@kevinrabun/judges 3.57.0 → 3.59.0

package/dist/commands/encoding-safety.js

@@ -0,0 +1,276 @@
+/**
+ * Encoding safety — detect encoding mismatches, unsafe deserialization, and injection risks.
+ */
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join, extname } from "path";
+// ─── File Collection ────────────────────────────────────────────────────────
+const CODE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx", ".py", ".java", ".go", ".rs"]);
+function collectFiles(dir, max = 300) {
+    const files = [];
+    function walk(d) {
+        if (files.length >= max)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (files.length >= max)
+                return;
+            if (e.startsWith(".") || e === "node_modules" || e === "dist" || e === "build")
+                continue;
+            const full = join(d, e);
+            try {
+                if (statSync(full).isDirectory())
+                    walk(full);
+                else if (CODE_EXTS.has(extname(full)))
+                    files.push(full);
+            }
+            catch {
+                /* skip */
+            }
+        }
+    }
+    walk(dir);
+    return files;
+}
+// ─── Analysis ───────────────────────────────────────────────────────────────
+function analyzeFile(filepath) {
+    const issues = [];
+    let content;
+    try {
+        content = readFileSync(filepath, "utf-8");
+    }
+    catch {
+        return issues;
+    }
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // eval() on dynamic input
+        if (/\beval\s*\(/.test(line)) {
+            if (!/eslint-disable|\/\/\s*safe|test|spec|fixture/i.test(line) && !/test|spec|fixture/i.test(filepath)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "eval() usage",
+                    severity: "high",
+                    detail: "eval() executes arbitrary code — use JSON.parse, Function(), or AST-based alternatives",
+                });
+            }
+        }
+        // Python pickle.loads / marshal.loads
+        if (/pickle\.loads?\s*\(|marshal\.loads?\s*\(|yaml\.load\s*\(/i.test(line)) {
+            const block = lines.slice(i, Math.min(i + 3, lines.length)).join("\n");
+            if (!/safe_load|SafeLoader/i.test(block)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Unsafe deserialization",
+                    severity: "high",
+                    detail: "pickle/marshal/yaml.load can execute arbitrary code — use safe alternatives",
+                });
+            }
+        }
+        // Template literal interpolation into structured formats
+        if (/`[^`]*\$\{/.test(line)) {
+            if (/SELECT|INSERT|UPDATE|DELETE|FROM|WHERE/i.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "SQL interpolation via template literal",
+                    severity: "high",
+                    detail: "Variable interpolated into SQL string — use parameterized queries",
+                });
+            }
+            if (/<\w+[^>]*>/.test(line) && /\$\{/.test(line)) {
+                if (!/sanitize|escape|encode|DOMPurify|xss/i.test(line)) {
+                    issues.push({
+                        file: filepath,
+                        line: i + 1,
+                        issue: "HTML interpolation without escaping",
+                        severity: "high",
+                        detail: "Variable interpolated into HTML — sanitize to prevent XSS",
+                    });
+                }
+            }
+        }
+        // String concatenation into XML/JSON
+        if (/['"]<\?xml|['"]<\w+/.test(line) && /\+\s*\w+/.test(line)) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "String concatenation into XML",
+                severity: "medium",
+                detail: "Building XML via string concatenation — use a builder/serializer to prevent injection",
+            });
+        }
+        // Base64 decode without validation
+        if (/atob\s*\(|Buffer\.from\s*\([^,]+,\s*['"]base64['"]|base64\.b64decode/i.test(line)) {
+            const block = lines.slice(i, Math.min(i + 5, lines.length)).join("\n");
+            if (!/try|catch|validate|verify|check|schema/i.test(block)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Base64 decode without validation",
+                    severity: "medium",
+                    detail: "Decoding Base64 without try/catch — malformed input causes runtime errors",
+                });
+            }
+        }
