projscan 2.2.0 → 2.9.0

package/dist/types.d.ts

@@ -287,6 +287,246 @@ export interface PreflightReport {
     toolCalls: PreflightSuggestedAction[];
     truncated?: boolean;
 }
+export type WorkplanMode = PreflightMode | 'refactor' | 'release' | 'bug_hunt' | 'hardening';
+export type WorkplanPriority = 'p0' | 'p1' | 'p2';
+export interface WorkplanEvidence {
+    source: PreflightReasonSource | 'coordination' | 'release' | 'verification';
+    message: string;
+    severity?: IssueSeverity;
+    file?: string;
+    issueId?: string;
+    tool?: string;
+}
+export interface WorkplanVerification {
+    commands: string[];
+    expected: string;
+}
+export interface WorkplanTask {
+    id: string;
+    priority: WorkplanPriority;
+    title: string;
+    why: string;
+    evidence: WorkplanEvidence[];
+    files: string[];
+    suggestedTools: string[];
+    verification: WorkplanVerification;
+    handoffText: string;
+}
+export interface WorkplanTopRisk extends WorkplanEvidence {
+    priority: WorkplanPriority;
+}
+export interface WorkplanCoordination {
+    touchedFiles: string[];
+    conflicts: SessionConflict[];
+    recommendedNextAgent: string;
+}
+export interface WorkplanReport {
+    schemaVersion: 1;
+    mode: WorkplanMode;
+    verdict: PreflightVerdict;
+    summary: string;
+    topRisks: WorkplanTopRisk[];
+    tasks: WorkplanTask[];
+    coordination: WorkplanCoordination;
+    suggestedNextActions: PreflightSuggestedAction[];
+    truncated?: boolean;
+}
+export interface ReleaseTrainTrack {
+    line: string;
+    theme: string;
+    outcome: string;
+    includedInPlan: boolean;
+    scope: string[];
+    successCriteria: string[];
+}
+export interface ReleaseTrainTask {
+    id: string;
+    priority: WorkplanPriority;
+    title: string;
+    why: string;
+    track: string;
+    files: string[];
+    verification: WorkplanVerification;
+}
+export interface ReleaseTrainReport {
+    schemaVersion: 1;
+    currentVersion: string | null;
+    plan: {
+        policy: 'product-readiness-plan';
+        lines: string[];
+        readOnly: true;
+    };
+    readiness: {
+        verdict: PreflightVerdict;
+        blockers: number;
+        cautions: number;
+        summary: string;
+    };
+    tracks: ReleaseTrainTrack[];
+    tasks: ReleaseTrainTask[];
+    suggestedNextActions: PreflightSuggestedAction[];
+}
+export type BugHuntVerdict = 'clean' | 'fix' | 'block';
+export interface BugHuntFinding {
+    id: string;
+    priority: WorkplanPriority;
+    source: 'doctor' | 'preflight' | 'session' | 'hotspot' | 'verification';
+    title: string;
+    why: string;
+    files: string[];
+    evidence: WorkplanEvidence[];
+    suggestedTools: string[];
+    verification: WorkplanVerification;
+}
+export interface BugHuntReport {
+    schemaVersion: 1;
+    verdict: BugHuntVerdict;
+    summary: string;
+    health: HealthScore;
+    evidence: {
+        issueCounts: {
+            errors: number;
+            warnings: number;
+            infos: number;
+        };
+        hotspotCount: number;
+        preflightVerdict: PreflightVerdict;
+        touchedFiles: string[];
+        conflicts: number;
+    };
+    topSuspects: BugHuntFinding[];
+    fixQueue: BugHuntFinding[];
+    verificationMatrix: Array<{
+        command: string;
+        reason: string;
+        expected: string;
+    }>;
+    truncated?: boolean;
+}
+export type EvidencePackVerdict = 'ready' | 'caution' | 'blocked';
+export type EvidencePackArtifactStatus = 'ready' | 'caution' | 'blocked';
+export interface EvidencePackArtifact {
+    id: string;
+    title: string;
