@kevinrabun/judges 3.31.0 → 3.34.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +65 -0
- package/README.md +51 -33
- package/dist/api.d.ts +1 -1
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +1 -1
- package/dist/api.js.map +1 -1
- package/dist/cli.d.ts +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +79 -6
- package/dist/cli.js.map +1 -1
- package/dist/commands/benchmark.d.ts +2 -0
- package/dist/commands/benchmark.d.ts.map +1 -1
- package/dist/commands/benchmark.js +13 -1
- package/dist/commands/benchmark.js.map +1 -1
- package/dist/commands/snapshot.d.ts +5 -0
- package/dist/commands/snapshot.d.ts.map +1 -1
- package/dist/commands/snapshot.js +121 -0
- package/dist/commands/snapshot.js.map +1 -1
- package/dist/dedup.d.ts.map +1 -1
- package/dist/dedup.js +8 -29
- package/dist/dedup.js.map +1 -1
- package/dist/evaluators/ai-code-safety.js +1 -1
- package/dist/evaluators/caching.js +1 -1
- package/dist/evaluators/caching.js.map +1 -1
- package/dist/evaluators/cloud-readiness.js +1 -1
- package/dist/evaluators/configuration-management.js +1 -1
- package/dist/evaluators/cost-effectiveness.js +1 -1
- package/dist/evaluators/data-sovereignty.js +2 -2
- package/dist/evaluators/documentation.d.ts.map +1 -1
- package/dist/evaluators/documentation.js +7 -5
- package/dist/evaluators/documentation.js.map +1 -1
- package/dist/evaluators/false-positive-review.d.ts.map +1 -1
- package/dist/evaluators/false-positive-review.js +6 -5
- package/dist/evaluators/false-positive-review.js.map +1 -1
- package/dist/evaluators/index.d.ts.map +1 -1
- package/dist/evaluators/index.js +26 -3
- package/dist/evaluators/index.js.map +1 -1
- package/dist/evaluators/internationalization.js +1 -1
- package/dist/evaluators/over-engineering.d.ts +3 -0
- package/dist/evaluators/over-engineering.d.ts.map +1 -0
- package/dist/evaluators/over-engineering.js +161 -0
- package/dist/evaluators/over-engineering.js.map +1 -0
- package/dist/evaluators/reliability.js +1 -1
- package/dist/evaluators/security.d.ts.map +1 -1
- package/dist/evaluators/security.js +3 -0
- package/dist/evaluators/security.js.map +1 -1
- package/dist/evaluators/shared.js +1 -1
- package/dist/evaluators/shared.js.map +1 -1
- package/dist/evaluators/ux.js +5 -5
- package/dist/evaluators/ux.js.map +1 -1
- package/dist/formatters/pdf.d.ts +13 -0
- package/dist/formatters/pdf.d.ts.map +1 -0
- package/dist/formatters/pdf.js +138 -0
- package/dist/formatters/pdf.js.map +1 -0
- package/dist/judges/accessibility.d.ts.map +1 -1
- package/dist/judges/accessibility.js +2 -0
- package/dist/judges/accessibility.js.map +1 -1
- package/dist/judges/agent-instructions.d.ts.map +1 -1
- package/dist/judges/agent-instructions.js +2 -0
- package/dist/judges/agent-instructions.js.map +1 -1
- package/dist/judges/ai-code-safety.d.ts.map +1 -1
- package/dist/judges/ai-code-safety.js +2 -0
- package/dist/judges/ai-code-safety.js.map +1 -1
- package/dist/judges/api-contract.d.ts.map +1 -1
- package/dist/judges/api-contract.js +3 -1
- package/dist/judges/api-contract.js.map +1 -1
- package/dist/judges/api-design.d.ts.map +1 -1
- package/dist/judges/api-design.js +2 -0
- package/dist/judges/api-design.js.map +1 -1
- package/dist/judges/authentication.d.ts.map +1 -1
- package/dist/judges/authentication.js +2 -0
- package/dist/judges/authentication.js.map +1 -1
- package/dist/judges/backwards-compatibility.d.ts.map +1 -1
- package/dist/judges/backwards-compatibility.js +2 -0
- package/dist/judges/backwards-compatibility.js.map +1 -1
- package/dist/judges/caching.d.ts.map +1 -1
- package/dist/judges/caching.js +2 -0
- package/dist/judges/caching.js.map +1 -1
- package/dist/judges/ci-cd.d.ts.map +1 -1
- package/dist/judges/ci-cd.js +2 -0
- package/dist/judges/ci-cd.js.map +1 -1
- package/dist/judges/cloud-readiness.d.ts.map +1 -1
- package/dist/judges/cloud-readiness.js +2 -0
- package/dist/judges/cloud-readiness.js.map +1 -1
- package/dist/judges/code-structure.d.ts.map +1 -1
- package/dist/judges/code-structure.js +2 -0
- package/dist/judges/code-structure.js.map +1 -1
- package/dist/judges/compliance.d.ts.map +1 -1
- package/dist/judges/compliance.js +2 -0
- package/dist/judges/compliance.js.map +1 -1
- package/dist/judges/concurrency.d.ts.map +1 -1
- package/dist/judges/concurrency.js +2 -0
- package/dist/judges/concurrency.js.map +1 -1
- package/dist/judges/configuration-management.d.ts.map +1 -1
- package/dist/judges/configuration-management.js +2 -0
- package/dist/judges/configuration-management.js.map +1 -1
- package/dist/judges/cost-effectiveness.d.ts.map +1 -1
- package/dist/judges/cost-effectiveness.js +2 -0
- package/dist/judges/cost-effectiveness.js.map +1 -1
- package/dist/judges/cybersecurity.d.ts.map +1 -1
- package/dist/judges/cybersecurity.js +2 -0
- package/dist/judges/cybersecurity.js.map +1 -1
- package/dist/judges/data-security.d.ts.map +1 -1
- package/dist/judges/data-security.js +2 -0
- package/dist/judges/data-security.js.map +1 -1
- package/dist/judges/data-sovereignty.d.ts.map +1 -1
- package/dist/judges/data-sovereignty.js +3 -1
- package/dist/judges/data-sovereignty.js.map +1 -1
- package/dist/judges/database.d.ts.map +1 -1
- package/dist/judges/database.js +2 -0
- package/dist/judges/database.js.map +1 -1
- package/dist/judges/dependency-health.d.ts.map +1 -1
- package/dist/judges/dependency-health.js +2 -0
- package/dist/judges/dependency-health.js.map +1 -1
- package/dist/judges/documentation.d.ts.map +1 -1
- package/dist/judges/documentation.js +2 -0
- package/dist/judges/documentation.js.map +1 -1
- package/dist/judges/error-handling.d.ts.map +1 -1
- package/dist/judges/error-handling.js +2 -0
- package/dist/judges/error-handling.js.map +1 -1
- package/dist/judges/ethics-bias.d.ts.map +1 -1
- package/dist/judges/ethics-bias.js +2 -0
- package/dist/judges/ethics-bias.js.map +1 -1
- package/dist/judges/false-positive-review.d.ts.map +1 -1
- package/dist/judges/false-positive-review.js +2 -0
- package/dist/judges/false-positive-review.js.map +1 -1
- package/dist/judges/framework-safety.d.ts.map +1 -1
- package/dist/judges/framework-safety.js +2 -0
- package/dist/judges/framework-safety.js.map +1 -1
- package/dist/judges/hallucination-detection.d.ts.map +1 -1
- package/dist/judges/hallucination-detection.js +2 -0
- package/dist/judges/hallucination-detection.js.map +1 -1
- package/dist/judges/iac-security.d.ts.map +1 -1
- package/dist/judges/iac-security.js +2 -0
- package/dist/judges/iac-security.js.map +1 -1
- package/dist/judges/index.d.ts.map +1 -1
- package/dist/judges/index.js +4 -0
- package/dist/judges/index.js.map +1 -1
- package/dist/judges/intent-alignment.d.ts.map +1 -1
