth|@authenticated|@auth_required|@require_login|@jwt_required|\[Authorize\]|\[AllowAnonymous\]|@PreAuthorize|@Secured|@RolesAllowed|@PermitAll|@RequiresPermissions|@RequiresRoles|@Protected\b/i.test(fullCode);
+        if (hasSecurityDecorator) {
+            return "Authentication decorator/annotation is present — auth is enforced via framework mechanism.";
+        }
+    }
+    // ── 20. Enum / union type definitions suppress keyword collision findings ──
+    // Enum values like `Action.DELETE`, `Method.POST`, or union types like
+    // `type Method = "GET" | "DELETE"` contain security keywords as inert values.
+    if (finding.lineNumbers && finding.lineNumbers.length > 0) {
+        const allEnumOrUnion = finding.lineNumbers.every((ln) => {
+            const line = lines[ln - 1];
+            if (!line)
+                return false;
+            const trimmed = line.trim();
+            return (/^\s*(?:export\s+)?enum\s+\w+/.test(trimmed) ||
+                /^\s*\w+\s*=\s*["']\w+["']\s*,?\s*(?:\/\/.*)?$/.test(trimmed) ||
+                /^\s*(?:export\s+)?type\s+\w+\s*=\s*(?:["'].*["']\s*\|?\s*)+/.test(trimmed) ||
+                /^\s*\|\s*["']/.test(trimmed));
+        });
+        if (allEnumOrUnion) {
+            const titleAndDesc = `${finding.title} ${finding.description}`;
+            const hasSecurityKeyword = /\bdelete\b|\bexec\b|\bpassword\b|\bsecret\b|\btoken\b|\bdrop\b|\bkill\b|\broot\b|\badmin\b/i.test(titleAndDesc);
+            if (hasSecurityKeyword) {
+                return "Security keyword appears in an enum/union type definition — inert value, not a dangerous operation.";
+            }
+        }
+    }
+    // ── 21. Log/error message strings with security keywords are informational ──
+    // Findings triggered by keywords like "password", "token", "secret" inside
+    // logging statements (logger.error("Failed to validate password")) are FPs —
+    // the log describes the operation, it doesn't leak the actual credential.
+    if (finding.lineNumbers && finding.lineNumbers.length > 0) {
+        const titleAndDesc = `${finding.title} ${finding.description}`;
+        const hasCredentialKeyword = /\bpassword\b|\bsecret\b|\btoken\b|\bcredential\b/i.test(titleAndDesc);
+        if (hasCredentialKeyword) {
+            // Don't suppress findings that are specifically ABOUT credential logging —
+            // those findings flag the log line itself as the problem (e.g. LOGPRIV-001).
+            const isAboutLogging = /\blog(?:ged|ging|s|file)?\b/i.test(titleAndDesc) || /^LOG|LOGPRIV/i.test(finding.ruleId);
+            if (!isAboutLogging) {
+                const allLogLines = finding.lineNumbers.every((ln) => {
+                    const line = lines[ln - 1];
+                    if (!line)
+                        return false;
+                    return /(?:logger|log|console|logging)\s*\.\s*(?:error|warn|warning|info|debug|critical|fatal|log)\s*\(/i.test(line);
+                });
+                if (allLogLines) {
+                    return "Security keyword appears inside a logging statement — describes the operation, not a credential leak.";
+                }
+            }
+        }
+    }
     return null;
 }
 //# sourceMappingURL=false-positive-review.js.map

