projscan 0.9.0 → 0.9.2

package/dist/core/dependencyAnalyzer.js

@@ -2,9 +2,9 @@ import fs from 'node:fs/promises';
 import path from 'node:path';
 const DEPRECATED_PACKAGES = {
     moment: 'Consider using date-fns or dayjs instead',
-    request: 'Deprecated — use node-fetch, undici, or axios instead',
+    request: 'Deprecated - use node-fetch, undici, or axios instead',
     'node-uuid': 'Renamed to uuid',
-    nomnom: 'Deprecated — use commander or yargs instead',
+    nomnom: 'Deprecated - use commander or yargs instead',
     'coffee-script': 'CoffeeScript is no longer maintained',
 };
 const HEAVY_PACKAGES = {
@@ -42,14 +42,14 @@ export async function analyzeDependencies(rootPath) {
     if (totalDeps > 100) {
         risks.push({
             name: 'excessive-dependencies',
-            reason: `${totalDeps} production dependencies — consider auditing for unused packages`,
+            reason: `${totalDeps} production dependencies - consider auditing for unused packages`,
             severity: 'high',
         });
     }
     else if (totalDeps > 50) {
         risks.push({
             name: 'many-dependencies',
-            reason: `${totalDeps} production dependencies — review for opportunities to reduce`,
+            reason: `${totalDeps} production dependencies - review for opportunities to reduce`,
             severity: 'medium',
         });
     }
@@ -58,7 +58,7 @@ export async function analyzeDependencies(rootPath) {
         if (version === '*' || version.startsWith('>=')) {
             risks.push({
                 name,
-                reason: `Wildcard version range "${version}" — pin to a specific version for reproducible builds`,
+                reason: `Wildcard version range "${version}" - pin to a specific version for reproducible builds`,
                 severity: 'high',
             });
         }
@@ -68,7 +68,7 @@ export async function analyzeDependencies(rootPath) {
     if (!hasLockfile && totalDeps > 0) {
         risks.push({
             name: 'no-lockfile',
-            reason: 'No lockfile found — run npm install to generate package-lock.json',
+            reason: 'No lockfile found - run npm install to generate package-lock.json',
             severity: 'medium',
         });
     }

package/dist/core/embeddings.d.ts

@@ -1,5 +1,5 @@
 /**
- * Thin wrapper around `@xenova/transformers` — imported dynamically so we
+ * Thin wrapper around `@xenova/transformers` - imported dynamically so we
  * fail softly when the peer dep is absent.
  *
  * Design goals:

package/dist/core/embeddings.js

@@ -1,5 +1,5 @@
 /**
- * Thin wrapper around `@xenova/transformers` — imported dynamically so we
+ * Thin wrapper around `@xenova/transformers` - imported dynamically so we
  * fail softly when the peer dep is absent.
  *
  * Design goals:
@@ -32,7 +32,7 @@ async function tryLoadTransformers() {
             cachedModule = null;
             return null;
         }
-        // Unexpected load error — treat as unavailable, log to stderr for diagnosis.
+        // Unexpected load error - treat as unavailable, log to stderr for diagnosis.
         process.stderr.write(`[projscan] embeddings unavailable: ${err instanceof Error ? err.message : String(err)}\n`);
         cachedModule = null;
         return null;

