@kevinrabun/judges 3.62.0 → 3.64.0

package/dist/commands/auto-approve.js

@@ -0,0 +1,189 @@
+/**
+ * Auto-approve — Auto-approve findings below a configurable threshold.
+ */
+import { readFileSync } from "fs";
+// ─── Default policy ────────────────────────────────────────────────────────
+function defaultPolicy() {
+    return {
+        maxLowFindings: 10,
+        maxMediumFindings: 3,
+        allowedRules: [],
+        requireMinScore: 70,
+        blockOnSecurity: true,
+        autoApproveClean: true,
+    };
+}
+// ─── Severity classification ────────────────────────────────────────────────
+const SEVERITY_ORDER = { critical: 0, high: 1, medium: 2, low: 3 };
+function isSecurity(finding) {
+    const rid = (finding.ruleId || "").toLowerCase();
+    return /sql|inject|xss|csrf|traversal|auth|secret|crypt|ssrf|deserial/i.test(rid);
+}
+// ─── Approval engine ───────────────────────────────────────────────────────
+function evaluateApproval(verdict, policy) {
+    const findings = verdict.findings || [];
+    const violations = [];
+    const approved = [];
+    const flagged = [];
+    // Check score threshold
+    if ((verdict.overallScore ?? 0) < policy.requireMinScore) {
+        violations.push(`Score ${verdict.overallScore} is below minimum ${policy.requireMinScore}`);
+    }
+    // Classify findings
+    const severityCounts = { critical: 0, high: 0, medium: 0, low: 0 };
+    for (const f of findings) {
+        const sev = f.severity || "low";
+        severityCounts[sev] = (severityCounts[sev] || 0) + 1;
+        const sevLevel = SEVERITY_ORDER[sev] ?? 3;
+        // Critical and high are always flagged
+        if (sevLevel <= 1) {
+            flagged.push(f);
+            continue;
+        }
+        // Security findings blocked if policy says so
+        if (policy.blockOnSecurity && isSecurity(f)) {
+            flagged.push(f);
+            continue;
+        }
+        // Low findings auto-approved
+        if (sev === "low") {
+            approved.push(f);
+            continue;
+        }
+        // Medium finding — check against allowed rules
+        if (policy.allowedRules.length > 0 && policy.allowedRules.includes(f.ruleId)) {
+            approved.push(f);
+        }
+        else {
+            flagged.push(f);
+        }
+    }
+    // Check threshold violations
+    if (severityCounts["critical"] > 0) {
+        violations.push(`${severityCounts["critical"]} critical finding(s) detected`);
+    }
+    if (severityCounts["high"] > 0) {
+        violations.push(`${severityCounts["high"]} high finding(s) detected`);
+    }
+    if (severityCounts["medium"] > policy.maxMediumFindings) {
+        violations.push(`${severityCounts["medium"]} medium findings exceed max of ${policy.maxMediumFindings}`);
+    }
+    if (severityCounts["low"] > policy.maxLowFindings) {
+        violations.push(`${severityCounts["low"]} low findings exceed max of ${policy.maxLowFindings}`);
+    }
+    const isApproved = violations.length === 0 || (findings.length === 0 && policy.autoApproveClean);
+    let reason;
+    if (isApproved && findings.length === 0) {
+        reason = "Clean review — no findings";
+    }
+    else if (isApproved) {
+        reason = "All findings within policy thresholds";
+    }
+    else {
+        reason = violations.join("; ");
+    }
+    return {
+        approved: isApproved,
+        reason,
+        autoApproved: approved.length,
+        manualRequired: flagged.length,
+        policyViolations: violations,
+        findings: { approved, flagged },
+    };