- package/dist/judges/intent-alignment.js +2 -0
- package/dist/judges/intent-alignment.js.map +1 -1
- package/dist/judges/internationalization.d.ts.map +1 -1
- package/dist/judges/internationalization.js +2 -0
- package/dist/judges/internationalization.js.map +1 -1
- package/dist/judges/logging-privacy.d.ts.map +1 -1
- package/dist/judges/logging-privacy.js +2 -0
- package/dist/judges/logging-privacy.js.map +1 -1
- package/dist/judges/maintainability.d.ts.map +1 -1
- package/dist/judges/maintainability.js +2 -0
- package/dist/judges/maintainability.js.map +1 -1
- package/dist/judges/model-fingerprint.d.ts.map +1 -1
- package/dist/judges/model-fingerprint.js +3 -1
- package/dist/judges/model-fingerprint.js.map +1 -1
- package/dist/judges/multi-turn-coherence.d.ts.map +1 -1
- package/dist/judges/multi-turn-coherence.js +3 -1
- package/dist/judges/multi-turn-coherence.js.map +1 -1
- package/dist/judges/observability.d.ts.map +1 -1
- package/dist/judges/observability.js +2 -0
- package/dist/judges/observability.js.map +1 -1
- package/dist/judges/over-engineering.d.ts +3 -0
- package/dist/judges/over-engineering.d.ts.map +1 -0
- package/dist/judges/over-engineering.js +47 -0
- package/dist/judges/over-engineering.js.map +1 -0
- package/dist/judges/performance.d.ts.map +1 -1
- package/dist/judges/performance.js +2 -0
- package/dist/judges/performance.js.map +1 -1
- package/dist/judges/portability.d.ts.map +1 -1
- package/dist/judges/portability.js +2 -0
- package/dist/judges/portability.js.map +1 -1
- package/dist/judges/rate-limiting.d.ts.map +1 -1
- package/dist/judges/rate-limiting.js +2 -0
- package/dist/judges/rate-limiting.js.map +1 -1
- package/dist/judges/reliability.d.ts.map +1 -1
- package/dist/judges/reliability.js +2 -0
- package/dist/judges/reliability.js.map +1 -1
- package/dist/judges/scalability.d.ts.map +1 -1
- package/dist/judges/scalability.js +2 -0
- package/dist/judges/scalability.js.map +1 -1
- package/dist/judges/security.d.ts.map +1 -1
- package/dist/judges/security.js +2 -0
- package/dist/judges/security.js.map +1 -1
- package/dist/judges/software-practices.d.ts.map +1 -1
- package/dist/judges/software-practices.js +2 -0
- package/dist/judges/software-practices.js.map +1 -1
- package/dist/judges/testing.d.ts.map +1 -1
- package/dist/judges/testing.js +2 -0
- package/dist/judges/testing.js.map +1 -1
- package/dist/judges/ux.d.ts.map +1 -1
- package/dist/judges/ux.js +2 -0
- package/dist/judges/ux.js.map +1 -1
- package/dist/scoring.d.ts +5 -0
- package/dist/scoring.d.ts.map +1 -1
- package/dist/scoring.js +76 -0
- package/dist/scoring.js.map +1 -1
- package/dist/tools/prompts.js +1 -1
- package/dist/types.d.ts +20 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +3 -2
- package/server.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,71 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to **@kevinrabun/judges** are documented here.
|
|
4
4
|
|
|
5
|
+
## [3.34.1] — 2026-03-10
|
|
6
|
+
|
|
7
|
+
### Fixed
|
|
8
|
+
- **CI build fix** — Added missing `findings` property to the `CaseResult` interface in `benchmark.ts`, resolving TS2353 compile error that failed the v3.34.0 publish workflow
|
|
9
|
+
|
|
10
|
+
## [3.34.0] — 2026-03-10
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
- **False-positive filter (check #6) now requires ALL lines to match identifier context** — Previously, a single line matching identifier context would suppress the entire finding. When cross-evaluator dedup merges line numbers from multiple findings, a single inherited "foreign" line could wrongly suppress a legitimate finding. Now all flagged lines must match the identifier context pattern for suppression to apply.
|
|
14
|
+
- **Removed CYBER- and AUTH- from test-only prefix suppression** — These prefixes were being incorrectly suppressed in test files, causing missed true positives
|
|
15
|
+
- **Security evaluator skips import/require lines** for JWT verification detection — `import jsonwebtoken` no longer triggers a "JWT verification" finding
|
|
16
|
+
- **Documentation evaluator strips type annotations** before counting single-letter parameters — generic type params like `T` in `(items: T[])` no longer trigger cryptic-naming detection
|
|
17
|
+
- **Added `assert` to magic-number exclusion list** — Test assertions with numeric values are no longer flagged as magic numbers
|
|
18
|
+
- **I18N added to web-only prefix suppression** — Internationalization rules now correctly suppressed for non-web files
|
|
19
|
+
- **Shared `classifyFile` minimum line guard** — Files under 8 lines are no longer classified as "utility", preventing over-suppression of findings in small files
|
|
20
|
+
|
|
21
|
+
### Changed
|
|
22
|
+
- **12 evaluator threshold recalibrations** to reduce false positives while improving recall:
|
|
23
|
+
- AI Code Safety: unvalidated input handler threshold 4→2
|
|
24
|
+
- Caching: minimum file length 100→30 lines
|
|
25
|
+
- Cloud Readiness: hardcoded config threshold 5→1
|
|
26
|
+
- Configuration Management: env vars without defaults 3→4
|
|
27
|
+
- Cost Effectiveness: nested loop threshold 4→2
|
|
28
|
+
- Data Sovereignty: hardcoded global/foreign threshold 5→1, cross-border egress 5→2
|
|
29
|
+
- Documentation: undocumented exports count 2→4, minimum lines 10→30, magic numbers threshold 50→20
|
|
30
|
+
- Internationalization: hardcoded strings threshold 0→5
|
|
31
|
+
- Reliability: empty catch threshold 3→1
|
|
32
|
+
- UX: inline handlers 10→2, form loading state minimum 50→15 lines, generic errors minimum 60 lines, empty state minimum 80→120 lines, file/stream progress minimum 60 lines
|
|
33
|
+
- **Cross-evaluator dedup simplified** — Removed per-prefix diversity logic (which preserved one representative per rule prefix) in favor of single-winner with cross-reference annotation; fixes dedup correctness for SQL injection, race conditions, and other cross-cutting findings
|
|
34
|
+
- **Benchmark scoring now parses cross-reference annotations** — Dedup-merged findings annotated with `_Also identified by: AUTH-001, SEC-001_` now contribute their referenced ruleIds to true-positive matching, recovering 115 previously undercounted TPs
|
|
35
|
+
|
|
36
|
+
### Benchmark
|
|
37
|
+
- **Grade A** — F1: 93.0% (was 87.9%), Precision: 98.7%, Recall: 87.9% (was 79.3%), Detection Rate: 97.6% (was 94.0%)
|
|
38
|
+
- TP: 1182 (+115), FN: 163 (−115), FP: 16
|
|
39
|
+
- All per-judge false-positive rates ≤ 30%
|
|
40
|
+
|
|
41
|
+
### Tests
|
|
42
|
+
- 2226 tests passing, 0 failures
|
|
43
|
+
|
|
44
|
+
## [3.33.0] — 2026-03-10
|
|
45
|
+
|
|
46
|
+
### Added
|
|
47
|
+
