@kevinrabun/judges 3.38.0 → 3.40.0

package/dist/security-ids.js

@@ -0,0 +1,240 @@
+/**
+ * CWE / OWASP Rule Mapping — Structured Security Identifiers
+ *
+ * Maps rule prefixes and specific rule IDs to CWE and OWASP identifiers.
+ * These are attached to findings so downstream tools (SARIF viewers,
+ * compliance dashboards, etc.) can cross-reference industry standards.
+ */
+/**
+ * Prefix-level mappings — applies to all rules under a judge.
+ */
+const PREFIX_MAP = {
+    SEC: {
+        cweIds: ["CWE-79", "CWE-89"],
+        owaspIds: ["A03:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A03_2021-Injection/",
+    },
+    AUTH: {
+        cweIds: ["CWE-287", "CWE-798"],
+        owaspIds: ["A07:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/",
+    },
+    CRYPTO: {
+        cweIds: ["CWE-327", "CWE-328"],
+        owaspIds: ["A02:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A02_2021-Cryptographic_Failures/",
+    },
+    DATA: {
+        cweIds: ["CWE-200", "CWE-312", "CWE-798"],
+        owaspIds: ["A02:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A02_2021-Cryptographic_Failures/",
+    },
+    CYBER: {
+        cweIds: ["CWE-284", "CWE-269"],
+        owaspIds: ["A01:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A01_2021-Broken_Access_Control/",
+    },
+    INJ: {
+        cweIds: ["CWE-89", "CWE-78"],
+        owaspIds: ["A03:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A03_2021-Injection/",
+    },
+    XSS: {
+        cweIds: ["CWE-79"],
+        owaspIds: ["A03:2021"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html",
+    },
+    SSRF: {
+        cweIds: ["CWE-918"],
+        owaspIds: ["A10:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/",
+    },
+    DB: {
+        cweIds: ["CWE-89", "CWE-943"],
+        owaspIds: ["A03:2021"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Query_Parameterization_Cheat_Sheet.html",
+    },
+    CFG: {
+        cweIds: ["CWE-16", "CWE-1188"],
+        owaspIds: ["A05:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/",
+    },
+    RATE: {
+        cweIds: ["CWE-770"],
+        owaspIds: ["A04:2021"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html",
+    },
+    LOGPRIV: {
+        cweIds: ["CWE-532", "CWE-117"],
+        owaspIds: ["A09:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/",
+    },
+    COMP: {
+        cweIds: ["CWE-1059"],
+        owaspIds: ["A04:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A04_2021-Insecure_Design/",
+    },
+    DEPS: {
+        cweIds: ["CWE-1104"],
+        owaspIds: ["A06:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/",
+    },
+    ERR: {
+        cweIds: ["CWE-209", "CWE-755"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html",
+    },
+    SOV: {
+        learnMoreUrl: "https://gdpr-info.eu/art-44-gdpr/",
+    },
+    PERF: {
+        learnMoreUrl: "https://web.dev/performance/",
+    },
+    A11Y: {
+        learnMoreUrl: "https://www.w3.org/WAI/standards-guidelines/wcag/",
+    },
+    DOC: {
+        learnMoreUrl: "https://jsdoc.app/",
+    },
+    TEST: {
+        learnMoreUrl: "https://martinfowler.com/articles/practical-test-pyramid.html",
+    },
+    API: {
+        learnMoreUrl: "https://swagger.io/resources/articles/best-practices-in-api-design/",
+    },
+    SCALE: {
+        learnMoreUrl: "https://12factor.net/",
+    },
+    REL: {
+        learnMoreUrl: "https://sre.google/sre-book/table-of-contents/",
+    },
+    OBS: {
+        learnMoreUrl: "https://opentelemetry.io/docs/",
+    },
+    MAINT: {
+        learnMoreUrl: "https://refactoring.guru/refactoring",
+    },
+    CONC: {
+        cweIds: ["CWE-362", "CWE-667"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Race_Conditions_Cheat_Sheet.html",
+    },
+    STRUCT: {
+        learnMoreUrl: "https://refactoring.guru/refactoring/smells",
+    },
+    I18N: {
+        learnMoreUrl: "https://developer.mozilla.org/en-US/docs/Mozilla/Localization/Web_Localizability/Creating_localizable_web_applications",
+    },
+    CLOUD: {
+        learnMoreUrl: "https://12factor.net/",
+    },
+    COST: {
+        learnMoreUrl: "https://aws.amazon.com/architecture/cost-optimization/",
+    },
+    CACHE: {
+        learnMoreUrl: "https://redis.io/docs/manual/client-side-caching/",
+    },
+    COMPAT: {
+        learnMoreUrl: "https://semver.org/",
