@kevinrabun/judges 3.48.0 → 3.50.0

package/dist/commands/iac-lint.js

@@ -0,0 +1,313 @@
+/**
+ * IaC lint — dedicated linting for Dockerfiles, Kubernetes
+ * manifests, and Helm charts for security misconfigurations.
+ *
+ * All analysis local.
+ */
+import { existsSync, readFileSync, readdirSync } from "fs";
+import { join, basename } from "path";
+// ─── Rules ──────────────────────────────────────────────────────────────────
+const IAC_RULES = [
+    // Dockerfile rules
+    {
+        id: "dockerfile-run-as-root",
+        type: "dockerfile",
+        severity: "high",
+        check: (_content, lines) => {
+            const hasUser = lines.some((l) => /^USER\s+(?!root)/i.test(l.trim()));
+            if (!hasUser)
+                return [{ line: 1, message: "No USER directive — container runs as root" }];
+            return [];
+        },
+        recommendation: "Add USER directive with a non-root user",
+    },
+    {
+        id: "dockerfile-latest-tag",
+        type: "dockerfile",
+        severity: "medium",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^FROM\s+\S+:latest/i.test(lines[i].trim()) ||
+                    (/^FROM\s+\S+$/i.test(lines[i].trim()) && !lines[i].includes(":"))) {
+                    results.push({ line: i + 1, message: "Using 'latest' or untagged base image" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Pin base image to a specific version tag",
+    },
+    {
+        id: "dockerfile-copy-chown",
+        type: "dockerfile",
+        severity: "low",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^COPY\s/i.test(lines[i].trim()) && !lines[i].includes("--chown")) {
+                    results.push({ line: i + 1, message: "COPY without --chown — files owned by root" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Use COPY --chown=user:group to set proper ownership",
+    },
+    {
+        id: "dockerfile-add-url",
+        type: "dockerfile",
+        severity: "high",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^ADD\s+https?:\/\//i.test(lines[i].trim())) {
+                    results.push({ line: i + 1, message: "ADD with URL — use COPY + RUN curl instead" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Replace ADD with RUN curl/wget + COPY for better security",
+    },
+    {
+        id: "dockerfile-env-secret",
+        type: "dockerfile",
+        severity: "critical",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^ENV\s+.*(?:PASSWORD|SECRET|API_KEY|TOKEN)\s*=/i.test(lines[i].trim())) {
+                    results.push({ line: i + 1, message: "Secret exposed in ENV directive" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Use Docker secrets or runtime environment variables instead",
+    },
+    // Kubernetes rules
+    {
+        id: "k8s-privileged",
+        type: "kubernetes",
+        severity: "critical",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/privileged:\s*true/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Container running in privileged mode" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Set privileged: false and use specific capabilities instead",
+    },
+    {
+        id: "k8s-host-network",
+        type: "kubernetes",
+        severity: "high",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/hostNetwork:\s*true/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Pod using host network namespace" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Disable hostNetwork unless absolutely required",
+    },
+    {
+        id: "k8s-no-resource-limits",
+        type: "kubernetes",
+        severity: "medium",
+        check: (content) => {
+            if (/kind:\s*(?:Deployment|Pod|StatefulSet|DaemonSet)/i.test(content) &&
+                !/resources:\s*\n\s+limits:/i.test(content)) {
+                return [{ line: 1, message: "No resource limits defined" }];
+            }
+            return [];
+        },
+        recommendation: "Add resources.limits for CPU and memory",
+    },
+    {
+        id: "k8s-run-as-root",
+        type: "kubernetes",
+        severity: "high",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/runAsUser:\s*0/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Container running as root (UID 0)" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Set runAsUser to a non-zero UID and runAsNonRoot: true",
+    },
+    {
+        id: "k8s-no-readiness-probe",
+        type: "kubernetes",
+        severity: "low",
+        check: (content) => {
+            if (/kind:\s*Deployment/i.test(content) && !/readinessProbe:/i.test(content)) {
+                return [{ line: 1, message: "No readiness probe configured" }];
+            }
+            return [];
+        },
+        recommendation: "Add readinessProbe for proper traffic management",
+    },
+];
+// ─── Scanner ────────────────────────────────────────────────────────────────
+function detectFileType(filePath, content) {
+    const name = basename(filePath).toLowerCase();
+    if (name === "dockerfile" || name.startsWith("dockerfile."))