- **Over-engineering detector judge** — New 44th judge (`over-engineering`) with 6 rules detecting excessive abstraction layers, trivial wrappers, god interfaces, builder pattern overuse, enterprise patterns in small codebases, and excessive generic type parameters
|
|
48
|
+
- **PDF export formatter** (`--format pdf`) — Print-optimized HTML report with @media print styles, page breaks, and clean A4 layout; open in browser and "Save as PDF"
|
|
49
|
+
- **HTML trend dashboard** (`judges trend --format html`) — Self-contained interactive HTML with SVG bar chart, severity breakdown, metrics summary, run history table, and dark/light theme support
|
|
50
|
+
- **`--sample` flag** — Random file sampling for large repos; use with `--max-files` to randomly select files instead of taking the first N alphabetically
|
|
51
|
+
- **Suppression metrics in text output** — When inline suppressions are present, the text report now shows suppressed finding count, breakdown by type (line/next-line/block/file), and top suppressed rules
|
|
52
|
+
- **Code provenance signals** — All findings now carry a `provenance` field (defaults to `"regex-pattern-match"`) indicating how the finding was detected
|
|
53
|
+
- **Per-judge timing metrics** — Each `JudgeEvaluation` includes `durationMs`; `TribunalVerdict` includes `timing` with total and per-judge breakdown; text output shows timing and slowest judges
|
|
54
|
+
- **OWASP LLM Top 10 mapping** — Findings are automatically mapped to OWASP LLM Top 10 categories (LLM01–LLM10) where applicable
|
|
55
|
+
- **VS Code CodeLens provider** — Shows finding counts above functions, methods, and classes in the editor
|
|
56
|
+
- **Centralized judge metadata** — Extended `JudgeDefinition` with `tableDescription` and `promptDescription` fields; all 44 judges now carry documentation metadata as part of their definition
|
|
57
|
+
- **`npm run sync-docs` script** — New `scripts/sync-docs.ts` regenerates the README judge table, prompts table, `docs/index.html` JS array, and judge counts across 15+ files from the `JUDGES` array as single source of truth
|
|
58
|
+
- **Adding-a-judge instructions** — `.github/instructions/adding-a-judge.instructions.md` codifies the full step-by-step workflow for adding new judges
|
|
59
|
+
|
|
60
|
+
### Changed
|
|
61
|
+
- **README and docs auto-generated** — Judge table and prompts table in README use marker-delimited sections (`JUDGES_TABLE_START`/`END`, `PROMPTS_TABLE_START`/`END`); `docs/index.html` uses `JUDGES_ARRAY_START`/`END` markers
|
|
62
|
+
|
|
63
|
+
### Fixed
|
|
64
|
+
- **4 inconsistent judge names** — Data Sovereignty, API Contract, Multi-Turn Coherence, and Model Fingerprint judges now follow the `"Judge {Domain}"` naming convention
|
|
65
|
+
- **PDF formatter build error** — Fixed `Finding.line` reference to use `Finding.lineNumbers`
|
|
66
|
+
|
|
67
|
+
### Tests
|
|
68
|
+
- 1075 tests passing, Benchmark Grade A
|
|
69
|
+
|
|
5
70
|
## [3.31.0] — 2026-03-10
|
|
6
71
|
|
|
7
72
|
### Changed
|
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Judges Panel
|
|
2
2
|
|
|
3
|
-
An MCP (Model Context Protocol) server that provides a panel of **
|
|
3
|
+
An MCP (Model Context Protocol) server that provides a panel of **44 specialized judges** to evaluate AI-generated code — acting as an independent quality gate regardless of which project is being reviewed. Combines **deterministic pattern matching & AST analysis** (instant, offline, zero LLM calls) with **LLM-powered deep-review prompts** that let your AI assistant perform expert-persona analysis across all 44 domains.
|
|
4
4
|
|
|
5
5
|
**Highlights:**
|
|
6
6
|
- Includes an **App Builder Workflow (3-step)** demo for release decisions, plain-language risk summaries, and prioritized fixes — see [Try the Demo](#2-try-the-demo).
|
|
@@ -17,11 +17,11 @@ An MCP (Model Context Protocol) server that provides a panel of **39 specialized
|
|
|
17
17
|
|
|
18
18
|
## Why Judges?
|
|
19
19
|
|
|
20
|
-
AI code generators (Copilot, Cursor, Claude, ChatGPT, etc.) write code fast — but they routinely produce **insecure defaults, missing auth, hardcoded secrets, and poor error handling**. Human reviewers catch some of this, but nobody reviews
|
|
20
|
+
AI code generators (Copilot, Cursor, Claude, ChatGPT, etc.) write code fast — but they routinely produce **insecure defaults, missing auth, hardcoded secrets, and poor error handling**. Human reviewers catch some of this, but nobody reviews 44 dimensions consistently.
|
|
21
21
|
|
|
22
22
|
| | ESLint / Biome | SonarQube | Semgrep / CodeQL | **Judges** |
|
|
23
23
|
|---|---|---|---|---|
|
|
24
|
-
| **Scope** | Style + some bugs | Bugs + code smells | Security patterns | **
|
|
24
|
+
| **Scope** | Style + some bugs | Bugs + code smells | Security patterns | **44 domains**: security, cost, compliance, a11y, API design, cloud, UX, … |
|
|
25
25
|
| **AI-generated code focus** | No | No | Partial | **Purpose-built** for AI output failure modes |
|
|
26
26
|
| **Setup** | Config per project | Server + scanner | Cloud or local | **One command**: `npx @kevinrabun/judges eval file.ts` |
|
|
27
27
|
| **Auto-fix patches** | Some | No | No | **114 deterministic patches** — instant, offline |
|
|
@@ -79,7 +79,7 @@ judges eval --min-score 80 src/api.ts
|
|
|
79
79
|
# One-line summary for scripts
|
|
80
80
|
judges eval --summary src/api.ts
|
|
81
81
|
|
|
82
|
-
# List all
|
|
82
|
+
# List all 44 judges
|
|
83
83
|
judges list
|
|
84
84
|
```
|
|
85
85
|
|
|
@@ -190,7 +190,7 @@ npm run build
|
|
|
190
190
|
|
|
191
191
|
### 2. Try the Demo
|
|
192
192
|
|
|
193
|
-
Run the included demo to see all
|
|
193
|
+
Run the included demo to see all 44 judges evaluate a purposely flawed API server:
|
|
194
194
|
|
|
195
195
|
```bash
|
|
196
196
|
npm run demo
|
|
@@ -293,7 +293,7 @@ Install the **[Judges Panel](https://marketplace.visualstudio.com/items?itemName
|
|
|
293
293
|
|
|
294
294
|
- **Inline diagnostics & quick-fixes** on every file save
|
|
295
295
|
- **`@judges` chat participant** — type `@judges` in Copilot Chat, or just ask for a "judges panel review" and Copilot routes automatically
|
|
296
|
-
- **Auto-configured MCP server** — all
|
|
296
|
+
- **Auto-configured MCP server** — all 44 expert-persona prompts available to Copilot with zero setup
|
|
297
297
|
|
|
298
298
|
```bash
|
|
299
299
|
code --install-extension kevinrabun.judges-panel
|
|
@@ -420,7 +420,7 @@ All commands support `--help` for usage details.
|
|
|
420
420
|
|
|
421
421
|
### `judges eval`
|
|
422
422
|
|
|
423
|
-
Evaluate a file with all
|
|
423
|
+
Evaluate a file with all 44 judges or a single judge.