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runAutoApprove(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges auto-approve — Auto-approve findings below threshold
+
+Usage:
+  judges auto-approve --input verdict.json
+  judges auto-approve --input verdict.json --policy policy.json
+  judges auto-approve --input verdict.json --format json
+
+Options:
+  --input <file>       TribunalVerdict JSON file (required)
+  --policy <file>      Approval policy JSON file (optional, uses defaults)
+  --min-score <n>      Minimum score for approval (default: 70)
+  --format json        JSON output
+  --help, -h           Show this help
+
+Policy defaults:
+  maxLowFindings: 10, maxMediumFindings: 3, requireMinScore: 70,
+  blockOnSecurity: true, autoApproveClean: true
+
+Auto-approves low-severity findings and flags critical/high findings
+for manual review. Reduces noise while maintaining safety.
+`);
+        return;
+    }
+    const inputPath = argv.find((_a, i) => argv[i - 1] === "--input");
+    const policyPath = argv.find((_a, i) => argv[i - 1] === "--policy");
+    const minScoreStr = argv.find((_a, i) => argv[i - 1] === "--min-score");
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    if (!inputPath) {
+        console.error("Error: --input is required. Provide a verdict JSON file.");
+        process.exitCode = 1;
+        return;
+    }
+    let verdict;
+    try {
+        verdict = JSON.parse(readFileSync(inputPath, "utf-8"));
+    }
+    catch {
+        console.error(`Error: Cannot read or parse ${inputPath}`);
+        process.exitCode = 1;
+        return;
+    }
+    let policy = defaultPolicy();
+    if (policyPath) {
+        try {
+            const custom = JSON.parse(readFileSync(policyPath, "utf-8"));
+            policy = { ...policy, ...custom };
+        }
+        catch {
+            console.error(`Error: Cannot read policy file ${policyPath}`);
+            process.exitCode = 1;
+            return;
+        }
+    }
+    if (minScoreStr) {
+        policy.requireMinScore = parseInt(minScoreStr, 10);
+    }
+    const result = evaluateApproval(verdict, policy);
+    if (format === "json") {
+        console.log(JSON.stringify({
+            ...result,
+            findings: { autoApproved: result.findings.approved.length, flagged: result.findings.flagged.length },
+        }, null, 2));
+        if (!result.approved)
+            process.exitCode = 1;
+        return;
+    }
+    const icon = result.approved ? "✅" : "❌";
+    console.log(`\n  Auto-Approval Result: ${icon} ${result.approved ? "APPROVED" : "REQUIRES REVIEW"}\n  ─────────────────────────────`);
+    console.log(`    Reason: ${result.reason}`);
+    console.log(`    Score: ${verdict.overallScore ?? 0}/100`);
+    console.log(`    Auto-approved: ${result.autoApproved} finding(s)`);
+    console.log(`    Manual review: ${result.manualRequired} finding(s)`);
+    if (result.policyViolations.length > 0) {
+        console.log(`\n    Policy Violations:`);
+        for (const v of result.policyViolations) {
+            console.log(`      ❌ ${v}`);
+        }
+    }
+    if (result.findings.flagged.length > 0) {
+        console.log(`\n    Flagged Findings:`);
+        for (const f of result.findings.flagged.slice(0, 10)) {
+            console.log(`      🔴 [${f.severity}] ${f.ruleId}: ${f.title}`);
+        }
+        if (result.findings.flagged.length > 10) {
+            console.log(`      ... and ${result.findings.flagged.length - 10} more`);
+        }
+    }
+    console.log();
+    if (!result.approved)
+        process.exitCode = 1;
+}
+//# sourceMappingURL=auto-approve.js.map