+    status: EvidencePackArtifactStatus;
+    summary: string;
+    evidence: string[];
+    commands: string[];
+}
+export interface EvidencePackReport {
+    schemaVersion: 1;
+    currentVersion: string | null;
+    readOnly: true;
+    verdict: EvidencePackVerdict;
+    summary: string;
+    train: {
+        lines: string[];
+        readiness: ReleaseTrainReport['readiness'];
+    };
+    approval: {
+        required: true;
+        recommendation: string;
+        blockingReasons: string[];
+    };
+    artifacts: EvidencePackArtifact[];
+    changelogEntries: string[];
+    websitePrompt?: string;
+    suggestedNextActions: PreflightSuggestedAction[];
+}
+export type RegressionPlanLevel = 'smoke' | 'focused' | 'full';
+export type RegressionPlanVerdict = 'ready' | 'needs_tests' | 'blocked';
+export interface RegressionPlanTarget {
+    id: string;
+    priority: WorkplanPriority;
+    source: 'baseline' | 'bug-hunt' | 'product-line' | 'preflight';
+    title: string;
+    why: string;
+    files: string[];
+    verification: WorkplanVerification;
+}
+export interface RegressionPlanReport {
+    schemaVersion: 1;
+    level: RegressionPlanLevel;
+    verdict: RegressionPlanVerdict;
+    summary: string;
+    releaseLines: string[];
+    evidence: {
+        healthScore: number;
+        bugHuntVerdict: BugHuntVerdict;
+        preflightVerdict: PreflightVerdict;
+        changedFiles: number;
+        touchedFiles: number;
+    };
+    targets: RegressionPlanTarget[];
+    commands: string[];
+    suggestedNextActions: PreflightSuggestedAction[];
+    truncated?: boolean;
+}
+export type AgentBriefIntent = 'next_agent' | 'bug_hunt' | 'release' | 'refactor' | 'hardening';
+export interface AgentBriefItem {
+    id: string;
+    priority: WorkplanPriority;
+    title: string;
+    why: string;
+    files: string[];
+    commands: string[];
+}
+export interface AgentBriefGuardrail {
+    id: string;
+    label: string;
+    reason: string;
+    command: string;
+}
+export interface AgentBriefReport {
+    schemaVersion: 1;
+    intent: AgentBriefIntent;
+    summary: string;
+    health: HealthScore;
+    context: {
+        totalFiles: number;
+        totalDirectories: number;
+        topDirectories: Array<{
+            directory: string;
+            files: number;
+        }>;
+        touchedFiles: string[];
+        conflicts: number;
+    };
+    focus: AgentBriefItem[];
+    guardrails: AgentBriefGuardrail[];
+    suggestedNextActions: PreflightSuggestedAction[];
+    truncated?: boolean;
+}
+export type QualityScorecardVerdict = 'excellent' | 'healthy' | 'needs_attention' | 'blocked';
+export type QualityScorecardStatus = 'pass' | 'watch' | 'fail';
+export interface QualityScorecardDimension {
+    id: 'health' | 'security' | 'tests' | 'maintainability' | 'coordination';
+    label: string;
+    status: QualityScorecardStatus;
+    score: number;
+    summary: string;
+    evidence: string[];
+    commands: string[];
+}
+export interface QualityScorecardRisk {
+    id: string;
+    priority: WorkplanPriority;
+    title: string;
+    files: string[];
+    source: 'issue' | 'hotspot' | 'coordination';
+    command: string;
+}
+export interface QualityScorecardReport {
+    schemaVersion: 1;
+    verdict: QualityScorecardVerdict;
+    summary: string;
+    health: HealthScore;
+    dimensions: QualityScorecardDimension[];
+    topRisks: QualityScorecardRisk[];
+    commands: string[];
+    suggestedNextActions: PreflightSuggestedAction[];
+    truncated?: boolean;
+}
 export interface SessionResourceSummary {
     schemaVersion: 1;
     sessionId: string;

