@kevinrabun/judges 3.46.0 → 3.48.0

package/dist/commands/ai-prompt-audit.js

@@ -0,0 +1,255 @@
+/**
+ * AI prompt audit — scans AI-generated code for prompt injection
+ * risks: user input echoed into SQL, shell, config, etc.
+ *
+ * Pattern-based analysis only — no data stored externally.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+const AUDIT_DIR = ".judges-prompt-audit";
+const AUDIT_FILE = join(AUDIT_DIR, "audit-history.json");
+const RISK_PATTERNS = [
+    {
+        id: "sql-template-literal",
+        regex: /`[^`]*\$\{[^}]*(?:user|input|param|query|req\.|request|body|args)[^}]*\}[^`]*(?:SELECT|INSERT|UPDATE|DELETE|FROM|WHERE)/i,
+        severity: "critical",
+        description: "Template literal with user input in SQL context",
+        recommendation: "Use parameterized queries ($1, $2) instead of string interpolation",
+    },
+    {
+        id: "sql-concat",
+        regex: /(?:query|sql|execute|prepare)\s*\([^)]*(?:\+|\bconcat)\s*[^)]*(?:user|input|param|req\.|request|body)/i,
+        severity: "critical",
+        description: "String concatenation with user input in SQL query",
+        recommendation: "Use parameterized queries with placeholder values",
+    },
+    {
+        id: "shell-injection",
+        regex: /(?:exec|spawn|execSync|execFile|system|popen)\s*\([^)]*(?:\$\{|[\s+].*(?:user|input|param|req\.|args))/i,
+        severity: "critical",
+        description: "User input in shell command execution",
+        recommendation: "Use execFile with argument array, or validate against an allowlist",
+    },
+    {
+        id: "eval-user-input",
+        regex: /(?:eval|Function|setTimeout|setInterval)\s*\([^)]*(?:user|input|param|req\.|request|body|query)/i,
+        severity: "critical",
+        description: "User input passed to eval or dynamic code execution",
+        recommendation: "Never use eval with user input; use safe parsers instead",
+    },
+    {
+        id: "innerHTML-assignment",
+        regex: /\.innerHTML\s*=\s*(?!['"`](?:''|""|``)).*(?:user|input|param|data|response|result)/i,
+        severity: "high",
+        description: "Dynamic content assigned to innerHTML without sanitization",
+        recommendation: "Use textContent for text or a sanitization library (DOMPurify) for HTML",
+    },
+    {
+        id: "hardcoded-secret",
+        regex: /(?:password|secret|api_key|apiKey|token|auth)\s*[:=]\s*['"][^'"]{8,}['"]/i,
+        severity: "high",
+        description: "Hardcoded credential or secret in source code",
+        recommendation: "Use environment variables or a secrets manager",
+    },
+    {
+        id: "url-user-input",
+        regex: /(?:fetch|axios|http\.get|request|got)\s*\([^)]*(?:\$\{|[\s+].*(?:user|input|param|req\.|url|host))/i,
+        severity: "high",
+        description: "User-controlled URL in HTTP request (SSRF risk)",
+        recommendation: "Validate URLs against an allowlist and block private IP ranges",
+    },
+    {
+        id: "path-traversal",
+        regex: /(?:readFile|readFileSync|createReadStream|writeFile|writeFileSync|unlink|rmdir)\s*\([^)]*(?:\$\{|[\s+].*(?:user|input|param|req\.|path|file|name))/i,
+        severity: "high",
+        description: "User input in file system operation (path traversal risk)",
+        recommendation: "Sanitize paths with path.resolve and validate within allowed directory",
+    },
+    {
+        id: "prompt-echo",
+        regex: /(?:\/\/|#)\s*(?:TODO|FIXME|HACK|generated|copilot|cursor|claude|gpt|ai)[:\s].*(?:user|implement|replace|change)/i,
+        severity: "medium",
+        description: "AI prompt remnant in code comment — may expose intent or instructions",
+        recommendation: "Remove AI generation comments and prompt artifacts before committing",
+    },
+    {
+        id: "cors-wildcard",
+        regex: /(?:Access-Control-Allow-Origin|cors|origin)\s*[:=]\s*['"`]\*['"`]/i,
+        severity: "medium",
+        description: "Wildcard CORS allows any origin to access the API",
+        recommendation: "Restrict CORS to specific trusted origins",
+    },
+];
+// ─── Core ───────────────────────────────────────────────────────────────────
+function ensureDir() {
+    if (!existsSync(AUDIT_DIR))
