@kevinrabun/judges 3.84.0 → 3.85.0

package/dist/commands/finding-cve-lookup.js

@@ -0,0 +1,98 @@
+/**
+ * Finding-cve-lookup — Look up CVE references in findings.
+ */
+import { readFileSync, existsSync } from "fs";
+// ─── Helpers ────────────────────────────────────────────────────────────────
+const CVE_PATTERN = /CVE-\d{4}-\d{4,}/gi;
+function extractCves(verdict) {
+    const refs = [];
+    for (const f of verdict.findings) {
+        const sources = [
+            { text: f.title, source: "title" },
+            { text: f.description || "", source: "description" },
+            { text: f.recommendation || "", source: "recommendation" },
+            { text: f.ruleId || "", source: "ruleId" },
+            { text: f.reference || "", source: "reference" },
+        ];
+        for (const { text, source } of sources) {
+            const matches = text.match(CVE_PATTERN);
+            if (matches) {
+                for (const cveId of matches) {
+                    // avoid duplicates per finding
+                    if (!refs.some((r) => r.cveId === cveId.toUpperCase() && r.ruleId === f.ruleId)) {
+                        refs.push({
+                            cveId: cveId.toUpperCase(),
+                            ruleId: f.ruleId,
+                            title: f.title,
+                            severity: (f.severity || "medium").toLowerCase(),
+                            source,
+                            context: text.length > 80 ? text.slice(0, 80) + "…" : text,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    return refs.sort((a, b) => a.cveId.localeCompare(b.cveId));
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingCveLookup(argv) {
+    const fileIdx = argv.indexOf("--file");
+    const formatIdx = argv.indexOf("--format");
+    const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-cve-lookup — Extract CVE references from findings
+
+Usage:
+  judges finding-cve-lookup --file <verdict.json> [--format table|json]
+
+Options:
+  --file <path>      Path to verdict JSON file (required)
+  --format <fmt>     Output format: table (default), json
+  --help, -h         Show this help
+`);
+        return;
+    }
+    if (!filePath) {
+        console.error("Error: --file required");
+        process.exitCode = 1;
+        return;
+    }
+    if (!existsSync(filePath)) {
+        console.error(`Error: not found: ${filePath}`);
+        process.exitCode = 1;
+        return;
+    }
+    let verdict;
+    try {
+        verdict = JSON.parse(readFileSync(filePath, "utf-8"));
+    }
+    catch {
+        console.error("Error: invalid JSON");
+        process.exitCode = 1;
+        return;
+    }
+    const refs = extractCves(verdict);
+    if (refs.length === 0) {
+        console.log("No CVE references found in findings.");
+        return;
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(refs, null, 2));
+        return;
+    }
+    console.log(`\nCVE References (${refs.length} found)`);
+    console.log("═".repeat(75));
+    console.log(`${"CVE ID".padEnd(20)} ${"Severity".padEnd(10)} ${"Rule".padEnd(25)} Source`);
+    console.log("─".repeat(75));
+    for (const r of refs) {
+        const rule = r.ruleId.length > 23 ? r.ruleId.slice(0, 23) + "…" : r.ruleId;
+        console.log(`${r.cveId.padEnd(20)} ${r.severity.padEnd(10)} ${rule.padEnd(25)} ${r.source}`);
+    }
+    console.log("═".repeat(75));
+    const unique = new Set(refs.map((r) => r.cveId));
+    console.log(`\n${unique.size} unique CVE(s) across ${refs.length} reference(s)`);
+}
+//# sourceMappingURL=finding-cve-lookup.js.map

package/dist/commands/finding-cve-lookup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-cve-lookup.js","sourceRoot":"","sources":["../../src/commands/finding-cve-lookup.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAc9C,+EAA+E;AAE/E,MAAM,WAAW,GAAG,oBAAoB,CAAC;AAEzC,SAAS,WAAW,CAAC,OAAwB;IAC3C,MAAM,IAAI,GAAmB,EAAE,CAAC;IAEhC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG;YACd,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE;YAClC,EAAE,IAAI,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE;YACpD,EAAE,IAAI,EAAE,CAAC,CAAC,cAAc,IAAI,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE;YAC1D,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC1C,EAAE,IAAI,EAAE,CAAC,CAAC,SAAS,IAAI,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;SACjD,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;YACvC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACxC,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;oBAC5B,+BAA+B;oBAC/B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;wBAChF,IAAI,CAAC,IAAI,CAAC;4BACR,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;4BAC1B,MAAM,EAAE,CAAC,CAAC,MAAM;4BAChB,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,WAAW,EAAE;4BAChD,MAAM;4BACN,OAAO,EAAE,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI;yBAC3D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IAElC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACpD,OAAO;IACT,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,CAAC,MAAM,SAAS,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IAC3F,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/F,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,IAAI,yBAAyB,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC;AACnF,CAAC"}

