projscan 0.12.0 → 0.14.0

package/dist/tool-manifest.json

@@ -1,9 +1,9 @@
 {
   "name": "projscan",
-  "version": "0.12.0",
+  "version": "0.14.0",
   "mcpProtocolVersion": "2025-03-26",
-  "generatedAt": "2026-04-25T20:24:06.206Z",
-  "toolCount": 16,
+  "generatedAt": "2026-04-26T14:13:37.446Z",
+  "toolCount": 19,
   "tools": [
     {
       "name": "projscan_analyze",
@@ -33,7 +33,7 @@
     },
     {
       "name": "projscan_hotspots",
-      "description": "Rank files by risk using git churn × AST cyclomatic complexity × open issues. Returns the most dangerous files to touch. Each hotspot includes `cyclomaticComplexity` (null for non-AST languages, where line count is used as fallback). Supports cursor-based pagination: pass the `nextCursor` from a previous response back as `cursor` to fetch the next page.",
+      "description": "Rank files by risk using git churn × AST cyclomatic complexity × open issues. Returns the most dangerous files to touch. Each hotspot includes `cyclomaticComplexity` (null for non-AST languages, where line count is used as fallback). Supports cursor-based pagination: pass the `nextCursor` from a previous response back as `cursor` to fetch the next page. Pass `view: \"functions\"` to flatten results into the top-N riskiest individual functions across all hotspots, ranked by per-function CC.",
       "inputSchema": {
         "type": "object",
         "properties": {
@@ -60,6 +60,14 @@
           "package": {
             "type": "string",
             "description": "Optional. Workspace package name (from projscan_workspaces) to scope hotspots to one package only."
+          },
+          "view": {
+            "type": "string",
+            "enum": [
+              "files",
+              "functions"
+            ],
+            "description": "Output shape. \"files\" (default) returns ranked hotspot files. \"functions\" returns the top-N individual functions across all hotspots, sorted by per-function CC desc."
           }
         }
       }
@@ -82,7 +90,7 @@
     },
     {
       "name": "projscan_file",
-      "description": "Drill into a single file: purpose, imports, exports, churn/risk/ownership, related health issues, AST cyclomatic complexity, and coupling (fan-in / fan-out). Use this after projscan_hotspots when deciding how to approach a specific risky file.",
+      "description": "Drill into a single file: purpose, imports, exports, churn/risk/ownership, related health issues, AST cyclomatic complexity, coupling (fan-in / fan-out), and per-function CC ranked by complexity. Use this after projscan_hotspots when deciding how to approach a specific risky file.",
       "inputSchema": {
         "type": "object",
         "properties": {
@@ -111,10 +119,15 @@
     },
     {
       "name": "projscan_dependencies",
-      "description": "Analyze package.json dependencies and return counts and risks (deprecated packages, wildcard versions, etc.).",
+      "description": "Analyze package.json dependencies and return counts and risks (deprecated packages, wildcard versions, etc.). In a monorepo, returns aggregated totals plus a `byWorkspace` breakdown; pass `package` to scope to one workspace.",
       "inputSchema": {
         "type": "object",
-        "properties": {}
+        "properties": {
+          "package": {
+            "type": "string",
+            "description": "Optional. Workspace package name to scope analysis to one workspace only."
+          }
+        }
       }
     },
     {
@@ -144,7 +157,7 @@
     },
     {
       "name": "projscan_audit",
-      "description": "Run `npm audit` and return a normalized summary of vulnerabilities (critical / high / moderate / low / info). Requires package-lock.json. Supports cursor pagination on the findings array.",
+      "description": "Run `npm audit` and return a normalized summary of vulnerabilities (critical / high / moderate / low / info). Requires package-lock.json. Supports cursor pagination on the findings array. Pass `package` in a monorepo to scope findings to direct deps of one workspace package.",
       "inputSchema": {
         "type": "object",
         "properties": {
@@ -159,6 +172,10 @@
           "max_tokens": {
             "type": "number",
             "description": "Cap response size."
+          },
+          "package": {
+            "type": "string",
+            "description": "Optional. Workspace package name to scope audit findings to one workspace only."
