projscan 2.9.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +31 -23
- package/dist/cli/commands/dataflow.d.ts +1 -0
- package/dist/cli/commands/dataflow.js +76 -0
- package/dist/cli/commands/dataflow.js.map +1 -0
- package/dist/cli/commands/semanticGraph.d.ts +1 -0
- package/dist/cli/commands/semanticGraph.js +55 -0
- package/dist/cli/commands/semanticGraph.js.map +1 -0
- package/dist/cli/index.js +4 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/core/dataflow.d.ts +7 -0
- package/dist/core/dataflow.js +194 -0
- package/dist/core/dataflow.js.map +1 -0
- package/dist/core/intent.d.ts +1 -1
- package/dist/core/intent.js +16 -0
- package/dist/core/intent.js.map +1 -1
- package/dist/core/prDiff.js +25 -1
- package/dist/core/prDiff.js.map +1 -1
- package/dist/core/regressionPlan.js +2 -0
- package/dist/core/regressionPlan.js.map +1 -1
- package/dist/core/review.js +100 -3
- package/dist/core/review.js.map +1 -1
- package/dist/core/semanticGraph.d.ts +7 -0
- package/dist/core/semanticGraph.js +167 -0
- package/dist/core/semanticGraph.js.map +1 -0
- package/dist/core/taint.d.ts +5 -5
- package/dist/core/workplan.js +4 -4
- package/dist/core/workplan.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/mcp/tools/costSummary.js +2 -0
- package/dist/mcp/tools/costSummary.js.map +1 -1
- package/dist/mcp/tools/dataflow.d.ts +2 -0
- package/dist/mcp/tools/dataflow.js +58 -0
- package/dist/mcp/tools/dataflow.js.map +1 -0
- package/dist/mcp/tools/semanticGraph.d.ts +2 -0
- package/dist/mcp/tools/semanticGraph.js +40 -0
- package/dist/mcp/tools/semanticGraph.js.map +1 -0
- package/dist/mcp/tools.js +4 -0
- package/dist/mcp/tools.js.map +1 -1
- package/dist/projscan-sbom.cdx.json +6 -6
- package/dist/tool-manifest.json +55 -3
- package/dist/types.d.ts +94 -1
- package/dist/utils/formatSupport.d.ts +2 -0
- package/dist/utils/formatSupport.js +2 -0
- package/dist/utils/formatSupport.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
import { scanRepository } from '../../core/repositoryScanner.js';
|
|
2
|
+
import { buildCodeGraph } from '../../core/codeGraph.js';
|
|
3
|
+
import { computeDataflow } from '../../core/dataflow.js';
|
|
4
|
+
import { loadConfig } from '../../utils/config.js';
|
|
5
|
+
export const dataflowTool = {
|
|
6
|
+
name: 'projscan_dataflow',
|
|
7
|
+
description: 'Return v3 dataflow risks over the function graph. Includes legacy direct/propagated taint projections plus bridge-helper risks where a wrapper calls both a source reader and a dangerous sink.',
|
|
8
|
+
inputSchema: {
|
|
9
|
+
type: 'object',
|
|
10
|
+
properties: {
|
|
11
|
+
sources: {
|
|
12
|
+
type: 'array',
|
|
13
|
+
items: { type: 'string' },
|
|
14
|
+
description: 'Additional source names to merge with defaults and .projscanrc taint.sources.',
|
|
15
|
+
},
|
|
16
|
+
sinks: {
|
|
17
|
+
type: 'array',
|
|
18
|
+
items: { type: 'string' },
|
|
19
|
+
description: 'Additional sink names to merge with defaults and .projscanrc taint.sinks.',
|
|
20
|
+
},
|
|
21
|
+
max_risks: {
|
|
22
|
+
type: 'number',
|
|
23
|
+
description: 'Maximum risks to return. Default 50, max 500.',
|
|
24
|
+
},
|
|
25
|
+
max_tokens: {
|
|
26
|
+
type: 'number',
|
|
27
|
+
description: 'Cap the response to roughly this many tokens.',
|
|
28
|
+
},
|
|
29
|
+
},
|
|
30
|
+
},
|
|
31
|
+
handler: async (args, rootPath) => {
|
|
32
|
+
const scan = await scanRepository(rootPath);
|
|
33
|
+
const graph = await buildCodeGraph(rootPath, scan.files);
|
|
34
|
+
const { config } = await loadConfig(rootPath);
|
|
35
|
+
const sources = [
|
|
36
|
+
...(config.taint?.sources ?? []),
|
|
37
|
+
...(Array.isArray(args.sources)
|
|
38
|
+
? args.sources.filter((value) => typeof value === 'string')
|
|
39
|
+
: []),
|
|
40
|
+
];
|
|
41
|
+
const sinks = [
|
|
42
|
+
...(config.taint?.sinks ?? []),
|
|
43
|
+
...(Array.isArray(args.sinks)
|
|
44
|
+
? args.sinks.filter((value) => typeof value === 'string')
|
|
45
|
+
: []),
|
|
46
|
+
];
|
|
47
|
+
const maxRisks = typeof args.max_risks === 'number' && Number.isFinite(args.max_risks)
|
|
48
|
