@kevinrabun/judges 3.49.0 → 3.50.0

package/dist/commands/iac-lint.js

@@ -0,0 +1,313 @@
+/**
+ * IaC lint — dedicated linting for Dockerfiles, Kubernetes
+ * manifests, and Helm charts for security misconfigurations.
+ *
+ * All analysis local.
+ */
+import { existsSync, readFileSync, readdirSync } from "fs";
+import { join, basename } from "path";
+// ─── Rules ──────────────────────────────────────────────────────────────────
+const IAC_RULES = [
+    // Dockerfile rules
+    {
+        id: "dockerfile-run-as-root",
+        type: "dockerfile",
+        severity: "high",
+        check: (_content, lines) => {
+            const hasUser = lines.some((l) => /^USER\s+(?!root)/i.test(l.trim()));
+            if (!hasUser)
+                return [{ line: 1, message: "No USER directive — container runs as root" }];
+            return [];
+        },
+        recommendation: "Add USER directive with a non-root user",
+    },
+    {
+        id: "dockerfile-latest-tag",
+        type: "dockerfile",
+        severity: "medium",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^FROM\s+\S+:latest/i.test(lines[i].trim()) ||
+                    (/^FROM\s+\S+$/i.test(lines[i].trim()) && !lines[i].includes(":"))) {
+                    results.push({ line: i + 1, message: "Using 'latest' or untagged base image" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Pin base image to a specific version tag",
+    },
+    {
+        id: "dockerfile-copy-chown",
+        type: "dockerfile",
+        severity: "low",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^COPY\s/i.test(lines[i].trim()) && !lines[i].includes("--chown")) {
+                    results.push({ line: i + 1, message: "COPY without --chown — files owned by root" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Use COPY --chown=user:group to set proper ownership",
+    },
+    {
+        id: "dockerfile-add-url",
+        type: "dockerfile",
+        severity: "high",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^ADD\s+https?:\/\//i.test(lines[i].trim())) {
+                    results.push({ line: i + 1, message: "ADD with URL — use COPY + RUN curl instead" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Replace ADD with RUN curl/wget + COPY for better security",
+    },
+    {
+        id: "dockerfile-env-secret",
+        type: "dockerfile",
+        severity: "critical",
+        check: (_content, lines) => {
+            const results = [];
+            for (let i = 0; i < lines.length; i++) {
+                if (/^ENV\s+.*(?:PASSWORD|SECRET|API_KEY|TOKEN)\s*=/i.test(lines[i].trim())) {
+                    results.push({ line: i + 1, message: "Secret exposed in ENV directive" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Use Docker secrets or runtime environment variables instead",
+    },
+    // Kubernetes rules
+    {
+        id: "k8s-privileged",
+        type: "kubernetes",
+        severity: "critical",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/privileged:\s*true/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Container running in privileged mode" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Set privileged: false and use specific capabilities instead",
+    },
+    {
+        id: "k8s-host-network",
+        type: "kubernetes",
+        severity: "high",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/hostNetwork:\s*true/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Pod using host network namespace" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Disable hostNetwork unless absolutely required",
+    },
+    {
+        id: "k8s-no-resource-limits",
+        type: "kubernetes",
+        severity: "medium",
+        check: (content) => {
+            if (/kind:\s*(?:Deployment|Pod|StatefulSet|DaemonSet)/i.test(content) &&
+                !/resources:\s*\n\s+limits:/i.test(content)) {
+                return [{ line: 1, message: "No resource limits defined" }];
+            }
+            return [];
+        },
+        recommendation: "Add resources.limits for CPU and memory",
+    },
+    {
+        id: "k8s-run-as-root",
+        type: "kubernetes",
+        severity: "high",
+        check: (content) => {
+            const results = [];
+            const lines = content.split("\n");
+            for (let i = 0; i < lines.length; i++) {
+                if (/runAsUser:\s*0/i.test(lines[i])) {
+                    results.push({ line: i + 1, message: "Container running as root (UID 0)" });
+                }
+            }
+            return results;
+        },
+        recommendation: "Set runAsUser to a non-zero UID and runAsNonRoot: true",
+    },
+    {
+        id: "k8s-no-readiness-probe",
+        type: "kubernetes",
+        severity: "low",
+        check: (content) => {
+            if (/kind:\s*Deployment/i.test(content) && !/readinessProbe:/i.test(content)) {
+                return [{ line: 1, message: "No readiness probe configured" }];
+            }
+            return [];
+        },
+        recommendation: "Add readinessProbe for proper traffic management",
+    },
+];
+// ─── Scanner ────────────────────────────────────────────────────────────────
+function detectFileType(filePath, content) {
+    const name = basename(filePath).toLowerCase();
+    if (name === "dockerfile" || name.startsWith("dockerfile."))
