@kevinrabun/judges 3.41.0 → 3.43.0

package/dist/commands/remediation.js

@@ -0,0 +1,257 @@
+/**
+ * Remediation guides — provide step-by-step fix guidance for common
+ * finding categories, linked from finding output.
+ *
+ * Each guide includes: description, risk level, fix steps,
+ * code examples (before/after), and references.
+ */
+// ─── Guides ─────────────────────────────────────────────────────────────────
+const GUIDES = [
+    {
+        rulePrefix: "SEC-001",
+        title: "SQL Injection Prevention",
+        category: "Security",
+        risk: "Critical — allows attackers to read/modify/delete database data",
+        steps: [
+            "Replace string concatenation in SQL queries with parameterized queries",
+            "Use your ORM's built-in query builder instead of raw SQL",
+            "If raw SQL is required, use prepared statements with placeholders",
+            "Validate and sanitize all user input before using in queries",
+            "Apply principle of least privilege to database accounts",
+        ],
+        beforeCode: `// VULNERABLE\nconst result = await db.query(\`SELECT * FROM users WHERE id = '\${userId}'\`);`,
+        afterCode: `// SECURE\nconst result = await db.query('SELECT * FROM users WHERE id = $1', [userId]);`,
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/89.html",
+        ],
+    },
+    {
+        rulePrefix: "SEC-002",
+        title: "Cross-Site Scripting (XSS) Prevention",
+        category: "Security",
+        risk: "High — allows attackers to execute scripts in users' browsers",
+        steps: [
+            "Use context-aware output encoding (HTML, JavaScript, URL, CSS)",
+            "Use framework auto-escaping (React JSX, Angular templates, etc.)",
+            "Avoid dangerouslySetInnerHTML / v-html / innerHTML",
+            "Implement Content-Security-Policy headers",
+            "Validate and sanitize user input on the server side",
+        ],
+        beforeCode: `// VULNERABLE\nelement.innerHTML = userInput;`,
+        afterCode: `// SECURE\nelement.textContent = userInput;`,
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/79.html",
+        ],
+    },
+    {
+        rulePrefix: "SEC-003",
+        title: "Command Injection Prevention",
+        category: "Security",
+        risk: "Critical — allows attackers to execute arbitrary OS commands",
+        steps: [
+            "Avoid shell command execution with user-controlled input",
+            "Use language-native APIs instead of shell commands (e.g., fs.readdir instead of ls)",
+            "If shell execution is required, use allowlists for permitted commands",
+            "Use execFile/spawn with explicit argument arrays instead of exec with string concatenation",
+            "Never pass user input directly to child_process.exec()",
+        ],
+        beforeCode: `// VULNERABLE\nexec(\`ls \${userDir}\`);`,
+        afterCode: `// SECURE\nexecFile('ls', [userDir]);`,
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/78.html",
+        ],
+    },
+    {
+        rulePrefix: "AUTH-",
+        title: "Authentication Best Practices",
+        category: "Security",
+        risk: "High — weak authentication allows unauthorized access",
+        steps: [
+            "Use bcrypt, argon2, or scrypt for password hashing (never MD5/SHA1)",
+            "Implement rate limiting on login endpoints",
+            "Use secure session management with HttpOnly, Secure, SameSite cookies",
+            "Implement multi-factor authentication for sensitive operations",
+            "Validate JWT tokens on every request (check signature, expiry, issuer)",
+        ],
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/287.html",
+        ],
+    },
+    {
+        rulePrefix: "CRYPTO-",
+        title: "Cryptographic Best Practices",
+        category: "Security",
+        risk: "High — weak cryptography exposes sensitive data",
+        steps: [
+            "Use AES-256-GCM for symmetric encryption (not DES, 3DES, or ECB mode)",
+            "Use RSA-2048+ or ECDSA P-256+ for asymmetric encryption",
+            "Use SHA-256+ for hashing (not MD5 or SHA-1)",
+            "Never hardcode encryption keys or secrets in source code",
+            "Use platform-provided key management (AWS KMS, Azure Key Vault, etc.)",
+        ],
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/327.html",
+        ],
