@kevinrabun/judges 3.80.0 → 3.81.0

package/dist/commands/finding-cwe-map.js

@@ -0,0 +1,134 @@
+/**
+ * Finding-cwe-map — Map findings to CWE (Common Weakness Enumeration) identifiers.
+ */
+import { readFileSync, existsSync } from "fs";
+// ─── CWE Mapping ───────────────────────────────────────────────────────────
+const KEYWORD_CWE_MAP = {
+    injection: [
+        { cwe: "CWE-89", name: "SQL Injection" },
+        { cwe: "CWE-78", name: "OS Command Injection" },
+    ],
+    "sql injection": [{ cwe: "CWE-89", name: "SQL Injection" }],
+    xss: [{ cwe: "CWE-79", name: "Cross-site Scripting" }],
+    "cross-site scripting": [{ cwe: "CWE-79", name: "Cross-site Scripting" }],
+    csrf: [{ cwe: "CWE-352", name: "Cross-Site Request Forgery" }],
+    "path traversal": [{ cwe: "CWE-22", name: "Path Traversal" }],
+    "buffer overflow": [{ cwe: "CWE-120", name: "Buffer Copy without Checking Size" }],
+    authentication: [{ cwe: "CWE-287", name: "Improper Authentication" }],
+    authorization: [{ cwe: "CWE-862", name: "Missing Authorization" }],
+    hardcoded: [{ cwe: "CWE-798", name: "Use of Hard-coded Credentials" }],
+    credential: [{ cwe: "CWE-798", name: "Use of Hard-coded Credentials" }],
+    password: [{ cwe: "CWE-521", name: "Weak Password Requirements" }],
+    deserialization: [{ cwe: "CWE-502", name: "Deserialization of Untrusted Data" }],
+    ssrf: [{ cwe: "CWE-918", name: "Server-Side Request Forgery" }],
+    "race condition": [{ cwe: "CWE-362", name: "Race Condition" }],
+    "null pointer": [{ cwe: "CWE-476", name: "NULL Pointer Dereference" }],
+    "memory leak": [{ cwe: "CWE-401", name: "Missing Release of Memory" }],
+    "information disclosure": [{ cwe: "CWE-200", name: "Exposure of Sensitive Information" }],
+    cryptographic: [{ cwe: "CWE-327", name: "Use of a Broken Crypto Algorithm" }],
+    encryption: [{ cwe: "CWE-326", name: "Inadequate Encryption Strength" }],
+    "open redirect": [{ cwe: "CWE-601", name: "URL Redirection to Untrusted Site" }],
+    xml: [{ cwe: "CWE-611", name: "Improper Restriction of XML External Entity" }],
+    privilege: [{ cwe: "CWE-269", name: "Improper Privilege Management" }],
+};
+function mapFindingToCwe(finding) {
+    const text = `${finding.ruleId || ""} ${finding.title || ""} ${finding.description || ""}`.toLowerCase();
+    const matches = [];
+    const seen = new Set();
+    for (const [keyword, cwes] of Object.entries(KEYWORD_CWE_MAP)) {
+        if (text.includes(keyword)) {
+            for (const c of cwes) {
+                if (!seen.has(c.cwe)) {
+                    seen.add(c.cwe);
+                    matches.push(c);
+                }
+            }
+        }
+    }
+    return matches;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingCweMap(argv) {
+    if (argv.includes("--help") || argv.includes("-h") || argv.length === 0) {
+        console.log(`
