@kevinrabun/judges 3.48.0 → 3.50.0

package/dist/commands/risk-heatmap.js

@@ -0,0 +1,224 @@
+/**
+ * Risk heatmap — generates a file/directory risk heatmap
+ * combining finding density, severity, and test coverage.
+ *
+ * All data from local files.
+ */
+import { existsSync, readFileSync, readdirSync, mkdirSync, writeFileSync } from "fs";
+import { join, dirname, relative } from "path";
+// ─── Data Loading ───────────────────────────────────────────────────────────
+function loadFindings() {
+    const paths = [".judges-findings.json", "judges-report.json"];
+    for (const p of paths) {
+        if (!existsSync(p))
+            continue;
+        try {
+            const data = JSON.parse(readFileSync(p, "utf-8"));
+            if (Array.isArray(data))
+                return data;
+            if (data.findings)
+                return data.findings;
+        }
+        catch {
+            /* skip */
+        }
+    }
+    return [];
+}
+function getProjectFiles(dir, maxFiles) {
+    const result = [];
+    const skipDirs = new Set(["node_modules", ".git", "dist", "build", "coverage", ".next", "__pycache__"]);
+    function walk(d) {
+        if (result.length >= maxFiles)
+            return;
+        let names;
+        try {
+            names = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const name of names) {
+            if (result.length >= maxFiles)
+                return;
+            if (skipDirs.has(name))
+                continue;
+            const full = join(d, name);
+            try {
+                const sub = readdirSync(full);
+                void sub;
+                walk(full);
+            }
+            catch {
+                result.push(relative(dir, full));
+            }
+        }
+    }
+    walk(dir);
+    return result;
+}
+// ─── Heatmap ────────────────────────────────────────────────────────────────
+function buildHeatmap(findings) {
+    const fileMap = new Map();
+    for (const f of findings) {
+        const file = f.file || "unknown";
+        if (!fileMap.has(file))
+            fileMap.set(file, { findings: 0, critical: 0, high: 0 });
+        const entry = fileMap.get(file);
+        entry.findings++;
+        if (f.severity === "critical")
+            entry.critical++;
+        if (f.severity === "high")
+            entry.high++;
+    }
+    // Also aggregate by directory
+    const dirMap = new Map();
+    for (const [file, data] of fileMap) {
+        const dir = dirname(file);
+        if (!dirMap.has(dir))
+            dirMap.set(dir, { findings: 0, critical: 0, high: 0 });
+        const entry = dirMap.get(dir);
+        entry.findings += data.findings;
+        entry.critical += data.critical;
+        entry.high += data.high;
+    }
+    const entries = [];
+    for (const [path, data] of [...fileMap, ...dirMap]) {
+        const riskScore = data.critical * 10 + data.high * 5 + (data.findings - data.critical - data.high) * 2;
+        let riskLevel = "clean";
+        if (riskScore > 30)
+            riskLevel = "critical";
+        else if (riskScore > 15)
+            riskLevel = "high";
+        else if (riskScore > 5)
+            riskLevel = "medium";
+        else if (riskScore > 0)
+            riskLevel = "low";
+        entries.push({
+            path,
+            findingCount: data.findings,
+            criticalCount: data.critical,
+            highCount: data.high,
+            riskScore,
+            riskLevel,
+        });
+    }
+    return entries.sort((a, b) => b.riskScore - a.riskScore);
+}
+function renderHeatmapHtml(entries) {
+    const rows = entries
+        .slice(0, 50)
+        .map((e) => {
+        const color = e.riskLevel === "critical"
+            ? "#dc3545"
+            : e.riskLevel === "high"
+                ? "#fd7e14"
+                : e.riskLevel === "medium"
+                    ? "#ffc107"
+                    : e.riskLevel === "low"
+                        ? "#28a745"
+                        : "#6c757d";
