@kevinrabun/judges 3.47.0 → 3.49.0

package/dist/commands/predict.js

@@ -0,0 +1,219 @@
+/**
+ * Predict — applies trend analysis to finding snapshots to
+ * forecast remediation timelines and regression-prone files.
+ *
+ * All data from local snapshot history.
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join } from "path";
+// ─── Analysis ───────────────────────────────────────────────────────────────
+function loadSnapshots() {
+    const paths = [
+        join(".judges-snapshots", "history.json"),
+        ".judges-snapshots.json",
+        join(".judges-burndown", "snapshots.json"),
+    ];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            if (Array.isArray(data))
+                return data;
+            if (data.snapshots)
+                return data.snapshots;
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+function linearRegression(points) {
+    const n = points.length;
+    if (n < 2)
+        return { slope: 0, intercept: points[0]?.y || 0, r2: 0 };
+    const sumX = points.reduce((s, p) => s + p.x, 0);
+    const sumY = points.reduce((s, p) => s + p.y, 0);
+    const sumXY = points.reduce((s, p) => s + p.x * p.y, 0);
+    const sumX2 = points.reduce((s, p) => s + p.x * p.x, 0);
+    const sumY2 = points.reduce((s, p) => s + p.y * p.y, 0);
+    const denom = n * sumX2 - sumX * sumX;
+    if (denom === 0)
+        return { slope: 0, intercept: sumY / n, r2: 0 };
+    const slope = (n * sumXY - sumX * sumY) / denom;
+    const intercept = (sumY - slope * sumX) / n;
+    // R²
+    const yMean = sumY / n;
+    const ssTot = sumY2 - n * yMean * yMean;
+    const ssRes = points.reduce((s, p) => s + Math.pow(p.y - (slope * p.x + intercept), 2), 0);
+    const r2 = ssTot === 0 ? 0 : Math.max(0, 1 - ssRes / ssTot);
+    return { slope, intercept, r2 };
+}
+function predictMetric(snapshots, field) {
+    if (snapshots.length < 2) {
+        return {
+            metric: field,
+            currentValue: snapshots[0]?.[field] || 0,
+            trend: "stable",
+            ratePerDay: 0,
+            estimatedZeroDate: null,
+            confidence: 0,
+        };
+    }
+    const t0 = new Date(snapshots[0].timestamp).getTime();
+    const points = snapshots.map((s) => ({
+        x: (new Date(s.timestamp).getTime() - t0) / (1000 * 60 * 60 * 24), // days
+        y: s[field],
+    }));
+    const { slope, r2 } = linearRegression(points);
+    const current = points[points.length - 1].y;
+    let trend = "stable";
+    if (slope < -0.1)
+        trend = "decreasing";
+    else if (slope > 0.1)
+        trend = "increasing";
+    let estimatedZeroDate = null;
+    if (slope < 0 && current > 0) {
+        const daysToZero = -current / slope;
+        const zeroDate = new Date(Date.now() + daysToZero * 24 * 60 * 60 * 1000);
+        estimatedZeroDate = zeroDate.toISOString().split("T")[0];
+    }
+    return {
+        metric: field,
+        currentValue: current,
+        trend,
+        ratePerDay: Math.round(slope * 100) / 100,
+        estimatedZeroDate,
+        confidence: Math.round(r2 * 100),
+    };
+}
+function loadRegressionData() {
+    const paths = [".judges-regressions.json", join(".judges-regression-alert", "history.json")];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            const files = Array.isArray(data) ? data : data.regressions || [];
+            const counts = new Map();
+            for (const r of files) {
+                const file = r.file || r.path || "unknown";
+                counts.set(file, (counts.get(file) || 0) + 1);
+            }
+            return [...counts.entries()]
+                .map(([file, count]) => ({
+                file,
+                regressionCount: count,
+                risk: count > 3 ? "high" : count > 1 ? "medium" : "low",
+            }))
+                .sort((a, b) => b.regressionCount - a.regressionCount);
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-predictions";
+export function runPredict(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges predict — Forecast remediation timelines and regression risk
+
+Usage:
+  judges predict
+  judges predict --metric critical
+  judges predict --regressions
+  judges predict --save
+
+Options:
+  --metric <name>       Predict specific metric (findings, critical, high, medium, low)
+  --regressions         Show regression-prone files prediction
+  --save                Save predictions to ${STORE}/
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const snapshots = loadSnapshots();