package/dist/commands/finding-dependency-risk.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-dependency-risk — Assess risk level of project dependencies.
+ */
+export declare function runFindingDependencyRisk(argv: string[]): void;
+//# sourceMappingURL=finding-dependency-risk.d.ts.map

package/dist/commands/finding-dependency-risk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-dependency-risk.d.ts","sourceRoot":"","sources":["../../src/commands/finding-dependency-risk.ts"],"names":[],"mappings":"AAAA;;GAEG;AAmFH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAgE7D"}

package/dist/commands/finding-dependency-risk.js

@@ -0,0 +1,118 @@
+/**
+ * Finding-dependency-risk — Assess risk level of project dependencies.
+ */
+import { readFileSync, existsSync } from "fs";
+// ─── Helpers ────────────────────────────────────────────────────────────────
+const KNOWN_RISKY_PATTERNS = [
+    { pattern: /^eval-/, reason: "eval-prefixed package" },
+    { pattern: /^exec-/, reason: "exec-prefixed package" },
+    { pattern: /^shell-/, reason: "shell-prefixed package" },
+];
+function assessDep(name, version, type) {
+    const reasons = [];
+    let score = 0;
+    // version range checks
+    if (version === "*" || version === "latest") {
+        reasons.push("unpinned version (*)");
+        score += 30;
+    }
+    else if (version.startsWith(">=")) {
+        reasons.push("open-ended version range (>=)");
+        score += 20;
+    }
+    else if (version.startsWith("^") && version.includes("0.")) {
+        reasons.push("caret range on 0.x (breaking changes expected)");
+        score += 15;
+    }
+    // name pattern checks
+    for (const { pattern, reason } of KNOWN_RISKY_PATTERNS) {
+        if (pattern.test(name)) {
+            reasons.push(reason);
+            score += 25;
+        }
+    }
+    // scoped package is slightly less risky
+    if (!name.startsWith("@")) {
+        reasons.push("unscoped package");
+        score += 5;
+    }
+    // production deps carry higher baseline risk
+    if (type === "production") {
+        score += 5;
+    }
+    const riskLevel = score >= 50 ? "critical" : score >= 30 ? "high" : score >= 15 ? "medium" : "low";
+    return { name, version, type, riskScore: score, riskLevel, reasons };
+}
+function analyzeDeps(pkgPath) {
+    const raw = readFileSync(pkgPath, "utf-8");
+    const pkg = JSON.parse(raw);
+    const results = [];
+    const deps = pkg.dependencies || {};
+    for (const [name, ver] of Object.entries(deps)) {
+        results.push(assessDep(name, String(ver), "production"));
+    }
+    const devDeps = pkg.devDependencies || {};
+    for (const [name, ver] of Object.entries(devDeps)) {
+        results.push(assessDep(name, String(ver), "development"));
+    }
+    return results.sort((a, b) => b.riskScore - a.riskScore);
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingDependencyRisk(argv) {
+    const fileIdx = argv.indexOf("--file");
+    const formatIdx = argv.indexOf("--format");
+    const minIdx = argv.indexOf("--min-risk");
+    const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : "package.json";
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    const minRisk = minIdx >= 0 ? argv[minIdx + 1] : "low";
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-dependency-risk — Assess dependency risk levels
+
+Usage:
+  judges finding-dependency-risk [--file <package.json>]
+        [--min-risk low|medium|high|critical] [--format table|json]
+
+Options:
+  --file <path>      Path to package.json (default: package.json)
+  --min-risk <lvl>   Minimum risk level to show (default: low)
+  --format <fmt>     Output format: table (default), json
+  --help, -h         Show this help
+`);
+        return;
+    }
+    if (!existsSync(filePath)) {
+        console.error(`Error: not found: ${filePath}`);
+        process.exitCode = 1;
+        return;
+    }
+    let results;
+    try {
+        results = analyzeDeps(filePath);
+    }
+    catch {
+        console.error("Error: invalid package.json");
+        process.exitCode = 1;
+        return;
+    }
+    const riskOrder = { low: 0, medium: 1, high: 2, critical: 3 };
+    const minLevel = riskOrder[minRisk] || 0;
+    results = results.filter((r) => (riskOrder[r.riskLevel] || 0) >= minLevel);
+    if (format === "json") {
+        console.log(JSON.stringify(results, null, 2));
+        return;
+    }
+    console.log(`\nDependency Risk Analysis (${results.length} dependencies)`);
+    console.log("═".repeat(75));
+    console.log(`${"Package".padEnd(30)} ${"Version".padEnd(12)} ${"Type".padEnd(12)} ${"Score".padEnd(7)} Risk`);
+    console.log("─".repeat(75));
+    for (const r of results) {
+        const name = r.name.length > 28 ? r.name.slice(0, 28) + "…" : r.name;
+        console.log(`${name.padEnd(30)} ${r.version.padEnd(12)} ${r.type.padEnd(12)} ${String(r.riskScore).padEnd(7)} ${r.riskLevel}`);
+        for (const reason of r.reasons) {
+            console.log(`  └─ ${reason}`);
+        }
+    }
+    console.log("═".repeat(75));
+}
+//# sourceMappingURL=finding-dependency-risk.js.map