+judges finding-cwe-map — Map findings to CWE identifiers
+
+Usage:
+  judges finding-cwe-map --file <results.json> [options]
+
+Options:
+  --file <path>      Result file (required)
+  --cwe <id>         Filter to specific CWE (e.g., CWE-89)
+  --format json      JSON output
+  --help, -h         Show this help
+
+Maps security findings to their corresponding CWE identifiers.
+`);
+        return;
+    }
+    const file = argv.find((_a, i) => argv[i - 1] === "--file");
+    if (!file) {
+        console.error("Error: --file required");
+        process.exitCode = 1;
+        return;
+    }
+    if (!existsSync(file)) {
+        console.error(`Error: file not found: ${file}`);
+        process.exitCode = 1;
+        return;
+    }
+    const cweFilter = argv.find((_a, i) => argv[i - 1] === "--cwe");
+    const format = argv.find((_a, i) => argv[i - 1] === "--format") || "text";
+    let verdict;
+    try {
+        verdict = JSON.parse(readFileSync(file, "utf-8"));
+    }
+    catch {
+        console.error("Error: could not parse file");
+        process.exitCode = 1;
+        return;
+    }
+    const findings = verdict.findings || [];
+    let mapped = findings.map((f) => ({ ...f, cwes: mapFindingToCwe(f) }));
+    if (cweFilter) {
+        mapped = mapped.filter((f) => f.cwes.some((c) => c.cwe === cweFilter));
+    }
+    const withCwe = mapped.filter((f) => f.cwes.length > 0);
+    // CWE frequency
+    const cweFreq = new Map();
+    for (const f of withCwe) {
+        for (const c of f.cwes) {
+            const existing = cweFreq.get(c.cwe);
+            if (existing)
+                existing.count++;
+            else
+                cweFreq.set(c.cwe, { name: c.name, count: 1 });
+        }
+    }
+    if (format === "json") {
+        console.log(JSON.stringify({
+            total: findings.length,
+            mapped: withCwe.length,
+            cweSummary: [...cweFreq.entries()].map(([cwe, info]) => ({ cwe, name: info.name, count: info.count })),
+            findings: mapped,
+        }, null, 2));
+        return;
+    }
+    console.log(`\nCWE Mapping:`);
+    console.log("═".repeat(70));
+    console.log(`  ${withCwe.length} of ${findings.length} findings mapped to CWE identifiers`);
+    console.log("─".repeat(70));
+    console.log("\n  CWE Summary:");
+    for (const [cwe, info] of [...cweFreq.entries()].sort((a, b) => b[1].count - a[1].count)) {
+        console.log(`    ${cwe.padEnd(12)} ${info.name.padEnd(40)} x${info.count}`);
+    }
+    console.log("\n  Mapped Findings:");
+    for (const f of withCwe.slice(0, 15)) {
+        const cweStr = f.cwes.map((c) => c.cwe).join(", ");
+        console.log(`    ${(f.ruleId || "unknown").padEnd(22)} → ${cweStr}`);
+    }
+    if (withCwe.length > 15)
+        console.log(`    ... and ${withCwe.length - 15} more`);
+    console.log("═".repeat(70));
+}
+//# sourceMappingURL=finding-cwe-map.js.map

