coverme-scanner 1.0.21 → 1.0.23

package/.claude/commands/coverme.md

@@ -11,6 +11,8 @@ $ARGUMENTS
 3. **DO NOT ASK ABOUT FILE CHANGES** - Automatically update/overwrite scan.json
 4. **DO NOT ASK TO OPEN REPORT** - Just open it automatically at the end
 5. **COMPLETE EVERYTHING IN ONE GO** - All 5 phases without interruption
+6. **RUN AGENTS IN BACKGROUND** - Use `run_in_background: true` for all Task tool calls
+7. **RUN BASH IN BACKGROUND** - Use `run_in_background: true` for long Bash commands
 
 Execute ALL phases automatically. Do NOT stop until the HTML report is open.
 
@@ -18,7 +20,9 @@ Execute ALL phases automatically. Do NOT stop until the HTML report is open.
 
 ## Phase 1: Discovery (10 parallel agents)
 
-Launch ALL 10 agents IN PARALLEL using the Task tool with subagent_type="Explore":
+Launch ALL 10 agents IN PARALLEL using the Task tool with `run_in_background: true`:
+
+**IMPORTANT**: Set `run_in_background: true` on ALL Task tool calls to run agents in parallel without blocking.
 
 ### Agent 1: Security Scanner (Core)
 ```
@@ -425,7 +429,9 @@ Output JSON: [{id: "TEST-XXX", title, severity, category: "testing", file, line,
 
 ## Phase 2: Cross-Validation (3 parallel validators)
 
-After ALL Phase 1 agents complete, launch 3 validators IN PARALLEL:
+Wait for all Phase 1 background agents to complete using `AgentOutputTool`.
+
+Then launch 3 validators IN PARALLEL with `run_in_background: true`:
 
 ### Validator A: False Positive Hunter
 ```
@@ -469,6 +475,8 @@ Output: { missedIssues: [{id, title, severity, file, line, description, recommen
 
 ## Phase 3: Build Consensus
 
+Wait for all Phase 2 background validators to complete using `AgentOutputTool`.
+
 Combine all results:
 1. Calculate confidence: (confirmations / validators) * 100
 2. Remove findings with confidence < 50%

package/dist/cli/init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAyfD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA0E9D"}
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AAIA,UAAU,WAAW;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAihBD,wBAAsB,IAAI,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CA+H9D"}

package/dist/cli/init.js

@@ -43,13 +43,25 @@ The most comprehensive AI-powered code scanner. 10 specialized agents + 3 valida
 
 $ARGUMENTS
 
-## IMPORTANT: Execute ALL phases automatically. Do NOT stop until the HTML report is open.
+## CRITICAL INSTRUCTIONS - READ FIRST!
+
+1. **DO NOT ASK ANY QUESTIONS** - Run the entire scan autonomously from start to finish
+2. **DO NOT STOP FOR CONFIRMATION** - Just keep going through all phases
+3. **DO NOT ASK ABOUT FILE CHANGES** - Automatically update/overwrite scan.json
+4. **DO NOT ASK TO OPEN REPORT** - Just open it automatically at the end
+5. **COMPLETE EVERYTHING IN ONE GO** - All 5 phases without interruption
+6. **RUN AGENTS IN BACKGROUND** - Use \`run_in_background: true\` for all Task tool calls
+7. **RUN BASH IN BACKGROUND** - Use \`run_in_background: true\` for long Bash commands
+
+Execute ALL phases automatically. Do NOT stop until the HTML report is open.
 
 ---
 
 ## Phase 1: Discovery (10 parallel agents)
 
-Launch ALL 10 agents IN PARALLEL using the Task tool with subagent_type="Explore":
+Launch ALL 10 agents IN PARALLEL using the Task tool with \`run_in_background: true\`:
+
+**IMPORTANT**: Set \`run_in_background: true\` on ALL Task tool calls to run agents in parallel without blocking.
 