+        return "dockerfile";
+    if (name.endsWith(".dockerfile"))
+        return "dockerfile";
+    if (/kind:\s*(?:Deployment|Service|Pod|StatefulSet|DaemonSet|ConfigMap|Secret|Ingress)/i.test(content))
+        return "kubernetes";
+    if (/apiVersion:\s*v\d|apiVersion:\s*apps\//i.test(content))
+        return "kubernetes";
+    if (name === "chart.yaml" || name === "values.yaml")
+        return "helm";
+    return null;
+}
+function collectIacFiles(dir) {
+    const result = [];
+    const skipDirs = new Set(["node_modules", ".git", "dist", "build"]);
+    function walk(d) {
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const name of entries) {
+            if (skipDirs.has(name))
+                continue;
+            const full = join(d, name);
+            try {
+                const sub = readdirSync(full);
+                void sub;
+                walk(full);
+            }
+            catch {
+                const lower = name.toLowerCase();
+                if (lower.includes("dockerfile") || lower.endsWith(".yaml") || lower.endsWith(".yml")) {
+                    result.push(full);
+                }
+            }
+        }
+    }
+    walk(dir);
+    return result;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runIacLint(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges iac-lint — Lint Dockerfiles, Kubernetes manifests, and Helm charts
+
+Usage:
+  judges iac-lint [dir]
+  judges iac-lint Dockerfile
+  judges iac-lint k8s/ --severity critical,high
+
+Options:
+  --severity <levels>   Filter by severity (comma-separated)
+  --rules               List all IaC lint rules
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // List rules
+    if (argv.includes("--rules")) {
+        if (format === "json") {
+            console.log(JSON.stringify(IAC_RULES.map(({ check: _c, ...rest }) => rest), null, 2));
+        }
+        else {
+            console.log(`\n  IaC Lint Rules (${IAC_RULES.length})\n  ──────────────────────────`);
+            for (const r of IAC_RULES) {
+                console.log(`    [${r.severity.toUpperCase().padEnd(8)}] ${r.id.padEnd(30)} (${r.type})`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    const target = argv.find((a) => !a.startsWith("--") && !argv[argv.indexOf(a) - 1]?.startsWith("--")) || ".";
+    const sevFilter = argv.find((_a, i) => argv[i - 1] === "--severity");
+    // Collect files
+    let files;
+    if (existsSync(target)) {
+        try {
+            readdirSync(target);
+            files = collectIacFiles(target);
+        }
+        catch {
+            files = [target];
+        }
+    }
+    else {
+        console.error(`  Path not found: ${target}`);
+        return;
+    }
+    let findings = [];
+    for (const file of files) {
+        let content;
+        try {
+            content = readFileSync(file, "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const fileType = detectFileType(file, content);
+        if (!fileType)
+            continue;
+        const applicableRules = IAC_RULES.filter((r) => r.type === fileType);
+        const lines = content.split("\n");
+        for (const rule of applicableRules) {
+            const matches = rule.check(content, lines);
+            for (const m of matches) {
+                findings.push({
+                    file,
+                    line: m.line,
+                    ruleId: rule.id,
+                    severity: rule.severity,
+                    message: m.message,
+                    recommendation: rule.recommendation,
+                });
+            }
+        }
+    }
+    if (sevFilter) {
+        const allowed = sevFilter.split(",");
+        findings = findings.filter((f) => allowed.includes(f.severity));
+    }
+    if (format === "json") {
+        console.log(JSON.stringify({ findings, scannedFiles: files.length, timestamp: new Date().toISOString() }, null, 2));
+    }
+    else {
+        console.log(`\n  IaC Lint — ${files.length} files scanned`);
+        console.log(`  Found: ${findings.length} issues\n  ──────────────────────────`);
+        if (findings.length === 0) {
+            console.log(`    ✅ No IaC issues detected\n`);
+            return;
+        }
+        for (const sev of ["critical", "high", "medium", "low"]) {
+            const items = findings.filter((f) => f.severity === sev);
+            if (items.length === 0)
+                continue;
+            console.log(`\n    ${sev.toUpperCase()} (${items.length})`);
+            for (const f of items) {
+                console.log(`      ${f.file}:${f.line} — ${f.ruleId}`);
+                console.log(`        ${f.message}`);
+                console.log(`        → ${f.recommendation}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=iac-lint.js.map

