@kevinrabun/judges 3.27.1 → 3.29.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +47 -0
- package/dist/api.d.ts +5 -5
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +3 -3
- package/dist/api.js.map +1 -1
- package/dist/calibration.d.ts +16 -0
- package/dist/calibration.d.ts.map +1 -1
- package/dist/calibration.js +43 -0
- package/dist/calibration.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +125 -0
- package/dist/cli.js.map +1 -1
- package/dist/commands/calibration-dashboard.d.ts +2 -0
- package/dist/commands/calibration-dashboard.d.ts.map +1 -0
- package/dist/commands/calibration-dashboard.js +97 -0
- package/dist/commands/calibration-dashboard.js.map +1 -0
- package/dist/commands/community-patterns.d.ts +2 -0
- package/dist/commands/community-patterns.d.ts.map +1 -0
- package/dist/commands/community-patterns.js +132 -0
- package/dist/commands/community-patterns.js.map +1 -0
- package/dist/commands/diff.d.ts.map +1 -1
- package/dist/commands/diff.js +256 -2
- package/dist/commands/diff.js.map +1 -1
- package/dist/commands/snapshot.d.ts +27 -0
- package/dist/commands/snapshot.d.ts.map +1 -1
- package/dist/commands/snapshot.js +70 -0
- package/dist/commands/snapshot.js.map +1 -1
- package/dist/config.d.ts +22 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +127 -1
- package/dist/config.js.map +1 -1
- package/dist/dedup.d.ts +29 -0
- package/dist/dedup.d.ts.map +1 -1
- package/dist/dedup.js +32 -0
- package/dist/dedup.js.map +1 -1
- package/dist/evaluators/api-contract.d.ts +10 -0
- package/dist/evaluators/api-contract.d.ts.map +1 -0
- package/dist/evaluators/api-contract.js +181 -0
- package/dist/evaluators/api-contract.js.map +1 -0
- package/dist/evaluators/hallucination-detection.d.ts.map +1 -1
- package/dist/evaluators/hallucination-detection.js +59 -0
- package/dist/evaluators/hallucination-detection.js.map +1 -1
- package/dist/evaluators/index.d.ts +19 -2
- package/dist/evaluators/index.d.ts.map +1 -1
- package/dist/evaluators/index.js +51 -2
- package/dist/evaluators/index.js.map +1 -1
- package/dist/evaluators/intent-alignment.d.ts +15 -0
- package/dist/evaluators/intent-alignment.d.ts.map +1 -0
- package/dist/evaluators/intent-alignment.js +233 -0
- package/dist/evaluators/intent-alignment.js.map +1 -0
- package/dist/evaluators/model-fingerprint.d.ts +3 -0
- package/dist/evaluators/model-fingerprint.d.ts.map +1 -0
- package/dist/evaluators/model-fingerprint.js +152 -0
- package/dist/evaluators/model-fingerprint.js.map +1 -0
- package/dist/evaluators/multi-turn-coherence.d.ts +14 -0
- package/dist/evaluators/multi-turn-coherence.d.ts.map +1 -0
- package/dist/evaluators/multi-turn-coherence.js +171 -0
- package/dist/evaluators/multi-turn-coherence.js.map +1 -0
- package/dist/evaluators/project.d.ts.map +1 -1
- package/dist/evaluators/project.js +42 -19
- package/dist/evaluators/project.js.map +1 -1
- package/dist/evaluators/testing.d.ts.map +1 -1
- package/dist/evaluators/testing.js +50 -0
- package/dist/evaluators/testing.js.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/judges/api-contract.d.ts +3 -0
- package/dist/judges/api-contract.d.ts.map +1 -0
- package/dist/judges/api-contract.js +28 -0
- package/dist/judges/api-contract.js.map +1 -0
- package/dist/judges/index.d.ts.map +1 -1
- package/dist/judges/index.js +16 -0
- package/dist/judges/index.js.map +1 -1
- package/dist/judges/intent-alignment.d.ts +3 -0
- package/dist/judges/intent-alignment.d.ts.map +1 -0
- package/dist/judges/intent-alignment.js +28 -0
- package/dist/judges/intent-alignment.js.map +1 -0
- package/dist/judges/model-fingerprint.d.ts +3 -0
- package/dist/judges/model-fingerprint.d.ts.map +1 -0
- package/dist/judges/model-fingerprint.js +30 -0
- package/dist/judges/model-fingerprint.js.map +1 -0
- package/dist/judges/multi-turn-coherence.d.ts +3 -0
- package/dist/judges/multi-turn-coherence.d.ts.map +1 -0
- package/dist/judges/multi-turn-coherence.js +27 -0
- package/dist/judges/multi-turn-coherence.js.map +1 -0
- package/dist/patches/index.d.ts.map +1 -1
- package/dist/patches/index.js +372 -0
- package/dist/patches/index.js.map +1 -1
- package/dist/presets.d.ts.map +1 -1
- package/dist/presets.js +96 -0
- package/dist/presets.js.map +1 -1
- package/dist/types.d.ts +68 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -2
- package/server.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,53 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to **@kevinrabun/judges** are documented here.
