edsger 0.75.0 → 0.76.0

package/dist/commands/find-architecture/index.d.ts

@@ -5,9 +5,11 @@
  * and files each new finding as an issue.
  */
 export interface FindArchitectureCliOptions {
+    /** Repo-only mode: scan a single `repositories` row with no product. */
+    repoId?: string;
     full?: boolean;
     branch?: string;
     maxFiles?: number;
     verbose?: boolean;
 }
-export declare function runFindArchitecture(productId: string, options: FindArchitectureCliOptions): Promise<void>;
+export declare function runFindArchitecture(productId: string | undefined, options: FindArchitectureCliOptions): Promise<void>;

package/dist/commands/find-architecture/index.js

@@ -4,22 +4,31 @@
  * coupling, cycles, missing/duplicated abstractions, responsibility creep)
  * and files each new finding as an issue.
  */
-import { getGitHubConfigByProduct } from '../../api/github.js';
+import { getGitHubConfigByProduct, getGitHubConfigByRepository, } from '../../api/github.js';
 import { scanForArchitecture } from '../../phases/find-architecture/index.js';
 import { logError, logInfo, logSuccess } from '../../utils/logger.js';
 export async function runFindArchitecture(productId, options) {
-    const { full, branch, maxFiles, verbose } = options;
-    logInfo(`Starting architecture scan for product ${productId}`);
-    const githubConfig = await getGitHubConfigByProduct(productId, verbose);
+    const { repoId, full, branch, maxFiles, verbose } = options;
+    if (!productId && !repoId) {
+        throw new Error('Provide a productId or --repo-id for find-architecture');
+    }
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting architecture scan for ${scopeLabel}`);
+    const githubConfig = productId
+        ? await getGitHubConfigByProduct(productId, verbose)
+        : await getGitHubConfigByRepository(repoId, verbose);
     if (!githubConfig.configured ||
         !githubConfig.token ||
         !githubConfig.owner ||
         !githubConfig.repo) {
-        logError(`GitHub not configured for product ${productId}: ${githubConfig.message || 'No installation found'}`);
+        logError(`GitHub not configured for ${scopeLabel}: ${githubConfig.message || 'No installation found'}`);
         process.exit(1);
     }
     const result = await scanForArchitecture({
         productId,
+        repoId,
         githubToken: githubConfig.token,
         owner: githubConfig.owner,
         repo: githubConfig.repo,

package/dist/commands/find-bugs/index.d.ts

@@ -3,9 +3,11 @@
  * Audits the product's repository for bugs and files each new finding as an issue.
  */
 export interface FindBugsCliOptions {
+    /** Repo-only mode: scan a single `repositories` row with no product. */
+    repoId?: string;
     full?: boolean;
     branch?: string;
     maxFiles?: number;
     verbose?: boolean;
 }
-export declare function runFindBugs(productId: string, options: FindBugsCliOptions): Promise<void>;
+export declare function runFindBugs(productId: string | undefined, options: FindBugsCliOptions): Promise<void>;

package/dist/commands/find-bugs/index.js

@@ -2,22 +2,31 @@
  * CLI command: edsger find-bugs <productId>
  * Audits the product's repository for bugs and files each new finding as an issue.
  */
-import { getGitHubConfigByProduct } from '../../api/github.js';
+import { getGitHubConfigByProduct, getGitHubConfigByRepository, } from '../../api/github.js';
 import { scanForBugs } from '../../phases/find-bugs/index.js';
 import { logError, logInfo, logSuccess } from '../../utils/logger.js';
 export async function runFindBugs(productId, options) {
-    const { full, branch, maxFiles, verbose } = options;
-    logInfo(`Starting bug scan for product ${productId}`);
-    const githubConfig = await getGitHubConfigByProduct(productId, verbose);
+    const { repoId, full, branch, maxFiles, verbose } = options;
+    if (!productId && !repoId) {
+        throw new Error('Provide a productId or --repo-id for find-bugs');
+    }
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting bug scan for ${scopeLabel}`);
+    const githubConfig = productId
+        ? await getGitHubConfigByProduct(productId, verbose)
+        : await getGitHubConfigByRepository(repoId, verbose);
     if (!githubConfig.configured ||
         !githubConfig.token ||
         !githubConfig.owner ||
         !githubConfig.repo) {
-        logError(`GitHub not configured for product ${productId}: ${githubConfig.message || 'No installation found'}`);
+        logError(`GitHub not configured for ${scopeLabel}: ${githubConfig.message || 'No installation found'}`);
         process.exit(1);
     }
     const result = await scanForBugs({
         productId,
+        repoId,
         githubToken: githubConfig.token,
         owner: githubConfig.owner,
         repo: githubConfig.repo,