|
|
424
424
|
|
|
425
425
|
| Flag | Description |
|
|
426
426
|
|------|-------------|
|
|
@@ -619,45 +619,54 @@ const svg2 = generateBadgeSvg(75, "quality"); // custom label
|
|
|
619
619
|
|
|
620
620
|
## The Judge Panel
|
|
621
621
|
|
|
622
|
+
<!-- JUDGES_TABLE_START -->
|
|
622
623
|
| Judge | Domain | Rule Prefix | What It Evaluates |
|
|
623
624
|
|-------|--------|-------------|-------------------|
|
|
624
625
|
| **Data Security** | Data Security & Privacy | `DATA-` | Encryption, PII handling, secrets management, access controls |
|
|
625
626
|
| **Cybersecurity** | Cybersecurity & Threat Defense | `CYBER-` | Injection attacks, XSS, CSRF, auth flaws, OWASP Top 10 |
|
|
626
|
-
| **Cost Effectiveness** | Cost Optimization | `COST-` | Algorithm efficiency, N+1 queries, memory waste, caching strategy |
|
|
627
|
+
| **Cost Effectiveness** | Cost Optimization & Resource Efficiency | `COST-` | Algorithm efficiency, N+1 queries, memory waste, caching strategy |
|
|
627
628
|
| **Scalability** | Scalability & Performance | `SCALE-` | Statelessness, horizontal scaling, concurrency, bottlenecks |
|
|
628
|
-
| **Cloud Readiness** | Cloud-Native & DevOps | `CLOUD-` | 12-Factor compliance, containerization, graceful shutdown, IaC |
|
|
629
|
-
| **Software Practices** | Engineering Best Practices | `SWDEV-` | SOLID principles, type safety, error handling, input validation |
|
|
629
|
+
| **Cloud Readiness** | Cloud-Native Architecture & DevOps | `CLOUD-` | 12-Factor compliance, containerization, graceful shutdown, IaC |
|
|
630
|
+
| **Software Practices** | Software Engineering Best Practices & Secure SDLC | `SWDEV-` | SOLID principles, type safety, error handling, input validation |
|
|
630
631
|
| **Accessibility** | Accessibility (a11y) | `A11Y-` | WCAG compliance, screen reader support, keyboard navigation, ARIA |
|
|
631
632
|
| **API Design** | API Design & Contracts | `API-` | REST conventions, versioning, pagination, error responses |
|
|
632
633
|
| **Reliability** | Reliability & Resilience | `REL-` | Error handling, timeouts, retries, circuit breakers |
|
|
633
|
-
| **Observability** |
|
|
634
|
-
| **Performance** | Performance
|
|
635
|
-
| **Compliance** | Regulatory Compliance | `COMP-` | GDPR/CCPA, PII protection, consent, data retention, audit trails |
|
|
634
|
+
| **Observability** | Monitoring & Diagnostics | `OBS-` | Structured logging, health checks, metrics, tracing |
|
|
635
|
+
| **Performance** | Runtime Performance | `PERF-` | N+1 queries, sync I/O, caching, memory leaks |
|
|
636
|
+
| **Compliance** | Regulatory & License Compliance | `COMP-` | GDPR/CCPA, PII protection, consent, data retention, audit trails |
|
|
636
637
|
| **Data Sovereignty** | Data, Technological & Operational Sovereignty | `SOV-` | Data residency, cross-border transfers, vendor key management, AI model portability, identity federation, circuit breakers, audit trails, data export |
|
|
637
|
-
| **Testing** |
|
|
638
|
-
| **Documentation** | Documentation &
|
|
639
|
-
| **Internationalization** |
|
|
640
|
-
| **Dependency Health** |
|
|
641
|
-
| **Concurrency** | Concurrency &
|
|
642
|
-
| **Ethics & Bias** |
|
|
638
|
+
| **Testing** | Test Quality & Coverage | `TEST-` | Test coverage, assertions, test isolation, naming |
|
|
639
|
+
| **Documentation** | Documentation & Developer Experience | `DOC-` | JSDoc/docstrings, magic numbers, TODOs, code comments |
|
|
640
|
+
| **Internationalization** | i18n & Localization | `I18N-` | Hardcoded strings, locale handling, currency formatting |
|
|
641
|
+
| **Dependency Health** | Supply Chain & Dependencies | `DEPS-` | Version pinning, deprecated packages, supply chain |
|
|
642
|
+
| **Concurrency** | Concurrency & Thread Safety | `CONC-` | Race conditions, unbounded parallelism, missing await |
|
|
643
|
+
| **Ethics & Bias** | AI/ML Fairness & Ethics | `ETHICS-` | Demographic logic, dark patterns, inclusive language |
|
|
643
644
|
| **Maintainability** | Code Maintainability & Technical Debt | `MAINT-` | Any types, magic numbers, deep nesting, dead code, file length |
|
|
644
645
|
| **Error Handling** | Error Handling & Fault Tolerance | `ERR-` | Empty catch blocks, missing error handlers, swallowed errors |
|
|
645
646
|
| **Authentication** | Authentication & Authorization | `AUTH-` | Hardcoded creds, missing auth middleware, token in query params |
|
|
646
647
|
| **Database** | Database Design & Query Efficiency | `DB-` | SQL injection, N+1 queries, connection pooling, transactions |
|
|
647
648
|
| **Caching** | Caching Strategy & Data Freshness | `CACHE-` | Unbounded caches, missing TTL, no HTTP cache headers |
|
|
648
|
-
| **Configuration
|
|
649
|
-
| **Backwards
|
|
649
|
+
| **Configuration Management** | Configuration & Secrets Management | `CFG-` | Hardcoded secrets, missing env vars, config validation |
|
|
650
|
+
| **Backwards Compatibility** | Backwards Compatibility & Versioning | `COMPAT-` | API versioning, breaking changes, response consistency |
|
|
650
651
|
| **Portability** | Platform Portability & Vendor Independence | `PORTA-` | OS-specific paths, vendor lock-in, hardcoded hosts |
|
|
651
652
|
| **UX** | User Experience & Interface Quality | `UX-` | Loading states, error messages, pagination, destructive actions |
|
|
652
653
|
| **Logging Privacy** | Logging Privacy & Data Redaction | `LOGPRIV-` | PII in logs, token logging, structured logging, redaction |
|
|
653
654
|
| **Rate Limiting** | Rate Limiting & Throttling | `RATE-` | Missing rate limits, unbounded queries, backoff strategy |
|
|
654
655
|
| **CI/CD** | CI/CD Pipeline & Deployment Safety | `CICD-` | Test infrastructure, lint config, Docker tags, build scripts |
|
|
655
|
-
| **Code Structure** | Structural Analysis
|
|
656
|
+
| **Code Structure** | Structural Analysis | `STRUCT-` | Cyclomatic complexity, nesting depth, function length, dead code, type safety |
|
|
656
657
|
| **Agent Instructions** | Agent Instruction Markdown Quality & Safety | `AGENT-` | Instruction hierarchy, conflict detection, unsafe overrides, scope, validation, policy guidance |
|
|
657
|
-
| **AI Code Safety** | AI-Generated Code
|
|
658
|
-
| **Framework Safety** | Framework-Specific
|
|
658
|
+
| **AI Code Safety** | AI-Generated Code Quality & Security | `AICS-` | Prompt injection, insecure LLM output handling, debug defaults, missing validation, unsafe deserialization of AI responses |
|
|
659
|
+
| **Framework Safety** | Framework-Specific Security & Best Practices | `FW-` | React hooks ordering, Express middleware chains, Next.js SSR/SSG pitfalls, Angular/Vue lifecycle patterns, framework-specific anti-patterns |
|
|
659
660
|
| **IaC Security** | Infrastructure as Code | `IAC-` | Terraform, Bicep, ARM template misconfigurations, hardcoded secrets, missing encryption, overly permissive network/IAM rules |
|
|
661
|
+
| **Security** | General Security Posture | `SEC-` | Holistic security assessment — insecure data flows, weak cryptography, unsafe deserialization |
|
|
662
|
+
| **Hallucination Detection** | AI-Hallucinated API & Import Validation | `HALLU-` | Detects hallucinated APIs, fabricated imports, and non-existent modules from AI code generators |
|
|
663
|
+
| **Intent Alignment** | Code–Comment Alignment & Stub Detection | `INTENT-` | Detects mismatches between stated intent and implementation, placeholder stubs, TODO-only functions |
|
|
664
|
+
| **API Contract Conformance** | API Design & REST Best Practices | `API-` | API endpoint input validation, REST conformance, request/response contract consistency |
|
|
665
|
+
| **Multi-Turn Coherence** | Code Coherence & Consistency | `COH-` | Self-contradicting patterns, duplicate definitions, dead code, inconsistent naming |
|
|
666
|
+
| **Model Fingerprint Detection** | AI Code Provenance & Model Attribution | `MFPR-` | Detects stylistic fingerprints characteristic of specific AI code generators |
|
|
667
|
+
| **Over-Engineering** | Simplicity & Pragmatism | `OVER-` | Unnecessary abstractions, wrapper-mania, premature generalization, over-complex patterns |
|
|
660
668
|
| **False-Positive Review** | False Positive Detection & Finding Accuracy | `FPR-` | Meta-judge reviewing pattern-based findings for false positives: string literal context, comment/docstring matches, test scaffolding, IaC template gating |
|
|
669
|
+
<!-- JUDGES_TABLE_END -->
|
|
661
670
|
|
|
662
671
|
---
|
|
663
672
|
|
|
@@ -669,13 +678,13 @@ The tribunal operates in three layers:
|
|
|
669
678
|
|
|
670
679
|
2. **AST-Based Structural Analysis** — The Code Structure judge (`STRUCT-*` rules) uses real Abstract Syntax Tree parsing to measure cyclomatic complexity, nesting depth, function length, parameter count, dead code, and type safety with precision that regex cannot achieve. All supported languages — **TypeScript, JavaScript, Python, Rust, Go, Java, C#, and C++** — are parsed via **tree-sitter WASM grammars** (real syntax trees compiled to WebAssembly, in-process, zero native dependencies). A scope-tracking structural parser is kept as a fallback when WASM grammars are unavailable. No external AST server required.