package/dist/utils/formatSupport.d.ts

@@ -1,10 +1,12 @@
 import type { ReportFormat } from '../types.js';
 export declare const OUTPUT_FORMATS: readonly ["console", "json", "markdown", "sarif", "html"];
 export declare const COMMAND_FORMAT_SUPPORT: {
+    readonly 'agent-brief': readonly ["console", "json"];
     readonly analyze: readonly ["console", "json", "markdown", "sarif", "html"];
     readonly 'apply-fix': readonly ["console", "json"];
     readonly audit: readonly ["console", "json", "markdown", "sarif"];
     readonly badge: readonly ["console"];
+    readonly 'bug-hunt': readonly ["console", "json"];
     readonly ci: readonly ["console", "json", "markdown", "sarif"];
     readonly coupling: readonly ["console", "json", "markdown", "html"];
     readonly coverage: readonly ["console", "json", "markdown", "html"];
@@ -12,15 +14,19 @@ export declare const COMMAND_FORMAT_SUPPORT: {
     readonly diagram: readonly ["console", "json", "markdown"];
     readonly diff: readonly ["console", "json", "markdown"];
     readonly doctor: readonly ["console", "json", "markdown", "sarif", "html"];
+    readonly 'evidence-pack': readonly ["console", "json"];
     readonly explain: readonly ["console", "json", "markdown"];
     readonly 'explain-issue': readonly ["console", "json", "markdown"];
     readonly file: readonly ["console", "json", "markdown"];
+    readonly 'first-run': readonly ["console", "json"];
     readonly fix: readonly ["console"];
     readonly 'fix-suggest': readonly ["console", "json", "markdown"];
+    readonly handoff: readonly ["console", "json"];
     readonly help: readonly ["console"];
     readonly hotspots: readonly ["console", "json", "markdown", "html"];
     readonly impact: readonly ["console", "json", "markdown", "html"];
     readonly init: readonly ["console"];
+    readonly 'init mcp': readonly ["console", "json"];
     readonly 'install-hook': readonly ["console"];
     readonly mcp: readonly ["console"];
     readonly memory: readonly ["console", "json"];
@@ -34,6 +40,10 @@ export declare const COMMAND_FORMAT_SUPPORT: {
     readonly 'plugin test': readonly ["console", "json"];
     readonly preflight: readonly ["console", "json"];
     readonly 'pr-diff': readonly ["console", "json", "markdown", "html"];
+    readonly 'quality-scorecard': readonly ["console", "json"];
+    readonly 'release-train': readonly ["console", "json"];
+    readonly 'regression-plan': readonly ["console", "json"];
+    readonly recipes: readonly ["console", "json"];
     readonly review: readonly ["console", "json", "markdown", "html"];
     readonly search: readonly ["console", "json", "markdown"];
     readonly session: readonly ["console", "json"];
@@ -48,6 +58,7 @@ export declare const COMMAND_FORMAT_SUPPORT: {
     readonly 'workspace add': readonly ["console"];
     readonly 'workspace remove': readonly ["console"];
     readonly workspaces: readonly ["console", "json", "markdown"];
+    readonly workplan: readonly ["console", "json"];
 };
 export type CommandFormatName = keyof typeof COMMAND_FORMAT_SUPPORT;
 export declare function formatList(formats?: readonly ReportFormat[]): string;

package/dist/utils/formatSupport.js

@@ -1,9 +1,11 @@
 export const OUTPUT_FORMATS = ['console', 'json', 'markdown', 'sarif', 'html'];
 export const COMMAND_FORMAT_SUPPORT = {
+    'agent-brief': ['console', 'json'],
     analyze: ['console', 'json', 'markdown', 'sarif', 'html'],
     'apply-fix': ['console', 'json'],
     audit: ['console', 'json', 'markdown', 'sarif'],
     badge: ['console'],
+    'bug-hunt': ['console', 'json'],
     ci: ['console', 'json', 'markdown', 'sarif'],
     coupling: ['console', 'json', 'markdown', 'html'],
     coverage: ['console', 'json', 'markdown', 'html'],
@@ -11,15 +13,19 @@ export const COMMAND_FORMAT_SUPPORT = {
     diagram: ['console', 'json', 'markdown'],
     diff: ['console', 'json', 'markdown'],
     doctor: ['console', 'json', 'markdown', 'sarif', 'html'],
+    'evidence-pack': ['console', 'json'],
     explain: ['console', 'json', 'markdown'],
     'explain-issue': ['console', 'json', 'markdown'],
     file: ['console', 'json', 'markdown'],
+    'first-run': ['console', 'json'],
     fix: ['console'],
     'fix-suggest': ['console', 'json', 'markdown'],
+    handoff: ['console', 'json'],
     help: ['console'],
     hotspots: ['console', 'json', 'markdown', 'html'],
     impact: ['console', 'json', 'markdown', 'html'],
     init: ['console'],
+    'init mcp': ['console', 'json'],
     'install-hook': ['console'],
     mcp: ['console'],
     memory: ['console', 'json'],
@@ -33,6 +39,10 @@ export const COMMAND_FORMAT_SUPPORT = {
     'plugin test': ['console', 'json'],
     preflight: ['console', 'json'],
     'pr-diff': ['console', 'json', 'markdown', 'html'],
+    'quality-scorecard': ['console', 'json'],
+    'release-train': ['console', 'json'],
+    'regression-plan': ['console', 'json'],
+    recipes: ['console', 'json'],
     review: ['console', 'json', 'markdown', 'html'],
     search: ['console', 'json', 'markdown'],
     session: ['console', 'json'],
@@ -47,6 +57,7 @@ export const COMMAND_FORMAT_SUPPORT = {
     'workspace add': ['console'],
     'workspace remove': ['console'],
     workspaces: ['console', 'json', 'markdown'],
+    workplan: ['console', 'json'],
 };
 export function formatList(formats = OUTPUT_FORMATS) {
     return formats.join(', ');