package/dist/commands/iac-lint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iac-lint.js","sourceRoot":"","sources":["../../src/commands/iac-lint.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAqBtC,+EAA+E;AAE/E,MAAM,SAAS,GAAc;IAC3B,mBAAmB;IACnB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtE,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;YAC1F,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,yCAAyC;KAC1D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IACE,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAC3C,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAClE,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,0CAA0C;KAC3D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,qDAAqD;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBAChD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,iDAAiD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBAC5E,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,6DAA6D;KAC9E;IAED,mBAAmB;IACnB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,6DAA6D;KAC9E;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC1C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,gDAAgD;KACjE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IACE,mDAAmD,CAAC,IAAI,CAAC,OAAO,CAAC;gBACjE,CAAC,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,EAC3C,CAAC;gBACD,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,yCAAyC;KAC1D;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,wDAAwD;KACzE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,kDAAkD;KACnE;CACF,CAAC;AAEF,+EAA+E;AAE/E,SAAS,cAAc,CAAC,QAAgB,EAAE,OAAe;IACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;QAAE,OAAO,YAAY,CAAC;IACjF,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,YAAY,CAAC;IACtD,IAAI,oFAAoF,CAAC,IAAI,CAAC,OAAO,CAAC;QACpG,OAAO,YAAY,CAAC;IACtB,IAAI,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IACjF,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,aAAa;QAAE,OAAO,MAAM,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEpE,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9B,KAAK,GAAG,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACtF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,UAAU,CAAC,IAAc;IACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAaf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,aAAa;IACb,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC/C,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,uBAAuB,SAAS,CAAC,MAAM,iCAAiC,CAAC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAC5F,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;IACpH,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC;IAErF,gBAAgB;IAChB,IAAI,KAAe,CAAC;IACpB,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,WAAW,CAAC,MAAM,CAAC,CAAC;YACpB,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAiB,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,MAAM,uCAAuC,CAAC,CAAC;QAEhF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;YACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC;YACzD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACjC,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/incident-response.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Incident response — generates incident response playbooks
+ * from finding spikes, CVEs, or severity escalations.
+ *
+ * All data from local files.
+ */
+export declare function runIncidentResponse(argv: string[]): void;
+//# sourceMappingURL=incident-response.d.ts.map

package/dist/commands/incident-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"incident-response.d.ts","sourceRoot":"","sources":["../../src/commands/incident-response.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAoJH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoKxD"}

package/dist/commands/incident-response.js

@@ -0,0 +1,255 @@
+/**
+ * Incident response — generates incident response playbooks
+ * from finding spikes, CVEs, or severity escalations.
+ *
+ * All data from local files.
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join } from "path";
+// ─── Playbook Generation ────────────────────────────────────────────────────
+function generatePlaybook(severity, findings) {
+    const steps = [
+        {
+            order: 1,
+            action: "Acknowledge incident and assign incident commander",
+            owner: "security-lead",
+            status: "pending",
+        },
+        {
+            order: 2,
+            action: "Assess blast radius — identify all affected files and services",
+            owner: "incident-commander",
+            status: "pending",
+        },
+        {
+            order: 3,
+            action: "Notify relevant code owners and stakeholders",
+            owner: "incident-commander",
+            status: "pending",
+        },
+    ];
+    if (severity === "critical") {
+        steps.push({
+            order: 4,
+            action: "Evaluate if production rollback or hotfix is needed",
+            owner: "engineering-lead",
+            status: "pending",
+        }, { order: 5, action: "Apply emergency patches to critical findings", owner: "assigned-devs", status: "pending" }, { order: 6, action: "Run security regression tests on patched code", owner: "qa-lead", status: "pending" }, { order: 7, action: "Deploy hotfix through expedited release process", owner: "devops-lead", status: "pending" });
+    }
+    else {
+        steps.push({
+            order: 4,