|
|
4
4
|
|
|
5
|
+
## [3.29.1] — 2026-03-09
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
- **TypeScript compilation error** — Removed invalid `weight` property from 3 judge definitions (api-contract, multi-turn-coherence, model-fingerprint) that does not exist on `JudgeDefinition` interface, fixing CI build failure
|
|
9
|
+
|
|
10
|
+
## [3.29.0] — 2026-07-07
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
- **Model fingerprint detection** — New judge #43 (MFPR prefix) detecting stylistic signatures of ChatGPT/GPT-4, Copilot, Claude, and Gemini in AI-generated code for provenance transparency
|
|
14
|
+
- **Community pattern sharing** — New `community-patterns` CLI command with `import`, `export`, and `list` sub-commands for crowdsourced rule pack exchange via portable JSON format
|
|
15
|
+
- **Interactive VS Code review** — New `judges.reviewSession` command walks through findings one-by-one with Accept/Dismiss/Skip actions and editor navigation
|
|
16
|
+
- **Industry policy templates** — 5 new preset profiles: `fintech` (PCI DSS), `healthtech` (HIPAA), `saas` (multi-tenant), `open-source`, and `government` (FedRAMP/NIST)
|
|
17
|
+
- **Intent alignment evaluator** — Judge #40 (INTENT prefix) detecting stub functions, misleading names, empty implementations, and contradictory comments
|
|
18
|
+
- **API contract conformance** — Judge #41 (API prefix) evaluating REST endpoints for input validation, status codes, error handling, rate limiting, and versioning
|
|
19
|
+
- **Multi-turn coherence** — Judge #42 (COH prefix) catching duplicate definitions, contradictory assignments, dead code after returns, and conflicting configs
|
|
20
|
+
- **Confidence calibration dashboard** — New `calibration-dashboard` CLI command showing per-rule accuracy metrics and false-positive rates
|
|
21
|
+
- **Human escalation escape hatch** — `escalationThreshold` config option flagging low-confidence findings with `needsHumanReview` for manual triage
|
|
22
|
+
- **Explanation mode** — `--explain` flag providing educational context for any rule prefix with severity mapping and false-positive guidance
|
|
23
|
+
- **Business logic validation** — `customRules` config field supporting user-defined regex-based detection rules with full severity and autofix support
|
|
24
|
+
- **Inline fix suggestions** — ~50 new PATCH_RULES covering auth, crypto, injection, error handling, rate limiting, and more
|
|
25
|
+
- **Approve/request-changes verdict** — Tiered GitHub review events (APPROVE for clean code, COMMENT for low-severity, REQUEST_CHANGES for critical findings)
|
|
26
|
+
- **Test adequacy analysis** — TEST-COV-001 rule detecting missing test coverage for changed functions in PR diffs
|
|
27
|
+
|
|
28
|
+
### Tests
|
|
29
|
+
- 1068 tests, 0 failures
|
|
30
|
+
- Benchmark: Grade A (99.8% detection, 98.8% precision, 94.4% F1)
|
|
31
|
+
|
|
32
|
+
## [3.28.0] — 2026-07-07
|
|
33
|
+
|
|
34
|
+
### Added
|
|
35
|
+
- **Onboarding preset** — New `onboarding` preset profile for first-time adopters with high-severity-only filtering and advisory judges disabled
|
|
36
|
+
- **Import verification for hallucination detection** — Heuristic import verification (section 5) using dual-pattern matching for generic prefixes and suffixes to catch hallucinated API imports
|
|
37
|
+
- **Diff deletion analysis** — New DIFF-DEL-001 rule detecting security-relevant deletions (auth checks, input validation, CSRF tokens, rate limiting) in PR diffs
|
|
38
|
+
- **PR summary comment** — Enhanced GitHub Action PR review body with rich summary table including verdict, score, severity breakdown, baseline suppressed count, and top 5 most frequent rule IDs; zero-findings path posts clean bill of health
|
|
39
|
+
- **Passive calibration** — `buildPassiveCalibrationProfile()` merging 3 signal sources: explicit feedback, inline suppressions (implicit FP signals), and triage history
|
|
40
|
+
- **Test quality analysis** — Tautological assertion detection (e.g. `expect(true).toBe(true)`) and over-mocking detection (mock setup count exceeding 3× test case count)
|
|
41
|
+
- **Cross-file breaking changes** — DIFF-BREAK-001 rule detecting exported function signature changes (renamed, removed, or parameter count changes) across PR diffs
|
|
42
|
+
- **Parallel judge execution** — Configurable `concurrency` option with AST/taint cache pre-warming via `preWarmCaches()` and chunked batch file processing in project evaluator
|
|
43
|
+
- **Organization config inheritance** — `extends` field in `.judgesrc` supporting single or array of base config paths with cycle detection via `resolveExtendsConfig()`
|
|
44
|
+
- **Metrics & trends API** — `computeMetrics()` function with `RuleMetric` and `MetricsSummary` types for top offenders, severity breakdown, distinct/resolved/new rule tracking
|
|
45
|
+
- **Net-change CI gate** — `evaluateNetChangeGate()` with `NetChangeGateOptions` and `NetChangeGateResult` for pass/fail decisions on whether a PR fixed more than it introduced
|
|
46
|
+
- **Per-language rule profiles** — `languageProfiles` config field and `applyLanguageProfile()` for language-specific judge configuration overrides
|
|
47
|
+
|
|
48
|
+
### Tests
|
|
49
|
+
- 1040 tests, 0 failures
|
|
50
|
+
- Benchmark: Grade A
|
|
51
|
+
|
|
5
52
|
## [3.27.1] — 2026-03-09
|
|
6
53
|
|
|
7
54
|
### Fixed
|
package/dist/api.d.ts
CHANGED
|
@@ -10,10 +10,10 @@
|
|
|
10
10
|
*/
|
|
11
11
|
export type { Severity, Verdict, Finding, Patch, LangFamily, JudgesConfig, RuleOverride, ProjectFile, ProjectVerdict, DiffVerdict, DependencyEntry, DependencyVerdict, JudgeEvaluation, TribunalVerdict, JudgeDefinition, EvaluationContextV2, EvidenceBundleV2, SpecializedFindingV2, TribunalVerdictV2, MustFixGateOptions, MustFixGateResult, AppBuilderWorkflowResult, PlainLanguageFinding, WorkflowTask, PolicyProfile, SuppressionRecord, SuppressionResult, } from "./types.js";
|
|
12
12
|
export { JudgesError, ConfigError, EvaluationError, ParseError } from "./errors.js";
|
|
13
|
-
export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, } from "./config.js";
|
|
13
|
+
export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
|
|
14
14
|
export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
|
|
15
|
-