 ### Agent 1: Security Scanner (Core)
 \`\`\`
@@ -456,7 +468,9 @@ Output JSON: [{id: "TEST-XXX", title, severity, category: "testing", file, line,
 
 ## Phase 2: Cross-Validation (3 parallel validators)
 
-After ALL Phase 1 agents complete, launch 3 validators IN PARALLEL:
+Wait for all Phase 1 background agents to complete using \`AgentOutputTool\`.
+
+Then launch 3 validators IN PARALLEL with \`run_in_background: true\`:
 
 ### Validator A: False Positive Hunter
 \`\`\`
@@ -500,6 +514,8 @@ Output: { missedIssues: [{id, title, severity, file, line, description, recommen
 
 ## Phase 3: Build Consensus
 
+Wait for all Phase 2 background validators to complete using \`AgentOutputTool\`.
+
 Combine all results:
 1. Calculate confidence: (confirmations / validators) * 100
 2. Remove findings with confidence < 50%
@@ -510,7 +526,9 @@ Combine all results:
 
 ## Phase 4: Generate Report
 
-Update the existing \`.coverme/scan.json\` file with the scan results. The file already exists with the correct structure - just fill in the values:
+**DO NOT ASK - JUST OVERWRITE THE FILE!**
+
+Update \`.coverme/scan.json\` with the scan results. Overwrite any existing content without asking:
 
 - **projectName**: from package.json or folder name
 - **scanDate**: today's date
@@ -519,25 +537,31 @@ Update the existing \`.coverme/scan.json\` file with the scan results. The file
 - **scanDuration**: time taken in ms
 - **agentCount**: 7
 
-Use the Edit tool to update \`.coverme/scan.json\` with the results.
+Use the Write tool to overwrite \`.coverme/scan.json\` with the results. Do not ask for confirmation.
 
 ---
 
 ## Phase 5: Generate HTML Report
 
-Generate the HTML report and open it:
+**DO NOT ASK - JUST RUN THE COMMANDS!**
+
+Generate the HTML report and open it automatically:
 \`\`\`bash
 TIMESTAMP=$(date +%Y-%m-%d_%H-%M-%S)
-npx --yes coverme-scanner@latest report .coverme/scan.json -f html -o ".coverme/report_$TIMESTAMP.html"
+npx coverme-scanner report .coverme/scan.json -f html -o ".coverme/report_$TIMESTAMP.html"
 cp .coverme/scan.json ".coverme/scan_$TIMESTAMP.json"
 open ".coverme/report_$TIMESTAMP.html"
 \`\`\`
 
+Run these commands without asking for permission.
+
 ---
 
 ## DONE
 
-Tell the user: "Scan complete! Report saved to .coverme/ and opened in browser. Found X issues across Y categories. All scan history is in .coverme/ folder."
+Tell the user: "Scan complete! Report saved to .coverme/ and opened in browser."
+
+**REMINDER: You should have completed all 5 phases without asking ANY questions or stopping for confirmation.**
 `;
 async function init(options) {
     const targetDir = options.global
@@ -587,6 +611,55 @@ async function init(options) {
         fs.writeFileSync(gitignorePath, covermeIgnore.trim() + '\n');
         console.log(`Created .gitignore with .coverme/`);
     }
+    // Create .claude/settings.local.json with permissions for coverme
+    const settingsDir = path.join(process.cwd(), '.claude');
+    if (!fs.existsSync(settingsDir)) {
+        fs.mkdirSync(settingsDir, { recursive: true });
+    }
+    const settingsPath = path.join(settingsDir, 'settings.local.json');
+    const covermePermissions = {
+        permissions: {
+            allow: [
+                "Bash(mkdir:*)",
+                "Bash(ls:*)",
+                "Bash(cat:*)",
+                "Bash(cp:*)",
+                "Bash(date:*)",
+                "Bash(npx coverme*:*)",
+                "Bash(npx coverme-scanner*:*)",
+                "Bash(open:*)",
+                "Bash(git ls-files:*)",
+                "Bash(git log:*)",
+                "Bash(grep:*)",
+                "Read(.coverme/*)",
+                "Write(.coverme/*)",
+                "Edit(.coverme/*)"
+            ]
+        }
+    };
+    // Merge with existing settings if present
+    let existingSettings = {};
+    if (fs.existsSync(settingsPath)) {
+        try {
+            existingSettings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));
+        }
+        catch (e) {
+            // Ignore parse errors, will overwrite
+        }
+    }
+    // Merge permissions
+    const mergedSettings = {
+        ...existingSettings,
+        permissions: {
+            ...existingSettings.permissions,
+            allow: [
+                ...(existingSettings.permissions?.allow || []),
+                ...covermePermissions.permissions.allow
+            ].filter((v, i, a) => a.indexOf(v) === i) // dedupe
+        }
+    };
+    fs.writeFileSync(settingsPath, JSON.stringify(mergedSettings, null, 2));
+    console.log(`Created/updated: ${settingsPath} with coverme permissions`);
     console.log(`
 ================================================================================
                            COVERME INSTALLED