+    },
+    {
+        rulePrefix: "SSRF-",
+        title: "Server-Side Request Forgery Prevention",
+        category: "Security",
+        risk: "High — allows attackers to make requests from your server to internal resources",
+        steps: [
+            "Validate and sanitize all URLs before making server-side requests",
+            "Use an allowlist of permitted domains/IPs",
+            "Block requests to private IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x, ::1)",
+            "Disable HTTP redirects or validate redirect targets",
+            "Use a URL parser to validate the scheme (allow only https://)",
+        ],
+        references: [
+            "https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html",
+            "https://cwe.mitre.org/data/definitions/918.html",
+        ],
+    },
+    {
+        rulePrefix: "PERF-",
+        title: "Performance Optimization",
+        category: "Performance",
+        risk: "Medium — poor performance degrades user experience and increases costs",
+        steps: [
+            "Identify the bottleneck: CPU, memory, I/O, or network",
+            "Use profiling tools (Node.js --prof, py-spy, Go pprof)",
+            "Avoid N+1 queries — batch database operations",
+            "Use caching for expensive computations (Redis, in-memory LRU)",
+            "Implement pagination for large result sets",
+        ],
+        references: ["https://web.dev/performance/"],
+    },
+    {
+        rulePrefix: "ERR-",
+        title: "Error Handling Best Practices",
+        category: "Reliability",
+        risk: "Medium — poor error handling causes crashes and data corruption",
+        steps: [
+            "Catch and handle errors at appropriate boundaries",
+            "Never swallow exceptions silently — at minimum log them",
+            "Use structured error types with error codes",
+            "Implement graceful degradation for non-critical failures",
+            "Never expose stack traces or internal error details to users",
+        ],
+        references: ["https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html"],
+    },
+    {
+        rulePrefix: "CONCUR-",
+        title: "Concurrency Safety",
+        category: "Reliability",
+        risk: "High — race conditions cause data corruption and security vulnerabilities",
+        steps: [
+            "Identify shared mutable state and protect it with locks/mutexes",
+            "Prefer immutable data structures",
+            "Use atomic operations for simple shared counters",
+            "Avoid holding multiple locks simultaneously (prevents deadlocks)",
+            "Use channels/message-passing instead of shared memory where possible",
+        ],
+        references: ["https://cwe.mitre.org/data/definitions/362.html"],
+    },
+    {
+        rulePrefix: "IAC-",
+        title: "Infrastructure as Code Security",
+        category: "Infrastructure",
+        risk: "High — IaC misconfigurations expose cloud resources to attack",
+        steps: [
+            "Enable encryption at rest and in transit for all storage resources",
+            "Apply principle of least privilege to IAM roles and policies",
+            "Enable logging and monitoring (CloudTrail, Azure Monitor, etc.)",
+            "Use private subnets for databases and internal services",
+            "Never hardcode secrets in Terraform/Bicep/CloudFormation templates",
+        ],
+        references: ["https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheat_Sheet.html"],
+    },
+];
+// ─── Lookup API ─────────────────────────────────────────────────────────────
+export function findGuide(ruleId) {
+    // Exact match first, then prefix match
+    return GUIDES.find((g) => ruleId.startsWith(g.rulePrefix));
+}
+export function listGuides() {
+    return GUIDES;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runRemediationGuide(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges remediation — Step-by-step fix guidance for findings
+
+Usage:
+  judges remediation SEC-001          Show guide for a specific rule
+  judges remediation --list           List all available guides
+  judges remediation --category Security  Filter by category
+
+Options:
+  --list               List all guides
+  --category <cat>     Filter by category
+  --format json        JSON output