export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, } from "./evaluators/index.js";
|
|
16
|
-
export type { FindingDiff } from "./evaluators/index.js";
|
|
15
|
+
export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, } from "./evaluators/index.js";
|
|
16
|
+
export type { FindingDiff, NetChangeGateOptions, NetChangeGateResult } from "./evaluators/index.js";
|
|
17
17
|
export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
|
|
18
18
|
export { analyzeCrossFileTaint } from "./ast/cross-file-taint.js";
|
|
19
19
|
export { buildSingleJudgeDeepReviewSection, buildTribunalDeepReviewSection, buildSimplifiedDeepReviewSection, isContentPolicyRefusal, DEEP_REVIEW_PROMPT_INTRO, DEEP_REVIEW_IDENTITY, } from "./tools/deep-review.js";
|
|
@@ -56,8 +56,8 @@ export { runDoctorChecks, formatDoctorReport, checkNodeVersion, checkConfigFile,
|
|
|
56
56
|
export type { DoctorCheck, DoctorReport, CheckStatus } from "./commands/doctor.js";
|
|
57
57
|
export { computeLanguageCoverage, formatCoverageReport, detectFileLanguage } from "./commands/coverage.js";
|
|
58
58
|
export type { LanguageCoverageReport, LanguageCoverageEntry } from "./commands/coverage.js";
|
|
59
|
-
export { createSnapshotStore, loadSnapshotStore, saveSnapshotStore, recordSnapshot, computeTrend, formatTrendReport, } from "./commands/snapshot.js";
|
|
60
|
-
export type { FindingSnapshot, SnapshotStore, TrendPoint, TrendReport } from "./commands/snapshot.js";
|
|
59
|
+
export { createSnapshotStore, loadSnapshotStore, saveSnapshotStore, recordSnapshot, computeTrend, formatTrendReport, computeMetrics, } from "./commands/snapshot.js";
|
|
60
|
+
export type { FindingSnapshot, SnapshotStore, TrendPoint, TrendReport, RuleMetric, MetricsSummary, } from "./commands/snapshot.js";
|
|
61
61
|
export { findJudgeForRule, computeRuleHitMetrics, formatRuleHitReport } from "./commands/rule-metrics.js";
|
|
62
62
|
export type { RuleHitEntry, RuleHitMetrics } from "./commands/rule-metrics.js";
|
|
63
63
|
export { detectLanguages, detectFrameworksFromFiles, classifyProjectType, detectCI, detectMonorepo, detectProjectSignals, recommendPreset, formatProjectSummary, formatRecommendation, } from "./commands/auto-detect.js";
|
package/dist/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,OAAO,EACP,OAAO,EACP,KAAK,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,EACpB,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGpF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,OAAO,EACP,OAAO,EACP,KAAK,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,EACpB,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGpF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAIxE,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAGpG,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAGnG,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGlE,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAGjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,eAAe,EACf,aAAa,EACb,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC7G,YAAY,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAGxE,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAGlC,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGjF,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGhE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,yBAAyB,EAAE,kCAAkC,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AACjH,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG9D,OAAO,EACL,cAAc,EACd,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGzE,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAG/G,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAG5F,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,KAAK,EACL,UAAU,EACV,wBAAwB,GACzB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,EACb,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGrF,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,sBAAsB,EACtB,8BAA8B,EAC9B,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,eAAe,EACf,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,GACnB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,wBAAwB,GACzB,MAAM,4BAA4B,CAAC;AACpC,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGjG,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE/G,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnF,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC3G,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAG5F,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,eAAe,EACf,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,cAAc,GACf,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAC1G,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG/E,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,mBAAmB,EACnB,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEnG,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGjD,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,0BAA0B,EAC1B,aAAa,EACb,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAKvG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAInE;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,eAAe,CAEzG;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,eAAe,CAMjB;AAID,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AACtF,YAAY,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAI5E,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACxF,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAI/D,MAAM,WAAW,SAAS;IACxB,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,OAAO,EAAE,eAAe,CAAC;IACzB,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;;;GAUG;AACH,wBAAuB,mBAAmB,CACxC,KAAK,EAAE,SAAS,EAAE,EAClB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,cAAc,CAAC,oBAAoB,CAAC,CAMtC;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,SAAS,EAAE,EAClB,WAAW,SAAI,EACf,OAAO,CAAC,EAAE,iBAAiB,EAC3B,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GACtD,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAmBjC;AAGD,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACtH,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/api.js
CHANGED
|
@@ -11,11 +11,11 @@
|
|
|
11
11
|
// ─── Errors ──────────────────────────────────────────────────────────────────
|
|
12
12
|
export { JudgesError, ConfigError, EvaluationError, ParseError } from "./errors.js";
|
|
13
13
|