+        mkdirSync(AUDIT_DIR, { recursive: true });
+}
+function loadStore() {
+    if (!existsSync(AUDIT_FILE))
+        return { results: [], updatedAt: new Date().toISOString() };
+    try {
+        return JSON.parse(readFileSync(AUDIT_FILE, "utf-8"));
+    }
+    catch {
+        return { results: [], updatedAt: new Date().toISOString() };
+    }
+}
+function saveStore(store) {
+    ensureDir();
+    store.updatedAt = new Date().toISOString();
+    writeFileSync(AUDIT_FILE, JSON.stringify(store, null, 2));
+}
+export function auditFile(filePath) {
+    const content = readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    const risks = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pattern of RISK_PATTERNS) {
+            if (pattern.regex.test(line)) {
+                risks.push({
+                    line: i + 1,
+                    pattern: pattern.id,
+                    severity: pattern.severity,
+                    description: pattern.description,
+                    recommendation: pattern.recommendation,
+                });
+            }
+        }
+    }
+    // Risk score: critical=30, high=15, medium=5
+    const riskScore = risks.reduce((sum, r) => {
+        if (r.severity === "critical")
+            return sum + 30;
+        if (r.severity === "high")
+            return sum + 15;
+        return sum + 5;
+    }, 0);
+    const result = {
+        file: filePath,
+        risks,
+        riskScore: Math.min(100, riskScore),
+        timestamp: new Date().toISOString(),
+    };
+    // Persist
+    const store = loadStore();
+    store.results.push(result);
+    if (store.results.length > 200)
+        store.results = store.results.slice(-200);
+    saveStore(store);
+    return result;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runAiPromptAudit(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges ai-prompt-audit — Scan for prompt injection risks in AI-generated code
+
+Usage:
+  judges ai-prompt-audit --file src/app.ts
+  judges ai-prompt-audit --patterns
+  judges ai-prompt-audit --history
+  judges ai-prompt-audit --summary
+
+Options:
+  --file <path>           Scan a file for prompt injection risks
+  --patterns              Show all detection patterns
+  --history               Show audit history
+  --summary               Show risk summary across all audits
+  --format json           JSON output
+  --help, -h              Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // Patterns
+    if (argv.includes("--patterns")) {
+        const patterns = RISK_PATTERNS.map(({ id, severity, description, recommendation }) => ({
+            id,
+            severity,
+            description,
+            recommendation,
+        }));
+        if (format === "json") {
+            console.log(JSON.stringify(patterns, null, 2));
+        }
+        else {
+            console.log(`\n  Prompt Audit Patterns (${patterns.length})\n  ──────────────────────────`);
+            for (const p of patterns) {
+                console.log(`    [${p.severity.padEnd(8)}] ${p.id.padEnd(25)} ${p.description}`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // History
+    if (argv.includes("--history")) {
+        const store = loadStore();
+        if (format === "json") {
+            console.log(JSON.stringify(store, null, 2));
+        }
+        else {
+            console.log(`\n  Audit History (${store.results.length} scans)\n  ──────────────────────────`);
+            for (const r of store.results.slice(-15)) {
+                const icon = r.riskScore === 0 ? "✅" : r.riskScore >= 50 ? "🔴" : "⚠️";
+                console.log(`    ${icon} ${r.timestamp.slice(0, 16)}  risk:${r.riskScore.toString().padEnd(4)} ${r.risks.length} issues  ${r.file}`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Summary
+    if (argv.includes("--summary")) {
+        const store = loadStore();
+        const totalRisks = store.results.reduce((s, r) => s + r.risks.length, 0);
+        const critCount = store.results.reduce((s, r) => s + r.risks.filter((x) => x.severity === "critical").length, 0);
+        const highCount = store.results.reduce((s, r) => s + r.risks.filter((x) => x.severity === "high").length, 0);