|
|
671
680
|
|
|
672
|
-
3. **LLM-Powered Deep Analysis (Prompts)** — The server exposes MCP prompts (e.g., `judge-data-security`, `full-tribunal`) that provide each judge's expert persona as a system prompt. When used by an LLM-based client (Copilot, Claude, Cursor, etc.), the host LLM performs deeper, context-aware probabilistic analysis beyond what static patterns can detect. This is where the `systemPrompt` on each judge comes alive — Judges itself makes no LLM calls, but it provides the expert criteria so your AI assistant can act as
|
|
681
|
+
3. **LLM-Powered Deep Analysis (Prompts)** — The server exposes MCP prompts (e.g., `judge-data-security`, `full-tribunal`) that provide each judge's expert persona as a system prompt. When used by an LLM-based client (Copilot, Claude, Cursor, etc.), the host LLM performs deeper, context-aware probabilistic analysis beyond what static patterns can detect. This is where the `systemPrompt` on each judge comes alive — Judges itself makes no LLM calls, but it provides the expert criteria so your AI assistant can act as 44 specialized reviewers.
|
|
673
682
|
|
|
674
683
|
---
|
|
675
684
|
|
|
676
685
|
## Composable by Design
|
|
677
686
|
|
|
678
|
-
Judges Panel is a **dual-layer** review system: instant **deterministic tools** (offline, no API keys) for pattern and AST analysis, plus **
|
|
687
|
+
Judges Panel is a **dual-layer** review system: instant **deterministic tools** (offline, no API keys) for pattern and AST analysis, plus **44 expert-persona MCP prompts** that unlock LLM-powered deep analysis when connected to an AI client. It does not try to be a CVE scanner or a linter. Those capabilities belong in dedicated MCP servers that an AI agent can orchestrate alongside Judges.
|
|
679
688
|
|
|
680
689
|
### Built-in AST Analysis (v2.0.0+)
|
|
681
690
|
|
|
@@ -724,7 +733,7 @@ When your AI coding assistant connects to multiple MCP servers, each one contrib
|
|
|
724
733
|
|
|
725
734
|
| Layer | What It Does | Example Servers |
|
|
726
735
|
|-------|-------------|-----------------|
|
|
727
|
-
| **Judges Panel** |
|
|
736
|
+
| **Judges Panel** | 44-judge quality gate — security patterns, AST analysis, cost, scalability, a11y, compliance, sovereignty, ethics, dependency health, agent instruction governance, AI code safety, framework safety | This server |
|
|
728
737
|
| **CVE / SBOM** | Vulnerability scanning against live databases — known CVEs, license risks, supply chain | OSV, Snyk, Trivy, Grype MCP servers |
|
|
729
738
|
| **Linting** | Language-specific style and correctness rules | ESLint, Ruff, Clippy MCP servers |
|
|
730
739
|
| **Runtime Profiling** | Memory, CPU, latency measurement on running code | Custom profiling MCP servers |
|
|
@@ -878,7 +887,7 @@ Generated from https://github.com/microsoft/vscode on 2026-02-21T12:00:00.000Z.
|
|
|
878
887
|
List all available judges with their domains and descriptions.
|
|
879
888
|
|
|
880
889
|
### `evaluate_code`
|
|
881
|
-
Submit code to the **full judges panel**. all
|
|
890
|
+
Submit code to the **full judges panel**. all 44 judges evaluate independently and return a combined verdict.
|
|
882
891
|
|
|
883
892
|
| Parameter | Type | Required | Description |
|
|
884
893
|
|-----------|------|----------|-------------|
|
|
@@ -902,7 +911,7 @@ Submit code to a **specific judge** for targeted review.
|
|
|
902
911
|
| `config` | object | no | Inline configuration (see [Configuration](#configuration)) |
|
|
903
912
|
|
|
904
913
|
### `evaluate_project`
|
|
905
|
-
Submit multiple files for **project-level analysis**. all
|
|
914
|
+
Submit multiple files for **project-level analysis**. all 44 judges evaluate each file, plus cross-file architectural analysis detects code duplication, inconsistent error handling, and dependency cycles.
|
|
906
915
|
|
|
907
916
|
| Parameter | Type | Required | Description |
|
|
908
917
|
|-----------|------|----------|-------------|
|
|
@@ -913,7 +922,7 @@ Submit multiple files for **project-level analysis**. all 39 judges evaluate eac
|
|
|
913
922
|
| `config` | object | no | Inline configuration (see [Configuration](#configuration)) |
|
|
914
923
|
|
|
915
924
|
### `evaluate_diff`
|
|
916
|
-
Evaluate only the **changed lines** in a code diff. Runs all
|
|
925
|
+
Evaluate only the **changed lines** in a code diff. Runs all 44 judges on the full file but filters findings to lines you specify. Ideal for PR reviews and incremental analysis.
|
|
917
926
|
|
|
918
927
|
| Parameter | Type | Required | Description |
|
|
919
928
|
|-----------|------|----------|-------------|
|
|
@@ -944,6 +953,7 @@ Analyze a dependency manifest file for supply-chain risks, version pinning issue
|
|
|
944
953
|
|
|
945
954
|
Each judge has a corresponding prompt for LLM-powered deep analysis:
|
|
946
955
|
|
|
956
|
+
<!-- PROMPTS_TABLE_START -->
|
|
947
957
|
| Prompt | Description |
|
|
948
958
|
|--------|-------------|
|
|
949
959
|
| `judge-data-security` | Deep data security review |
|
|
@@ -982,8 +992,16 @@ Each judge has a corresponding prompt for LLM-powered deep analysis:
|
|
|
982
992
|
| `judge-ai-code-safety` | Deep review of AI-generated code risks: prompt injection, insecure LLM output handling, debug defaults, missing validation |
|
|
983
993
|
| `judge-framework-safety` | Deep review of framework-specific safety: React hooks, Express middleware, Next.js SSR/SSG, Angular/Vue patterns |
|
|
984
994
|
| `judge-iac-security` | Deep review of infrastructure-as-code security: Terraform, Bicep, ARM template misconfigurations |
|
|
995
|
+
| `judge-security` | Deep holistic security posture review: insecure data flows, weak cryptography, unsafe deserialization |
|
|
996
|
+
| `judge-hallucination-detection` | Deep review of AI-hallucinated APIs, fabricated imports, non-existent modules |
|
|
997
|
+
| `judge-intent-alignment` | Deep review of code–comment alignment, stub detection, placeholder functions |
|
|
998
|
+
| `judge-api-contract` | Deep review of API contract conformance, input validation, REST best practices |
|
|
999
|
+
| `judge-multi-turn-coherence` | Deep review of code coherence: self-contradictions, duplicate definitions, dead code |
|
|
1000
|
+
| `judge-model-fingerprint` | Deep review of AI code provenance and model attribution fingerprints |
|
|
1001
|
+
| `judge-over-engineering` | Deep review of unnecessary abstractions, wrapper-mania, premature generalization |
|
|
985
1002
|
| `judge-false-positive-review` | Meta-judge review of pattern-based findings for false positive detection and accuracy |
|
|
986
|
-
| `full-tribunal` | all
|
|
1003
|
+
| `full-tribunal` | all 44 judges in a single prompt |
|
|
1004
|
+
<!-- PROMPTS_TABLE_END -->
|
|
987
1005
|
|
|
988
1006
|
---
|
|
989
1007
|
|
|
@@ -1105,7 +1123,7 @@ Each judge scores the code from **0 to 100**:
|
|
|
1105
1123
|
- **WARNING** — Any high finding, any medium finding, or score < 80
|
|
1106
1124
|
- **PASS** — Score ≥ 80 with no critical, high, or medium findings
|
|
1107
1125
|
|
|
1108
|
-
The **overall tribunal score** is the average of all
|
|
1126
|
+
The **overall tribunal score** is the average of all 44 judges. The overall verdict fails if **any** judge fails.
