@kevinrabun/judges 3.59.0 → 3.61.0

package/dist/commands/hallucination-detect.js

@@ -0,0 +1,351 @@
+/**
+ * Hallucination detect — find fabricated API calls, non-existent methods, and invented config options.
+ */
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join, extname, resolve } from "path";
+// ─── File Collection ────────────────────────────────────────────────────────
+const CODE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx"]);
+function collectFiles(dir, max = 300) {
+    const files = [];
+    function walk(d) {
+        if (files.length >= max)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (files.length >= max)
+                return;
+            if (e.startsWith(".") || e === "node_modules" || e === "dist" || e === "build")
+                continue;
+            const full = join(d, e);
+            try {
+                if (statSync(full).isDirectory())
+                    walk(full);
+                else if (CODE_EXTS.has(extname(full)))
+                    files.push(full);
+            }
+            catch {
+                /* skip */
+            }
+        }
+    }
+    walk(dir);
+    return files;
+}
+// ─── Known API Databases ────────────────────────────────────────────────────
+const DEPRECATED_NODE_APIS = {
+    "url.parse": "new URL()",
+    "new Buffer(": "Buffer.from() or Buffer.alloc()",
+    "fs.exists(": "fs.existsSync() or fs.access()",
+    "path.existsSync": "fs.existsSync()",
+    "crypto.createCipher(": "crypto.createCipheriv()",
+    "crypto.createDecipher(": "crypto.createDecipheriv()",
+    "os.tmpDir()": "os.tmpdir()",
+    "util.puts": "console.log",
+    "util.print": "console.log",
+    "sys.puts": "console.log",
+};
+const NONEXISTENT_METHODS = [
+    { pattern: /Array\.flatten\b/, message: "Array.flatten doesn't exist — use Array.prototype.flat()" },
+    { pattern: /Array\.contains\b/, message: "Array.contains doesn't exist — use Array.prototype.includes()" },
+    { pattern: /String\.contains\b/, message: "String.contains doesn't exist — use String.prototype.includes()" },
+    { pattern: /Object\.length\b/, message: "Object.length doesn't exist — use Object.keys().length" },
+    {
+        pattern: /\.size\(\)/,
+        message: ".size() is not a method — use .size (property) for Map/Set or .length for arrays",
+    },
+    {
+        pattern: /Promise\.delay\b/,
+        message: "Promise.delay doesn't exist in native Promise — use setTimeout wrapper or Bluebird",
+    },
+    { pattern: /JSON\.tryParse\b/, message: "JSON.tryParse doesn't exist — wrap JSON.parse in try/catch" },
+    {
+        pattern: /Array\.from\(\s*\{length:\s*\d+\}\s*,\s*\(\s*_\s*,\s*i\s*\)\s*=>\s*i\s*\)/,
+        message: "Consider Array.from({length: N}, (_, i) => i) — correct but verbose; for simple ranges consider other approaches",
+    },
+    { pattern: /console\.debug\b/, message: "" }, // console.debug exists, don't flag
+    { pattern: /Math\.clamp\b/, message: "Math.clamp doesn't exist — use Math.min(Math.max(value, min), max)" },
+    { pattern: /Object\.isEmpty\b/, message: "Object.isEmpty doesn't exist — use Object.keys(obj).length === 0" },
+    { pattern: /String\.reverse\b/, message: "String.reverse doesn't exist — use .split('').reverse().join('')" },
+    { pattern: /Array\.unique\b/, message: "Array.unique doesn't exist — use [...new Set(array)]" },
+    { pattern: /\.replaceAll\b/, message: "" }, // replaceAll exists in ES2021+, don't flag
+];
+// ─── Analysis ───────────────────────────────────────────────────────────────
+function analyzeFile(filepath, projectDir) {
+    const issues = [];
+    let content;
+    try {
+        content = readFileSync(filepath, "utf-8");
+    }
+    catch {
+        return issues;
+    }
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Check deprecated Node.js APIs
+        for (const [api, replacement] of Object.entries(DEPRECATED_NODE_APIS)) {
+            if (line.includes(api)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: `Deprecated API: ${api}`,
+                    severity: "medium",
+                    detail: `\`${api}\` is deprecated — use \`${replacement}\` instead`,