+        // Mixed encoding (readFile without specifying encoding)
+        if (/readFile(?:Sync)?\s*\(\s*\w+\s*\)/.test(line)) {
+            if (!/utf-8|utf8|encoding|binary|buffer/i.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "File read without encoding specification",
+                    severity: "low",
+                    detail: "readFile without encoding returns Buffer — specify 'utf-8' for text processing",
+                });
+            }
+        }
+        // URL encoding/decoding asymmetry
+        if (/encodeURI\s*\(/.test(line) && !line.includes("encodeURIComponent")) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "encodeURI vs encodeURIComponent",
+                severity: "medium",
+                detail: "encodeURI doesn't encode /:@!$&'()*+,;= — use encodeURIComponent for query values",
+            });
+        }
+        // JSON.stringify in URL without encoding
+        if (/JSON\.stringify/.test(line) && /url|href|src|query|param/i.test(line)) {
+            if (!/encodeURI|encodeURIComponent|URLSearchParams/i.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "JSON in URL without encoding",
+                    severity: "medium",
+                    detail: "JSON placed in URL without encoding — special characters will break the URL",
+                });
+            }
+        }
+        // innerHTML / dangerouslySetInnerHTML
+        if (/\.innerHTML\s*=|dangerouslySetInnerHTML/i.test(line)) {
+            const block = lines.slice(Math.max(0, i - 2), Math.min(i + 2, lines.length)).join("\n");
+            if (!/sanitize|DOMPurify|escape|encode|trusted|xss/i.test(block)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "innerHTML without sanitization",
+                    severity: "high",
+                    detail: "Setting innerHTML without sanitization — XSS vulnerability",
+                });
+            }
+        }
+        // document.write
+        if (/document\.write\s*\(/.test(line)) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "document.write usage",
+                severity: "medium",
+                detail: "document.write can be exploited for DOM-based XSS — use DOM APIs instead",
+            });
+        }
+        // RegExp constructor with unsanitized input
+        if (/new\s+RegExp\s*\(\s*\w+/.test(line)) {
+            if (!/escape|sanitize|quote|literal/i.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "RegExp from variable without escaping",
+                    severity: "medium",
+                    detail: "Dynamic RegExp without escaping special characters — ReDoS or unexpected matching risk",
+                });
+            }
+        }
+        // Deserialization: BinaryFormatter, ObjectInputStream
+        if (/BinaryFormatter|ObjectInputStream|Serializable.*readObject|unserialize\s*\(/i.test(line)) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "Unsafe binary deserialization",
+                severity: "high",
+                detail: "Binary deserialization of untrusted data can execute arbitrary code",
+            });
+        }
+        // Content-Type mismatch
+        if (/setHeader\s*\(\s*['"]Content-Type['"]\s*,/.test(line)) {
+            if (/text\/plain/i.test(line)) {
+                const block = lines.slice(i, Math.min(i + 5, lines.length)).join("\n");
+                if (/JSON\.stringify|\.json\s*\(/.test(block)) {
+                    issues.push({
+                        file: filepath,
+                        line: i + 1,
+                        issue: "Content-Type mismatch",
+                        severity: "medium",
+                        detail: "Content-Type set to text/plain but sending JSON — clients may misinterpret the response",
+                    });
+                }
+            }
+        }
+    }
+    return issues;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runEncodingSafety(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges encoding-safety — Detect encoding mismatches, injection, and unsafe deserialization
+
+Usage:
+  judges encoding-safety [dir]
+  judges encoding-safety src/ --format json
+
+Options:
+  [dir]                 Directory to scan (default: .)
+  --format json         JSON output
+  --help, -h            Show this help
+
+Checks: eval(), unsafe deserialization (pickle, marshal, yaml.load), SQL/HTML/XML interpolation,
+Base64 validation, encoding asymmetry, innerHTML XSS, RegExp injection, Content-Type mismatch.