package/dist/evaluators/false-positive-review.js.map

@@ -1 +1 @@
-{"version":3,"file":"false-positive-review.js","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,iFAAiF;AAGjF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAW9F,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,sBAAsB,GAAG;IAC7B,QAAQ,EAAE,yDAAyD;IACnE,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,yCAAyC;IACnD,MAAM,EAAE,uCAAuC;IAC/C,KAAK,EAAE,wCAAwC;IAC/C,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,6CAA6C;IACtD,KAAK,EAAE,yCAAyC;IAChD,OAAO,EAAE,oCAAoC;CAC9C,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAa;IACxC,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,oCAAoC;IAC9C,MAAM,EAAE,sCAAsC;IAC9C,QAAQ,EAAE,wCAAwC;IAClD,MAAM,EAAE,yCAAyC;IACjD,MAAM,EAAE,8CAA8C;IACtD,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,0CAA0C;IACnD,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,+CAA+C;IACzD,QAAQ,EAAE,+CAA+C;IACzD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,8CAA8C;IACvD,QAAQ,EAAE,wCAAwC;IAClD,KAAK,EAAE,4CAA4C;IACnD,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,0CAA0C;IACnD,UAAU,EAAE,4CAA4C;IACxD,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,kDAAkD;IAC3D,MAAM,EAAE,uCAAuC;CAChD,CAAC;AAEF;;;;GAIG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ,EAAE,gDAAgD;IAC1D,OAAO,EAAE,qDAAqD;IAC9D,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,0CAA0C;IACpD,MAAM,EAAE,0CAA0C;IAClD,KAAK,EAAE,6CAA6C;IACpD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,kDAAkD;IAC3D,KAAK,EAAE,sCAAsC;IAC7C,OAAO,EAAE,qCAAqC;IAC9C,MAAM,EAAE,iDAAiD;IACzD,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,oDAAoD;IAC9D,MAAM,EAAE,+CAA+C;IACvD,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,oDAAoD;IAC7D,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,yCAAyC;IAClD,MAAM,EAAE,uCAAuC;IAC/C,OAAO,EAAE,gDAAgD;IACzD,MAAM,EAAE,qCAAqC;IAC7C,UAAU,EAAE,yCAAyC;IACrD,MAAM,EAAE,sCAAsC;IAC9C,OAAO,EAAE,uDAAuD;IAChE,QAAQ,EAAE,oDAAoD;CAC/D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,2BAA2B,GAK5B;IACH;QACE,0CAA0C;QAC1C,OAAO,EAAE,UAAU;QACnB,iBAAiB,EAAE,uFAAuF;KAC3G;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,kLAAkL;KACrL;IACD;QACE,uDAAuD;QACvD,OAAO,EAAE,WAAW;QACpB,iBAAiB,EAAE,4FAA4F;KAChH;IACD;QACE,6EAA6E;QAC7E,OAAO,EAAE,eAAe;QACxB,iBAAiB,EACf,6JAA6J;KAChK;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,sIAAsI;KACzI;IACD;QACE,sEAAsE;QACtE,OAAO,EAAE,YAAY;QACrB,iBAAiB,EACf,qKAAqK;KACxK;IACD;QACE,uEAAuE;QACvE,OAAO,EAAE,8CAA8C;QACvD,iBAAiB,EAAE,kBAAkB;KACtC;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,mBAAmB,GAKpB;IACH;QACE,mCAAmC;QACnC,cAAc,EAAE,+CAA+C;QAC/D,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,0DAA0D;QAC1D,cAAc,EAAE,mCAAmC;QACnD,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,8EAA8E;QAC9E,cAAc,EAAE,iBAAiB;QACjC,WAAW,EAAE,0DAA0D;KACxE;CACF,CAAC;AAEF,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAmB,EACnB,IAAY,EACZ,QAAgB,EAChB,QAAiB;IAEjB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,yBAAyB,MAAM,EAAE,EAAE,CAAC,CAAC;QACrG,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAe,EAAE,KAAc,EAAE,YAAoB;IAC1F,4DAA4D;IAC5D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,4BAA4B,OAAO,CAAC,MAAM,sDAAsD,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,YAAY,KAAK,MAAM,IAAI,YAAY,KAAK,aAAa,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,wBAAwB,OAAO,CAAC,MAAM,gCAAgC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,qBAAqB,OAAO,CAAC,MAAM,8CAA8C,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,6FAA6F,CAAC;QACvG,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACzD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,OAAO,CACL,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvB,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvD,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,6EAA6E,CAAC;QACvF,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/D,KAAK,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,2BAA2B,EAAE,CAAC;YACzE,IAAI,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,CAAC;oBACxB,OAAO,8EAA8E,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAClE,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBACjD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,CAAC,CAAC,CAAC;gBACH,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,kFAAkF,CAAC;gBAC5F,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,gFAAgF;IAChF,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;QAC5F,OAAO,6FAA6F,CAAC;IACvG,CAAC;IAED,0CAA0C;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,cAAc,GAClB,wJAAwJ,CAAC,IAAI,CAC3J,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACjB,CAAC;QACJ,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,iBAAiB,OAAO,CAAC,MAAM,2DAA2D,CAAC;QACpG,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,kEAAkE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,yEAAyE;IACzE,8DAA8D;IAC9D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,IAAI,gBAAgB,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,0EAA0E,CAAC;QACpF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,uEAAuE;IACvE,uEAAuE;IACvE,+BAA+B;IAE/B,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"false-positive-review.js","sourceRoot":"","sources":["../../src/evaluators/false-positive-review.