+        const avgScore = store.results.length > 0
+            ? Math.round(store.results.reduce((s, r) => s + r.riskScore, 0) / store.results.length)
+            : 0;
+        if (format === "json") {
+            console.log(JSON.stringify({ totalScans: store.results.length, totalRisks, critCount, highCount, avgScore }, null, 2));
+        }
+        else {
+            console.log(`\n  Prompt Audit Summary\n  ──────────────────────────`);
+            console.log(`  Scans:    ${store.results.length}`);
+            console.log(`  Risks:    ${totalRisks} (${critCount} critical, ${highCount} high)`);
+            console.log(`  Avg risk: ${avgScore}/100`);
+            console.log("");
+        }
+        return;
+    }
+    // Scan file
+    const filePath = argv.find((_a, i) => argv[i - 1] === "--file");
+    if (!filePath) {
+        console.error("  Use --file <path>, --patterns, --history, or --summary. --help for usage.");
+        return;
+    }
+    if (!existsSync(filePath)) {
+        console.error(`  File not found: ${filePath}`);
+        return;
+    }
+    const result = auditFile(filePath);
+    if (format === "json") {
+        console.log(JSON.stringify(result, null, 2));
+    }
+    else {
+        const icon = result.riskScore === 0 ? "✅" : result.riskScore >= 50 ? "🔴" : "⚠️";
+        console.log(`\n  ${icon} Prompt Audit — ${filePath}`);
+        console.log(`  Risk score: ${result.riskScore}/100 | Issues: ${result.risks.length}`);
+        console.log(`  ──────────────────────────`);
+        if (result.risks.length === 0) {
+            console.log("    No prompt injection risks detected.");
+        }
+        else {
+            for (const r of result.risks) {
+                console.log(`    L${r.line.toString().padEnd(5)} [${r.severity.padEnd(8)}] ${r.pattern}`);
+                console.log(`           ${r.description}`);
+                console.log(`           Fix: ${r.recommendation}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=ai-prompt-audit.js.map

package/dist/commands/ai-prompt-audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-prompt-audit.js","sourceRoot":"","sources":["../../src/commands/ai-prompt-audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAwB5B,MAAM,SAAS,GAAG,sBAAsB,CAAC;AACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;AAYzD,MAAM,aAAa,GAAkB;IACnC;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EACH,0HAA0H;QAC5H,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,iDAAiD;QAC9D,cAAc,EAAE,oEAAoE;KACrF;IACD;QACE,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,wGAAwG;QAC/G,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,cAAc,EAAE,mDAAmD;KACpE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,yGAAyG;QAChH,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,uCAAuC;QACpD,cAAc,EAAE,oEAAoE;KACrF;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,KAAK,EAAE,kGAAkG;QACzG,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,qDAAqD;QAClE,cAAc,EAAE,0DAA0D;KAC3E;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,qFAAqF;QAC5F,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,4DAA4D;QACzE,cAAc,EAAE,yEAAyE;KAC1F;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,2EAA2E;QAClF,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+CAA+C;QAC5D,cAAc,EAAE,gDAAgD;KACjE;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,qGAAqG;QAC5G,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,iDAAiD;QAC9D,cAAc,EAAE,gEAAgE;KACjF;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EACH,qJAAqJ;QACvJ,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,2DAA2D;QACxE,cAAc,EAAE,wEAAwE;KACzF;IACD;QACE,EAAE,EAAE,aAAa;QACjB,KAAK,EACH,kHAAkH;QACpH,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,uEAAuE;QACpF,cAAc,EAAE,sEAAsE;KACvF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,oEAAoE;QAC3E,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,mDAAmD;QAChE,cAAc,EAAE,2CAA2C;KAC5D;CACF,CAAC;AAEF,+EAA+E;AAE/E,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IACzF,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC9D,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAiB;IAClC,SAAS,EAAE,CAAC;IACZ,KAAK,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