package/dist/commands/auto-approve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-approve.js","sourceRoot":"","sources":["../../src/commands/auto-approve.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAuBlC,8EAA8E;AAE9E,SAAS,aAAa;IACpB,OAAO;QACL,cAAc,EAAE,EAAE;QAClB,iBAAiB,EAAE,CAAC;QACpB,YAAY,EAAE,EAAE;QAChB,eAAe,EAAE,EAAE;QACnB,eAAe,EAAE,IAAI;QACrB,gBAAgB,EAAE,IAAI;KACvB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,cAAc,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAE3F,SAAS,UAAU,CAAC,OAAgB;IAClC,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACjD,OAAO,gEAAgE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACpF,CAAC;AAED,8EAA8E;AAE9E,SAAS,gBAAgB,CAAC,OAAwB,EAAE,MAAsB;IACxE,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;IACxC,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,wBAAwB;IACxB,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QACzD,UAAU,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,YAAY,qBAAqB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAE3F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC;QAChC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAErD,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAE1C,uCAAuC;QACvC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,SAAS;QACX,CAAC;QAED,8CAA8C;QAC9C,IAAI,MAAM,CAAC,eAAe,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,SAAS;QACX,CAAC;QAED,6BAA6B;QAC7B,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;YAClB,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACjB,SAAS;QACX,CAAC;QAED,+CAA+C;QAC/C,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7E,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,UAAU,CAAC,+BAA+B,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,MAAM,CAAC,2BAA2B,CAAC,CAAC;IACxE,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACxD,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,QAAQ,CAAC,kCAAkC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC3G,CAAC;IACD,IAAI,cAAc,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,+BAA+B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;IAClG,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,gBAAgB,CAAC,CAAC;IAEjG,IAAI,MAAc,CAAC;IACnB,IAAI,UAAU,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,4BAA4B,CAAC;IACxC,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,MAAM,GAAG,uCAAuC,CAAC;IACnD,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,UAAU;QACpB,MAAM;QACN,YAAY,EAAE,QAAQ,CAAC,MAAM;QAC7B,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,gBAAgB,EAAE,UAAU;QAC5B,QAAQ,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE;KAChC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;CAqBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC;IACxF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC1E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAoB,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,MAAM,GAAG,aAAa,EAAE,CAAC;IAC7B,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAA4B,CAAC;YACxF,MAAM,GAAG,EAAE,GAAG,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,kCAAkC,UAAU,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,CAAC,eAAe,GAAG,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAEjD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,GAAG,MAAM;YACT,QAAQ,EAAE,EAAE,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;SACrG,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,QAAQ;YAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IACzC,OAAO,CAAC,GAAG,CACT,6BAA6B,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,iBAAiB,mCAAmC,CACzH,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,cAAc,OAAO,CAAC,YAAY,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,YAAY,aAAa,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,cAAc,aAAa,CAAC,CAAC;IAEtE,IAAI,MAAM,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACxC,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC7C,CAAC"}