package/dist/commands/finding-cwe-map.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-cwe-map.js","sourceRoot":"","sources":["../../src/commands/finding-cwe-map.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAE9C,8EAA8E;AAE9E,MAAM,eAAe,GAAoD;IACvE,SAAS,EAAE;QACT,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE;QACxC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE;KAChD;IACD,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC3D,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC;IACtD,sBAAsB,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC;IACzE,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC;IAC9D,gBAAgB,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAC7D,iBAAiB,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC;IAClF,cAAc,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,yBAAyB,EAAE,CAAC;IACrE,aAAa,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC;IAClE,SAAS,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,+BAA+B,EAAE,CAAC;IACtE,UAAU,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,+BAA+B,EAAE,CAAC;IACvE,QAAQ,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC;IAClE,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC;IAChF,IAAI,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,6BAA6B,EAAE,CAAC;IAC/D,gBAAgB,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAC9D,cAAc,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,0BAA0B,EAAE,CAAC;IACtE,aAAa,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,2BAA2B,EAAE,CAAC;IACtE,wBAAwB,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC;IACzF,aAAa,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,kCAAkC,EAAE,CAAC;IAC7E,UAAU,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,gCAAgC,EAAE,CAAC;IACxE,eAAe,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,mCAAmC,EAAE,CAAC;IAChF,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,6CAA6C,EAAE,CAAC;IAC9E,SAAS,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,+BAA+B,EAAE,CAAC;CACvE,CAAC;AAEF,SAAS,eAAe,CAAC,OAAgB;IACvC,MAAM,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,IAAI,OAAO,CAAC,KAAK,IAAI,EAAE,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC;IACzG,MAAM,OAAO,GAAoC,EAAE,CAAC;IACpD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,KAAK,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;QAC9D,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;oBAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAaf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;IAC5E,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;QAChD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC;IAChF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;IAE1F,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC7C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;IACxC,IAAI,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEvE,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAExD,gBAAgB;IAChB,MAAM,OAAO,GAAG,IAAI,GAAG,EAA2C,CAAC;IACnE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,QAAQ;gBAAE,QAAQ,CAAC,KAAK,EAAE,CAAC;;gBAC1B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CACZ;YACE,KAAK,EAAE,QAAQ,CAAC,MAAM;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,UAAU,EAAE,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YACtG,QAAQ,EAAE,MAAM;SACjB,EACD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC9B,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,MAAM,OAAO,QAAQ,CAAC,MAAM,qCAAqC,CAAC,CAAC;IAC5F,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAChC,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QACzF,OAAO,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,CAAC,GAAG,CAAC,eAAe,OAAO,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/finding-false-neg-check.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Finding-false-neg-check — Check for potential false negatives.
+ *
+ * Analyzes code for common vulnerability patterns that may have been
+ * missed by the current judge panel. Uses keyword heuristics to flag
+ * lines that warrant manual review.
+ */
+export declare function runFindingFalseNegCheck(argv: string[]): void;
+//# sourceMappingURL=finding-false-neg-check.d.ts.map

