npm - @kevinrabun/judges - Versions diffs - 3.37.0 → 3.40.0 - Mend

@kevinrabun/judges 3.37.0 → 3.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

package/CHANGELOG.md +77 -0
package/README.md +5 -4
package/dist/api.d.ts +5 -2
package/dist/api.d.ts.map +1 -1
package/dist/api.js +5 -1
package/dist/api.js.map +1 -1
package/dist/ast/structural-parser.js +3 -3
package/dist/ast/structural-parser.js.map +1 -1
package/dist/calibration.d.ts +35 -0
package/dist/calibration.d.ts.map +1 -1
package/dist/calibration.js +52 -0
package/dist/calibration.js.map +1 -1
package/dist/cli.d.ts.map +1 -1
package/dist/cli.js +307 -16
package/dist/cli.js.map +1 -1
package/dist/commands/benchmark-advanced.d.ts.map +1 -1
package/dist/commands/benchmark-advanced.js +38 -17
package/dist/commands/benchmark-advanced.js.map +1 -1
package/dist/commands/benchmark-ai-agents.js +1 -1
package/dist/commands/benchmark-ai-agents.js.map +1 -1
package/dist/commands/benchmark-ai-output.js +1 -1
package/dist/commands/benchmark-ai-output.js.map +1 -1
package/dist/commands/benchmark-compliance-ethics.js +4 -4
package/dist/commands/benchmark-compliance-ethics.js.map +1 -1
package/dist/commands/benchmark-expanded.js +2 -2
package/dist/commands/benchmark-expanded.js.map +1 -1
package/dist/commands/benchmark-languages.js +5 -5
package/dist/commands/benchmark-languages.js.map +1 -1
package/dist/commands/benchmark-quality-ops.js +3 -3
package/dist/commands/benchmark-quality-ops.js.map +1 -1
package/dist/commands/benchmark-security-deep.js +2 -2
package/dist/commands/benchmark-security-deep.js.map +1 -1
package/dist/commands/benchmark.d.ts +2 -1
package/dist/commands/benchmark.d.ts.map +1 -1
package/dist/commands/benchmark.js +100 -6
package/dist/commands/benchmark.js.map +1 -1
package/dist/commands/calibration-dashboard.d.ts.map +1 -1
package/dist/commands/calibration-dashboard.js +198 -0
package/dist/commands/calibration-dashboard.js.map +1 -1
package/dist/commands/calibration-share.d.ts +31 -0
package/dist/commands/calibration-share.d.ts.map +1 -0
package/dist/commands/calibration-share.js +183 -0
package/dist/commands/calibration-share.js.map +1 -0
package/dist/commands/compliance-report.d.ts +35 -0
package/dist/commands/compliance-report.d.ts.map +1 -0
package/dist/commands/compliance-report.js +162 -0
package/dist/commands/compliance-report.js.map +1 -0
package/dist/commands/diff.d.ts.map +1 -1
package/dist/commands/diff.js +8 -3
package/dist/commands/diff.js.map +1 -1
package/dist/commands/feedback-rules.d.ts +29 -0
package/dist/commands/feedback-rules.d.ts.map +1 -0
package/dist/commands/feedback-rules.js +174 -0
package/dist/commands/feedback-rules.js.map +1 -0
package/dist/commands/feedback.d.ts +12 -0
package/dist/commands/feedback.d.ts.map +1 -1
package/dist/commands/feedback.js +16 -0
package/dist/commands/feedback.js.map +1 -1
package/dist/commands/fix.d.ts.map +1 -1
package/dist/commands/fix.js +33 -1
package/dist/commands/fix.js.map +1 -1
package/dist/commands/governance.d.ts +32 -0
package/dist/commands/governance.d.ts.map +1 -0
package/dist/commands/governance.js +203 -0
package/dist/commands/governance.js.map +1 -0
package/dist/commands/help.d.ts +8 -0
package/dist/commands/help.d.ts.map +1 -0
package/dist/commands/help.js +303 -0
package/dist/commands/help.js.map +1 -0
package/dist/commands/hook.d.ts.map +1 -1
package/dist/commands/hook.js +17 -20
package/dist/commands/hook.js.map +1 -1
package/dist/commands/llm-benchmark.d.ts +119 -0
package/dist/commands/llm-benchmark.d.ts.map +1 -0
package/dist/commands/llm-benchmark.js +396 -0
package/dist/commands/llm-benchmark.js.map +1 -0
package/dist/commands/metrics-dashboard.d.ts +22 -0
package/dist/commands/metrics-dashboard.d.ts.map +1 -0
package/dist/commands/metrics-dashboard.js +335 -0
package/dist/commands/metrics-dashboard.js.map +1 -0
package/dist/commands/metrics.d.ts +58 -0
package/dist/commands/metrics.d.ts.map +1 -0
package/dist/commands/metrics.js +242 -0
package/dist/commands/metrics.js.map +1 -0
package/dist/commands/onboard.d.ts +13 -0
package/dist/commands/onboard.d.ts.map +1 -0
package/dist/commands/onboard.js +179 -0
package/dist/commands/onboard.js.map +1 -0
package/dist/commands/org-metrics.d.ts +24 -0
package/dist/commands/org-metrics.d.ts.map +1 -0
package/dist/commands/org-metrics.js +238 -0
package/dist/commands/org-metrics.js.map +1 -0
package/dist/commands/override.d.ts +62 -0
package/dist/commands/override.d.ts.map +1 -0
package/dist/commands/override.js +264 -0
package/dist/commands/override.js.map +1 -0
package/dist/commands/parity.d.ts +31 -0
package/dist/commands/parity.d.ts.map +1 -0
package/dist/commands/parity.js +213 -0
package/dist/commands/parity.js.map +1 -0
package/dist/commands/plugin-search.d.ts +40 -0
package/dist/commands/plugin-search.d.ts.map +1 -0
package/dist/commands/plugin-search.js +328 -0
package/dist/commands/plugin-search.js.map +1 -0
package/dist/commands/plugins.d.ts +13 -0
package/dist/commands/plugins.d.ts.map +1 -0
package/dist/commands/plugins.js +105 -0
package/dist/commands/plugins.js.map +1 -0
package/dist/commands/review.js +1 -1
package/dist/commands/review.js.map +1 -1