package/dist/commands/diff-explain.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Diff-explain — Explain why specific diff changes were flagged.
+ */
+export declare function runDiffExplain(argv: string[]): void;
+//# sourceMappingURL=diff-explain.d.ts.map

package/dist/commands/diff-explain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"diff-explain.d.ts","sourceRoot":"","sources":["../../src/commands/diff-explain.ts"],"names":[],"mappings":"AAAA;;GAEG;AAyFH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoFnD"}

package/dist/commands/diff-explain.js

@@ -0,0 +1,143 @@
+/**
+ * Diff-explain — Explain why specific diff changes were flagged.
+ */
+import { readFileSync } from "fs";
+// ─── Knowledge base for common rules ────────────────────────────────────────
+const RULE_EXPLANATIONS = {
+    "sql-injection": {
+        risk: "Attacker can manipulate database queries to extract, modify, or delete data",
+        whyFlagged: "User input is concatenated into SQL queries without parameterization",
+        action: "Use parameterized queries or prepared statements instead of string concatenation",
+    },
+    "xss-vulnerability": {
+        risk: "Attacker can inject malicious scripts that execute in other users' browsers",
+        whyFlagged: "User-supplied data is rendered in HTML without proper escaping",
+        action: "Sanitize and escape all user input before rendering in HTML context",
+    },
+    "hardcoded-secret": {
+        risk: "Credentials exposed in source code can be harvested from version control",
+        whyFlagged: "String patterns matching API keys, passwords, or tokens detected in code",
+        action: "Move secrets to environment variables or a secrets manager",
+    },
+    "path-traversal": {
+        risk: "Attacker can access files outside intended directories",
+        whyFlagged: "File paths constructed from user input without validation",
+        action: "Validate and normalize file paths, restrict to allowed directories",
+    },
+    "insecure-random": {
+        risk: "Predictable random values weaken security mechanisms",
+        whyFlagged: "Math.random() or similar used for security-sensitive operations",
+        action: "Use crypto.getRandomValues() or crypto.randomBytes() for security",
+    },
+    "error-info-leak": {
+        risk: "Internal error details can reveal system architecture to attackers",
+        whyFlagged: "Error messages expose stack traces, file paths, or internal details",
+        action: "Return generic error messages to users, log details server-side",
+    },
+    "missing-auth": {
+        risk: "Unauthorized access to protected resources or operations",
+        whyFlagged: "Endpoint or function lacks authentication/authorization checks",
+        action: "Add authentication middleware and verify user permissions",
+    },
+    "unsafe-deserialization": {
+        risk: "Attacker can execute arbitrary code via crafted serialized data",
+        whyFlagged: "Deserialization of untrusted data detected",
+        action: "Validate and whitelist types before deserialization, use safe formats like JSON",
+    },
+};
+// ─── Explanation engine ─────────────────────────────────────────────────────
+function explainFinding(finding) {
+    const ruleId = finding.ruleId || "unknown";
+    const known = RULE_EXPLANATIONS[ruleId];
+    const explanation = known
+        ? known.whyFlagged
+        : `This code was flagged by the '${ruleId}' rule. ${finding.description || "Review the identified pattern for potential issues."}`;
+    const risk = known
+        ? known.risk
+        : `Potential ${finding.severity || "medium"}-severity issue that may affect code quality or security.`;
+    const action = known
+        ? known.action
+        : finding.recommendation || "Review and address the finding according to best practices.";
+    return {
+        finding: { ruleId, severity: finding.severity || "medium", title: finding.title },
+        context: finding.description || "",
+        explanation,
+        risk,
+        suggestedAction: action,
+    };
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runDiffExplain(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges diff-explain — Explain why changes were flagged
+
+Usage:
+  judges diff-explain --input verdict.json
+  judges diff-explain --input verdict.json --rule sql-injection
+  judges diff-explain --input verdict.json --severity critical
+  judges diff-explain --format json
+
+Options:
+  --input <file>       TribunalVerdict JSON file (required)
+  --rule <id>          Explain only findings for a specific rule
+  --severity <level>   Filter by severity: critical, high, medium, low
+  --limit <n>          Maximum findings to explain (default: 20)
+  --format json        JSON output
+  --help, -h           Show this help
+
+Provides plain-language explanations of why code was flagged,
+what the risk is, and what action to take. Useful for developers
+unfamiliar with specific security or quality patterns.
+`);
+        return;
+    }
+    const inputPath = argv.find((_a, i) => argv[i - 1] === "--input");
+    const ruleFilter = argv.find((_a, i) => argv[i - 1] === "--rule");
+    const sevFilter = argv.find((_a, i) => argv[i - 1] === "--severity");
+    const limitStr = argv.find((_a, i) => argv[i - 1] === "--limit");
+    const limit = limitStr ? parseInt(limitStr, 10) : 20;
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    if (!inputPath) {
+        console.error("Error: --input is required. Provide a verdict JSON file.");
+        process.exitCode = 1;
+        return;
+    }
+    let verdict;
+    try {
+        verdict = JSON.parse(readFileSync(inputPath, "utf-8"));
+    }
+    catch {
+        console.error(`Error: Cannot read or parse ${inputPath}`);
+        process.exitCode = 1;
+        return;
+    }
+    let findings = verdict.findings || [];
+    if (ruleFilter) {
+        findings = findings.filter((f) => f.ruleId === ruleFilter);
+    }
+    if (sevFilter) {
+        findings = findings.filter((f) => f.severity === sevFilter);
+    }
+    findings = findings.slice(0, limit);
+    if (findings.length === 0) {
+        console.log("No findings to explain.");
+        return;
+    }
+    const explanations = findings.map(explainFinding);
+    if (format === "json") {
+        console.log(JSON.stringify({ count: explanations.length, explanations }, null, 2));
+        return;
+    }
+    console.log(`\n  Diff Explanations (${explanations.length} finding(s))\n  ─────────────────────────────`);
+    for (const exp of explanations) {
+        const sevIcon = { critical: "🔴", high: "🟠", medium: "🟡", low: "🔵" };
+        const icon = sevIcon[exp.finding.severity] || "⬜";
+        console.log(`\n    ${icon} [${exp.finding.severity}] ${exp.finding.ruleId}: ${exp.finding.title}`);
+        console.log(`    Why flagged: ${exp.explanation}`);
+        console.log(`    Risk: ${exp.risk}`);
+        console.log(`    Action: ${exp.suggestedAction}`);
+    }
+    console.log();
+}
+//# sourceMappingURL=diff-explain.js.map