+                });
+            }
+        }
+        // Check non-existent methods
+        for (const { pattern, message } of NONEXISTENT_METHODS) {
+            if (message && pattern.test(line)) {
+                issues.push({ file: filepath, line: i + 1, issue: "Non-existent API call", severity: "high", detail: message });
+            }
+        }
+        // Check for fabricated Node.js module methods
+        if (/require\s*\(\s*['"]fs['"]\s*\)\.(\w+)/.test(line) || /from\s+['"]fs['"]/.test(line)) {
+            const methodMatch = line.match(/fs\.(\w+)\s*\(/g);
+            if (methodMatch) {
+                const knownFs = new Set([
+                    "readFile",
+                    "readFileSync",
+                    "writeFile",
+                    "writeFileSync",
+                    "readdir",
+                    "readdirSync",
+                    "stat",
+                    "statSync",
+                    "lstat",
+                    "lstatSync",
+                    "mkdir",
+                    "mkdirSync",
+                    "rmdir",
+                    "rmdirSync",
+                    "unlink",
+                    "unlinkSync",
+                    "rename",
+                    "renameSync",
+                    "copyFile",
+                    "copyFileSync",
+                    "access",
+                    "accessSync",
+                    "existsSync",
+                    "createReadStream",
+                    "createWriteStream",
+                    "watch",
+                    "watchFile",
+                    "unwatchFile",
+                    "open",
+                    "openSync",
+                    "close",
+                    "closeSync",
+                    "read",
+                    "readSync",
+                    "write",
+                    "writeSync",
+                    "appendFile",
+                    "appendFileSync",
+                    "chmod",
+                    "chmodSync",
+                    "chown",
+                    "chownSync",
+                    "realpath",
+                    "realpathSync",
+                    "link",
+                    "linkSync",
+                    "symlink",
+                    "symlinkSync",
+                    "truncate",
+                    "truncateSync",
+                    "rm",
+                    "rmSync",
+                    "cp",
+                    "cpSync",
+                    "promises",
+                ]);
+                for (const call of methodMatch) {
+                    const method = call.match(/fs\.(\w+)/)?.[1];
+                    if (method && !knownFs.has(method)) {
+                        issues.push({
+                            file: filepath,
+                            line: i + 1,
+                            issue: "Non-existent fs method",
+                            severity: "high",
+                            detail: `\`fs.${method}\` does not exist in Node.js fs module — AI may have hallucinated this method`,
+                        });
+                    }
+                }
+            }
+        }
+        // Check for invented environment variables referenced without fallback
+        const envMatch = line.match(/process\.env\.([A-Z_]+)/g);
+        if (envMatch) {
+            for (const envRef of envMatch) {
+                const varName = envRef.replace("process.env.", "");
+                // Check if it's defined in any .env file
+                const envFiles = [".env", ".env.example", ".env.local", ".env.development"];
+                let defined = false;
+                for (const envFile of envFiles) {
+                    try {
+                        const envContent = readFileSync(join(projectDir, envFile), "utf-8");
+                        if (envContent.includes(varName)) {
+                            defined = true;
+                            break;
+                        }
+                    }
+                    catch {
+                        /* skip */
+                    }
+                }
+                if (!defined && !/\|\||[?][?]|:\s*['"]|default/i.test(line)) {