package/dist/commands/find-smells/index.d.ts

@@ -5,6 +5,8 @@
  */
 import { type SmellCategory } from '../../phases/find-smells/types.js';
 export interface FindSmellsCliOptions {
+    /** Repo-only mode: scan a single `repositories` row with no product. */
+    repoId?: string;
     full?: boolean;
     branch?: string;
     maxFiles?: number;
@@ -18,4 +20,4 @@ export interface FindSmellsCliOptions {
  * matches user intuition for `--categories=`.
  */
 export declare function parseCategoriesOption(raw: string): SmellCategory[] | undefined;
-export declare function runFindSmells(productId: string, options: FindSmellsCliOptions): Promise<void>;
+export declare function runFindSmells(productId: string | undefined, options: FindSmellsCliOptions): Promise<void>;

package/dist/commands/find-smells/index.js

@@ -3,7 +3,7 @@
  * Audits the product's repository for code smells (refactor candidates, perf
  * cliffs, dead code, etc.) and files each new finding as an issue.
  */
-import { getGitHubConfigByProduct } from '../../api/github.js';
+import { getGitHubConfigByProduct, getGitHubConfigByRepository, } from '../../api/github.js';
 import { scanForSmells } from '../../phases/find-smells/index.js';
 import { isSmellCategory, SMELL_CATEGORIES, } from '../../phases/find-smells/types.js';
 import { logError, logInfo, logSuccess } from '../../utils/logger.js';
@@ -31,18 +31,27 @@ export function parseCategoriesOption(raw) {
     return Array.from(new Set(tokens));
 }
 export async function runFindSmells(productId, options) {
-    const { full, branch, maxFiles, categories, verbose } = options;
-    logInfo(`Starting smell scan for product ${productId}`);
-    const githubConfig = await getGitHubConfigByProduct(productId, verbose);
+    const { repoId, full, branch, maxFiles, categories, verbose } = options;
+    if (!productId && !repoId) {
+        throw new Error('Provide a productId or --repo-id for find-smells');
+    }
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting smell scan for ${scopeLabel}`);
+    const githubConfig = productId
+        ? await getGitHubConfigByProduct(productId, verbose)
+        : await getGitHubConfigByRepository(repoId, verbose);
     if (!githubConfig.configured ||
         !githubConfig.token ||
         !githubConfig.owner ||
         !githubConfig.repo) {
-        logError(`GitHub not configured for product ${productId}: ${githubConfig.message || 'No installation found'}`);
+        logError(`GitHub not configured for ${scopeLabel}: ${githubConfig.message || 'No installation found'}`);
         process.exit(1);
     }
     const result = await scanForSmells({
         productId,
+        repoId,
         githubToken: githubConfig.token,
         owner: githubConfig.owner,
         repo: githubConfig.repo,

package/dist/index.js

@@ -802,8 +802,9 @@ program
 // Subcommand: edsger find-bugs <productId>
 // ============================================================
 program
-    .command('find-bugs <productId>')
-    .description("AI-audit a product's repository for bugs and file each new finding as an issue")
+    .command('find-bugs [productId]')
+    .description("AI-audit a product's (or a standalone repository's) repo for bugs and file each new finding as an issue")
+    .option('--repo-id <id>', 'Run in repo-only mode against a single repositories row (no product context)')
     .option('--full', 'Force a full scan even if previous-scan state exists')
     .option('--branch <name>', 'Branch to scan (defaults to repo default branch)')
     .option('--max-files <n>', 'Upper bound on files the auditor may Read (default 200)', (value) => {
@@ -1030,8 +1031,9 @@ program
 // Subcommand: edsger find-smells <productId>
 // ============================================================
 program
-    .command('find-smells <productId>')
-    .description("AI-audit a product's repository for code smells (refactor candidates, perf cliffs, dead code, type-safety gaps) and file each new finding as an issue")
+    .command('find-smells [productId]')
+    .description("AI-audit a product's (or a standalone repository's) repo for code smells (refactor candidates, perf cliffs, dead code, type-safety gaps) and file each new finding as an issue")
+    .option('--repo-id <id>', 'Run in repo-only mode against a single repositories row (no product context)')
     .option('--full', 'Force a full scan even if previous-scan state exists')
     .option('--branch <name>', 'Branch to scan (defaults to repo default branch)')
     .option('--max-files <n>', `Upper bound on files the auditor may Read (default ${FIND_SMELLS_DEFAULT_MAX_FILES})`, (value) => {
@@ -1055,8 +1057,9 @@ program
 // Subcommand: edsger find-architecture <productId>
 // ============================================================
 program
-    .command('find-architecture <productId>')
-    .description("AI-audit a product's repository for architectural concerns (layering, coupling, cycles, missing/duplicated abstractions, responsibility creep) and file each new finding as an issue")
+    .command('find-architecture [productId]')
+    .description("AI-audit a product's (or a standalone repository's) repo for architectural concerns (layering, coupling, cycles, missing/duplicated abstractions, responsibility creep) and file each new finding as an issue")
+    .option('--repo-id <id>', 'Run in repo-only mode against a single repositories row (no product context)')
     .option('--full', 'Force a full scan even if previous-scan state exists')
     .option('--branch <name>', 'Branch to scan (defaults to repo default branch)')
     .option('--max-files <n>', `Upper bound on files the auditor may Read (default ${FIND_ARCHITECTURE_DEFAULT_MAX_FILES})`, (value) => {