package/dist/commands/diff-explain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"diff-explain.js","sourceRoot":"","sources":["../../src/commands/diff-explain.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAalC,+EAA+E;AAE/E,MAAM,iBAAiB,GAAyE;IAC9F,eAAe,EAAE;QACf,IAAI,EAAE,6EAA6E;QACnF,UAAU,EAAE,sEAAsE;QAClF,MAAM,EAAE,kFAAkF;KAC3F;IACD,mBAAmB,EAAE;QACnB,IAAI,EAAE,6EAA6E;QACnF,UAAU,EAAE,gEAAgE;QAC5E,MAAM,EAAE,qEAAqE;KAC9E;IACD,kBAAkB,EAAE;QAClB,IAAI,EAAE,0EAA0E;QAChF,UAAU,EAAE,0EAA0E;QACtF,MAAM,EAAE,4DAA4D;KACrE;IACD,gBAAgB,EAAE;QAChB,IAAI,EAAE,wDAAwD;QAC9D,UAAU,EAAE,2DAA2D;QACvE,MAAM,EAAE,oEAAoE;KAC7E;IACD,iBAAiB,EAAE;QACjB,IAAI,EAAE,sDAAsD;QAC5D,UAAU,EAAE,iEAAiE;QAC7E,MAAM,EAAE,mEAAmE;KAC5E;IACD,iBAAiB,EAAE;QACjB,IAAI,EAAE,oEAAoE;QAC1E,UAAU,EAAE,qEAAqE;QACjF,MAAM,EAAE,iEAAiE;KAC1E;IACD,cAAc,EAAE;QACd,IAAI,EAAE,0DAA0D;QAChE,UAAU,EAAE,gEAAgE;QAC5E,MAAM,EAAE,2DAA2D;KACpE;IACD,wBAAwB,EAAE;QACxB,IAAI,EAAE,iEAAiE;QACvE,UAAU,EAAE,4CAA4C;QACxD,MAAM,EAAE,iFAAiF;KAC1F;CACF,CAAC;AAEF,+EAA+E;AAE/E,SAAS,cAAc,CAAC,OAAgB;IACtC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC;IAC3C,MAAM,KAAK,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAExC,MAAM,WAAW,GAAG,KAAK;QACvB,CAAC,CAAC,KAAK,CAAC,UAAU;QAClB,CAAC,CAAC,iCAAiC,MAAM,WAAW,OAAO,CAAC,WAAW,IAAI,qDAAqD,EAAE,CAAC;IAErI,MAAM,IAAI,GAAG,KAAK;QAChB,CAAC,CAAC,KAAK,CAAC,IAAI;QACZ,CAAC,CAAC,aAAa,OAAO,CAAC,QAAQ,IAAI,QAAQ,2DAA2D,CAAC;IAEzG,MAAM,MAAM,GAAG,KAAK;QAClB,CAAC,CAAC,KAAK,CAAC,MAAM;QACd,CAAC,CAAC,OAAO,CAAC,cAAc,IAAI,6DAA6D,CAAC;IAE5F,OAAO;QACL,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;QACjF,OAAO,EAAE,OAAO,CAAC,WAAW,IAAI,EAAE;QAClC,WAAW;QACX,IAAI;QACJ,eAAe,EAAE,MAAM;KACxB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC;IACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IACjF,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC1E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAoB,CAAC;IAC5E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;IAEtC,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAEpC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO;IACT,CAAC;IAED,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAElD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,0BAA0B,YAAY,CAAC,MAAM,+CAA+C,CAAC,CAAC;IAE1G,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAA2B,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;QAChG,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC;QAElD,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,KAAK,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACnG,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}

package/dist/commands/finding-group.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Finding-group — Group related findings into actionable clusters.
+ */
+import type { Finding } from "../types.js";
+export interface FindingCluster {
+    id: string;
+    label: string;
+    pattern: string;
+    count: number;
+    severities: Record<string, number>;
+    findings: Finding[];
+    files: string[];
+    recommendation: string;
+}
+export declare function runFindingGroup(argv: string[]): void;
+//# sourceMappingURL=finding-group.d.ts.map

package/dist/commands/finding-group.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-group.d.ts","sourceRoot":"","sources":["../../src/commands/finding-group.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAI3C,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,QAAQ,EAAE,OAAO,EAAE,CAAC;IACpB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;CACxB;AAiFD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoGpD"}