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const dir = argv.find((a) => !a.startsWith("-") && argv.indexOf(a) > 0) || ".";
+    const files = collectFiles(dir);
+    const allIssues = [];
+    for (const f of files)
+        allIssues.push(...analyzeFile(f));
+    const highCount = allIssues.filter((i) => i.severity === "high").length;
+    const medCount = allIssues.filter((i) => i.severity === "medium").length;
+    const score = Math.max(0, 100 - highCount * 10 - medCount * 4);
+    if (format === "json") {
+        console.log(JSON.stringify({
+            issues: allIssues,
+            score,
+            summary: { high: highCount, medium: medCount, total: allIssues.length },
+            timestamp: new Date().toISOString(),
+        }, null, 2));
+    }
+    else {
+        const badge = score >= 80 ? "✅ SAFE" : score >= 50 ? "⚠️  RISKY" : "❌ DANGEROUS";
+        console.log(`\n  Encoding Safety: ${badge} (${score}/100)\n  ─────────────────────────────`);
+        if (allIssues.length === 0) {
+            console.log("    No encoding safety issues detected.\n");
+            return;
+        }
+        for (const issue of allIssues.slice(0, 25)) {
+            const icon = issue.severity === "high" ? "🔴" : issue.severity === "medium" ? "🟡" : "🔵";
+            console.log(`    ${icon} ${issue.issue}`);
+            console.log(`        ${issue.file}:${issue.line}`);
+            console.log(`        ${issue.detail}`);
+        }
+        if (allIssues.length > 25)
+            console.log(`    ... and ${allIssues.length - 25} more`);
+        console.log(`\n    Total: ${allIssues.length} | High: ${highCount} | Medium: ${medCount} | Score: ${score}/100\n`);
+    }
+}
+//# sourceMappingURL=encoding-safety.js.map

package/dist/commands/encoding-safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoding-safety.js","sourceRoot":"","sources":["../../src/commands/encoding-safety.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAYrC,+EAA+E;AAE/E,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAExF,SAAS,YAAY,CAAC,GAAW,EAAE,GAAG,GAAG,GAAG;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO;QAChC,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;gBAAE,OAAO;YAChC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,cAAc,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO;gBAAE,SAAS;YACzF,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxB,IAAI,CAAC;gBACH,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;qBACxC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU;YACZ,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,SAAS,WAAW,CAAC,QAAgB;IACnC,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,0BAA0B;QAC1B,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxG,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,cAAc;oBACrB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,wFAAwF;iBACjG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,2DAA2D,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3E,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,wBAAwB;oBAC/B,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,6EAA6E;iBACtF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yDAAyD;QACzD,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,IAAI,yCAAyC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,wCAAwC;oBAC/C,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,mEAAmE;iBAC5E,CAAC,CAAC;YACL,CAAC;YACD,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,IAAI,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,qCAAqC;wBAC5C,QAAQ,EAAE,MAAM;wBAChB,MAAM,EAAE,2DAA2D;qBACpE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9D,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,+BAA+B;gBACtC,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,uFAAuF;aAChG,CAAC,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,IAAI,uEAAuE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvE,IAAI,CAAC,yCAAyC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC3D,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,kCAAkC;oBACzC,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,2EAA2E;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wDAAwD;QACxD,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,IAAI,CAAC,oCAAoC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,0CAA0C;oBACjD,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,gFAAgF;iBACzF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACxE,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,iCAAiC;gBACxC,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,mFAAmF;aAC5F,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,2BAA2B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3E,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,8BAA8B;oBACrC,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,6EAA6E;iBACtF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,0CAA0C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxF,IAAI,CAAC,+CAA+C,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,gCAAgC;oBACvC,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,4DAA4D;iBACrE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,IAAI,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,sBAAsB;gBAC7B,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,0EAA0E;aACnF,CAAC,CAAC;QACL,CAAC;QAED,4CAA4C;QAC5C,IAAI,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,gCAAgC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,uCAAuC;oBAC9C,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,wFAAwF;iBACjG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sDAAsD;QACtD,IAAI,8EAA8E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9F,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,+BAA+B;gBACtC,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,qEAAqE;aAC9E,CAAC,CAAC;QACL,CAAC;QAED,wBAAwB;QACxB,IAAI,2CAA2C,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3D,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACvE,IAAI,6BAA6B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC9C,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,uBAAuB;wBAC9B,QAAQ,EAAE,QAAQ;wBAClB,MAAM,EAAE,yFAAyF;qBAClG,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;CAcf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;IAE/E,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAoB,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,SAAS,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,SAAS,GAAG,EAAE,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC;IAE/D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,MAAM,EAAE,SAAS;YACjB,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE;YACvE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC;QACjF,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,KAAK,KAAK,wCAAwC,CAAC,CAAC;QAE7F,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QAEpF,OAAO,CAAC,GAAG,CAAC,gBAAgB,SAAS,CAAC,MAAM,YAAY,SAAS,cAAc,QAAQ,aAAa,KAAK,QAAQ,CAAC,CAAC;IACrH,CAAC;AACH,CAAC"}

package/dist/commands/example-leak.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Example leak — detect AI-copied example/placeholder code left in production.