package/dist/commands/finding-false-neg-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-false-neg-check.d.ts","sourceRoot":"","sources":["../../src/commands/finding-false-neg-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+EH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAkF5D"}

package/dist/commands/finding-false-neg-check.js

@@ -0,0 +1,140 @@
+/**
+ * Finding-false-neg-check — Check for potential false negatives.
+ *
+ * Analyzes code for common vulnerability patterns that may have been
+ * missed by the current judge panel. Uses keyword heuristics to flag
+ * lines that warrant manual review.
+ */
+import { readFileSync, existsSync } from "fs";
+// ─── Patterns ───────────────────────────────────────────────────────────────
+const SUSPICIOUS_PATTERNS = [
+    { regex: /eval\s*\(/, category: "injection", reason: "Dynamic code evaluation" },
+    { regex: /innerHTML\s*=/, category: "xss", reason: "Direct innerHTML assignment" },
+    { regex: /dangerouslySetInnerHTML/, category: "xss", reason: "React dangerous HTML" },
+    { regex: /document\.write\s*\(/, category: "xss", reason: "Document write usage" },
+    { regex: /exec\s*\(/, category: "command-injection", reason: "Command execution" },
+    { regex: /child_process/, category: "command-injection", reason: "Child process usage" },
+    { regex: /SELECT\s.*FROM\s.*WHERE/i, category: "sql-injection", reason: "Raw SQL query" },
+    { regex: /password\s*[:=]\s*['"]/, category: "hardcoded-secret", reason: "Hardcoded password" },
+    { regex: /api[_-]?key\s*[:=]\s*['"]/, category: "hardcoded-secret", reason: "Hardcoded API key" },
+    { regex: /secret\s*[:=]\s*['"]/, category: "hardcoded-secret", reason: "Hardcoded secret" },
+    { regex: /Math\.random\s*\(/, category: "weak-crypto", reason: "Math.random for security" },
+    { regex: /createHash\s*\(\s*['"]md5['"]/, category: "weak-crypto", reason: "MD5 hash usage" },
+    { regex: /createHash\s*\(\s*['"]sha1['"]/, category: "weak-crypto", reason: "SHA1 hash usage" },
+    {
+        regex: /disable.*ssl|verify\s*=\s*false|rejectUnauthorized.*false/i,
+        category: "tls",
+        reason: "TLS verification disabled",
+    },
+    { regex: /cors\(\s*\)/, category: "cors", reason: "Permissive CORS" },
+    { regex: /chmod\s+777/, category: "permissions", reason: "World-writable permissions" },
+    { regex: /TODO.*security|FIXME.*vuln|HACK.*auth/i, category: "todo", reason: "Security-related TODO" },
+    { regex: /console\.(log|debug)\s*\(.*password/i, category: "logging", reason: "Password in logs" },
+];
+// ─── Helpers ────────────────────────────────────────────────────────────────
+function scanFile(filePath) {
+    const content = readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    const candidates = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const pat of SUSPICIOUS_PATTERNS) {
+            if (pat.regex.test(line)) {
+                candidates.push({
+                    lineNumber: i + 1,
+                    lineContent: line.trim().slice(0, 120),
+                    pattern: pat.regex.source,
+                    category: pat.category,
+                    reason: pat.reason,
+                });
+            }
+        }
+    }
+    return candidates;
+}
+function crossCheckVerdict(candidates, verdict) {
+    // Filter out candidates that already have findings for the same line/category
+    const coveredLines = new Set();
+    for (const f of verdict.findings) {
+        if (f.lineNumbers) {
+            for (const ln of f.lineNumbers)
+                coveredLines.add(ln);
+        }
+    }
+    return candidates.filter((c) => !coveredLines.has(c.lineNumber));
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingFalseNegCheck(argv) {
+    const fileIdx = argv.indexOf("--file");
+    const verdictIdx = argv.indexOf("--verdict");
+    const formatIdx = argv.indexOf("--format");
+    const categoryIdx = argv.indexOf("--category");
+    const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
+    const verdictPath = verdictIdx >= 0 ? argv[verdictIdx + 1] : undefined;
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    const filterCategory = categoryIdx >= 0 ? argv[categoryIdx + 1] : undefined;
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-false-neg-check — Check for potential false negatives
+
+Usage:
+  judges finding-false-neg-check --file <source> [--verdict <verdict.json>]
+                                 [--format table|json] [--category <cat>]
+
+Options:
+  --file <path>       Source file to scan for suspicious patterns (required)
+  --verdict <path>    Verdict JSON to cross-check (optional)
+  --format <fmt>      Output format: table (default), json
+  --category <cat>    Filter by category (injection, xss, hardcoded-secret, etc.)
+  --help, -h          Show this help
+`);
+        return;
+    }
+    if (!filePath) {
+        console.error("Error: --file required");
+        process.exitCode = 1;
+        return;
+    }
+    if (!existsSync(filePath)) {
+        console.error(`Error: file not found: ${filePath}`);
+        process.exitCode = 1;
+        return;
+    }
+    let candidates = scanFile(filePath);
+    if (verdictPath && existsSync(verdictPath)) {
+        try {
+            const verdict = JSON.parse(readFileSync(verdictPath, "utf-8"));
+            candidates = crossCheckVerdict(candidates, verdict);
+        }
+        catch {
+            /* skip cross-check */
+        }
+    }
+    if (filterCategory) {
+        candidates = candidates.filter((c) => c.category === filterCategory);
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(candidates, null, 2));
+        return;
+    }
+    if (candidates.length === 0) {
+        console.log("No potential false negatives detected.");
+        return;
+    }
+    console.log(`\nPotential False Negatives in ${filePath}`);
+    console.log("═".repeat(70));
+    console.log(`${"Line".padEnd(7)} ${"Category".padEnd(20)} Reason`);
+    console.log("─".repeat(70));
+    for (const c of candidates) {
+        console.log(`${String(c.lineNumber).padEnd(7)} ${c.category.padEnd(20)} ${c.reason}`);
+        console.log(`  ${c.lineContent}`);
+    }
+    console.log("─".repeat(70));
+    const categories = new Map();
+    for (const c of candidates) {
+        categories.set(c.category, (categories.get(c.category) || 0) + 1);
+    }
+    console.log(`${candidates.length} suspicious patterns found across ${categories.size} categories`);
+    console.log("═".repeat(70));
+}
+//# sourceMappingURL=finding-false-neg-check.js.map