+        return `<tr><td>${e.path}</td><td style="background:${color};color:white;text-align:center">${e.riskScore}</td><td>${e.findingCount}</td><td>${e.criticalCount}</td><td>${e.highCount}</td></tr>`;
+    })
+        .join("\n");
+    return `<!DOCTYPE html>
+<html><head><title>Risk Heatmap</title>
+<style>body{font-family:system-ui;margin:2rem}table{border-collapse:collapse;width:100%}th,td{padding:8px 12px;border:1px solid #ddd;text-align:left}th{background:#f5f5f5}tr:hover{background:#f0f0f0}</style>
+</head><body>
+<h1>Risk Heatmap</h1>
+<p>Generated: ${new Date().toISOString()}</p>
+<table><thead><tr><th>Path</th><th>Risk Score</th><th>Findings</th><th>Critical</th><th>High</th></tr></thead>
+<tbody>${rows}</tbody></table>
+</body></html>`;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-risk-heatmap";
+export function runRiskHeatmap(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges risk-heatmap — File/directory risk visualization
+
+Usage:
+  judges risk-heatmap
+  judges risk-heatmap --risk critical,high
+  judges risk-heatmap --html
+  judges risk-heatmap --dirs-only
+
+Options:
+  --risk <levels>       Filter by risk level (comma-separated)
+  --html                Generate HTML heatmap report
+  --dirs-only           Show directory-level aggregation only
+  --top <n>             Show top N riskiest entries
+  --save                Save report to ${STORE}/
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const findings = loadFindings();
+    if (findings.length === 0) {
+        console.log("  No findings data found. Run a scan first to populate findings.");
+        return;
+    }
+    let entries = buildHeatmap(findings);
+    // Filters
+    if (argv.includes("--dirs-only")) {
+        entries = entries.filter((e) => !e.path.includes(".") || e.path === ".");
+    }
+    const riskFilter = argv.find((_a, i) => argv[i - 1] === "--risk");
+    if (riskFilter) {
+        const allowed = riskFilter.split(",");
+        entries = entries.filter((e) => allowed.includes(e.riskLevel));
+    }
+    const topN = argv.find((_a, i) => argv[i - 1] === "--top");
+    if (topN)
+        entries = entries.slice(0, parseInt(topN, 10));
+    const totalFindings = findings.length;
+    const hotspots = entries.filter((e) => e.riskLevel === "critical").map((e) => e.path);
+    const _projectFiles = getProjectFiles(".", 1000);
+    const report = {
+        entries,
+        totalFiles: entries.length,
+        totalFindings,
+        hotspots,
+        timestamp: new Date().toISOString(),
+    };
+    // HTML output
+    if (argv.includes("--html")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        const html = renderHeatmapHtml(entries);
+        const htmlPath = join(STORE, "heatmap.html");
+        writeFileSync(htmlPath, html);
+        console.log(`  HTML heatmap saved to ${htmlPath}`);
+        return;
+    }
+    // Save
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "heatmap.json"), JSON.stringify(report, null, 2));
+        console.log(`  Report saved to ${STORE}/heatmap.json`);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(report, null, 2));
+    }
+    else {
+        console.log(`\n  Risk Heatmap — ${totalFindings} findings across ${entries.length} locations`);
+        console.log(`  ──────────────────────────`);
+        if (hotspots.length > 0) {
+            console.log(`\n  🔥 Critical hotspots: ${hotspots.slice(0, 5).join(", ")}`);
+        }
+        console.log("");
+        for (const e of entries.slice(0, 25)) {
+            const bar = "█".repeat(Math.min(e.riskScore, 20));
+            const label = e.riskLevel.toUpperCase().padEnd(8);
+            console.log(`    [${label}] ${e.path.padEnd(40)} ${bar} ${e.riskScore} (${e.findingCount} findings)`);
+        }
+        if (entries.length > 25)
+            console.log(`    ... and ${entries.length - 25} more`);
+        console.log("");
+    }
+}
+//# sourceMappingURL=risk-heatmap.js.map