+  --help, -h           Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const categoryFilter = argv.find((_a, i) => argv[i - 1] === "--category");
+    if (argv.includes("--list")) {
+        let guides = GUIDES;
+        if (categoryFilter)
+            guides = guides.filter((g) => g.category.toLowerCase() === categoryFilter.toLowerCase());
+        if (format === "json") {
+            console.log(JSON.stringify(guides, null, 2));
+            return;
+        }
+        console.log("\n  Available Remediation Guides:\n");
+        for (const g of guides) {
+            console.log(`    ${g.rulePrefix.padEnd(12)} ${g.title.padEnd(40)} [${g.category}]`);
+        }
+        console.log("");
+        return;
+    }
+    // Find guide by rule ID
+    const ruleId = argv.find((a, i) => i > 1 && !a.startsWith("-") && argv[i - 1] !== "--format" && argv[i - 1] !== "--category");
+    if (!ruleId) {
+        console.error("Error: provide a rule ID or use --list");
+        process.exit(1);
+    }
+    const guide = findGuide(ruleId);
+    if (!guide) {
+        console.log(`  No guide found for "${ruleId}". Use --list to see available guides.`);
+        return;
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(guide, null, 2));
+        return;
+    }
+    console.log(`\n  📖 ${guide.title}\n`);
+    console.log(`  Category: ${guide.category}`);
+    console.log(`  Risk: ${guide.risk}\n`);
+    console.log("  Steps:");
+    for (let i = 0; i < guide.steps.length; i++) {
+        console.log(`    ${i + 1}. ${guide.steps[i]}`);
+    }
+    if (guide.beforeCode) {
+        console.log("\n  Before (vulnerable):");
+        console.log(`    ${guide.beforeCode.split("\n").join("\n    ")}`);
+    }
+    if (guide.afterCode) {
+        console.log("\n  After (secure):");
+        console.log(`    ${guide.afterCode.split("\n").join("\n    ")}`);
+    }
+    if (guide.references.length > 0) {
+        console.log("\n  References:");
+        for (const ref of guide.references) {
+            console.log(`    • ${ref}`);
+        }
+    }
+    console.log("");
+}
+//# sourceMappingURL=remediation.js.map

package/dist/commands/remediation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remediation.js","sourceRoot":"","sources":["../../src/commands/remediation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAeH,+EAA+E;AAE/E,MAAM,MAAM,GAAuB;IACjC;QACE,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,0BAA0B;QACjC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,iEAAiE;QACvE,KAAK,EAAE;YACL,wEAAwE;YACxE,0DAA0D;YAC1D,mEAAmE;YACnE,8DAA8D;YAC9D,yDAAyD;SAC1D;QACD,UAAU,EAAE,gGAAgG;QAC5G,SAAS,EAAE,0FAA0F;QACrG,UAAU,EAAE;YACV,0FAA0F;YAC1F,gDAAgD;SACjD;KACF;IACD;QACE,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,uCAAuC;QAC9C,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,+DAA+D;QACrE,KAAK,EAAE;YACL,gEAAgE;YAChE,kEAAkE;YAClE,oDAAoD;YACpD,2CAA2C;YAC3C,qDAAqD;SACtD;QACD,UAAU,EAAE,+CAA+C;QAC3D,SAAS,EAAE,6CAA6C;QACxD,UAAU,EAAE;YACV,iGAAiG;YACjG,gDAAgD;SACjD;KACF;IACD;QACE,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,8DAA8D;QACpE,KAAK,EAAE;YACL,0DAA0D;YAC1D,qFAAqF;YACrF,uEAAuE;YACvE,4FAA4F;YAC5F,wDAAwD;SACzD;QACD,UAAU,EAAE,0CAA0C;QACtD,SAAS,EAAE,uCAAuC;QAClD,UAAU,EAAE;YACV,8FAA8F;YAC9F,gDAAgD;SACjD;KACF;IACD;QACE,UAAU,EAAE,OAAO;QACnB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,uDAAuD;QAC7D,KAAK,EAAE;YACL,qEAAqE;YACrE,4CAA4C;YAC5C,uEAAuE;YACvE,gEAAgE;YAChE,wEAAwE;SACzE;QACD,UAAU,EAAE;YACV,gFAAgF;YAChF,iDAAiD;SAClD;KACF;IACD;QACE,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,8BAA8B;QACrC,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,iDAAiD;QACvD,KAAK,EAAE;YACL,uEAAuE;YACvE,yDAAyD;YACzD,6CAA6C;YAC7C,0DAA0D;YAC1D,uEAAuE;SACxE;QACD,UAAU,EAAE;YACV,uFAAuF;YACvF,iDAAiD;SAClD;KACF;IACD;QACE,UAAU,EAAE,OAAO;QACnB,KAAK,EAAE,wCAAwC;QAC/C,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,iFAAiF;QACvF,KAAK,EAAE;YACL,mEAAmE;YACnE,2CAA2C;YAC3C,gFAAgF;YAChF,qDAAqD;YACrD,+DAA+D;SAChE;QACD,UAAU,EAAE;YACV,wGAAwG;YACxG,iDAAiD;SAClD;KACF;IACD;QACE,UAAU,EAAE,OAAO;QACnB,KAAK,EAAE,0BAA0B;QACjC,QAAQ,EAAE,aAAa;QACvB,IAAI,EAAE,wEAAwE;QAC9E,KAAK,EAAE;YACL,uDAAuD;YACvD,wDAAwD;YACxD,+CAA+C;YAC/C,+DAA+D;YAC/D,4CAA4C;SAC7C;QACD,UAAU,EAAE,CAAC,8BAA8B,CAAC;KAC7C;IACD;QACE,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,+BAA+B;QACtC,QAAQ,EAAE,aAAa;QACvB,IAAI,EAAE,iEAAiE;QACvE,KAAK,EAAE;YACL,mDAAmD;YACnD,yDAAyD;YACzD,6CAA6C;YAC7C,0DAA0D;YAC1D,8DAA8D;SAC/D;QACD,UAAU,EAAE,CAAC,gFAAgF,CAAC;KAC/F;IACD;QACE,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,aAAa;QACvB,IAAI,EAAE,2EAA2E;QACjF,KAAK,EAAE;YACL,iEAAiE;YACjE,kCAAkC;YAClC,kDAAkD;YAClD,kEAAkE;YAClE,sEAAsE;SACvE;QACD,UAAU,EAAE,CAAC,iDAAiD,CAAC;KAChE;IACD;QACE,UAAU,EAAE,MAAM;QAClB,KAAK,EAAE,iCAAiC;QACxC,QAAQ,EAAE,gBAAgB;QAC1B,IAAI,EAAE,+DAA+D;QACrE,KAAK,EAAE;YACL,oEAAoE;YACpE,8DAA8D;YAC9D,iEAAiE;YACjE,yDAAyD;YACzD,oEAAoE;SACrE;QACD,UAAU,EAAE,CAAC,iGAAiG,CAAC;KAChH;CACF,CAAC;AAEF,+EAA+E;AAE/E,MAAM,UAAU,SAAS,CAAC,MAAc;IACtC,uCAAuC;IACvC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAaf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC;IAE1F,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,MAAM,GAAG,MAAM,CAAC;QACpB,IAAI,cAAc;YAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,CAAC,CAAC;QAE7G,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QACnD,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO;IACT,CAAC;IAED,wBAAwB;IACxB,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CACtB,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CACpG,CAAC;IACF,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,KAAK,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,wCAAwC,CAAC,CAAC;QACrF,OAAO;IACT,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,UAAU,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACnC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}

package/dist/commands/sla-track.d.ts

@@ -0,0 +1,57 @@
+/**
+ * SLA tracking — define response-time SLAs per severity and track
+ * violation rates across runs.
+ *
+ * Data is stored locally in .judges-sla.json — no remote storage.
+ */
+import type { Finding } from "../types.js";
+export interface SlaPolicy {
+    severity: string;
+    /** Max hours to first response/triage */
+    responseHours: number;
+    /** Max hours to remediation */
+    resolutionHours: number;
+}
+export interface SlaEntry {
+    findingId: string;
+    ruleId: string;
+    severity: string;
+    title: string;
+    firstSeenIso: string;
+    triagedIso?: string;
+    resolvedIso?: string;
+    status: "open" | "triaged" | "resolved";
+}
+interface SlaDb {
+    policies: SlaPolicy[];
+    entries: SlaEntry[];
+}
+export declare function trackFindings(findings: Finding[], dbPath?: string): SlaDb;
+export declare function triageEntry(id: string, dbPath?: string): void;
+export declare function resolveEntry(id: string, dbPath?: string): void;
+export interface SlaViolation {
+    findingId: string;
+    ruleId: string;
+    severity: string;
+    type: "response" | "resolution";
+    elapsedHours: number;
+    allowedHours: number;
+}
+export declare function checkViolations(dbPath?: string): SlaViolation[];
+export declare function getSlaStats(dbPath?: string): {
+    total: number;
+    open: number;
+    triaged: number;
+    resolved: number;
+    violations: number;
+    bySeverity: Record<string, {
+        total: number;
+        open: number;
+        violations: number;
+    }>;
+    avgResponseHours: number;
+    avgResolutionHours: number;
+};
+export declare function runSlaTrack(argv: string[]): Promise<void>;
+export {};
+//# sourceMappingURL=sla-track.d.ts.map

package/dist/commands/sla-track.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sla-track.d.ts","sourceRoot":"","sources":["../../src/commands/sla-track.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAI3C,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,+BAA+B;IAC/B,eAAe,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;CACzC;AAED,UAAU,KAAK;IACb,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtB,OAAO,EAAE,QAAQ,EAAE,CAAC;CACrB;AA6BD,wBAAgB,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,MAAM,SAAW,GAAG,KAAK,CAsB3E;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,SAAW,GAAG,IAAI,CAO/D;AAED,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,SAAW,GAAG,IAAI,CAOhE;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,UAAU,GAAG,YAAY,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,eAAe,CAAC,MAAM,SAAW,GAAG,YAAY,EAAE,CAqCjE;AAED,wBAAgB,WAAW,CAAC,MAAM,SAAW,GAAG;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAChF,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CA8CA;AAID,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAgI/D"}

package/dist/commands/sla-track.js

@@ -0,0 +1,269 @@
+/**
+ * SLA tracking — define response-time SLAs per severity and track
+ * violation rates across runs.
