milens 0.6.5 → 0.6.7

package/.agents/skills/milens-security-review/SKILL.md

@@ -1,224 +1,224 @@
----
-name: milens-security-review
-description: Security Audit — scan for secrets, hidden unicode, dangerous patterns, data leaks, and produce a security report
----
-
-# milens-security-review — Security Audit
-
-Scan the codebase for security vulnerabilities: exposed secrets, hidden unicode (Trojan Source), dangerous code patterns, data leakage, and unexpected file changes.
-
-## Tools Required
-
-| Tool | Purpose |
-|---|---|
-| `mcp_milens_review_pr` | Initial risk assessment of changed files and symbols |
-| `mcp_milens_grep` | Pattern search for secrets, unicode, dangerous calls, data leaks |
-| `mcp_milens_review_symbol` | Deep-dive risk analysis on high-risk symbols |
-| `mcp_milens_detect_changes` | Verify only expected files changed |
-
-> **CRITICAL:** All milens MCP tool calls MUST include the `repo` parameter set to the **absolute path of the workspace root**.
-
-## Workflow
-
-### Step 1: Initial Risk Assessment
-
-Start with a PR-level overview to identify high-risk areas.
-
-```
-mcp_milens_review_pr({repo: "<workspaceRoot>"})
-```
-
-Focus on:
-- **New files** — highest risk for secrets or vulnerabilities
-- **Modified config files** — `.env`, `config.*`, settings files
-- **Auth/routing files** — middleware, guards, session handlers
-- **CRITICAL-rated symbols** — these get deep-dived in Step 6
-
-### Step 2: Secret Detection
-
-Search for hardcoded secrets and credentials.
-
-```
-mcp_milens_grep({pattern: "password|secret|api_key|token|private_key|AUTH_TOKEN", scope: "code", repo: "<workspaceRoot>"})
-```
-
-Key patterns to flag:
-- **Assignments to secrets** — `const apiKey = "sk-..."` (critical)
-- **Config values** — `password: "admin123"` (high)
-- **Variable names only** — `const apiKey = process.env.KEY` (low — already env-var'd)
-- **Test fixtures** — `const testPassword = "..."` (verify it's not a real password)
-
-### Step 3: Hidden Unicode Detection (Trojan Source)
-
-Search for invisible and bidirectional Unicode characters used in supply-chain attacks.
-
-```
-mcp_milens_grep({pattern: "[\\u200B\\u200C\\u200D\\u2060\\uFEFF\\u202A-\\u202E]", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
-```
-
-These characters can:
-- Make code look like one thing but compile as another
-- Hide backdoors in copy-pasted code
-- Exploit bidirectional text in string literals and comments
-
-**Any match is a CRITICAL finding** — flag for immediate removal.
-
-### Step 4: Dangerous Code Patterns
-
-Search for patterns that enable code injection or arbitrary execution.
-
-```
-mcp_milens_grep({pattern: "eval\\(|exec\\(|child_process|Function\\(", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
-```
-
-Severity guidance:
-- `eval()` / `exec()` with user input — **CRITICAL**
-- `child_process.exec()` with dynamic arguments — **CRITICAL**
-- `new Function()` — **HIGH** (eval equivalent)
-- `child_process.spawn()` with fixed arguments — **LOW** (safer than exec)
-
-### Step 5: Data Leak Detection
-
-Find logging statements that may expose sensitive data.
-
-```
-mcp_milens_grep({pattern: "console\\.(log|debug|info)\\(", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
-```
-
-Flag any `console.log` that logs:
-- User data (emails, names, PII)
-- Tokens, passwords, keys
-- Request bodies or headers
-- Database query results with user data
-
-### Step 6: Deep-Dive on Critical Symbols
-
-For any symbol flagged as CRITICAL in Step 1, run a deep-dive.
-
-```
-mcp_milens_review_symbol({name: "<symbolName>", repo: "<workspaceRoot>"})
-```
-
-This provides:
-- **Role** — what the symbol does (auth, routing, data access)
-- **Heat** — how frequently it changes (volatile code = higher risk)
-- **Dependents** — blast radius if compromised
-- **Test status** — whether its behavior is verified
-
-### Step 7: Verify Change Scope
-
-Confirm that only expected files were modified.
-
-```
-mcp_milens_detect_changes({repo: "<workspaceRoot>"})
-```
-
-This catches:
-- Unintended file modifications (config drift)
-- Stray files included in the commit
-- Missing or extra changes vs. expectations