,OAAO,EAAE,OAAO,CAAC,EAAE;oBACnB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;oBAChC,cAAc,EAAE,OAAO,CAAC,cAAc;iBACvC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACxC,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,OAAO,GAAG,GAAG,EAAE,CAAC;QAC/C,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,OAAO,GAAG,GAAG,EAAE,CAAC;QAC3C,OAAO,GAAG,GAAG,CAAC,CAAC;IACjB,CAAC,EAAE,CAAC,CAAC,CAAC;IAEN,MAAM,MAAM,GAAgB;QAC1B,IAAI,EAAE,QAAQ;QACd,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,CAAC;QACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,UAAU;IACV,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3B,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG;QAAE,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;IAC1E,SAAS,CAAC,KAAK,CAAC,CAAC;IAEjB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;CAgBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,WAAW;IACX,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAC;YACrF,EAAE;YACF,QAAQ;YACR,WAAW;YACX,cAAc;SACf,CAAC,CAAC,CAAC;QACJ,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,8BAA8B,QAAQ,CAAC,MAAM,iCAAiC,CAAC,CAAC;YAC5F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACnF,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,UAAU;IACV,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,OAAO,CAAC,MAAM,uCAAuC,CAAC,CAAC;YAC/F,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;gBACvE,OAAO,CAAC,GAAG,CACT,OAAO,IAAI,IAAI,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,YAAY,CAAC,CAAC,IAAI,EAAE,CACxH,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,UAAU;IACV,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACjH,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7G,MAAM,QAAQ,GACZ,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YACtB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;YACvF,CAAC,CAAC,CAAC,CAAC;QACR,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAC1G,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;YACtE,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,eAAe,UAAU,KAAK,SAAS,cAAc,SAAS,QAAQ,CAAC,CAAC;YACpF,OAAO,CAAC,GAAG,CAAC,eAAe,QAAQ,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,YAAY;IACZ,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAChF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,6EAA6E,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACnC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QACjF,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,mBAAmB,QAAQ,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,SAAS,kBAAkB,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC1F,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC3C,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/audit-trail.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Audit trail — chain-of-custody tracking for findings,
+ * recording who reviewed, voted, suppressed, or resolved each finding.
+ *
+ * All data stored locally in .judges-audit-trail/.
+ */
+interface AuditEvent {
+    id: string;
+    findingId: string;
+    action: "created" | "reviewed" | "suppressed" | "resolved" | "reopened" | "escalated" | "voted";
+    actor: string;
+    detail: string;
+    timestamp: string;
+}
+export declare function recordEvent(findingId: string, action: AuditEvent["action"], actor: string, detail: string): AuditEvent;
+export declare function runAuditTrail(argv: string[]): void;
+export {};
+//# sourceMappingURL=audit-trail.d.ts.map

package/dist/commands/audit-trail.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-trail.d.ts","sourceRoot":"","sources":["../../src/commands/audit-trail.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,UAAU,UAAU;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,YAAY,GAAG,UAAU,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;IAChG,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAmCD,wBAAgB,WAAW,CACzB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,UAAU,CAgBZ;AAID,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkHlD"}

package/dist/commands/audit-trail.js

@@ -0,0 +1,155 @@
+/**
+ * Audit trail — chain-of-custody tracking for findings,
+ * recording who reviewed, voted, suppressed, or resolved each finding.