package/dist/commands/finding-dependency-risk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-dependency-risk.js","sourceRoot":"","sources":["../../src/commands/finding-dependency-risk.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAa9C,+EAA+E;AAE/E,MAAM,oBAAoB,GAAG;IAC3B,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACtD,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACtD,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,wBAAwB,EAAE;CACzD,CAAC;AAEF,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe,EAAE,IAAkC;IAClF,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,uBAAuB;IACvB,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACrC,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC9C,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;QAC/D,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;IAED,sBAAsB;IACtB,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,oBAAoB,EAAE,CAAC;QACvD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACrB,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjC,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,6CAA6C;IAC7C,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,KAAK,IAAI,CAAC,CAAC;IACb,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;IAEnG,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;AACvE,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,OAAO,GAAc,EAAE,CAAC;IAE9B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC;AAC3D,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,wBAAwB,CAAC,IAAc;IACrD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC;IACnE,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAC9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAEvD,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;CAYf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAkB,CAAC;IACvB,IAAI,CAAC;QACH,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC7C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAA2B,EAAE,GAAG,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACtF,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC;IAE3E,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,OAAO,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAC3E,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC9G,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACrE,OAAO,CAAC,GAAG,CACT,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,CAClH,CAAC;QACF,KAAK,MAAM,MAAM,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC/B,OAAO,CAAC,GAAG,CAAC,QAAQ,MAAM,EAAE,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/finding-security-hotspot.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-security-hotspot — Identify security-sensitive code zones.
+ */
+export declare function runFindingSecurityHotspot(argv: string[]): void;
+//# sourceMappingURL=finding-security-hotspot.d.ts.map

package/dist/commands/finding-security-hotspot.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-security-hotspot.d.ts","sourceRoot":"","sources":["../../src/commands/finding-security-hotspot.ts"],"names":[],"mappings":"AAAA;;GAEG;AA6IH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAsE9D"}