+ */
+export declare function runExampleLeak(argv: string[]): void;
+//# sourceMappingURL=example-leak.d.ts.map

package/dist/commands/example-leak.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"example-leak.d.ts","sourceRoot":"","sources":["../../src/commands/example-leak.ts"],"names":[],"mappings":"AAAA;;GAEG;AA6MH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA4DnD"}

package/dist/commands/example-leak.js

@@ -0,0 +1,233 @@
+/**
+ * Example leak — detect AI-copied example/placeholder code left in production.
+ */
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join, extname } from "path";
+// ─── File Collection ────────────────────────────────────────────────────────
+const CODE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx", ".py", ".java", ".go", ".rs", ".cs", ".rb"]);
+function collectFiles(dir, max = 300) {
+    const files = [];
+    function walk(d) {
+        if (files.length >= max)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (files.length >= max)
+                return;
+            if (e.startsWith(".") || e === "node_modules" || e === "dist" || e === "build")
+                continue;
+            const full = join(d, e);
+            try {
+                if (statSync(full).isDirectory())
+                    walk(full);
+                else if (CODE_EXTS.has(extname(full)))
+                    files.push(full);
+            }
+            catch {
+                /* skip */
+            }
+        }
+    }
+    walk(dir);
+    return files;
+}
+// ─── Analysis ───────────────────────────────────────────────────────────────
+const PLACEHOLDER_URLS = [
+    /https?:\/\/(?:example\.com|localhost:\d+|127\.0\.0\.1:\d+|httpbin\.org|jsonplaceholder\.typicode\.com|reqres\.in|api\.example)/i,
+];
+const PLACEHOLDER_SECRETS = [
+    /['"](?:sk-[a-zA-Z0-9]{20,}|your[-_]?api[-_]?key|REPLACE[-_]?ME|changeme|password123|secret123|test[-_]?secret|my[-_]?secret|dummy[-_]?key|placeholder)['"]/,
+];
+const EXAMPLE_NAMES = [
+    /(?:class|function|const|let|var)\s+(?:MyApp|MyComponent|Example\w*|Demo\w*|HelloWorld|SampleApp|TestApp|FooBar|Foo|Bar|Baz|Qux)\b/,
+];
+const EXAMPLE_DATA = [
+    /['"](?:John Doe|Jane Doe|john@example\.com|jane@example\.com|foo@bar\.com|test@test\.com|user@example\.com|123 Main St|Acme Corp|Lorem ipsum|Alice|Bob)['"]/i,
+];
+const TUTORIAL_MARKERS = [
+    /\/\/\s*(?:Step \d|TODO:?\s*replace|FIXME:?\s*placeholder|HACK:?\s*example|NOTE:?\s*this is (?:a |an )?(?:example|demo|sample|placeholder))/i,
+    /#\s*(?:Step \d|TODO:?\s*replace|FIXME:?\s*placeholder)/i,
+];
+const HARDCODED_PORTS = [/(?:PORT|port)\s*[:=]\s*(?:3000|8080|8000|5000|4200|9090)\b/];
+function analyzeFile(filepath) {
+    const issues = [];
+    let content;
+    try {
+        content = readFileSync(filepath, "utf-8");
+    }
+    catch {
+        return issues;
+    }
+    // Skip test/fixture/example files
+    if (/(?:test|spec|fixture|example|demo|sample|mock|stub|__test__|__spec__)/i.test(filepath))
+        return issues;
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Placeholder URLs
+        for (const pattern of PLACEHOLDER_URLS) {
+            if (pattern.test(line)) {
+                const url = line.match(pattern)?.[0];
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Placeholder URL in non-test code",
+                    severity: "high",
+                    detail: `\`${url}\` is an example/localhost URL — replace with actual endpoint`,
+                });
+                break;
+            }
+        }
+        // Placeholder secrets
+        for (const pattern of PLACEHOLDER_SECRETS) {
+            if (pattern.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Placeholder secret/key value",