package/dist/commands/risk-heatmap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-heatmap.js","sourceRoot":"","sources":["../../src/commands/risk-heatmap.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACrF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAqB/C,+EAA+E;AAE/E,SAAS,YAAY;IACnB,MAAM,KAAK,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,CAAC;IAC9D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,IAAI,IAAI,CAAC,QAAQ;gBAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,UAAU;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,GAAW,EAAE,QAAgB;IACpD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IAExG,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,MAAM,CAAC,MAAM,IAAI,QAAQ;YAAE,OAAO;QACtC,IAAI,KAAe,CAAC;QACpB,IAAI,CAAC;YACH,KAAK,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,MAAM,CAAC,MAAM,IAAI,QAAQ;gBAAE,OAAO;YACtC,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9B,KAAK,GAAG,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,QAAoD;IACxE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAgE,CAAC;IAExF,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QACjF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAE,CAAC;QACjC,KAAK,CAAC,QAAQ,EAAE,CAAC;QACjB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;QAChD,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED,8BAA8B;IAC9B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAgE,CAAC;IACvF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;QAC7E,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;QAC/B,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QAChC,KAAK,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC;QAChC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC;IAC1B,CAAC;IAED,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvG,IAAI,SAAS,GAA2B,OAAO,CAAC;QAChD,IAAI,SAAS,GAAG,EAAE;YAAE,SAAS,GAAG,UAAU,CAAC;aACtC,IAAI,SAAS,GAAG,EAAE;YAAE,SAAS,GAAG,MAAM,CAAC;aACvC,IAAI,SAAS,GAAG,CAAC;YAAE,SAAS,GAAG,QAAQ,CAAC;aACxC,IAAI,SAAS,GAAG,CAAC;YAAE,SAAS,GAAG,KAAK,CAAC;QAE1C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,YAAY,EAAE,IAAI,CAAC,QAAQ;YAC3B,aAAa,EAAE,IAAI,CAAC,QAAQ;YAC5B,SAAS,EAAE,IAAI,CAAC,IAAI;YACpB,SAAS;YACT,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAoB;IAC7C,MAAM,IAAI,GAAG,OAAO;SACjB,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;SACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACT,MAAM,KAAK,GACT,CAAC,CAAC,SAAS,KAAK,UAAU;YACxB,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM;gBACtB,CAAC,CAAC,SAAS;gBACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ;oBACxB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,KAAK;wBACrB,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,SAAS,CAAC;QACtB,OAAO,WAAW,CAAC,CAAC,IAAI,8BAA8B,KAAK,mCAAmC,CAAC,CAAC,SAAS,YAAY,CAAC,CAAC,YAAY,YAAY,CAAC,CAAC,aAAa,YAAY,CAAC,CAAC,SAAS,YAAY,CAAC;IACpM,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,OAAO;;;;;gBAKO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;;SAE/B,IAAI;eACE,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,sBAAsB,CAAC;AAErC,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;yCAcyB,KAAK;;;CAG7C,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAEhC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAC;QAChF,OAAO;IACT,CAAC;IAED,IAAI,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IAErC,UAAU;IACV,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAClF,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAC3E,IAAI,IAAI;QAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAEzD,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC;IACtC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtF,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAkB;QAC5B,OAAO;QACP,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,aAAa;QACb,QAAQ;QACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,cAAc;IACd,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;QAC7C,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,2BAA2B,QAAQ,EAAE,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,OAAO;IACP,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,cAAc,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,eAAe,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,sBAAsB,aAAa,oBAAoB,OAAO,CAAC,MAAM,YAAY,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAE5C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,6BAA6B,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;YAClD,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,YAAY,YAAY,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/sbom-export.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SBOM export — generates Software Bill of Materials in
+ * CycloneDX-compatible JSON from project manifests.
+ *
+ * All data from local project files.
+ */
+export declare function runSbomExport(argv: string[]): void;
+//# sourceMappingURL=sbom-export.d.ts.map