+            action: "Prioritize findings by severity and blast radius",
+            owner: "security-lead",
+            status: "pending",
+        }, { order: 5, action: "Create fix PRs for each affected file", owner: "assigned-devs", status: "pending" }, { order: 6, action: "Review and merge fixes through normal PR process", owner: "code-owners", status: "pending" });
+    }
+    const hasSqlFindings = findings.some((f) => /sql/i.test(f.ruleId) || /injection/i.test(f.title));
+    if (hasSqlFindings) {
+        steps.push({
+            order: steps.length + 1,
+            action: "Audit database access logs for exploitation evidence",
+            owner: "dba",
+            status: "pending",
+        });
+    }
+    const hasAuthFindings = findings.some((f) => /auth/i.test(f.ruleId) || /auth/i.test(f.title));
+    if (hasAuthFindings) {
+        steps.push({
+            order: steps.length + 1,
+            action: "Review authentication logs and rotate affected credentials",
+            owner: "security-lead",
+            status: "pending",
+        });
+    }
+    steps.push({
+        order: steps.length + 1,
+        action: "Verify all findings are resolved with re-scan",
+        owner: "security-lead",
+        status: "pending",
+    }, {
+        order: steps.length + 2,
+        action: "Document lessons learned and update prevention controls",
+        owner: "incident-commander",
+        status: "pending",
+    }, {
+        order: steps.length + 3,
+        action: "Close incident and update status",
+        owner: "incident-commander",
+        status: "pending",
+    });
+    return steps;
+}
+function generateId() {
+    return `INC-${Date.now().toString(36).toUpperCase()}`;
+}
+// ─── Load findings ──────────────────────────────────────────────────────────
+function loadRecentFindings() {
+    const paths = [".judges-findings.json", "judges-report.json"];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            if (Array.isArray(data))
+                return data;
+            if (data.findings)
+                return data.findings;
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-incidents";
+export function runIncidentResponse(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges incident-response — Incident response playbook generation
+
+Usage:
+  judges incident-response --create --severity critical --title "SQL Injection in auth module"
+  judges incident-response --list
+  judges incident-response --show <id>
+  judges incident-response --update <id> --status investigating
+  judges incident-response --generate-from-findings
+
+Options:
+  --create              Create new incident
+  --severity <level>    Incident severity (critical, high, medium)
+  --title <text>        Incident title
+  --generate-from-findings  Auto-generate incident from current findings
+  --list                List all incidents
+  --show <id>           Show incident details
+  --update <id>         Update incident
+  --status <status>     Set status (open, investigating, mitigating, resolved)
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    if (!existsSync(STORE))
+        mkdirSync(STORE, { recursive: true });
+    const incidentsPath = join(STORE, "incidents.json");
+    const incidents = existsSync(incidentsPath) ? JSON.parse(readFileSync(incidentsPath, "utf-8")) : [];
+    // List
+    if (argv.includes("--list")) {
+        if (format === "json") {
+            console.log(JSON.stringify(incidents, null, 2));
+        }
+        else {
+            console.log(`\n  Incidents (${incidents.length})\n  ──────────────────────────`);
+            if (incidents.length === 0) {
+                console.log("    No incidents recorded.\n");
+                return;
+            }
+            for (const inc of incidents) {
+                console.log(`    [${inc.status.toUpperCase().padEnd(13)}] ${inc.id}  ${inc.severity.toUpperCase().padEnd(8)}  ${inc.title}`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Show
+    const showId = argv.find((_a, i) => argv[i - 1] === "--show");
+    if (showId) {
+        const inc = incidents.find((i) => i.id === showId);
+        if (!inc) {
+            console.error(`  Incident ${showId} not found.`);
+            return;
+        }
+        if (format === "json") {
+            console.log(JSON.stringify(inc, null, 2));
+        }
+        else {
+            console.log(`\n  Incident: ${inc.id}\n  ──────────────────────────`);
+            console.log(`    Title:    ${inc.title}`);
+            console.log(`    Severity: ${inc.severity}`);
+            console.log(`    Status:   ${inc.status}`);
+            console.log(`    Created:  ${inc.createdAt}`);
+            console.log(`    Files:    ${inc.affectedFiles.length}`);
+            console.log(`    Findings: ${inc.findings.length}`);
+            console.log(`\n  Playbook:`);
+            for (const step of inc.playbook) {
+                const icon = step.status === "done" ? "✅" : step.status === "in-progress" ? "🔄" : "⬜";
+                console.log(`    ${icon} ${step.order}. ${step.action} (@${step.owner})`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    // Update