package/dist/commands/finding-security-hotspot.js

@@ -0,0 +1,176 @@
+/**
+ * Finding-security-hotspot — Identify security-sensitive code zones.
+ */
+import { readFileSync, existsSync } from "fs";
+const HOTSPOT_RULES = [
+    {
+        category: "crypto",
+        pattern: /\b(md5|sha1)\b/i,
+        severity: "high",
+        description: "Weak hash algorithm",
+        recommendation: "Use SHA-256 or stronger",
+    },
+    {
+        category: "crypto",
+        pattern: /\b(DES|RC4|ECB)\b/,
+        severity: "critical",
+        description: "Weak cipher or mode",
+        recommendation: "Use AES-GCM or ChaCha20",
+    },
+    {
+        category: "auth",
+        pattern: /password\s*=\s*["'][^"']+["']/i,
+        severity: "critical",
+        description: "Hardcoded password",
+        recommendation: "Use environment variables or secrets manager",
+    },
+    {
+        category: "auth",
+        pattern: /api[_-]?key\s*=\s*["'][^"']+["']/i,
+        severity: "critical",
+        description: "Hardcoded API key",
+        recommendation: "Use environment variables or secrets manager",
+    },
+    {
+        category: "injection",
+        pattern: /\beval\s*\(/,
+        severity: "high",
+        description: "Use of eval()",
+        recommendation: "Avoid eval; use safe parsing alternatives",
+    },
+    {
+        category: "injection",
+        pattern: /\bexec\s*\(/,
+        severity: "medium",
+        description: "Use of exec()",
+        recommendation: "Validate and sanitize inputs before exec",
+    },
+    {
+        category: "injection",
+        pattern: /innerHTML\s*=/,
+        severity: "medium",
+        description: "Direct innerHTML assignment",
+        recommendation: "Use textContent or sanitize HTML",
+    },
+    {
+        category: "data",
+        pattern: /\b(console\.log|print|puts)\b.*password/i,
+        severity: "high",
+        description: "Logging sensitive data",
+        recommendation: "Remove sensitive data from logs",
+    },
+    {
+        category: "network",
+        pattern: /http:\/\//,
+        severity: "low",
+        description: "Insecure HTTP URL",
+        recommendation: "Use HTTPS",
+    },
+    {
+        category: "network",
+        pattern: /rejectUnauthorized\s*:\s*false/,
+        severity: "high",
+        description: "TLS validation disabled",
+        recommendation: "Enable certificate validation",
+    },
+    {
+        category: "file",
+        pattern: /\.\.\//g,
+        severity: "medium",
+        description: "Path traversal pattern",
+        recommendation: "Validate and sanitize file paths",
+    },
+    {
+        category: "sql",
+        pattern: /\bSELECT\b.*\+\s*\w+/i,
+        severity: "high",
+        description: "Potential SQL injection (string concat)",
+        recommendation: "Use parameterized queries",
+    },
+];
+function scanFile(filePath) {
+    const content = readFileSync(filePath, "utf-8");
+    const lines = content.split("\n");
+    const hotspots = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const trimmed = line.trim();
+        if (trimmed.startsWith("//") || trimmed.startsWith("*") || trimmed.startsWith("#"))
+            continue;
+        for (const rule of HOTSPOT_RULES) {
+            if (rule.pattern.test(line)) {
+                hotspots.push({
+                    line: i + 1,
+                    category: rule.category,
+                    pattern: rule.pattern.source,
+                    severity: rule.severity,
+                    description: rule.description,
+                    recommendation: rule.recommendation,
+                });
+            }
+        }
+    }
+    return hotspots;
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingSecurityHotspot(argv) {
+    const formatIdx = argv.indexOf("--format");
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    if (argv.includes("--help") || argv.includes("-h")) {
+        console.log(`
+judges finding-security-hotspot — Identify security-sensitive code
+
+Usage:
+  judges finding-security-hotspot <file1> [file2 ...] [--format table|json]
+
+Options:
+  --format <fmt>     Output format: table (default), json
+  --help, -h         Show this help
+`);
+        return;
+    }
+    const files = argv.filter((a) => !a.startsWith("--") && (argv.indexOf(a) === 0 || argv[argv.indexOf(a) - 1] !== "--format"));
+    if (files.length === 0) {
+        console.error("Error: provide one or more file paths");
+        process.exitCode = 1;
+        return;
+    }
+    const allHotspots = [];
+    for (const f of files) {
+        if (!existsSync(f)) {
+            console.error(`Warning: not found: ${f}`);
+            continue;
+        }
+        try {
+            const hs = scanFile(f);
+            for (const h of hs) {
+                allHotspots.push({ ...h, file: f });
+            }
+        }
+        catch {
+            console.error(`Warning: cannot read: ${f}`);
+        }
+    }
+    if (allHotspots.length === 0) {
+        console.log("No security hotspots found.");
+        return;
+    }
+    if (format === "json") {
+        console.log(JSON.stringify(allHotspots, null, 2));
+        return;
+    }
+    console.log(`\nSecurity Hotspots (${allHotspots.length} found)`);
+    console.log("═".repeat(80));
+    console.log(`${"File".padEnd(25)} ${"Line".padEnd(7)} ${"Sev".padEnd(10)} ${"Cat".padEnd(12)} Description`);
+    console.log("─".repeat(80));
+    for (const h of allHotspots.sort((a, b) => {
+        const sevOrder = { critical: 0, high: 1, medium: 2, low: 3 };
+        return (sevOrder[a.severity] || 3) - (sevOrder[b.severity] || 3);
+    })) {
+        const name = h.file.length > 23 ? "…" + h.file.slice(-22) : h.file;
+        console.log(`${name.padEnd(25)} ${String(h.line).padEnd(7)} ${h.severity.padEnd(10)} ${h.category.padEnd(12)} ${h.description}`);
+        console.log(`${" ".repeat(25)} ${"".padEnd(7)} ${"".padEnd(10)} ${"".padEnd(12)} → ${h.recommendation}`);
+    }
+    console.log("═".repeat(80));
+}
+//# sourceMappingURL=finding-security-hotspot.js.map