-
-### Step 8: Produce Security Audit Report
-
-Consolidate into a structured report:
-
-1. **Executive Summary** — overall risk level, critical findings count
-2. **Secret Scan Results** — each match with file, line, severity, and remediation
-3. **Unicode Scan Results** — each match (any match is critical)
-4. **Dangerous Patterns** — each `eval`/`exec`/`Function` usage with justification
-5. **Data Leak Findings** — each `console.log` that logs sensitive data
-6. **Symbol Risk Deep-Dives** — per CRITICAL symbol from Step 6
-7. **Change Scope Verification** — expected vs. actual changed files
-8. **Remediation Plan** — ordered by severity, with specific fix recommendations
-9. **Verdict** — PASSED / NEEDS REMEDIATION / BLOCKED
-
-## Example Session
-
-### Input
-
-```
-"run a security audit before the release"
-```
-
-### Tool Calls
-
-**Step 1 — PR overview:**
-```
-mcp_milens_review_pr({repo: "/home/user/project"})
-```
-
-**Output:** 8 changed files, 2 CRITICAL symbols (`authHandler`, `paymentProcessor`).
-
-**Step 2 — Secret detection:**
-```
-mcp_milens_grep({pattern: "password|secret|api_key|token|private_key|AUTH_TOKEN", scope: "code", repo: "/home/user/project"})
-```
-
-**Output:**
-```
-src/config.ts:12    apiKey: "sk-prod-abc123..."     ← CRITICAL: hardcoded API key
-src/auth/login.ts:34 const password = req.body.pass   ← LOW: variable assignment
-src/__tests__/helpers.ts:8  const testToken = "test"  ← OK: test fixture
-```
-
-**Step 3 — Unicode scan:**
-```
-mcp_milens_grep({pattern: "[\\u200B\\u200C\\u200D\\u2060\\uFEFF\\u202A-\\u202E]", scope: "code", isRegex: true, repo: "/home/user/project"})
-```
-
-**Output:** 0 matches. Clean.
-
-**Step 4 — Dangerous patterns:**
-```
-mcp_milens_grep({pattern: "eval\\(|exec\\(|child_process|Function\\(", scope: "code", isRegex: true, repo: "/home/user/project"})
-```
-
-**Output:**
-```
-src/scripts/migrate.ts:22  exec(`pg_dump ${dbName}`)  ← CRITICAL: dynamic args
-```
-
-**Step 5 — Data leak:**
-```
-mcp_milens_grep({pattern: "console\\.(log|debug|info)\\(", scope: "code", isRegex: true, repo: "/home/user/project"})
-```
-
-**Output:**
-```
-src/auth/login.ts:28  console.log("User login:", email)  ← HIGH: logs PII
-```
-
-**Step 6 — Deep-dive:**
-```
-mcp_milens_review_symbol({name: "authHandler", repo: "/home/user/project"})
-```
-
-**Output:** Core auth entry point, 23 dependents, 0 tests — very high risk.
-
-**Step 7 — Verify scope:**
-```
-mcp_milens_detect_changes({repo: "/home/user/project"})
-```
-
-**Output:** 8 files changed — matches expectations.
-
-**Step 8 — Report produced** (see report format above). Verdict: **NEEDS REMEDIATION** (1 critical secret, 1 critical dangerous pattern, 1 high data leak).
-
-## Best Practices
-
-1. **Don't assume variable names are safe.** `const password = process.env.DB_PASS` is fine; `const password = "admin123"` is not. Read the value, not just the name.
-2. **Unicode scan is non-negotiable.** Trojan Source attacks are invisible to human reviewers. Even a single zero-width character match is a blocking finding.
-3. **Test fixtures get a pass — but verify.** `const testApiKey = "test-key"` is acceptable, but `const testApiKey = "sk-live-..."` is a leaked production key.
-4. **Dynamic exec/Function is almost always wrong.** If `exec()` takes user-controlled input, it's remote code execution. The only acceptable pattern is fully-hardcoded command strings.
-5. **Detect changes verifies the boundary.** If `detect_changes` shows files you didn't touch, something went wrong — config drift, lockfile churn, or accidental staging.
-
-## Quality Gate
-
-| Criteria | Pass | Fail |
-|---|---|---|
-| Secret scan | No hardcoded secrets found outside test fixtures | Any production secret in code |
-| Unicode scan | Zero matches | Any hidden unicode character found |
-| Dangerous patterns | No `eval`/`exec` with dynamic input | Any dynamic `exec()` or `Function()` call |
-| Data leak | No PII/credentials in `console.log` | Sensitive data logged to console |
-| Change scope | `detect_changes` matches expectations | Unexpected files in the diff |