+    const updateId = argv.find((_a, i) => argv[i - 1] === "--update");
+    if (updateId) {
+        const inc = incidents.find((i) => i.id === updateId);
+        if (!inc) {
+            console.error(`  Incident ${updateId} not found.`);
+            return;
+        }
+        const newStatus = argv.find((_a, i) => argv[i - 1] === "--status");
+        if (newStatus) {
+            inc.status = newStatus;
+            inc.updatedAt = new Date().toISOString();
+            writeFileSync(incidentsPath, JSON.stringify(incidents, null, 2));
+            console.log(`  Incident ${updateId} → ${newStatus}`);
+        }
+        return;
+    }
+    // Generate from findings
+    if (argv.includes("--generate-from-findings")) {
+        const findings = loadRecentFindings();
+        const criticals = findings.filter((f) => f.severity === "critical");
+        const highs = findings.filter((f) => f.severity === "high");
+        if (criticals.length === 0 && highs.length === 0) {
+            console.log("  No critical or high severity findings to generate incident from.");
+            return;
+        }
+        const severity = criticals.length > 0 ? "critical" : "high";
+        const relevantFindings = criticals.length > 0 ? criticals : highs;
+        const affectedFiles = [...new Set(relevantFindings.map((f) => f.file || "unknown"))];
+        const incident = {
+            id: generateId(),
+            severity,
+            title: `${severity.toUpperCase()} findings detected (${relevantFindings.length})`,
+            description: `Auto-generated incident from ${relevantFindings.length} ${severity} severity findings`,
+            affectedFiles,
+            findings: relevantFindings.map((f) => ({ ruleId: f.ruleId, severity: f.severity, title: f.title })),
+            playbook: generatePlaybook(severity, relevantFindings),
+            status: "open",
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString(),
+        };
+        incidents.push(incident);
+        writeFileSync(incidentsPath, JSON.stringify(incidents, null, 2));
+        console.log(`  Created incident ${incident.id} (${severity}) with ${incident.playbook.length}-step playbook`);
+        return;
+    }
+    // Create
+    if (argv.includes("--create")) {
+        const severity = (argv.find((_a, i) => argv[i - 1] === "--severity") ||
+            "high");
+        const title = argv.find((_a, i) => argv[i - 1] === "--title") || "New security incident";
+        const findings = loadRecentFindings();
+        const incident = {
+            id: generateId(),
+            severity,
+            title,
+            description: `Manually created incident: ${title}`,
+            affectedFiles: [...new Set(findings.map((f) => f.file || "unknown"))],
+            findings: findings.map((f) => ({ ruleId: f.ruleId, severity: f.severity, title: f.title })),
+            playbook: generatePlaybook(severity, findings),
+            status: "open",
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString(),
+        };
+        incidents.push(incident);
+        writeFileSync(incidentsPath, JSON.stringify(incidents, null, 2));
+        console.log(`  Created incident ${incident.id} with ${incident.playbook.length}-step playbook`);
+        return;
+    }
+    console.log("  Use --create, --generate-from-findings, --list, --show, or --update. Run --help for details.");
+}
+//# sourceMappingURL=incident-response.js.map

package/dist/commands/incident-response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"incident-response.js","sourceRoot":"","sources":["../../src/commands/incident-response.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAwB5B,+EAA+E;AAE/E,SAAS,gBAAgB,CACvB,QAAgB,EAChB,QAAoE;IAEpE,MAAM,KAAK,GAAmB;QAC5B;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,oDAAoD;YAC5D,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,SAAS;SAClB;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,gEAAgE;YACxE,KAAK,EAAE,oBAAoB;YAC3B,MAAM,EAAE,SAAS;SAClB;QACD;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,8CAA8C;YACtD,KAAK,EAAE,oBAAoB;YAC3B,MAAM,EAAE,SAAS;SAClB;KACF,CAAC;IAEF,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,KAAK,CAAC,IAAI,CACR;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,qDAAqD;YAC7D,KAAK,EAAE,kBAAkB;YACzB,MAAM,EAAE,SAAS;SAClB,EACD,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,8CAA8C,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,EAC/G,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,+CAA+C,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAC1G,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,iDAAiD,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,CACjH,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CACR;YACE,KAAK,EAAE,CAAC;YACR,MAAM,EAAE,kDAAkD;YAC1D,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,SAAS;SAClB,EACD,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,uCAAuC,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,SAAS,EAAE,EACxG,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,kDAAkD,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,SAAS,