+ *
+ * Data is stored locally in .judges-sla.json — no remote storage.
+ */
+import { readFileSync, writeFileSync, existsSync } from "fs";
+// ─── Default SLA Policies ───────────────────────────────────────────────────
+const DEFAULT_POLICIES = [
+    { severity: "critical", responseHours: 4, resolutionHours: 24 },
+    { severity: "high", responseHours: 24, resolutionHours: 72 },
+    { severity: "medium", responseHours: 72, resolutionHours: 168 },
+    { severity: "low", responseHours: 168, resolutionHours: 720 },
+    { severity: "info", responseHours: 720, resolutionHours: 2160 },
+];
+const SLA_FILE = ".judges-sla.json";
+// ─── Core Functions ─────────────────────────────────────────────────────────
+function loadDb(file) {
+    if (!existsSync(file))
+        return { policies: DEFAULT_POLICIES, entries: [] };
+    return JSON.parse(readFileSync(file, "utf-8"));
+}
+function saveDb(file, db) {
+    writeFileSync(file, JSON.stringify(db, null, 2));
+}
+function findingId(f) {
+    return `${f.ruleId}:${f.title}`;
+}
+export function trackFindings(findings, dbPath = SLA_FILE) {
+    const db = loadDb(dbPath);
+    const now = new Date().toISOString();
+    const seen = new Set(db.entries.map((e) => e.findingId));
+    for (const f of findings) {
+        const id = findingId(f);
+        if (!seen.has(id)) {
+            db.entries.push({
+                findingId: id,
+                ruleId: f.ruleId,
+                severity: f.severity,
+                title: f.title,
+                firstSeenIso: now,
+                status: "open",
+            });
+            seen.add(id);
+        }
+    }
+    saveDb(dbPath, db);
+    return db;
+}
+export function triageEntry(id, dbPath = SLA_FILE) {
+    const db = loadDb(dbPath);
+    const entry = db.entries.find((e) => e.findingId === id);
+    if (!entry)
+        throw new Error(`Entry not found: ${id}`);
+    entry.triagedIso = new Date().toISOString();
+    entry.status = "triaged";
+    saveDb(dbPath, db);
+}
+export function resolveEntry(id, dbPath = SLA_FILE) {
+    const db = loadDb(dbPath);
+    const entry = db.entries.find((e) => e.findingId === id);
+    if (!entry)
+        throw new Error(`Entry not found: ${id}`);
+    entry.resolvedIso = new Date().toISOString();
+    entry.status = "resolved";
+    saveDb(dbPath, db);
+}
+export function checkViolations(dbPath = SLA_FILE) {
+    const db = loadDb(dbPath);
+    const now = Date.now();
+    const violations = [];
+    for (const entry of db.entries) {
+        const policy = db.policies.find((p) => p.severity === entry.severity);
+        if (!policy)
+            continue;
+        const firstSeen = new Date(entry.firstSeenIso).getTime();
+        const elapsedMs = now - firstSeen;
+        const elapsedHours = Math.round((elapsedMs / 3_600_000) * 10) / 10;
+        if (entry.status === "open" && elapsedHours > policy.responseHours) {
+            violations.push({
+                findingId: entry.findingId,
+                ruleId: entry.ruleId,
+                severity: entry.severity,
+                type: "response",
+                elapsedHours,
+                allowedHours: policy.responseHours,
+            });
+        }
+        if (entry.status !== "resolved" && elapsedHours > policy.resolutionHours) {
+            violations.push({
+                findingId: entry.findingId,
+                ruleId: entry.ruleId,
+                severity: entry.severity,
+                type: "resolution",
+                elapsedHours,
+                allowedHours: policy.resolutionHours,
+            });
+        }
+    }
+    return violations;
+}
+export function getSlaStats(dbPath = SLA_FILE) {
+    const db = loadDb(dbPath);
+    const violations = checkViolations(dbPath);
+    const stats = {
+        total: db.entries.length,
+        open: db.entries.filter((e) => e.status === "open").length,
+        triaged: db.entries.filter((e) => e.status === "triaged").length,
+        resolved: db.entries.filter((e) => e.status === "resolved").length,
+        violations: violations.length,
+        bySeverity: {},
+        avgResponseHours: 0,
+        avgResolutionHours: 0,
+    };
+    for (const entry of db.entries) {
+        if (!stats.bySeverity[entry.severity]) {
+            stats.bySeverity[entry.severity] = { total: 0, open: 0, violations: 0 };
+        }
+        stats.bySeverity[entry.severity].total++;
+        if (entry.status === "open")
+            stats.bySeverity[entry.severity].open++;
+    }
+    for (const v of violations) {