           }
         }
       }
@@ -307,6 +324,77 @@
         }
       }
     },
+    {
+      "name": "projscan_review",
+      "description": "One-call PR review. Combines projscan_pr_diff + per-changed-file risk score + new/expanded import cycles + risky function additions + dependency changes, plus a verdict (\"ok\" | \"review\" | \"block\") with a one-line summary. Use when an agent is asked \"is this PR safe to merge?\" Defaults: base=origin/main (falls back to main/master/HEAD~1), head=HEAD.",
+      "inputSchema": {
+        "type": "object",
+        "properties": {
+          "base": {
+            "type": "string",
+            "description": "Base ref (branch, tag, sha). Default: origin/main, falling back to main/master/HEAD~1."
+          },
+          "head": {
+            "type": "string",
+            "description": "Head ref. Default: HEAD."
+          },
+          "max_tokens": {
+            "type": "number",
+            "description": "Cap the response to roughly this many tokens."
+          },
+          "package": {
+            "type": "string",
+            "description": "Optional. Workspace package name to scope all sections of the review to a single package."
+          }
+        }
+      }
+    },
+    {
+      "name": "projscan_fix_suggest",
+      "description": "Given an issue id (from projscan_doctor / projscan_analyze) OR a file + rule pair, return a structured action prompt: headline, why it matters, where to change, one-paragraph instruction the agent can execute, optional suggested test. Rule-driven; no LLM inside projscan. Use this to close the diagnose -> fix loop.",
+      "inputSchema": {
+        "type": "object",
+        "properties": {
+          "issue_id": {
+            "type": "string",
+            "description": "Issue id from a previous projscan_doctor / projscan_analyze response."
+          },
+          "file": {
+            "type": "string",
+            "description": "File path (repo-relative). Required when no `issue_id` is given - combined with `rule` to synthesize a fix request."
+          },
+          "rule": {
+            "type": "string",
+            "description": "Rule / issue-id prefix (e.g. \"unused-dependency\", \"cycle-detected\"). Required when no `issue_id` is given."
+          },
+          "severity": {
+            "type": "string",
+            "enum": [
+              "info",
+              "warning",
+              "error"
+            ],
+            "description": "Optional. When synthesizing via file+rule, sets the severity for the suggestion. Default: warning."
+          }
+        }
+      }
+    },
+    {
+      "name": "projscan_explain_issue",
+      "description": "Deep-dive on a single open issue: severity, surrounding code excerpt, other issues touching the same file, similar fixes from git log (commit messages that mention this rule), and the structured fix-action prompt. Use when an agent needs more context than projscan_doctor gives - typically before applying a fix.",
+      "inputSchema": {
+        "type": "object",
+        "properties": {
+          "issue_id": {
+            "type": "string",
+            "description": "Issue id from a previous projscan_doctor / projscan_analyze response."
+          }
+        },
+        "required": [
+          "issue_id"
+        ]
+      }
+    },
     {
       "name": "projscan_search",
       "description": "Ranked search across the project. Lexical (BM25) by default; optional semantic (vector) and hybrid (RRF fusion) modes available when the @xenova/transformers peer dependency is installed. Scope controls what to search: \"auto\"/\"content\" (ranked content matches with excerpts), \"symbols\" (exported names), \"files\" (path substring).",

package/dist/types.d.ts

@@ -47,11 +47,28 @@ export interface DependencyReport {
     dependencies: Record<string, string>;
     devDependencies: Record<string, string>;
     risks: DependencyRisk[];
+    /**
+     * Per-workspace breakdown when scanning a monorepo (0.13.0+). Absent for
+     * single-package repos. The top-level `totalDependencies`,
+     * `totalDevDependencies`, `dependencies`, `devDependencies`, and `risks`
+     * fields aggregate across all workspaces (root manifest + each package).
+     * For per-package detail, read this array.
+     */
+    byWorkspace?: Array<{
+        workspace: string;
+        relativePath: string;
+        isRoot: boolean;
+        totalDependencies: number;
+        totalDevDependencies: number;
+        risks: DependencyRisk[];
+    }>;
 }
 export interface DependencyRisk {
     name: string;
     reason: string;
     severity: 'low' | 'medium' | 'high';
+    /** Workspace package name when found in a monorepo workspace manifest. Absent for the root. */
+    workspace?: string;
 }
 export type IssueSeverity = 'info' | 'warning' | 'error';
 export interface IssueLocation {
@@ -70,6 +87,77 @@ export interface Issue {
     fixAvailable: boolean;
     fixId?: string;
     locations?: IssueLocation[];
+    /**
+     * One-line hint shown inline in projscan_doctor output (0.14.0+). Points
+     * at the fix-suggest pipeline. Absent when no template matches the issue.