-| All scans completed | All 7 steps executed | Any tool call skipped or failed |
+---
+name: milens-security-review
+description: Security Audit — scan for secrets, hidden unicode, dangerous patterns, data leaks, and produce a security report
+---
+
+# milens-security-review — Security Audit
+
+Scan the codebase for security vulnerabilities: exposed secrets, hidden unicode (Trojan Source), dangerous code patterns, data leakage, and unexpected file changes.
+
+## Tools Required
+
+| Tool | Purpose |
+|---|---|
+| `mcp_milens_review_pr` | Initial risk assessment of changed files and symbols |
+| `mcp_milens_grep` | Pattern search for secrets, unicode, dangerous calls, data leaks |
+| `mcp_milens_review_symbol` | Deep-dive risk analysis on high-risk symbols |
+| `mcp_milens_detect_changes` | Verify only expected files changed |
+
+> **CRITICAL:** All milens MCP tool calls MUST include the `repo` parameter set to the **absolute path of the workspace root**.
+
+## Workflow
+
+### Step 1: Initial Risk Assessment
+
+Start with a PR-level overview to identify high-risk areas.
+
+```
+mcp_milens_review_pr({repo: "<workspaceRoot>"})
+```
+
+Focus on:
+- **New files** — highest risk for secrets or vulnerabilities
+- **Modified config files** — `.env`, `config.*`, settings files
+- **Auth/routing files** — middleware, guards, session handlers
+- **CRITICAL-rated symbols** — these get deep-dived in Step 6
+
+### Step 2: Secret Detection
+
+Search for hardcoded secrets and credentials.
+
+```
+mcp_milens_grep({pattern: "password|secret|api_key|token|private_key|AUTH_TOKEN", scope: "code", repo: "<workspaceRoot>"})
+```
+
+Key patterns to flag:
+- **Assignments to secrets** — `const apiKey = "sk-..."` (critical)
+- **Config values** — `password: "admin123"` (high)
+- **Variable names only** — `const apiKey = process.env.KEY` (low — already env-var'd)
+- **Test fixtures** — `const testPassword = "..."` (verify it's not a real password)
+
+### Step 3: Hidden Unicode Detection (Trojan Source)
+
+Search for invisible and bidirectional Unicode characters used in supply-chain attacks.
+
+```
+mcp_milens_grep({pattern: "[\\u200B\\u200C\\u200D\\u2060\\uFEFF\\u202A-\\u202E]", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
+```
+
+These characters can:
+- Make code look like one thing but compile as another
+- Hide backdoors in copy-pasted code
+- Exploit bidirectional text in string literals and comments
+
+**Any match is a CRITICAL finding** — flag for immediate removal.
+
+### Step 4: Dangerous Code Patterns
+
+Search for patterns that enable code injection or arbitrary execution.
+
+```
+mcp_milens_grep({pattern: "eval\\(|exec\\(|child_process|Function\\(", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
+```
+
+Severity guidance:
+- `eval()` / `exec()` with user input — **CRITICAL**
+- `child_process.exec()` with dynamic arguments — **CRITICAL**
+- `new Function()` — **HIGH** (eval equivalent)
+- `child_process.spawn()` with fixed arguments — **LOW** (safer than exec)
+
+### Step 5: Data Leak Detection
+
+Find logging statements that may expose sensitive data.
+
+```
+mcp_milens_grep({pattern: "console\\.(log|debug|info)\\(", scope: "code", isRegex: true, repo: "<workspaceRoot>"})
+```
+
+Flag any `console.log` that logs:
+- User data (emails, names, PII)
+- Tokens, passwords, keys
+- Request bodies or headers
+- Database query results with user data
+
+### Step 6: Deep-Dive on Critical Symbols
+
+For any symbol flagged as CRITICAL in Step 1, run a deep-dive.
+
+```
+mcp_milens_review_symbol({name: "<symbolName>", repo: "<workspaceRoot>"})
+```
+
+This provides:
+- **Role** — what the symbol does (auth, routing, data access)
+- **Heat** — how frequently it changes (volatile code = higher risk)
+- **Dependents** — blast radius if compromised
+- **Test status** — whether its behavior is verified
+
+### Step 7: Verify Change Scope
+
+Confirm that only expected files were modified.
+
+```
+mcp_milens_detect_changes({repo: "<workspaceRoot>"})
+```
+
+This catches:
+- Unintended file modifications (config drift)
+- Stray files included in the commit
+- Missing or extra changes vs. expectations
+
+### Step 8: Produce Security Audit Report