// ─── Config ──────────────────────────────────────────────────────────────────
|
|
14
|
-
export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, } from "./config.js";
|
|
14
|
+
export { parseConfig, defaultConfig, mergeConfigs, discoverCascadingConfigs, loadCascadingConfig, loadPluginJudges, validatePluginSpecifiers, isValidJudgeDefinition, applyOverridesForFile, applyLanguageProfile, resolveExtendsConfig, } from "./config.js";
|
|
15
15
|
// ─── Judge Registry ──────────────────────────────────────────────────────────
|
|
16
16
|
export { JUDGES, getJudge, getJudgeSummaries } from "./judges/index.js";
|
|
17
17
|
// ─── Core Evaluation Functions ───────────────────────────────────────────────
|
|
18
|
-
export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, } from "./evaluators/index.js";
|
|
18
|
+
export { evaluateWithJudge, evaluateWithTribunal, evaluateProject, evaluateDiff, analyzeDependencies, enrichWithPatches, crossEvaluatorDedup, diffFindings, formatFindingDiff, evaluateNetChangeGate, applyInlineSuppressions, applyInlineSuppressionsWithAudit, runAppBuilderWorkflow, formatVerdictAsMarkdown, formatEvaluationAsMarkdown, clearEvaluationCaches, } from "./evaluators/index.js";
|
|
19
19
|
// ─── V2 Policy-Aware API ────────────────────────────────────────────────────
|
|
20
20
|
export { evaluateCodeV2, evaluateProjectV2, getSupportedPolicyProfiles } from "./evaluators/v2.js";
|
|
21
21
|
// ─── Cross-File Taint Analysis ───────────────────────────────────────────────
|
|
@@ -64,7 +64,7 @@ export { runDoctorChecks, formatDoctorReport, checkNodeVersion, checkConfigFile,
|
|
|
64
64
|
// ─── Language Coverage ──────────────────────────────────────────────────────
|
|
65
65
|
export { computeLanguageCoverage, formatCoverageReport, detectFileLanguage } from "./commands/coverage.js";
|
|
66
66
|
// ─── Finding Snapshots & Trends ─────────────────────────────────────────────
|
|
67
|
-
export { createSnapshotStore, loadSnapshotStore, saveSnapshotStore, recordSnapshot, computeTrend, formatTrendReport, } from "./commands/snapshot.js";
|
|
67
|
+
export { createSnapshotStore, loadSnapshotStore, saveSnapshotStore, recordSnapshot, computeTrend, formatTrendReport, computeMetrics, } from "./commands/snapshot.js";
|
|
68
68
|
// ─── Rule Hit Metrics ───────────────────────────────────────────────────────
|
|
69
69
|
export { findJudgeForRule, computeRuleHitMetrics, formatRuleHitReport } from "./commands/rule-metrics.js";
|
|
70
70
|
// ─── Project Auto-Detection ─────────────────────────────────────────────────
|
package/dist/api.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiCH,gFAAgF;AAChF,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpF,gFAAgF;AAChF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiCH,gFAAgF;AAChF,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpF,gFAAgF;AAChF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAExE,gFAAgF;AAEhF,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,+EAA+E;AAC/E,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAEnG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,gFAAgF;AAChF,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAGhC,gFAAgF;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,+EAA+E;AAC/E,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAWhC,gFAAgF;AAChF,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,gFAAgF;AAChF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE7G,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,gFAAgF;AAChF,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AAGtB,+EAA+E;AAC/E,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAG1E,+EAA+E;AAC/E,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAErG,OAAO,EAAE,yBAAyB,EAAE,kCAAkC,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGjH,gFAAgF;AAChF,OAAO,EACL,cAAc,EACd,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAG1B,8EAA8E;AAC9E,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,mBAAmB,CAAC;AAG3B,+EAA+E;AAC/E,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAUrC,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,EACb,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAGzB,gFAAgF;AAChF,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,sBAAsB,EACtB,8BAA8B,EAC9B,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AAUjC,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,wBAAwB,GACzB,MAAM,4BAA4B,CAAC;AAGpC,gFAAgF;AAChF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC/G,4EAA4E;AAC5E,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAG9B,+EAA+E;AAC/E,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAG3G,+EAA+E;AAC/E,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAUhC,+EAA+E;AAC/E,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAG1G,+EAA+E;AAC/E,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,mBAAmB,EACnB,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AAEnC,gFAAgF;AAChF,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,gFAAgF;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAG9D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,0BAA0B,EAC1B,aAAa,EACb,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAGhC,gFAAgF;AAEhF,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAGhF,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,QAAgB,EAAE,OAA2B;IACtF,OAAO,oBAAoB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAe,EACf,IAAY,EACZ,QAAgB,EAChB,OAA2B;IAE3B,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,eAAe,CAAC,mBAAmB,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,iBAAiB,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AAGtF,gFAAgF;AAEhF,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAuBxF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC,mBAAmB,CACxC,KAAkB,EAClB,OAA2B;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QACnF,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAkB,EAClB,WAAW,GAAG,CAAC,EACf,OAA2B,EAC3B,UAAuD;IAEvD,MAAM,OAAO,GAA2B,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,UAAU,MAAM;QACnB,OAAO,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YACnF,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YACpD,SAAS,EAAE,CAAC;YACZ,UAAU,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/calibration.d.ts
CHANGED
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
* confidence is boosted.