+        if (stats.bySeverity[v.severity]) {
+            stats.bySeverity[v.severity].violations++;
+        }
+    }
+    const triaged = db.entries.filter((e) => e.triagedIso);
+    if (triaged.length > 0) {
+        const totalResponseMs = triaged.reduce((sum, e) => {
+            return sum + (new Date(e.triagedIso).getTime() - new Date(e.firstSeenIso).getTime());
+        }, 0);
+        stats.avgResponseHours = Math.round((totalResponseMs / triaged.length / 3_600_000) * 10) / 10;
+    }
+    const resolved = db.entries.filter((e) => e.resolvedIso);
+    if (resolved.length > 0) {
+        const totalResMs = resolved.reduce((sum, e) => {
+            return sum + (new Date(e.resolvedIso).getTime() - new Date(e.firstSeenIso).getTime());
+        }, 0);
+        stats.avgResolutionHours = Math.round((totalResMs / resolved.length / 3_600_000) * 10) / 10;
+    }
+    return stats;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export async function runSlaTrack(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges sla-track — SLA tracking for security findings
+
+Usage:
+  judges sla-track --input results.json             Track findings from a results file
+  judges sla-track --check                           Check for SLA violations
+  judges sla-track --triage <finding-id>             Mark finding as triaged
+  judges sla-track --resolve <finding-id>            Mark finding as resolved
+  judges sla-track --stats                           Show SLA statistics
+  judges sla-track --set-policy <severity> <resp-h> <res-h>
+
+Options:
+  --input <path>        Results JSON to track
+  --check               Check for SLA violations
+  --triage <id>         Mark a finding as triaged
+  --resolve <id>        Resolve a finding
+  --stats               Show statistics
+  --set-policy          Set SLA for a severity level
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // Track findings from input file
+    const inputPath = argv.find((_a, i) => argv[i - 1] === "--input");
+    if (inputPath) {
+        if (!existsSync(inputPath)) {
+            console.error(`Error: file not found: ${inputPath}`);
+            process.exit(1);
+        }
+        const data = JSON.parse(readFileSync(inputPath, "utf-8"));
+        const findings = data.evaluations
+            ? data.evaluations.flatMap((e) => e.findings || [])
+            : data.findings || data;
+        const db = trackFindings(findings);
+        if (format === "json") {
+            console.log(JSON.stringify(db, null, 2));
+        }
+        else {
+            console.log(`\n  Tracked ${findings.length} findings (${db.entries.length} total in DB)\n`);
+        }
+        return;
+    }
+    // Triage
+    const triageTarget = argv.find((_a, i) => argv[i - 1] === "--triage");
+    if (triageTarget) {
+        triageEntry(triageTarget);
+        console.log(`  Triaged: ${triageTarget}`);
+        return;
+    }
+    // Resolve
+    const resolveTarget = argv.find((_a, i) => argv[i - 1] === "--resolve");
+    if (resolveTarget) {
+        resolveEntry(resolveTarget);
+        console.log(`  Resolved: ${resolveTarget}`);
+        return;
+    }
+    // Set policy
+    if (argv.includes("--set-policy")) {
+        const idx = argv.indexOf("--set-policy");
+        const severity = argv[idx + 1];
+        const respH = parseFloat(argv[idx + 2]);
+        const resH = parseFloat(argv[idx + 3]);
+        if (!severity || isNaN(respH) || isNaN(resH)) {
+            console.error("Error: --set-policy <severity> <response-hours> <resolution-hours>");
+            process.exit(1);
+        }
+        const db = loadDb(SLA_FILE);
+        const existing = db.policies.find((p) => p.severity === severity);
+        if (existing) {
+            existing.responseHours = respH;
+            existing.resolutionHours = resH;
+        }
+        else {
+            db.policies.push({ severity, responseHours: respH, resolutionHours: resH });
+        }
+        saveDb(SLA_FILE, db);
+        console.log(`  SLA policy set: ${severity} → response ${respH}h, resolution ${resH}h`);
+        return;
+    }
+    // Check violations
+    if (argv.includes("--check")) {
+        const violations = checkViolations();
+        if (format === "json") {
+            console.log(JSON.stringify(violations, null, 2));
+        }
+        else if (violations.length === 0) {
+            console.log("\n  ✅ No SLA violations\n");
+        }
+        else {
+            console.log(`\n  ⚠️  ${violations.length} SLA violation(s)\n`);
+            for (const v of violations) {