+
? Math.max(1, Math.min(500, Math.floor(args.max_risks)))
|
|
49
|
+
: 50;
|
|
50
|
+
const report = computeDataflow(graph, { sources, sinks });
|
|
51
|
+
return {
|
|
52
|
+
...report,
|
|
53
|
+
risks: report.risks.slice(0, maxRisks),
|
|
54
|
+
truncated: report.risks.length > maxRisks || report.truncated,
|
|
55
|
+
};
|
|
56
|
+
},
|
|
57
|
+
};
|
|
58
|
+
//# sourceMappingURL=dataflow.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dataflow.js","sourceRoot":"","sources":["../../../src/mcp/tools/dataflow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAGnD,MAAM,CAAC,MAAM,YAAY,GAAY;IACnC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EACT,iMAAiM;IACnM,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EAAE,+EAA+E;aAC7F;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gBACzB,WAAW,EAAE,2EAA2E;aACzF;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;SACF;KACF;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;QAChC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACzD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG;YACd,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC;YAChC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAC7B,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC;gBAC5E,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,KAAK,GAAG;YACZ,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC;YAC9B,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;gBAC3B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC;gBAC1E,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,QAAQ,GACZ,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;YACnE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;YACxD,CAAC,CAAC,EAAE,CAAC;QACT,MAAM,MAAM,GAAG,eAAe,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,OAAO;YACL,GAAG,MAAM;YACT,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;YACtC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,QAAQ,IAAI,MAAM,CAAC,SAAS;SAC9D,CAAC;IACJ,CAAC;CACF,CAAC"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import { scanRepository } from '../../core/repositoryScanner.js';
|
|
2
|
+
import { buildCodeGraph } from '../../core/codeGraph.js';
|
|
3
|
+
import { buildSemanticGraph } from '../../core/semanticGraph.js';
|
|
4
|
+
import { loadCachedGraph, saveCachedGraph } from '../../core/indexCache.js';
|
|
5
|
+
export const semanticGraphTool = {
|
|
6
|
+
name: 'projscan_semantic_graph',
|
|
7
|
+
description: 'Return the stable v3 semantic graph: file/function/package/symbol nodes plus imports, exports, defines, and calls edges. Use when an agent needs one normalized graph contract instead of several targeted graph queries.',
|
|
8
|
+
inputSchema: {
|
|
9
|
+
type: 'object',
|
|
10
|
+
properties: {
|
|
11
|
+
max_nodes: {
|
|
12
|
+
type: 'number',
|
|
13
|
+
description: 'Maximum graph nodes to return. Default 10000.',
|
|
14
|
+
},
|
|
15
|
+
max_edges: {
|
|
16
|
+
type: 'number',
|
|
17
|
+
description: 'Maximum graph edges to return. Default 25000.',
|
|
18
|
+
},
|
|
19
|
+
max_tokens: {
|
|
20
|
+
type: 'number',
|
|
21
|
+
description: 'Cap the response to roughly this many tokens.',
|
|
22
|
+
},
|
|
23
|
+
},
|
|
24
|
+
},
|
|
25
|
+
handler: async (args, rootPath) => {
|
|
26
|
+
const scan = await scanRepository(rootPath);
|
|
27
|
+
const cached = await loadCachedGraph(rootPath);
|
|
28
|
+
const graph = await buildCodeGraph(rootPath, scan.files, cached);
|
|
29
|
+
await saveCachedGraph(rootPath, graph);
|
|
30
|
+
return buildSemanticGraph(graph, {
|
|
31
|
+
maxNodes: typeof args.max_nodes === 'number' && Number.isFinite(args.max_nodes)
|
|
32
|
+
? args.max_nodes
|
|
33
|
+
: undefined,
|
|
34
|
+
maxEdges: typeof args.max_edges === 'number' && Number.isFinite(args.max_edges)
|
|
35
|
+
? args.max_edges
|
|
36
|
+
: undefined,
|
|
37
|
+
});
|
|
38
|
+
},
|
|
39
|
+
};
|
|
40
|
+