+        return "dockerfile";
+    if (name.endsWith(".dockerfile"))
+        return "dockerfile";
+    if (/kind:\s*(?:Deployment|Service|Pod|StatefulSet|DaemonSet|ConfigMap|Secret|Ingress)/i.test(content))
+        return "kubernetes";
+    if (/apiVersion:\s*v\d|apiVersion:\s*apps\//i.test(content))
+        return "kubernetes";
+    if (name === "chart.yaml" || name === "values.yaml")
+        return "helm";
+    return null;
+}
+function collectIacFiles(dir) {
+    const result = [];
+    const skipDirs = new Set(["node_modules", ".git", "dist", "build"]);
+    function walk(d) {
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const name of entries) {
+            if (skipDirs.has(name))
+                continue;
+            const full = join(d, name);
+            try {
+                const sub = readdirSync(full);
+                void sub;
+                walk(full);
+            }
+            catch {
+                const lower = name.toLowerCase();
+                if (lower.includes("dockerfile") || lower.endsWith(".yaml") || lower.endsWith(".yml")) {
+                    result.push(full);
+                }
+            }
+        }
+    }
+    walk(dir);
+    return result;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runIacLint(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges iac-lint — Lint Dockerfiles, Kubernetes manifests, and Helm charts
+
+Usage:
+  judges iac-lint [dir]
+  judges iac-lint Dockerfile
+  judges iac-lint k8s/ --severity critical,high
+
+Options:
+  --severity <levels>   Filter by severity (comma-separated)
+  --rules               List all IaC lint rules
+  --format json         JSON output
+  --help, -h            Show this help
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    // List rules
+    if (argv.includes("--rules")) {
+        if (format === "json") {
+            console.log(JSON.stringify(IAC_RULES.map(({ check: _c, ...rest }) => rest), null, 2));
+        }
+        else {
+            console.log(`\n  IaC Lint Rules (${IAC_RULES.length})\n  ──────────────────────────`);
+            for (const r of IAC_RULES) {
+                console.log(`    [${r.severity.toUpperCase().padEnd(8)}] ${r.id.padEnd(30)} (${r.type})`);
+            }
+            console.log("");
+        }
+        return;
+    }
+    const target = argv.find((a) => !a.startsWith("--") && !argv[argv.indexOf(a) - 1]?.startsWith("--")) || ".";
+    const sevFilter = argv.find((_a, i) => argv[i - 1] === "--severity");
+    // Collect files
+    let files;
+    if (existsSync(target)) {
+        try {
+            readdirSync(target);
+            files = collectIacFiles(target);
+        }
+        catch {
+            files = [target];
+        }
+    }
+    else {
+        console.error(`  Path not found: ${target}`);
+        return;
+    }
+    let findings = [];
+    for (const file of files) {
+        let content;
+        try {
+            content = readFileSync(file, "utf-8");
+        }
+        catch {
+            continue;
+        }
+        const fileType = detectFileType(file, content);
+        if (!fileType)
+            continue;
+        const applicableRules = IAC_RULES.filter((r) => r.type === fileType);
+        const lines = content.split("\n");
+        for (const rule of applicableRules) {
+            const matches = rule.check(content, lines);
+            for (const m of matches) {
+                findings.push({
+                    file,
+                    line: m.line,
+                    ruleId: rule.id,
+                    severity: rule.severity,
+                    message: m.message,
+                    recommendation: rule.recommendation,
+                });
+            }
+        }
+    }
+    if (sevFilter) {
+        const allowed = sevFilter.split(",");
+        findings = findings.filter((f) => allowed.includes(f.severity));
+    }
+    if (format === "json") {
+        console.log(JSON.stringify({ findings, scannedFiles: files.length, timestamp: new Date().toISOString() }, null, 2));
+    }
+    else {
+        console.log(`\n  IaC Lint — ${files.length} files scanned`);
+        console.log(`  Found: ${findings.length} issues\n  ──────────────────────────`);
+        if (findings.length === 0) {
+            console.log(`    ✅ No IaC issues detected\n`);
+            return;
+        }
+        for (const sev of ["critical", "high", "medium", "low"]) {
+            const items = findings.filter((f) => f.severity === sev);
+            if (items.length === 0)
+                continue;
+            console.log(`\n    ${sev.toUpperCase()} (${items.length})`);
+            for (const f of items) {
+                console.log(`      ${f.file}:${f.line} — ${f.ruleId}`);
+                console.log(`        ${f.message}`);