+                    severity: "high",
+                    detail: "Example API key or placeholder secret found — replace with env variable or secret manager",
+                });
+                break;
+            }
+        }
+        // Example class/function names
+        for (const pattern of EXAMPLE_NAMES) {
+            if (pattern.test(line)) {
+                const name = line.match(/(?:class|function|const|let|var)\s+((?:Example|Demo|HelloWorld|Sample|Test|FooBar|Foo|Bar|Baz|Qux)\w*)/)?.[1];
+                if (name) {
+                    issues.push({
+                        file: filepath,
+                        line: i + 1,
+                        issue: "Example/placeholder name in production",
+                        severity: "medium",
+                        detail: `\`${name}\` looks like tutorial code — rename to something domain-specific`,
+                    });
+                }
+                break;
+            }
+        }
+        // Example data
+        for (const pattern of EXAMPLE_DATA) {
+            if (pattern.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Example data in non-test code",
+                    severity: "medium",
+                    detail: "Placeholder data (John Doe, example.com, etc.) left in production code",
+                });
+                break;
+            }
+        }
+        // Tutorial markers
+        for (const pattern of TUTORIAL_MARKERS) {
+            if (pattern.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Tutorial comment marker",
+                    severity: "low",
+                    detail: "Comment from tutorial/example code — indicates AI-copied scaffold",
+                });
+                break;
+            }
+        }
+        // Hardcoded ports
+        for (const pattern of HARDCODED_PORTS) {
+            if (pattern.test(line) && !/process\.env|ENV|config/i.test(line)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Hardcoded default port",
+                    severity: "low",
+                    detail: "Port hardcoded to common default — should come from config or env",
+                });
+                break;
+            }
+        }
+        // console.log with example text
+        if (/console\.log\s*\(\s*['"](?:Hello|Hi|Welcome|It works|Success|TODO|Test)\b/.test(line)) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "Example console.log",
+                severity: "low",
+                detail: "Generic log message from tutorial — remove or replace with structured logging",
+            });
+        }
+        // Empty function bodies that look like stubs
+        if (/(?:function|=>)\s*\{[\s]*\}/.test(line) && !/test|spec|mock|stub|noop|placeholder/i.test(line)) {
+            issues.push({
+                file: filepath,
+                line: i + 1,
+                issue: "Empty function stub",
+                severity: "medium",
+                detail: "Function with empty body — may be unfinished AI-generated scaffold",
+            });
+        }
+    }
+    return issues;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runExampleLeak(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges example-leak — Detect AI-copied example/placeholder code left in production
+
+Usage:
+  judges example-leak [dir]
+  judges example-leak src/ --format json
+
+Options:
+  [dir]                 Directory to scan (default: .)
+  --format json         JSON output
+  --help, -h            Show this help
+
+Checks: placeholder URLs, example API keys, tutorial names, example data (John Doe, Lorem ipsum),
+tutorial comments, hardcoded ports, example console.log messages, empty function stubs.