+
+Consolidate into a structured report:
+
+1. **Executive Summary** — overall risk level, critical findings count
+2. **Secret Scan Results** — each match with file, line, severity, and remediation
+3. **Unicode Scan Results** — each match (any match is critical)
+4. **Dangerous Patterns** — each `eval`/`exec`/`Function` usage with justification
+5. **Data Leak Findings** — each `console.log` that logs sensitive data
+6. **Symbol Risk Deep-Dives** — per CRITICAL symbol from Step 6
+7. **Change Scope Verification** — expected vs. actual changed files
+8. **Remediation Plan** — ordered by severity, with specific fix recommendations
+9. **Verdict** — PASSED / NEEDS REMEDIATION / BLOCKED
+
+## Example Session
+
+### Input
+
+```
+"run a security audit before the release"
+```
+
+### Tool Calls
+
+**Step 1 — PR overview:**
+```
+mcp_milens_review_pr({repo: "/home/user/project"})
+```
+
+**Output:** 8 changed files, 2 CRITICAL symbols (`authHandler`, `paymentProcessor`).
+
+**Step 2 — Secret detection:**
+```
+mcp_milens_grep({pattern: "password|secret|api_key|token|private_key|AUTH_TOKEN", scope: "code", repo: "/home/user/project"})
+```
+
+**Output:**
+```
+src/config.ts:12    apiKey: "sk-prod-abc123..."     ← CRITICAL: hardcoded API key
+src/auth/login.ts:34 const password = req.body.pass   ← LOW: variable assignment
+src/__tests__/helpers.ts:8  const testToken = "test"  ← OK: test fixture
+```
+
+**Step 3 — Unicode scan:**
+```
+mcp_milens_grep({pattern: "[\\u200B\\u200C\\u200D\\u2060\\uFEFF\\u202A-\\u202E]", scope: "code", isRegex: true, repo: "/home/user/project"})
+```
+
+**Output:** 0 matches. Clean.
+
+**Step 4 — Dangerous patterns:**
+```
+mcp_milens_grep({pattern: "eval\\(|exec\\(|child_process|Function\\(", scope: "code", isRegex: true, repo: "/home/user/project"})
+```
+
+**Output:**
+```
+src/scripts/migrate.ts:22  exec(`pg_dump ${dbName}`)  ← CRITICAL: dynamic args
+```
+
+**Step 5 — Data leak:**
+```
+mcp_milens_grep({pattern: "console\\.(log|debug|info)\\(", scope: "code", isRegex: true, repo: "/home/user/project"})
+```
+
+**Output:**
+```
+src/auth/login.ts:28  console.log("User login:", email)  ← HIGH: logs PII
+```
+
+**Step 6 — Deep-dive:**
+```
+mcp_milens_review_symbol({name: "authHandler", repo: "/home/user/project"})
+```
+
+**Output:** Core auth entry point, 23 dependents, 0 tests — very high risk.
+
+**Step 7 — Verify scope:**
+```
+mcp_milens_detect_changes({repo: "/home/user/project"})
+```
+
+**Output:** 8 files changed — matches expectations.
+
+**Step 8 — Report produced** (see report format above). Verdict: **NEEDS REMEDIATION** (1 critical secret, 1 critical dangerous pattern, 1 high data leak).
+
+## Best Practices
+
+1. **Don't assume variable names are safe.** `const password = process.env.DB_PASS` is fine; `const password = "admin123"` is not. Read the value, not just the name.
+2. **Unicode scan is non-negotiable.** Trojan Source attacks are invisible to human reviewers. Even a single zero-width character match is a blocking finding.
+3. **Test fixtures get a pass — but verify.** `const testApiKey = "test-key"` is acceptable, but `const testApiKey = "sk-live-..."` is a leaked production key.
+4. **Dynamic exec/Function is almost always wrong.** If `exec()` takes user-controlled input, it's remote code execution. The only acceptable pattern is fully-hardcoded command strings.
+5. **Detect changes verifies the boundary.** If `detect_changes` shows files you didn't touch, something went wrong — config drift, lockfile churn, or accidental staging.
+
+## Quality Gate
+
+| Criteria | Pass | Fail |
+|---|---|---|
+| Secret scan | No hardcoded secrets found outside test fixtures | Any production secret in code |
+| Unicode scan | Zero matches | Any hidden unicode character found |
+| Dangerous patterns | No `eval`/`exec` with dynamic input | Any dynamic `exec()` or `Function()` call |
+| Data leak | No PII/credentials in `console.log` | Sensitive data logged to console |
+| Change scope | `detect_changes` matches expectations | Unexpected files in the diff |
+| All scans completed | All 7 steps executed | Any tool call skipped or failed |