package/dist/commands/snapshot.d.ts +27 -0
package/dist/commands/snapshot.d.ts.map +1 -1
package/dist/commands/snapshot.js +99 -0
package/dist/commands/snapshot.js.map +1 -1
package/dist/commands/trace.d.ts +65 -0
package/dist/commands/trace.d.ts.map +1 -0
package/dist/commands/trace.js +246 -0
package/dist/commands/trace.js.map +1 -0
package/dist/commands/trust-ramp.d.ts +30 -0
package/dist/commands/trust-ramp.d.ts.map +1 -0
package/dist/commands/trust-ramp.js +190 -0
package/dist/commands/trust-ramp.js.map +1 -0
package/dist/config.d.ts +5 -0
package/dist/config.d.ts.map +1 -1
package/dist/config.js +65 -0
package/dist/config.js.map +1 -1
package/dist/data-adapter.d.ts +124 -0
package/dist/data-adapter.d.ts.map +1 -0
package/dist/data-adapter.js +213 -0
package/dist/data-adapter.js.map +1 -0
package/dist/evaluators/accessibility.js +1 -1
package/dist/evaluators/accessibility.js.map +1 -1
package/dist/evaluators/ai-code-safety.d.ts.map +1 -1
package/dist/evaluators/ai-code-safety.js +1 -4
package/dist/evaluators/ai-code-safety.js.map +1 -1
package/dist/evaluators/code-structure.d.ts.map +1 -1
package/dist/evaluators/code-structure.js +7 -16
package/dist/evaluators/code-structure.js.map +1 -1
package/dist/evaluators/compliance.js +1 -1
package/dist/evaluators/compliance.js.map +1 -1
package/dist/evaluators/concurrency.d.ts.map +1 -1
package/dist/evaluators/concurrency.js +7 -2
package/dist/evaluators/concurrency.js.map +1 -1
package/dist/evaluators/cost-effectiveness.js +1 -1
package/dist/evaluators/cost-effectiveness.js.map +1 -1
package/dist/evaluators/data-sovereignty.d.ts.map +1 -1
package/dist/evaluators/data-sovereignty.js +10 -3
package/dist/evaluators/data-sovereignty.js.map +1 -1
package/dist/evaluators/documentation.d.ts.map +1 -1
package/dist/evaluators/documentation.js +21 -2
package/dist/evaluators/documentation.js.map +1 -1
package/dist/evaluators/false-positive-review.js +9 -4
package/dist/evaluators/false-positive-review.js.map +1 -1
package/dist/evaluators/hallucination-detection.d.ts.map +1 -1
package/dist/evaluators/hallucination-detection.js +41 -0
package/dist/evaluators/hallucination-detection.js.map +1 -1
package/dist/evaluators/iac-security.d.ts.map +1 -1
package/dist/evaluators/iac-security.js +5 -3
package/dist/evaluators/iac-security.js.map +1 -1
package/dist/evaluators/index.d.ts.map +1 -1
package/dist/evaluators/index.js +64 -11
package/dist/evaluators/index.js.map +1 -1
package/dist/evaluators/intent-alignment.d.ts +4 -0
package/dist/evaluators/intent-alignment.d.ts.map +1 -1
package/dist/evaluators/intent-alignment.js +163 -0
package/dist/evaluators/intent-alignment.js.map +1 -1
package/dist/evaluators/internationalization.d.ts.map +1 -1
package/dist/evaluators/internationalization.js +46 -17
package/dist/evaluators/internationalization.js.map +1 -1
package/dist/evaluators/logic-review.d.ts.map +1 -1
package/dist/evaluators/logic-review.js +60 -33
package/dist/evaluators/logic-review.js.map +1 -1
package/dist/evaluators/maintainability.d.ts.map +1 -1
package/dist/evaluators/maintainability.js +82 -3
package/dist/evaluators/maintainability.js.map +1 -1
package/dist/evaluators/over-engineering.js +3 -3
package/dist/evaluators/over-engineering.js.map +1 -1
package/dist/evaluators/project.d.ts +12 -0
package/dist/evaluators/project.d.ts.map +1 -1
package/dist/evaluators/project.js +86 -0
package/dist/evaluators/project.js.map +1 -1
package/dist/evaluators/security.js +2 -2
package/dist/evaluators/security.js.map +1 -1
package/dist/evaluators/shared.d.ts.map +1 -1
package/dist/evaluators/shared.js +13 -1
package/dist/evaluators/shared.js.map +1 -1
package/dist/evaluators/ux.js +1 -1
package/dist/evaluators/ux.js.map +1 -1
package/dist/finding-lifecycle.d.ts +9 -0
package/dist/finding-lifecycle.d.ts.map +1 -1
package/dist/finding-lifecycle.js +15 -0
package/dist/finding-lifecycle.js.map +1 -1
package/dist/fix-history.d.ts +9 -0
package/dist/fix-history.d.ts.map +1 -1
package/dist/fix-history.js +15 -0
package/dist/fix-history.js.map +1 -1
package/dist/formatters/sarif.d.ts +3 -0
package/dist/formatters/sarif.d.ts.map +1 -1
package/dist/formatters/sarif.js +36 -12
package/dist/formatters/sarif.js.map +1 -1
package/dist/github-app.d.ts +16 -1
package/dist/github-app.d.ts.map +1 -1
package/dist/github-app.js +85 -2
package/dist/github-app.js.map +1 -1
package/dist/index.js +5 -0
package/dist/index.js.map +1 -1
package/dist/judge-registry.d.ts +157 -0
package/dist/judge-registry.d.ts.map +1 -0
package/dist/judge-registry.js +273 -0
package/dist/judge-registry.js.map +1 -0
package/dist/judges/accessibility.d.ts.map +1 -1
package/dist/judges/accessibility.js +4 -0
package/dist/judges/accessibility.js.map +1 -1
package/dist/judges/agent-instructions.d.ts.map +1 -1
package/dist/judges/agent-instructions.js +4 -0
package/dist/judges/agent-instructions.js.map +1 -1
package/dist/judges/ai-code-safety.d.ts.map +1 -1
package/dist/judges/ai-code-safety.js +4 -0
package/dist/judges/ai-code-safety.js.map +1 -1
package/dist/judges/api-contract.d.ts.map +1 -1
package/dist/judges/api-contract.js +4 -0