|
|
1109
1127
|
|
|
1110
1128
|
---
|
|
1111
1129
|
|
|
@@ -1242,7 +1260,7 @@ judges/
|
|
|
1242
1260
|
| `judges config export` | Export config as shareable package |
|
|
1243
1261
|
| `judges config import <src>` | Import a shared configuration |
|
|
1244
1262
|
| `judges compare` | Compare judges against other code review tools |
|
|
1245
|
-
| `judges list` | List all
|
|
1263
|
+
| `judges list` | List all 44 judges with domains and descriptions |
|
|
1246
1264
|
|
|
1247
1265
|
---
|
|
1248
1266
|
|
package/dist/api.d.ts
CHANGED
|
@@ -35,7 +35,7 @@ export { fingerprintCode, fingerprintToFindings } from "./fingerprint.js";
|
|
|
35
35
|
export type { AiFingerprint, AiSignal } from "./fingerprint.js";
|
|
36
36
|
export { buildCalibrationProfile, calibrateFindings, autoCalibrateFindings } from "./calibration.js";
|
|
37
37
|
export type { CalibrationProfile } from "./calibration.js";
|
|
38
|
-
export { estimateFindingConfidence, estimateFindingConfidenceWithBasis, buildEvidenceChain } from "./scoring.js";
|
|
38
|
+
export { estimateFindingConfidence, estimateFindingConfidenceWithBasis, buildEvidenceChain, mapToOwaspLlmTop10, } from "./scoring.js";
|
|
39
39
|
export type { EvidenceChain, EvidenceStep } from "./types.js";
|
|
40
40
|
export { loadFixHistory, saveFixHistory, computeFixStats, recordFixAccepted, recordFixRejected, getFixAcceptanceRate, getLowAcceptanceRules, } from "./fix-history.js";
|
|
41
41
|
export type { FixOutcome, FixHistory, FixStats } from "./fix-history.js";
|
package/dist/api.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,OAAO,EACP,OAAO,EACP,KAAK,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,EACpB,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGpF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAIxE,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAGpG,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAGnG,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGlE,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAGjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,eAAe,EACf,aAAa,EACb,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC7G,YAAY,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAGxE,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAGlC,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGjF,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGhE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,OAAO,EACP,OAAO,EACP,KAAK,EACL,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,cAAc,EACd,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,eAAe,EACf,mBAAmB,EACnB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,EACpB,YAAY,EACZ,aAAa,EACb,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGpF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAIxE,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAGpG,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAGnG,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGlE,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAGjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAG1D,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,eAAe,EACf,aAAa,EACb,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,aAAa,GACd,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC7G,YAAY,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAGxE,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAGlC,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,UAAU,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGjF,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGhE,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG9D,OAAO,EACL,cAAc,EACd,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAGzE,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAG/G,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAG5F,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,eAAe,GAChB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EACV,UAAU,EACV,kBAAkB,EAClB,QAAQ,EACR,KAAK,EACL,UAAU,EACV,wBAAwB,GACzB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,EACb,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAGrF,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,sBAAsB,EACtB,8BAA8B,EAC9B,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AACjC,YAAY,EACV,eAAe,EACf,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,GACnB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,wBAAwB,GACzB,MAAM,4BAA4B,CAAC;AACpC,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGjG,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE/G,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAGnF,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC3G,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAG5F,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAChC,YAAY,EACV,eAAe,EACf,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,cAAc,GACf,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAC1G,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAG/E,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,mBAAmB,EACnB,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AACnC,YAAY,EAAE,cAAc,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEnG,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACvF,YAAY,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,YAAY,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGjD,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,0BAA0B,EAC1B,aAAa,EACb,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAKvG,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAInE;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,iBAAiB,GAAG,eAAe,CAEzG;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,eAAe,CAMjB;AAID,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AACtF,YAAY,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAI5E,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AACxF,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAI/D,MAAM,WAAW,SAAS;IACxB,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,OAAO,EAAE,eAAe,CAAC;IACzB,kCAAkC;IAClC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;;;GAUG;AACH,wBAAuB,mBAAmB,CACxC,KAAK,EAAE,SAAS,EAAE,EAClB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,cAAc,CAAC,oBAAoB,CAAC,CAMtC;AAED;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,SAAS,EAAE,EAClB,WAAW,SAAI,EACf,OAAO,CAAC,EAAE,iBAAiB,EAC3B,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,GACtD,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAmBjC;AAGD,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACtH,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/api.js
CHANGED
|
@@ -42,7 +42,7 @@ export { registerPlugin, unregisterPlugin, getRegisteredPlugins, getCustomRules,
|
|
|
42
42
|
export { fingerprintCode, fingerprintToFindings } from "./fingerprint.js";
|
|
43
43
|
// ─── Confidence Calibration ─────────────────────────────────────────────────
|
|
44
44
|
export { buildCalibrationProfile, calibrateFindings, autoCalibrateFindings } from "./calibration.js";
|
|
45
|
-
export { estimateFindingConfidence, estimateFindingConfidenceWithBasis, buildEvidenceChain } from "./scoring.js";
|
|
45
|
+
export { estimateFindingConfidence, estimateFindingConfidenceWithBasis, buildEvidenceChain, mapToOwaspLlmTop10, } from "./scoring.js";
|
|
46
46
|
// ─── Fix History / Learning ──────────────────────────────────────────────────
|
|
47
47
|
export { loadFixHistory, saveFixHistory, computeFixStats, recordFixAccepted, recordFixRejected, getFixAcceptanceRate, getLowAcceptanceRules, } from "./fix-history.js";
|
|
48
48
|
// ─── Patch Application ─────────────────────────────────────────────────────
|
