@kevinrabun/judges 3.46.0 → 3.48.0

package/dist/commands/cost-forecast.js

@@ -0,0 +1,194 @@
+/**
+ * Cost forecast — projects 30/60/90-day security debt and
+ * remediation cost trends from local finding history.
+ *
+ * All data stays local — no upload or external services.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { join } from "path";
+const COST_DIR = ".judges-cost-forecast";
+const COST_FILE = join(COST_DIR, "history.json");
+// Cost per finding by severity (industry averages, configurable)
+const DEFAULT_COST_PER_FINDING = {
+    critical: 15000,
+    high: 5000,
+    medium: 1500,
+    low: 300,
+};
+// ─── Core ───────────────────────────────────────────────────────────────────
+function ensureDir() {
+    if (!existsSync(COST_DIR))
+        mkdirSync(COST_DIR, { recursive: true });
+}
+function loadHistory() {
+    if (!existsSync(COST_FILE)) {
+        return { snapshots: [], projections: [], trend: "stable", updatedAt: new Date().toISOString() };
+    }
+    try {
+        return JSON.parse(readFileSync(COST_FILE, "utf-8"));
+    }
+    catch {
+        return { snapshots: [], projections: [], trend: "stable", updatedAt: new Date().toISOString() };
+    }
+}
+function saveHistory(data) {
+    ensureDir();
+    data.updatedAt = new Date().toISOString();
+    writeFileSync(COST_FILE, JSON.stringify(data, null, 2));
+}
+function estimateCost(snap) {
+    return (snap.critical * DEFAULT_COST_PER_FINDING.critical +
+        snap.high * DEFAULT_COST_PER_FINDING.high +
+        snap.medium * DEFAULT_COST_PER_FINDING.medium +
+        snap.low * DEFAULT_COST_PER_FINDING.low);
+}
+export function recordSnapshot(critical, high, medium, low) {
+    const totalFindings = critical + high + medium + low;
+    const estimatedCostVal = estimateCost({ critical, high, medium, low });
+    const snapshot = {
+        date: new Date().toISOString().slice(0, 10),
+        critical,
+        high,
+        medium,
+        low,
+        totalFindings,
+        estimatedCost: estimatedCostVal,
+    };
+    const history = loadHistory();
+    history.snapshots.push(snapshot);
+    if (history.snapshots.length > 365)
+        history.snapshots = history.snapshots.slice(-365);
+    // Compute trend
+    if (history.snapshots.length >= 2) {
+        const recent = history.snapshots.slice(-5);
+        const first = recent[0].estimatedCost;
+        const last = recent[recent.length - 1].estimatedCost;
+        if (last < first * 0.9)
+            history.trend = "improving";
+        else if (last > first * 1.1)
+            history.trend = "degrading";
+        else
+            history.trend = "stable";
+    }
+    // Project forward
+    history.projections = [];
+    const avgRate = history.snapshots.length >= 2
+        ? (history.snapshots[history.snapshots.length - 1].totalFindings - history.snapshots[0].totalFindings) /
+            history.snapshots.length
+        : 0;
+    const currentFindings = totalFindings;
+    const currentCost = estimatedCostVal;
+    for (const period of [30, 60, 90]) {
+        const projFindings = Math.max(0, Math.round(currentFindings + avgRate * period));
+        const projCost = Math.round(currentCost * (projFindings / Math.max(1, currentFindings)));
+        history.projections.push({
+            period: `${period}-day`,
+            estimatedCost: projCost,
+            findings: projFindings,
+        });
+    }
+    saveHistory(history);
+    return snapshot;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runCostForecast(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges cost-forecast — Security debt cost projections
+
+Usage:
+  judges cost-forecast --record --critical 2 --high 5 --medium 12 --low 20
+  judges cost-forecast --report
+  judges cost-forecast --projections
+  judges cost-forecast --cost-table
+
+Options:
+  --record                  Record a new cost snapshot
+  --critical <n>            Number of critical findings (default: 0)
+  --high <n>                Number of high findings (default: 0)
+  --medium <n>              Number of medium findings (default: 0)
+  --low <n>                 Number of low findings (default: 0)
+  --report                  Show full cost history and trends