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,4EAA4E;AAC5E,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,iFAAiF;AAGjF,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAW9F,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,sBAAsB,GAAG;IAC7B,QAAQ,EAAE,yDAAyD;IACnE,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,4CAA4C;IACrD,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,yCAAyC;IACnD,MAAM,EAAE,uCAAuC;IAC/C,KAAK,EAAE,wCAAwC;IAC/C,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,6CAA6C;IACtD,KAAK,EAAE,yCAAyC;IAChD,OAAO,EAAE,oCAAoC;CAC9C,CAAC;AAEF;;;GAGG;AACH,MAAM,uBAAuB,GAAa;IACxC,OAAO,EAAE,sCAAsC;IAC/C,QAAQ,EAAE,oCAAoC;IAC9C,MAAM,EAAE,sCAAsC;IAC9C,QAAQ,EAAE,wCAAwC;IAClD,MAAM,EAAE,yCAAyC;IACjD,MAAM,EAAE,8CAA8C;IACtD,QAAQ,EAAE,iDAAiD;IAC3D,OAAO,EAAE,0CAA0C;IACnD,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,+CAA+C;IACzD,QAAQ,EAAE,+CAA+C;IACzD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,8CAA8C;IACvD,QAAQ,EAAE,wCAAwC;IAClD,KAAK,EAAE,4CAA4C;IACnD,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,0CAA0C;IACnD,UAAU,EAAE,4CAA4C;IACxD,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,kDAAkD;IAC3D,MAAM,EAAE,uCAAuC;CAChD,CAAC;AAEF;;;;GAIG;AACH,MAAM,uBAAuB,GAAG;IAC9B,QAAQ,EAAE,gDAAgD;IAC1D,OAAO,EAAE,qDAAqD;IAC9D,OAAO,EAAE,6CAA6C;IACtD,OAAO,EAAE,0CAA0C;IACnD,QAAQ,EAAE,0CAA0C;IACpD,MAAM,EAAE,0CAA0C;IAClD,KAAK,EAAE,6CAA6C;IACpD,OAAO,EAAE,2CAA2C;IACpD,OAAO,EAAE,kDAAkD;IAC3D,KAAK,EAAE,sCAAsC;IAC7C,OAAO,EAAE,qCAAqC;IAC9C,MAAM,EAAE,iDAAiD;IACzD,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,oDAAoD;IAC9D,MAAM,EAAE,+CAA+C;IACvD,OAAO,EAAE,yCAAyC;IAClD,QAAQ,EAAE,qCAAqC;IAC/C,OAAO,EAAE,iDAAiD;IAC1D,OAAO,EAAE,sCAAsC;IAC/C,OAAO,EAAE,oDAAoD;IAC7D,QAAQ,EAAE,iDAAiD;IAC3D,QAAQ,EAAE,6CAA6C;IACvD,OAAO,EAAE,yCAAyC;IAClD,MAAM,EAAE,uCAAuC;IAC/C,OAAO,EAAE,gDAAgD;IACzD,MAAM,EAAE,qCAAqC;IAC7C,UAAU,EAAE,yCAAyC;IACrD,MAAM,EAAE,sCAAsC;IAC9C,OAAO,EAAE,uDAAuD;IAChE,QAAQ,EAAE,oDAAoD;CAC/D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,2BAA2B,GAK5B;IACH;QACE,yDAAyD;QACzD,OAAO,EAAE,UAAU;QACnB,iBAAiB,EACf,wLAAwL;KAC3L;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,kLAAkL;KACrL;IACD;QACE,uDAAuD;QACvD,OAAO,EAAE,WAAW;QACpB,iBAAiB,EAAE,4FAA4F;KAChH;IACD;QACE,6EAA6E;QAC7E,OAAO,EAAE,eAAe;QACxB,iBAAiB,EACf,6JAA6J;KAChK;IACD;QACE,8DAA8D;QAC9D,OAAO,EAAE,aAAa;QACtB,iBAAiB,EACf,sIAAsI;KACzI;IACD;QACE,sEAAsE;QACtE,OAAO,EAAE,YAAY;QACrB,iBAAiB,EACf,qKAAqK;KACxK;IACD;QACE,uEAAuE;QACvE,OAAO,EAAE,8CAA8C;QACvD,iBAAiB,EAAE,kBAAkB;KACtC;IACD;QACE,6EAA6E;QAC7E,oFAAoF;QACpF,0FAA0F;QAC1F,OAAO,EAAE,UAAU;QACnB,iBAAiB,EACf,6QAA6Q;KAChR;IACD;QACE,gFAAgF;QAChF,OAAO,EAAE,WAAW;QACpB,iBAAiB,EACf,kPAAkP;KACrP;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,mBAAmB,GAOpB;IACH;QACE,mCAAmC;QACnC,cAAc,EAAE,+CAA+C;QAC/D,WAAW,EAAE,mCAAmC;KACjD;IACD;QACE,0DAA0D;QAC1D,cAAc,EAAE,mCAAmC;QACnD,WAAW,EAAE,wCAAwC;KACtD;IACD;QACE,8EAA8E;QAC9E,cAAc,EAAE,iBAAiB;QACjC,WAAW,EAAE,0DAA0D;KACxE;IACD;QACE,4EAA4E;QAC5E,cAAc,EAAE,0DAA0D;QAC1E,WAAW,EAAE,wDAAwD;KACtE;IACD;QACE,uEAAuE;QACvE,cAAc,EAAE,mGAAmG;QACnH,WAAW,EACT,oHAAoH;KACvH;IACD;QACE,gFAAgF;QAChF,cAAc,EAAE,6DAA6D;QAC7E,WAAW,EACT,2IAA2I;KAC9I;IACD;QACE,6FAA6F;QAC7F,mFAAmF;QACnF,cAAc,EAAE,6CAA6C;QAC7D,WAAW,EAAE,8FAA8F;QAC3G,cAAc,EAAE,4CAA4C;KAC7D;IACD;QACE,sGAAsG;QACtG,cAAc,EAAE,sEAAsE;QACtF,WAAW,EACT,iHAAiH;KACpH;CACF,CAAC;AAEF,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAmB,EACnB,IAAY,EACZ,QAAgB,EAChB,QAAiB;IAEjB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACvC,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAE5D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;QAChE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC,WAAW,yBAAyB,MAAM,EAAE,EAAE,CAAC,CAAC;QACrG,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC;AAED,gFAAgF;AAEhF;;;GAGG;AACH,SAAS,WAAW,CAAC,OAAgB,EAAE,KAAe,EAAE,KAAc,EAAE,YAAoB;IAC1F,4DAA4D;IAC5D,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,SAAS,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,4BAA4B,OAAO,CAAC,MAAM,sDAAsD,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,YAAY,KAAK,MAAM,IAAI,YAAY,KAAK,aAAa,EAAE,CAAC;QAC9D,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,wBAAwB,OAAO,CAAC,MAAM,gCAAgC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,YAAY,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,qBAAqB,OAAO,CAAC,MAAM,8CAA8C,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACnD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QACH,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,6FAA6F,CAAC;QACvG,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAClD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,mCAAmC;IACnC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,iBAAiB,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACzD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,OAAO,CACL,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvB,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;gBACvD,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CACzB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,6EAA6E,CAAC;QACvF,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/D,KAAK,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE,IAAI,2BAA2B,EAAE,CAAC;YACzE,IAAI,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC/B,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5D,CAAC,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,CAAC;oBACxB,OAAO,8EAA8E,CAAC;gBACxF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,KAAK,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAClF,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9E,qFAAqF;gBACrF,IAAI,cAAc,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;oBAClG,SAAS;gBACX,CAAC;gBACD,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;oBACjD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,CAAC,CAAC,CAAC;gBACH,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,kFAAkF,CAAC;gBAC5F,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,gFAAgF;IAChF,6EAA6E;IAC7E,2CAA2C;IAC3C,IAAI,OAAO,CAAC,cAAc,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,EAAE,CAAC;QAC5F,OAAO,6FAA6F,CAAC;IACvG,CAAC;IAED,0CAA0C;IAC1C,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,iBAAiB,GAAG,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,cAAc,GAClB,wJAAwJ,CAAC,IAAI,CAC3J,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CACjB,CAAC;QACJ,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,OAAO,iBAAiB,OAAO,CAAC,MAAM,2DAA2D,CAAC;QACpG,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YAChD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