package/dist/api.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiCH,gFAAgF;AAChF,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpF,gFAAgF;AAChF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAExE,gFAAgF;AAEhF,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,+EAA+E;AAC/E,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAEnG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,gFAAgF;AAChF,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAGhC,gFAAgF;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,+EAA+E;AAC/E,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAWhC,gFAAgF;AAChF,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,gFAAgF;AAChF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE7G,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,gFAAgF;AAChF,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AAGtB,+EAA+E;AAC/E,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAG1E,+EAA+E;AAC/E,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAErG,OAAO,
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiCH,gFAAgF;AAChF,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEpF,gFAAgF;AAChF,OAAO,EACL,WAAW,EACX,aAAa,EACb,YAAY,EACZ,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,sBAAsB,EACtB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAExE,gFAAgF;AAEhF,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,gCAAgC,EAChC,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,+EAA+E;AAC/E,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAEnG,gFAAgF;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAElE,gFAAgF;AAChF,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,EAChC,sBAAsB,EACtB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,wBAAwB,CAAC;AAGhC,gFAAgF;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,+EAA+E;AAC/E,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,eAAe,EACf,mBAAmB,EACnB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAWhC,gFAAgF;AAChF,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACtF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,gFAAgF;AAChF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE7G,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACrF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AAExE,gFAAgF;AAChF,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAElC,gFAAgF;AAChF,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,cAAc,EACd,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,GACb,MAAM,cAAc,CAAC;AAGtB,+EAA+E;AAC/E,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAG1E,+EAA+E;AAC/E,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAErG,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAGtB,gFAAgF;AAChF,OAAO,EACL,cAAc,EACd,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAG1B,8EAA8E;AAC9E,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,mBAAmB,EACnB,eAAe,EACf,aAAa,GACd,MAAM,mBAAmB,CAAC;AAG3B,+EAA+E;AAC/E,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,qBAAqB,EACrB,qBAAqB,EACrB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAG5B,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,eAAe,GAChB,MAAM,6BAA6B,CAAC;AAUrC,gFAAgF;AAChF,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,EACb,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAGzB,gFAAgF;AAChF,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,sBAAsB,EACtB,8BAA8B,EAC9B,sBAAsB,GACvB,MAAM,yBAAyB,CAAC;AAUjC,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,wBAAwB,GACzB,MAAM,4BAA4B,CAAC;AAGpC,gFAAgF;AAChF,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC/G,4EAA4E;AAC5E,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EAClB,iBAAiB,EACjB,YAAY,GACb,MAAM,sBAAsB,CAAC;AAG9B,+EAA+E;AAC/E,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAG3G,+EAA+E;AAC/E,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,cAAc,GACf,MAAM,wBAAwB,CAAC;AAUhC,+EAA+E;AAC/E,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAG1G,+EAA+E;AAC/E,OAAO,EACL,eAAe,EACf,yBAAyB,EACzB,mBAAmB,EACnB,QAAQ,EACR,cAAc,EACd,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,2BAA2B,CAAC;AAEnC,gFAAgF;AAChF,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAGvF,gFAAgF;AAChF,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAG9D,gFAAgF;AAChF,OAAO,EACL,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,0BAA0B,EAC1B,aAAa,EACb,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,WAAW,EACX,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAGhC,gFAAgF;AAEhF,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAGhF,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,QAAgB,EAAE,OAA2B;IACtF,OAAO,oBAAoB,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAClE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAe,EACf,IAAY,EACZ,QAAgB,EAChB,OAA2B;IAE3B,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,eAAe,CAAC,mBAAmB,OAAO,GAAG,EAAE,OAAO,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,iBAAiB,CAAC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,gFAAgF;AAEhF,OAAO,EAAE,6BAA6B,EAAE,MAAM,uCAAuC,CAAC;AAGtF,gFAAgF;AAEhF,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAuBxF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC,mBAAmB,CACxC,KAAkB,EAClB,OAA2B;IAE3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QACnF,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,KAAkB,EAClB,WAAW,GAAG,CAAC,EACf,OAA2B,EAC3B,UAAuD;IAEvD,MAAM,OAAO,GAA2B,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,UAAU,MAAM;QACnB,OAAO,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,OAAO,GAAG,oBAAoB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;YACnF,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YACpD,SAAS,EAAE,CAAC;YACZ,UAAU,EAAE,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,gFAAgF;AAChF,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,aAAa,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/cli.d.ts
CHANGED
|
@@ -29,6 +29,7 @@ interface CollectOptions {
|
|
|
29
29
|
exclude?: string[];
|
|
30
30
|
include?: string[];
|
|
31
31
|
maxFiles?: number;
|
|
32
|
+
sample?: boolean;
|
|
32
33
|
}
|
|
33
34
|
export declare function collectFiles(target: string, options?: CollectOptions): string[];
|
|
34
35
|
export declare function runCli(argv: string[]): Promise<void>;
|
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;GAmBG;AA4ZH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAcnD;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAQzE;AAiBD,UAAU,cAAc;IACtB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,GAAE,cAAmB,GAAG,MAAM,EAAE,CAwBnF;AA0QD,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA6hB1D"}
|
package/dist/cli.js
CHANGED
|
@@ -28,6 +28,7 @@ import { getJudge, getJudgeSummaries } from "./judges/index.js";
|
|
|
28
28
|
import { verdictToSarif } from "./formatters/sarif.js";
|
|
29
29
|
import { verdictToHtml } from "./formatters/html.js";
|
|
30
30
|
import { verdictToJUnit } from "./formatters/junit.js";
|
|
31
|
+
import { verdictToPdfHtml } from "./formatters/pdf.js";
|
|
31
32
|
import { verdictToCodeClimate } from "./formatters/codeclimate.js";
|
|
32
33
|
import { verdictToGitHubActions } from "./formatters/github-actions.js";
|
|
33
34
|
import { runReport } from "./commands/report.js";
|
|
@@ -117,6 +118,7 @@ function parseCliArgs(argv) {
|
|
|
117
118
|
maxFiles: undefined,
|
|
118
119
|
changedOnly: false,
|
|
119
120
|
explain: false,
|
|
121
|
+
sample: false,
|
|
120
122
|
};
|
|
121
123
|
// First non-flag arg is the command
|
|
122
124
|
let i = 2; // skip node + script
|
|
@@ -197,6 +199,9 @@ function parseCliArgs(argv) {
|
|
|
197
199
|
case "--max-files":
|
|
198
200
|
args.maxFiles = parseInt(argv[++i], 10);
|
|
199
201
|
break;
|
|
202
|
+
case "--sample":
|
|
203
|
+
args.sample = true;
|
|
204
|
+
break;
|
|
200
205
|
default:
|
|
201
206
|