+                    issues.push({
+                        file: filepath,
+                        line: i + 1,
+                        issue: "Undeclared env variable without fallback",
+                        severity: "medium",
+                        detail: `\`${varName}\` not found in .env files and has no fallback — AI may have invented this variable`,
+                    });
+                }
+            }
+        }
+        // Check for plausible but non-existent Express/Koa/Fastify methods
+        if (/(?:app|router|server)\.(\w+)\s*\(/.test(line)) {
+            const method = line.match(/(?:app|router|server)\.(\w+)\s*\(/)?.[1];
+            const fabricated = new Set([
+                "mount",
+                "register",
+                "addRoute",
+                "define",
+                "handle",
+                "before",
+                "after",
+                "onRequest",
+                "onResponse",
+                "preHandler",
+                "postHandler",
+            ]);
+            // Only flag if we see express-like imports
+            if (method && fabricated.has(method) && /express|koa|hapi/.test(content)) {
+                issues.push({
+                    file: filepath,
+                    line: i + 1,
+                    issue: "Possibly fabricated framework method",
+                    severity: "medium",
+                    detail: `\`.${method}()\` may not exist on this framework — verify against official docs`,
+                });
+            }
+        }
+        // Type assertions to non-imported types
+        if (/\bas\s+([A-Z]\w+)/.test(line)) {
+            const typeName = line.match(/\bas\s+([A-Z]\w+)/)?.[1];
+            if (typeName &&
+                ![
+                    "HTMLElement",
+                    "Element",
+                    "Event",
+                    "Error",
+                    "Date",
+                    "RegExp",
+                    "Promise",
+                    "Array",
+                    "Map",
+                    "Set",
+                    "Record",
+                    "Partial",
+                    "Required",
+                    "Pick",
+                    "Omit",
+                    "Readonly",
+                    "Response",
+                    "Request",
+                    "Buffer",
+                    "NodeJS",
+                    "Window",
+                    "Document",
+                    "Function",
+                    "Object",
+                    "String",
+                    "Number",
+                    "Boolean",
+                    "Symbol",
+                ].includes(typeName)) {
+                // Check if it's imported or defined in this file
+                if (!content.includes(`interface ${typeName}`) &&
+                    !content.includes(`type ${typeName}`) &&
+                    !content.includes(`class ${typeName}`) &&
+                    !content.includes(`enum ${typeName}`) &&
+                    !new RegExp(`import.*\\b${typeName}\\b`).test(content)) {
+                    issues.push({
+                        file: filepath,
+                        line: i + 1,
+                        issue: "Type assertion to undefined type",
+                        severity: "medium",
+                        detail: `\`as ${typeName}\` — type is not imported or defined in this file`,
+                    });
+                }
+            }
+        }
+    }
+    return issues;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runHallucinationDetect(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges hallucination-detect — Find fabricated API calls and non-existent methods
+
+Usage:
+  judges hallucination-detect [dir]
+  judges hallucination-detect src/ --format json
+
+Options:
+  [dir]                 Directory to scan (default: .)
+  --format json         JSON output
+  --help, -h            Show this help
+
+Checks: deprecated Node APIs, non-existent JS methods, fabricated fs methods,
+undeclared env variables, fabricated framework methods, undefined type assertions.