+                console.log(`        → ${f.recommendation}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=iac-lint.js.map

package/dist/commands/iac-lint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iac-lint.js","sourceRoot":"","sources":["../../src/commands/iac-lint.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,IAAI,CAAC;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAqBtC,+EAA+E;AAE/E,MAAM,SAAS,GAAc;IAC3B,mBAAmB;IACnB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YACtE,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;YAC1F,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,yCAAyC;KAC1D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IACE,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAC3C,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAClE,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,0CAA0C;KAC3D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACtE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,qDAAqD;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBAChD,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAC;gBACvF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,2DAA2D;KAC5E;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE;YACzB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,iDAAiD,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;oBAC5E,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,6DAA6D;KAC9E;IAED,mBAAmB;IACnB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACzC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,6DAA6D;KAC9E;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC1C,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,gDAAgD;KACjE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IACE,mDAAmD,CAAC,IAAI,CAAC,OAAO,CAAC;gBACjE,CAAC,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,EAC3C,CAAC;gBACD,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,yCAAyC;KAC1D;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,MAAM,OAAO,GAA6C,EAAE,CAAC;YAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACrC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,mCAAmC,EAAE,CAAC,CAAC;gBAC9E,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,cAAc,EAAE,wDAAwD;KACzE;IACD;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,YAAY;QAClB,QAAQ,EAAE,KAAK;QACf,KAAK,EAAE,CAAC,OAAO,EAAE,EAAE;YACjB,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,cAAc,EAAE,kDAAkD;KACnE;CACF,CAAC;AAEF,+EAA+E;AAE/E,SAAS,cAAc,CAAC,QAAgB,EAAE,OAAe;IACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;QAAE,OAAO,YAAY,CAAC;IACjF,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,YAAY,CAAC;IACtD,IAAI,oFAAoF,CAAC,IAAI,CAAC,OAAO,CAAC;QACpG,OAAO,YAAY,CAAC;IACtB,IAAI,yCAAyC,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IACjF,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,aAAa;QAAE,OAAO,MAAM,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAEpE,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC;gBAAE,SAAS;YACjC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9B,KAAK,GAAG,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;oBACtF,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACpB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,UAAU,CAAC,IAAc;IACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAaf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,aAAa;IACb,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,CAAC,IAAI,CAAC,EAC/C,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,uBAAuB,SAAS,CAAC,MAAM,iCAAiC,CAAC,CAAC;YACtF,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAC5F,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC;IACpH,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC;IAErF,gBAAgB;IAChB,IAAI,KAAe,CAAC;IACpB,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,WAAW,CAAC,MAAM,CAAC,CAAC;YACpB,KAAK,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAiB,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3C,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACxB,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI;oBACJ,IAAI,EAAE,CAAC,CAAC,IAAI;oBACZ,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,MAAM,gBAAgB,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,YAAY,QAAQ,CAAC,MAAM,uCAAuC,CAAC,CAAC;QAEhF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;YACxD,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,GAAG,CAAC,CAAC;YACzD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YACjC,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;YAC5D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;gBACpC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/perf-compare.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Perf compare — before/after performance comparison of code changes.
+ * Compares algorithmic complexity, loop nesting, allocation patterns,
+ * and async anti-patterns between two code versions.
+ *
+ * All analysis local.