package/dist/commands/sbom-export.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sbom-export.d.ts","sourceRoot":"","sources":["../../src/commands/sbom-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAyIH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkDlD"}

package/dist/commands/sbom-export.js

@@ -0,0 +1,162 @@
+/**
+ * SBOM export — generates Software Bill of Materials in
+ * CycloneDX-compatible JSON from project manifests.
+ *
+ * All data from local project files.
+ */
+import { existsSync, readFileSync, mkdirSync, writeFileSync } from "fs";
+import { join, basename } from "path";
+// ─── Parsers ────────────────────────────────────────────────────────────────
+function parsePackageJson() {
+    if (!existsSync("package.json"))
+        return [];
+    try {
+        const pkg = JSON.parse(readFileSync("package.json", "utf-8"));
+        const components = [];
+        for (const [name, ver] of Object.entries(pkg.dependencies || {})) {
+            components.push({
+                type: "library",
+                name,
+                version: String(ver).replace(/^[\^~>=<]+/, ""),
+                purl: `pkg:npm/${name.replace("/", "%2F")}@${String(ver).replace(/^[\^~>=<]+/, "")}`,
+                scope: "required",
+                licenses: [],
+            });
+        }
+        for (const [name, ver] of Object.entries(pkg.devDependencies || {})) {
+            components.push({
+                type: "library",
+                name,
+                version: String(ver).replace(/^[\^~>=<]+/, ""),
+                purl: `pkg:npm/${name.replace("/", "%2F")}@${String(ver).replace(/^[\^~>=<]+/, "")}`,
+                scope: "optional",
+                licenses: [],
+            });
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function parseRequirements() {
+    if (!existsSync("requirements.txt"))
+        return [];
+    try {
+        const lines = readFileSync("requirements.txt", "utf-8").split("\n");
+        const components = [];
+        for (const line of lines) {
+            const match = /^([a-zA-Z0-9_-]+)==(.+)/.exec(line.trim());
+            if (match) {
+                components.push({
+                    type: "library",
+                    name: match[1],
+                    version: match[2],
+                    purl: `pkg:pypi/${match[1]}@${match[2]}`,
+                    scope: "required",
+                    licenses: [],
+                });
+            }
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function parseGoMod() {
+    if (!existsSync("go.mod"))
+        return [];
+    try {
+        const lines = readFileSync("go.mod", "utf-8").split("\n");
+        const components = [];
+        for (const line of lines) {
+            const match = /^\s+([\w./\-@]+)\s+(v[\d.]+)/.exec(line);
+            if (match) {
+                components.push({
+                    type: "library",
+                    name: match[1],
+                    version: match[2],
+                    purl: `pkg:golang/${match[1]}@${match[2]}`,
+                    scope: "required",
+                    licenses: [],
+                });
+            }
+        }
+        return components;
+    }
+    catch {
+        return [];
+    }
+}
+function buildSbom() {
+    const projectName = existsSync("package.json")
+        ? JSON.parse(readFileSync("package.json", "utf-8")).name || basename(process.cwd())
+        : basename(process.cwd());
+    const projectVersion = existsSync("package.json")
+        ? JSON.parse(readFileSync("package.json", "utf-8")).version || "0.0.0"
+        : "0.0.0";
+    const components = [...parsePackageJson(), ...parseRequirements(), ...parseGoMod()];
+    return {
+        bomFormat: "CycloneDX",
+        specVersion: "1.5",
+        version: 1,
+        metadata: {
+            timestamp: new Date().toISOString(),
+            component: { type: "application", name: projectName, version: projectVersion },
+            tools: [{ name: "@kevinrabun/judges", version: "3.48.0" }],
+        },
+        components,
+    };
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+const STORE = ".judges-sbom";
+export function runSbomExport(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges sbom-export — Generate Software Bill of Materials
+
+Usage:
+  judges sbom-export
+  judges sbom-export --save
+  judges sbom-export --summary
+
+Options:
+  --save                Save SBOM to ${STORE}/sbom.json
+  --summary             Show component summary only
+  --format json         JSON output (default for SBOM)
+  --help, -h            Show this help
+
+Supports: package.json, requirements.txt, go.mod
+`);
+        return;
+    }
+    const sbom = buildSbom();
+    if (argv.includes("--save")) {
+        if (!existsSync(STORE))
+            mkdirSync(STORE, { recursive: true });
+        writeFileSync(join(STORE, "sbom.json"), JSON.stringify(sbom, null, 2));
+        console.log(`  SBOM saved to ${STORE}/sbom.json (${sbom.components.length} components)`);
+        return;
+    }
+    if (argv.includes("--summary")) {
+        const required = sbom.components.filter((c) => c.scope === "required").length;
+        const optional = sbom.components.filter((c) => c.scope === "optional").length;
+        const types = new Map();
+        for (const c of sbom.components) {
+            const ecosystem = c.purl.split(":")[1]?.split("/")[0] || "unknown";
+            types.set(ecosystem, (types.get(ecosystem) || 0) + 1);
+        }
+        console.log(`\n  SBOM Summary — ${sbom.metadata.component.name}@${sbom.metadata.component.version}`);
+        console.log(`  ──────────────────────────`);
+        console.log(`    Total components: ${sbom.components.length}`);
+        console.log(`    Required: ${required}  Optional: ${optional}`);
+        for (const [eco, count] of types)
+            console.log(`    ${eco}: ${count}`);
+        console.log(`\n  Run --save to export full CycloneDX SBOM\n`);
+        return;
+    }
+    // Default: print full SBOM
+    console.log(JSON.stringify(sbom, null, 2));
+}
+//# sourceMappingURL=sbom-export.js.map