package/dist/core/fileInspector.js

@@ -86,13 +86,13 @@ export function extractImports(content) {
             });
         }
     };
-    // ES import — optional `type` keyword for type-only imports.
+    // ES import - optional `type` keyword for type-only imports.
     const esImportRegex = /import\s+(?:type\s+)?(?:(?:\{[^}]*\}|[\w*]+(?:\s*,\s*\{[^}]*\})?|\*\s+as\s+\w+)\s+from\s+)?['"]([^'"]+)['"]/gm;
     let match;
     while ((match = esImportRegex.exec(content)) !== null) {
         addSource(match[1]);
     }
-    // ES re-export — `export ... from '...'` counts as an import from the
+    // ES re-export - `export ... from '...'` counts as an import from the
     // importer's point of view for graph-building purposes.
     const esReexportRegex = /export\s+(?:type\s+)?(?:\{[^}]*\}|\*(?:\s+as\s+\w+)?)\s+from\s+['"]([^'"]+)['"]/gm;
     while ((match = esReexportRegex.exec(content)) !== null) {
@@ -195,17 +195,17 @@ export function inferPurpose(filePath, exports) {
 export function detectFileIssues(content, lineCount) {
     const issues = [];
     if (lineCount > 500)
-        issues.push(`Large file (${lineCount} lines) — consider splitting`);
+        issues.push(`Large file (${lineCount} lines) - consider splitting`);
     if (lineCount > 1000)
-        issues.push('Very large file — strongly consider refactoring');
+        issues.push('Very large file - strongly consider refactoring');
     if (/console\.(log|warn|error|debug)\s*\(/.test(content)) {
-        issues.push('Contains console.log statements — consider using a proper logger');
+        issues.push('Contains console.log statements - consider using a proper logger');
     }
     if (/TODO|FIXME|HACK|XXX/i.test(content)) {
         issues.push('Contains TODO/FIXME comments');
     }
     if (/:\s*any\b/.test(content) && /\.tsx?$/.test(content)) {
-        issues.push('Uses "any" type — consider using proper types');
+        issues.push('Uses "any" type - consider using proper types');
     }
     return issues;
 }

package/dist/core/hotspotAnalyzer.js

@@ -18,7 +18,7 @@ export async function analyzeHotspots(rootPath, files, issues, options = {}) {
     if (!isRepo) {
         return {
             available: false,
-            reason: 'Not a git repository — hotspot analysis requires git history',
+            reason: 'Not a git repository - hotspot analysis requires git history',
             window: { since: null, commitsScanned: 0 },
             hotspots: [],
             totalFilesRanked: 0,
@@ -263,7 +263,7 @@ function indexIssuesByFile(issues, files) {
         index.set(file, list);
     };
     for (const issue of issues) {
-        // Prefer explicit locations when the analyzer supplied them — this is
+        // Prefer explicit locations when the analyzer supplied them - this is
         // exact and avoids the substring-false-positive problem where "src/a.ts"
         // would match issues that only mention "src/ab.ts".
         if (issue.locations && issue.locations.length > 0) {

package/dist/core/importGraph.d.ts

@@ -10,7 +10,7 @@ export interface ImportGraph {
 }
 /**
  * Walk source files and build an import graph. Now backed by AST-based
- * codeGraph — this function is retained for public API compatibility.
+ * codeGraph - this function is retained for public API compatibility.
  */
 export declare function buildImportGraph(rootPath: string, files: FileEntry[]): Promise<ImportGraph>;
 /** Convert an import specifier to a bare package name. */

package/dist/core/importGraph.js

@@ -1,7 +1,7 @@
 import { buildCodeGraph, toPackageName as graphToPackageName } from './codeGraph.js';
 /**
  * Walk source files and build an import graph. Now backed by AST-based
- * codeGraph — this function is retained for public API compatibility.
+ * codeGraph - this function is retained for public API compatibility.
  */
 export async function buildImportGraph(rootPath, files) {
     const code = await buildCodeGraph(rootPath, files);

package/dist/core/indexCache.d.ts

@@ -1,11 +1,11 @@
 import type { CodeGraph } from './codeGraph.js';
 /**
  * Load a previously cached code graph, if present and valid. Returns undefined
- * when there's no cache or the cache is incompatible — caller should rebuild.
+ * when there's no cache or the cache is incompatible - caller should rebuild.
  */
 export declare function loadCachedGraph(rootPath: string): Promise<CodeGraph | undefined>;
 /**
- * Persist the graph. Creates .projscan-cache/ if needed. Swallows errors —
+ * Persist the graph. Creates .projscan-cache/ if needed. Swallows errors -
  * caching is best-effort, never blocks a run.
  */
 export declare function saveCachedGraph(rootPath: string, graph: CodeGraph): Promise<void>;