package/dist/judges/api-contract.js.map +1 -1
package/dist/judges/api-design.d.ts.map +1 -1
package/dist/judges/api-design.js +4 -0
package/dist/judges/api-design.js.map +1 -1
package/dist/judges/authentication.d.ts.map +1 -1
package/dist/judges/authentication.js +4 -0
package/dist/judges/authentication.js.map +1 -1
package/dist/judges/backwards-compatibility.d.ts.map +1 -1
package/dist/judges/backwards-compatibility.js +4 -0
package/dist/judges/backwards-compatibility.js.map +1 -1
package/dist/judges/caching.d.ts.map +1 -1
package/dist/judges/caching.js +4 -0
package/dist/judges/caching.js.map +1 -1
package/dist/judges/ci-cd.d.ts.map +1 -1
package/dist/judges/ci-cd.js +4 -0
package/dist/judges/ci-cd.js.map +1 -1
package/dist/judges/cloud-readiness.d.ts.map +1 -1
package/dist/judges/cloud-readiness.js +4 -0
package/dist/judges/cloud-readiness.js.map +1 -1
package/dist/judges/code-structure.d.ts.map +1 -1
package/dist/judges/code-structure.js +4 -0
package/dist/judges/code-structure.js.map +1 -1
package/dist/judges/compliance.d.ts.map +1 -1
package/dist/judges/compliance.js +4 -0
package/dist/judges/compliance.js.map +1 -1
package/dist/judges/concurrency.d.ts.map +1 -1
package/dist/judges/concurrency.js +4 -0
package/dist/judges/concurrency.js.map +1 -1
package/dist/judges/configuration-management.d.ts.map +1 -1
package/dist/judges/configuration-management.js +4 -0
package/dist/judges/configuration-management.js.map +1 -1
package/dist/judges/cost-effectiveness.d.ts.map +1 -1
package/dist/judges/cost-effectiveness.js +4 -0
package/dist/judges/cost-effectiveness.js.map +1 -1
package/dist/judges/cybersecurity.d.ts.map +1 -1
package/dist/judges/cybersecurity.js +4 -0
package/dist/judges/cybersecurity.js.map +1 -1
package/dist/judges/data-security.d.ts.map +1 -1
package/dist/judges/data-security.js +4 -0
package/dist/judges/data-security.js.map +1 -1
package/dist/judges/data-sovereignty.d.ts.map +1 -1
package/dist/judges/data-sovereignty.js +4 -0
package/dist/judges/data-sovereignty.js.map +1 -1
package/dist/judges/database.d.ts.map +1 -1
package/dist/judges/database.js +4 -0
package/dist/judges/database.js.map +1 -1
package/dist/judges/dependency-health.d.ts.map +1 -1
package/dist/judges/dependency-health.js +4 -0
package/dist/judges/dependency-health.js.map +1 -1
package/dist/judges/documentation.d.ts.map +1 -1
package/dist/judges/documentation.js +4 -0
package/dist/judges/documentation.js.map +1 -1
package/dist/judges/error-handling.d.ts.map +1 -1
package/dist/judges/error-handling.js +4 -0
package/dist/judges/error-handling.js.map +1 -1
package/dist/judges/ethics-bias.d.ts.map +1 -1
package/dist/judges/ethics-bias.js +4 -0
package/dist/judges/ethics-bias.js.map +1 -1
package/dist/judges/false-positive-review.d.ts.map +1 -1
package/dist/judges/false-positive-review.js +2 -0
package/dist/judges/false-positive-review.js.map +1 -1
package/dist/judges/framework-safety.d.ts.map +1 -1
package/dist/judges/framework-safety.js +4 -0
package/dist/judges/framework-safety.js.map +1 -1
package/dist/judges/hallucination-detection.d.ts.map +1 -1
package/dist/judges/hallucination-detection.js +4 -0
package/dist/judges/hallucination-detection.js.map +1 -1
package/dist/judges/iac-security.d.ts.map +1 -1
package/dist/judges/iac-security.js +4 -0
package/dist/judges/iac-security.js.map +1 -1
package/dist/judges/index.d.ts +59 -0
package/dist/judges/index.d.ts.map +1 -1
package/dist/judges/index.js +65 -189
package/dist/judges/index.js.map +1 -1
package/dist/judges/intent-alignment.d.ts.map +1 -1
package/dist/judges/intent-alignment.js +4 -0
package/dist/judges/intent-alignment.js.map +1 -1
package/dist/judges/internationalization.d.ts.map +1 -1
package/dist/judges/internationalization.js +4 -0
package/dist/judges/internationalization.js.map +1 -1
package/dist/judges/logging-privacy.d.ts.map +1 -1
package/dist/judges/logging-privacy.js +4 -0
package/dist/judges/logging-privacy.js.map +1 -1
package/dist/judges/logic-review.d.ts.map +1 -1
package/dist/judges/logic-review.js +4 -0
package/dist/judges/logic-review.js.map +1 -1
package/dist/judges/maintainability.d.ts.map +1 -1
package/dist/judges/maintainability.js +4 -0
package/dist/judges/maintainability.js.map +1 -1
package/dist/judges/model-fingerprint.d.ts.map +1 -1
package/dist/judges/model-fingerprint.js +4 -0
package/dist/judges/model-fingerprint.js.map +1 -1
package/dist/judges/multi-turn-coherence.d.ts.map +1 -1
package/dist/judges/multi-turn-coherence.js +4 -0
package/dist/judges/multi-turn-coherence.js.map +1 -1
package/dist/judges/observability.d.ts.map +1 -1
package/dist/judges/observability.js +4 -0
package/dist/judges/observability.js.map +1 -1
package/dist/judges/over-engineering.d.ts.map +1 -1
package/dist/judges/over-engineering.js +4 -0
package/dist/judges/over-engineering.js.map +1 -1
package/dist/judges/performance.d.ts.map +1 -1
package/dist/judges/performance.js +4 -0
package/dist/judges/performance.js.map +1 -1
package/dist/judges/portability.d.ts.map +1 -1
package/dist/judges/portability.js +4 -0
package/dist/judges/portability.js.map +1 -1
package/dist/judges/rate-limiting.d.ts.map +1 -1