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const dir = argv.find((a) => !a.startsWith("-") && argv.indexOf(a) > 0) || ".";
+    const projectDir = resolve(dir);
+    const files = collectFiles(dir);
+    const allIssues = [];
+    for (const f of files)
+        allIssues.push(...analyzeFile(f, projectDir));
+    const highCount = allIssues.filter((i) => i.severity === "high").length;
+    const medCount = allIssues.filter((i) => i.severity === "medium").length;
+    const score = Math.max(0, 100 - highCount * 15 - medCount * 5);
+    if (format === "json") {
+        console.log(JSON.stringify({
+            issues: allIssues,
+            score,
+            summary: { high: highCount, medium: medCount, total: allIssues.length },
+            timestamp: new Date().toISOString(),
+        }, null, 2));
+    }
+    else {
+        const badge = score >= 80 ? "✅ GROUNDED" : score >= 50 ? "⚠️  SUSPECT" : "❌ HALLUCINATING";
+        console.log(`\n  Hallucination Detect: ${badge} (${score}/100)\n  ─────────────────────────────`);
+        if (allIssues.length === 0) {
+            console.log("    No hallucinated APIs detected.\n");
+            return;
+        }
+        for (const issue of allIssues.slice(0, 25)) {
+            const icon = issue.severity === "high" ? "🔴" : issue.severity === "medium" ? "🟡" : "🔵";
+            console.log(`    ${icon} ${issue.issue}`);
+            console.log(`        ${issue.file}:${issue.line}`);
+            console.log(`        ${issue.detail}`);
+        }
+        if (allIssues.length > 25)
+            console.log(`    ... and ${allIssues.length - 25} more`);
+        console.log(`\n    Total: ${allIssues.length} | High: ${highCount} | Medium: ${medCount} | Score: ${score}/100\n`);
+    }
+}
+//# sourceMappingURL=hallucination-detect.js.map

package/dist/commands/hallucination-detect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hallucination-detect.js","sourceRoot":"","sources":["../../src/commands/hallucination-detect.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAY9C,+EAA+E;AAE/E,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AAE1D,SAAS,YAAY,CAAC,GAAW,EAAE,GAAG,GAAG,GAAG;IAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,SAAS,IAAI,CAAC,CAAS;QACrB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;YAAE,OAAO;QAChC,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,CAAC,CAAwB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;gBAAE,OAAO;YAChC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,cAAc,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,OAAO;gBAAE,SAAS;YACzF,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACxB,IAAI,CAAC;gBACH,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;qBACxC,IAAI,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU;YACZ,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAE/E,MAAM,oBAAoB,GAA2B;IACnD,WAAW,EAAE,WAAW;IACxB,aAAa,EAAE,iCAAiC;IAChD,YAAY,EAAE,gCAAgC;IAC9C,iBAAiB,EAAE,iBAAiB;IACpC,sBAAsB,EAAE,yBAAyB;IACjD,wBAAwB,EAAE,2BAA2B;IACrD,aAAa,EAAE,aAAa;IAC5B,WAAW,EAAE,aAAa;IAC1B,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE,aAAa;CAC1B,CAAC;AAEF,MAAM,mBAAmB,GAAgD;IACvE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,0DAA0D,EAAE;IACpG,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,+DAA+D,EAAE;IAC1G,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,iEAAiE,EAAE;IAC7G,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,wDAAwD,EAAE;IAClG;QACE,OAAO,EAAE,YAAY;QACrB,OAAO,EAAE,kFAAkF;KAC5F;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,OAAO,EAAE,oFAAoF;KAC9F;IACD,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,4DAA4D,EAAE;IACtG;QACE,OAAO,EAAE,2EAA2E;QACpF,OAAO,EACL,kHAAkH;KACrH;IACD,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,mCAAmC;IACjF,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oEAAoE,EAAE;IAC3G,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,kEAAkE,EAAE;IAC7G,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,kEAAkE,EAAE;IAC7G,EAAE,OAAO,EAAE,iBAAiB,EAAE,OAAO,EAAE,sDAAsD,EAAE;IAC/F,EAAE,OAAO,EAAE,gBAAgB,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,2CAA2C;CACxF,CAAC;AAEF,+EAA+E;AAE/E,SAAS,WAAW,CAAC,QAAgB,EAAE,UAAkB;IACvD,MAAM,MAAM,GAAyB,EAAE,CAAC;IACxC,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,gCAAgC;QAChC,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE,CAAC;YACtE,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,mBAAmB,GAAG,EAAE;oBAC/B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,KAAK,GAAG,4BAA4B,WAAW,YAAY;iBACpE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,mBAAmB,EAAE,CAAC;YACvD,IAAI,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YAClH,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,IAAI,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzF,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAClD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC;oBACtB,UAAU;oBACV,cAAc;oBACd,WAAW;oBACX,eAAe;oBACf,SAAS;oBACT,aAAa;oBACb,MAAM;oBACN,UAAU;oBACV,OAAO;oBACP,WAAW;oBACX,OAAO;oBACP,WAAW;oBACX,OAAO;oBACP,WAAW;oBACX,QAAQ;oBACR,YAAY;oBACZ,QAAQ;oBACR,YAAY;oBACZ,UAAU;oBACV,cAAc;oBACd,QAAQ;oBACR,YAAY;oBACZ,YAAY;oBACZ,kBAAkB;oBAClB,mBAAmB;oBACnB,OAAO;oBACP,WAAW;oBACX,aAAa;oBACb,MAAM;oBACN,UAAU;oBACV,OAAO;oBACP,WAAW;oBACX,MAAM;oBACN,UAAU;oBACV,OAAO;oBACP,WAAW;oBACX,YAAY;oBACZ,gBAAgB;oBAChB,OAAO;oBACP,WAAW;oBACX,OAAO;oBACP,WAAW;oBACX,UAAU;oBACV,cAAc;oBACd,MAAM;oBACN,UAAU;oBACV,SAAS;oBACT,aAAa;oBACb,UAAU;oBACV,cAAc;oBACd,IAAI;oBACJ,QAAQ;oBACR,IAAI;oBACJ,QAAQ;oBACR,UAAU;iBACX,CAAC,CAAC;gBACH,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;oBAC5C,IAAI,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;wBACnC,MAAM,CAAC,IAAI,CAAC;4BACV,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,KAAK,EAAE,wBAAwB;4BAC/B,QAAQ,EAAE,MAAM;4BAChB,MAAM,EAAE,QAAQ,MAAM,+EAA+E;yBACtG,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,uEAAuE;QACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;gBACnD,yCAAyC;gBACzC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE,YAAY,EAAE,kBAAkB,CAAC,CAAC;gBAC5E,IAAI,OAAO,GAAG,KAAK,CAAC;gBACpB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;oBAC/B,IAAI,CAAC;wBACH,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;wBACpE,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;4BACjC,OAAO,GAAG,IAAI,CAAC;4BACf,MAAM;wBACR,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,UAAU;oBACZ,CAAC;gBACH,CAAC;gBACD,IAAI,CAAC,OAAO,IAAI,CAAC,+BAA+B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5D,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,0CAA0C;wBACjD,QAAQ,EAAE,QAAQ;wBAClB,MAAM,EAAE,KAAK,OAAO,qFAAqF;qBAC1G,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,mEAAmE;QACnE,IAAI,mCAAmC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACpE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;gBACzB,OAAO;gBACP,UAAU;gBACV,UAAU;gBACV,QAAQ;gBACR,QAAQ;gBACR,QAAQ;gBACR,OAAO;gBACP,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,aAAa;aACd,CAAC,CAAC;YACH,2CAA2C;YAC3C,IAAI,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzE,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,KAAK,EAAE,sCAAsC;oBAC7C,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,MAAM,MAAM,qEAAqE;iBAC1F,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACtD,IACE,QAAQ;gBACR,CAAC;oBACC,aAAa;oBACb,SAAS;oBACT,OAAO;oBACP,OAAO;oBACP,MAAM;oBACN,QAAQ;oBACR,SAAS;oBACT,OAAO;oBACP,KAAK;oBACL,KAAK;oBACL,QAAQ;oBACR,SAAS;oBACT,UAAU;oBACV,MAAM;oBACN,MAAM;oBACN,UAAU;oBACV,UAAU;oBACV,SAAS;oBACT,QAAQ;oBACR,QAAQ;oBACR,QAAQ;oBACR,UAAU;oBACV,UAAU;oBACV,QAAQ;oBACR,QAAQ;oBACR,QAAQ;oBACR,SAAS;oBACT,QAAQ;iBACT,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACpB,CAAC;gBACD,iDAAiD;gBACjD,IACE,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,QAAQ,EAAE,CAAC;oBAC1C,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,QAAQ,EAAE,CAAC;oBACrC,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,QAAQ,EAAE,CAAC;oBACtC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,QAAQ,EAAE,CAAC;oBACrC,CAAC,IAAI,MAAM,CAAC,cAAc,QAAQ,