+    },
+    CICD: {
+        learnMoreUrl: "https://docs.github.com/en/actions",
+    },
+    PORTA: {
+        learnMoreUrl: "https://12factor.net/dev-prod-parity",
+    },
+    UX: {
+        learnMoreUrl: "https://www.nngroup.com/articles/usability-heuristics/",
+    },
+    ETHICS: {
+        learnMoreUrl: "https://www.microsoft.com/en-us/ai/responsible-ai",
+    },
+    AGENT: {
+        learnMoreUrl: "https://docs.github.com/en/copilot/customizing-copilot/adding-custom-instructions-for-github-copilot",
+    },
+    AICS: {
+        owaspIds: ["OWASP-AI-Security"],
+        learnMoreUrl: "https://owasp.org/www-project-ai-security-and-privacy-guide/",
+    },
+    IAC: {
+        cweIds: ["CWE-1004"],
+        learnMoreUrl: "https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.html",
+    },
+    INTENT: {
+        learnMoreUrl: "https://docs.github.com/en/copilot/using-github-copilot/best-practices-for-using-github-copilot",
+    },
+    DSEC: {
+        cweIds: ["CWE-1104"],
+        owaspIds: ["A06:2021"],
+        learnMoreUrl: "https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/",
+    },
+    HALLU: {
+        learnMoreUrl: "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
+    },
+    COH: {
+        learnMoreUrl: "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
+    },
+    MFPR: {
+        learnMoreUrl: "https://owasp.org/www-project-top-10-for-large-language-model-applications/",
+    },
+};
+/**
+ * Rule-specific overrides — more precise than prefix-level mappings.
+ */
+const RULE_MAP = {
+    "SEC-001": { cweIds: ["CWE-89"], owaspIds: ["A03:2021"] },
+    "SEC-002": { cweIds: ["CWE-78"], owaspIds: ["A03:2021"] },
+    "SEC-003": { cweIds: ["CWE-79"], owaspIds: ["A03:2021"] },
+    "AUTH-001": { cweIds: ["CWE-798"], owaspIds: ["A07:2021"] },
+    "AUTH-002": { cweIds: ["CWE-287"], owaspIds: ["A07:2021"] },
+    "AUTH-003": { cweIds: ["CWE-257"], owaspIds: ["A07:2021"] },
+    "DATA-001": { cweIds: ["CWE-312", "CWE-798"], owaspIds: ["A02:2021"] },
+    "DATA-002": { cweIds: ["CWE-200"], owaspIds: ["A01:2021"] },
+    "CYBER-001": { cweIds: ["CWE-78"], owaspIds: ["A03:2021"] },
+    "CYBER-002": { cweIds: ["CWE-94"], owaspIds: ["A03:2021"] },
+    "CYBER-003": { cweIds: ["CWE-502"], owaspIds: ["A08:2021"] },
+    "CYBER-004": { cweIds: ["CWE-327"], owaspIds: ["A02:2021"] },
+    "DB-001": { cweIds: ["CWE-89"], owaspIds: ["A03:2021"] },
+    "DB-002": { cweIds: ["CWE-798"], owaspIds: ["A07:2021"] },
+    "CFG-001": { cweIds: ["CWE-798"], owaspIds: ["A07:2021"] },
+    "CFG-002": { cweIds: ["CWE-16"], owaspIds: ["A05:2021"] },
+    "LOGPRIV-001": { cweIds: ["CWE-532"], owaspIds: ["A09:2021"] },
+    "LOGPRIV-002": { cweIds: ["CWE-117"], owaspIds: ["A09:2021"] },
+    "ERR-001": { cweIds: ["CWE-209"] },
+    "ERR-002": { cweIds: ["CWE-755"] },
+    "CONC-001": { cweIds: ["CWE-362"] },
+    "CONC-002": { cweIds: ["CWE-667"] },
+    "RATE-001": { cweIds: ["CWE-770"], owaspIds: ["A04:2021"] },
+};
+// ─── Enrichment Function ────────────────────────────────────────────────────
+/**
+ * Enrich findings with structured CWE/OWASP IDs and Learn More URLs.
+ * Non-mutating — returns a new array of enriched findings.
+ */
+export function enrichWithSecurityIds(findings) {
+    return findings.map((f) => {
+        const prefix = f.ruleId.replace(/-\d+$/, "");
+        const ruleMapping = RULE_MAP[f.ruleId];
+        const prefixMapping = PREFIX_MAP[prefix];
+        const cweIds = ruleMapping?.cweIds ?? prefixMapping?.cweIds;
+        const owaspIds = ruleMapping?.owaspIds ?? prefixMapping?.owaspIds;
+        const learnMoreUrl = ruleMapping?.learnMoreUrl ?? prefixMapping?.learnMoreUrl;
+        if (!cweIds && !owaspIds && !learnMoreUrl)
+            return f;
+        return {
+            ...f,
+            ...(cweIds && !f.cweIds ? { cweIds } : {}),
+            ...(owaspIds && !f.owaspIds ? { owaspIds } : {}),
+            ...(learnMoreUrl && !f.learnMoreUrl ? { learnMoreUrl } : {}),
+        };
+    });
+}
+/**
+ * Get the security mapping for a specific rule or prefix.
+ */
+export function getSecurityMapping(ruleId) {
+    const ruleMapping = RULE_MAP[ruleId];
+    if (ruleMapping)
+        return ruleMapping;
+    const prefix = ruleId.replace(/-\d+$/, "");
+    return PREFIX_MAP[prefix];
+}
+//# sourceMappingURL=security-ids.js.map