package/dist/judges/rate-limiting.js +4 -0
package/dist/judges/rate-limiting.js.map +1 -1
package/dist/judges/reliability.d.ts.map +1 -1
package/dist/judges/reliability.js +4 -0
package/dist/judges/reliability.js.map +1 -1
package/dist/judges/scalability.d.ts.map +1 -1
package/dist/judges/scalability.js +4 -0
package/dist/judges/scalability.js.map +1 -1
package/dist/judges/security.d.ts.map +1 -1
package/dist/judges/security.js +4 -0
package/dist/judges/security.js.map +1 -1
package/dist/judges/software-practices.d.ts.map +1 -1
package/dist/judges/software-practices.js +4 -0
package/dist/judges/software-practices.js.map +1 -1
package/dist/judges/testing.d.ts.map +1 -1
package/dist/judges/testing.js +4 -0
package/dist/judges/testing.js.map +1 -1
package/dist/judges/ux.d.ts.map +1 -1
package/dist/judges/ux.js +4 -0
package/dist/judges/ux.js.map +1 -1
package/dist/plugins.d.ts +8 -51
package/dist/plugins.d.ts.map +1 -1
package/dist/plugins.js +16 -125
package/dist/plugins.js.map +1 -1
package/dist/security-ids.d.ts +24 -0
package/dist/security-ids.d.ts.map +1 -0
package/dist/security-ids.js +240 -0
package/dist/security-ids.js.map +1 -0
package/dist/tools/prompts.d.ts +4 -0
package/dist/tools/prompts.d.ts.map +1 -1
package/dist/tools/prompts.js +6 -4
package/dist/tools/prompts.js.map +1 -1
package/dist/tools/register-scaffold.d.ts +3 -0
package/dist/tools/register-scaffold.d.ts.map +1 -0
package/dist/tools/register-scaffold.js +399 -0
package/dist/tools/register-scaffold.js.map +1 -0
package/dist/tools/register.d.ts +1 -1
package/dist/tools/register.d.ts.map +1 -1
package/dist/tools/register.js +3 -1
package/dist/tools/register.js.map +1 -1
package/dist/types.d.ts +75 -0
package/dist/types.d.ts.map +1 -1
package/package.json +3 -2
package/server.json +2 -2

package/dist/cli.js CHANGED Viewed

@@ -42,6 +42,8 @@ import { generateGitLabCi, generateAzurePipelines, generateBitbucketPipelines }
 import { getPreset, listPresets, composePresets } from "./presets.js";
 import { parseConfig } from "./config.js";
 import { applyPatches } from "./commands/fix.js";
+import { DiskCache } from "./disk-cache.js";
+import { contentHash } from "./cache.js";
 import { runFeedback } from "./commands/feedback.js";
 import { runBenchmark } from "./commands/benchmark.js";
 import { runRule } from "./commands/rule.js";
@@ -50,6 +52,7 @@ import { runConfig } from "./commands/config-share.js";
 import { runDoctor } from "./commands/doctor.js";
 import { runTriage } from "./commands/triage.js";
 import { formatComparisonReport, formatFullComparisonMatrix, TOOL_PROFILES } from "./comparison.js";
+import { runOverride, loadOverrideStore, applyOverrides } from "./commands/override.js";
 // ─── Language Detection from Extension ──────────────────────────────────────
 const EXT_TO_LANG = {
     ".ts": "typescript",
@@ -117,8 +120,12 @@ function parseCliArgs(argv) {
         include: [],
         maxFiles: undefined,
         changedOnly: false,
+        stagedOnly: false,
         explain: false,
         sample: false,
+        trace: false,
+        incremental: false,
+        noCache: false,
     };
     // First non-flag arg is the command
     let i = 2; // skip node + script
@@ -185,6 +192,9 @@ function parseCliArgs(argv) {
             case "--changed-only":
                 args.changedOnly = true;
                 break;
+            case "--staged-only":
+                args.stagedOnly = true;
+                break;
             case "--explain":
                 args.explain = true;
                 break;
@@ -202,6 +212,15 @@ function parseCliArgs(argv) {
             case "--sample":
                 args.sample = true;
                 break;
+            case "--trace":
+                args.trace = true;
+                break;
+            case "--incremental":
+                args.incremental = true;
+                break;
+            case "--no-cache":
+                args.noCache = true;
+                break;
             default:
                 // If it looks like a file path (not a flag), treat as --file
                 if (!arg.startsWith("-") && !args.file) {
@@ -273,6 +292,7 @@ EVAL OPTIONS:
   --fix                      Auto-fix findings after evaluation (applies patches in-place)
   --changed-only             Only evaluate files changed since last commit (uses git diff)
   --explain                  Enrich findings with OWASP/CWE learning context
+  --trace                    Show detailed decision trace for every finding
   --help, -h                 Show this help
 FIX OPTIONS:
@@ -526,6 +546,23 @@ function getGitChangedFiles(cwd) {
         return [];
     }
 }
+function getStagedFiles(cwd) {
+    try {
+        const resolvedCwd = resolve(cwd);
+        const output = execSync("git diff --cached --name-only --diff-filter=ACM", {
+            cwd: resolvedCwd,
+            encoding: "utf-8",
+            stdio: ["pipe", "pipe", "pipe"],
+        }).trim();
+        return output
+            .split("\n")
+            .filter(Boolean)
+            .map((f) => resolve(resolvedCwd, f));
+    }
+    catch {
+        return [];
+    }
+}