package/dist/commands/finding-group.js

@@ -0,0 +1,165 @@
+/**
+ * Finding-group — Group related findings into actionable clusters.
+ */
+import { readFileSync } from "fs";
+// ─── Grouping strategies ────────────────────────────────────────────────────
+function groupByRule(findings) {
+    const groups = new Map();
+    for (const f of findings) {
+        const key = f.ruleId || "unknown";
+        const existing = groups.get(key) || [];
+        existing.push(f);
+        groups.set(key, existing);
+    }
+    return groups;
+}
+function groupBySeverity(findings) {
+    const groups = new Map();
+    for (const f of findings) {
+        const key = f.severity || "unknown";
+        const existing = groups.get(key) || [];
+        existing.push(f);
+        groups.set(key, existing);
+    }
+    return groups;
+}
+function groupByCategory(findings) {
+    const groups = new Map();
+    for (const f of findings) {
+        const ruleId = f.ruleId || "";
+        let category = "other";
+        if (/sql|inject|xss|csrf|traversal|auth|secret|crypt/i.test(ruleId))
+            category = "security";
+        else if (/perf|cache|memory|leak|optim/i.test(ruleId))
+            category = "performance";
+        else if (/error|exception|throw|catch/i.test(ruleId))
+            category = "error-handling";
+        else if (/doc|comment|jsdoc|readme/i.test(ruleId))
+            category = "documentation";
+        else if (/test|assert|mock|coverage/i.test(ruleId))
+            category = "testing";
+        else if (/lint|format|naming|style/i.test(ruleId))
+            category = "code-style";
+        const existing = groups.get(category) || [];
+        existing.push(f);
+        groups.set(category, existing);
+    }
+    return groups;
+}
+// ─── Build clusters ─────────────────────────────────────────────────────────
+function buildClusters(groups, strategy) {
+    const clusters = [];
+    let idx = 0;
+    for (const [key, findings] of groups) {
+        idx++;
+        const severities = {};
+        for (const f of findings) {
+            const s = f.severity || "unknown";
+            severities[s] = (severities[s] || 0) + 1;
+        }
+        const topFinding = findings.sort((a, b) => {
+            const order = { critical: 0, high: 1, medium: 2, low: 3 };
+            return (order[a.severity] ?? 4) - (order[b.severity] ?? 4);
+        })[0];
+        clusters.push({
+            id: `${strategy}-${idx}`,
+            label: key,
+            pattern: strategy,
+            count: findings.length,
+            severities,
+            findings,
+            files: [],
+            recommendation: topFinding?.recommendation || "Review grouped findings",
+        });
+    }
+    return clusters.sort((a, b) => b.count - a.count);
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingGroup(argv) {
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-group — Group related findings into actionable clusters
+
+Usage:
+  judges finding-group --input findings.json
+  judges finding-group --input findings.json --strategy severity
+  judges finding-group --input findings.json --format json
+
+Options:
+  --input <file>       JSON file with findings array (required)
+  --strategy <type>    Grouping strategy: rule, severity, category (default: rule)
+  --format json        JSON output
+  --min-count <n>      Minimum findings to form a cluster (default: 1)
+  --help, -h           Show this help
+
+Strategies:
+  rule                 Group by rule ID (most specific)
+  severity             Group by severity level
+  category             Group by inferred category (security, performance, etc.)
+
+Groups related findings to help you fix issues systematically rather
+than one by one.
+`);
+        return;
+    }
+    const inputPath = argv.find((_a, i) => argv[i - 1] === "--input");
+    const strategy = argv.find((_a, i) => argv[i - 1] === "--strategy") || "rule";
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    const minCountStr = argv.find((_a, i) => argv[i - 1] === "--min-count");
+    const minCount = minCountStr ? parseInt(minCountStr, 10) : 1;
+    if (!inputPath) {
+        console.error("Error: --input is required. Provide a JSON file with findings.");
+        process.exitCode = 1;
+        return;
+    }
+    let findings;
+    try {
+        const raw = readFileSync(inputPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        findings = Array.isArray(parsed) ? parsed : parsed.findings || [];
+    }
+    catch {
+        console.error(`Error: Cannot read or parse ${inputPath}`);
+        process.exitCode = 1;
+        return;
+    }
+    if (findings.length === 0) {
+        console.log("No findings to group.");
+        return;
+    }
+    let groups;
+    switch (strategy) {
+        case "severity":
+            groups = groupBySeverity(findings);
+            break;
+        case "category":
+            groups = groupByCategory(findings);
+            break;
+        default:
+            groups = groupByRule(findings);
+    }
+    let clusters = buildClusters(groups, strategy);
+    clusters = clusters.filter((c) => c.count >= minCount);
+    if (format === "json") {
+        console.log(JSON.stringify({
+            strategy,
+            totalFindings: findings.length,
+            clusterCount: clusters.length,
+            clusters: clusters.map((c) => ({ ...c, findings: undefined })),
+        }, null, 2));
+        return;
+    }
+    console.log(`\n  Finding Groups (strategy: ${strategy})\n  ─────────────────────────────`);
+    console.log(`    Total findings: ${findings.length}`);
+    console.log(`    Clusters: ${clusters.length}\n`);
+    for (const cluster of clusters) {
+        const severitySummary = Object.entries(cluster.severities)
+            .map(([s, n]) => `${n} ${s}`)
+            .join(", ");
+        console.log(`    [${cluster.id}] ${cluster.label} — ${cluster.count} finding(s)`);
+        console.log(`      Severities: ${severitySummary}`);
+        console.log(`      Recommendation: ${cluster.recommendation}`);
+        console.log();
+    }
+}
+//# sourceMappingURL=finding-group.js.map