+    if (snapshots.length < 2 && !argv.includes("--regressions")) {
+        console.log("  Need at least 2 snapshots for predictions.");
+        console.log("  Run scans over time and they'll be recorded automatically.");
+        return;
+    }
+    // Single metric
+    const metricName = argv.find((_a, i) => argv[i - 1] === "--metric");
+    if (metricName) {
+        const pred = predictMetric(snapshots, metricName);
+        if (format === "json") {
+            console.log(JSON.stringify(pred, null, 2));
+        }
+        else {
+            console.log(`\n  Prediction: ${pred.metric}\n  ──────────────────────────`);
+            console.log(`    Current: ${pred.currentValue}`);
+            console.log(`    Trend: ${pred.trend} (${pred.ratePerDay >= 0 ? "+" : ""}${pred.ratePerDay}/day)`);
+            console.log(`    Confidence: ${pred.confidence}%`);
+            if (pred.estimatedZeroDate)
+                console.log(`    Estimated zero: ${pred.estimatedZeroDate}`);
+            console.log("");
+        }
+        return;
+    }
+    // Regressions
+    if (argv.includes("--regressions")) {
+        const regressions = loadRegressionData();
+        if (format === "json") {
+            console.log(JSON.stringify(regressions, null, 2));
+        }
+        else {
+            console.log(`\n  Regression-Prone Files\n  ──────────────────────────`);
+            if (regressions.length === 0) {
+                console.log(`    No regression data found.\n`);
+                return;
+            }
+            for (const r of regressions.slice(0, 15)) {
+                console.log(`    [${r.risk.toUpperCase().padEnd(6)}] ${r.file} (${r.regressionCount} regressions)`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Full prediction
+    const metrics = ["findings", "critical", "high", "medium", "low"];
+    const predictions = metrics.map((m) => predictMetric(snapshots, m));
+    const regressions = loadRegressionData();
+    const report = {
+        predictions,
+        regressionRisk: regressions.slice(0, 10),
+        timestamp: new Date().toISOString(),
+    };
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "prediction-report.json"), JSON.stringify(report, null, 2));
+        console.log(`  Saved to ${STORE}/prediction-report.json`);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        console.log(`\n  Prediction Report (${snapshots.length} snapshots)`);
+        console.log(`  ──────────────────────────`);
+        for (const p of predictions) {
+            const arrow = p.trend === "decreasing" ? "↓" : p.trend === "increasing" ? "↑" : "→";
+            const zero = p.estimatedZeroDate ? ` → zero by ${p.estimatedZeroDate}` : "";
+            console.log(`    ${p.metric.padEnd(12)} ${String(p.currentValue).padEnd(6)} ${arrow} ${p.ratePerDay >= 0 ? "+" : ""}${p.ratePerDay}/day  (${p.confidence}% conf)${zero}`);
+        }
+        if (regressions.length > 0) {
+            console.log(`\n  Regression-Prone Files:`);
+            for (const r of regressions.slice(0, 5)) {
+                console.log(`    [${r.risk.toUpperCase().padEnd(6)}] ${r.file}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=predict.js.map

package/dist/commands/predict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"predict.js","sourceRoot":"","sources":["../../src/commands/predict.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AA4B5B,+EAA+E;AAE/E,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG;QACZ,IAAI,CAAC,mBAAmB,EAAE,cAAc,CAAC;QACzC,wBAAwB;QACxB,IAAI,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;KAC3C,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,IAAI,CAAC,SAAS;gBAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAuC;IAC/D,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;IAEpE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAExD,MAAM,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC;IACtC,IAAI,KAAK,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;IAEjE,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,KAAK,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,KAAK,CAAC;IAChD,MAAM,SAAS,GAAG,CAAC,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IAE5C,KAAK;IACL,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC;IACvB,MAAM,KAAK,GAAG,KAAK,GAAG,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC;IACxC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3F,MAAM,EAAE,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,CAAC;IAE5