package/dist/core/indexCache.js

@@ -5,7 +5,7 @@ const CACHE_FILE = 'graph.json';
 const CACHE_VERSION = 1;
 /**
  * Load a previously cached code graph, if present and valid. Returns undefined
- * when there's no cache or the cache is incompatible — caller should rebuild.
+ * when there's no cache or the cache is incompatible - caller should rebuild.
  */
 export async function loadCachedGraph(rootPath) {
     const cachePath = path.join(rootPath, CACHE_DIR, CACHE_FILE);
@@ -38,7 +38,7 @@ export async function loadCachedGraph(rootPath) {
             parseReason: entry.parseReason,
         });
     }
-    // Derived indexes are rebuilt on load — cheap compared to re-parsing.
+    // Derived indexes are rebuilt on load - cheap compared to re-parsing.
     // Return a partial graph the caller will rehydrate via buildCodeGraph.
     return {
         files,
@@ -49,7 +49,7 @@ export async function loadCachedGraph(rootPath) {
     };
 }
 /**
- * Persist the graph. Creates .projscan-cache/ if needed. Swallows errors —
+ * Persist the graph. Creates .projscan-cache/ if needed. Swallows errors -
  * caching is best-effort, never blocks a run.
  */
 export async function saveCachedGraph(rootPath, graph) {
@@ -82,7 +82,7 @@ export async function saveCachedGraph(rootPath, graph) {
         await fs.writeFile(gitignorePath, '*\n', 'utf-8');
     }
     catch {
-        // ignore — cache is best-effort
+        // ignore - cache is best-effort
     }
 }
 export async function invalidateCache(rootPath) {

package/dist/core/outdatedDetector.d.ts

@@ -1,6 +1,6 @@
 import type { OutdatedReport } from '../types.js';
 /**
- * Offline outdated check — compares the version declared in package.json
+ * Offline outdated check - compares the version declared in package.json
  * to the version installed under node_modules/<pkg>/package.json.
  *
  * Does not hit the npm registry. `latest` is filled in only when a node_modules

package/dist/core/outdatedDetector.js

@@ -2,7 +2,7 @@ import fs from 'node:fs/promises';
 import path from 'node:path';
 import { drift as semverDrift } from '../utils/semver.js';
 /**
- * Offline outdated check — compares the version declared in package.json
+ * Offline outdated check - compares the version declared in package.json
  * to the version installed under node_modules/<pkg>/package.json.
  *
  * Does not hit the npm registry. `latest` is filled in only when a node_modules

package/dist/core/searchIndex.js

@@ -5,7 +5,7 @@ import path from 'node:path';
  *
  * We index three fields per file with different weights:
  *   - content (body tokens, BM25 baseline)
- *   - symbols (export names — most informative for code search)
+ *   - symbols (export names - most informative for code search)
  *   - path (file path tokens)
  *
  * Scoring:
@@ -191,7 +191,7 @@ export function tokenize(input) {
             .replace(/([A-Z]+)([A-Z][a-z])/g, '$1 $2');
         const parts = camelSplit.split(/[_\s]+/).filter(Boolean);
         for (const part of parts) {
-            // Split embedded digits from letters — e.g. "v1api" → "v", "1", "api"
+            // Split embedded digits from letters - e.g. "v1api" → "v", "1", "api"
             const subparts = part.split(/(\d+)/).filter(Boolean);
             for (const sp of subparts) {
                 const lower = sp.toLowerCase();

package/dist/core/semanticSearch.d.ts

@@ -22,7 +22,7 @@ export interface SemanticHit {
 }
 /**
  * Build (or refresh) a semantic index. Reuses cached embeddings for files
- * whose mtime AND content hash match — both guards are necessary because
+ * whose mtime AND content hash match - both guards are necessary because
  * git checkouts can preserve mtime while swapping content.
  *
  * Returns null if the peer dep isn't available.