+  --projections             Show 30/60/90-day projections
+  --cost-table              Show cost-per-finding table
+  --format json             JSON output
+  --help, -h                Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // Cost table
+    if (argv.includes("--cost-table")) {
+        if (format === "json") {
+            console.log(JSON.stringify(DEFAULT_COST_PER_FINDING, null, 2));
+        }
+        else {
+            console.log(`\n  Cost Per Finding (Industry Averages)\n  ──────────────────────────`);
+            console.log(`    Critical:  $${DEFAULT_COST_PER_FINDING.critical.toLocaleString()}`);
+            console.log(`    High:      $${DEFAULT_COST_PER_FINDING.high.toLocaleString()}`);
+            console.log(`    Medium:    $${DEFAULT_COST_PER_FINDING.medium.toLocaleString()}`);
+            console.log(`    Low:       $${DEFAULT_COST_PER_FINDING.low.toLocaleString()}`);
+            console.log(`\n  Based on: NIST/Ponemon incident cost research\n`);
+        }
+        return;
+    }
+    // Record snapshot
+    if (argv.includes("--record")) {
+        const critical = parseInt(argv.find((_a, i) => argv[i - 1] === "--critical") || "0", 10);
+        const high = parseInt(argv.find((_a, i) => argv[i - 1] === "--high") || "0", 10);
+        const medium = parseInt(argv.find((_a, i) => argv[i - 1] === "--medium") || "0", 10);
+        const low = parseInt(argv.find((_a, i) => argv[i - 1] === "--low") || "0", 10);
+        const snap = recordSnapshot(critical, high, medium, low);
+        if (format === "json") {
+            console.log(JSON.stringify(snap, null, 2));
+        }
+        else {
+            console.log(`\n  ✅ Cost Snapshot Recorded — ${snap.date}`);
+            console.log(`     Findings: ${snap.totalFindings} (C:${snap.critical} H:${snap.high} M:${snap.medium} L:${snap.low})`);
+            console.log(`     Estimated cost: $${snap.estimatedCost.toLocaleString()}\n`);
+        }
+        return;
+    }
+    // Projections
+    if (argv.includes("--projections")) {
+        const history = loadHistory();
+        if (history.projections.length === 0) {
+            console.log("  No data yet. Record snapshots with --record first.");
+            return;
+        }
+        if (format === "json") {
+            console.log(JSON.stringify(history.projections, null, 2));
+        }
+        else {
+            console.log(`\n  Cost Projections (trend: ${history.trend})\n  ──────────────────────────`);
+            for (const p of history.projections) {
+                console.log(`    ${p.period.padEnd(10)} ${p.findings.toString().padEnd(8)} findings  $${p.estimatedCost.toLocaleString()}`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Full report
+    const history = loadHistory();
+    if (format === "json") {
+        console.log(JSON.stringify(history, null, 2));
+    }
+    else {
+        console.log(`\n  Cost Forecast Report\n  ──────────────────────────`);
+        console.log(`  Trend: ${history.trend} | Snapshots: ${history.snapshots.length}`);
+        if (history.snapshots.length > 0) {
+            console.log(`\n  Recent History:`);
+            for (const s of history.snapshots.slice(-10)) {
+                console.log(`    ${s.date}  ${s.totalFindings.toString().padEnd(6)} findings  $${s.estimatedCost.toLocaleString()}`);
+            }
+        }
+        if (history.projections.length > 0) {
+            console.log(`\n  Projections:`);
+            for (const p of history.projections) {
+                console.log(`    ${p.period.padEnd(10)} ${p.findings.toString().padEnd(6)} findings  $${p.estimatedCost.toLocaleString()}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=cost-forecast.js.map