D,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,aAAa,CAAC,SAAqB,EAAE,KAAwC;IACpF,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,MAAM,EAAE,KAAK;YACb,YAAY,EAAG,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAY,IAAI,CAAC;YACpD,KAAK,EAAE,QAAQ;YACf,UAAU,EAAE,CAAC;YACb,iBAAiB,EAAE,IAAI;YACvB,UAAU,EAAE,CAAC;SACd,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IACtD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,OAAO;QAC1E,CAAC,EAAE,CAAC,CAAC,KAAK,CAAW;KACtB,CAAC,CAAC,CAAC;IAEJ,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,IAAI,KAAK,GAAwB,QAAQ,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,GAAG;QAAE,KAAK,GAAG,YAAY,CAAC;SAClC,IAAI,KAAK,GAAG,GAAG;QAAE,KAAK,GAAG,YAAY,CAAC;IAE3C,IAAI,iBAAiB,GAAkB,IAAI,CAAC;IAC5C,IAAI,KAAK,GAAG,CAAC,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACzE,iBAAiB,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO;QACL,MAAM,EAAE,KAAK;QACb,YAAY,EAAE,OAAO;QACrB,KAAK;QACL,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;QACzC,iBAAiB;QACjB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,GAAG,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,KAAK,GAAG,CAAC,0BAA0B,EAAE,IAAI,CAAC,0BAA0B,EAAE,cAAc,CAAC,CAAC,CAAC;IAC7F,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;YAClE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;YACzC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC;gBAC3C,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;YACD,OAAO,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;iBACzB,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvB,IAAI;gBACJ,eAAe,EAAE,KAAK;gBACtB,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK;aACxD,CAAC,CAAC;iBACF,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,eAAe,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,qBAAqB,CAAC;AAEpC,MAAM,UAAU,UAAU,CAAC,IAAc;IACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;8CAY8B,KAAK;;;CAGlD,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,gBAAgB;IAChB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAErE,CAAC;IACd,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,aAAa,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAClD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,MAAM,gCAAgC,CAAC,CAAC;YAC5E,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,UAAU,OAAO,CAAC,CAAC;YACnG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;YACnD,IAAI,IAAI,CAAC,iBAAiB;gBAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;YACzF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,cAAc;IACd,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAC;QACzC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;YACxE,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC7B,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;gBAC/C,OAAO;YACT,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBACzC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,eAAe,eAAe,CAAC,CAAC;YACtG,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,MAAM,OAAO,GAA6C,CAAC,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC5G,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,kBAAkB,EAAE,CAAC;IAEzC,MAAM,MAAM,GAAqB;QAC/B,WAAW;QACX,cAAc,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QACxC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,wBAAwB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,yBAAyB,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,CAAC,MAAM,aAAa,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACpF,MAAM,IAAI,GAAG,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,UAAU,UAAU,CAAC,CAAC,UAAU,UAAU,IAAI,EAAE,CAC7J,CAAC;QACJ,CAAC;QACD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;YAC3C,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/risk-heatmap.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Risk heatmap — generates a file/directory risk heatmap
+ * combining finding density, severity, and test coverage.
+ *
+ * All data from local files.
+ */
+export declare function runRiskHeatmap(argv: string[]): void;
+//# sourceMappingURL=risk-heatmap.d.ts.map

package/dist/commands/risk-heatmap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-heatmap.d.ts","sourceRoot":"","sources":["../../src/commands/risk-heatmap.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAwJH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA+FnD"}

package/dist/commands/risk-heatmap.js

@@ -0,0 +1,224 @@
+/**
+ * Risk heatmap — generates a file/directory risk heatmap
+ * combining finding density, severity, and test coverage.