package/dist/security-ids.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-ids.js","sourceRoot":"","sources":["../src/security-ids.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAYH;;GAEG;AACH,MAAM,UAAU,GAAoC;IAClD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC5B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,6CAA6C;KAC5D;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,8EAA8E;KAC7F;IACD,MAAM,EAAE;QACN,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,0DAA0D;KACzE;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC;QACzC,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,0DAA0D;KACzE;IACD,KAAK,EAAE;QACL,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,yDAAyD;KACxE;IACD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;QAC5B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,6CAA6C;KAC5D;IACD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,QAAQ,CAAC;QAClB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,iGAAiG;KAChH;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,0EAA0E;KACzF;IACD,EAAE,EAAE;QACF,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;QAC7B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,wFAAwF;KACvG;IACD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,QAAQ,EAAE,UAAU,CAAC;QAC9B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,6DAA6D;KAC5E;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,SAAS,CAAC;QACnB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,mFAAmF;KAClG;IACD,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,4EAA4E;KAC3F;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,UAAU,CAAC;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,mDAAmD;KAClE;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,UAAU,CAAC;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,sEAAsE;KACrF;IACD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,YAAY,EAAE,gFAAgF;KAC/F;IACD,GAAG,EAAE;QACH,YAAY,EAAE,mCAAmC;KAClD;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,8BAA8B;KAC7C;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,mDAAmD;KAClE;IACD,GAAG,EAAE;QACH,YAAY,EAAE,oBAAoB;KACnC;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,+DAA+D;KAC9E;IACD,GAAG,EAAE;QACH,YAAY,EAAE,qEAAqE;KACpF;IACD,KAAK,EAAE;QACL,YAAY,EAAE,uBAAuB;KACtC;IACD,GAAG,EAAE;QACH,YAAY,EAAE,gDAAgD;KAC/D;IACD,GAAG,EAAE;QACH,YAAY,EAAE,gCAAgC;KAC/C;IACD,KAAK,EAAE;QACL,YAAY,EAAE,sCAAsC;KACrD;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;QAC9B,YAAY,EAAE,iFAAiF;KAChG;IACD,MAAM,EAAE;QACN,YAAY,EAAE,6CAA6C;KAC5D;IACD,IAAI,EAAE;QACJ,YAAY,EACV,wHAAwH;KAC3H;IACD,KAAK,EAAE;QACL,YAAY,EAAE,uBAAuB;KACtC;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,wDAAwD;KACvE;IACD,KAAK,EAAE;QACL,YAAY,EAAE,mDAAmD;KAClE;IACD,MAAM,EAAE;QACN,YAAY,EAAE,qBAAqB;KACpC;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,oCAAoC;KACnD;IACD,KAAK,EAAE;QACL,YAAY,EAAE,sCAAsC;KACrD;IACD,EAAE,EAAE;QACF,YAAY,EAAE,wDAAwD;KACvE;IACD,MAAM,EAAE;QACN,YAAY,EAAE,mDAAmD;KAClE;IACD,KAAK,EAAE;QACL,YAAY,EACV,sGAAsG;KACzG;IACD,IAAI,EAAE;QACJ,QAAQ,EAAE,CAAC,mBAAmB,CAAC;QAC/B,YAAY,EAAE,8DAA8D;KAC7E;IACD,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,UAAU,CAAC;QACpB,YAAY,EAAE,iGAAiG;KAChH;IACD,MAAM,EAAE;QACN,YAAY,EAAE,iGAAiG;KAChH;IACD,IAAI,EAAE;QACJ,MAAM,EAAE,CAAC,UAAU,CAAC;QACpB,QAAQ,EAAE,CAAC,UAAU,CAAC;QACtB,YAAY,EAAE,sEAAsE;KACrF;IACD,KAAK,EAAE;QACL,YAAY,EAAE,6EAA6E;KAC5F;IACD,GAAG,EAAE;QACH,YAAY,EAAE,6EAA6E;KAC5F;IACD,IAAI,EAAE;QACJ,YAAY,EAAE,6EAA6E;KAC5F;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,QAAQ,GAAoC;IAChD,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACzD,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACzD,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACzD,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACtE,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC3D,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC5D,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC5D,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACxD,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACzD,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC1D,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IACzD,aAAa,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC9D,aAAa,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;IAC9D,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE;IAClC,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE;IAClC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE;IACnC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE;IACnC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;CAC5D,CAAC;AAEF,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAmB;IACvD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QAEzC,MAAM,MAAM,GAAG,WAAW,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,CAAC;QAC5D,MAAM,QAAQ,GAAG,WAAW,EAAE,QAAQ,IAAI,aAAa,EAAE,QAAQ,CAAC;QAClE,MAAM,YAAY,GAAG,WAAW,EAAE,YAAY,IAAI,aAAa,EAAE,YAAY,CAAC;QAE9E,IAAI,CAAC,MAAM,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY;YAAE,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,GAAG,CAAC;YACJ,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1C,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,YAAY,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC3C,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC"}