package/dist/core/semanticSearch.js

@@ -27,7 +27,7 @@ const INDEXABLE_EXTS = new Set([
 ]);
 /**
  * Build (or refresh) a semantic index. Reuses cached embeddings for files
- * whose mtime AND content hash match — both guards are necessary because
+ * whose mtime AND content hash match - both guards are necessary because
  * git checkouts can preserve mtime while swapping content.
  *
  * Returns null if the peer dep isn't available.
@@ -120,7 +120,7 @@ export async function buildSemanticIndex(rootPath, files, options = {}) {
         entries,
     };
     await saveCache(rootPath, index).catch(() => {
-        // best-effort — don't fail the search if cache write fails
+        // best-effort - don't fail the search if cache write fails
     });
     return index;
 }

package/dist/core/upgradePreview.d.ts

@@ -1,2 +1,14 @@
 import type { FileEntry, UpgradePreview } from '../types.js';
+/**
+ * Validate a package name against the npm grammar before any filesystem
+ * operation. Rejects traversal (`..`), absolute paths, backslashes, spaces,
+ * and any other shape that could escape node_modules/<name>/.
+ *
+ * This is security-critical: `previewUpgrade` is exposed via MCP
+ * (`projscan_upgrade`) where the argument comes from AI agents that can be
+ * influenced by untrusted content. A name containing `../` would otherwise
+ * escape node_modules and return arbitrary CHANGELOG / package.json contents
+ * to the caller.
+ */
+export declare function isValidPackageName(name: string): boolean;
 export declare function previewUpgrade(rootPath: string, pkgName: string, files: FileEntry[]): Promise<UpgradePreview>;

package/dist/core/upgradePreview.js

@@ -11,7 +11,47 @@ const BREAKING_MARKERS = [
     /removed\s+support/i,
     /no\s+longer\s+supported/i,
 ];
+// npm package-name grammar: optional scope + name, letters/digits/._-
+// No slashes other than the single scope separator. No `..`, no absolute paths.
+const PACKAGE_NAME_RE = /^(?:@[a-z0-9][\w.-]*\/)?[a-z0-9][\w.-]*$/i;
+/**
+ * Validate a package name against the npm grammar before any filesystem
+ * operation. Rejects traversal (`..`), absolute paths, backslashes, spaces,
+ * and any other shape that could escape node_modules/<name>/.
+ *
+ * This is security-critical: `previewUpgrade` is exposed via MCP
+ * (`projscan_upgrade`) where the argument comes from AI agents that can be
+ * influenced by untrusted content. A name containing `../` would otherwise
+ * escape node_modules and return arbitrary CHANGELOG / package.json contents
+ * to the caller.
+ */
+export function isValidPackageName(name) {
+    if (typeof name !== 'string')
+        return false;
+    if (name.length === 0 || name.length > 214)
+        return false;
+    if (name !== name.trim())
+        return false;
+    if (name.includes('..'))
+        return false;
+    if (name.includes('\\'))
+        return false;
+    return PACKAGE_NAME_RE.test(name);
+}
 export async function previewUpgrade(rootPath, pkgName, files) {
+    if (!isValidPackageName(pkgName)) {
+        return {
+            available: false,
+            reason: `Invalid package name: "${pkgName}". Must match the npm package-name grammar.`,
+            name: pkgName,
+            declared: null,
+            installed: null,
+            latest: null,
+            drift: 'unknown',
+            breakingMarkers: [],
+            importers: [],
+        };
+    }
     const declaredVersions = await readDeclaredVersion(rootPath, pkgName);
     const installed = await readInstalledVersion(rootPath, pkgName);
     const latest = installed; // offline mode: best we know without a registry
@@ -31,7 +71,7 @@ export async function previewUpgrade(rootPath, pkgName, files) {
     if (!installed) {
         return {
             available: false,
-            reason: `Package "${pkgName}" not installed — run npm install and retry`,
+            reason: `Package "${pkgName}" not installed - run npm install and retry`,
             name: pkgName,
             declared: declaredVersions,
             installed: null,
@@ -84,7 +124,11 @@ async function readDeclaredVersion(rootPath, name) {
     }
 }
 async function readInstalledVersion(rootPath, name) {
-    const p = path.join(rootPath, 'node_modules', name, 'package.json');
+    const nodeModules = path.resolve(rootPath, 'node_modules');
+    const pkgDir = path.resolve(nodeModules, name);
+    if (!isInside(pkgDir, nodeModules))
+        return null;
+    const p = path.join(pkgDir, 'package.json');
     try {
         const raw = await fs.readFile(p, 'utf-8');
         const pkg = JSON.parse(raw);
@@ -95,7 +139,10 @@ async function readInstalledVersion(rootPath, name) {
     }
 }
 async function readChangelog(rootPath, name) {
-    const base = path.join(rootPath, 'node_modules', name);
+    const nodeModules = path.resolve(rootPath, 'node_modules');
+    const base = path.resolve(nodeModules, name);
+    if (!isInside(base, nodeModules))
+        return undefined;
     for (const filename of CHANGELOG_NAMES) {
         const p = path.join(base, filename);
         try {
@@ -107,6 +154,11 @@ async function readChangelog(rootPath, name) {
     }
     return undefined;
 }
+/** True iff `candidate` resolves to `parent` itself or a path inside `parent`. */
+function isInside(candidate, parent) {
+    const rel = path.relative(parent, candidate);
+    return rel === '' || (!rel.startsWith('..') && !path.isAbsolute(rel));
+}
 /**
  * Extract the CHANGELOG section strictly *between* two versions (exclusive of
  * the lower version's body, inclusive up to the upper version). If we can't