+ */
+export declare function runPerfCompare(argv: string[]): void;
+//# sourceMappingURL=perf-compare.d.ts.map

package/dist/commands/perf-compare.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"perf-compare.d.ts","sourceRoot":"","sources":["../../src/commands/perf-compare.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA4KH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkHnD"}

package/dist/commands/perf-compare.js

@@ -0,0 +1,246 @@
+/**
+ * Perf compare — before/after performance comparison of code changes.
+ * Compares algorithmic complexity, loop nesting, allocation patterns,
+ * and async anti-patterns between two code versions.
+ *
+ * All analysis local.
+ */
+import { existsSync, readFileSync } from "fs";
+// ─── Analysers ──────────────────────────────────────────────────────────────
+function analyzePerformance(content) {
+    const lines = content.split("\n");
+    // Loop depth
+    let maxLoopDepth = 0;
+    let currentDepth = 0;
+    let loopCount = 0;
+    for (const line of lines) {
+        if (/\b(?:for|while|do)\s*\(/.test(line) || /\.(?:forEach|map|filter|reduce|flatMap|some|every)\s*\(/.test(line)) {
+            currentDepth++;
+            loopCount++;
+            maxLoopDepth = Math.max(maxLoopDepth, currentDepth);
+        }
+        // Rough depth tracking by braces
+        const opens = (line.match(/{/g) || []).length;
+        const closes = (line.match(/}/g) || []).length;
+        if (closes > opens && currentDepth > 0)
+            currentDepth--;
+    }
+    // Allocations (new, object/array literals in loops)
+    let allocations = 0;
+    for (const line of lines) {
+        if (/\bnew\s+\w+/.test(line))
+            allocations++;
+        if (/(?:new\s+Array|new\s+Object|\[\s*\]|\{\s*\})\s*;?\s*$/.test(line.trim()))
+            allocations++;
+    }
+    // Async anti-patterns
+    let asyncAntiPatterns = 0;
+    for (let i = 0; i < lines.length; i++) {
+        // await in loop
+        if (/\bawait\b/.test(lines[i]) && currentDepth > 0)
+            asyncAntiPatterns++;
+        // sequential awaits that could be parallel
+        if (/\bawait\b/.test(lines[i]) && i > 0 && /\bawait\b/.test(lines[i - 1]))
+            asyncAntiPatterns++;
+    }
+    // Recursive calls
+    let recursiveCalls = 0;
+    const fnNames = [];
+    for (const line of lines) {
+        const fnMatch = line.match(/(?:function\s+(\w+)|(?:const|let|var)\s+(\w+)\s*=\s*(?:async\s+)?(?:\(|function))/);
+        if (fnMatch)
+            fnNames.push(fnMatch[1] || fnMatch[2]);
+    }
+    for (const line of lines) {
+        for (const fn of fnNames) {
+            if (fn && new RegExp(`\\b${fn}\\s*\\(`).test(line)) {
+                const fnDef = lines.find((l) => l.includes(`function ${fn}`) || l.includes(`${fn} =`));
+                if (fnDef && fnDef !== line)
+                    recursiveCalls++;
+            }
+        }
+    }
+    // Regex count (complex regex can be perf bottleneck)
+    let regexCount = 0;
+    for (const line of lines) {
+        if (/new\s+RegExp|\/[^/]+\/[gimsuy]*/.test(line))
+            regexCount++;
+    }
+    // String concatenation in loops
+    let stringConcat = 0;
+    for (const line of lines) {
+        if (/\+=\s*["'`]|["'`]\s*\+/.test(line))
+            stringConcat++;
+    }
+    // Nested callbacks
+    let nestedCallbacks = 0;
+    let callbackDepth = 0;
+    for (const line of lines) {
+        if (/\bcallback\b|function\s*\(|=>\s*{/.test(line)) {
+            callbackDepth++;
+            if (callbackDepth >= 3)
+                nestedCallbacks++;
+        }
+        if (/}\s*\)/.test(line) && callbackDepth > 0)
+            callbackDepth--;
+    }
+    // Big-O estimate
+    let bigO = "O(n)";
+    if (maxLoopDepth >= 3)
+        bigO = "O(n³+)";
+    else if (maxLoopDepth === 2)
+        bigO = "O(n²)";
+    else if (recursiveCalls > 0 && maxLoopDepth > 0)
+        bigO = "O(n log n)";
+    else if (loopCount === 0)
+        bigO = "O(1)";
+    return {
+        loopDepth: maxLoopDepth,
+        loopCount,
+        allocations,
+        asyncAntiPatterns,
+        recursiveCalls,
+        regexCount,
+        stringConcat,