package/.agents/skills/orchestrator/SKILL.md

@@ -39,20 +39,22 @@ Contains 22 symbols (7 exported) across 2 files.
 
 ## Entry Points
 - **`Orchestrator`** [class] — 6 incoming references
+- **`e`** [function] — 5 incoming references
 - **`OrchestratorReport`** [interface] — 5 incoming references
 - **`formatReport`** [function] — 4 incoming references
 - **`snapshot`** [method] — 3 incoming references
-- **`run`** [method] — 3 incoming references
 
 ## Dependencies
 - **store**: `Database`, `findSymbolByName`, `findUpstream`, `clear`, `getTestCoverageGaps`, `findDeadCode`, `close`
 - **analyzer**: `reviewPr`, `ReviewResult`, `SymbolRisk`
 - **root**: `CodeSymbol`, `has`
+- **test**: `add`
 
 ## Used By
 - **root**: `Orchestrator`, `subscribe`, `runAndFormat`
 - **server**: `Orchestrator`, `snapshot`, `compare`, `runAndFormat`
 - **test**: `Orchestrator`, `formatReport`, `OrchestratorReport`, `subscribe`, `run`, `snapshot`, `compare`, `cancel` (+3 more)
+- **apps**: `e`
 
 ## Files
 - src/orchestrator/orchestrator.ts

package/.agents/skills/parser/SKILL.md

@@ -26,27 +26,27 @@ When working with code in **parser/**, follow these mandatory safety rules:
 | See file symbols | `mcp_milens_get_file_symbols` |
 
 ## Overview
-Contains 76 symbols (26 exported) across 15 files.
+Contains 83 symbols (31 exported) across 16 files.
 
 ## Key Symbols
-- **`LangSpec`** [interface] (src/parser/extract.ts:6) — 30 refs
+- **`LangSpec`** [interface] (src/parser/extract.ts:6) — 32 refs
 - **`loadLanguage`** [function] (src/parser/loader.ts:21) — 14 refs
 - **`getParser`** [function] (src/parser/loader.ts:32) — 13 refs
-- **`extractFromTree`** [function] (src/parser/extract.ts:250) — 8 refs
+- **`extractFromTree`** [function] (src/parser/extract.ts:256) — 8 refs
 - **`supportedExtensions`** [function] (src/parser/languages.ts:29) — 6 refs
-- **`extractHtmlScripts`** [function] (src/parser/lang-html.ts:33) — 5 refs
+- **`extractHtmlScripts`** [function] (src/parser/lang-html.ts:38) — 5 refs
 - **`extractMarkdown`** [function] (src/parser/lang-md.ts:34) — 5 refs
 - **`spec`** [variable] (src/parser/lang-ts.ts:5) — 5 refs
-- **`extractVueScript`** [function] (src/parser/lang-vue.ts:18) — 5 refs
+- **`extractVueScript`** [function] (src/parser/lang-vue.ts:19) — 5 refs
 - **`initTreeSitter`** [function] (src/parser/loader.ts:15) — 5 refs
-- **`clearQueryCache`** [function] (src/parser/extract.ts:67) — 4 refs
-- **`extractHtmlRefs`** [function] (src/parser/lang-html.ts:52) — 4 refs
-- **`extractVueTemplateRefs`** [function] (src/parser/lang-vue.ts:37) — 4 refs
-- **`langForFile`** [function] (src/parser/languages.ts:24) — 4 refs
-- **`spec`** [variable] (src/parser/lang-js.ts:5) — 3 refs
+- **`clearQueryCache`** [function] (src/parser/extract.ts:72) — 4 refs
+- **`extractHtmlRefs`** [function] (src/parser/lang-html.ts:57) — 4 refs
+- **`extractHtmlLinks`** [function] (src/parser/lang-html.ts:99) — 4 refs
+- **`extractVueTemplateRefs`** [function] (src/parser/lang-vue.ts:38) — 4 refs
+- **`extractVueTemplateAst`** [function] (src/parser/lang-vue.ts:90) — 4 refs
 