package/dist/commands/finding-false-neg-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-false-neg-check.js","sourceRoot":"","sources":["../../src/commands/finding-false-neg-check.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAa9C,+EAA+E;AAE/E,MAAM,mBAAmB,GAA+D;IACtF,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAChF,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAClF,EAAE,KAAK,EAAE,yBAAyB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACrF,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE;IAClF,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAClF,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,EAAE,qBAAqB,EAAE;IACxF,EAAE,KAAK,EAAE,0BAA0B,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,eAAe,EAAE;IACzF,EAAE,KAAK,EAAE,wBAAwB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAC/F,EAAE,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACjG,EAAE,KAAK,EAAE,sBAAsB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAC3F,EAAE,KAAK,EAAE,mBAAmB,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC3F,EAAE,KAAK,EAAE,+BAA+B,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC7F,EAAE,KAAK,EAAE,gCAAgC,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,iBAAiB,EAAE;IAC/F;QACE,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,2BAA2B;KACpC;IACD,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACrE,EAAE,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,EAAE,4BAA4B,EAAE;IACvF,EAAE,KAAK,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACtG,EAAE,KAAK,EAAE,sCAAsC,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,kBAAkB,EAAE;CACnG,CAAC;AAEF,+EAA+E;AAE/E,SAAS,QAAQ,CAAC,QAAgB;IAChC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAAwB,EAAE,CAAC;IAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;YACtC,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,UAAU,CAAC,IAAI,CAAC;oBACd,UAAU,EAAE,CAAC,GAAG,CAAC;oBACjB,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACtC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM;oBACzB,QAAQ,EAAE,GAAG,CAAC,QAAQ;oBACtB,MAAM,EAAE,GAAG,CAAC,MAAM;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,iBAAiB,CAAC,UAA+B,EAAE,OAAwB;IAClF,8EAA8E;IAC9E,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClB,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,WAAW;gBAAE,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,uBAAuB,CAAC,IAAc;IACpD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,WAAW,GAAG,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACvE,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC9D,MAAM,cAAc,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE5E,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;CAaf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEpC,IAAI,WAAW,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,MAAM,OAAO,GAAoB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;YAChF,UAAU,GAAG,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,cAAc,CAAC,CAAC;IACvE,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QACtD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,MAAM,qCAAqC,UAAU,CAAC,IAAI,aAAa,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/finding-pattern-match.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-pattern-match — Match findings against custom patterns.
+ */
+export declare function runFindingPatternMatch(argv: string[]): void;
+//# sourceMappingURL=finding-pattern-match.d.ts.map

package/dist/commands/finding-pattern-match.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-pattern-match.d.ts","sourceRoot":"","sources":["../../src/commands/finding-pattern-match.ts"],"names":[],"mappings":"AAAA;;GAEG;AAgDH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAiI3D"}