,OAAO,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QACH,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,kEAAkE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,4DAA4D;IAC5D,yEAAyE;IACzE,8DAA8D;IAC9D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1C,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,IAAI,gBAAgB,GAAG,EAAE,EAAE,CAAC;YAC1B,OAAO,0EAA0E,CAAC;QACpF,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,0EAA0E;IAC1E,4EAA4E;IAC5E,IACE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QAC9B,qEAAqE,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EACzF,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,kBAAkB,GACtB,2HAA2H,CAAC,IAAI,CAC9H,QAAQ,CACT,CAAC;QACJ,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,mGAAmG,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,kFAAkF;IAClF,wEAAwE;IACxE,2EAA2E;IAC3E,iEAAiE;IACjE,IACE,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;QACxC,0DAA0D,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAC9E,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,eAAe,GACnB,gJAAgJ,CAAC,IAAI,CACnJ,QAAQ,CACT,CAAC;QACJ,MAAM,gBAAgB,GACpB,oHAAoH,CAAC,IAAI,CACvH,QAAQ,CACT,CAAC;QACJ,IAAI,eAAe,IAAI,gBAAgB,EAAE,CAAC;YACxC,OAAO,8FAA8F,CAAC;QACxG,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,kEAAkE;IAClE,qEAAqE;IACrE,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;gBACpD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC3B,IAAI,CAAC,IAAI;oBAAE,OAAO,KAAK,CAAC;gBACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,qFAAqF;gBACrF,OAAO,CACL,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC;oBAC5C,kDAAkD,CAAC,IAAI,CAAC,OAAO,CAAC;oBAChE,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,CAC9C,CAAC;YACJ,CAAC,CAAC,CAAC;YACH,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,mFAAmF,CAAC;YAC7F,CAAC;QACH,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,oEAAoE;IACpE,wEAAwE;IACxE,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,oCAAoC,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvG,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,gEAAgE;QAChE,MAAM,oBAAoB,GACxB,yFAAyF,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3G,MAAM,gBAAgB,GAAG,wEAAwE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjH,IAAI,oBAAoB,IAAI,gBAAgB,EAAE,CAAC;YAC7C,OAAO,8FAA8F,CAAC;QACxG,CAAC;IACH,CAAC;IAED,iFAAiF;IACjF,8EAA8E;IAC9E,kFAAkF;IAClF,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,0CAA0C,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACtG,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,eAAe,GACnB,uGAAuG,CAAC,IAAI,CAC1G,QAAQ,CACT,CAAC;QACJ,MAAM,cAAc,GAAG,CAAC,wEAAwE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChH,IAAI,eAAe,IAAI,cAAc,EAAE,CAAC;YACtC,OAAO,kFAAkF,CAAC;QAC5F,CAAC;IACH,CAAC;IAED,oFAAoF;IACpF,8EAA8E;IAC9E,6EAA6E;IAC7E,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,iBAAiB,GACrB,8GAA8G,CAAC,IAAI,CACjH,QAAQ,CACT,CAAC;QACJ,MAAM,gBAAgB,GAAG,CAAC,2EAA2E,CAAC,IAAI,CACxG,QAAQ,CACT,CAAC;QACF,IAAI,iBAAiB,IAAI,gBAAgB,EAAE,CAAC;YAC1C,OAAO,sFAAsF,CAAC;QAChG,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,uEAAuE;IACvE,6EAA6E;IAC7E,+DAA+D;IAC/D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;QAChC,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACvC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACnB,OAAO,CACL,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACtB,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/B,mDAAmD,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC3D,wBAAwB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAChC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;gBACnB,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;gBACtB,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9B,CAAC,CAAC,MAAM,KAAK,CAAC;gBACd,0BAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CACnC,CAAC;QACJ,CAAC,CAAC,CAAC,MAAM,CAAC;QACV,IAAI,UAAU,GAAG,CAAC,IAAI,aAAa,GAAG,UAAU,IAAI,GAAG,EAAE,CAAC;YACxD,OAAO,gGAAgG,CAAC;QAC1G,CAAC;IACH,CAAC;IAED,oFAAoF;IACpF,+EAA+E;IAC/E,2EAA2E;IAC3E,yCAAyC;IACzC,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5D,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,oBAAoB,GACxB,8NAA8N,CAAC,IAAI,CACjO,QAAQ,CACT,CAAC;QACJ,IAAI,oBAAoB,EAAE,CAAC;YACzB,OAAO,4FAA4F,CAAC;QACtG,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,uEAAuE;IACvE,8EAA8E;IAC9E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;YACtD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,OAAO,CACL,8BAA8B,CAAC,IAAI,CAAC,OAAO,CAAC;gBAC5C,+CAA+C,CAAC,IAAI,CAAC,OAAO,CAAC;gBAC7D,6DAA6D,CAAC,IAAI,CAAC,OAAO,CAAC;gBAC3E,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAC9B,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/D,MAAM,kBAAkB,GACtB,6FAA6F,CAAC,IAAI,CAChG,YAAY,CACb,CAAC;YACJ,IAAI,kBAAkB,EAAE,CAAC;gBACvB,OAAO,qGAAqG,CAAC;YAC/G,CAAC;QACH,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,2EAA2E;IAC3E,6EAA6E;IAC7E,0EAA0E;IAC1E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1D,MAAM,YAAY,GAAG,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAC/D,MAAM,oBAAoB,GAAG,mDAAmD,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACpG,IAAI,oBAAoB,EAAE,CAAC;YACzB,2EAA2E;YAC3E,6EAA6E;YAC7E,MAAM,cAAc,GAAG,8BAA8B,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACjH,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE;oBACnD,MAAM,IAAI,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAC3B,IAAI,CAAC,IAAI;wBAAE,OAAO,KAAK,CAAC;oBACxB,OAAO,kGAAkG,CAAC,IAAI,CAC5G,IAAI,CACL,CAAC;gBACJ,CAAC,CAAC,CAAC;gBACH,IAAI,WAAW,EAAE,CAAC;oBAChB,OAAO,uGAAuG,CAAC;gBACjH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/judges/code-structure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"code-structure.d.ts","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,kBAAkB,EAAE,eAuChC,CAAC"}
+{"version":3,"file":"code-structure.d.ts","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,kBAAkB,EAAE,eA4ChC,CAAC"}