package/dist/phases/find-architecture/index.d.ts

@@ -9,7 +9,10 @@
  * phases share the same workspace + state pattern.
  */
 export interface FindArchitectureOptions {
-    productId: string;
+    /** Product scope. Provide this OR repoId (repo-scoped scan). */
+    productId?: string;
+    /** Repository scope: scan a bare `repositories` row with no product. */
+    repoId?: string;
     githubToken: string;
     owner: string;
     repo: string;

package/dist/phases/find-architecture/index.js

@@ -13,7 +13,7 @@ import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
 import { cleanupIssueRepo, cloneIssueRepo, ensureWorkspaceDir, syncRepoToRef, } from '../../workspace/workspace-manager.js';
 import { detectDefaultBranch, gitRevParse, isAncestor, listChangedPaths, } from '../find-shared/git.js';
-import { createIssue, fetchOpenIssues, fetchProductBasics, } from '../find-shared/mcp.js';
+import { createIssue, fetchOpenIssues, fetchOpenIssuesByRepo, fetchProductBasics, fetchRepositoryBasics, } from '../find-shared/mcp.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { createFindArchitectureSystemPrompt, createFindArchitectureUserPrompt, } from './prompts.js';
 import { acquireFindArchitectureLock, loadFindArchitectureState, updateFindArchitectureState, } from './state.js';
@@ -33,30 +33,36 @@ const MAX_TURNS = 200;
  */
 // eslint-disable-next-line complexity
 export async function scanForArchitecture(options) {
-    const { productId, githubToken, owner, repo, full, maxFiles, verbose } = options;
-    logInfo(`Starting architecture scan for product ${productId} (${owner}/${repo})`);
-    const lock = acquireFindArchitectureLock(productId);
+    const { productId, repoId, githubToken, owner, repo, full, maxFiles, verbose } = options;
+    // State/lock/workspace are keyed by an opaque scope id so product and repo
+    // scans never collide; repo keys are prefixed to namespace them clearly.
+    const scopeId = productId ?? `repo-${repoId}`;
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting architecture scan for ${scopeLabel} (${owner}/${repo})`);
+    const lock = acquireFindArchitectureLock(scopeId);
     if (!lock) {
-        logWarning(`Another architecture scan is already in progress for product ${productId}; skipping.`);
+        logWarning(`Another architecture scan is already in progress for ${scopeLabel}; skipping.`);
         return {
             status: 'error',
-            message: 'Another architecture scan is already in progress for this product',
+            message: 'Another architecture scan is already in progress for this scope',
         };
     }
     let repoPath;
     let scanSucceeded = false;
     try {
-        updateFindArchitectureState(productId, {
+        updateFindArchitectureState(scopeId, {
             lastAttemptedAt: new Date().toISOString(),
         });
         const workspaceRoot = ensureWorkspaceDir();
-        const repoKey = `${WORKSPACE_KEY}-${productId}`;
+        const repoKey = `${WORKSPACE_KEY}-${scopeId}`;
         ({ repoPath } = cloneIssueRepo(workspaceRoot, repoKey, owner, repo, githubToken));
         const branch = options.branch ?? detectDefaultBranch(repoPath);
         logInfo(`Syncing ${owner}/${repo} to branch ${branch}`);
         syncRepoToRef(repoPath, { branch }, githubToken);
         const headSha = gitRevParse(repoPath, 'HEAD');
-        const state = loadFindArchitectureState(productId);
+        const state = loadFindArchitectureState(scopeId);
         const baseSha = full ? undefined : state.lastScannedCommitSha;
         let scope = 'full';
         let changedPaths;
@@ -68,7 +74,7 @@ export async function scanForArchitecture(options) {
                 logInfo(`Incremental scan: ${changedPaths.length} files changed since ${baseSha.slice(0, 8)}`);
                 if (changedPaths.length === 0) {
                     logSuccess('No code changes since last scan; nothing to do.');
-                    updateFindArchitectureState(productId, {
+                    updateFindArchitectureState(scopeId, {
                         lastScannedCommitSha: headSha,
                         lastScannedAt: new Date().toISOString(),
                         lastError: undefined,
@@ -89,7 +95,7 @@ export async function scanForArchitecture(options) {
         }
         else if (baseSha === headSha) {
             logSuccess('HEAD unchanged since last scan; nothing to do.');