+        nestedCallbacks,
+        bigOEstimate: bigO,
+        lineCount: lines.length,
+    };
+}
+function compareAnalyses(before, after) {
+    const metrics = [];
+    function add(name, b, a, higherIsWorse, severity) {
+        const delta = a - b;
+        let verdict = "unchanged";
+        if (delta !== 0)
+            verdict = delta > 0 === higherIsWorse ? "regressed" : "improved";
+        metrics.push({
+            name,
+            before: b,
+            after: a,
+            delta,
+            verdict,
+            severity: verdict === "regressed" ? severity : undefined,
+        });
+    }
+    add("Loop nesting depth", before.loopDepth, after.loopDepth, true, "high");
+    add("Loop count", before.loopCount, after.loopCount, true, "medium");
+    add("Allocations", before.allocations, after.allocations, true, "medium");
+    add("Async anti-patterns", before.asyncAntiPatterns, after.asyncAntiPatterns, true, "high");
+    add("Recursive calls", before.recursiveCalls, after.recursiveCalls, true, "medium");
+    add("Regex operations", before.regexCount, after.regexCount, true, "low");
+    add("String concatenations", before.stringConcat, after.stringConcat, true, "low");
+    add("Nested callbacks", before.nestedCallbacks, after.nestedCallbacks, true, "medium");
+    add("Lines of code", before.lineCount, after.lineCount, true, "low");
+    // Big-O change
+    const oOrder = ["O(1)", "O(log n)", "O(n)", "O(n log n)", "O(n²)", "O(n³+)"];
+    const bIdx = oOrder.indexOf(before.bigOEstimate);
+    const aIdx = oOrder.indexOf(after.bigOEstimate);
+    metrics.push({
+        name: "Algorithmic complexity",
+        before: bIdx,
+        after: aIdx,
+        delta: aIdx - bIdx,
+        verdict: aIdx > bIdx ? "regressed" : aIdx < bIdx ? "improved" : "unchanged",
+        severity: aIdx > bIdx ? "critical" : undefined,
+        detail: `${before.bigOEstimate} → ${after.bigOEstimate}`,
+    });
+    return metrics;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runPerfCompare(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges perf-compare — Before/after performance comparison
+
+Usage:
+  judges perf-compare <before-file> <after-file>
+  judges perf-compare old.ts new.ts --format json
+
+Options:
+  --format json   JSON output
+  --help, -h      Show this help
+
+Analyses:
+  • Loop nesting depth & count
+  • Memory allocations
+  • Async anti-patterns (await in loop, sequential awaits)
+  • Recursive call patterns
+  • Regex operation count
+  • String concatenation patterns
+  • Callback nesting depth
+  • Algorithmic complexity estimate (Big-O)
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const positional = argv.filter((a) => !a.startsWith("--") && !argv[argv.indexOf(a) - 1]?.startsWith("--"));
+    if (positional.length < 2) {
+        console.error("  Usage: judges perf-compare <before-file> <after-file>");
+        return;
+    }
+    const [beforeFile, afterFile] = positional;
+    if (!existsSync(beforeFile)) {
+        console.error(`  File not found: ${beforeFile}`);
+        return;
+    }
+    if (!existsSync(afterFile)) {
+        console.error(`  File not found: ${afterFile}`);
+        return;
+    }
+    let beforeContent, afterContent;
+    try {
+        beforeContent = readFileSync(beforeFile, "utf-8");
+    }
+    catch {
+        console.error(`  Cannot read: ${beforeFile}`);
+        return;
+    }
+    try {
+        afterContent = readFileSync(afterFile, "utf-8");
+    }
+    catch {
+        console.error(`  Cannot read: ${afterFile}`);
+        return;
+    }
+    const beforeAnalysis = analyzePerformance(beforeContent);
+    const afterAnalysis = analyzePerformance(afterContent);
+    const metrics = compareAnalyses(beforeAnalysis, afterAnalysis);
+    const regressions = metrics.filter((m) => m.verdict === "regressed");
+    const improvements = metrics.filter((m) => m.verdict === "improved");
+    if (format === "json") {
+        console.log(JSON.stringify({
+            before: { file: beforeFile, analysis: beforeAnalysis },
+            after: { file: afterFile, analysis: afterAnalysis },
+            metrics,
+            summary: {
+                regressions: regressions.length,