package/dist/commands/cost-forecast.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-forecast.js","sourceRoot":"","sources":["../../src/commands/cost-forecast.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAqB5B,MAAM,QAAQ,GAAG,uBAAuB,CAAC;AACzC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;AAEjD,iEAAiE;AACjE,MAAM,wBAAwB,GAA2B;IACvD,QAAQ,EAAE,KAAK;IACf,IAAI,EAAE,IAAI;IACV,MAAM,EAAE,IAAI;IACZ,GAAG,EAAE,GAAG;CACT,CAAC;AAEF,+EAA+E;AAE/E,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC;AAED,SAAS,WAAW;IAClB,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAClG,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAClG,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAAkB;IACrC,SAAS,EAAE,CAAC;IACZ,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC1C,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,YAAY,CAAC,IAAoE;IACxF,OAAO,CACL,IAAI,CAAC,QAAQ,GAAG,wBAAwB,CAAC,QAAQ;QACjD,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC,IAAI;QACzC,IAAI,CAAC,MAAM,GAAG,wBAAwB,CAAC,MAAM;QAC7C,IAAI,CAAC,GAAG,GAAG,wBAAwB,CAAC,GAAG,CACxC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY,EAAE,MAAc,EAAE,GAAW;IACxF,MAAM,aAAa,GAAG,QAAQ,GAAG,IAAI,GAAG,MAAM,GAAG,GAAG,CAAC;IACrD,MAAM,gBAAgB,GAAG,YAAY,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAiB;QAC7B,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAC3C,QAAQ;QACR,IAAI;QACJ,MAAM;QACN,GAAG;QACH,aAAa;QACb,aAAa,EAAE,gBAAgB;KAChC,CAAC;IAEF,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;IAEtF,gBAAgB;IAChB,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC;QACrD,IAAI,IAAI,GAAG,KAAK,GAAG,GAAG;YAAE,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC;aAC/C,IAAI,IAAI,GAAG,KAAK,GAAG,GAAG;YAAE,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC;;YACpD,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC;IAChC,CAAC;IAED,kBAAkB;IAClB,OAAO,CAAC,WAAW,GAAG,EAAE,CAAC;IACzB,MAAM,OAAO,GACX,OAAO,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC;QAC3B,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;YACpG,OAAO,CAAC,SAAS,CAAC,MAAM;QAC1B,CAAC,CAAC,CAAC,CAAC;IACR,MAAM,eAAe,GAAG,aAAa,CAAC;IACtC,MAAM,WAAW,GAAG,gBAAgB,CAAC;IAErC,KAAK,MAAM,MAAM,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC;QACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;QACzF,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC;YACvB,MAAM,EAAE,GAAG,MAAM,MAAM;YACvB,aAAa,EAAE,QAAQ;YACvB,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC;IAED,WAAW,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,aAAa;IACb,IAAI,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAClC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;YACtF,OAAO,CAAC,GAAG,CAAC,mBAAmB,wBAAwB,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACrF,OAAO,CAAC,GAAG,CAAC,mBAAmB,wBAAwB,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACjF,OAAO,CAAC,GAAG,CAAC,mBAAmB,wBAAwB,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACnF,OAAO,CAAC,GAAG,CAAC,mBAAmB,wBAAwB,CAAC,GAAG,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YAChF,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACrE,CAAC;QACD,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QACzG,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QACjG,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QACrG,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;QAE/F,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;QACzD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,kCAAkC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CACT,kBAAkB,IAAI,CAAC,aAAa,OAAO,IAAI,CAAC,QAAQ,MAAM,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,GAAG,GAAG,CAC1G,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAChF,CAAC;QACD,OAAO;IACT,CAAC;IAED,cAAc;IACd,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QACD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,gCAAgC,OAAO,CAAC,KAAK,iCAAiC,CAAC,CAAC;YAC5F,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,cAAc,EAAE,EAAE,CAC/G,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,cAAc;IACd,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,OAAO,CAAC,KAAK,iBAAiB,OAAO,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;QAClF,IAAI,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;YACnC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,cAAc,EAAE,EAAE,CACxG,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAChC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBACpC,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,aAAa,CAAC,cAAc,EAAE,EAAE,CAC/G,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/dep-correlate.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Dependency vulnerability correlation — cross-references
+ * Judges findings with dependency versions to identify which
+ * dependencies contribute the most security findings.