package/dist/core/upgradePreview.js.map

@@ -1 +1 @@
-{"version":3,"file":"upgradePreview.js","sourceRoot":"","sources":["../../src/core/upgradePreview.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,KAAK,IAAI,WAAW,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC1G,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEpE,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;AAElF,MAAM,gBAAgB,GAAG;IACvB,oBAAoB;IACpB,qBAAqB;IACrB,iBAAiB;IACjB,WAAW;IACX,oBAAoB;IACpB,0BAA0B;CAC3B,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,OAAe,EACf,KAAkB;IAElB,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,gDAAgD;IAE1E,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC;QACpC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,YAAY,OAAO,6CAA6C;YACxE,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,eAAe,EAAE,EAAE;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,YAAY,OAAO,6CAA6C;YACxE,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,eAAe,EAAE,EAAE;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAEvD,IAAI,SAA6B,CAAC;IAClC,IAAI,eAAe,GAAa,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;YACnE,eAAe,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAC/C,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEjD,OAAO;QACL,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,gBAAgB;QAC1B,SAAS;QACT,MAAM;QACN,KAAK;QACL,eAAe;QACf,gBAAgB,EAAE,SAAS;QAC3B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,IAAY;IAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAIzB,CAAC;QACF,OAAO,CACL,GAAG,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC;YACxB,GAAG,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC;YAC3B,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC;YAC5B,IAAI,CACL,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,QAAgB,EAAE,IAAY;IAChE,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;IACpE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;QACpD,OAAO,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAgB,EAAE,IAAY;IACzD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACvD,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACpC,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,SAAiB,EAAE,IAAmB,EAAE,EAAiB;IAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,gBAAgB,GAAG,uDAAuD,CAAC;IAEjF,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEzC,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,QAAQ,GAAG,CAAC,CAAC;gBACb,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,MAAM,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,MAAM,GAAG,CAAC,CAAC;gBACX,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,CAAC,EAAE,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,iBAAiB,CAAC;AAC7C,CAAC"}
+{"version":3,"file":"upgradePreview.js","sourceRoot":"","sources":["../../src/core/upgradePreview.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,KAAK,IAAI,WAAW,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAC1G,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEpE,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;AAElF,MAAM,gBAAgB,GAAG;IACvB,oBAAoB;IACpB,qBAAqB;IACrB,iBAAiB;IACjB,WAAW;IACX,oBAAoB;IACpB,0BAA0B;CAC3B,CAAC;AAEF,sEAAsE;AACtE,gFAAgF;AAChF,MAAM,eAAe,GAAG,2CAA2C,CAAC;AAEpE;;;;;;;;;;GAUG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG;QAAE,OAAO,KAAK,CAAC;IACzD,IAAI,IAAI,KAAK,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,OAAe,EACf,KAAkB;IAElB,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,0BAA0B,OAAO,6CAA6C;YACtF,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,eAAe,EAAE,EAAE;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,gDAAgD;IAE1E,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,EAAE,CAAC;QACpC,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,YAAY,OAAO,6CAA6C;YACxE,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,IAAI;YACd,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,eAAe,EAAE,EAAE;