-            updateFindArchitectureState(productId, {
+            updateFindArchitectureState(scopeId, {
                 lastScannedAt: new Date().toISOString(),
                 lastError: undefined,
             });
@@ -102,8 +108,12 @@ export async function scanForArchitecture(options) {
                 issuesCreated: 0,
             };
         }
-        const product = await fetchProductBasics(productId);
-        const existingIssues = await fetchOpenIssues(productId);
+        const product = productId
+            ? await fetchProductBasics(productId)
+            : await fetchRepositoryBasics(repoId);
+        const existingIssues = productId
+            ? await fetchOpenIssues(productId)
+            : await fetchOpenIssuesByRepo(repoId);
         logInfo(`Loaded ${existingIssues.length} existing issues for dedup context`);
         const systemPrompt = createFindArchitectureSystemPrompt();
         const userPrompt = createFindArchitectureUserPrompt({
@@ -157,7 +167,7 @@ export async function scanForArchitecture(options) {
         }
         if (!scanResult) {
             const msg = 'Audit failed: could not parse a scan_result from the agent';
-            updateFindArchitectureState(productId, { lastError: msg });
+            updateFindArchitectureState(scopeId, { lastError: msg });
             return {
                 status: 'error',
                 message: msg,
@@ -168,18 +178,20 @@ export async function scanForArchitecture(options) {
         const deferredBugs = scanResult.deferred_to_bugs ?? [];
         const deferredFeatures = scanResult.deferred_to_features ?? [];
         const deferredSmells = scanResult.deferred_to_smells ?? [];
-        logDeferred(deferredBugs, 'find-bugs', productId);
-        logDeferred(deferredFeatures, 'find-features', productId);
-        logDeferred(deferredSmells, 'find-smells', productId);
+        // CLI suggestion argument: a productId positional, or the --repo-id flag.
+        const scopeArg = productId ?? `--repo-id ${repoId}`;
+        logDeferred(deferredBugs, 'find-bugs', scopeArg);
+        logDeferred(deferredFeatures, 'find-features', scopeArg);
+        logDeferred(deferredSmells, 'find-smells', scopeArg);
         let created = 0;
         for (const finding of findings) {
-            const issueId = await createIssueForFinding(productId, finding);
+            const issueId = await createIssueForFinding({ productId, repoId }, finding);
             if (issueId) {
                 created++;
                 logSuccess(`Filed issue ${issueId}: ${finding.title}`);
             }
         }
-        updateFindArchitectureState(productId, {
+        updateFindArchitectureState(scopeId, {
             lastScannedCommitSha: headSha,
             lastScannedAt: new Date().toISOString(),
             lastError: undefined,
@@ -200,7 +212,7 @@ export async function scanForArchitecture(options) {
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
         logError(`Architecture scan failed: ${errorMessage}`);
-        updateFindArchitectureState(productId, { lastError: errorMessage });
+        updateFindArchitectureState(scopeId, { lastError: errorMessage });
         return {
             status: 'error',
             message: `Architecture scan failed: ${errorMessage}`,
@@ -213,19 +225,20 @@ export async function scanForArchitecture(options) {
         lock.release();
     }
 }
-function logDeferred(deferred, siblingPhase, productId) {
+function logDeferred(deferred, siblingPhase, scopeArg) {
     if (deferred.length === 0) {
         return;
     }
-    logInfo(`${deferred.length} finding(s) deferred to ${siblingPhase} — run \`edsger ${siblingPhase} ${productId}\` to pick them up:`);
+    logInfo(`${deferred.length} finding(s) deferred to ${siblingPhase} — run \`edsger ${siblingPhase} ${scopeArg}\` to pick them up:`);
     for (const d of deferred) {
         const loc = d.file ? ` (${d.file}${d.line ? `:${d.line}` : ''})` : '';
         logInfo(`  • ${d.title}${loc} — ${d.reason}`);
     }
 }
-async function createIssueForFinding(productId, finding) {
+async function createIssueForFinding(scope, finding) {
     return createIssue({
-        productId,
+        productId: scope.productId,
+        repoId: scope.repoId,
         title: finding.title,
         description: formatIssueDescription(finding),
     });

