High-risk tools in Judges Panel

Optimized for reviewing AI-generated code

Run the benchmark suite and check results against quality thresholds. Returns pass/fail with metric details including F1, precision, recall, and detection rate. Use in CI pipeli...

Standard Express.js boilerplate patterns

Optimized for CI pipelines with critical-only findings

Focus on compliance, data security, sovereignty, and privacy judges.

Tuned for Django apps — emphasizes template security, ORM misuse, CSRF, admin security.

Async code without error handling (common AI omission)

Run a 3-step app-builder workflow: tribunal review, plain-language risk translation, and prioritized remediation tasks with AI-fixable P0/P1 items.

Evaluate multiple code files in a single call. Returns per-file verdicts with scores and findings, plus aggregate statistics.

Submit code to the full Judges Panel for evaluation. Handles ALL code types including application code, infrastructure-as-code (Bicep, Terraform, ARM, CloudFormation), and confi...

Submit code to a specific judge for targeted domain analysis. Handles ALL code types including application code, infrastructure-as-code (Bicep, Terraform, ARM, CloudFormation), ...

Submit code for streaming evaluation — returns per-judge results as each judge completes, with running aggregate scores. Ideal for long evaluations where you want progressive fe...

Evaluate only the changed lines in a code diff. Runs all ${JUDGES.length} judges on the full file but filters findings to only those affecting the specified changed lines. Ideal...

Run a focused evaluation using only the specified judges. Use this after an initial full evaluation to re-check specific areas — for example, re-run only

Evaluate code changes from a git diff. Parses the unified diff from a git repository, identifies changed files and lines, and runs the full tribunal on each changed file — filte...

Run policy-aware tribunal evaluation with named policy profiles (startup, regulated, healthcare, fintech, public-sector), evidence calibration from runtime metrics, specialty-pe...

Submit multiple files for project-level analysis. All ${JUDGES.length} judges evaluate each file, plus cross-file architectural analysis detects issues like code duplication, in...

Clone a public repository URL, run the full judges panel across source files, and generate a consolidated markdown report.

Evaluate code and automatically generate fix patches for all findings that have auto-fix support. Returns the evaluation verdict alongside ready-to-apply patches. Use this for a...

Evaluate code with progressive judge-by-judge reporting. Returns intermediate counts as each judge completes, useful for large files where full tribunal takes time.

Evaluate a code snippet or file for issues across all judge categories

Evaluate a code diff (PR or commit) for introduced issues

Example domains/placeholder URLs from training data

Line-by-line explanatory comments (AI teaching style)

Execute any SQL query on the database

Explain a Judges Panel finding in plain language. Provides OWASP/CWE references, risk context, and remediation guidance based on the rule ID and finding details.

Provide detailed explanation of a specific finding

Tuned for Express.js APIs — emphasizes middleware security, authentication, CORS, and rate limiting.

Tuned for Python FastAPI — focuses on input validation, async patterns, and API security.

For financial services — PCI DSS compliance, cryptography, authentication,

Evaluate code with the Judges Panel and automatically apply all available auto-fix patches. Returns the fixed code along with a summary of applied and remaining findings. Use th...

Generic variable names (data, result, response, temp, item, value)

For government and public sector — FedRAMP/NIST compliance, data sovereignty,

For healthcare applications — HIPAA compliance, data sovereignty, encryption at rest,

Tuned for Kubernetes manifests — security contexts, RBAC, resource limits, network policies.

Only critical and high severity findings. Good for early development.

Minimal configuration with only critical findings

Complex implementation file without corresponding test references

Tuned for Next.js — covers both server and client security, API routes, SSR/ISR patterns.

Gentle review for new team members

Smart defaults for first-time adoption — suppresses noisy absence-based rules,

Focus on performance issues

Focus on performance, caching, scalability, and concurrency judges.

Placeholder API keys/tokens from AI training data

Balanced review for pull requests

Tuned for Ruby on Rails — emphasizes mass assignment, CSRF, SQL injection, strong params.

Re-evaluate code with developer-provided context from a multi-turn conversation. Accepts disputed findings, accepted findings, and additional context to adjust the evaluation. T...

Tuned for React/Next.js apps — enables accessibility, XSS protection, disables backend-only judges.

Record user feedback on a finding — mark it as a true positive (tp), false positive (fp), or won

Full project-level review with cross-file analysis

Run the full benchmark suite and return a detailed dashboard with per-judge, per-category, and per-difficulty breakdowns. Includes precision, recall, F1, false positive rates, a...

Execute shell command on the server

For multi-tenant SaaS platforms — tenant isolation, rate limiting, scalability,

Generate a starter plugin template for the Judges Panel. Creates a self-contained plugin file with custom rules, optional custom judges, and lifecycle hooks.

Deep security review with all severity levels

Focus on security vulnerabilities and best practices

Spawn a new agent to handle a subtask

Strict mode with all judges enabled and low severity threshold

All judges, all severities. No findings tolerated. Best for production code reviews.

Generate fix suggestions for detected findings

Tuned for Terraform/OpenTofu IaC — focuses on infrastructure security, cloud-readiness, compliance.

TODO/FIXME placeholders common in AI-generated code

Uniform JSDoc/docstring style on every function