 ## Entry Points
-- **`LangSpec`** [interface] — 30 incoming references
+- **`LangSpec`** [interface] — 32 incoming references
 - **`loadLanguage`** [function] — 14 incoming references
 - **`getParser`** [function] — 13 incoming references
 - **`extractFromTree`** [function] — 8 incoming references
@@ -54,14 +54,14 @@ Contains 76 symbols (26 exported) across 15 files.
 
 ## Dependencies
 - **root**: `CodeSymbol`, `RawImport`, `RawCall`, `RawHeritage`, `RawReExport`, `RawTypeBinding`, `RawAssignmentBinding`, `RawReturnType` (+4 more)
-- **test**: `lang`, `parser`
-- **analyzer**: `find`, `resolve`
+- **test**: `lang`, `add`, `parser`
+- **analyzer**: `resolve`
 - **store**: `load`
 
 ## Used By
-- **analyzer**: `langForFile`, `supportedExtensions`, `getParser`, `loadLanguage`, `extractFromTree`, `clearQueryCache`, `extractVueScript`, `extractVueTemplateRefs` (+6 more)
+- **analyzer**: `langForFile`, `supportedExtensions`, `getParser`, `loadLanguage`, `extractFromTree`, `clearQueryCache`, `extractVueScript`, `extractVueTemplateRefs` (+9 more)
 - **server**: `getParser`, `loadLanguage`, `ALL_LANGS`
-- **test**: `getParser`, `loadLanguage`, `extractFromTree`, `extractVueScript`, `extractVueTemplateRefs`, `spec`, `extractHtmlScripts`, `extractHtmlRefs` (+7 more)
+- **test**: `getParser`, `loadLanguage`, `extractFromTree`, `extractVueScript`, `extractVueTemplateRefs`, `extractVueCompositionApi`, `extractVueTemplateAst`, `spec` (+11 more)
 
 ## Files
 - src/parser/extract.ts
@@ -77,5 +77,6 @@ Contains 76 symbols (26 exported) across 15 files.
 - src/parser/lang-rust.ts
 - src/parser/lang-ts.ts
 - src/parser/lang-vue.ts
+- src/parser/language-provider.ts
 - src/parser/languages.ts
 - src/parser/loader.ts

package/.agents/skills/root/SKILL.md

@@ -26,47 +26,47 @@ When working with code in **root/**, follow these mandatory safety rules:
 | See file symbols | `mcp_milens_get_file_symbols` |
 
 ## Overview
-Contains 198 symbols (147 exported) across 13 files.
+Contains 229 symbols (153 exported) across 13 files.
 
 ## Key Symbols
-- **`CodeSymbol`** [interface] (src/types.ts:8) — 41 refs
-- **`SymbolLink`** [interface] (src/types.ts:26) — 21 refs
-- **`isTestFile`** [function] (src/utils.ts:2) — 11 refs
-- **`RawCall`** [interface] (src/types.ts:44) — 7 refs
-- **`RawImport`** [interface] (src/types.ts:35) — 6 refs
+- **`CodeSymbol`** [interface] (src/types.ts:8) — 53 refs
+- **`SymbolLink`** [interface] (src/types.ts:26) — 24 refs
+- **`RawCall`** [interface] (src/types.ts:44) — 15 refs
+- **`isTestFile`** [function] (src/utils.ts:2) — 12 refs
+- **`RawImport`** [interface] (src/types.ts:35) — 9 refs
+- **`RawHeritage`** [interface] (src/types.ts:52) — 7 refs
 - **`ExtractionResult`** [interface] (src/types.ts:60) — 6 refs
+- **`RawTypeBinding`** [interface] (src/types.ts:80) — 6 refs
+- **`RawAssignmentBinding`** [interface] (src/types.ts:88) — 6 refs
+- **`RawReturnType`** [interface] (src/types.ts:96) — 5 refs
+- **`RawCallResultBinding`** [interface] (src/types.ts:104) — 5 refs
 - **`generateAgentsMd`** [function] (src/agents-md.ts:43) — 4 refs
 - **`computeMetrics`** [function] (src/metrics.ts:21) — 4 refs
 - **`formatMetricsReport`** [function] (src/metrics.ts:62) — 4 refs
 - **`MilensMetrics`** [interface] (src/metrics.ts:4) — 4 refs
-- **`generateSkills`** [function] (src/skills.ts:19) — 4 refs
-- **`RawHeritage`** [interface] (src/types.ts:52) — 4 refs
-- **`RawTypeBinding`** [interface] (src/types.ts:80) — 4 refs
-- **`RawAssignmentBinding`** [interface] (src/types.ts:88) — 4 refs
-- **`RawReturnType`** [interface] (src/types.ts:96) — 4 refs
 