package/dist/phases/find-bugs/index.d.ts

@@ -4,7 +4,10 @@
  * incremental, scoped to commits since the previous successful scan.
  */
 export interface FindBugsOptions {
-    productId: string;
+    /** Product scope. Provide this OR repoId (repo-scoped scan). */
+    productId?: string;
+    /** Repository scope: scan a bare `repositories` row with no product. */
+    repoId?: string;
     githubToken: string;
     owner: string;
     repo: string;

package/dist/phases/find-bugs/index.js

@@ -8,7 +8,7 @@ import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
 import { cleanupIssueRepo, cloneIssueRepo, ensureWorkspaceDir, syncRepoToRef, } from '../../workspace/workspace-manager.js';
 import { detectDefaultBranch, gitRevParse, isAncestor, listChangedPaths, } from '../find-shared/git.js';
-import { createIssue, fetchOpenIssues, fetchProductBasics, } from '../find-shared/mcp.js';
+import { createIssue, fetchOpenIssues, fetchOpenIssuesByRepo, fetchProductBasics, fetchRepositoryBasics, } from '../find-shared/mcp.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { createFindBugsSystemPrompt, createFindBugsUserPrompt, } from './prompts.js';
 import { acquireFindBugsLock, loadFindBugsState, updateFindBugsState, } from './state.js';
@@ -32,33 +32,39 @@ const MAX_TURNS = 200;
  */
 // eslint-disable-next-line complexity
 export async function scanForBugs(options) {
-    const { productId, githubToken, owner, repo, full, maxFiles, verbose } = options;
-    logInfo(`Starting bug scan for product ${productId} (${owner}/${repo})`);
-    const lock = acquireFindBugsLock(productId);
+    const { productId, repoId, githubToken, owner, repo, full, maxFiles, verbose } = options;
+    // State/lock/workspace are keyed by an opaque scope id so product and repo
+    // scans never collide; repo keys are prefixed to namespace them clearly.
+    const scopeId = productId ?? `repo-${repoId}`;
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting bug scan for ${scopeLabel} (${owner}/${repo})`);
+    const lock = acquireFindBugsLock(scopeId);
     if (!lock) {
-        logWarning(`Another bug scan is already in progress for product ${productId}; skipping.`);
+        logWarning(`Another bug scan is already in progress for ${scopeLabel}; skipping.`);
         return {
             status: 'error',
-            message: 'Another bug scan is already in progress for this product',
+            message: 'Another bug scan is already in progress for this scope',
         };
     }
     let repoPath;
     let scanSucceeded = false;
     try {
-        updateFindBugsState(productId, {
+        updateFindBugsState(scopeId, {
             lastAttemptedAt: new Date().toISOString(),
         });
         const workspaceRoot = ensureWorkspaceDir();
         // Each run re-clones into a per-product directory and removes it on
         // success. Incremental scope is recovered from the persisted state file
         // (~/.edsger/find-bugs-state/<productId>.json), not from the workspace.
-        const repoKey = `${WORKSPACE_KEY}-${productId}`;
+        const repoKey = `${WORKSPACE_KEY}-${scopeId}`;
         ({ repoPath } = cloneIssueRepo(workspaceRoot, repoKey, owner, repo, githubToken));
         const branch = options.branch ?? detectDefaultBranch(repoPath);
         logInfo(`Syncing ${owner}/${repo} to branch ${branch}`);
         syncRepoToRef(repoPath, { branch }, githubToken);
         const headSha = gitRevParse(repoPath, 'HEAD');
-        const state = loadFindBugsState(productId);
+        const state = loadFindBugsState(scopeId);
         const baseSha = full ? undefined : state.lastScannedCommitSha;
         let scope = 'full';
         let changedPaths;
@@ -70,7 +76,7 @@ export async function scanForBugs(options) {
                 logInfo(`Incremental scan: ${changedPaths.length} files changed since ${baseSha.slice(0, 8)}`);
                 if (changedPaths.length === 0) {
                     logSuccess('No code changes since last scan; nothing to do.');
-                    updateFindBugsState(productId, {
+                    updateFindBugsState(scopeId, {
                         lastScannedCommitSha: headSha,
                         lastScannedAt: new Date().toISOString(),
                         lastError: undefined,
@@ -100,8 +106,12 @@ export async function scanForBugs(options) {
                 issuesCreated: 0,
             };
         }
-        const product = await fetchProductBasics(productId);
-        const existingIssues = await fetchOpenIssues(productId);
+        const product = productId
+            ? await fetchProductBasics(productId)
+            : await fetchRepositoryBasics(repoId);
+        const existingIssues = productId
+            ? await fetchOpenIssues(productId)
+            : await fetchOpenIssuesByRepo(repoId);
         logInfo(`Loaded ${existingIssues.length} existing issues for dedup context`);
         const systemPrompt = createFindBugsSystemPrompt();
         const userPrompt = createFindBugsUserPrompt({
@@ -155,7 +165,7 @@ export async function scanForBugs(options) {
         }
         if (!scanResult) {
             const msg = 'Audit failed: could not parse a scan_result from the agent';
-            updateFindBugsState(productId, { lastError: msg });
+            updateFindBugsState(scopeId, { lastError: msg });
             return {
                 status: 'error',
                 message: msg,
@@ -165,13 +175,13 @@ export async function scanForBugs(options) {
         logInfo(`Audit produced ${bugs.length} candidate bugs. ${summary}`);
         let created = 0;
         for (const bug of bugs) {
-            const issueId = await createIssueForBug(productId, bug);
+            const issueId = await createIssueForBug({ productId, repoId }, bug);
             if (issueId) {
                 created++;
                 logSuccess(`Filed issue ${issueId}: ${bug.title}`);
             }
         }
-        updateFindBugsState(productId, {
+        updateFindBugsState(scopeId, {
             lastScannedCommitSha: headSha,
             lastScannedAt: new Date().toISOString(),
             lastError: undefined,
@@ -189,7 +199,7 @@ export async function scanForBugs(options) {
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
         logError(`Bug scan failed: ${errorMessage}`);
-        updateFindBugsState(productId, { lastError: errorMessage });
+        updateFindBugsState(scopeId, { lastError: errorMessage });
         return {
             status: 'error',
             message: `Bug scan failed: ${errorMessage}`,
@@ -202,9 +212,10 @@ export async function scanForBugs(options) {
         lock.release();
     }
 }
-async function createIssueForBug(productId, bug) {
+async function createIssueForBug(scope, bug) {
     return createIssue({
-        productId,
+        productId: scope.productId,
+        repoId: scope.repoId,
         title: bug.title,
         description: formatIssueDescription(bug),
     });