// If it looks like a file path (not a flag), treat as --file
|
|
202
207
|
if (!arg.startsWith("-") && !args.file) {
|
|
@@ -247,7 +252,7 @@ USAGE:
|
|
|
247
252
|
EVAL OPTIONS:
|
|
248
253
|
--file, -f <path> File to evaluate (or pass as positional arg)
|
|
249
254
|
--language, -l <lang> Language override (auto-detected from extension)
|
|
250
|
-
--format, -o <fmt> Output: text, json, sarif, markdown, html, junit, codeclimate, github-actions
|
|
255
|
+
--format, -o <fmt> Output: text, json, sarif, markdown, html, pdf, junit, codeclimate, github-actions
|
|
251
256
|
--judge, -j <id> Run a single judge instead of the full tribunal
|
|
252
257
|
--fail-on-findings Exit with code 1 when verdict is fail
|
|
253
258
|
--baseline, -b <path> Suppress findings already in baseline file
|
|
@@ -261,6 +266,7 @@ EVAL OPTIONS:
|
|
|
261
266
|
--exclude, -x <glob> Exclude files matching glob pattern (repeatable)
|
|
262
267
|
--include, -i <glob> Only include files matching glob pattern (repeatable)
|
|
263
268
|
--max-files <n> Maximum number of files to analyze in directory mode
|
|
269
|
+
--sample Randomly sample files instead of taking first N (use with --max-files)
|
|
264
270
|
--no-color Disable colored output
|
|
265
271
|
--verbose Show detailed evaluation information
|
|
266
272
|
--quiet Suppress non-essential output
|
|
@@ -427,8 +433,15 @@ export function collectFiles(target, options = {}) {
|
|
|
427
433
|
return [resolved];
|
|
428
434
|
if (stat.isDirectory()) {
|
|
429
435
|
const files = [];
|
|
430
|
-
walkDir(resolved, resolved, files, options);
|
|
436
|
+
walkDir(resolved, resolved, files, { ...options, maxFiles: options.sample ? undefined : options.maxFiles });
|
|
431
437
|
if (options.maxFiles && files.length > options.maxFiles) {
|
|
438
|
+
if (options.sample) {
|
|
439
|
+
// Fisher-Yates shuffle then take first N
|
|
440
|
+
for (let i = files.length - 1; i > 0; i--) {
|
|
441
|
+
const j = Math.floor(Math.random() * (i + 1));
|
|
442
|
+
[files[i], files[j]] = [files[j], files[i]];
|
|
443
|
+
}
|
|
444
|
+
}
|
|
432
445
|
return files.slice(0, options.maxFiles);
|
|
433
446
|
}
|
|
434
447
|
return files;
|
|
@@ -554,9 +567,43 @@ function formatTextOutput(verdict) {
|
|
|
554
567
|
const name = evaluation.judgeName.padEnd(28);
|
|
555
568
|
const score = String(evaluation.score).padStart(3);
|
|
556
569
|
const findings = String(evaluation.findings.length).padStart(2);
|
|
557
|
-
|
|
570
|
+
const timing = evaluation.durationMs !== undefined ? ` ${evaluation.durationMs}ms` : "";
|
|
571
|
+
lines.push(` ${icon} ${name} ${score}/100 ${findings} finding(s)${timing}`);
|
|
558
572
|
}
|
|
559
573
|
lines.push("");
|
|
574
|
+
// Timing summary
|
|
575
|
+
if (verdict.timing) {
|
|
576
|
+
lines.push(` Total evaluation time: ${verdict.timing.totalMs}ms`);
|
|
577
|
+
const sorted = [...verdict.timing.perJudge].sort((a, b) => b.durationMs - a.durationMs);
|
|
578
|
+
const slowest = sorted.slice(0, 5);
|
|
579
|
+
if (slowest.length > 0) {
|
|
580
|
+
lines.push(" Slowest judges:");
|
|
581
|
+
for (const j of slowest) {
|
|
582
|
+
lines.push(` ${j.judgeName.padEnd(28)} ${j.durationMs}ms`);
|
|
583
|
+
}
|
|
584
|
+
}
|
|
585
|
+
lines.push("");
|
|
586
|
+
}
|
|
587
|
+
// Suppression metrics
|
|
588
|
+
if (verdict.suppressions && verdict.suppressions.length > 0) {
|
|
589
|
+
const supps = verdict.suppressions;
|
|
590
|
+
const byKind = { line: 0, "next-line": 0, block: 0, file: 0 };
|
|
591
|
+
const byRule = new Map();
|
|
592
|
+
for (const s of supps) {
|
|
593
|
+
byKind[s.kind] = (byKind[s.kind] || 0) + 1;
|
|
594
|
+
byRule.set(s.ruleId, (byRule.get(s.ruleId) ?? 0) + 1);
|
|
595
|
+
}
|
|
596
|
+
lines.push(` Suppressed Findings: ${supps.length}`);
|
|
597
|
+
const kinds = Object.entries(byKind)
|
|
598
|
+
.filter(([, v]) => v > 0)
|
|
599
|
+
.map(([k, v]) => `${k}: ${v}`);
|
|
600
|
+
lines.push(` By type: ${kinds.join(", ")}`);
|
|
601
|
+
const topRules = [...byRule.entries()].sort((a, b) => b[1] - a[1]).slice(0, 5);
|
|
602
|
+
if (topRules.length > 0) {
|
|
603
|
+
lines.push(` Top suppressed rules: ${topRules.map(([r, c]) => `${r} (${c})`).join(", ")}`);
|
|
604
|
+
}
|
|
605
|
+
lines.push("");
|
|
606
|
+
}
|
|
560
607
|
// Top findings
|
|
561
608
|
const allFindings = verdict.evaluations.flatMap((e) => e.findings);
|
|
562
609
|
const critical = allFindings.filter((f) => f.severity === "critical" || f.severity === "high");
|
|
@@ -804,8 +851,9 @@ export async function runCli(argv) {
|
|
|
804
851
|
}
|
|
805
852
|
// ─── Trend Command ───────────────────────────────────────────────────
|
|
806
853
|
if (args.command === "trend") {
|
|
807
|
-
const { loadSnapshotStore, computeTrend, formatTrendReport } = await import("./commands/snapshot.js");
|
|
808
|
-
const snapshotFile = argv
|
|
854
|
+
const { loadSnapshotStore, computeTrend, formatTrendReport, formatTrendReportHtml } = await import("./commands/snapshot.js");
|
|
855
|
+
const snapshotFile = argv.find((a, i) => i >= 3 && !a.startsWith("-")) || ".judges-snapshots.json";
|
|
856
|
+
const formatArg = argv.includes("--format") ? argv[argv.indexOf("--format") + 1] : "text";
|
|
809
857
|
const store = loadSnapshotStore(snapshotFile);
|
|
810
858
|
if (store.snapshots.length === 0) {
|
|
811
859
|
console.log("No snapshot data found. Run evaluations with --snapshot to collect trend data.");
|
|
@@ -813,7 +861,15 @@ export async function runCli(argv) {
|
|
|
813
861
|
}
|
|
814
862
|
else {
|
|
815
863
|
const report = computeTrend(store);
|
|
816
|
-
|
|
864
|
+
if (formatArg === "html") {
|
|
865
|
+
console.log(formatTrendReportHtml(report));
|
|
866
|
+
}
|
|
867
|
+
else if (formatArg === "json") {
|
|
868
|
+
console.log(JSON.stringify(report, null, 2));
|
|
869
|
+
}
|
|
870
|
+
else {
|
|
871
|
+
console.log(formatTrendReport(report));
|
|
872
|
+
}
|
|
817
873
|
}
|
|
818
874
|
process.exit(0);
|
|
819
875
|
}
|
|
@@ -851,6 +907,7 @@ export async function runCli(argv) {
|
|
|
851
907
|
exclude: excludePatterns,
|
|
852
908
|
include: includePatterns,
|
|
853
909
|
maxFiles: maxFilesLimit,
|
|
910
|
+
sample: args.sample,
|
|
854
911
|
});
|
|
855
912
|
// ── --changed-only: scope to git-changed files ──
|
|
856
913
|
if (args.changedOnly) {
|
|
@@ -984,6 +1041,19 @@ export async function runCli(argv) {
|
|
|
984
1041
|
};
|
|
985
1042
|
console.log(verdictToHtml(wrappedVerdict, resolvedPath || args.file));
|
|
986
1043
|
}
|
|
1044
|
+
else if (args.format === "pdf") {
|
|
1045
|
+
const wrappedForPdf = {
|
|
1046
|
+
overallVerdict: evaluation.verdict,
|
|
1047
|
+
overallScore: evaluation.score,
|
|
1048
|
+
summary: evaluation.summary,
|
|
1049
|
+
evaluations: [evaluation],
|
|
1050
|
+
findings: evaluation.findings,
|
|
1051
|
+
criticalCount: evaluation.findings.filter((f) => f.severity === "critical").length,
|
|
1052
|
+
highCount: evaluation.findings.filter((f) => f.severity === "high").length,
|
|
1053
|
+
timestamp: new Date().toISOString(),
|
|
1054
|
+
};
|
|
1055
|
+
console.log(verdictToPdfHtml(wrappedForPdf, resolvedPath || args.file));
|
|
1056
|
+
}
|
|
987
1057
|
else {
|
|
988
1058
|
console.log(formatSingleJudgeTextOutput(evaluation));
|
|
989
1059
|
}
|
|
@@ -1053,6 +1123,9 @@ export async function runCli(argv) {
|
|
|
1053
1123
|
else if (args.format === "html") {
|
|
1054
1124
|
console.log(verdictToHtml(verdict, resolvedPath || args.file));
|
|
1055
1125
|
}
|
|
1126
|
+
else if (args.format === "pdf") {
|
|
1127
|
+
console.log(verdictToPdfHtml(verdict, resolvedPath || args.file));
|
|
1128
|
+
}
|
|
1056
1129
|
else if (args.format === "junit") {
|
|
1057
1130
|
console.log(verdictToJUnit(verdict, resolvedPath || args.file));
|
|
1058
1131
|
}
|