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,YAAY,OAAO,6CAA6C;YACxE,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,SAAS;YAChB,eAAe,EAAE,EAAE;YACnB,SAAS,EAAE,EAAE;SACd,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;IAEvD,IAAI,SAA6B,CAAC;IAClC,IAAI,eAAe,GAAa,EAAE,CAAC;IACnC,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;YACnE,eAAe,GAAG,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAC/C,SAAS,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAEjD,OAAO;QACL,SAAS,EAAE,IAAI;QACf,IAAI,EAAE,OAAO;QACb,QAAQ,EAAE,gBAAgB;QAC1B,SAAS;QACT,MAAM;QACN,KAAK;QACL,eAAe;QACf,gBAAgB,EAAE,SAAS;QAC3B,SAAS;KACV,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,QAAgB,EAAE,IAAY;IAC/D,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAIzB,CAAC;QACF,OAAO,CACL,GAAG,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC;YACxB,GAAG,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC;YAC3B,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC;YAC5B,IAAI,CACL,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,QAAgB,EAAE,IAAY;IAChE,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,CAAC;QACpD,OAAO,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAgB,EAAE,IAAY;IACzD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC;QAAE,OAAO,SAAS,CAAC;IACnD,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACpC,IAAI,CAAC;YACH,OAAO,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,kFAAkF;AAClF,SAAS,QAAQ,CAAC,SAAiB,EAAE,MAAc;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAC7C,OAAO,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;;;GAIG;AACH,SAAS,YAAY,CAAC,SAAiB,EAAE,IAAmB,EAAE,EAAiB;IAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7C,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,gBAAgB,GAAG,uDAAuD,CAAC;IAEjF,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEzC,IAAI,QAAQ,EAAE,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnC,QAAQ,GAAG,CAAC,CAAC;gBACb,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,MAAM,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1C,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,CAAC;gBAAE,SAAS;YACjB,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACpC,MAAM,GAAG,CAAC,CAAC;gBACX,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,IAAI,CAAC,EAAE,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,GAAW;IACtC,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,iBAAiB,CAAC;AAC7C,CAAC"}

package/dist/fixes/prettierFix.js

@@ -34,7 +34,7 @@ export const prettierFix = {
         }
         catch (err) {
             if (err instanceof Error && 'code' in err && err.code === 'ENOENT') {
-                return; // No package.json — nothing to update
+                return; // No package.json - nothing to update
             }
             throw err; // Re-throw JSON parse errors or unexpected failures
         }

package/dist/fixes/testFix.js

@@ -30,7 +30,7 @@ export const testFix = {
         }
         catch (err) {
             if (err instanceof Error && 'code' in err && err.code === 'ENOENT') {
-                return; // No package.json — nothing to update
+                return; // No package.json - nothing to update
             }
             throw err; // Re-throw JSON parse errors or unexpected failures
         }

package/dist/index.d.ts

@@ -8,7 +8,7 @@ export { inspectFile } from './core/fileInspector.js';
 export { buildImportGraph, toPackageName, isPackageUsed, filesImporting } from './core/importGraph.js';
 export { detectOutdated } from './core/outdatedDetector.js';
 export { runAudit, auditFindingsToIssues } from './core/auditRunner.js';
-export { previewUpgrade } from './core/upgradePreview.js';
+export { previewUpgrade, isValidPackageName } from './core/upgradePreview.js';
 export { parseCoverage, coverageMap } from './core/coverageParser.js';
 export { joinCoverageWithHotspots } from './core/coverageJoin.js';
 export { parseSource, isParseable } from './core/ast.js';