+                console.log(`    ${v.severity.padEnd(8)} ${v.type.padEnd(10)} ${v.ruleId} — ${v.elapsedHours}h / ${v.allowedHours}h allowed`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Stats (default if --stats or no other flag)
+    const s = getSlaStats();
+    if (format === "json") {
+        console.log(JSON.stringify(s, null, 2));
+    }
+    else {
+        console.log(`
+  SLA Statistics
+  ──────────────────
+  Total tracked:       ${s.total}
+  Open:                ${s.open}
+  Triaged:             ${s.triaged}
+  Resolved:            ${s.resolved}
+  Violations:          ${s.violations}
+  Avg response time:   ${s.avgResponseHours}h
+  Avg resolution time: ${s.avgResolutionHours}h
+`);
+        for (const [sev, data] of Object.entries(s.bySeverity)) {
+            console.log(`    ${sev.padEnd(10)} ${data.total} total, ${data.open} open, ${data.violations} violations`);
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=sla-track.js.map

package/dist/commands/sla-track.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sla-track.js","sourceRoot":"","sources":["../../src/commands/sla-track.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AA6B7D,+EAA+E;AAE/E,MAAM,gBAAgB,GAAgB;IACpC,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE;IAC/D,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE;IAC5D,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE;IAC/D,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE;IAC7D,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE;CAChE,CAAC;AAEF,MAAM,QAAQ,GAAG,kBAAkB,CAAC;AAEpC,+EAA+E;AAE/E,SAAS,MAAM,CAAC,IAAY;IAC1B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IAC1E,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,MAAM,CAAC,IAAY,EAAE,EAAS;IACrC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,OAAO,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,QAAmB,EAAE,MAAM,GAAG,QAAQ;IAClE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAEzD,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YAClB,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;gBACd,SAAS,EAAE,EAAE;gBACb,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,YAAY,EAAE,GAAG;gBACjB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IAED,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACnB,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,EAAU,EAAE,MAAM,GAAG,QAAQ;IACvD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IACtD,KAAK,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC;IACzB,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,EAAU,EAAE,MAAM,GAAG,QAAQ;IACxD,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,KAAK,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;IACtD,KAAK,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC7C,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC;IAC1B,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACrB,CAAC;AAWD,MAAM,UAAU,eAAe,CAAC,MAAM,GAAG,QAAQ;IAC/C,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAmB,EAAE,CAAC;IAEtC,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,QAAQ,CAAC,CAAC;QACtE,IAAI,CAAC,MAAM;YAAE,SAAS;QAEtB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC;QACzD,MAAM,SAAS,GAAG,GAAG,GAAG,SAAS,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAEnE,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,IAAI,YAAY,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;YACnE,UAAU,CAAC,IAAI,CAAC;gBACd,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,UAAU;gBAChB,YAAY;gBACZ,YAAY,EAAE,MAAM,CAAC,aAAa;aACnC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,UAAU,IAAI,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;YACzE,UAAU,CAAC,IAAI,CAAC;gBACd,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,IAAI,EAAE,YAAY;gBAClB,YAAY;gBACZ,YAAY,EAAE,MAAM,CAAC,eAAe;aACrC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAM,GAAG,QAAQ;IAU3C,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAE3C,MAAM,KAAK,GAAG;QACZ,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM;QACxB,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM;QAC1D,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM;QAChE,QAAQ,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,MAAM;QAClE,UAAU,EAAE,UAAU,CAAC,MAAM;QAC7B,UAAU,EAAE,EAAyE;QACrF,gBAAgB,EAAE,CAAC;QACnB,kBAAkB,EAAE,CAAC;KACtB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtC,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;QAC1E,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,KAAK,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM;YAAE,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