package/dist/commands/finding-pattern-match.js

@@ -0,0 +1,166 @@
+/**
+ * Finding-pattern-match — Match findings against custom patterns.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+import { dirname, join } from "path";
+// ─── Helpers ────────────────────────────────────────────────────────────────
+function patternsFile() {
+    return join(process.cwd(), ".judges", "match-patterns.json");
+}
+function loadPatterns() {
+    const f = patternsFile();
+    if (!existsSync(f))
+        return [];
+    try {
+        return JSON.parse(readFileSync(f, "utf-8"));
+    }
+    catch {
+        return [];
+    }
+}
+function savePatterns(patterns) {
+    const f = patternsFile();
+    const d = dirname(f);
+    if (!existsSync(d))
+        mkdirSync(d, { recursive: true });
+    writeFileSync(f, JSON.stringify(patterns, null, 2));
+}
+function matchFinding(finding, pattern) {
+    if (pattern.rulePattern && !finding.ruleId.includes(pattern.rulePattern))
+        return false;
+    if (pattern.titlePattern && !finding.title.toLowerCase().includes(pattern.titlePattern.toLowerCase()))
+        return false;
+    if (pattern.severities.length > 0 && !pattern.severities.includes(finding.severity))
+        return false;
+    return true;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingPatternMatch(argv) {
+    const sub = argv[0];
+    if (!sub || sub === "--help" || sub === "-h") {
+        console.log(`
+judges finding-pattern-match — Match findings against custom patterns
+
+Usage:
+  judges finding-pattern-match apply  --file <results.json> [--format json]
+  judges finding-pattern-match add    --name <name> [--rule <pattern>] [--title <pattern>] [--severity <list>] [--action <act>]
+  judges finding-pattern-match list
+  judges finding-pattern-match remove --name <name>
+  judges finding-pattern-match clear
+
+Options:
+  --name <name>       Pattern name
+  --rule <pattern>    Substring to match in ruleId
+  --title <pattern>   Substring to match in title
+  --severity <list>   Comma-separated severities
+  --action <act>      Action: flag, suppress, escalate (default: flag)
+  --format json       JSON output
+  --help, -h          Show this help
+`);
+        return;
+    }
+    const args = argv.slice(1);
+    const patterns = loadPatterns();
+    if (sub === "apply") {
+        const file = args.find((_a, i) => args[i - 1] === "--file");
+        const format = args.find((_a, i) => args[i - 1] === "--format") || "text";
+        if (!file) {
+            console.error("Error: --file required");
+            process.exitCode = 1;
+            return;
+        }
+        if (!existsSync(file)) {
+            console.error(`Error: file not found: ${file}`);
+            process.exitCode = 1;
+            return;
+        }
+        let verdict;
+        try {
+            verdict = JSON.parse(readFileSync(file, "utf-8"));
+        }
+        catch {
+            console.error("Error: could not parse file");
+            process.exitCode = 1;
+            return;
+        }
+        const findings = verdict.findings || [];
+        const matches = findings.map((f) => {
+            const matched = patterns.filter((p) => matchFinding(f, p));
+            return { ...f, matchedPatterns: matched.map((p) => p.name), actions: matched.map((p) => p.action) };
+        });
+        const withMatches = matches.filter((m) => m.matchedPatterns.length > 0);
+        if (format === "json") {
+            console.log(JSON.stringify({ total: findings.length, matched: withMatches.length, findings: matches }, null, 2));
+            return;
+        }
+        console.log(`\nPattern Match Results:`);
+        console.log("═".repeat(65));
+        console.log(`  ${withMatches.length} of ${findings.length} findings matched ${patterns.length} patterns`);
+        console.log("─".repeat(65));
+        for (const m of withMatches.slice(0, 20)) {
+            const acts = [...new Set(m.actions)].join(", ");
+            console.log(`  ${m.ruleId.padEnd(22)} [${acts}]  patterns: ${m.matchedPatterns.join(", ")}`);
+        }
+        if (withMatches.length > 20)
+            console.log(`  ... and ${withMatches.length - 20} more`);
+        console.log("═".repeat(65));
+    }
+    else if (sub === "add") {
+        const name = args.find((_a, i) => args[i - 1] === "--name");
+        if (!name) {
+            console.error("Error: --name required");
+            process.exitCode = 1;
+            return;
+        }
+        const ruleP = args.find((_a, i) => args[i - 1] === "--rule") || "";
+        const titleP = args.find((_a, i) => args[i - 1] === "--title") || "";
+        const sevStr = args.find((_a, i) => args[i - 1] === "--severity") || "";
+        const action = args.find((_a, i) => args[i - 1] === "--action") || "flag";
+        patterns.push({
+            name,
+            rulePattern: ruleP,
+            titlePattern: titleP,
+            severities: sevStr ? sevStr.split(",") : [],
+            action,
+        });
+        savePatterns(patterns);
+        console.log(`Added pattern: ${name}`);
+    }
+    else if (sub === "list") {
+        if (patterns.length === 0) {
+            console.log("No patterns defined.");
+            return;
+        }
+        console.log(`\nMatch Patterns (${patterns.length}):`);
+        console.log("═".repeat(55));
+        for (const p of patterns) {
+            console.log(`  ${p.name.padEnd(18)} [${p.action}]  rule:${p.rulePattern || "*"} title:${p.titlePattern || "*"}`);
+        }
+        console.log("═".repeat(55));
+    }
+    else if (sub === "remove") {
+        const name = args.find((_a, i) => args[i - 1] === "--name");
+        if (!name) {
+            console.error("Error: --name required");
+            process.exitCode = 1;
+            return;
+        }
+        const filtered = patterns.filter((p) => p.name !== name);
+        if (filtered.length === patterns.length) {
+            console.error(`Pattern "${name}" not found.`);
+            process.exitCode = 1;
+            return;
+        }
+        savePatterns(filtered);
+        console.log(`Removed pattern: ${name}`);
+    }
+    else if (sub === "clear") {
+        savePatterns([]);
+        console.log("All patterns cleared.");
+    }
+    else {
+        console.error(`Unknown subcommand: ${sub}. Use --help for usage.`);
+        process.exitCode = 1;
+    }
+}
+//# sourceMappingURL=finding-pattern-match.js.map