+ *
+ * All data from local files.
+ */
+import { existsSync, readFileSync, readdirSync, mkdirSync, writeFileSync } from "fs";
+import { join, dirname, relative } from "path";
+// ─── Data Loading ───────────────────────────────────────────────────────────
+function loadFindings() {
+    const paths = [".judges-findings.json", "judges-report.json"];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            if (Array.isArray(data))
+                return data;
+            if (data.findings)
+                return data.findings;
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+function getProjectFiles(dir, maxFiles) {
+    const result = [];
+    const skipDirs = new Set(["node_modules", ".git", "dist", "build", "coverage", ".next", "__pycache__"]);
+    function walk(d) {
+        if (result.length >= maxFiles)
+            return;
+        let names;
+        try {
+            names = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const name of names) {
+            if (result.length >= maxFiles)
+                return;
+            if (skipDirs.has(name))
+                continue;
+            const full = join(d, name);
+            try {
+                const sub = readdirSync(full);
+                void sub;
+                walk(full);
+            }
+            catch {
+                result.push(relative(dir, full));
+            }
+        }
+    }
+    walk(dir);
+    return result;
+}
+// ─── Heatmap ────────────────────────────────────────────────────────────────
+function buildHeatmap(findings) {
+    const fileMap = new Map();
+    for (const f of findings) {
+        const file = f.file || "unknown";
+        if (!fileMap.has(file))
+            fileMap.set(file, { findings: 0, critical: 0, high: 0 });
+        const entry = fileMap.get(file);
+        entry.findings++;
+        if (f.severity === "critical")
+            entry.critical++;
+        if (f.severity === "high")
+            entry.high++;
+    }
+    // Also aggregate by directory
+    const dirMap = new Map();
+    for (const [file, data] of fileMap) {
+        const dir = dirname(file);
+        if (!dirMap.has(dir))
+            dirMap.set(dir, { findings: 0, critical: 0, high: 0 });
+        const entry = dirMap.get(dir);
+        entry.findings += data.findings;
+        entry.critical += data.critical;
+        entry.high += data.high;
+    }
+    const entries = [];
+    for (const [path, data] of [...fileMap, ...dirMap]) {
+        const riskScore = data.critical * 10 + data.high * 5 + (data.findings - data.critical - data.high) * 2;
+        let riskLevel = "clean";
+        if (riskScore > 30)
+            riskLevel = "critical";
+        else if (riskScore > 15)
+            riskLevel = "high";
+        else if (riskScore > 5)
+            riskLevel = "medium";
+        else if (riskScore > 0)
+            riskLevel = "low";
+        entries.push({
+            path,
+            findingCount: data.findings,
+            criticalCount: data.critical,
+            highCount: data.high,
+            riskScore,
+            riskLevel,
+        });
+    }
+    return entries.sort((a, b) => b.riskScore - a.riskScore);
+}
+function renderHeatmapHtml(entries) {
+    const rows = entries
+        .slice(0, 50)
+        .map((e) => {
+        const color = e.riskLevel === "critical"
+            ? "#dc3545"
+            : e.riskLevel === "high"
+                ? "#fd7e14"
+                : e.riskLevel === "medium"
+                    ? "#ffc107"
+                    : e.riskLevel === "low"
+                        ? "#28a745"
+                        : "#6c757d";
+        return `<tr><td>${e.path}</td><td style="background:${color};color:white;text-align:center">${e.riskScore}</td><td>${e.findingCount}</td><td>${e.criticalCount}</td><td>${e.highCount}</td></tr>`;
+    })
+        .join("\n");
+    return `<!DOCTYPE html>
+<html><head><title>Risk Heatmap</title>