package/dist/index.js

@@ -8,7 +8,7 @@ export { inspectFile } from './core/fileInspector.js';
 export { buildImportGraph, toPackageName, isPackageUsed, filesImporting } from './core/importGraph.js';
 export { detectOutdated } from './core/outdatedDetector.js';
 export { runAudit, auditFindingsToIssues } from './core/auditRunner.js';
-export { previewUpgrade } from './core/upgradePreview.js';
+export { previewUpgrade, isValidPackageName } from './core/upgradePreview.js';
 export { parseCoverage, coverageMap } from './core/coverageParser.js';
 export { joinCoverageWithHotspots } from './core/coverageJoin.js';
 export { parseSource, isParseable } from './core/ast.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvG,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,SAAS,EACT,SAAS,EACT,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACzF,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACzG,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EACL,gBAAgB,EAChB,MAAM,EACN,QAAQ,EACR,WAAW,EACX,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,oBAAoB,GACrB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,OAAO,IAAI,aAAa,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACzG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvG,OAAO,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9E,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,MAAM,wBAAwB,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,EACL,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,SAAS,EACT,SAAS,EACT,WAAW,GACZ,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACzF,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACzG,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EACL,gBAAgB,EAChB,MAAM,EACN,QAAQ,EACR,WAAW,EACX,cAAc,GACf,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,mBAAmB,EACnB,SAAS,EACT,UAAU,EACV,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,kBAAkB,EAClB,cAAc,EACd,oBAAoB,GACrB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,OAAO,IAAI,aAAa,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACzG,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/mcp/chunker.d.ts

@@ -8,7 +8,7 @@
  *     emit chunk blocks each containing a slice of the array.
  *   - Otherwise, emit a single block.
  *
- * Chunk size defaults to 20 records per block — small enough to be a
+ * Chunk size defaults to 20 records per block - small enough to be a
  * meaningful streaming unit, big enough to avoid pathological block counts.
  */
 export interface ContentBlock {

package/dist/mcp/chunker.js

@@ -8,7 +8,7 @@
  *     emit chunk blocks each containing a slice of the array.
  *   - Otherwise, emit a single block.
  *
- * Chunk size defaults to 20 records per block — small enough to be a
+ * Chunk size defaults to 20 records per block - small enough to be a
  * meaningful streaming unit, big enough to avoid pathological block counts.
  */
 const DEFAULT_CHUNK_SIZE = 20;

package/dist/mcp/pagination.d.ts

@@ -19,7 +19,7 @@ export interface Page<T> {
 }
 /**
  * Slice an array into a page. `checksum` should be a cheap identifier of
- * the result-set shape (e.g., `items.length`) — if it mismatches a cursor's
+ * the result-set shape (e.g., `items.length`) - if it mismatches a cursor's
  * captured checksum we treat the page as fresh (offset=0) rather than risk
  * returning stale offsets.
  */
@@ -31,7 +31,7 @@ interface DecodedCursor {
 export declare function encodeCursor(cursor: DecodedCursor): string;
 export declare function decodeCursor(cursor?: string): DecodedCursor | null;
 /**
- * Compute a lightweight checksum for a list. Deliberately weak — we want
+ * Compute a lightweight checksum for a list. Deliberately weak - we want
  * cursor invalidation on shape changes (length) but not on micro-changes
  * within items (scores that shift slightly between runs). Agents already
  * handle eventual consistency.