package/dist/commands/sbom-export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sbom-export.js","sourceRoot":"","sources":["../../src/commands/sbom-export.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAyBtC,+EAA+E;AAE/E,SAAS,gBAAgB;IACvB,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAoB,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;YACjE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI;gBACJ,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;gBAC9C,IAAI,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE;gBACpF,KAAK,EAAE,UAAU;gBACjB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC,EAAE,CAAC;YACpE,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,SAAS;gBACf,IAAI;gBACJ,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;gBAC9C,IAAI,EAAE,WAAW,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE;gBACpF,KAAK,EAAE,UAAU;gBACjB,QAAQ,EAAE,EAAE;aACb,CAAC,CAAC;QACL,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB;IACxB,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC;QAAE,OAAO,EAAE,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpE,MAAM,UAAU,GAAoB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1D,IAAI,KAAK,EAAE,CAAC;gBACV,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjB,IAAI,EAAE,YAAY,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;oBACxC,KAAK,EAAE,UAAU;oBACjB,QAAQ,EAAE,EAAE;iBACb,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAoB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,KAAK,EAAE,CAAC;gBACV,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;oBACd,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;oBACjB,IAAI,EAAE,cAAc,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;oBAC1C,KAAK,EAAE,UAAU;oBACjB,QAAQ,EAAE,EAAE;iBACb,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,WAAW,GAAG,UAAU,CAAC,cAAc,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACnF,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAE5B,MAAM,cAAc,GAAG,UAAU,CAAC,cAAc,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,IAAI,OAAO;QACtE,CAAC,CAAC,OAAO,CAAC;IAEZ,MAAM,UAAU,GAAG,CAAC,GAAG,gBAAgB,EAAE,EAAE,GAAG,iBAAiB,EAAE,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;IAEpF,OAAO;QACL,SAAS,EAAE,WAAW;QACtB,WAAW,EAAE,KAAK;QAClB,OAAO,EAAE,CAAC;QACV,QAAQ,EAAE;YACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE;YAC9E,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;SAC3D;QACD,UAAU;KACX,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,KAAK,GAAG,cAAc,CAAC;AAE7B,MAAM,UAAU,aAAa,CAAC,IAAc;IAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;uCASuB,KAAK;;;;;;CAM3C,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IAEzB,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;YAAE,SAAS,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,eAAe,IAAI,CAAC,UAAU,CAAC,MAAM,cAAc,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC9E,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC9E,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;YACnE,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC;QACrG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,eAAe,QAAQ,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,KAAK;YAAE,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,2BAA2B;IAC3B,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC7C,CAAC"}

package/dist/commands/secret-scan.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Secret scan — entropy-based and regex-based secret detection
+ * in source files. Optimized for CI gates and pre-commit hooks.
+ *
+ * All analysis local — no external services.
+ */
+export declare function runSecretScan(argv: string[]): void;
+//# sourceMappingURL=secret-scan.d.ts.map

package/dist/commands/secret-scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scan.d.ts","sourceRoot":"","sources":["../../src/commands/secret-scan.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAsMH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAmFlD"}