+                improvements: improvements.length,
+                unchanged: metrics.filter((m) => m.verdict === "unchanged").length,
+            },
+            timestamp: new Date().toISOString(),
+        }, null, 2));
+    }
+    else {
+        console.log(`\n  Performance Comparison`);
+        console.log(`  Before: ${beforeFile} (${beforeAnalysis.bigOEstimate})`);
+        console.log(`  After:  ${afterFile} (${afterAnalysis.bigOEstimate})\n  ──────────────────────────`);
+        console.log(`\n    ${"Metric".padEnd(30)} ${"Before".padEnd(8)} ${"After".padEnd(8)} ${"Delta".padEnd(8)} Verdict`);
+        console.log(`    ${"─".repeat(70)}`);
+        for (const m of metrics) {
+            const icon = m.verdict === "improved" ? "✅" : m.verdict === "regressed" ? "❌" : "➖";
+            const deltaStr = m.delta > 0 ? `+${m.delta}` : String(m.delta);
+            const detail = m.detail ? ` (${m.detail})` : "";
+            console.log(`    ${m.name.padEnd(30)} ${String(m.before).padEnd(8)} ${String(m.after).padEnd(8)} ${deltaStr.padEnd(8)} ${icon}${detail}`);
+        }
+        console.log(`\n    Summary: ${improvements.length} improved, ${regressions.length} regressed, ${metrics.length - improvements.length - regressions.length} unchanged`);
+        if (regressions.length > 0) {
+            console.log(`\n    ⚠️  Performance regressions detected:`);
+            for (const r of regressions) {
+                console.log(`      • ${r.name}: ${r.before} → ${r.after}${r.severity ? ` [${r.severity}]` : ""}${r.detail ? ` (${r.detail})` : ""}`);
+            }
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=perf-compare.js.map

package/dist/commands/perf-compare.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"perf-compare.js","sourceRoot":"","sources":["../../src/commands/perf-compare.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AA2B9C,+EAA+E;AAE/E,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,aAAa;IACb,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,yDAAyD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACjH,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,CAAC;YACZ,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QACtD,CAAC;QACD,iCAAiC;QACjC,MAAM,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC9C,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAC/C,IAAI,MAAM,GAAG,KAAK,IAAI,YAAY,GAAG,CAAC;YAAE,YAAY,EAAE,CAAC;IACzD,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,WAAW,EAAE,CAAC;QAC5C,IAAI,uDAAuD,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAAE,WAAW,EAAE,CAAC;IAC/F,CAAC;IAED,sBAAsB;IACtB,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,gBAAgB;QAChB,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,YAAY,GAAG,CAAC;YAAE,iBAAiB,EAAE,CAAC;QACxE,2CAA2C;QAC3C,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,iBAAiB,EAAE,CAAC;IACjG,CAAC;IAED,kBAAkB;IAClB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,mFAAmF,CAAC,CAAC;QAChH,IAAI,OAAO;YAAE,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;YACzB,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;gBACvF,IAAI,KAAK,IAAI,KAAK,KAAK,IAAI;oBAAE,cAAc,EAAE,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,iCAAiC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,UAAU,EAAE,CAAC;IACjE,CAAC;IAED,gCAAgC;IAChC,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,YAAY,EAAE,CAAC;IAC1D,CAAC;IAED,mBAAmB;IACnB,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,aAAa,EAAE,CAAC;YAChB,IAAI,aAAa,IAAI,CAAC;gBAAE,eAAe,EAAE,CAAC;QAC5C,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,aAAa,GAAG,CAAC;YAAE,aAAa,EAAE,CAAC;IAChE,CAAC;IAED,iBAAiB;IACjB,IAAI,IAAI,GAAG,MAAM,CAAC;IAClB,IAAI,YAAY,IAAI,CAAC;QAAE,IAAI,GAAG,QAAQ,CAAC;SAClC,IAAI,YAAY,KAAK,CAAC;QAAE,IAAI,GAAG,OAAO,CAAC;SACvC,IAAI,cAAc,GAAG,CAAC,IAAI,YAAY,GAAG,CAAC;QAAE,IAAI,GAAG,YAAY,CAAC;SAChE,IAAI,SAAS,KAAK,CAAC;QAAE,IAAI,GAAG,MAAM,CAAC;IAExC,OAAO;QACL,SAAS,EAAE,YAAY;QACvB,SAAS;QACT,WAAW;QACX,iBAAiB;QACjB,cAAc;QACd,UAAU;QACV,YAAY;QACZ,eAAe;QACf,YAAY,EAAE,IAAI;QAClB,SAAS,EAAE,KAAK,CAAC,MAAM;KACxB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,MAAoB,EAAE,KAAmB;IAChE,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