+     */
+    suggestedAction?: {
+        summary: string;
+    };
+}
+/**
+ * Structured action prompt the agent can paste into its plan. Returned by
+ * projscan_fix_suggest. projscan does not run an LLM - this is rule-driven
+ * guidance with the issue, the location, and a one-paragraph instruction
+ * the agent (LLM) is expected to act on.
+ */
+export interface FixSuggestion {
+    /** Echoes the input issue id when matched. */
+    issueId: string;
+    /** Severity level passed through from the source issue. */
+    severity: IssueSeverity;
+    /** Issue category passed through. */
+    category: string;
+    /** One-line "what is wrong". */
+    headline: string;
+    /** 2-4 sentences of why this matters. Severity-anchored. */
+    why: string;
+    /** Affected locations (mirrors Issue.locations when known). */
+    where: IssueLocation[];
+    /** One-paragraph instruction for the driving agent. */
+    instruction: string;
+    /** Optional "verify the fix by..." note. */
+    suggestedTest?: string;
+    /** Optional related files (importers, peer rules) for context. */
+    relatedFiles?: string[];
+    /** Optional documentation links. */
+    references?: string[];
+}
+/**
+ * Markdown-rendered deep dive for a single issue. Returned by
+ * projscan_explain_issue. Includes the surrounding code excerpt and any
+ * git-log evidence of similar fixes already merged in this repo.
+ */
+export interface IssueExplanation {
+    issueId: string;
+    title: string;
+    severity: IssueSeverity;
+    category: string;
+    headline: string;
+    /** Source-code excerpt around the primary location. Empty when no location. */
+    excerpt: {
+        file: string;
+        startLine: number;
+        endLine: number;
+        lines: string[];
+    } | null;
+    /** Other open issues touching the same file (id + title pairs). */
+    relatedIssues: Array<{
+        id: string;
+        title: string;
+    }>;
+    /**
+     * Git log references where this issue id (or its rule prefix) appears in a
+     * commit message - hints at how teammates have addressed it before.
+     * Empty when none found or git history unavailable.
+     */
+    similarFixes: Array<{
+        sha: string;
+        subject: string;
+        date: string;
+    }>;
+    /** The full FixSuggestion if a template matched; null otherwise. */
+    fix: FixSuggestion | null;
 }
 export interface Fix {
     id: string;
@@ -253,6 +341,29 @@ export interface ProjscanConfig {
     ignore?: string[];
     disableRules?: string[];
     severityOverrides?: Record<string, IssueSeverity>;
+    /**
+     * Monorepo-specific configuration (0.14.0+). Currently scopes the
+     * cross-package import policy: each entry says "package P may only import
+     * from these listed packages, or specifically may NOT import from these
+     * listed packages." Edges that violate become `cross-package-violation-*`
+     * issues in projscan_doctor.
+     */
+    monorepo?: {
+        importPolicy?: ImportPolicyRule[];
+    };
+}
+/**
+ * One cross-package import rule. `from` is the package name (matches
+ * WorkspacePackage.name). Exactly one of `allow` / `deny` is required. Both
+ * lists are package-name globs - a leading `!` negates a single entry, and a
+ * single `*` is the wildcard. When both `allow` and `deny` are set, allow
+ * is checked first and a hit short-circuits as ALLOWED; otherwise deny is
+ * checked.
+ */
+export interface ImportPolicyRule {
+    from: string;
+    allow?: string[];
+    deny?: string[];
 }
 export interface LoadedConfig {
     config: ProjscanConfig;
@@ -391,6 +502,105 @@ export interface PrDiffReport {
     filesModified: FileAstDiff[];
     totalFilesChanged: number;
 }
+/**
+ * One changed file enriched with risk signals. The agent calling
+ * projscan_review uses these to decide which files need careful review.
+ */
+export interface ReviewFile {
+    relativePath: string;
+    status: 'added' | 'removed' | 'modified';
+    /** Hotspot risk score for the head version. null when file isn't in the hotspot scope. */
+    riskScore: number | null;
+    /** Cyclomatic complexity at head. null when no AST adapter parsed it. */
+    cyclomaticComplexity: number | null;
+    /** Delta from the structural diff (mirrors FileAstDiff.cyclomaticDelta). null when file was added/removed. */
+    cyclomaticDelta: number | null;
+    /** Number of exports added in this PR. */
+    exportsAdded: number;
+    /** Number of exports removed in this PR. */
+    exportsRemoved: number;
+    /** Number of imports added. */
+    importsAdded: number;
+    /** Number of imports removed. */
+    importsRemoved: number;
+}
+/**
+ * A circular import that exists at head and either didn't exist at base or
+ * grew. Surfaced separately from the file list so reviewers see at-a-glance
+ * whether the PR introduces new architectural debt.