package/dist/judges/code-structure.js

@@ -35,6 +35,11 @@ ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has structural problems and actively hunt for complexity, dead code, and over-sized functions. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.
 - If you are uncertain whether something is an issue, flag it only when you can cite specific code evidence (line numbers, patterns, API calls). Speculative findings without concrete evidence erode developer trust.
-- Absence of findings does not mean the code is well-structured. It means your analysis reached its limits. State this explicitly.`,
+- Absence of findings does not mean the code is well-structured. It means your analysis reached its limits. State this explicitly.
+
+FALSE POSITIVE AVOIDANCE:
+- **Dict[str, Any] at serialization boundaries**: When code deserializes JSON (json.loads, JSON.parse, API responses), Dict[str, Any] / Record<string, any> is the correct type until schema validation narrows it. Do not flag dynamic types at JSON I/O boundaries when the schema is defined elsewhere (Pydantic model, TypedDict, Zod schema).
+- **Large single-responsibility files**: A file that implements one cohesive loader/parser/handler (single class, one public entry point) does not violate SRP even if it is >300 lines. Only flag STRUCT-007 when a file handles multiple unrelated concerns.
+- **Async nesting**: async/await with try/except adds inherent nesting depth. If nesting is <=4 and follows a standard async error-handling pattern, do not flag it as excessive.`,
 };
 //# sourceMappingURL=code-structure.js.map