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EACtD,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,KAAK,EAAE,kCAAkC;wBACzC,QAAQ,EAAE,QAAQ;wBAClB,MAAM,EAAE,QAAQ,QAAQ,mDAAmD;qBAC5E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,sBAAsB,CAAC,IAAc;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;CAcf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC;IAC/E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAyB,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,SAAS,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;IAErE,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,SAAS,GAAG,EAAE,GAAG,QAAQ,GAAG,CAAC,CAAC,CAAC;IAE/D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,MAAM,EAAE,SAAS;YACjB,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE;YACvE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,MAAM,KAAK,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,iBAAiB,CAAC;QAC3F,OAAO,CAAC,GAAG,CAAC,6BAA6B,KAAK,KAAK,KAAK,wCAAwC,CAAC,CAAC;QAClG,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QACD,KAAK,MAAM,KAAK,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,eAAe,SAAS,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QACpF,OAAO,CAAC,GAAG,CAAC,gBAAgB,SAAS,CAAC,MAAM,YAAY,SAAS,cAAc,QAAQ,aAAa,KAAK,QAAQ,CAAC,CAAC;IACrH,CAAC;AACH,CAAC"}

package/dist/commands/merge-verdict.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Merge-verdict — single authoritative MERGE/HOLD decision with structured rationale.
+ */
+export declare function runMergeVerdict(argv: string[]): void;
+//# sourceMappingURL=merge-verdict.d.ts.map

package/dist/commands/merge-verdict.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"merge-verdict.d.ts","sourceRoot":"","sources":["../../src/commands/merge-verdict.ts"],"names":[],"mappings":"AAAA;;GAEG;AAyRH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoEpD"}

package/dist/commands/merge-verdict.js

@@ -0,0 +1,288 @@
+/**
+ * Merge-verdict — single authoritative MERGE/HOLD decision with structured rationale.
+ */
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join, extname, relative } from "path";
+// ─── File Collection ────────────────────────────────────────────────────────
+const CODE_EXTS = new Set([".ts", ".tsx", ".js", ".jsx", ".py", ".java", ".go", ".cs", ".rs"]);
+function collectFiles(dir, max = 300) {
+    const files = [];
+    function walk(d) {
+        if (files.length >= max)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(d);
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (files.length >= max)
+                return;
+            if (e.startsWith(".") || e === "node_modules" || e === "dist" || e === "build")
+                continue;
+            const full = join(d, e);
+            try {
+                if (statSync(full).isDirectory())
+                    walk(full);
+                else if (CODE_EXTS.has(extname(full)))
+                    files.push(full);
+            }
+            catch {
+                /* skip */
+            }
+        }
+    }
+    walk(dir);
+    return files;
+}
+const DIMENSION_PATTERNS = [
+    // Security (blocking)
+    {
+        regex: /\beval\s*\(/,
+        category: "Security",
+        title: "eval() injection",
+        severity: "critical",
+        dimension: "security",
+        blocking: true,
+    },
+    {
+        regex: /(?:password|secret|api[_-]?key)\s*[:=]\s*['"][^'"]{4,}['"]/,
+        category: "Security",
+        title: "Hardcoded credential",
+        severity: "critical",
+        dimension: "security",
+        blocking: true,
+    },
+    {
+        regex: /\.innerHTML\s*=/,
+        category: "Security",
+        title: "XSS via innerHTML",
+        severity: "high",
+        dimension: "security",
+        blocking: true,
+    },
+    {
+        regex: /(?:exec|spawn)\s*\([^)]*\+/,
+        category: "Security",
+        title: "Command injection",
+        severity: "critical",
+        dimension: "security",
+        blocking: true,
+    },
+    {