package/dist/commands/finding-pattern-match.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-pattern-match.js","sourceRoot":"","sources":["../../src/commands/finding-pattern-match.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAYrC,+EAA+E;AAE/E,SAAS,YAAY;IACnB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,YAAY;IACnB,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;IACzB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,QAAwB;IAC5C,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;IACzB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,SAAS,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,aAAa,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,YAAY,CAAC,OAAgB,EAAE,OAAqB;IAC3D,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IACvF,IAAI,OAAO,CAAC,YAAY,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IACpH,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAClG,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,sBAAsB,CAAC,IAAc;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;CAkBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAEhC,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;QAC5E,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;QAC1F,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,EAAE,CAAC,CAAC;YAChD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,OAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC7C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACjC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3D,OAAO,EAAE,GAAG,CAAC,EAAE,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;QACtG,CAAC,CAAC,CAAC;QACH,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAExE,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACjH,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,KAAK,WAAW,CAAC,MAAM,OAAO,QAAQ,CAAC,MAAM,qBAAqB,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;QAC1G,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE5B,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,IAAI,gBAAgB,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,CAAC,GAAG,CAAC,aAAa,WAAW,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;SAAM,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;QACrF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;QACxF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,IAAI,MAAM,CAAC;QAE1F,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI;YACJ,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,MAAM;YACpB,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YAC3C,MAAM;SACP,CAAC,CAAC;QACH,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC;IACxC,CAAC;SAAM,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QAC1B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,qBAAqB,QAAQ,CAAC,MAAM,IAAI,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,MAAM,WAAW,CAAC,CAAC,WAAW,IAAI,GAAG,UAAU,CAAC,CAAC,YAAY,IAAI,GAAG,EAAE,CAAC,CAAC;QACnH,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;SAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAU,EAAE,CAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC;QAC5E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACzD,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE,CAAC;YACxC,OAAO,CAAC,KAAK,CAAC,YAAY,IAAI,cAAc,CAAC,CAAC;YAC9C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,YAAY,CAAC,QAAQ,CAAC,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QAC3B,YAAY,CAAC,EAAE,CAAC,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,uBAAuB,GAAG,yBAAyB,CAAC,CAAC;QACnE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}

package/dist/commands/finding-risk-matrix.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-risk-matrix — Generate risk matrices from findings.
+ */
+export declare function runFindingRiskMatrix(argv: string[]): void;
+//# sourceMappingURL=finding-risk-matrix.d.ts.map

package/dist/commands/finding-risk-matrix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-risk-matrix.d.ts","sourceRoot":"","sources":["../../src/commands/finding-risk-matrix.ts"],"names":[],"mappings":"AAAA;;GAEG;AAwEH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CA2EzD"}