package/dist/commands/finding-group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-group.js","sourceRoot":"","sources":["../../src/commands/finding-group.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAgBlC,+EAA+E;AAE/E,SAAS,WAAW,CAAC,QAAmB;IACtC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,SAAS,CAAC;QAClC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,QAAmB;IAC1C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,SAAS,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,QAAmB;IAC1C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC5C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;QAC9B,IAAI,QAAQ,GAAG,OAAO,CAAC;QACvB,IAAI,kDAAkD,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,UAAU,CAAC;aACtF,IAAI,+BAA+B,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,aAAa,CAAC;aAC3E,IAAI,8BAA8B,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,gBAAgB,CAAC;aAC7E,IAAI,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,eAAe,CAAC;aACzE,IAAI,4BAA4B,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,SAAS,CAAC;aACpE,IAAI,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,QAAQ,GAAG,YAAY,CAAC;QAE3E,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC5C,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,+EAA+E;AAE/E,SAAS,aAAa,CAAC,MAA8B,EAAE,QAAgB;IACrE,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,GAAG,GAAG,CAAC,CAAC;IAEZ,KAAK,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC;QACrC,GAAG,EAAE,CAAC;QACN,MAAM,UAAU,GAA2B,EAAE,CAAC;QAC9C,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,SAAS,CAAC;YAClC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,KAAK,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YAClF,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEN,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,GAAG,QAAQ,IAAI,GAAG,EAAE;YACxB,KAAK,EAAE,GAAG;YACV,OAAO,EAAE,QAAQ;YACjB,KAAK,EAAE,QAAQ,CAAC,MAAM;YACtB,UAAU;YACV,QAAQ;YACR,KAAK,EAAE,EAAE;YACT,cAAc,EAAE,UAAU,EAAE,cAAc,IAAI,yBAAyB;SACxE,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;AACpD,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;CAsBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAClF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,IAAI,MAAM,CAAC;IAC9F,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAC1F,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC;IACxF,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;QAChF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,QAAmB,CAAC;IACxB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;QAC1D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;QACrC,OAAO;IACT,CAAC;IAED,IAAI,MAA8B,CAAC;IACnC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM;QACR,KAAK,UAAU;YACb,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM;QACR;YACE,MAAM,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,QAAQ,GAAG,aAAa,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/C,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC,CAAC;IAEvD,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,QAAQ;YACR,aAAa,EAAE,QAAQ,CAAC,MAAM;YAC9B,YAAY,EAAE,QAAQ,CAAC,MAAM;YAC7B,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;SAC/D,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,iCAAiC,QAAQ,oCAAoC,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,uBAAuB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC;IAElD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;aACvD,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;aAC5B,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,MAAM,OAAO,CAAC,KAAK,aAAa,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,qBAAqB,eAAe,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,yBAAyB,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;AACH,CAAC"}

package/dist/commands/fix-suggest.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Fix-suggest — Generate concrete code fix suggestions for findings.
+ */
+export declare function runFixSuggest(argv: string[]): void;
+//# sourceMappingURL=fix-suggest.d.ts.map

package/dist/commands/fix-suggest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-suggest.d.ts","sourceRoot":"","sources":["../../src/commands/fix-suggest.ts"],"names":[],"mappings":"AAAA;;GAEG;AAuHH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoFlD"}