EAAE,CAClH,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACjG,IAAI,cAAc,EAAE,CAAC;QACnB,KAAK,CAAC,IAAI,CAAC;YACT,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;YACvB,MAAM,EAAE,sDAAsD;YAC9D,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9F,IAAI,eAAe,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC;YACT,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;YACvB,MAAM,EAAE,4DAA4D;YACpE,KAAK,EAAE,eAAe;YACtB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,IAAI,CACR;QACE,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;QACvB,MAAM,EAAE,+CAA+C;QACvD,KAAK,EAAE,eAAe;QACtB,MAAM,EAAE,SAAS;KAClB,EACD;QACE,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;QACvB,MAAM,EAAE,yDAAyD;QACjE,KAAK,EAAE,oBAAoB;QAC3B,MAAM,EAAE,SAAS;KAClB,EACD;QACE,KAAK,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC;QACvB,MAAM,EAAE,kCAAkC;QAC1C,KAAK,EAAE,oBAAoB;QAC3B,MAAM,EAAE,SAAS;KAClB,CACF,CAAC;IAEF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;AACxD,CAAC;AAED,+EAA+E;AAE/E,SAAS,kBAAkB;IACzB,MAAM,KAAK,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAC;IAC9D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,mBAAmB,CAAC;AAElC,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;CAqBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9D,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACpD,MAAM,SAAS,GAAe,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhH,OAAO;IACP,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,SAAS,CAAC,MAAM,iCAAiC,CAAC,CAAC;YACjF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YACD,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CACT,QAAQ,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,CAChH,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,OAAO;IACP,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAC9E,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;QACnD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,cAAc,MAAM,aAAa,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,EAAE,gCAAgC,CAAC,CAAC;YACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;gBACvF,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,MAAM,MAAM,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,SAAS;IACT,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC;IAClF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,cAAc,QAAQ,aAAa,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAEpE,CAAC;QACd,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,GAAG,SAAS,CAAC;YACvB,GAAG,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACzC,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACjE,OAAO,CAAC,GAAG,CAAC,cAAc,QAAQ,MAAM,SAAS,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,OAAO;IACT,CAAC;IAED,yBAAyB;IACzB,IAAI,IAAI,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;QAC9C,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACpE,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAE5D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CAAC,oEAAoE,CAAC,CAAC;YAClF,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;QAC5D,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;QAClE,MAAM,aAAa,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;QAErF,MAAM,QAAQ,GAAa;YACzB,EAAE,EAAE,UAAU,EAAE;YAChB,QAAQ;YACR,KAAK,EAAE,GAAG,QAAQ,CAAC,WAAW,EAAE,uBAAuB,gBAAgB,CAAC,MAAM,GAAG;YACjF,WAAW,EAAE,gCAAgC,gBAAgB,CAAC,MAAM,IAAI,QAAQ,oBAAoB;YACpG,aAAa;YACb,QAAQ,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YACnG,QAAQ,EAAE,gBAAgB,CAAC,QAAQ,EAAE,gBAAgB,CAAC;YACtD,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,sBAAsB,QAAQ,CAAC,EAAE,KAAK,QAAQ,UAAU,QAAQ,CAAC,QAAQ,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAC9G,OAAO;IACT,CAAC;IAED,SAAS;IACT,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC;YAClF,MAAM,CAAyB,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,IAAI,uBAAuB,CAAC;QACzG,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;QAEtC,MAAM,QAAQ,GAAa;YACzB,EAAE,EAAE,UAAU,EAAE;YAChB,QAAQ;YACR,KAAK;YACL,WAAW,EAAE,8BAA8B,KAAK,EAAE;YAClD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC;YACrE,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;YAC3F,QAAQ,EAAE,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC;YAC9C,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzB,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,sBAAsB,QAAQ,CAAC,EAAE,SAAS,QAAQ,CAAC,QAAQ,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAChG,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,gGAAgG,CAAC,CAAC;AAChH,CAAC"}

package/dist/commands/learning-path.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Learning path — generates personalized developer learning
+ * modules from recurring finding patterns, tracking skill
+ * progression over time.
+ *
+ * All data stored locally.
+ */
+export declare function runLearningPath(argv: string[]): void;
+//# sourceMappingURL=learning-path.d.ts.map

package/dist/commands/learning-path.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"learning-path.d.ts","sourceRoot":"","sources":["../../src/commands/learning-path.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAgNH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA4JpD"}