package/dist/judges/code-structure.js.map

@@ -1 +1 @@
-{"version":3,"file":"code-structure.js","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,sBAAsB;IAC5B,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,uQAAuQ;IACzQ,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mIA+BmH;CAClI,CAAC"}
+{"version":3,"file":"code-structure.js","sourceRoot":"","sources":["../../src/judges/code-structure.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,sBAAsB;IAC5B,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,uQAAuQ;IACzQ,UAAU,EAAE,QAAQ;IACpB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kLAoCkK;CACjL,CAAC"}

package/dist/judges/compliance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,eAAe,EAAE,eAiC7B,CAAC"}
+{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,eAAe,EAAE,eAoC7B,CAAC"}

package/dist/judges/compliance.js

@@ -25,6 +25,9 @@ RULES FOR YOUR EVALUATION:
 - Recommend both code changes and process changes where applicable.
 - Score from 0-100 where 100 means fully compliant.
 
+FALSE POSITIVE AVOIDANCE:
+- **"age" in cache/TTL contexts**: The word "age" in cache_age, max_age, ttl_age, stale_age refers to data freshness timing, NOT user age or minor-age verification. Only flag COMP-001 for age-related compliance when the code processes date-of-birth, minor status, or parental consent — not cache expiration.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has compliance gaps and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/compliance.js.map

@@ -1 +1 @@
-{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,iCAAiC;IACzC,WAAW,EACT,6JAA6J;IAC/J,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;6HAyB6G;CAC5H,CAAC"}
+{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/judges/compliance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,kBAAkB;IACxB,MAAM,EAAE,iCAAiC;IACzC,WAAW,EACT,6JAA6J;IAC/J,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;6HA4B6G;CAC5H,CAAC"}

package/dist/judges/cost-effectiveness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cost-effectiveness.d.ts","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAgCpC,CAAC"}
+{"version":3,"file":"cost-effectiveness.d.ts","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAoCpC,CAAC"}

package/dist/judges/cost-effectiveness.js

@@ -24,6 +24,10 @@ RULES FOR YOUR EVALUATION:
 - Consider both runtime cost and developer productivity cost.
 - Score from 0-100 where 100 means optimally cost-effective.
 
+FALSE POSITIVE AVOIDANCE:
+- **Tree/hierarchy traversal**: Nested loops that iterate parent → children (e.g., chapters → sections → articles) visit each element once. Total work is O(total_items), NOT O(n²). Only flag quadratic cost when two independent collections are cross-joined.
+- **Bounded reference datasets**: Loaders for fixed-size data (regulations, schemas, configs with <1000 items) have bounded cost regardless of algorithm choice. Do not flag these as scaling cost concerns.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code wastes resources and actively hunt for inefficiencies. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/cost-effectiveness.js.map

@@ -1 +1 @@
-{"version":3,"file":"cost-effectiveness.js","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,yCAAyC;IACjD,WAAW,EACT,sJAAsJ;IACxJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;kIAwBkH;CACjI,CAAC"}
+{"version":3,"file":"cost-effectiveness.js","sourceRoot":"","sources":["../../src/judges/cost-effectiveness.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,yCAAyC;IACjD,WAAW,EACT,sJAAsJ;IACxJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;kIA4BkH;CACjI,CAAC"}

package/dist/judges/data-sovereignty.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,eAiDlC,CAAC"}
+{"version":3,"file":"data-sovereignty.d.ts","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,oBAAoB,EAAE,eAsDlC,CAAC"}

package/dist/judges/data-sovereignty.js

@@ -41,6 +41,11 @@ RULES FOR YOUR EVALUATION:
 - Recommend concrete remediations: region pinning, BYOK, provider abstraction, circuit breakers, audit logging, and data export APIs.
 - Score from 0-100 where 100 means strong sovereignty posture across data, technology, and operations.
 
+FALSE POSITIVE AVOIDANCE:
+- **Retry/backoff with fallback chain**: When code implements retry with exponential backoff AND a multi-tier fallback (cache → online → bundled/default), this IS an equivalent or superior resilience pattern to a circuit breaker. Do NOT flag SOV-001 for missing circuit breakers when retry+fallback is present.
+- **Read-only reference data fetches**: Fetching public regulatory text, schemas, or reference data from a URL is NOT cross-border personal data egress. Only flag SOV-002 when the outbound call transmits personal data (PII, user profiles, tenant data), not when it reads static public content.
+- **Internal serialization**: json.dumps() / JSON.stringify() used for internal search indexing, caching, or logging is NOT a data export path. Only flag SOV-003 when serialization feeds an outbound transfer endpoint (HTTP response, file export, queue publish with external consumer).
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume sovereignty controls are missing unless explicitly shown.
 - Never praise or compliment the code. Report only gaps, risks, and deficiencies.