package/dist/phases/find-shared/mcp.d.ts

@@ -12,22 +12,37 @@ export interface ProductBasics {
     description?: string;
 }
 export declare function fetchProductBasics(productId: string): Promise<ProductBasics>;
+/**
+ * Build prompt "product basics" from a bare repository row (repo-scoped scans
+ * have no product to read). Falls back to the repo id as the display name.
+ */
+export declare function fetchRepositoryBasics(repoId: string): Promise<ProductBasics>;
 /**
  * Fetch the product's open issues for dedup context. Filters out terminal
  * statuses (shipped/archived/closed/...) since those can't conflict with new
  * findings the agent might surface.
  */
 export declare function fetchOpenIssues(productId: string): Promise<IssueInfo[]>;
+/**
+ * Same as `fetchOpenIssues` but scoped to a single repository (repo-scoped
+ * scans). Used for dedup context when filing findings against a bare repo.
+ */
+export declare function fetchOpenIssuesByRepo(repoId: string): Promise<IssueInfo[]>;
 export declare function isTerminalStatus(status: string): boolean;
 export interface CreateIssueInput {
-    productId: string;
+    /** Product scope. Provide this OR repoId (repo-scoped scans). */
+    productId?: string;
+    /** Repository scope. Provide this OR productId. */
+    repoId?: string;
     /** Issue title for `name`. */
     title: string;
     /** Already-formatted markdown body. The caller decides the layout. */
     description: string;
 }
 /**
- * File a new issue via MCP. Returns the new issue id, or null if MCP returned
- * an error / unexpected shape (already logged).
+ * File a new issue via MCP. The issue is scoped to a product OR a single
+ * repository — exactly one of `productId` / `repoId` should be set. Returns the
+ * new issue id, or null if MCP returned an error / unexpected shape (already
+ * logged).
  */
 export declare function createIssue(input: CreateIssueInput): Promise<string | null>;

package/dist/phases/find-shared/mcp.js

@@ -6,6 +6,7 @@
  * Centralising the calls means a schema change in MCP only needs touching one
  * place, and the per-phase orchestrators stay focused on their own logic.
  */
+import { getRepositoryBasics } from '../../api/github.js';
 import { callMcpEndpoint } from '../../api/mcp-client.js';
 import { getSupabase, hasSupabaseSession } from '../../supabase/client.js';
 import { logError, logWarning } from '../../utils/logger.js';
@@ -25,6 +26,17 @@ export async function fetchProductBasics(productId) {
         return { name: productId };
     }
 }
+/**
+ * Build prompt "product basics" from a bare repository row (repo-scoped scans
+ * have no product to read). Falls back to the repo id as the display name.
+ */
+export async function fetchRepositoryBasics(repoId) {
+    const basics = await getRepositoryBasics(repoId).catch(() => null);
+    return {
+        name: basics?.fullName || repoId,
+        description: basics?.description ?? undefined,
+    };
+}
 /**
  * Fetch the product's open issues for dedup context. Filters out terminal
  * statuses (shipped/archived/closed/...) since those can't conflict with new
@@ -43,6 +55,23 @@ export async function fetchOpenIssues(productId) {
         return [];
     }
 }
+/**
+ * Same as `fetchOpenIssues` but scoped to a single repository (repo-scoped
+ * scans). Used for dedup context when filing findings against a bare repo.
+ */
+export async function fetchOpenIssuesByRepo(repoId) {
+    try {
+        const result = (await callMcpEndpoint('issues/list', {
+            repository_id: repoId,
+        }));
+        const all = result.issues || [];
+        return all.filter((i) => !isTerminalStatus(i.status));
+    }
+    catch (error) {
+        logWarning(`Could not load existing issues for dedup: ${error instanceof Error ? error.message : String(error)}`);
+        return [];
+    }
+}
 export function isTerminalStatus(status) {
     return (status === 'shipped' ||
         status === 'archived' ||
@@ -51,17 +80,22 @@ export function isTerminalStatus(status) {
         status === 'completed');
 }
 /**
- * File a new issue via MCP. Returns the new issue id, or null if MCP returned
- * an error / unexpected shape (already logged).
+ * File a new issue via MCP. The issue is scoped to a product OR a single
+ * repository — exactly one of `productId` / `repoId` should be set. Returns the
+ * new issue id, or null if MCP returned an error / unexpected shape (already
+ * logged).
  */
 export async function createIssue(input) {
+    const productId = input.productId ?? null;
+    const repositoryId = input.repoId ?? null;
     try {
         if (hasSupabaseSession()) {
             try {
                 const { data, error } = await getSupabase()
                     .from('issues')
                     .insert({
-                    product_id: input.productId,
+                    product_id: productId,
+                    repository_id: repositoryId,
                     name: input.title,
                     description: input.description,
                 })
@@ -77,7 +111,8 @@ export async function createIssue(input) {
             }
         }
         const result = (await callMcpEndpoint('issues/create', {
-            product_id: input.productId,
+            ...(productId ? { product_id: productId } : {}),
+            ...(repositoryId ? { repository_id: repositoryId } : {}),
             name: input.title,
             description: input.description,
         }));