package/dist/mcp/pagination.js

@@ -12,7 +12,7 @@ const DEFAULT_PAGE_SIZE = 50;
 const MAX_PAGE_SIZE = 500;
 /**
  * Slice an array into a page. `checksum` should be a cheap identifier of
- * the result-set shape (e.g., `items.length`) — if it mismatches a cursor's
+ * the result-set shape (e.g., `items.length`) - if it mismatches a cursor's
  * captured checksum we treat the page as fresh (offset=0) rather than risk
  * returning stale offsets.
  */
@@ -49,7 +49,7 @@ export function decodeCursor(cursor) {
     }
 }
 /**
- * Compute a lightweight checksum for a list. Deliberately weak — we want
+ * Compute a lightweight checksum for a list. Deliberately weak - we want
  * cursor invalidation on shape changes (length) but not on micro-changes
  * within items (scores that shift slightly between runs). Agents already
  * handle eventual consistency.

package/dist/mcp/progress.d.ts

@@ -4,7 +4,7 @@
  * Per MCP spec, a client that wants progress sets `_meta.progressToken` on
  * the tool-call request. We capture it at dispatch time and expose a
  * `notify(progress, total?, message?)` callback to the tool handler via an
- * AsyncLocalStorage context — which means concurrent tool calls get their
+ * AsyncLocalStorage context - which means concurrent tool calls get their
  * own isolated emitters (the naive module-level-variable approach had tools
  * clobbering each other's progress streams under pipelined requests).
  *

package/dist/mcp/prompts.js

@@ -53,10 +53,10 @@ async function prioritizeRefactoringPrompt(args, rootPath) {
             const ownership = h.busFactorOne && h.primaryAuthor
                 ? ` [BUS FACTOR 1: ${h.primaryAuthor}]`
                 : '';
-            return `${i + 1}. ${h.relativePath} — risk ${h.riskScore.toFixed(1)} (${reasons})${ownership}`;
+            return `${i + 1}. ${h.relativePath} - risk ${h.riskScore.toFixed(1)} (${reasons})${ownership}`;
         })
             .join('\n')
-        : '(no hotspots available — project may not be a git repository)';
+        : '(no hotspots available - project may not be a git repository)';
     const topIssues = issues
         .slice(0, 15)
         .map((issue) => `- [${issue.severity}] ${issue.title}`)
@@ -104,7 +104,7 @@ async function investigateFilePrompt(args, rootPath) {
         'Explain in order:',
         '1. What this file does and how it fits in the codebase.',
         '2. What is risky about it right now (cite evidence from the report).',
-        '3. Concrete next actions — questions to ask, tests to add, or refactors to attempt.',
+        '3. Concrete next actions - questions to ask, tests to add, or refactors to attempt.',
         '4. Who to involve (based on ownership, if available).',
     ].join('\n');
     return {

package/dist/mcp/server.js

@@ -32,7 +32,7 @@ export function createMcpServer(rootPath, options = {}) {
     let initialized = false;
     async function dispatch(request) {
         const id = request.id ?? null;
-        // Notifications (no id) — no response expected.
+        // Notifications (no id) - no response expected.
         const isNotification = request.id === undefined || request.id === null;
         try {
             switch (request.method) {

package/dist/mcp/tokenBudget.d.ts

@@ -2,7 +2,7 @@
  * Rough token estimator and record-aware truncator for MCP tool output.
  *
  * Uses the widely-used "~4 chars per token" heuristic. Good enough for
- * prioritization — absolute accuracy is not required.
+ * prioritization - absolute accuracy is not required.
  */
 export declare const CHARS_PER_TOKEN = 4;
 export declare function estimateTokens(value: string): number;

package/dist/mcp/tokenBudget.js

@@ -2,7 +2,7 @@
  * Rough token estimator and record-aware truncator for MCP tool output.
  *
  * Uses the widely-used "~4 chars per token" heuristic. Good enough for
- * prioritization — absolute accuracy is not required.
+ * prioritization - absolute accuracy is not required.
  */
 export const CHARS_PER_TOKEN = 4;
 export function estimateTokens(value) {
@@ -55,7 +55,7 @@ function safeStringify(value) {
     }
 }
 /**
- * Find top-level array field names — our convention is that MCP results
+ * Find top-level array field names - our convention is that MCP results
  * expose a primary array (hotspots, entries, findings, files) worth
  * trimming before scalar fields.
  */