+<style>body{font-family:system-ui;margin:2rem}table{border-collapse:collapse;width:100%}th,td{padding:8px 12px;border:1px solid #ddd;text-align:left}th{background:#f5f5f5}tr:hover{background:#f0f0f0}</style>
+</head><body>
+<h1>Risk Heatmap</h1>
+<p>Generated: ${new Date().toISOString()}</p>
+<table><thead><tr><th>Path</th><th>Risk Score</th><th>Findings</th><th>Critical</th><th>High</th></tr></thead>
+<tbody>${rows}</tbody></table>
+</body></html>`;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-risk-heatmap";
+export function runRiskHeatmap(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges risk-heatmap — File/directory risk visualization
+
+Usage:
+  judges risk-heatmap
+  judges risk-heatmap --risk critical,high
+  judges risk-heatmap --html
+  judges risk-heatmap --dirs-only
+
+Options:
+  --risk <levels>       Filter by risk level (comma-separated)
+  --html                Generate HTML heatmap report
+  --dirs-only           Show directory-level aggregation only
+  --top <n>             Show top N riskiest entries
+  --save                Save report to ${STORE}/
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const findings = loadFindings();
+    if (findings.length === 0) {
+        console.log("  No findings data found. Run a scan first to populate findings.");
+        return;
+    }
+    let entries = buildHeatmap(findings);
+    // Filters
+    if (argv.includes("--dirs-only")) {
+        entries = entries.filter((e) => !e.path.includes(".") || e.path === ".");
+    }
+    const riskFilter = argv.find((_a, i) => argv[i - 1] === "--risk");
+    if (riskFilter) {
+        const allowed = riskFilter.split(",");
+        entries = entries.filter((e) => allowed.includes(e.riskLevel));
+    }
+    const topN = argv.find((_a, i) => argv[i - 1] === "--top");
+    if (topN)
+        entries = entries.slice(0, parseInt(topN, 10));
+    const totalFindings = findings.length;
+    const hotspots = entries.filter((e) => e.riskLevel === "critical").map((e) => e.path);
+    const _projectFiles = getProjectFiles(".", 1000);
+    const report = {
+        entries,
+        totalFiles: entries.length,
+        totalFindings,
+        hotspots,
+        timestamp: new Date().toISOString(),
+    };
+    // HTML output
+    if (argv.includes("--html")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        const html = renderHeatmapHtml(entries);
+        const htmlPath = join(STORE, "heatmap.html");
+        writeFileSync(htmlPath, html);
+        console.log(`  HTML heatmap saved to ${htmlPath}`);
+        return;
+    }
+    // Save
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "heatmap.json"), JSON.stringify(report, null, 2));
+        console.log(`  Report saved to ${STORE}/heatmap.json`);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        console.log(`\n  Risk Heatmap — ${totalFindings} findings across ${entries.length} locations`);
+        console.log(`  ──────────────────────────`);
+        if (hotspots.length > 0) {
+            console.log(`\n  🔥 Critical hotspots: ${hotspots.slice(0, 5).join(", ")}`);
+        }
+        console.log("");
+        for (const e of entries.slice(0, 25)) {
+            const bar = "█".repeat(Math.min(e.riskScore, 20));
+            const label = e.riskLevel.toUpperCase().padEnd(8);
+            console.log(`    [${label}] ${e.path.padEnd(40)} ${bar} ${e.riskScore} (${e.findingCount} findings)`);
+        }
+        if (entries.length > 25)
+            console.log(`    ... and ${entries.length - 25} more`);
+        console.log("");
+    }
+}
+//# sourceMappingURL=risk-heatmap.js.map