package/dist/phases/find-smells/index.d.ts

@@ -9,7 +9,10 @@
  */
 import { type SmellCategory } from './types.js';
 export interface FindSmellsOptions {
-    productId: string;
+    /** Product scope. Provide this OR repoId (repo-scoped scan). */
+    productId?: string;
+    /** Repository scope: scan a bare `repositories` row with no product. */
+    repoId?: string;
     githubToken: string;
     owner: string;
     repo: string;

package/dist/phases/find-smells/index.js

@@ -12,7 +12,7 @@ import { DEFAULT_MODEL } from '../../constants.js';
 import { logError, logInfo, logSuccess, logWarning, } from '../../utils/logger.js';
 import { cleanupIssueRepo, cloneIssueRepo, ensureWorkspaceDir, syncRepoToRef, } from '../../workspace/workspace-manager.js';
 import { detectDefaultBranch, gitRevParse, isAncestor, listChangedPaths, } from '../find-shared/git.js';
-import { createIssue, fetchOpenIssues, fetchProductBasics, } from '../find-shared/mcp.js';
+import { createIssue, fetchOpenIssues, fetchOpenIssuesByRepo, fetchProductBasics, fetchRepositoryBasics, } from '../find-shared/mcp.js';
 import { createPromptGenerator, extractTextFromContent, tryExtractResult, } from '../pr-shared/agent-utils.js';
 import { createFindSmellsSystemPrompt, createFindSmellsUserPrompt, } from './prompts.js';
 import { acquireFindSmellsLock, loadFindSmellsState, updateFindSmellsState, } from './state.js';
@@ -31,30 +31,36 @@ const MAX_TURNS = 200;
  */
 // eslint-disable-next-line complexity
 export async function scanForSmells(options) {
-    const { productId, githubToken, owner, repo, full, maxFiles, categories, verbose, } = options;
-    logInfo(`Starting smell scan for product ${productId} (${owner}/${repo})`);
-    const lock = acquireFindSmellsLock(productId);
+    const { productId, repoId, githubToken, owner, repo, full, maxFiles, categories, verbose, } = options;
+    // State/lock/workspace are keyed by an opaque scope id so product and repo
+    // scans never collide; repo keys are prefixed to namespace them clearly.
+    const scopeId = productId ?? `repo-${repoId}`;
+    const scopeLabel = productId
+        ? `product ${productId}`
+        : `repository ${repoId}`;
+    logInfo(`Starting smell scan for ${scopeLabel} (${owner}/${repo})`);
+    const lock = acquireFindSmellsLock(scopeId);
     if (!lock) {
-        logWarning(`Another smell scan is already in progress for product ${productId}; skipping.`);
+        logWarning(`Another smell scan is already in progress for ${scopeLabel}; skipping.`);
         return {
             status: 'error',
-            message: 'Another smell scan is already in progress for this product',
+            message: 'Another smell scan is already in progress for this scope',
         };
     }
     let repoPath;
     let scanSucceeded = false;
     try {
-        updateFindSmellsState(productId, {
+        updateFindSmellsState(scopeId, {
             lastAttemptedAt: new Date().toISOString(),
         });
         const workspaceRoot = ensureWorkspaceDir();
-        const repoKey = `${WORKSPACE_KEY}-${productId}`;
+        const repoKey = `${WORKSPACE_KEY}-${scopeId}`;
         ({ repoPath } = cloneIssueRepo(workspaceRoot, repoKey, owner, repo, githubToken));
         const branch = options.branch ?? detectDefaultBranch(repoPath);
         logInfo(`Syncing ${owner}/${repo} to branch ${branch}`);
         syncRepoToRef(repoPath, { branch }, githubToken);
         const headSha = gitRevParse(repoPath, 'HEAD');
-        const state = loadFindSmellsState(productId);
+        const state = loadFindSmellsState(scopeId);
         const baseSha = full ? undefined : state.lastScannedCommitSha;
         let scope = 'full';
         let changedPaths;
@@ -66,7 +72,7 @@ export async function scanForSmells(options) {
                 logInfo(`Incremental scan: ${changedPaths.length} files changed since ${baseSha.slice(0, 8)}`);
                 if (changedPaths.length === 0) {
                     logSuccess('No code changes since last scan; nothing to do.');
-                    updateFindSmellsState(productId, {
+                    updateFindSmellsState(scopeId, {
                         lastScannedCommitSha: headSha,
                         lastScannedAt: new Date().toISOString(),
                         lastError: undefined,
@@ -90,7 +96,7 @@ export async function scanForSmells(options) {
             // the sha didn't move, advance lastScannedAt + clear lastError so the
             // state file accurately reflects when we last verified the repo.
             logSuccess('HEAD unchanged since last scan; nothing to do.');