+ */
+export interface ReviewCycle {
+    files: string[];
+    size: number;
+    /**
+     * 'new' = no overlap with any base cycle; 'expanded' = at least one new
+     * file added to an existing cycle.
+     */
+    classification: 'new' | 'expanded';
+}
+/**
+ * A function whose CC newly crossed a worry threshold (>= 10) at head, or
+ * was added with high CC, or jumped by 5+ since base.
+ */
+export interface ReviewFunction {
+    file: string;
+    name: string;
+    line: number;
+    endLine: number;
+    cyclomaticComplexity: number;
+    /** CC at base. null when the function did not exist at base. */
+    baseCc: number | null;
+    /** Why this function shows up. */
+    reason: 'added' | 'jumped' | 'crossed-threshold';
+}
+/** Workspace-package-scoped dependency change. Aggregates root + workspaces. */
+export interface ReviewDependencyChange {
+    /** Workspace name; '' for the root manifest. */
+    workspace: string;
+    manifestFile: string;
+    added: Array<{
+        name: string;
+        version: string;
+        kind: 'dep' | 'dev';
+    }>;
+    removed: Array<{
+        name: string;
+        version: string;
+        kind: 'dep' | 'dev';
+    }>;
+    bumped: Array<{
+        name: string;
+        from: string;
+        to: string;
+        kind: 'dep' | 'dev';
+    }>;
+}
+export interface ReviewReport {
+    available: boolean;
+    reason?: string;
+    base: {
+        ref: string;
+        resolvedSha: string | null;
+    };
+    head: {
+        ref: string;
+        resolvedSha: string | null;
+    };
+    /** The structural diff (same shape as projscan_pr_diff). */
+    prDiff: PrDiffReport;
+    /** Each changed file annotated with risk + CC + delta. Sorted by risk desc. */
+    changedFiles: ReviewFile[];
+    /** Cycles introduced or expanded by this PR. Empty when none. */
+    newCycles: ReviewCycle[];
+    /** Functions that meaningfully grew or were added with high CC. Sorted by CC desc. */
+    riskyFunctions: ReviewFunction[];
+    /** package.json deltas across root + workspaces. */
+    dependencyChanges: ReviewDependencyChange[];
+    /** 'ok' = ship it; 'review' = needs careful look; 'block' = strongly suggests rework. */
+    verdict: 'ok' | 'review' | 'block';
+    /** One-line bullets explaining the verdict. */
+    summary: string[];
+}
 export interface FileInspection {
     relativePath: string;
     exists: boolean;
@@ -411,6 +621,24 @@ export interface FileInspection {
     fanOut?: number | null;
     /** Adapter id (e.g. 'javascript', 'python'). Set when the graph was available. */
     language?: string;
+    /**
+     * Per-function McCabe CC (0.13.0+). Sorted by cyclomaticComplexity desc.
+     * Empty array when the file has no functions or the adapter doesn't yet
+     * support per-function granularity.
+     */
+    functions?: FunctionDetail[];
+}
+/**
+ * Per-function CC entry exposed via projscan_file. Mirrors the internal
+ * `FunctionInfo` from `core/ast.ts` but is part of the stable API surface.