|
|
10
10
|
*/
|
|
11
11
|
import type { Finding } from "./types.js";
|
|
12
|
+
import type { SuppressionRecord } from "./types.js";
|
|
12
13
|
import { type FeedbackStore } from "./commands/feedback.js";
|
|
13
14
|
export interface CalibrationProfile {
|
|
14
15
|
/** Name of the calibration profile */
|
|
@@ -55,4 +56,19 @@ export declare function calibrateFindings(findings: Finding[], profile: Calibrat
|
|
|
55
56
|
* Convenience: load feedback, build profile, and calibrate findings in one call.
|
|
56
57
|
*/
|
|
57
58
|
export declare function autoCalibrateFindings(findings: Finding[], options?: CalibrationOptions): Finding[];
|
|
59
|
+
/**
|
|
60
|
+
* Build a calibration profile that passively learns from:
|
|
61
|
+
* 1. Explicit feedback (from `judges feedback`)
|
|
62
|
+
* 2. Inline suppressions (`judges-ignore` directives → implicit FP signal)
|
|
63
|
+
* 3. Triage history (from finding lifecycle store)
|
|
64
|
+
*
|
|
65
|
+
* This allows calibration to improve over time without requiring explicit
|
|
66
|
+
* feedback commands — every suppression directive is a passive signal.
|
|
67
|
+
*/
|
|
68
|
+
export declare function buildPassiveCalibrationProfile(options?: CalibrationOptions & {
|
|
69
|
+
/** Suppression records from the current evaluation run */
|
|
70
|
+
suppressions?: SuppressionRecord[];
|
|
71
|
+
/** Directory containing .judges-findings.json for triage history */
|
|
72
|
+
findingsDir?: string;
|
|
73
|
+
}): CalibrationProfile;
|
|
58
74
|
//# sourceMappingURL=calibration.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"calibration.d.ts","sourceRoot":"","sources":["../src/calibration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAqB,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"calibration.d.ts","sourceRoot":"","sources":["../src/calibration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AACpD,OAAO,EAAqB,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAK/E,MAAM,WAAW,kBAAkB;IACjC,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,kDAAkD;IAClD,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,sDAAsD;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,kDAAkD;IAClD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAkB;IACjC,kCAAkC;IAClC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,CAAC,EAAE,kBAAkB,GAAG,kBAAkB,CAGvF;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,kBAAkB,CAgD9G;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,EAAE,kBAAkB,EAC3B,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,EAAE,CAsCX;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,EAAE,CAGlG;AAID;;;;;;;;GAQG;AACH,wBAAgB,8BAA8B,CAC5C,OAAO,CAAC,EAAE,kBAAkB,GAAG;IAC7B,0DAA0D;IAC1D,YAAY,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACnC,oEAAoE;IACpE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,kBAAkB,CAkCpB"}
|
package/dist/calibration.js
CHANGED
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
* confidence is boosted.
|
|
10
10
|
*/
|
|
11
11
|
import { loadFeedbackStore } from "./commands/feedback.js";
|
|
12
|
+
import { triageToFeedbackEntries } from "./finding-lifecycle.js";
|
|
12
13
|
// ─── Calibration Engine ─────────────────────────────────────────────────────
|
|
13
14
|
const DEFAULT_MIN_SAMPLES = 3;
|
|
14
15
|
const DEFAULT_MAX_REDUCTION = 0.3;
|
|
@@ -122,4 +123,46 @@ export function autoCalibrateFindings(findings, options) {
|
|
|
122
123
|
const profile = loadCalibrationProfile(options);
|
|
123
124
|
return calibrateFindings(findings, profile, options);
|
|
124
125
|
}
|
|
126
|
+
// ─── Passive Calibration ────────────────────────────────────────────────────
|
|
127
|
+
/**
|
|
128
|
+
* Build a calibration profile that passively learns from:
|
|
129
|
+
* 1. Explicit feedback (from `judges feedback`)
|
|
130
|
+
* 2. Inline suppressions (`judges-ignore` directives → implicit FP signal)
|
|
131
|
+
* 3. Triage history (from finding lifecycle store)
|
|
132
|
+
*
|
|
133
|
+
* This allows calibration to improve over time without requiring explicit
|
|
134
|
+
* feedback commands — every suppression directive is a passive signal.