 // ─── Format Output ──────────────────────────────────────────────────────────
 function formatTribunalOutput(verdict, format, filePath) {
     switch (format) {
@@ -613,10 +650,33 @@ function formatTextOutput(verdict) {
         lines.push("  " + "─".repeat(60));
         for (const f of critical.slice(0, 20)) {
             const fixTag = f.patch ? " 🔧" : "";
-            lines.push(`  [${f.severity.toUpperCase().padEnd(8)}] ${f.ruleId}: ${f.title}${fixTag}`);
+            const confTag = f.confidence !== undefined ? ` (${Math.round(f.confidence * 100)}% confidence)` : "";
+            lines.push(`  [${f.severity.toUpperCase().padEnd(8)}] ${f.ruleId}: ${f.title}${fixTag}${confTag}`);
             if (f.lineNumbers && f.lineNumbers.length > 0) {
                 lines.push(`             Line ${f.lineNumbers[0]}: ${f.description.slice(0, 100)}`);
             }
+            if (f.provenance) {
+                lines.push(`             Evidence: ${f.provenance}`);
+            }
+            if (f.evidenceBasis) {
+                lines.push(`             Basis: ${f.evidenceBasis}`);
+            }
+            if (f.evidenceChain && f.evidenceChain.steps.length > 0) {
+                lines.push(`             Impact: ${f.evidenceChain.impactStatement}`);
+                for (const step of f.evidenceChain.steps.slice(0, 3)) {
+                    const loc = step.line ? ` (L${step.line})` : "";
+                    lines.push(`               → [${step.source}]${loc} ${step.observation}`);
+                }
+            }
+            if (f.cweIds && f.cweIds.length > 0) {
+                lines.push(`             CWE: ${f.cweIds.join(", ")}`);
+            }
+            if (f.owaspLlmTop10) {
+                lines.push(`             OWASP LLM: ${f.owaspLlmTop10}`);
+            }
+            if (f.learnMoreUrl) {
+                lines.push(`             📖 Learn more: ${f.learnMoreUrl}`);
+            }
         }
         if (critical.length > 20) {
             lines.push(`  ... and ${critical.length - 20} more critical/high findings`);
@@ -650,13 +710,23 @@ function formatSingleJudgeTextOutput(evaluation) {
     lines.push(`  Findings : ${evaluation.findings.length}`);
     lines.push("");
     for (const f of evaluation.findings) {
-        lines.push(`  [${f.severity.toUpperCase().padEnd(8)}] ${f.ruleId}: ${f.title}`);
+        const confTag = f.confidence !== undefined ? ` (${Math.round(f.confidence * 100)}%)` : "";
+        lines.push(`  [${f.severity.toUpperCase().padEnd(8)}] ${f.ruleId}: ${f.title}${confTag}`);
         if (f.lineNumbers && f.lineNumbers.length > 0) {
             lines.push(`             Line ${f.lineNumbers[0]}: ${f.description.slice(0, 120)}`);
         }
+        if (f.provenance) {
+            lines.push(`             Evidence: ${f.provenance}`);
+        }
+        if (f.evidenceChain && f.evidenceChain.steps.length > 0) {
+            lines.push(`             Impact: ${f.evidenceChain.impactStatement}`);
+        }
         if (f.suggestedFix) {
             lines.push(`             Fix: ${f.suggestedFix.slice(0, 120)}`);
         }
+        if (f.learnMoreUrl) {
+            lines.push(`             📖 ${f.learnMoreUrl}`);
+        }
     }
     lines.push("");
     return lines.join("\n");
@@ -782,6 +852,50 @@ export async function runCli(argv) {
         runFeedback(argv);
         return;
     }
+    // ─── Override Command ─────────────────────────────────────────────────
+    if (args.command === "override") {
+        runOverride(argv);
+        return;
+    }
+    // ─── Feedback-Rules Command ───────────────────────────────────────────
+    if (args.command === "feedback-rules") {
+        const { runFeedbackRules } = await import("./commands/feedback-rules.js");
+        runFeedbackRules(argv);
+        return;
+    }
+    // ─── Governance Command ───────────────────────────────────────────────
+    if (args.command === "governance") {
+        const { runGovernance } = await import("./commands/governance.js");
+        runGovernance(argv);
+        return;
+    }
+    // ─── Parity Command ──────────────────────────────────────────────────
+    if (args.command === "parity") {
+        const { runParity } = await import("./commands/parity.js");
+        runParity(argv);
+        return;
+    }
+    // ─── Compliance-Report Command ────────────────────────────────────────
+    if (args.command === "compliance-report") {
+        const { buildComplianceReport, formatComplianceReportText } = await import("./commands/compliance-report.js");
+        const target = args.file || ".";
+        const code = args.file ? (await import("fs")).readFileSync(args.file, "utf-8") : "";
+        let findings = [];
+        if (code) {
+            const lang = detectLanguage(args.file) || "typescript";
+            const result = evaluateWithTribunal(code, lang);
+            findings = result.findings;
+        }
+        const framework = argv.find((a, i) => argv[i - 1] === "--framework") || undefined;
+        const report = buildComplianceReport(target, findings, framework);
+        if (argv.includes("--json")) {