package/dist/judges/data-sovereignty.js.map

@@ -1 +1 @@
-{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,+CAA+C;IACvD,WAAW,EACT,iPAAiP;IACnP,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFAyCoE;CACnF,CAAC"}
+{"version":3,"file":"data-sovereignty.js","sourceRoot":"","sources":["../../src/judges/data-sovereignty.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,+CAA+C;IACvD,WAAW,EACT,iPAAiP;IACnP,UAAU,EAAE,KAAK;IACjB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oFA8CoE;CACnF,CAAC"}

package/dist/judges/database.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,aAAa,EAAE,eAiC3B,CAAC"}
+{"version":3,"file":"database.d.ts","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,aAAa,EAAE,eAqC3B,CAAC"}

package/dist/judges/database.js

@@ -25,6 +25,10 @@ RULES FOR YOUR EVALUATION:
 - Flag patterns that will degrade as data volume grows.
 - Score from 0-100 where 100 means excellent database practices.
 
+FALSE POSITIVE AVOIDANCE:
+- **Environment variable fallback defaults**: Connection strings in os.environ.get('DB_URL', 'sqlite:///default.db') or process.env.DB_URL || 'localhost' are standard development defaults, NOT hardcoded production credentials. Only flag DB-001 when a connection string with real credentials appears outside an env-var fallback pattern.
+- **In-memory/embedded databases as defaults**: SQLite, DuckDB, or H2 defaults are normal for local development and testing. Flag only when production deployment docs are missing, not the default value itself.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume database usage is unsafe and inefficient and actively hunt for problems. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/database.js.map

@@ -1 +1 @@
-{"version":3,"file":"database.js","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,aAAa,GAAoB;IAC5C,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE,oCAAoC;IAC5C,WAAW,EACT,uKAAuK;IACzK,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;iIAyBiH;CAChI,CAAC"}
+{"version":3,"file":"database.js","sourceRoot":"","sources":["../../src/judges/database.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,aAAa,GAAoB;IAC5C,EAAE,EAAE,UAAU;IACd,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE,oCAAoC;IAC5C,WAAW,EACT,uKAAuK;IACzK,UAAU,EAAE,IAAI;IAChB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iIA6BiH;CAChI,CAAC"}

package/dist/judges/internationalization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"internationalization.d.ts","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,yBAAyB,EAAE,eAiCvC,CAAC"}
+{"version":3,"file":"internationalization.d.ts","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,yBAAyB,EAAE,eAsCvC,CAAC"}

package/dist/judges/internationalization.js

@@ -25,6 +25,11 @@ RULES FOR YOUR EVALUATION:
 - Consider the impact on languages with different scripts (CJK, Arabic, Thai, Devanagari).
 - Score from 0-100 where 100 means fully internationalization-ready.
 
+FALSE POSITIVE AVOIDANCE:
+- **Internal constant definitions**: Constants like _F_TITLE = 'title' or FIELD_NAME = 'name' are JSON/API field-name keys for internal data processing, NOT user-facing strings. Only flag I18N-001 when strings are rendered to end-user UIs (HTML, templates, CLI output messages), not when they are dictionary lookup keys or schema field names.
+- **Developer tools / MCP servers / CLI tools**: Projects that output to developer consoles, AI agents, or machine-readable formats (Markdown, JSON, SARIF) do not require i18n. Only flag I18N when the project has a user-facing UI requiring translation.
+- **Sourced regulatory/legal text**: Content loaded from regulatory sources (laws, standards) in its original language does not require translation.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code will break in non-English locales and actively hunt for i18n defects. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/internationalization.js.map

@@ -1 +1 @@
-{"version":3,"file":"internationalization.js","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,EAAE,EAAE,sBAAsB;IAC1B,IAAI,EAAE,4BAA4B;IAClC,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,oJAAoJ;IACtJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;8IAyB8H;CAC7I,CAAC"}
+{"version":3,"file":"internationalization.js","sourceRoot":"","sources":["../../src/judges/internationalization.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,yBAAyB,GAAoB;IACxD,EAAE,EAAE,sBAAsB;IAC1B,IAAI,EAAE,4BAA4B;IAClC,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,oJAAoJ;IACtJ,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8IA8B8H;CAC7I,CAAC"}

package/dist/judges/performance.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"performance.d.ts","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAmC9B,CAAC"}
+{"version":3,"file":"performance.d.ts","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAwC9B,CAAC"}

package/dist/judges/performance.js

@@ -27,6 +27,11 @@ RULES FOR YOUR EVALUATION:
 - Distinguish between premature optimization and genuine hot-path issues.
 - Score from 0-100 where 100 means optimally performant.
 