package/dist/tools/prompts.d.ts

@@ -1,4 +1,8 @@
 import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/** Adversarial evaluation stance — shared across all judges. */
+export declare const SHARED_ADVERSARIAL_MANDATE = "ADVERSARIAL MANDATE (applies to ALL judges):\n- Your role is adversarial: assume the code has problems and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).\n- Never praise or compliment the code. Report only problems, risks, and deficiencies.\n- If you are uncertain whether something is an issue, flag it only when you can cite specific code evidence (line numbers, patterns, API calls). Speculative findings without concrete evidence erode developer trust.\n- If no concrete issues are found after thorough analysis, report zero findings. Do not pad the report with speculative issues.";
+/** Precision override — ensures evidence-based findings. */
+export declare const PRECISION_MANDATE = "PRECISION MANDATE (overrides adversarial stance when in conflict):\n- Every finding MUST cite specific code evidence: exact line numbers, API calls, variable names, or patterns. Findings without concrete evidence must be discarded.\n- Do NOT flag the absence of a feature or pattern unless you can identify the specific code location where it SHOULD have been implemented and explain WHY it is required for THIS code.\n- Speculative, hypothetical, or \"just in case\" findings erode developer trust. Only flag issues you are confident exist in the actual code.\n- Prefer fewer, high-confidence findings over many uncertain ones. Quality of findings matters more than quantity.\n- If the code is genuinely well-written with no real issues, reporting ZERO findings is the correct and expected behavior. Do not manufacture findings to avoid an empty report.\n- Clean, well-structured code exists. Acknowledge it by not forcing false issues.";
 /**
  * Extract only the unique evaluation criteria from a judge's systemPrompt,
  * stripping the persona introduction line, the ADVERSARIAL MANDATE block,

package/dist/tools/prompts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAyBzE;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAyBjE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAkFvD"}
+{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AASzE,gEAAgE;AAChE,eAAO,MAAM,0BAA0B,2oBAIyF,CAAC;AAEjI,4DAA4D;AAC5D,eAAO,MAAM,iBAAiB,86BAMoD,CAAC;AAInF;;;;;;;;;;;;;GAaG;AACH,wBAAgB,oBAAoB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAyBjE;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAkFvD"}