-            updateFindSmellsState(productId, {
+            updateFindSmellsState(scopeId, {
                 lastScannedAt: new Date().toISOString(),
                 lastError: undefined,
             });
@@ -103,8 +109,12 @@ export async function scanForSmells(options) {
                 issuesCreated: 0,
             };
         }
-        const product = await fetchProductBasics(productId);
-        const existingIssues = await fetchOpenIssues(productId);
+        const product = productId
+            ? await fetchProductBasics(productId)
+            : await fetchRepositoryBasics(repoId);
+        const existingIssues = productId
+            ? await fetchOpenIssues(productId)
+            : await fetchOpenIssuesByRepo(repoId);
         logInfo(`Loaded ${existingIssues.length} existing issues for dedup context`);
         const systemPrompt = createFindSmellsSystemPrompt();
         const userPrompt = createFindSmellsUserPrompt({
@@ -159,7 +169,7 @@ export async function scanForSmells(options) {
         }
         if (!scanResult) {
             const msg = 'Audit failed: could not parse a scan_result from the agent';
-            updateFindSmellsState(productId, { lastError: msg });
+            updateFindSmellsState(scopeId, { lastError: msg });
             return {
                 status: 'error',
                 message: msg,
@@ -169,15 +179,17 @@ export async function scanForSmells(options) {
         logInfo(`Audit produced ${smells.length} candidate smells. ${summary}`);
         const deferredBugs = scanResult.deferred_to_bugs ?? [];
         const deferredFeatures = scanResult.deferred_to_features ?? [];
+        // CLI suggestion argument: a productId positional, or the --repo-id flag.
+        const scopeArg = productId ?? `--repo-id ${repoId}`;
         if (deferredBugs.length > 0) {
-            logInfo(`${deferredBugs.length} finding(s) deferred to find-bugs — run \`edsger find-bugs ${productId}\` to pick them up:`);
+            logInfo(`${deferredBugs.length} finding(s) deferred to find-bugs — run \`edsger find-bugs ${scopeArg}\` to pick them up:`);
             for (const d of deferredBugs) {
                 const loc = d.file ? ` (${d.file}${d.line ? `:${d.line}` : ''})` : '';
                 logInfo(`  • ${d.title}${loc} — ${d.reason}`);
             }
         }
         if (deferredFeatures.length > 0) {
-            logInfo(`${deferredFeatures.length} finding(s) deferred to find-features — run \`edsger find-features ${productId}\` to pick them up:`);
+            logInfo(`${deferredFeatures.length} finding(s) deferred to find-features — run \`edsger find-features ${scopeArg}\` to pick them up:`);
             for (const d of deferredFeatures) {
                 const loc = d.file ? ` (${d.file}${d.line ? `:${d.line}` : ''})` : '';
                 logInfo(`  • ${d.title}${loc} — ${d.reason}`);
@@ -192,13 +204,13 @@ export async function scanForSmells(options) {
         }
         let created = 0;
         for (const smell of filteredSmells) {
-            const issueId = await createIssueForSmell(productId, smell);
+            const issueId = await createIssueForSmell({ productId, repoId }, smell);
             if (issueId) {
                 created++;
                 logSuccess(`Filed issue ${issueId}: ${smell.title}`);
             }
         }
-        updateFindSmellsState(productId, {
+        updateFindSmellsState(scopeId, {
             lastScannedCommitSha: headSha,
             lastScannedAt: new Date().toISOString(),
             lastError: undefined,
@@ -219,7 +231,7 @@ export async function scanForSmells(options) {
     catch (error) {
         const errorMessage = error instanceof Error ? error.message : String(error);
         logError(`Smell scan failed: ${errorMessage}`);
-        updateFindSmellsState(productId, { lastError: errorMessage });
+        updateFindSmellsState(scopeId, { lastError: errorMessage });
         return {
             status: 'error',
             message: `Smell scan failed: ${errorMessage}`,
@@ -232,9 +244,10 @@ export async function scanForSmells(options) {
         lock.release();
     }
 }
-async function createIssueForSmell(productId, smell) {
+async function createIssueForSmell(scope, smell) {
     return createIssue({
-        productId,
+        productId: scope.productId,
+        repoId: scope.repoId,
         title: smell.title,
         description: formatIssueDescription(smell),
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edsger",
-  "version": "0.75.0",
+  "version": "0.76.0",
   "type": "module",
   "bin": {
     "edsger": "dist/index.js"