+ *
+ * All data from local files (package.json, lock files).
+ */
+export declare function runDepCorrelate(argv: string[]): void;
+//# sourceMappingURL=dep-correlate.d.ts.map

package/dist/commands/dep-correlate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dep-correlate.d.ts","sourceRoot":"","sources":["../../src/commands/dep-correlate.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAiKH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAsFpD"}

package/dist/commands/dep-correlate.js

@@ -0,0 +1,208 @@
+/**
+ * Dependency vulnerability correlation — cross-references
+ * Judges findings with dependency versions to identify which
+ * dependencies contribute the most security findings.
+ *
+ * All data from local files (package.json, lock files).
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join } from "path";
+// ─── Dep parsing ────────────────────────────────────────────────────────────
+function loadDeps() {
+    const deps = [];
+    // package.json (npm)
+    if (existsSync("package.json")) {
+        try {
+            const pkg = JSON.parse(readFileSync("package.json", "utf-8"));
+            for (const [name, ver] of Object.entries(pkg.dependencies || {})) {
+                deps.push({ name, version: String(ver), type: "dependency" });
+            }
+            for (const [name, ver] of Object.entries(pkg.devDependencies || {})) {
+                deps.push({ name, version: String(ver), type: "devDependency" });
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    // requirements.txt (Python)
+    if (existsSync("requirements.txt")) {
+        try {
+            const lines = readFileSync("requirements.txt", "utf-8").split("\n");
+            for (const line of lines) {
+                const match = /^([a-zA-Z0-9_-]+)==(.+)/.exec(line.trim());
+                if (match)
+                    deps.push({ name: match[1], version: match[2], type: "dependency" });
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    // go.mod (Go)
+    if (existsSync("go.mod")) {
+        try {
+            const content = readFileSync("go.mod", "utf-8");
+            const lines = content.split("\n");
+            for (const line of lines) {
+                const match = /^\s+([\w./-]+)\s+(v[\d.]+)/.exec(line);
+                if (match)
+                    deps.push({ name: match[1], version: match[2], type: "dependency" });
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return deps;
+}
+function loadFindings() {
+    // Try common finding output locations
+    const paths = [".judges-findings.json", join(".judges-audit-trail", "trail.json"), "judges-report.json"];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            if (Array.isArray(data))
+                return data;
+            if (data.findings && Array.isArray(data.findings))
+                return data.findings;
+            if (data.events && Array.isArray(data.events)) {
+                return data.events
+                    .filter((e) => e.type === "created")
+                    .map((e) => e.finding || { ruleId: e.findingId, severity: "medium", title: String(e.findingId), description: "" });
+            }
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+// ─── Correlation ────────────────────────────────────────────────────────────
+const KNOWN_VULN_PATTERNS = {
+    express: ["ssrf", "xss", "csrf", "header-injection"],
+    lodash: ["prototype-pollution", "command-injection"],
+    axios: ["ssrf", "redirect"],
+    jsonwebtoken: ["jwt", "auth", "token"],
+    helmet: ["header", "csp", "xss"],
+    sequelize: ["sql-injection", "nosql"],
+    mongoose: ["nosql-injection", "injection"],
+    mysql: ["sql-injection", "injection"],
+    pg: ["sql-injection", "injection"],
+    "crypto-js": ["crypto", "weak-cipher", "weak-hash"],
+    bcrypt: ["password", "hash"],
+    passport: ["auth", "authentication"],
+    cors: ["cors", "origin"],
+    multer: ["upload", "file", "path-traversal"],
+    child_process: ["command-injection", "exec"],
+};
+function correlate(deps, findings) {
+    const correlations = [];
+    for (const dep of deps) {
+        const patterns = KNOWN_VULN_PATTERNS[dep.name] || [];
+        const matched = findings.filter((f) => {
+            const text = `${f.ruleId} ${f.title} ${f.description || ""}`.toLowerCase();
+            return patterns.some((p) => text.includes(p));
+        });
+        if (matched.length > 0) {