package/dist/commands/finding-security-hotspot.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-security-hotspot.js","sourceRoot":"","sources":["../../src/commands/finding-security-hotspot.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAuB9C,MAAM,aAAa,GAAkB;IACnC;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,iBAAiB;QAC1B,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,qBAAqB;QAClC,cAAc,EAAE,yBAAyB;KAC1C;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,mBAAmB;QAC5B,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,qBAAqB;QAClC,cAAc,EAAE,yBAAyB;KAC1C;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,oBAAoB;QACjC,cAAc,EAAE,8CAA8C;KAC/D;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,mCAAmC;QAC5C,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mBAAmB;QAChC,cAAc,EAAE,8CAA8C;KAC/D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,eAAe;QAC5B,cAAc,EAAE,2CAA2C;KAC5D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,aAAa;QACtB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,eAAe;QAC5B,cAAc,EAAE,0CAA0C;KAC3D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,OAAO,EAAE,eAAe;QACxB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,6BAA6B;QAC1C,cAAc,EAAE,kCAAkC;KACnD;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,0CAA0C;QACnD,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,wBAAwB;QACrC,cAAc,EAAE,iCAAiC;KAClD;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,WAAW;QACpB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,mBAAmB;QAChC,cAAc,EAAE,WAAW;KAC5B;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yBAAyB;QACtC,cAAc,EAAE,+BAA+B;KAChD;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EAAE,wBAAwB;QACrC,cAAc,EAAE,kCAAkC;KACnD;IACD;QACE,QAAQ,EAAE,KAAK;QACf,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,yCAAyC;QACtD,cAAc,EAAE,2BAA2B;KAC5C;CACF,CAAC;AAEF,SAAS,QAAQ,CAAC,QAAgB;IAChC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE7F,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,CAAC,GAAG,CAAC;oBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;oBAC5B,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;oBAC7B,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,yBAAyB,CAAC,IAAc;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC;;;;;;;;;CASf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CACvB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,UAAU,CAAC,CAClG,CAAC;IAEF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QACvD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,WAAW,GAA8C,EAAE,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YACvB,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;gBACnB,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAClD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC;IAC5G,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5B,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxC,MAAM,QAAQ,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrF,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC,EAAE,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACnE,OAAO,CAAC,GAAG,CACT,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CACpH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC;IAC3G,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/dist/commands/finding-suppression-log.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-suppression-log — Log and track suppressed findings.
+ */
+export declare function runFindingSuppressionLog(argv: string[]): void;
+//# sourceMappingURL=finding-suppression-log.d.ts.map

package/dist/commands/finding-suppression-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-suppression-log.d.ts","sourceRoot":"","sources":["../../src/commands/finding-suppression-log.ts"],"names":[],"mappings":"AAAA;;GAEG;AA8CH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAoK7D"}