+ */
+export interface FunctionDetail {
+    name: string;
+    /** 1-based start line. */
+    line: number;
+    /** 1-based end line. */
+    endLine: number;
+    cyclomaticComplexity: number;
 }
 export interface McpToolDefinition {
     name: string;

package/dist/utils/config.js

@@ -89,6 +89,33 @@ function normalize(input) {
         if (Object.keys(overrides).length)
             out.severityOverrides = overrides;
     }
+    if (obj.monorepo && typeof obj.monorepo === 'object') {
+        const m = obj.monorepo;
+        const monorepo = {};
+        if (Array.isArray(m.importPolicy)) {
+            const rules = [];
+            for (const entry of m.importPolicy) {
+                if (!entry || typeof entry !== 'object')
+                    continue;
+                const e = entry;
+                if (typeof e.from !== 'string' || !e.from)
+                    continue;
+                const rule = { from: e.from };
+                if (Array.isArray(e.allow)) {
+                    rule.allow = e.allow.filter((v) => typeof v === 'string');
+                }
+                if (Array.isArray(e.deny)) {
+                    rule.deny = e.deny.filter((v) => typeof v === 'string');
+                }
+                if (rule.allow || rule.deny)
+                    rules.push(rule);
+            }
+            if (rules.length > 0)
+                monorepo.importPolicy = rules;
+        }
+        if (Object.keys(monorepo).length)
+            out.monorepo = monorepo;
+    }
     return out;
 }
 /**

package/dist/utils/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAQ7B,MAAM,iBAAiB,GAAG,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAC9D,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,MAAM,gBAAgB,GAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAEvE,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,YAAqB;IAErB,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,QAAgB;IAC9C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAE/B,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;QAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;YAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC5D,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACpC,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CACxC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,iBAAiB,IAAI,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,GAAG,CAAC,iBAA4C,CAAC;QAC7D,MAAM,SAAS,GAAkC,EAAE,CAAC;QACpD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAK,gBAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5E,SAAS,CAAC,GAAG,CAAC,GAAG,GAAoB,CAAC;YACxC,CAAC;QACH,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM;YAAE,GAAG,CAAC,iBAAiB,GAAG,SAAS,CAAC;IACvE,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAe,EACf,MAAsB;IAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAEjD,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACb,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,QAAQ;QAC3D,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE;QAC7C,CAAC,CAAC,KAAK,CACV,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,EAAU,EAAE,QAAkB;IACpD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAS7B,MAAM,iBAAiB,GAAG,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;AAC9D,MAAM,OAAO,GAAG,UAAU,CAAC;AAE3B,MAAM,gBAAgB,GAAoB,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AAEvE,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAgB,EAChB,YAAqB;IAErB,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;YAC5C,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzD,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,SAAS;QACX,CAAC;QACD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACzC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1D,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,IAAI,OAAO,EAAE,EAAE,CAAC;QAC1E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACtC,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,QAAgB;IAC9C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,KAAK,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAE/B,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;QAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;QAC7D,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,QAAQ,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,QAAQ,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;YAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC5D,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACpC,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CACxC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAC1D,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC,iBAAiB,IAAI,OAAO,GAAG,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,GAAG,CAAC,iBAA4C,CAAC;QAC7D,MAAM,SAAS,GAAkC,EAAE,CAAC;QACpD,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAK,gBAA6B,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC5E,SAAS,CAAC,GAAG,CAAC,GAAG,GAAoB,CAAC;YACxC,CAAC;QACH,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM;YAAE,GAAG,CAAC,iBAAiB,GAAG,SAAS,CAAC;IACvE,CAAC;IAED,IAAI,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACrD,MAAM,CAAC,GAAG,GAAG,CAAC,QAAmC,CAAC;QAClD,MAAM,QAAQ,GAA4C,EAAE,CAAC;QAC7D,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,MAAM,KAAK,GAAuB,EAAE,CAAC;YACrC,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;oBAAE,SAAS;gBAClD,MAAM,CAAC,GAAG,KAAgC,CAAC;gBAC3C,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,IAAI;oBAAE,SAAS;gBACpD,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAChD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;oBAC3B,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;gBACzE,CAAC;gBACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC1B,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;gBACvE,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI;oBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;QACtD,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM;YAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC5D,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAe,EACf,MAAsB;IAEtB,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAEjD,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;SACtD,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACb,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,QAAQ;QAC3D,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE;QAC7C,CAAC,CAAC,KAAK,CACV,CAAC;AACN,CAAC;AAED,SAAS,cAAc,CAAC,EAAU,EAAE,QAAkB;IACpD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7B,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC1E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
-  "version": "0.12.0",
-  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, and Ruby; code graph, AST cyclomatic complexity, coupling + cycle detection, structural PR diff, monorepo workspace awareness with per-package outdated, BM25 + optional semantic search, cursor pagination, progress notifications, and context-budgeted output. CLI on the side.",
+  "version": "0.14.0",
+  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, and Ruby; code graph, file + per-function AST cyclomatic complexity, coupling + cycle detection, structural PR diff, one-call PR review (projscan_review), rule-driven fix suggestions (projscan_fix_suggest, projscan_explain_issue) closing the diagnose-fix loop, monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -20,6 +20,8 @@
     "lint": "eslint src/",
     "format": "prettier --write .",
     "bench": "node scripts/bench.mjs",
+    "bench:references": "node scripts/bench-references.mjs",
+    "check:stability": "node scripts/check-stability.mjs",
     "prepare": "npm run build"
   },
   "keywords": [