+            console.log(JSON.stringify(report, null, 2));
+        }
+        else {
+            console.log(formatComplianceReportText(report));
+        }
+        return;
+    }
     // ─── Triage Command ───────────────────────────────────────────────────
     if (args.command === "triage") {
         runTriage(argv);
@@ -837,6 +951,12 @@ export async function runCli(argv) {
         await runCommunityPatterns(argv);
         process.exit(0);
     }
+    // ─── Calibration Share Command ───────────────────────────────────────
+    if (args.command === "calibration-share") {
+        const { runCalibrationShare } = await import("./commands/calibration-share.js");
+        runCalibrationShare(argv);
+        process.exit(0);
+    }
     // ─── Compare Command ─────────────────────────────────────────────────
     if (args.command === "compare") {
         const toolName = argv[3];
@@ -856,9 +976,11 @@ export async function runCli(argv) {
     }
     // ─── Trend Command ───────────────────────────────────────────────────
     if (args.command === "trend") {
-        const { loadSnapshotStore, computeTrend, formatTrendReport, formatTrendReportHtml } = await import("./commands/snapshot.js");
-        const snapshotFile = argv.find((a, i) => i >= 3 && !a.startsWith("-")) || ".judges-snapshots.json";
+        const { loadSnapshotStore, computeTrend, formatTrendReport, formatTrendReportHtml, detectRegressions, formatRegressionAlerts, } = await import("./commands/snapshot.js");
+        const snapshotFile = argv.find((a, i) => i >= 3 && !a.startsWith("-") && !["html", "json", "text"].includes(a)) ||
+            ".judges-snapshots.json";
         const formatArg = argv.includes("--format") ? argv[argv.indexOf("--format") + 1] : "text";
+        const outputArg = argv.includes("--output") ? argv[argv.indexOf("--output") + 1] : undefined;
         const store = loadSnapshotStore(snapshotFile);
         if (store.snapshots.length === 0) {
             console.log("No snapshot data found. Run evaluations with --snapshot to collect trend data.");
@@ -866,14 +988,30 @@ export async function runCli(argv) {
         }
         else {
             const report = computeTrend(store);
+            let output;
             if (formatArg === "html") {
-                console.log(formatTrendReportHtml(report));
+                output = formatTrendReportHtml(report);
             }
             else if (formatArg === "json") {
-                console.log(JSON.stringify(report, null, 2));
+                output = JSON.stringify(report, null, 2);
+            }
+            else {
+                output = formatTrendReport(report);
+            }
+            if (outputArg) {
+                writeFileSync(outputArg, output, "utf-8");
+                console.log(`  ✅ Trend report written to ${outputArg}`);
             }
             else {
-                console.log(formatTrendReport(report));
+                console.log(output);
+            }
+            // Regression alerts
+            const regressions = detectRegressions(store);
+            if (regressions.length > 0) {
+                console.log(formatRegressionAlerts(regressions));
+                if (args.failOnFindings && regressions.some((r) => r.severity === "error")) {
+                    process.exit(1);
+                }
             }
         }
         process.exit(0);
@@ -884,6 +1022,54 @@ export async function runCli(argv) {
         runScaffoldPlugin(argv);
         process.exit(0);
     }
+    // ─── Plugin Search Command ───────────────────────────────────────────
+    if (args.command === "plugin") {
+        const { runPluginSearch } = await import("./commands/plugin-search.js");
+        runPluginSearch(argv);
+        process.exit(0);
+    }
+    // ─── Trust Ramp Command ──────────────────────────────────────────────
+    if (args.command === "trust-ramp") {
+        const { runTrustRamp } = await import("./commands/trust-ramp.js");
+        runTrustRamp(argv);
+        process.exit(0);
+    }
+    // ─── Metrics Command ────────────────────────────────────────────────
+    if (args.command === "metrics") {
+        const { runMetrics } = await import("./commands/metrics.js");
+        runMetrics(argv);
+        process.exit(0);
+    }
+    // ─── Metrics Dashboard Command ────────────────────────────────────────
+    if (args.command === "metrics-dashboard") {
+        const { runMetricsDashboard } = await import("./commands/metrics-dashboard.js");
+        runMetricsDashboard(argv);
+        process.exit(0);
+    }
+    // ─── Help Command ────────────────────────────────────────────────────
+    if (args.command === "help") {
+        const { runHelp } = await import("./commands/help.js");
+        runHelp(argv);
+        process.exit(0);
+    }
+    // ─── Onboard Command ─────────────────────────────────────────────────
+    if (args.command === "onboard") {
+        const { runOnboard } = await import("./commands/onboard.js");
+        await runOnboard(argv);
+        process.exit(0);
+    }
+    // ─── Org Metrics Command ──────────────────────────────────────────────