package/dist/utils/formatSupport.js.map

@@ -1 +1 @@
-{"version":3,"file":"formatSupport.js","sourceRoot":"","sources":["../../src/utils/formatSupport.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAA4C,CAAC;AAE1H,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACzD,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC/C,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,EAAE,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC5C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC7C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACxD,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAChD,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC9C,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAClD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAClD,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACvC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC1C,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,CAAC;IAC/B,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;CACe,CAAC;AAI7D,MAAM,UAAU,UAAU,CAAC,UAAmC,cAAc;IAC1E,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,OAAQ,sBAAkE,CAAC,WAAW,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAA4B;QACrC,OAAO;KACR,CAAC,CAAC,CAAC;AACN,CAAC"}
+{"version":3,"file":"formatSupport.js","sourceRoot":"","sources":["../../src/utils/formatSupport.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAA4C,CAAC;AAE1H,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACzD,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC/C,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,EAAE,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC5C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC7C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACxD,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAChD,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC9C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAClD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAClD,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACvC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC1C,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,CAAC;IAC/B,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC3C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;CAC6B,CAAC;AAI7D,MAAM,UAAU,UAAU,CAAC,UAAmC,cAAc;IAC1E,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,OAAQ,sBAAkE,CAAC,WAAW,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAA4B;QACrC,OAAO;KACR,CAAC,CAAC,CAAC;AACN,CAAC"}

package/docs/PLUGIN-AUTHORING.md

@@ -64,6 +64,10 @@ The machine-readable manifest schema lives at
 [`docs/plugin.schema.json`](plugin.schema.json). The examples under
 [`docs/examples/plugins/`](examples/plugins/) are tested in CI.
 
+For packaged examples you can copy into a repo, see the
+[Plugin Gallery](PLUGIN-GALLERY.md). It includes policy, team health, security,
+and release-readiness examples.
+
 ## Scaffold
 
 Use `plugin init` to create a minimal local plugin without writing the manifest

package/docs/PLUGIN-GALLERY.md

@@ -0,0 +1,61 @@
+# Plugin Gallery
+
+These examples are packaged with projscan under `docs/examples/plugins/`. Copy
+the manifest and module into `.projscan-plugins/`, then run:
+
+```bash
+projscan plugin validate .projscan-plugins/<name>.projscan-plugin.json
+projscan plugin test .projscan-plugins/<name>.projscan-plugin.json
+PROJSCAN_PLUGINS_PREVIEW=1 projscan doctor
+```
+
+Local plugins are code execution. Only enable plugins you trust.
+
+## Analyzer Plugins
+
+### `policy`
+
+Flags TypeScript files under a `legacy` path so teams can keep local migration
+rules close to the repo.
+
+Files:
+- `docs/examples/plugins/policy.projscan-plugin.json`
+- `docs/examples/plugins/policy.mjs`
+
+### `security-radar`
+
+Flags common local security review triggers:
+- committed `.env` style files
+- package scripts that pipe `curl` or `wget` output into a shell
+
+Files:
+- `docs/examples/plugins/security-radar.projscan-plugin.json`
+- `docs/examples/plugins/security-radar.mjs`
+
+## Reporter Plugins
+
+### `team-radar`
+
+Renders `doctor`, `analyze`, and `ci` output in a compact team health voice.
+
+Files:
+- `docs/examples/plugins/team-radar.projscan-plugin.json`
+- `docs/examples/plugins/team-radar.mjs`
+
+### `release-readiness`
+
+Renders `doctor`, `analyze`, and `ci` output as a release approval summary with
+score, blocking issue count, warnings, and a continue/hold decision.
+
+Files:
+- `docs/examples/plugins/release-readiness.projscan-plugin.json`
+- `docs/examples/plugins/release-readiness.mjs`
+
+## Suggested Adoption Path
+
+1. Start with `projscan init mcp --client all` to wire projscan into your MCP
+   client.
+2. Run `projscan recipes` to pick an agent workflow.
+3. Copy one gallery plugin into `.projscan-plugins/` only when you need local
+   policy or team-specific reporting.
+4. Keep MCP tools structured; use reporter plugins for human presentation.