+ *
+ * All data stored locally in .judges-audit-trail/.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+const TRAIL_DIR = ".judges-audit-trail";
+const TRAIL_FILE = join(TRAIL_DIR, "trail.json");
+// ─── Core ───────────────────────────────────────────────────────────────────
+function ensureDir() {
+    if (!existsSync(TRAIL_DIR))
+        mkdirSync(TRAIL_DIR, { recursive: true });
+}
+function loadStore() {
+    if (!existsSync(TRAIL_FILE))
+        return { events: [], updatedAt: new Date().toISOString() };
+    try {
+        return JSON.parse(readFileSync(TRAIL_FILE, "utf-8"));
+    }
+    catch {
+        return { events: [], updatedAt: new Date().toISOString() };
+    }
+}
+function saveStore(store) {
+    ensureDir();
+    store.updatedAt = new Date().toISOString();
+    writeFileSync(TRAIL_FILE, JSON.stringify(store, null, 2));
+}
+function generateId() {
+    return `evt-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+}
+export function recordEvent(findingId, action, actor, detail) {
+    const event = {
+        id: generateId(),
+        findingId,
+        action,
+        actor,
+        detail,
+        timestamp: new Date().toISOString(),
+    };
+    const store = loadStore();
+    store.events.push(event);
+    if (store.events.length > 2000)
+        store.events = store.events.slice(-2000);
+    saveStore(store);
+    return event;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runAuditTrail(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges audit-trail — Finding chain-of-custody tracking
+
+Usage:
+  judges audit-trail --record --finding SEC-001 --action reviewed --actor "alice@co.com" --detail "Confirmed valid"
+  judges audit-trail --finding SEC-001
+  judges audit-trail --actor "alice@co.com"
+  judges audit-trail --summary
+  judges audit-trail --export
+
+Options:
+  --record                Record a new audit event
+  --finding <id>          Filter by finding/rule ID
+  --action <type>         Event type: created, reviewed, suppressed, resolved, reopened, escalated, voted
+  --actor <name>          Who performed the action
+  --detail <text>         Additional context
+  --summary               Show audit trail summary
+  --export                Export full audit trail
+  --format json           JSON output
+  --help, -h              Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // Record event
+    if (argv.includes("--record")) {
+        const finding = argv.find((_a, i) => argv[i - 1] === "--finding") || "unknown";
+        const action = (argv.find((_a, i) => argv[i - 1] === "--action") ||
+            "reviewed");
+        const actor = argv.find((_a, i) => argv[i - 1] === "--actor") || "anonymous";
+        const detail = argv.find((_a, i) => argv[i - 1] === "--detail") || "";
+        const event = recordEvent(finding, action, actor, detail);
+        if (format === "json") {
+            console.log(JSON.stringify(event, null, 2));
+        }
+        else {
+            console.log(`  ✅ Audit event recorded: ${event.id}`);
+            console.log(`     ${event.action} ${event.findingId} by ${event.actor}`);
+        }
+        return;
+    }
+    // Summary
+    if (argv.includes("--summary")) {
+        const store = loadStore();
+        const actionCounts = new Map();
+        const actorCounts = new Map();
+        for (const e of store.events) {
+            actionCounts.set(e.action, (actionCounts.get(e.action) || 0) + 1);
+            actorCounts.set(e.actor, (actorCounts.get(e.actor) || 0) + 1);
+        }
+        if (format === "json") {
+            console.log(JSON.stringify({
+                totalEvents: store.events.length,
+                actions: Object.fromEntries(actionCounts),
+                actors: Object.fromEntries(actorCounts),
+            }, null, 2));
+        }
+        else {
+            console.log(`\n  Audit Trail Summary\n  ──────────────────────────`);
+            console.log(`  Total events: ${store.events.length}`);
+            if (actionCounts.size > 0) {
+                console.log(`\n  By action:`);
+                for (const [action, count] of actionCounts) {
+                    console.log(`    ${action.padEnd(15)} ${count}`);
+                }
+            }
+            if (actorCounts.size > 0) {
+                console.log(`\n  By actor:`);
+                for (const [actor, count] of actorCounts) {
+                    console.log(`    ${actor.padEnd(25)} ${count} events`);
+                }
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Export
+    if (argv.includes("--export")) {
+        const store = loadStore();
+        console.log(JSON.stringify(store, null, 2));
+        return;
+    }
+    // Filter by finding