+        regex: /SELECT.*FROM.*\+\s*(?:req|input|user|param)/,
+        category: "Security",
+        title: "SQL injection",
+        severity: "critical",
+        dimension: "security",
+        blocking: true,
+    },
+    // Quality (non-blocking)
+    {
+        regex: /catch\s*\(\s*\w*\s*\)\s*\{\s*\}/,
+        category: "Quality",
+        title: "Empty catch block",
+        severity: "medium",
+        dimension: "quality",
+        blocking: false,
+    },
+    {
+        regex: /console\.log\s*\(/,
+        category: "Quality",
+        title: "Console statement",
+        severity: "low",
+        dimension: "quality",
+        blocking: false,
+    },
+    {
+        regex: /debugger\b/,
+        category: "Quality",
+        title: "Debugger statement",
+        severity: "medium",
+        dimension: "quality",
+        blocking: false,
+    },
+    {
+        regex: /TODO|FIXME|HACK|XXX/,
+        category: "Quality",
+        title: "Open TODO",
+        severity: "low",
+        dimension: "quality",
+        blocking: false,
+    },
+    // Correctness (blocking for critical)
+    {
+        regex: /new\s+Buffer\s*\(/,
+        category: "Correctness",
+        title: "Deprecated Buffer()",
+        severity: "high",
+        dimension: "correctness",
+        blocking: false,
+    },
+    {
+        regex: /process\.exit\s*\(\s*\)/,
+        category: "Correctness",
+        title: "Ungraceful exit",
+        severity: "medium",
+        dimension: "correctness",
+        blocking: false,
+    },
+    // Compliance
+    {
+        regex: /\/\/\s*(?:eslint|tslint|prettier)-disable/,
+        category: "Compliance",
+        title: "Linter suppression",
+        severity: "low",
+        dimension: "compliance",
+        blocking: false,
+    },
+];
+// ─── Analysis ───────────────────────────────────────────────────────────────
+function analyzeFile(filepath, baseDir) {
+    const findings = [];
+    let content;
+    try {
+        content = readFileSync(filepath, "utf-8");
+    }
+    catch {
+        return findings;
+    }
+    const lines = content.split("\n");
+    const rel = relative(baseDir, filepath);
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("/*"))
+            continue;
+        for (const pattern of DIMENSION_PATTERNS) {
+            if (pattern.regex.test(line)) {
+                findings.push({
+                    file: rel,
+                    line: i + 1,
+                    severity: pattern.severity,
+                    category: pattern.category,
+                    title: pattern.title,
+                    blocking: pattern.blocking,
+                });
+            }
+        }
+    }
+    return findings;
+}
+function renderDecision(allFindings, threshold) {
+    const blocking = allFindings.filter((f) => f.blocking);
+    const accepted = allFindings.filter((f) => !f.blocking);
+    // Dimension scores
+    const dimFindings = (dim) => allFindings.filter((f) => {
+        const p = DIMENSION_PATTERNS.find((dp) => dp.title === f.title);
+        return p && p.dimension === dim;
+    });
+    const dimScore = (dim) => {
+        const df = dimFindings(dim);
+        const crits = df.filter((f) => f.severity === "critical").length;
+        const highs = df.filter((f) => f.severity === "high").length;
+        return Math.max(0, 100 -
+            crits * 25 -
+            highs * 12 -
+            df.filter((f) => f.severity === "medium").length * 5 -
+            df.filter((f) => f.severity === "low").length);
+    };
+    const dimensions = {
+        security: dimScore("security"),
+        quality: dimScore("quality"),
+        correctness: dimScore("correctness"),
+        compliance: dimScore("compliance"),
+    };
+    const riskScore = Math.round(dimensions.security * 0.4 + dimensions.quality * 0.2 + dimensions.correctness * 0.25 + dimensions.compliance * 0.15);
+    const decision = blocking.length > 0 || riskScore < threshold ? "HOLD" : "MERGE";