package/dist/commands/finding-risk-matrix.js

@@ -0,0 +1,127 @@
+/**
+ * Finding-risk-matrix — Generate risk matrices from findings.
+ */
+import { readFileSync, existsSync } from "fs";
+// ─── Constants ──────────────────────────────────────────────────────────────
+const SEVERITY_LEVELS = ["critical", "high", "medium", "low", "info"];
+const CONFIDENCE_LEVELS = ["high", "medium", "low"];
+// ─── Helpers ────────────────────────────────────────────────────────────────
+function loadVerdict(filePath) {
+    if (!existsSync(filePath))
+        return null;
+    try {
+        return JSON.parse(readFileSync(filePath, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+function buildMatrix(verdict) {
+    const cells = [];
+    for (const sev of SEVERITY_LEVELS) {
+        for (const conf of CONFIDENCE_LEVELS) {
+            const matching = verdict.findings.filter((f) => {
+                const fSev = (f.severity || "medium").toLowerCase();
+                const fConf = f.confidence !== undefined && f.confidence !== null
+                    ? f.confidence >= 0.8
+                        ? "high"
+                        : f.confidence >= 0.5
+                            ? "medium"
+                            : "low"
+                    : "medium";
+                return fSev === sev && fConf === conf;
+            });
+            if (matching.length > 0) {
+                cells.push({
+                    severity: sev,
+                    confidence: conf,
+                    count: matching.length,
+                    findings: matching.map((f) => f.title),
+                });
+            }
+        }
+    }
+    return cells;
+}
+function riskScore(severity, confidence) {
+    const sevWeight = { critical: 5, high: 4, medium: 3, low: 2, info: 1 };
+    const confWeight = { high: 3, medium: 2, low: 1 };
+    const score = (sevWeight[severity] || 1) * (confWeight[confidence] || 1);
+    if (score >= 12)
+        return "CRITICAL";
+    if (score >= 8)
+        return "HIGH";
+    if (score >= 4)
+        return "MEDIUM";
+    return "LOW";
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingRiskMatrix(argv) {
+    const fileIdx = argv.indexOf("--file");
+    const formatIdx = argv.indexOf("--format");
+    const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-risk-matrix — Generate risk matrix from findings
+
+Usage:
+  judges finding-risk-matrix --file <verdict.json> [--format table|json|markdown]
+
+Options:
+  --file <path>      Path to verdict JSON file (required)
+  --format <fmt>     Output format: table (default), json, markdown
+  --help, -h         Show this help
+`);
+        return;
+    }
+    if (!filePath) {
+        console.error("Error: --file required");
+        process.exitCode = 1;
+        return;
+    }
+    const verdict = loadVerdict(filePath);
+    if (!verdict) {
+        console.error(`Error: cannot load ${filePath}`);
+        process.exitCode = 1;
+        return;
+    }
+    const cells = buildMatrix(verdict);
+    if (format === "json") {
+        console.log(JSON.stringify(cells, null, 2));
+        return;
+    }
+    if (format === "markdown") {
+        console.log("| Severity | Confidence | Count | Risk Level |");
+        console.log("|----------|------------|-------|------------|");
+        for (const c of cells) {
+            console.log(`| ${c.severity} | ${c.confidence} | ${c.count} | ${riskScore(c.severity, c.confidence)} |`);
+        }
+        return;
+    }
+    // Table format
+    console.log("\nRisk Matrix");
+    console.log("═".repeat(60));
+    console.log(`${"Severity".padEnd(12)} ${"Confidence".padEnd(12)} ${"Count".padEnd(8)} Risk Level`);
+    console.log("─".repeat(60));
+    const sorted = [...cells].sort((a, b) => {
+        const sevOrder = SEVERITY_LEVELS.indexOf(a.severity) - SEVERITY_LEVELS.indexOf(b.severity);
+        if (sevOrder !== 0)
+            return sevOrder;
+        return CONFIDENCE_LEVELS.indexOf(a.confidence) - CONFIDENCE_LEVELS.indexOf(b.confidence);
+    });
+    for (const c of sorted) {
+        const risk = riskScore(c.severity, c.confidence);
+        console.log(`${c.severity.padEnd(12)} ${c.confidence.padEnd(12)} ${String(c.count).padEnd(8)} ${risk}`);
+        for (const t of c.findings.slice(0, 3)) {
+            console.log(`  → ${t}`);
+        }
+        if (c.findings.length > 3)
+            console.log(`  … and ${c.findings.length - 3} more`);
+    }
+    console.log("─".repeat(60));
+    const total = cells.reduce((s, c) => s + c.count, 0);
+    console.log(`Total findings: ${total}`);
+    console.log("═".repeat(60));
+}
+//# sourceMappingURL=finding-risk-matrix.js.map