,SAAS,GAAG,CAAC,IAAY,EAAE,CAAS,EAAE,CAAS,EAAE,aAAsB,EAAE,QAAgC;QACvG,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,IAAI,OAAO,GAA0B,WAAW,CAAC;QACjD,IAAI,KAAK,KAAK,CAAC;YAAE,OAAO,GAAG,KAAK,GAAG,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,CAAC;YACT,KAAK,EAAE,CAAC;YACR,KAAK;YACL,OAAO;YACP,QAAQ,EAAE,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;SACzD,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACrE,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC1E,GAAG,CAAC,qBAAqB,EAAE,MAAM,CAAC,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5F,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACpF,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC1E,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACnF,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,eAAe,EAAE,KAAK,CAAC,eAAe,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACvF,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAErE,eAAe;IACf,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACjD,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC;QACX,IAAI,EAAE,wBAAwB;QAC9B,MAAM,EAAE,IAAI;QACZ,KAAK,EAAE,IAAI;QACX,KAAK,EAAE,IAAI,GAAG,IAAI;QAClB,OAAO,EAAE,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW;QAC3E,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,YAAY,MAAM,KAAK,CAAC,YAAY,EAAE;KACzD,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAEnH,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAED,MAAM,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,UAAU,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,qBAAqB,UAAU,EAAE,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,qBAAqB,SAAS,EAAE,CAAC,CAAC;QAChD,OAAO;IACT,CAAC;IAED,IAAI,aAAqB,EAAE,YAAoB,CAAC;IAChD,IAAI,CAAC;QACH,aAAa,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,kBAAkB,UAAU,EAAE,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IACD,IAAI,CAAC;QACH,YAAY,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,kBAAkB,SAAS,EAAE,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,MAAM,cAAc,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,eAAe,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;IAE/D,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;IACrE,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC;IAErE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,MAAM,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE;YACtD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE;YACnD,OAAO;YACP,OAAO,EAAE;gBACP,WAAW,EAAE,WAAW,CAAC,MAAM;gBAC/B,YAAY,EAAE,YAAY,CAAC,MAAM;gBACjC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC,MAAM;aACnE;YACD,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,KAAK,cAAc,CAAC,YAAY,GAAG,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,aAAa,SAAS,KAAK,aAAa,CAAC,YAAY,iCAAiC,CAAC,CAAC;QAEpG,OAAO,CAAC,GAAG,CAAC,SAAS,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACpH,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QAErC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACpF,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,OAAO,CAAC,GAAG,CACT,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,GAAG,MAAM,EAAE,CAC7H,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,GAAG,CACT,kBAAkB,YAAY,CAAC,MAAM,cAAc,WAAW,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,YAAY,CAC1J,CAAC;QAEF,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAC3D,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;gBAC5B,OAAO,CAAC,GAAG,CACT,WAAW,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,MAAM,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACxH,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/pii-scan.d.ts

@@ -0,0 +1,8 @@
+/**
+ * PII scan — detect personally-identifiable information patterns
+ * in source code: string literals, logs, config files.
+ *
+ * All analysis local.
+ */
+export declare function runPiiScan(argv: string[]): void;
+//# sourceMappingURL=pii-scan.d.ts.map

package/dist/commands/pii-scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-scan.d.ts","sourceRoot":"","sources":["../../src/commands/pii-scan.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAuNH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAsH/C"}