package/dist/tools/prompts.js

@@ -16,17 +16,19 @@ import { JUDGES } from "../judges/index.js";
 // repeating the text 39 times.
 // ──────────────────────────────────────────────────────────────────────────────
 /** Adversarial evaluation stance — shared across all judges. */
-const SHARED_ADVERSARIAL_MANDATE = `ADVERSARIAL MANDATE (applies to ALL judges):
+export const SHARED_ADVERSARIAL_MANDATE = `ADVERSARIAL MANDATE (applies to ALL judges):
 - Your role is adversarial: assume the code has problems and actively hunt for them. Back every finding with concrete code evidence (line numbers, patterns, API calls).
 - Never praise or compliment the code. Report only problems, risks, and deficiencies.
 - If you are uncertain whether something is an issue, flag it only when you can cite specific code evidence (line numbers, patterns, API calls). Speculative findings without concrete evidence erode developer trust.
-- Absence of findings does not mean the code is good. It means your analysis reached its limits. State this explicitly.`;
+- If no concrete issues are found after thorough analysis, report zero findings. Do not pad the report with speculative issues.`;
 /** Precision override — ensures evidence-based findings. */
-const PRECISION_MANDATE = `PRECISION MANDATE (overrides adversarial stance when in conflict):
+export const PRECISION_MANDATE = `PRECISION MANDATE (overrides adversarial stance when in conflict):
 - Every finding MUST cite specific code evidence: exact line numbers, API calls, variable names, or patterns. Findings without concrete evidence must be discarded.
 - Do NOT flag the absence of a feature or pattern unless you can identify the specific code location where it SHOULD have been implemented and explain WHY it is required for THIS code.
 - Speculative, hypothetical, or "just in case" findings erode developer trust. Only flag issues you are confident exist in the actual code.
-- Prefer fewer, high-confidence findings over many uncertain ones. Quality of findings matters more than quantity.`;
+- Prefer fewer, high-confidence findings over many uncertain ones. Quality of findings matters more than quantity.
+- If the code is genuinely well-written with no real issues, reporting ZERO findings is the correct and expected behavior. Do not manufacture findings to avoid an empty report.
+- Clean, well-structured code exists. Acknowledge it by not forcing false issues.`;
 // ─── Criteria Extraction ─────────────────────────────────────────────────────
 /**
  * Extract only the unique evaluation criteria from a judge's systemPrompt,