;IACvE,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACvD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;YAChD,OAAO,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,UAAW,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC,EAAE,CAAC,CAAC,CAAC;QACN,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,eAAe,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;IAChG,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACzD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;YAC5C,OAAO,GAAG,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,WAAY,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACzF,CAAC,EAAE,CAAC,CAAC,CAAC;QACN,KAAK,CAAC,kBAAkB,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,UAAU,GAAG,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;IAC9F,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,iCAAiC;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAClF,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAc,IAAI,CAAC,WAAW;YAC1C,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAA2B,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC7E,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC;QAE1B,MAAM,EAAE,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,CAAC,MAAM,cAAc,EAAE,CAAC,OAAO,CAAC,MAAM,iBAAiB,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO;IACT,CAAC;IAED,SAAS;IACT,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC;IACtF,IAAI,YAAY,EAAE,CAAC;QACjB,WAAW,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,EAAE,CAAC,CAAC;QAC1C,OAAO;IACT,CAAC;IAED,UAAU;IACV,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC;IACxF,IAAI,aAAa,EAAE,CAAC;QAClB,YAAY,CAAC,aAAa,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,eAAe,aAAa,EAAE,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,aAAa;IACb,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAC/B,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,KAAK,CAAC,oEAAoE,CAAC,CAAC;YACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC5B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;QAClE,IAAI,QAAQ,EAAE,CAAC;YACb,QAAQ,CAAC,aAAa,GAAG,KAAK,CAAC;YAC/B,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9E,CAAC;QACD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,qBAAqB,QAAQ,eAAe,KAAK,iBAAiB,IAAI,GAAG,CAAC,CAAC;QACvF,OAAO;IACT,CAAC;IAED,mBAAmB;IACnB,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,eAAe,EAAE,CAAC;QACrC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,WAAW,UAAU,CAAC,MAAM,qBAAqB,CAAC,CAAC;YAC/D,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,MAAM,CAAC,CAAC,YAAY,OAAO,CAAC,CAAC,YAAY,WAAW,CACjH,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,8CAA8C;IAC9C,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC;;;yBAGS,CAAC,CAAC,KAAK;yBACP,CAAC,CAAC,IAAI;yBACN,CAAC,CAAC,OAAO;yBACT,CAAC,CAAC,QAAQ;yBACV,CAAC,CAAC,UAAU;yBACZ,CAAC,CAAC,gBAAgB;yBAClB,CAAC,CAAC,kBAAkB;CAC5C,CAAC,CAAC;QACC,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,IAAI,UAAU,IAAI,CAAC,UAAU,aAAa,CAAC,CAAC;QAC7G,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/smart-select.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Smart judge selection — auto-select relevant judges based on file content.
+ *
+ * Avoids running irrelevant judges (e.g., SQL judge on .tsx files,
+ * IaC judge on .py files) to improve evaluation speed and reduce noise.
+ *
+ * Used internally by the evaluation pipeline when `smartSelect: true`.
+ */
+export interface JudgeRelevance {
+    judgeId: string;
+    relevant: boolean;
+    reason: string;
+}
+/**
+ * Select relevant judges for a given file based on its language and content.
+ * Returns the list of judge IDs that should be run.
+ */
+export declare function selectJudgesForFile(language: string, code: string, availableJudges?: string[]): JudgeRelevance[];
+/**
+ * Get just the relevant judge IDs for a file.
+ */
+export declare function getRelevantJudges(language: string, code: string, availableJudges?: string[]): string[];
+/**
+ * CLI: Show judge selection for a file.
+ */
+export declare function runSmartSelect(argv: string[]): void;
+//# sourceMappingURL=smart-select.d.ts.map

package/dist/commands/smart-select.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"smart-select.d.ts","sourceRoot":"","sources":["../../src/commands/smart-select.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AA8ND;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,GAAG,cAAc,EAAE,CAiChH;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAItG;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkGnD"}