package/docs/examples/plugins/release-readiness.mjs

@@ -0,0 +1,26 @@
+export default {
+  render: async ({ command, payload }) => {
+    if (command === 'ci') {
+      const ci = payload.ci;
+      return [
+        `release-readiness: ${ci.pass ? 'ready' : 'not ready'}`,
+        `score: ${ci.score}/100 (${ci.grade})`,
+        `issues: ${ci.totalIssues}`,
+        `threshold: ${ci.threshold}`,
+      ].join('\n');
+    }
+
+    const issues = Array.isArray(payload.issues) ? payload.issues : [];
+    const health = payload.health;
+    const errors = issues.filter((issue) => issue.severity === 'error').length;
+    const warnings = issues.filter((issue) => issue.severity === 'warning').length;
+
+    return [
+      `release-readiness ${command}`,
+      `score: ${health?.score ?? 'n/a'}/100 (${health?.grade ?? 'n/a'})`,
+      `blocking: ${errors}`,
+      `warnings: ${warnings}`,
+      errors > 0 ? 'decision: hold release' : 'decision: continue release checks',
+    ].join('\n');
+  },
+};

package/docs/examples/plugins/release-readiness.projscan-plugin.json

@@ -0,0 +1,8 @@
+{
+  "schemaVersion": 1,
+  "name": "release-readiness",
+  "kind": "reporter",
+  "module": "./release-readiness.mjs",
+  "commands": ["doctor", "analyze", "ci"],
+  "description": "Renders doctor, analyze, and ci output as a release approval summary"
+}

package/docs/examples/plugins/security-radar.mjs

@@ -0,0 +1,50 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+
+export default {
+  check: async (rootPath, files) => {
+    const issues = [];
+
+    for (const file of files) {
+      if (/^\.env(\.|$)/.test(path.basename(file.relativePath))) {
+        issues.push({
+          id: 'committed-env-file',
+          title: 'Committed environment file',
+          description: `${file.relativePath} looks like a committed environment file. Confirm it contains no secrets before release.`,
+          severity: 'warning',
+          category: 'security',
+          fixAvailable: false,
+          locations: [{ file: file.relativePath, line: 1 }],
+        });
+      }
+    }
+
+    const packageJson = files.find((file) => file.relativePath === 'package.json');
+    if (!packageJson) return issues;
+
+    try {
+      const parsed = JSON.parse(await fs.readFile(path.join(rootPath, 'package.json'), 'utf-8'));
+      const scripts = parsed && typeof parsed === 'object' ? parsed.scripts : undefined;
+      if (!scripts || typeof scripts !== 'object') return issues;
+
+      for (const [name, command] of Object.entries(scripts)) {
+        if (typeof command !== 'string') continue;
+        if (/\bcurl\b.*\|\s*(?:sh|bash)|\bwget\b.*\|\s*(?:sh|bash)/.test(command)) {
+          issues.push({
+            id: `script-fetch-pipe-${name}`,
+            title: 'Install script pipes network content to a shell',
+            description: `package.json script "${name}" fetches remote content and pipes it into a shell.`,
+            severity: 'warning',
+            category: 'security',
+            fixAvailable: false,
+            locations: [{ file: 'package.json', line: 1 }],
+          });
+        }
+      }
+    } catch {
+      return issues;
+    }
+
+    return issues;
+  },
+};

package/docs/examples/plugins/security-radar.projscan-plugin.json

@@ -0,0 +1,8 @@
+{
+  "schemaVersion": 1,
+  "name": "security-radar",
+  "kind": "analyzer",
+  "module": "./security-radar.mjs",
+  "category": "security",
+  "description": "Flags common local security review triggers such as committed env files and shell-fetch install scripts"
+}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "2.2.0",
-  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), agent preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
+  "version": "2.9.0",
+  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -14,14 +14,15 @@
     "README.md",
     "docs/2.0-MIGRATION.md",
     "docs/PLUGIN-AUTHORING.md",
+    "docs/PLUGIN-GALLERY.md",
     "docs/plugin.schema.json",
     "docs/examples/plugins"
   ],
   "scripts": {
     "build": "tsc && node scripts/copy-wasm.mjs && node scripts/generate-tool-manifest.mjs",
     "dev": "tsc --watch",
-    "test": "vitest run --test-timeout 15000 --hook-timeout 15000",
-    "test:watch": "vitest --test-timeout 15000 --hook-timeout 15000",
+    "test": "vitest run --test-timeout 60000 --hook-timeout 60000",
+    "test:watch": "vitest --test-timeout 60000 --hook-timeout 60000",
     "lint": "eslint src/",
     "format": "prettier --write .",
     "bench": "node scripts/bench.mjs",