|
|
135
|
+
*/
|
|
136
|
+
export function buildPassiveCalibrationProfile(options) {
|
|
137
|
+
const store = loadFeedbackStore(options?.feedbackPath);
|
|
138
|
+
// Merge in suppression signals as implicit FP entries
|
|
139
|
+
if (options?.suppressions) {
|
|
140
|
+
for (const s of options.suppressions) {
|
|
141
|
+
store.entries.push({
|
|
142
|
+
ruleId: s.ruleId,
|
|
143
|
+
verdict: "fp",
|
|
144
|
+
timestamp: new Date().toISOString(),
|
|
145
|
+
severity: s.severity,
|
|
146
|
+
title: s.title,
|
|
147
|
+
source: "manual",
|
|
148
|
+
comment: `Passive: inline suppression (${s.kind})${s.reason ? ` — ${s.reason}` : ""}`,
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
// Merge in triage history signals
|
|
153
|
+
if (options?.findingsDir) {
|
|
154
|
+
const triageEntries = triageToFeedbackEntries(options.findingsDir);
|
|
155
|
+
for (const t of triageEntries) {
|
|
156
|
+
store.entries.push({
|
|
157
|
+
ruleId: t.ruleId,
|
|
158
|
+
verdict: t.verdict,
|
|
159
|
+
timestamp: t.timestamp,
|
|
160
|
+
severity: t.severity,
|
|
161
|
+
source: "manual",
|
|
162
|
+
comment: "Passive: triage history",
|
|
163
|
+
});
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
return buildCalibrationProfile(store, options);
|
|
167
|
+
}
|
|
125
168
|
//# sourceMappingURL=calibration.js.map
|
package/dist/calibration.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"calibration.js","sourceRoot":"","sources":["../src/calibration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;
|
|
1
|
+
{"version":3,"file":"calibration.js","sourceRoot":"","sources":["../src/calibration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAE,iBAAiB,EAAsB,MAAM,wBAAwB,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AA4BjE,+EAA+E;AAE/E,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAC9B,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAClC,MAAM,iBAAiB,GAAG,IAAI,CAAC;AAE/B;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAA4B;IACjE,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IACvD,OAAO,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAoB,EAAE,OAA4B;IACxF,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,mBAAmB,CAAC;IAC9D,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEjD,2BAA2B;IAC3B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqD,CAAC;IAC5E,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAqD,CAAC;IAE9E,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClC,uBAAuB;QACvB,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACzE,SAAS,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI;YAAE,SAAS,CAAC,EAAE,EAAE,CAAC;aACtC,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI;YAAE,SAAS,CAAC,EAAE,EAAE,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEpC,yBAAyB;QACzB,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YACvE,WAAW,CAAC,KAAK,EAAE,CAAC;YACpB,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI;gBAAE,WAAW,CAAC,EAAE,EAAE,CAAC;iBACxC,IAAI,KAAK,CAAC,OAAO,KAAK,IAAI;gBAAE,WAAW,CAAC,EAAE,EAAE,CAAC;YAClD,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QACrC,IAAI,KAAK,CAAC,KAAK,IAAI,UAAU,EAAE,CAAC;YAC9B,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;QACvC,IAAI,KAAK,CAAC,KAAK,IAAI,UAAU,EAAE,CAAC;YAC9B,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,qBAAqB;QAC3B,YAAY;QACZ,cAAc;QACd,QAAQ,EAAE,YAAY,CAAC,IAAI,GAAG,CAAC,IAAI,cAAc,CAAC,IAAI,GAAG,CAAC;QAC1D,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAmB,EACnB,OAA2B,EAC3B,OAA4B;IAE5B,IAAI,CAAC,OAAO,CAAC,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAEvC,MAAM,YAAY,GAAG,OAAO,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,iBAAiB,CAAC;IAExD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACxB,MAAM,WAAW,GAAG,CAAC,CAAC,UAAU,IAAI,GAAG,CAAC;QAExC,6DAA6D;QAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,UAAU,IAAI,YAAY,CAAC;QAE1C,IAAI,MAAM,KAAK,SAAS;YAAE,OAAO,CAAC,CAAC;QAEnC,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;YACjB,iDAAiD;YACjD,yDAAyD;YACzD,UAAU,GAAG,CAAC,YAAY,GAAG,CAAC,CAAC,MAAM,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,gCAAgC;YAChC,iDAAiD;YACjD,UAAU,GAAG,QAAQ,GAAG,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,UAAU,KAAK,CAAC;YAAE,OAAO,CAAC,CAAC;QAE/B,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,UAAU,CAAC,CAAC,CAAC;QAC/E,OAAO;YACL,GAAG,CAAC;YACJ,UAAU,EAAE,cAAc;YAC1B,UAAU,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,yBAAyB,CAAC,CAAC,CAAC,uBAAuB;SAC9F,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAmB,EAAE,OAA4B;IACrF,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAChD,OAAO,iBAAiB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,UAAU,8BAA8B,CAC5C,OAKC;IAED,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAEvD,sDAAsD;IACtD,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;YACrC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,gCAAgC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;aACtF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;QACzB,MAAM,aAAa,GAAG,uBAAuB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACnE,KAAK,MAAM,CAAC,IAAI,aAAa,EAAE,CAAC;YAC9B,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,yBAAyB;aACnC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC"}