package/dist/cli/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+fA,oBA0EC;AAzkBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAMzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqfrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACvD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;CAkBb,CAAC,CAAC;AACH,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuhBA,oBA+HC;AAtpBD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAMzB,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6gBrB,CAAC;AAEK,KAAK,UAAU,IAAI,CAAC,OAAoB;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM;QAC9B,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpD,OAAO,CAAC,GAAG,CAAC,oCAAoC,SAAS,EAAE,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,0BAA0B;IAC1B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACvD,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;IAEvC,wCAAwC;IACxC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,UAAU,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG;YACnB,WAAW,EAAE,EAAE;YACf,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,EAAE;YACZ,oBAAoB,EAAE,EAAE;YACxB,YAAY,EAAE,CAAC;YACf,UAAU,EAAE,CAAC;SACd,CAAC;QACF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,YAAY,YAAY,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,kDAAkD;IAClD,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,aAAa,GAAG,uCAAuC,CAAC;IAE9D,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,EAAE,CAAC,cAAc,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,CAAC;QACN,EAAE,CAAC,aAAa,CAAC,aAAa,EAAE,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,kEAAkE;IAClE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,CAAC,CAAC;IACnE,MAAM,kBAAkB,GAAG;QACzB,WAAW,EAAE;YACX,KAAK,EAAE;gBACL,eAAe;gBACf,YAAY;gBACZ,aAAa;gBACb,YAAY;gBACZ,cAAc;gBACd,sBAAsB;gBACtB,8BAA8B;gBAC9B,cAAc;gBACd,sBAAsB;gBACtB,iBAAiB;gBACjB,cAAc;gBACd,kBAAkB;gBAClB,mBAAmB;gBACnB,kBAAkB;aACnB;SACF;KACF,CAAC;IAEF,0CAA0C;IAC1C,IAAI,gBAAgB,GAAQ,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,cAAc,GAAG;QACrB,GAAG,gBAAgB;QACnB,WAAW,EAAE;YACX,GAAG,gBAAgB,CAAC,WAAW;YAC/B,KAAK,EAAE;gBACL,GAAG,CAAC,gBAAgB,CAAC,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC9C,GAAG,kBAAkB,CAAC,WAAW,CAAC,KAAK;aACxC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACpD;KACF,CAAC;IAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,2BAA2B,CAAC,CAAC;IAEzE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;CAkBb,CAAC,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coverme-scanner",
-  "version": "1.0.21",
+  "version": "1.0.23",
   "description": "AI-powered code scanner with multi-agent verification for Claude Code. One command scans everything.",
   "main": "dist/index.js",
   "bin": {

package/src/cli/init.ts

@@ -12,13 +12,25 @@ The most comprehensive AI-powered code scanner. 10 specialized agents + 3 valida
 
 $ARGUMENTS
 
-## IMPORTANT: Execute ALL phases automatically. Do NOT stop until the HTML report is open.
+## CRITICAL INSTRUCTIONS - READ FIRST!
+
+1. **DO NOT ASK ANY QUESTIONS** - Run the entire scan autonomously from start to finish
+2. **DO NOT STOP FOR CONFIRMATION** - Just keep going through all phases
+3. **DO NOT ASK ABOUT FILE CHANGES** - Automatically update/overwrite scan.json
+4. **DO NOT ASK TO OPEN REPORT** - Just open it automatically at the end
+5. **COMPLETE EVERYTHING IN ONE GO** - All 5 phases without interruption
+6. **RUN AGENTS IN BACKGROUND** - Use \`run_in_background: true\` for all Task tool calls
+7. **RUN BASH IN BACKGROUND** - Use \`run_in_background: true\` for long Bash commands
+
+Execute ALL phases automatically. Do NOT stop until the HTML report is open.
 
 ---
 
 ## Phase 1: Discovery (10 parallel agents)
 
-Launch ALL 10 agents IN PARALLEL using the Task tool with subagent_type="Explore":
+Launch ALL 10 agents IN PARALLEL using the Task tool with \`run_in_background: true\`:
+
+**IMPORTANT**: Set \`run_in_background: true\` on ALL Task tool calls to run agents in parallel without blocking.
 