package/dist/commands/risk-heatmap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-heatmap.js","sourceRoot":"","sources":["../../src/commands/risk-heatmap.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAqB/C,+EAA+E;AAE/E,SAAS,YAAY;IACnB,MAAM,KAAK,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAC;IAC9D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,GAAW,EAAE,QAAgB;IACpD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IAExG,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,MAAM,CAAC,MAAM,IAAI,QAAQ;YAAE,OAAO;QACtC,IAAI,KAAe,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,MAAM,CAAC,MAAM,IAAI,QAAQ;gBAAE,OAAO;YACtC,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9B,KAAK,GAAG,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,QAAoD;IACxE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgE,CAAC;IAExF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;QACjC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;QAChD,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgE,CAAC;IACvF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7E,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;QAC/B,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QAChC,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QAChC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvG,IAAI,SAAS,GAA2B,OAAO,CAAC;QAChD,IAAI,SAAS,GAAG,EAAE;YAAE,SAAS,GAAG,UAAU,CAAC;aACtC,IAAI,SAAS,GAAG,EAAE;YAAE,SAAS,GAAG,MAAM,CAAC;aACvC,IAAI,SAAS,GAAG,CAAC;YAAE,SAAS,GAAG,QAAQ,CAAC;aACxC,IAAI,SAAS,GAAG,CAAC;YAAE,SAAS,GAAG,KAAK,CAAC;QAE1C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,aAAa,EAAE,IAAI,CAAC,QAAQ;YAC5B,SAAS,EAAE,IAAI,CAAC,IAAI;YACpB,SAAS;YACT,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAoB;IAC7C,MAAM,IAAI,GAAG,OAAO;SACjB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,KAAK,GACT,CAAC,CAAC,SAAS,KAAK,UAAU;YACxB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM;gBACtB,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ;oBACxB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK;wBACrB,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,SAAS,CAAC;QACtB,OAAO,WAAW,CAAC,CAAC,IAAI,8BAA8B,KAAK,mCAAmC,CAAC,CAAC,SAAS,YAAY,CAAC,CAAC,YAAY,YAAY,CAAC,CAAC,aAAa,YAAY,CAAC,CAAC,SAAS,YAAY,CAAC;IACpM,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO;;;;;gBAKO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;;SAE/B,IAAI;eACE,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,sBAAsB,CAAC;AAErC,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;yCAcyB,KAAK;;;CAG7C,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAEhC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IAED,IAAI,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAErC,UAAU;IACV,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAClF,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAC3E,IAAI,IAAI;QAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAEzD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtF,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAkB;QAC5B,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,aAAa;QACb,QAAQ;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,cAAc;IACd,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAC7C,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,OAAO;IACP,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,eAAe,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,sBAAsB,aAAa,oBAAoB,OAAO,CAAC,MAAM,YAAY,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAE5C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,YAAY,YAAY,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/sbom-export.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SBOM export — generates Software Bill of Materials in
+ * CycloneDX-compatible JSON from project manifests.
+ *
+ * All data from local project files.
+ */
+export declare function runSbomExport(argv: string[]): void;
+//# sourceMappingURL=sbom-export.d.ts.map

package/dist/commands/sbom-export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sbom-export.d.ts","sourceRoot":"","sources":["../../src/commands/sbom-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyIH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkDlD"}

package/dist/commands/sbom-export.js

@@ -0,0 +1,162 @@
+/**
+ * SBOM export — generates Software Bill of Materials in
+ * CycloneDX-compatible JSON from project manifests.
+ *
+ * All data from local project files.