+    if (args.command === "org-metrics") {
+        const { runOrgMetrics } = await import("./commands/org-metrics.js");
+        runOrgMetrics(argv);
+        process.exit(0);
+    }
+    // ─── Plugins Command ──────────────────────────────────────────────────
+    if (args.command === "plugins") {
+        const { runPlugins } = await import("./commands/plugins.js");
+        runPlugins(argv);
+        process.exit(0);
+    }
     // ─── List Command ────────────────────────────────────────────────────
     if (args.command === "list") {
         listJudges();
@@ -920,6 +1106,12 @@ export async function runCli(argv) {
                 const changedSet = new Set(changedFiles.map((f) => resolve(f)));
                 files = files.filter((f) => changedSet.has(resolve(f)));
             }
+            // ── --staged-only: scope to git-staged files ──
+            if (args.stagedOnly) {
+                const stagedFiles = getStagedFiles(target);
+                const stagedSet = new Set(stagedFiles.map((f) => resolve(f)));
+                files = files.filter((f) => stagedSet.has(resolve(f)));
+            }
             if (files.length === 0) {
                 console.error(`No supported source files found in: ${target}${args.changedOnly ? " (changed-only)" : ""}`);
                 process.exit(1);
@@ -933,6 +1125,9 @@ export async function runCli(argv) {
             let failCount = 0;
             let totalFixed = 0;
             let totalFixable = 0;
+            let cacheHits = 0;
+            // Incremental evaluation: use disk cache to skip unchanged files
+            const diskCache = args.noCache ? undefined : new DiskCache();
             for (let idx = 0; idx < files.length; idx++) {
                 const filePath = files[idx];
                 const relPath = relative(resolve("."), filePath);
@@ -941,7 +1136,21 @@ export async function runCli(argv) {
                 }
                 const fileCode = readFileSync(filePath, "utf-8");
                 const fileLang = args.language || detectLanguage(filePath) || "typescript";
-                const verdict = evaluateWithTribunal(fileCode, fileLang, undefined, evalOptions);
+                // Check disk cache for incremental mode (always when cache available)
+                const hash = contentHash(fileCode, fileLang);
+                let verdict;
+                if (diskCache) {
+                    verdict = diskCache.get(hash);
+                }
+                if (verdict) {
+                    cacheHits++;
+                }
+                else {
+                    verdict = evaluateWithTribunal(fileCode, fileLang, undefined, evalOptions);
+                    if (diskCache) {
+                        diskCache.set(hash, verdict, relPath);
+                    }
+                }
                 // Apply baseline suppression
                 if (loadedBaseline) {
                     for (const evaluation of verdict.evaluations) {
@@ -949,6 +1158,18 @@ export async function runCli(argv) {
                     }
                     verdict.findings = verdict.findings.filter((f) => !isBaselined(f, loadedBaseline, fileCode, relPath));
                 }
+                // Apply override suppressions for multi-file mode
+                {
+                    const overrideStore = loadOverrideStore();
+                    if (overrideStore.overrides.length > 0) {
+                        for (const evaluation of verdict.evaluations) {
+                            const result = applyOverrides(evaluation.findings, overrideStore, relPath);
+                            evaluation.findings = result.active;
+                        }
+                        const topResult = applyOverrides(verdict.findings, overrideStore, relPath);
+                        verdict.findings = topResult.active;
+                    }
+                }
                 const fileFindings = verdict.evaluations.reduce((s, e) => s + e.findings.length, 0);
                 const fileFixable = verdict.evaluations.reduce((s, e) => s + e.findings.filter((f) => f.patch).length, 0);
                 totalFindings += fileFindings;
@@ -996,6 +1217,9 @@ export async function runCli(argv) {
             if (args.fix && totalFixed > 0) {
                 console.log(`  Fixed    : ${totalFixed} patch(es) applied`);
             }
+            if (cacheHits > 0) {
+                console.log(`  Cached   : ${cacheHits} file(s) unchanged (skipped re-evaluation)`);
+            }
             console.log(`  Time     : ${elapsed}ms`);
             console.log("");
             if (args.failOnFindings && failCount > 0)
@@ -1069,6 +1293,27 @@ export async function runCli(argv) {
             if (args.verbose) {
                 console.log(`  ⏱  Evaluated in ${elapsed}ms`);
             }
+            // Trace output — show pipeline decision trace
+            if (args.trace) {
+                const { buildEvaluationTrace, formatTraceText } = await import("./commands/trace.js");
+                const wrappedForTrace = {
+                    overallVerdict: evaluation.verdict,