package/dist/tools/prompts.js.map

@@ -1 +1 @@
-{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,0EAA0E;AAC1E,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,yEAAyE;AACzE,yEAAyE;AACzE,0EAA0E;AAC1E,uEAAuE;AACvE,oDAAoD;AACpD,iFAAiF;AAGjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,gFAAgF;AAChF,uEAAuE;AACvE,+BAA+B;AAC/B,iFAAiF;AAEjF,gEAAgE;AAChE,MAAM,0BAA0B,GAAG;;;;wHAIqF,CAAC;AAEzH,4DAA4D;AAC5D,MAAM,iBAAiB,GAAG;;;;mHAIyF,CAAC;AAEpH,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,oBAAoB,CAAC,YAAoB;IACvD,IAAI,IAAI,GAAG,YAAY,CAAC;IAExB,wEAAwE;IACxE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,mEAAmE;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IAC9C,CAAC;IAED,yEAAyE;IACzE,IAAI,GAAG,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QACf,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,qCAAqC,CAAC,CAAC;IACjH,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAiB;IAC/C,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CACX,SAAS,KAAK,CAAC,EAAE,EAAE,EACnB,WAAW,KAAK,CAAC,IAAI,8BAA8B,KAAK,CAAC,MAAM,+HAA+H,EAC9L;YACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;SAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;YACpC,MAAM,WAAW,GACf,GAAG,KAAK,CAAC,YAAY,OAAO,iBAAiB,MAAM;gBACnD,iCAAiC,QAAQ,mBAAmB,QAAQ,KAAK,IAAI,UAAU;gBACvF,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrD,6EAA6E,KAAK,CAAC,UAAU,uKAAuK,CAAC;YAEvQ,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAe;wBACrB,OAAO,EAAE;4BACP,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,WAAW;yBAClB;qBACF;iBACF;aACF,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,wEAAwE;IACxE,oEAAoE;IACpE,yEAAyE;IACzE,MAAM,CAAC,MAAM,CACX,eAAe,EACf,uCAAuC,MAAM,CAAC,MAAM,uFAAuF,EAC3I;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;QACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;KAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;QACpC,MAAM,iBAAiB,GAAG,MAAM,CAAC,GAAG,CAClC,CAAC,CAAC,EAAE,EAAE,CACJ,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,wBAAwB,CAAC,CAAC,UAAU,UAAU,oBAAoB,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAClH,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEtB,MAAM,WAAW,GACf,yCAAyC,MAAM,CAAC,MAAM,sGAAsG;YAC5J,wCAAwC;YACxC,GAAG,0BAA0B,MAAM;YACnC,GAAG,iBAAiB,MAAM;YAC1B,gCAAgC;YAChC,0BAA0B,QAAQ,qCAAqC,MAAM,CAAC,MAAM,2CAA2C;YAC/H,4BAA4B;YAC5B,sCAAsC;YACtC,oBAAoB;YACpB,wGAAwG;YACxG,kFAAkF;YAClF,oBAAoB,iBAAiB,MAAM;YAC3C,gCAAgC,QAAQ,KAAK,IAAI,UAAU;YAC3D,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAE3D,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE;wBACP,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,WAAW;qBAClB;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}
+{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/tools/prompts.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,0EAA0E;AAC1E,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,yEAAyE;AACzE,yEAAyE;AACzE,0EAA0E;AAC1E,uEAAuE;AACvE,oDAAoD;AACpD,iFAAiF;AAGjF,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,gFAAgF;AAChF,uEAAuE;AACvE,+BAA+B;AAC/B,iFAAiF;AAEjF,gEAAgE;AAChE,MAAM,CAAC,MAAM,0BAA0B,GAAG;;;;gIAIsF,CAAC;AAEjI,4DAA4D;AAC5D,MAAM,CAAC,MAAM,iBAAiB,GAAG;;;;;;kFAMiD,CAAC;AAEnF,gFAAgF;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,oBAAoB,CAAC,YAAoB;IACvD,IAAI,IAAI,GAAG,YAAY,CAAC;IAExB,wEAAwE;IACxE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;QACnB,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,mEAAmE;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAChB,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IAC9C,CAAC;IAED,yEAAyE;IACzE,IAAI,GAAG,IAAI;SACR,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QACf,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,qCAAqC,CAAC,CAAC;IACjH,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAiB;IAC/C,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,MAAM,CACX,SAAS,KAAK,CAAC,EAAE,EAAE,EACnB,WAAW,KAAK,CAAC,IAAI,8BAA8B,KAAK,CAAC,MAAM,+HAA+H,EAC9L;YACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;SAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;YACpC,MAAM,WAAW,GACf,GAAG,KAAK,CAAC,YAAY,OAAO,iBAAiB,MAAM;gBACnD,iCAAiC,QAAQ,mBAAmB,QAAQ,KAAK,IAAI,UAAU;gBACvF,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrD,6EAA6E,KAAK,CAAC,UAAU,uKAAuK,CAAC;YAEvQ,OAAO;gBACL,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAe;wBACrB,OAAO,EAAE;4BACP,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,WAAW;yBAClB;qBACF;iBACF;aACF,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,wEAAwE;IACxE,oEAAoE;IACpE,yEAAyE;IACzE,MAAM,CAAC,MAAM,CACX,eAAe,EACf,uCAAuC,MAAM,CAAC,MAAM,uFAAuF,EAC3I;QACE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;QACxD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;QACzD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;KAC7E,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE;QACpC,MAAM,iBAAiB,GAAG,MAAM,CAAC,GAAG,CAClC,CAAC,CAAC,EAAE,EAAE,CACJ,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,wBAAwB,CAAC,CAAC,UAAU,UAAU,oBAAoB,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAClH,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEtB,MAAM,WAAW,GACf,yCAAyC,MAAM,CAAC,MAAM,sGAAsG;YAC5J,wCAAwC;YACxC,GAAG,0BAA0B,MAAM;YACnC,GAAG,iBAAiB,MAAM;YAC1B,gCAAgC;YAChC,0BAA0B,QAAQ,qCAAqC,MAAM,CAAC,MAAM,2CAA2C;YAC/H,4BAA4B;YAC5B,sCAAsC;YACtC,oBAAoB;YACpB,wGAAwG;YACxG,kFAAkF;YAClF,oBAAoB,iBAAiB,MAAM;YAC3C,gCAAgC,QAAQ,KAAK,IAAI,UAAU;YAC3D,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAE3D,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE;wBACP,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,WAAW;qBAClB;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/tools/register-scaffold.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerScaffoldTools(server: McpServer): void;
+//# sourceMappingURL=register-scaffold.d.ts.map

package/dist/tools/register-scaffold.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-scaffold.d.ts","sourceRoot":"","sources":["../../src/tools/register-scaffold.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAmBzE,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAG7D"}