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join, basename } from "path";
+// ─── Parsers ────────────────────────────────────────────────────────────────
+function parsePackageJson() {
+    if (!existsSync("package.json"))
+        return [];
+    try {
+        const pkg = JSON.parse(readFileSync("package.json", "utf-8"));
+        const components = [];
+        for (const [name, ver] of Object.entries(pkg.dependencies || {})) {
+            components.push({
+                type: "library",
+                name,
+                version: String(ver).replace(/^[\^~>=<]+/, ""),
+                purl: `pkg:npm/${name.replace("/", "%2F")}@${String(ver).replace(/^[\^~>=<]+/, "")}`,
+                scope: "required",
+                licenses: [],
+            });
+        }
+        for (const [name, ver] of Object.entries(pkg.devDependencies || {})) {
+            components.push({
+                type: "library",
+                name,
+                version: String(ver).replace(/^[\^~>=<]+/, ""),
+                purl: `pkg:npm/${name.replace("/", "%2F")}@${String(ver).replace(/^[\^~>=<]+/, "")}`,
+                scope: "optional",
+                licenses: [],
+            });
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function parseRequirements() {
+    if (!existsSync("requirements.txt"))
+        return [];
+    try {
+        const lines = readFileSync("requirements.txt", "utf-8").split("\n");
+        const components = [];
+        for (const line of lines) {
+            const match = /^([a-zA-Z0-9_-]+)==(.+)/.exec(line.trim());
+            if (match) {
+                components.push({
+                    type: "library",
+                    name: match[1],
+                    version: match[2],
+                    purl: `pkg:pypi/${match[1]}@${match[2]}`,
+                    scope: "required",
+                    licenses: [],
+                });
+            }
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function parseGoMod() {
+    if (!existsSync("go.mod"))
+        return [];
+    try {
+        const lines = readFileSync("go.mod", "utf-8").split("\n");
+        const components = [];
+        for (const line of lines) {
+            const match = /^\s+([\w./\-@]+)\s+(v[\d.]+)/.exec(line);
+            if (match) {
+                components.push({
+                    type: "library",
+                    name: match[1],
+                    version: match[2],
+                    purl: `pkg:golang/${match[1]}@${match[2]}`,
+                    scope: "required",
+                    licenses: [],
+                });
+            }
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function buildSbom() {
+    const projectName = existsSync("package.json")
+        ? JSON.parse(readFileSync("package.json", "utf-8")).name || basename(process.cwd())
+        : basename(process.cwd());
+    const projectVersion = existsSync("package.json")
+        ? JSON.parse(readFileSync("package.json", "utf-8")).version || "0.0.0"
+        : "0.0.0";
+    const components = [...parsePackageJson(), ...parseRequirements(), ...parseGoMod()];
+    return {
+        bomFormat: "CycloneDX",
+        specVersion: "1.5",
+        version: 1,
+        metadata: {
+            timestamp: new Date().toISOString(),
+            component: { type: "application", name: projectName, version: projectVersion },
+            tools: [{ name: "@kevinrabun/judges", version: "3.48.0" }],
+        },
+        components,
+    };
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-sbom";
+export function runSbomExport(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges sbom-export — Generate Software Bill of Materials
+
+Usage:
+  judges sbom-export
+  judges sbom-export --save
+  judges sbom-export --summary
+
+Options:
+  --save                Save SBOM to ${STORE}/sbom.json
+  --summary             Show component summary only
+  --format json         JSON output (default for SBOM)
+  --help, -h            Show this help
+
+Supports: package.json, requirements.txt, go.mod
+`);
+        return;
+    }
+    const sbom = buildSbom();
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "sbom.json"), JSON.stringify(sbom, null, 2));
+        console.log(`  SBOM saved to ${STORE}/sbom.json (${sbom.components.length} components)`);
+        return;
+    }
+    if (argv.includes("--summary")) {
+        const required = sbom.components.filter((c) => c.scope === "required").length;
+        const optional = sbom.components.filter((c) => c.scope === "optional").length;
+        const types = new Map();
+        for (const c of sbom.components) {
+            const ecosystem = c.purl.split(":")[1]?.split("/")[0] || "unknown";
+            types.set(ecosystem, (types.get(ecosystem) || 0) + 1);
+        }
+        console.log(`\n  SBOM Summary — ${sbom.metadata.component.name}@${sbom.metadata.component.version}`);
+        console.log(`  ──────────────────────────`);
+        console.log(`    Total components: ${sbom.components.length}`);
+        console.log(`    Required: ${required}  Optional: ${optional}`);
+        for (const [eco, count] of types)
+            console.log(`    ${eco}: ${count}`);
+        console.log(`\n  Run --save to export full CycloneDX SBOM\n`);
+        return;
+    }
+    // Default: print full SBOM
+    console.log(JSON.stringify(sbom, null, 2));
+}
+//# sourceMappingURL=sbom-export.js.map