+                    overallScore: evaluation.score,
+                    summary: evaluation.summary,
+                    evaluations: [evaluation],
+                    findings: evaluation.findings,
+                    criticalCount: evaluation.findings.filter((f) => f.severity === "critical").length,
+                    highCount: evaluation.findings.filter((f) => f.severity === "high").length,
+                    timestamp: new Date().toISOString(),
+                };
+                const trace = buildEvaluationTrace(wrappedForTrace, resolvedPath || args.file, language);
+                if (args.format === "json") {
+                    console.log(JSON.stringify(trace, null, 2));
+                }
+                else {
+                    console.log(formatTraceText(trace));
+                }
+            }
             // Exit code — fail-on-findings or min-score
             if (args.failOnFindings && evaluation.verdict === "fail")
                 process.exit(1);
@@ -1117,6 +1362,22 @@ export async function runCli(argv) {
                 }
                 verdict.findings = filterBySeverity(verdict.findings, evalConfig.minSeverity);
             }
+            // Apply override suppressions
+            {
+                const overrideStore = loadOverrideStore();
+                if (overrideStore.overrides.length > 0) {
+                    const fileSrc = resolvedPath || args.file;
+                    for (const evaluation of verdict.evaluations) {
+                        const result = applyOverrides(evaluation.findings, overrideStore, fileSrc);
+                        evaluation.findings = result.active;
+                    }
+                    const topResult = applyOverrides(verdict.findings, overrideStore, fileSrc);
+                    verdict.findings = topResult.active;
+                    if (topResult.overridden.length > 0 && !args.quiet) {
+                        console.log(`  ℹ️  ${topResult.overridden.length} finding(s) suppressed by overrides`);
+                    }
+                }
+            }
             // Enrich with learning context when --explain is set
             if (args.explain) {
                 for (const evaluation of verdict.evaluations) {
@@ -1149,6 +1410,17 @@ export async function runCli(argv) {
                 console.log(`  ⏱  Evaluated in ${elapsed}ms`);
                 console.log(`  📊 ${verdict.evaluations.length} judges, ${verdict.findings.length} total findings`);
             }
+            // Trace output — show pipeline decision trace
+            if (args.trace) {
+                const { buildEvaluationTrace, formatTraceText } = await import("./commands/trace.js");
+                const trace = buildEvaluationTrace(verdict, resolvedPath || args.file, language);
+                if (args.format === "json") {
+                    console.log(JSON.stringify(trace, null, 2));
+                }
+                else {
+                    console.log(formatTraceText(trace));
+                }
+            }
             // Exit code — fail-on-findings or min-score
             if (args.failOnFindings && verdict.overallVerdict === "fail")
                 process.exit(1);
@@ -1380,18 +1652,37 @@ function enrichWithExplanations(findings) {
     return findings.map((f) => {
         const prefix = f.ruleId.replace(/-\d+$/, "");
         const ctx = RULE_PREFIX_CONTEXT[prefix];
-        if (!ctx)
-            return f;
         const parts = [f.description];
-        if (ctx.owasp)
-            parts.push(`\n📚 OWASP: ${ctx.owasp}`);
-        if (ctx.cwe)
-            parts.push(`CWE: ${ctx.cwe}`);
-        parts.push(`💡 ${ctx.learn}`);
+        // Layer 2: evidence-based explanation
+        if (f.confidence !== undefined) {
+            parts.push(`\n🎯 Confidence: ${Math.round(f.confidence * 100)}%`);
+        }
+        if (f.provenance) {
+            parts.push(`🔍 Detection: ${f.provenance}`);
+        }
+        if (f.evidenceBasis) {
+            parts.push(`📊 Evidence: ${f.evidenceBasis}`);
+        }
+        if (f.evidenceChain && f.evidenceChain.steps.length > 0) {
+            parts.push(`\n⚡ Why this matters: ${f.evidenceChain.impactStatement}`);
+            parts.push("   Evidence chain:");
+            for (const step of f.evidenceChain.steps.slice(0, 5)) {
+                const loc = step.line ? ` (L${step.line})` : "";
+                parts.push(`   → [${step.source}]${loc} ${step.observation}`);
+            }
+        }
+        // Layer 1: OWASP/CWE reference context
+        if (ctx) {
+            if (ctx.owasp)
+                parts.push(`\n📚 OWASP: ${ctx.owasp}`);
+            if (ctx.cwe)
+                parts.push(`CWE: ${ctx.cwe}`);
+            parts.push(`💡 ${ctx.learn}`);
+        }
         return {
             ...f,
             description: parts.join("  "),
-            reference: f.reference || [ctx.owasp, ctx.cwe].filter(Boolean).join(" / ") || f.reference,
+            reference: f.reference || (ctx ? [ctx.owasp, ctx.cwe].filter(Boolean).join(" / ") : undefined) || f.reference,
         };
     });
 }