projscan 1.7.0 → 1.8.0

package/dist/tool-manifest.json

@@ -1,9 +1,9 @@
 {
   "name": "projscan",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "mcpProtocolVersion": "2025-03-26",
-  "generatedAt": "2026-05-07T21:35:24.182Z",
-  "toolCount": 26,
+  "generatedAt": "2026-05-07T22:25:02.535Z",
+  "toolCount": 27,
   "tools": [
     {
       "name": "projscan_analyze",
@@ -655,6 +655,40 @@
           }
         }
       }
+    },
+    {
+      "name": "projscan_review_watch",
+      "description": "Long-running PR review. Polls a base+head ref pair on an interval and emits a notifications/projscan/pr_changed notification whenever the review verdict, SHAs, flow count, or risky-function set changes. Pairs with projscan_review (one-shot) — use this when an agent wants to react to pushes on a PR without re-asking. Actions: start (returns initial review + watchId) / stop / list.",
+      "inputSchema": {
+        "type": "object",
+        "properties": {
+          "action": {
+            "type": "string",
+            "enum": [
+              "start",
+              "stop",
+              "list"
+            ],
+            "description": "\"start\" begins polling (returns initial review + watchId). \"stop\" cancels a watch by id. \"list\" enumerates active watches."
+          },
+          "base": {
+            "type": "string",
+            "description": "Base ref. Default: origin/main → main → origin/master → master → HEAD~1. (start only)"
+          },
+          "head": {
+            "type": "string",
+            "description": "Head ref. Default: HEAD. (start only)"
+          },
+          "interval_seconds": {
+            "type": "number",
+            "description": "Poll interval in seconds. Default: 30. Min: 5, max: 600. (start only)"
+          },
+          "watchId": {
+            "type": "string",
+            "description": "Watch identifier returned by a previous \"start\". (stop only)"
+          }
+        }
+      }
     }
   ]
 }

package/dist/utils/atomicWrite.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Crash-safe file write: write to a tmp path, fsync the data, rename
+ * over the target, then best-effort fsync the parent directory.
+ *
+ * Three hardenings over a naive writeFile + rename:
+ *
+ *   1. Tmp filename uses randomUUID() so the path is unpredictable. A
+ *      shared-system attacker can't pre-create a symlink at the tmp path
+ *      before our write lands.
+ *
+ *   2. Open with the 'wx' flag (O_CREAT | O_EXCL). If the tmp path
+ *      already exists for any reason (race, leftover, planted symlink),
+ *      fs.open throws EEXIST instead of following the symlink. Belt-
+ *      and-suspenders with #1.
+ *
+ *   3. fsync the file before rename, and best-effort fsync the parent
+ *      dir after rename. Rename is atomic at the journal-record level
+ *      on most filesystems, but without fsync the rename can survive a
+ *      crash with empty tmp content (file metadata persists, data
+ *      doesn't). Parent-dir sync is best-effort: Windows doesn't
+ *      support it and some FUSE backends treat it as a no-op.
+ *
+ * Used by `applyFix` (1.6+) and `session.saveSession` (1.8+) to ensure
+ * that crashes mid-write never leave partially-written state on disk.
+ */
+export declare function atomicWriteFile(absPath: string, content: string): Promise<void>;

package/dist/utils/atomicWrite.js

@@ -0,0 +1,69 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { randomUUID } from 'node:crypto';
+/**
+ * Crash-safe file write: write to a tmp path, fsync the data, rename
+ * over the target, then best-effort fsync the parent directory.
+ *
+ * Three hardenings over a naive writeFile + rename:
+ *
+ *   1. Tmp filename uses randomUUID() so the path is unpredictable. A
+ *      shared-system attacker can't pre-create a symlink at the tmp path
+ *      before our write lands.
+ *
+ *   2. Open with the 'wx' flag (O_CREAT | O_EXCL). If the tmp path
+ *      already exists for any reason (race, leftover, planted symlink),
+ *      fs.open throws EEXIST instead of following the symlink. Belt-
+ *      and-suspenders with #1.
+ *
+ *   3. fsync the file before rename, and best-effort fsync the parent
+ *      dir after rename. Rename is atomic at the journal-record level
+ *      on most filesystems, but without fsync the rename can survive a
+ *      crash with empty tmp content (file metadata persists, data
+ *      doesn't). Parent-dir sync is best-effort: Windows doesn't
+ *      support it and some FUSE backends treat it as a no-op.
+ *
+ * Used by `applyFix` (1.6+) and `session.saveSession` (1.8+) to ensure
+ * that crashes mid-write never leave partially-written state on disk.
+ */
+export async function atomicWriteFile(absPath, content) {
+    const tmp = `${absPath}.projscan-tmp-${randomUUID()}`;
+    const handle = await fs.open(tmp, 'wx');
+    try {
+        await handle.writeFile(content, 'utf-8');
+        await handle.sync();
+    }
+    finally {
+        await handle.close();
+    }
+    // 1.8+ — clean up the tmp file if rename fails (e.g., the target is
+    // on a read-only filesystem, EACCES, or its parent dir was removed
+    // mid-write). Without this, retried writes leak abandoned tmp files
+    // forever — invisible until they pile up. Re-throw the original
+    // error so callers see the real cause; the unlink is best-effort.
+    try {
+        await fs.rename(tmp, absPath);
+    }
+    catch (err) {
+        try {
+            await fs.unlink(tmp);
+        }
+        catch {
+            // best-effort cleanup
+        }
+        throw err;
+    }
+    try {
+        const dir = await fs.open(path.dirname(absPath), 'r');
+        try {
+            await dir.sync();
+        }
+        finally {
+            await dir.close();
+        }
+    }
+    catch {
+        // ignore — best-effort
+    }
+}
+//# sourceMappingURL=atomicWrite.js.map

package/dist/utils/atomicWrite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"atomicWrite.js","sourceRoot":"","sources":["../../src/utils/atomicWrite.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAe,EAAE,OAAe;IACpE,MAAM,GAAG,GAAG,GAAG,OAAO,iBAAiB,UAAU,EAAE,EAAE,CAAC;IACtD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACzC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IACtB,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,oEAAoE;IACpE,gEAAgE;IAChE,kEAAkE;IAClE,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;QACpB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,uBAAuB;IACzB,CAAC;AACH,CAAC"}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "1.7.0",
-  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, and C++; code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, one-call PR review (projscan_review) with new-taint-flow detection, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint), transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + cost-summary analytics (projscan_cost_summary), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
+  "version": "1.8.0",
+  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, one-call PR review (projscan_review) and long-running PR-watch mode (projscan_review_watch), rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + cost-summary analytics (projscan_cost_summary), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -87,6 +87,7 @@
     "tree-sitter-cli": "^0.26.8",
     "tree-sitter-cpp": "^0.23.4",
     "tree-sitter-kotlin": "^0.3.8",
+    "tree-sitter-swift": "^0.7.1",
     "typescript": "^5.6.0",
     "typescript-eslint": "^8.57.0",
     "vitest": "^2.1.0"