package/dist/commands/finding-suppression-log.js

@@ -0,0 +1,175 @@
+/**
+ * Finding-suppression-log — Log and track suppressed findings.
+ */
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
+// ─── Helpers ────────────────────────────────────────────────────────────────
+const LOG_PATH = ".judges/suppression-log.json";
+function loadLog() {
+    if (!existsSync(LOG_PATH)) {
+        return { version: 1, entries: [], lastUpdated: new Date().toISOString() };
+    }
+    try {
+        return JSON.parse(readFileSync(LOG_PATH, "utf-8"));
+    }
+    catch {
+        return { version: 1, entries: [], lastUpdated: new Date().toISOString() };
+    }
+}
+function saveLog(log) {
+    const dir = LOG_PATH.substring(0, LOG_PATH.lastIndexOf("/"));
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    log.lastUpdated = new Date().toISOString();
+    writeFileSync(LOG_PATH, JSON.stringify(log, null, 2));
+}
+// ─── CLI ────────────────────────────────────────────────────────────────────
+export function runFindingSuppressionLog(argv) {
+    const sub = argv[0];
+    if (argv.includes("--help") || argv.includes("-h") || !sub) {
+        console.log(`
+judges finding-suppression-log — Log suppressed findings
+
+Usage:
+  judges finding-suppression-log add --file <verdict.json> --rule <ruleId>
+                                  --reason <text> [--by <name>]
+  judges finding-suppression-log show [--format table|json]
+  judges finding-suppression-log clear [--rule <ruleId>]
+  judges finding-suppression-log stats
+
+Subcommands:
+  add       Suppress a finding from a verdict file
+  show      Show suppression log
+  clear     Clear suppressions (all or by rule)
+  stats     Show suppression statistics
+
+Options:
+  --file <path>      Verdict JSON file (for add)
+  --rule <ruleId>    Rule ID to suppress/clear
+  --reason <text>    Reason for suppression
+  --by <name>        Who suppressed (default: "user")
+  --format <fmt>     Output format: table (default), json
+  --help, -h         Show this help
+`);
+        return;
+    }
+    const fileIdx = argv.indexOf("--file");
+    const ruleIdx = argv.indexOf("--rule");
+    const reasonIdx = argv.indexOf("--reason");
+    const byIdx = argv.indexOf("--by");
+    const formatIdx = argv.indexOf("--format");
+    const filePath = fileIdx >= 0 ? argv[fileIdx + 1] : undefined;
+    const ruleId = ruleIdx >= 0 ? argv[ruleIdx + 1] : undefined;
+    const reason = reasonIdx >= 0 ? argv[reasonIdx + 1] : "no reason given";
+    const by = byIdx >= 0 ? argv[byIdx + 1] : "user";
+    const format = formatIdx >= 0 ? argv[formatIdx + 1] : "table";
+    if (sub === "add") {
+        if (!filePath) {
+            console.error("Error: --file required");
+            process.exitCode = 1;
+            return;
+        }
+        if (!ruleId) {
+            console.error("Error: --rule required");
+            process.exitCode = 1;
+            return;
+        }
+        if (!existsSync(filePath)) {
+            console.error(`Error: not found: ${filePath}`);
+            process.exitCode = 1;
+            return;
+        }
+        let verdict;
+        try {
+            verdict = JSON.parse(readFileSync(filePath, "utf-8"));
+        }
+        catch {
+            console.error("Error: invalid JSON");
+            process.exitCode = 1;
+            return;
+        }
+        const matching = verdict.findings.filter((f) => f.ruleId === ruleId);
+        if (matching.length === 0) {
+            console.error(`No findings with rule: ${ruleId}`);
+            process.exitCode = 1;
+            return;
+        }
+        const log = loadLog();
+        for (const f of matching) {
+            log.entries.push({
+                ruleId: f.ruleId,
+                title: f.title,
+                severity: f.severity || "medium",
+                suppressedAt: new Date().toISOString(),
+                reason,
+                suppressedBy: by,
+            });
+        }
+        saveLog(log);
+        console.log(`Suppressed ${matching.length} finding(s) for rule ${ruleId}`);
+        return;
+    }
+    if (sub === "show") {
+        const log = loadLog();
+        if (log.entries.length === 0) {
+            console.log("No suppressions logged.");
+            return;
+        }
+        if (format === "json") {
+            console.log(JSON.stringify(log, null, 2));
+            return;
+        }
+        console.log(`\nSuppression Log (${log.entries.length} entries)`);
+        console.log("═".repeat(70));
+        console.log(`${"Rule".padEnd(25)} ${"Severity".padEnd(10)} ${"By".padEnd(10)} Date`);
+        console.log("─".repeat(70));
+        for (const e of log.entries) {
+            console.log(`${e.ruleId.padEnd(25)} ${e.severity.padEnd(10)} ${e.suppressedBy.padEnd(10)} ${e.suppressedAt.slice(0, 10)}`);
+            console.log(`  Reason: ${e.reason}`);
+        }
+        console.log("═".repeat(70));
+        return;
+    }
+    if (sub === "clear") {
+        const log = loadLog();
+        if (ruleId) {
+            const before = log.entries.length;
+            log.entries = log.entries.filter((e) => e.ruleId !== ruleId);
+            saveLog(log);
+            console.log(`Cleared ${before - log.entries.length} suppression(s) for ${ruleId}`);
+        }
+        else {
+            log.entries = [];
+            saveLog(log);
+            console.log("Cleared all suppressions.");
+        }
+        return;
+    }
+    if (sub === "stats") {
+        const log = loadLog();
+        if (log.entries.length === 0) {
+            console.log("No suppressions logged.");
+            return;
+        }
+        const byRule = new Map();
+        const bySev = new Map();
+        for (const e of log.entries) {
+            byRule.set(e.ruleId, (byRule.get(e.ruleId) || 0) + 1);
+            bySev.set(e.severity, (bySev.get(e.severity) || 0) + 1);
+        }
+        console.log(`\nSuppression Stats (${log.entries.length} total)`);
+        console.log("═".repeat(40));
+        console.log("By severity:");
+        for (const [sev, count] of bySev) {
+            console.log(`  ${sev}: ${count}`);
+        }
+        console.log("\nBy rule:");
+        for (const [rule, count] of [...byRule.entries()].sort((a, b) => b[1] - a[1])) {
+            console.log(`  ${rule}: ${count}`);
+        }
+        console.log("═".repeat(40));
+        return;
+    }
+    console.error(`Error: unknown subcommand: ${sub}`);
+    process.exitCode = 1;
+}
+//# sourceMappingURL=finding-suppression-log.js.map