+            const sevWeights = { critical: 10, high: 7, medium: 4, low: 1 };
+            const riskScore = matched.reduce((s, f) => s + (sevWeights[f.severity] || 2), 0);
+            correlations.push({
+                dependency: dep.name,
+                version: dep.version,
+                findingCount: matched.length,
+                findings: matched.map((f) => ({ ruleId: f.ruleId, severity: f.severity, title: f.title })),
+                riskScore,
+                upgradeRecommendation: riskScore > 20 ? "Urgent upgrade recommended" : riskScore > 10 ? "Upgrade recommended" : "Monitor",
+            });
+        }
+    }
+    return correlations.sort((a, b) => b.riskScore - a.riskScore);
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-dep-correlate";
+export function runDepCorrelate(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges dep-correlate — Dependency vulnerability correlation
+
+Usage:
+  judges dep-correlate
+  judges dep-correlate --deps
+  judges dep-correlate --top 5
+
+Options:
+  --deps                List detected dependencies
+  --top <n>             Show top N riskiest dependencies
+  --save                Save report to ${STORE}/
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const deps = loadDeps();
+    // List deps only
+    if (argv.includes("--deps")) {
+        if (format === "json") {
+            console.log(JSON.stringify(deps, null, 2));
+        }
+        else {
+            console.log(`\n  Dependencies (${deps.length})\n  ──────────────────────────`);
+            for (const d of deps) {
+                console.log(`    ${d.name.padEnd(30)} ${d.version.padEnd(15)} ${d.type}`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    if (deps.length === 0) {
+        console.log("  No dependencies found. Supports: package.json, requirements.txt, go.mod");
+        return;
+    }
+    const findings = loadFindings();
+    const correlations = correlate(deps, findings);
+    const topN = argv.find((_a, i) => argv[i - 1] === "--top");
+    const limit = topN ? parseInt(topN, 10) : correlations.length;
+    const report = {
+        correlations: correlations.slice(0, limit),
+        totalDeps: deps.length,
+        depsWithFindings: correlations.length,
+        timestamp: new Date().toISOString(),
+    };
+    // Save
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "correlation-report.json"), JSON.stringify(report, null, 2));
+        console.log(`  Saved to ${STORE}/correlation-report.json`);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        console.log(`\n  Dependency Vulnerability Correlation`);
+        console.log(`  Total dependencies: ${report.totalDeps}  With correlated findings: ${report.depsWithFindings}`);
+        console.log(`  ──────────────────────────`);
+        if (report.correlations.length === 0) {
+            console.log(`    ✅ No dependency-finding correlations detected`);
+            if (findings.length === 0)
+                console.log(`    (No findings data found — run a scan first)`);
+            console.log("");
+            return;
+        }
+        for (const c of report.correlations) {
+            console.log(`\n    ${c.dependency}@${c.version}  Risk: ${c.riskScore}  Findings: ${c.findingCount}`);
+            console.log(`    Recommendation: ${c.upgradeRecommendation}`);
+            for (const f of c.findings.slice(0, 3)) {
+                console.log(`      - [${f.severity.toUpperCase()}] ${f.ruleId}: ${f.title}`);
+            }
+            if (c.findings.length > 3)
+                console.log(`      ... and ${c.findings.length - 3} more`);
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=dep-correlate.js.map

package/dist/commands/dep-correlate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dep-correlate.js","sourceRoot":"","sources":["../../src/commands/dep-correlate.