+    const findingFilter = argv.find((_a, i) => argv[i - 1] === "--finding");
+    const actorFilter = argv.find((_a, i) => argv[i - 1] === "--actor");
+    const store = loadStore();
+    let events = store.events;
+    if (findingFilter)
+        events = events.filter((e) => e.findingId === findingFilter);
+    if (actorFilter)
+        events = events.filter((e) => e.actor === actorFilter);
+    if (format === "json") {
+        console.log(JSON.stringify(events, null, 2));
+    }
+    else {
+        console.log(`\n  Audit Trail (${events.length} events)\n  ──────────────────────────`);
+        for (const e of events.slice(-20)) {
+            console.log(`    ${e.timestamp.slice(0, 16)}  ${e.action.padEnd(12)} ${e.findingId.padEnd(12)} ${e.actor} ${e.detail ? `— ${e.detail}` : ""}`);
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=audit-trail.js.map

package/dist/commands/audit-trail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-trail.js","sourceRoot":"","sources":["../../src/commands/audit-trail.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAkB5B,MAAM,SAAS,GAAG,qBAAqB,CAAC;AACxC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AAEjD,+EAA+E;AAE/E,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IACxF,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAsB;IACvC,SAAS,EAAE,CAAC;IACZ,KAAK,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,SAAiB,EACjB,MAA4B,EAC5B,KAAa,EACb,MAAc;IAEd,MAAM,KAAK,GAAe;QACxB,EAAE,EAAE,UAAU,EAAE;QAChB,SAAS;QACT,MAAM;QACN,KAAK;QACL,MAAM;QACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI;QAAE,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;IACzE,SAAS,CAAC,KAAK,CAAC,CAAC;IAEjB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,aAAa,CAAC,IAAc;IAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,eAAe;IACf,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,WAAW,CAAC,IAAI,SAAS,CAAC;QAC/F,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC;YAC9E,UAAU,CAAyB,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,IAAI,WAAW,CAAC;QAC7F,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;QAEtF,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,SAAS,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO;IACT,CAAC;IAED,UAAU;IACV,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YAC7B,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAClE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;gBACE,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;gBAChC,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC;gBACzC,MAAM,EAAE,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC;aACxC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACtD,IAAI,YAAY,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC9B,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,YAAY,EAAE,CAAC;oBAC3C,OAAO,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YACD,IAAI,WAAW,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;gBAC7B,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC;oBACzC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,SAAS;IACT,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,OAAO;IACT,CAAC;IAED,oBAAoB;IACpB,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC;IACxF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAEpF,MAAM,KAAK,GAAG,SAAS,EAAE,CAAC;IAC1B,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,IAAI,aAAa;QAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,aAAa,CAAC,CAAC;IAChF,IAAI,WAAW;QAAE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,WAAW,CAAC,CAAC;IAExE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAM,CAAC,MAAM,wCAAwC,CAAC,CAAC;QACvF,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAClI,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/auto-fix.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Auto-fix — generates safe, automated fix suggestions for
+ * common finding patterns. All processing is local.
+ */
+interface FixSuggestion {
+    ruleId: string;
+    title: string;
+    file: string;
+    line: number;
+    before: string;
+    after: string;
+    confidence: number;
+    timestamp: string;
+}
+export declare function suggestFix(ruleId: string, file: string, line: number): FixSuggestion | null;
+export declare function runAutoFix(argv: string[]): void;
+export {};
+//# sourceMappingURL=auto-fix.d.ts.map

package/dist/commands/auto-fix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-fix.d.ts","sourceRoot":"","sources":["../../src/commands/auto-fix.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAgBH,UAAU,aAAa;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAqHD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAqB3F;AAID,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoH/C"}