package/dist/commands/finding-suppression-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-suppression-log.js","sourceRoot":"","sources":["../../src/commands/finding-suppression-log.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAoBxE,+EAA+E;AAE/E,MAAM,QAAQ,GAAG,8BAA8B,CAAC;AAEhD,SAAS,OAAO;IACd,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC5E,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IAC5E,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,GAAmB;IAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,GAAG,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,+EAA+E;AAE/E,MAAM,UAAU,wBAAwB,CAAC,IAAc;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;CAuBf,CAAC,CAAC;QACC,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,MAAM,MAAM,GAAG,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5D,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC;IACxE,MAAM,EAAE,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,MAAM,MAAM,GAAG,SAAS,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IAE9D,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACxC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,qBAAqB,QAAQ,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,IAAI,OAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QACrE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;gBACf,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,QAAQ;gBAChC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACtC,MAAM;gBACN,YAAY,EAAE,EAAE;aACjB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,cAAc,QAAQ,CAAC,MAAM,wBAAwB,MAAM,EAAE,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO;QACT,CAAC;QAED,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,GAAG,CAAC,OAAO,CAAC,MAAM,WAAW,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAE5B,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CACT,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAC9G,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;YAClC,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,uBAAuB,MAAM,EAAE,CAAC,CAAC;QACrF,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,OAAO,GAAG,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACvC,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAkB,CAAC;QAExC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACtD,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,CAAC,OAAO,CAAC,MAAM,SAAS,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,KAAK,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,KAAK,KAAK,EAAE,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC"}

package/dist/commands/finding-timeline-view.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Finding-timeline-view — Show findings on a timeline.
+ */
+export declare function runFindingTimelineView(argv: string[]): void;
+//# sourceMappingURL=finding-timeline-view.d.ts.map

package/dist/commands/finding-timeline-view.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"finding-timeline-view.d.ts","sourceRoot":"","sources":["../../src/commands/finding-timeline-view.ts"],"names":[],"mappings":"AAAA;;GAEG;AAmDH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAyE3D"}