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AA0B5B,+EAA+E;AAE/E,SAAS,QAAQ;IACf,MAAM,IAAI,GAAc,EAAE,CAAC;IAE3B,qBAAqB;IACrB,IAAI,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;YAC9D,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;gBACpE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,IAAI,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC1D,IAAI,KAAK;oBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,cAAc;IACd,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,KAAK,GAAG,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,IAAI,KAAK;oBAAE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;YAClF,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY;IACnB,sCAAsC;IACtC,MAAM,KAAK,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,qBAAqB,EAAE,YAAY,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAEzG,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;YACxE,IAAI,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,OAAO,IAAI,CAAC,MAAM;qBACf,MAAM,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC;qBAC5D,GAAG,CACF,CAAC,CAA0B,EAAE,EAAE,CAC7B,CAAC,CAAC,OAAO,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,CACxG,CAAC;YACN,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+EAA+E;AAE/E,MAAM,mBAAmB,GAA6B;IACpD,OAAO,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,CAAC;IACpD,MAAM,EAAE,CAAC,qBAAqB,EAAE,mBAAmB,CAAC;IACpD,KAAK,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;IAC3B,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC;IACtC,MAAM,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;IAChC,SAAS,EAAE,CAAC,eAAe,EAAE,OAAO,CAAC;IACrC,QAAQ,EAAE,CAAC,iBAAiB,EAAE,WAAW,CAAC;IAC1C,KAAK,EAAE,CAAC,eAAe,EAAE,WAAW,CAAC;IACrC,EAAE,EAAE,CAAC,eAAe,EAAE,WAAW,CAAC;IAClC,WAAW,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,WAAW,CAAC;IACnD,MAAM,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,CAAC,MAAM,EAAE,gBAAgB,CAAC;IACpC,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC;IACxB,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,gBAAgB,CAAC;IAC5C,aAAa,EAAE,CAAC,mBAAmB,EAAE,MAAM,CAAC;CAC7C,CAAC;AAEF,SAAS,SAAS,CAChB,IAAe,EACf,QAA0F;IAE1F,MAAM,YAAY,GAAqB,EAAE,CAAC;IAE1C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACpC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC;YAC3E,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,UAAU,GAA2B,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YACxF,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAEjF,YAAY,CAAC,IAAI,CAAC;gBAChB,UAAU,EAAE,GAAG,CAAC,IAAI;gBACpB,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,YAAY,EAAE,OAAO,CAAC,MAAM;gBAC5B,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;gBAC1F,SAAS;gBACT,qBAAqB,EACnB,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS;aACrG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAChE,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,uBAAuB,CAAC;AAEtC,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;yCAWyB,KAAK;;;CAG7C,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IAExB,iBAAiB;IACjB,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,MAAM,iCAAiC,CAAC,CAAC;YAC/E,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,2EAA2E,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE/C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAC3E,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC;IAE9D,MAAM,MAAM,GAAsB;QAChC,YAAY,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC;QAC1C,SAAS,EAAE,IAAI,CAAC,MAAM;QACtB,gBAAgB,EAAE,YAAY,CAAC,MAAM;QACrC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,OAAO;IACP,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,yBAAyB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,0BAA0B,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,yBAAyB,MAAM,CAAC,SAAS,+BAA+B,MAAM,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAC/G,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAE5C,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;YACjE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO;QACT,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,OAAO,WAAW,CAAC,CAAC,SAAS,eAAe,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC;YACrG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC;YAC9D,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBACvC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC/E,CAAC;YACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/doc-gen.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Documentation generation — generates security documentation
+ * from Judges findings history and configuration.
+ *
+ * All output is local markdown files.
+ */
+export declare function runDocGen(argv: string[]): void;
+//# sourceMappingURL=doc-gen.d.ts.map

package/dist/commands/doc-gen.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"doc-gen.d.ts","sourceRoot":"","sources":["../../src/commands/doc-gen.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA+JH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAwE9C"}