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;AAqZH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAcnD;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAQzE;AAiBD,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,MAAM,EAAE,CAiBnF;AAsOD,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsgB1D"}
|
package/dist/cli.js
CHANGED
|
@@ -116,6 +116,7 @@ function parseCliArgs(argv) {
|
|
|
116
116
|
include: [],
|
|
117
117
|
maxFiles: undefined,
|
|
118
118
|
changedOnly: false,
|
|
119
|
+
explain: false,
|
|
119
120
|
};
|
|
120
121
|
// First non-flag arg is the command
|
|
121
122
|
let i = 2; // skip node + script
|
|
@@ -182,6 +183,9 @@ function parseCliArgs(argv) {
|
|
|
182
183
|
case "--changed-only":
|
|
183
184
|
args.changedOnly = true;
|
|
184
185
|
break;
|
|
186
|
+
case "--explain":
|
|
187
|
+
args.explain = true;
|
|
188
|
+
break;
|
|
185
189
|
case "--exclude":
|
|
186
190
|
case "-x":
|
|
187
191
|
args.exclude.push(argv[++i]);
|
|
@@ -262,6 +266,7 @@ EVAL OPTIONS:
|
|
|
262
266
|
--quiet Suppress non-essential output
|
|
263
267
|
--fix Auto-fix findings after evaluation (applies patches in-place)
|
|
264
268
|
--changed-only Only evaluate files changed since last commit (uses git diff)
|
|
269
|
+
--explain Enrich findings with OWASP/CWE learning context
|
|
265
270
|
--help, -h Show this help
|
|
266
271
|
|
|
267
272
|
FIX OPTIONS:
|
|
@@ -768,6 +773,18 @@ export async function runCli(argv) {
|
|
|
768
773
|
await runTune(argv);
|
|
769
774
|
return;
|
|
770
775
|
}
|
|
776
|
+
// ─── Calibration Dashboard Command ────────────────────────────────
|
|
777
|
+
if (args.command === "calibration-dashboard") {
|
|
778
|
+
const { runCalibrationDashboard } = await import("./commands/calibration-dashboard.js");
|
|
779
|
+
await runCalibrationDashboard(argv);
|
|
780
|
+
process.exit(0);
|
|
781
|
+
}
|
|
782
|
+
// ─── Community Patterns Command ───────────────────────────────────────
|
|
783
|
+
if (args.command === "community-patterns") {
|
|
784
|
+
const { runCommunityPatterns } = await import("./commands/community-patterns.js");
|
|
785
|
+
await runCommunityPatterns(argv);
|
|
786
|
+
process.exit(0);
|
|
787
|
+
}
|
|
771
788
|
// ─── Compare Command ─────────────────────────────────────────────────
|
|
772
789
|
if (args.command === "compare") {
|
|
773
790
|
const toolName = argv[3];
|
|
@@ -939,6 +956,10 @@ export async function runCli(argv) {
|
|
|
939
956
|
if (evalConfig?.minSeverity) {
|
|
940
957
|
evaluation.findings = filterBySeverity(evaluation.findings, evalConfig.minSeverity);
|
|
941
958
|
}
|
|
959
|
+
// Enrich with learning context when --explain is set
|
|
960
|
+
if (args.explain) {
|
|
961
|
+
evaluation.findings = enrichWithExplanations(evaluation.findings);
|
|
962
|
+
}
|
|
942
963
|
const elapsed = Date.now() - startTime;
|
|
943
964
|
if (args.summary) {
|
|
944
965
|
printSummaryLine(evaluation.verdict, evaluation.score, evaluation.findings.length);
|
|
@@ -1017,6 +1038,13 @@ export async function runCli(argv) {
|
|
|
1017
1038
|
}
|
|
1018
1039
|
verdict.findings = filterBySeverity(verdict.findings, evalConfig.minSeverity);
|
|
1019
1040
|
}
|
|
1041
|
+
// Enrich with learning context when --explain is set
|
|
1042
|
+
if (args.explain) {
|
|
1043
|
+
for (const evaluation of verdict.evaluations) {
|
|
1044
|
+
evaluation.findings = enrichWithExplanations(evaluation.findings);
|
|
1045
|
+
}
|
|
1046
|
+
verdict.findings = enrichWithExplanations(verdict.findings);
|
|
1047
|
+
}
|
|
1020
1048
|
const elapsed = Date.now() - startTime;
|
|
1021
1049
|
if (args.summary) {
|
|
1022
1050
|
const totalFindings = verdict.evaluations.reduce((s, e) => s + e.findings.length, 0);
|
|
@@ -1178,6 +1206,103 @@ function loadEvalConfig(args) {
|
|
|
1178
1206
|
}
|
|
1179
1207
|
return config;
|
|
1180
1208
|
}
|
|
1209
|
+
// ─── Explain Mode — Learning Context Enrichment ─────────────────────────────
|
|
1210
|
+
const RULE_PREFIX_CONTEXT = {
|
|
1211
|
+
SEC: {
|
|
1212
|
+
owasp: "A03:2021 Injection",
|
|
1213
|
+
cwe: "CWE-79/CWE-89",
|
|
1214
|
+
learn: "Input validation prevents injection attacks where untrusted data is sent to an interpreter.",
|
|
1215
|
+
},
|
|
1216
|
+
AUTH: {
|
|
1217
|
+
owasp: "A07:2021 Identification and Authentication Failures",
|
|
1218
|
+
cwe: "CWE-287",
|
|
1219
|
+