+    const confidence = blocking.length === 0 ? Math.min(95, riskScore) : Math.max(60, 100 - blocking.length * 10);
+    const rationale = [];
+    if (blocking.length > 0)
+        rationale.push(`${blocking.length} blocking finding(s) require resolution before merge`);
+    if (dimensions.security < 70)
+        rationale.push(`Security score (${dimensions.security}) is below acceptable threshold`);
+    if (dimensions.correctness < 70)
+        rationale.push(`Correctness score (${dimensions.correctness}) indicates potential bugs`);
+    if (accepted.length > 0)
+        rationale.push(`${accepted.length} non-blocking finding(s) accepted as known risks`);
+    if (decision === "MERGE")
+        rationale.push(`Risk score (${riskScore}) meets or exceeds threshold (${threshold})`);
+    const summary = decision === "MERGE"
+        ? `MERGE — Code passes review with ${accepted.length} accepted risk(s). Risk score: ${riskScore}/100.`
+        : `HOLD — ${blocking.length} blocking finding(s) and risk score ${riskScore}/100 (threshold: ${threshold}).`;
+    return {
+        decision,
+        confidence,
+        riskScore,
+        blockingFindings: blocking,
+        acceptedRisks: accepted,
+        dimensions,
+        rationale,
+        summary,
+    };
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runMergeVerdict(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges merge-verdict — Single authoritative MERGE/HOLD decision
+
+Usage:
+  judges merge-verdict [dir]
+  judges merge-verdict src/ --threshold 75 --format json
+
+Options:
+  [dir]                 Directory to scan (default: .)
+  --threshold <n>       Minimum risk score for MERGE (default: 70)
+  --format json         JSON output (for CI/CD integration)
+  --help, -h            Show this help
+
+Synthesizes security, quality, correctness, and compliance dimensions
+into one MERGE or HOLD decision with structured rationale.
+`);
+        return;
+    }
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const threshStr = argv.find((_a, i) => argv[i - 1] === "--threshold");
+    const threshold = threshStr ? parseInt(threshStr, 10) : 70;
+    const dir = argv.find((a) => !a.startsWith("-") &&
+        argv.indexOf(a) > 0 &&
+        argv[argv.indexOf(a) - 1] !== "--format" &&
+        argv[argv.indexOf(a) - 1] !== "--threshold") || ".";
+    const files = collectFiles(dir);
+    const allFindings = [];
+    for (const f of files)
+        allFindings.push(...analyzeFile(f, dir));
+    const result = renderDecision(allFindings, threshold);
+    if (format === "json") {
+        console.log(JSON.stringify({ ...result, timestamp: new Date().toISOString() }, null, 2));
+    }
+    else {
+        const icon = result.decision === "MERGE" ? "✅" : "❌";
+        console.log(`\n  ${icon} ${result.decision} (confidence: ${result.confidence}%)\n  ─────────────────────────────`);
+        console.log(`    Risk Score: ${result.riskScore}/100 (threshold: ${threshold})`);
+        console.log(`    Security:    ${result.dimensions.security}/100`);
+        console.log(`    Quality:     ${result.dimensions.quality}/100`);
+        console.log(`    Correctness: ${result.dimensions.correctness}/100`);
+        console.log(`    Compliance:  ${result.dimensions.compliance}/100\n`);
+        if (result.blockingFindings.length > 0) {
+            console.log(`    Blocking (${result.blockingFindings.length}):`);
+            for (const f of result.blockingFindings.slice(0, 10)) {
+                console.log(`      🔴 [${f.category}] ${f.title} — ${f.file}:${f.line}`);
+            }
+            console.log();
+        }
+        if (result.rationale.length > 0) {
+            console.log(`    Rationale:`);
+            for (const r of result.rationale)
+                console.log(`      → ${r}`);
+            console.log();
+        }
+        console.log(`    ${result.summary}\n`);
+        if (result.decision === "HOLD")
+            process.exitCode = 1;
+    }
+}
+//# sourceMappingURL=merge-verdict.js.map