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const dir = argv.find((a) => !a.startsWith("-") && argv.indexOf(a) > 0) || ".";
+    const files = collectFiles(dir);
+    const allIssues = [];
+    for (const f of files)
+        allIssues.push(...analyzeFile(f));
+    const highCount = allIssues.filter((i) => i.severity === "high").length;
+    const medCount = allIssues.filter((i) => i.severity === "medium").length;
+    const score = Math.max(0, 100 - highCount * 12 - medCount * 4);
+    if (format === "json") {
+        console.log(JSON.stringify({
+            issues: allIssues,
+            score,
+            summary: { high: highCount, medium: medCount, total: allIssues.length },
+            timestamp: new Date().toISOString(),
+        }, null, 2));
+    }
+    else {
+        const badge = score >= 80 ? "✅ CLEAN" : score >= 50 ? "⚠️  LEAKING" : "❌ EXAMPLE CODE";
+        console.log(`\n  Example Leak: ${badge} (${score}/100)\n  ─────────────────────────────`);
+        if (allIssues.length === 0) {
+            console.log("    No example/placeholder code detected.\n");
+            return;
+        }
+        for (const issue of allIssues.slice(0, 25)) {
+            const icon = issue.severity === "high" ? "🔴" : issue.severity === "medium" ? "🟡" : "🔵";
+            console.log(`    ${icon} ${issue.issue}`);
+            console.log(`        ${issue.file}:${issue.line}`);
+            console.log(`        ${issue.detail}`);
+        }
+        if (allIssues.length > 25)
+            console.log(`    ... and ${allIssues.length - 25} more`);
+        console.log(`\n    Total: ${allIssues.length} | High: ${highCount} | Medium: ${medCount} | Score: ${score}/100\n`);
+    }
+}
+//# sourceMappingURL=example-leak.js.map

package/dist/commands/example-leak.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"example-leak.js","sourceRoot":"","sources":["../../src/commands/example-leak.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAYrC,+EAA+E;AAE/E,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEtG,SAAS,YAAY,CAAC,GAAW,EAAE,GAAG,GAAG,GAAG;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO;QAChC,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;gBAAE,OAAO;YAChC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,cAAc,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO;gBAAE,SAAS;YACzF,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxB,IAAI,CAAC;gBACH,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;qBACxC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU;YACZ,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG;IACvB,iIAAiI;CAClI,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,4JAA4J;CAC7J,CAAC;AAEF,MAAM,aAAa,GAAG;IACpB,mIAAmI;CACpI,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,8JAA8J;CAC/J,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,6IAA6I;IAC7I,yDAAyD;CAC1D,CAAC;AAEF,MAAM,eAAe,GAAG,CAAC,4DAA4D,CAAC,CAAC;AAEvF,SAAS,WAAW,CAAC,QAAgB;IACnC,MAAM,MAAM,GAAmB,EAAE,CAAC;IAClC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kCAAkC;IAClC,IAAI,wEAAwE,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,MAAM,CAAC;IAE3G,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,mBAAmB;QACnB,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;gBACrC,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,kCAAkC;oBACzC,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,KAAK,GAAG,+DAA+D;iBAChF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,8BAA8B;oBACrC,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE,2FAA2F;iBACpG,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,OAAO,IAAI,aAAa,EAAE,CAAC;YACpC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CACrB,wGAAwG,CACzG,EAAE,CAAC,CAAC,CAAC,CAAC;gBACP,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,wCAAwC;wBAC/C,QAAQ,EAAE,QAAQ;wBAClB,MAAM,EAAE,KAAK,IAAI,mEAAmE;qBACrF,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;QACH,CAAC;QAED,eAAe;QACf,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,+BAA+B;oBACtC,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,wEAAwE;iBACjF,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,yBAAyB;oBAChC,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,mEAAmE;iBAC5E,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,wBAAwB;oBAC/B,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,mEAAmE;iBAC5E,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,2EAA2E,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,qBAAqB;gBAC5B,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,+EAA+E;aACxF,CAAC,CAAC;QACL,CAAC;QAED,6CAA6C;QAC7C,IAAI,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,CAAC;gBACX,KAAK,EAAE,qBAAqB;gBAC5B,QAAQ,EAAE,QAAQ;gBAClB,MAAM,EAAE,oEAAoE;aAC7E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;CAcf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;IAE/E,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAmB,EAAE,CAAC;IACrC,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,SAAS,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAEzD,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,SAAS,GAAG,EAAE,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC;IAE/D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,MAAM,EAAE,SAAS;YACjB,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE;YACvE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,gBAAgB,CAAC;QACvF,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,KAAK,KAAK,wCAAwC,CAAC,CAAC;QAC1F,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QACpF,OAAO,CAAC,GAAG,CAAC,gBAAgB,SAAS,CAAC,MAAM,YAAY,SAAS,cAAc,QAAQ,aAAa,KAAK,QAAQ,CAAC,CAAC;IACrH,CAAC;AACH,CAAC"}

package/dist/commands/input-guard.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Input guard — verify all system entry points have proper input validation.
+ */
+export declare function runInputGuard(argv: string[]): void;
+//# sourceMappingURL=input-guard.d.ts.map

package/dist/commands/input-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"input-guard.d.ts","sourceRoot":"","sources":["../../src/commands/input-guard.ts"],"names":[],"mappings":"AAAA;;GAEG;AAwOH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA+DlD"}