learn: "Authentication flaws let attackers compromise passwords, keys, or session tokens.",
|
|
1220
|
+
},
|
|
1221
|
+
CRYPTO: {
|
|
1222
|
+
owasp: "A02:2021 Cryptographic Failures",
|
|
1223
|
+
cwe: "CWE-327/CWE-328",
|
|
1224
|
+
learn: "Weak or missing cryptography exposes sensitive data to interception and tampering.",
|
|
1225
|
+
},
|
|
1226
|
+
DATA: {
|
|
1227
|
+
owasp: "A02:2021 Cryptographic Failures",
|
|
1228
|
+
cwe: "CWE-200/CWE-312",
|
|
1229
|
+
learn: "Sensitive data exposure occurs when applications do not adequately protect data at rest or in transit.",
|
|
1230
|
+
},
|
|
1231
|
+
CYBER: {
|
|
1232
|
+
owasp: "A01:2021 Broken Access Control",
|
|
1233
|
+
cwe: "CWE-284",
|
|
1234
|
+
learn: "Access control enforces policy so users cannot act outside their intended permissions.",
|
|
1235
|
+
},
|
|
1236
|
+
INJ: {
|
|
1237
|
+
owasp: "A03:2021 Injection",
|
|
1238
|
+
cwe: "CWE-89/CWE-78",
|
|
1239
|
+
learn: "Injection flaws occur when hostile data is sent to an interpreter as part of a command or query.",
|
|
1240
|
+
},
|
|
1241
|
+
XSS: {
|
|
1242
|
+
owasp: "A03:2021 Injection",
|
|
1243
|
+
cwe: "CWE-79",
|
|
1244
|
+
learn: "Cross-site scripting (XSS) lets attackers inject scripts into web pages viewed by other users.",
|
|
1245
|
+
},
|
|
1246
|
+
SSRF: {
|
|
1247
|
+
owasp: "A10:2021 Server-Side Request Forgery",
|
|
1248
|
+
cwe: "CWE-918",
|
|
1249
|
+
learn: "SSRF lets attackers make the server send requests to unintended locations, potentially accessing internal services.",
|
|
1250
|
+
},
|
|
1251
|
+
PERF: { learn: "Performance issues cause slow response times, high resource usage, or scalability bottlenecks." },
|
|
1252
|
+
A11Y: {
|
|
1253
|
+
learn: "Accessibility ensures applications are usable by people with disabilities, per WCAG 2.1 guidelines.",
|
|
1254
|
+
},
|
|
1255
|
+
DOC: { learn: "Good documentation improves maintainability, onboarding, and reduces defect rates." },
|
|
1256
|
+
TEST: { learn: "Adequate test coverage catches regressions, validates behaviour, and enables safe refactoring." },
|
|
1257
|
+
AICS: {
|
|
1258
|
+
owasp: "OWASP AI Security",
|
|
1259
|
+
learn: "AI code safety rules detect prompt injection, model poisoning, and unsafe AI integration patterns.",
|
|
1260
|
+
},
|
|
1261
|
+
IAC: {
|
|
1262
|
+
learn: "Infrastructure as Code security ensures cloud resources are provisioned with least-privilege, encryption, and audit logging.",
|
|
1263
|
+
},
|
|
1264
|
+
SOV: {
|
|
1265
|
+
learn: "Data sovereignty rules verify data residency, jurisdictional compliance, and cross-border transfer controls.",
|
|
1266
|
+
},
|
|
1267
|
+
COMP: { learn: "Compliance rules enforce regulatory requirements like GDPR, HIPAA, PCI-DSS, and SOC 2." },
|
|
1268
|
+
INTENT: {
|
|
1269
|
+
learn: "Intent alignment detects mismatches between declared purpose (names, comments) and actual implementation.",
|
|
1270
|
+
},
|
|
1271
|
+
DSEC: {
|
|
1272
|
+
learn: "Dependency security rules flag known-vulnerable packages, outdated dependencies, and supply-chain risks.",
|
|
1273
|
+
},
|
|
1274
|
+
MFPR: {
|
|
1275
|
+
learn: "Model fingerprint detection identifies stylistic patterns characteristic of specific AI generators (GPT, Claude, Copilot, Gemini).",
|
|
1276
|
+
},
|
|
1277
|
+
API: {
|
|
1278
|
+
learn: "API contract rules enforce input validation, proper status codes, content-type, rate limiting, and versioning on REST endpoints.",
|
|
1279
|
+
},
|
|
1280
|
+
COH: {
|
|
1281
|
+
learn: "Coherence rules detect contradictory assignments, dead code, duplicate definitions, and other self-inconsistent patterns.",
|
|
1282
|
+
},
|
|
1283
|
+
HALLU: {
|
|
1284
|
+
learn: "Hallucination detection catches fabricated APIs, non-existent imports, and phantom methods commonly generated by AI models.",
|
|
1285
|
+
},
|
|
1286
|
+
};
|
|
1287
|
+
function enrichWithExplanations(findings) {
|
|
1288
|
+
return findings.map((f) => {
|
|
1289
|
+
const prefix = f.ruleId.replace(/-\d+$/, "");
|
|
1290
|
+
const ctx = RULE_PREFIX_CONTEXT[prefix];
|
|
1291
|
+
if (!ctx)
|
|
1292
|
+
return f;
|
|
1293
|
+
const parts = [f.description];
|
|
1294
|
+
if (ctx.owasp)
|
|
1295
|
+
parts.push(`\n📚 OWASP: ${ctx.owasp}`);
|
|
1296
|
+
if (ctx.cwe)
|
|
1297
|
+
parts.push(`CWE: ${ctx.cwe}`);
|
|
1298
|
+
parts.push(`💡 ${ctx.learn}`);
|
|
1299
|
+
return {
|
|
1300
|
+
...f,
|
|
1301
|
+
description: parts.join(" "),
|
|
1302
|
+
reference: f.reference || [ctx.owasp, ctx.cwe].filter(Boolean).join(" / ") || f.reference,
|
|
1303
|
+
};
|
|
1304
|
+
});
|
|
1305
|
+
}
|
|
1181
1306
|
// ─── Severity Filter ────────────────────────────────────────────────────────
|
|
1182
1307
|
const SEVERITY_ORDER = ["critical", "high", "medium", "low", "info"];
|
|
1183
1308
|
function filterBySeverity(findings, minSeverity) {
|