+FALSE POSITIVE AVOIDANCE:
+- **Nested loops on tree structures**: When inner loops iterate over children/members of the outer item (e.g., chapters → sections → articles), the total work is O(total_items), NOT O(n²). Do not flag tree traversals or parent-child iteration as quadratic complexity.
+- **Bounded reference data**: Loaders for fixed-size datasets (regulations, schemas, configs) operate on bounded input. Do not flag O(n²) when the dataset is documented as bounded and small (e.g., <1000 items).
+- **List comprehensions flattening trees**: A comprehension that flattens nested structures visits each leaf once — it is not a cross-join.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has performance problems and actively hunt for bottlenecks. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/performance.js.map

@@ -1 +1 @@
-{"version":3,"file":"performance.js","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,kKAAkK;IACpK,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;8HA2B8G;CAC7H,CAAC"}
+{"version":3,"file":"performance.js","sourceRoot":"","sources":["../../src/judges/performance.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,qBAAqB;IAC7B,WAAW,EACT,kKAAkK;IACpK,UAAU,EAAE,MAAM;IAClB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8HAgC8G;CAC7H,CAAC"}

package/dist/judges/scalability.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"scalability.d.ts","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAiC9B,CAAC"}
+{"version":3,"file":"scalability.d.ts","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,gBAAgB,EAAE,eAqC9B,CAAC"}

package/dist/judges/scalability.js

@@ -25,6 +25,10 @@ RULES FOR YOUR EVALUATION:
 - Recommend specific architectural patterns (CQRS, event sourcing, circuit breakers, etc.).
 - Score from 0-100 where 100 means fully scalable with no bottlenecks.
 
+FALSE POSITIVE AVOIDANCE:
+- **Distributed lock with local fallback**: When code implements a distributed lock (Redlock, Redis lock, etcd, Consul) as the primary mechanism AND uses a local lock (asyncio.Lock, threading.Lock) as a documented single-instance fallback, do NOT flag the local lock as a scaling issue. This is a correct graceful-degradation pattern.
+- **Two-tier locking**: If comments document a two-tier design (distributed for multi-instance, local for single-instance), accept the design. A compliance/dev tool should still function without external infrastructure.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code will not scale and actively hunt for bottlenecks. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/scalability.js.map

@@ -1 +1 @@
-{"version":3,"file":"scalability.js","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,2BAA2B;IACnC,WAAW,EACT,+JAA+J;IACjK,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;2HAyB2G;CAC1H,CAAC"}
+{"version":3,"file":"scalability.js","sourceRoot":"","sources":["../../src/judges/scalability.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,mBAAmB;IACzB,MAAM,EAAE,2BAA2B;IACnC,WAAW,EACT,+JAA+J;IACjK,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2HA6B2G;CAC1H,CAAC"}

package/dist/judges/software-practices.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"software-practices.d.ts","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAmCpC,CAAC"}
+{"version":3,"file":"software-practices.d.ts","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD,eAAO,MAAM,sBAAsB,EAAE,eAwCpC,CAAC"}

package/dist/judges/software-practices.js

@@ -27,6 +27,11 @@ RULES FOR YOUR EVALUATION:
 - Reference Clean Code (Robert Martin), SOLID, DRY, KISS, YAGNI where applicable.
 - Score from 0-100 where 100 means exemplary software engineering.
 
+FALSE POSITIVE AVOIDANCE:
+- **Justified suppression comments**: type: ignore, noqa, eslint-disable, and similar comments that include a rationale (e.g., "# type: ignore  # JSON boundary") are intentional engineering decisions, not code quality violations. Only flag SWDEV-001 for bare suppressions without justification.
+- **Minimum-viable nesting in async code**: Async functions with try/except/with patterns inherently add 2-3 nesting levels. Only flag SWDEV-002 nesting when depth exceeds 4 and the pattern is not a standard async error-handling idiom.
+- **Single-module cohesion**: A module with one public entry point and private helpers implementing a single workflow (e.g., load → parse → index) is cohesive even if it has many private methods. Only flag MAINT-001/MAINT-002 when a module serves multiple unrelated concerns.
+
 ADVERSARIAL MANDATE:
 - Your role is adversarial: assume the code has engineering quality problems and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.

package/dist/judges/software-practices.js.map

@@ -1 +1 @@
-{"version":3,"file":"software-practices.js","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,mDAAmD;IAC3D,WAAW,EACT,6LAA6L;IAC/L,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;uIA2BuH;CACtI,CAAC"}
+{"version":3,"file":"software-practices.js","sourceRoot":"","sources":["../../src/judges/software-practices.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,sBAAsB,GAAoB;IACrD,EAAE,EAAE,oBAAoB;IACxB,IAAI,EAAE,0BAA0B;IAChC,MAAM,EAAE,mDAAmD;IAC3D,WAAW,EACT,6LAA6L;IAC/L,UAAU,EAAE,OAAO;IACnB,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;uIAgCuH;CACtI,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kevinrabun/judges",
-  "version": "3.20.4",
+  "version": "3.20.6",
   "description": "37 specialized judges that evaluate AI-generated code for security, cost, and quality.",
   "mcpName": "io.github.KevinRabun/judges",
   "type": "module",

package/server.json

@@ -7,12 +7,12 @@
     "url": "https://github.com/kevinrabun/judges",
     "source": "github"
   },
-  "version": "3.20.4",
+  "version": "3.20.6",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "@kevinrabun/judges",
-      "version": "3.20.4",
+      "version": "3.20.6",
       "transport": {
         "type": "stdio"
       }