 ## Entry Points
-- **`CodeSymbol`** [interface] — 41 incoming references
-- **`has`** [function] — 29 incoming references
-- **`SymbolLink`** [interface] — 21 incoming references
-- **`isTestFile`** [function] — 11 incoming references
-- **`RawCall`** [interface] — 7 incoming references
+- **`CodeSymbol`** [interface] — 53 incoming references
+- **`has`** [function] — 47 incoming references
+- **`SymbolLink`** [interface] — 24 incoming references
+- **`RawCall`** [interface] — 15 incoming references
+- **`isTestFile`** [function] — 12 incoming references
 
 ## Dependencies
-- **store**: `Database`, `RepoRegistry`, `AnnotationStore`, `runDecayPass`, `getIncomingLinks`, `getAllSymbols`, `getCodebaseSummary`, `register` (+25 more)
+- **store**: `Database`, `RepoRegistry`, `AnnotationStore`, `runDecayPass`, `getIncomingLinks`, `getAllSymbols`, `getCodebaseSummary`, `register` (+24 more)
 - **analyzer**: `loadAliases`, `analyze`, `resolve`, `clear`
 - **server**: `startHttp`, `startStdio`, `HookManager`, `get`, `enableHook`, `loadConfig`, `saveConfig`, `disableHook`
 - **security**: `loadRules`, `auditDependencies`
 - **orchestrator**: `Orchestrator`, `subscribe`, `runAndFormat`
+- **test**: `add`, `dbPath`
 - **scripts**: `outDir`
-- **test**: `dbPath`
 
 ## Used By
 - **analyzer**: `isTestFile`, `CodeSymbol`, `ExtractionResult`, `RawImport`, `RawCall`, `RawHeritage`, `RawReExport`, `RawTypeBinding` (+8 more)
 - **orchestrator**: `CodeSymbol`, `has`
 - **parser**: `CodeSymbol`, `RawImport`, `RawCall`, `RawHeritage`, `RawReExport`, `RawTypeBinding`, `RawAssignmentBinding`, `RawReturnType` (+4 more)
 - **store**: `Annotation`, `AnnotationKey`, `Session`, `EvolutionEvent`, `CodeSymbol`, `SymbolLink`, `RepoEntry`, `has` (+1 more)
-- **test**: `generateAgentsMd`, `AnnotationKey`, `CodeSymbol`, `SymbolLink`, `computeMetrics`, `formatMetricsReport`, `MilensMetrics`, `RawImport` (+9 more)
+- **test**: `generateAgentsMd`, `AnnotationKey`, `CodeSymbol`, `SymbolLink`, `computeMetrics`, `formatMetricsReport`, `MilensMetrics`, `RawImport` (+17 more)
 - **security**: `has`
 - **server**: `has`
 
@@ -76,11 +76,11 @@ Contains 198 symbols (147 exported) across 13 files.
 - CONTRIBUTING.md
 - DEPLOY.md
 - README.md
-- milens-generate-skills-issue.md
 - src/agents-md.ts
 - src/cli.ts
 - src/metrics.ts
 - src/skills.ts
 - src/types.ts
+- src/uninstall.ts
 - src/utils.ts
 - vitest.config.ts

package/.agents/skills/security/SKILL.md

@@ -53,6 +53,7 @@ Contains 35 symbols (15 exported) across 2 files.
 - **`parseDependencies`** [function] — 3 incoming references
 
 ## Dependencies
+- **test**: `add`
 - **root**: `has`
 
 ## Used By