 ### Agent 1: Security Scanner (Core)
 \`\`\`
@@ -425,7 +437,9 @@ Output JSON: [{id: "TEST-XXX", title, severity, category: "testing", file, line,
 
 ## Phase 2: Cross-Validation (3 parallel validators)
 
-After ALL Phase 1 agents complete, launch 3 validators IN PARALLEL:
+Wait for all Phase 1 background agents to complete using \`AgentOutputTool\`.
+
+Then launch 3 validators IN PARALLEL with \`run_in_background: true\`:
 
 ### Validator A: False Positive Hunter
 \`\`\`
@@ -469,6 +483,8 @@ Output: { missedIssues: [{id, title, severity, file, line, description, recommen
 
 ## Phase 3: Build Consensus
 
+Wait for all Phase 2 background validators to complete using \`AgentOutputTool\`.
+
 Combine all results:
 1. Calculate confidence: (confirmations / validators) * 100
 2. Remove findings with confidence < 50%
@@ -479,7 +495,9 @@ Combine all results:
 
 ## Phase 4: Generate Report
 
-Update the existing \`.coverme/scan.json\` file with the scan results. The file already exists with the correct structure - just fill in the values:
+**DO NOT ASK - JUST OVERWRITE THE FILE!**
+
+Update \`.coverme/scan.json\` with the scan results. Overwrite any existing content without asking:
 
 - **projectName**: from package.json or folder name
 - **scanDate**: today's date
@@ -488,25 +506,31 @@ Update the existing \`.coverme/scan.json\` file with the scan results. The file
 - **scanDuration**: time taken in ms
 - **agentCount**: 7
 
-Use the Edit tool to update \`.coverme/scan.json\` with the results.
+Use the Write tool to overwrite \`.coverme/scan.json\` with the results. Do not ask for confirmation.
 
 ---
 
 ## Phase 5: Generate HTML Report
 
-Generate the HTML report and open it:
+**DO NOT ASK - JUST RUN THE COMMANDS!**
+
+Generate the HTML report and open it automatically:
 \`\`\`bash
 TIMESTAMP=$(date +%Y-%m-%d_%H-%M-%S)
-npx --yes coverme-scanner@latest report .coverme/scan.json -f html -o ".coverme/report_$TIMESTAMP.html"
+npx coverme-scanner report .coverme/scan.json -f html -o ".coverme/report_$TIMESTAMP.html"
 cp .coverme/scan.json ".coverme/scan_$TIMESTAMP.json"
 open ".coverme/report_$TIMESTAMP.html"
 \`\`\`
 
+Run these commands without asking for permission.
+
 ---
 
 ## DONE
 
-Tell the user: "Scan complete! Report saved to .coverme/ and opened in browser. Found X issues across Y categories. All scan history is in .coverme/ folder."
+Tell the user: "Scan complete! Report saved to .coverme/ and opened in browser."
+
+**REMINDER: You should have completed all 5 phases without asking ANY questions or stopping for confirmation.**
 `;
 
 export async function init(options: InitOptions): Promise<void> {
@@ -564,6 +588,59 @@ export async function init(options: InitOptions): Promise<void> {
     console.log(`Created .gitignore with .coverme/`);
   }
 
+  // Create .claude/settings.local.json with permissions for coverme
+  const settingsDir = path.join(process.cwd(), '.claude');
+  if (!fs.existsSync(settingsDir)) {
+    fs.mkdirSync(settingsDir, { recursive: true });
+  }
+
+  const settingsPath = path.join(settingsDir, 'settings.local.json');
+  const covermePermissions = {
+    permissions: {
+      allow: [
+        "Bash(mkdir:*)",
+        "Bash(ls:*)",
+        "Bash(cat:*)",
+        "Bash(cp:*)",
+        "Bash(date:*)",
+        "Bash(npx coverme*:*)",
+        "Bash(npx coverme-scanner*:*)",
+        "Bash(open:*)",
+        "Bash(git ls-files:*)",
+        "Bash(git log:*)",
+        "Bash(grep:*)",
+        "Read(.coverme/*)",
+        "Write(.coverme/*)",
+        "Edit(.coverme/*)"
+      ]
+    }
+  };
+
+  // Merge with existing settings if present
+  let existingSettings: any = {};
+  if (fs.existsSync(settingsPath)) {
+    try {
+      existingSettings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));
+    } catch (e) {
+      // Ignore parse errors, will overwrite
+    }
+  }
+
+  // Merge permissions
+  const mergedSettings = {
+    ...existingSettings,
+    permissions: {
+      ...existingSettings.permissions,
+      allow: [
+        ...(existingSettings.permissions?.allow || []),
+        ...covermePermissions.permissions.allow
+      ].filter((v, i, a) => a.indexOf(v) === i) // dedupe
+    }
+  };
+
+  fs.writeFileSync(settingsPath, JSON.stringify(mergedSettings, null, 2));
+  console.log(`Created/updated: ${settingsPath} with coverme permissions`);
+
   console.log(`
 ================================================================================
                            COVERME INSTALLED