//# sourceMappingURL=semanticGraph.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"semanticGraph.js","sourceRoot":"","sources":["../../../src/mcp/tools/semanticGraph.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAG5E,MAAM,CAAC,MAAM,iBAAiB,GAAY;IACxC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,2NAA2N;IAC7N,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;YACD,SAAS,EAAE;gBACT,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;YACD,UAAU,EAAE;gBACV,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,+CAA+C;aAC7D;SACF;KACF;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;QAChC,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACjE,MAAM,eAAe,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,kBAAkB,CAAC,KAAK,EAAE;YAC/B,QAAQ,EACN,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;gBACnE,CAAC,CAAC,IAAI,CAAC,SAAS;gBAChB,CAAC,CAAC,SAAS;YACf,QAAQ,EACN,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;gBACnE,CAAC,CAAC,IAAI,CAAC,SAAS;gBAChB,CAAC,CAAC,SAAS;SAChB,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}
|
package/dist/mcp/tools.js
CHANGED
|
@@ -20,6 +20,7 @@ import { auditTool } from './tools/audit.js';
|
|
|
20
20
|
import { upgradeTool } from './tools/upgrade.js';
|
|
21
21
|
import { coverageTool } from './tools/coverage.js';
|
|
22
22
|
import { graphTool } from './tools/graph.js';
|
|
23
|
+
import { semanticGraphTool } from './tools/semanticGraph.js';
|
|
23
24
|
import { couplingTool } from './tools/coupling.js';
|
|
24
25
|
import { workspacesTool } from './tools/workspaces.js';
|
|
25
26
|
import { prDiffTool } from './tools/prDiff.js';
|
|
@@ -33,6 +34,7 @@ import { memoryTool } from './tools/memory.js';
|
|
|
33
34
|
import { workspaceGraphTool } from './tools/workspaceGraph.js';
|
|
34
35
|
import { applyFixTool } from './tools/applyFix.js';
|
|
35
36
|
import { taintTool } from './tools/taint.js';
|
|
37
|
+
import { dataflowTool } from './tools/dataflow.js';
|
|
36
38
|
import { costSummaryTool } from './tools/costSummary.js';
|
|
37
39
|
import { reviewWatchTool } from './tools/reviewWatch.js';
|
|
38
40
|
import { pluginTool } from './tools/plugin.js';
|
|
@@ -58,6 +60,7 @@ const tools = [
|
|
|
58
60
|
upgradeTool,
|
|
59
61
|
coverageTool,
|
|
60
62
|
graphTool,
|
|
63
|
+
semanticGraphTool,
|
|
61
64
|
couplingTool,
|
|
62
65
|
workspacesTool,
|
|
63
66
|
prDiffTool,
|
|
@@ -71,6 +74,7 @@ const tools = [
|
|
|
71
74
|
workspaceGraphTool,
|
|
72
75
|
applyFixTool,
|
|
73
76
|
taintTool,
|
|
77
|
+
dataflowTool,
|
|
74
78
|
costSummaryTool,
|
|
75
79
|
reviewWatchTool,
|
|
76
80
|
pluginTool,
|
package/dist/mcp/tools.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/mcp/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAMnD,MAAM,KAAK,GAAc;IACvB,WAAW;IACX,UAAU;IACV,YAAY;IACZ,WAAW;IACX,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,YAAY;IACZ,SAAS;IACT,WAAW;IACX,YAAY;IACZ,SAAS;IACT,YAAY;IACZ,cAAc;IACd,UAAU;IACV,UAAU;IACV,cAAc;IACd,gBAAgB;IAChB,UAAU;IACV,UAAU;IACV,WAAW;IACX,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,SAAS;IACT,eAAe;IACf,eAAe;IACf,UAAU;IACV,aAAa;IACb,YAAY;IACZ,gBAAgB;IAChB,WAAW;IACX,gBAAgB;IAChB,kBAAkB;IAClB,cAAc;IACd,oBAAoB;IACpB,YAAY;CACb,CAAC;AAEF,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,OAAO,CAAC;AACrD,CAAC"}
|
|
1
|
+
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/mcp/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAMnD,MAAM,KAAK,GAAc;IACvB,WAAW;IACX,UAAU;IACV,YAAY;IACZ,WAAW;IACX,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,YAAY;IACZ,SAAS;IACT,WAAW;IACX,YAAY;IACZ,SAAS;IACT,iBAAiB;IACjB,YAAY;IACZ,cAAc;IACd,UAAU;IACV,UAAU;IACV,cAAc;IACd,gBAAgB;IAChB,UAAU;IACV,UAAU;IACV,WAAW;IACX,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,SAAS;IACT,YAAY;IACZ,eAAe;IACf,eAAe;IACf,UAAU;IACV,aAAa;IACb,YAAY;IACZ,gBAAgB;IAChB,WAAW;IACX,gBAAgB;IAChB,kBAAkB;IAClB,cAAc;IACd,oBAAoB;IACpB,YAAY;CACb,CAAC;AAEF,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,EAAE,OAAO,CAAC;AACrD,CAAC"}
|
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"bomFormat": "CycloneDX",
|
|
3
3
|
"specVersion": "1.5",
|
|
4
|
-
"serialNumber": "urn:uuid:
|
|
4
|
+
"serialNumber": "urn:uuid:1017d452-e5cf-4028-813c-ca8e910b840b",
|
|
5
5
|
"version": 1,
|
|
6
6
|
"metadata": {
|
|
7
|
-
"timestamp": "2026-05-
|
|
7
|
+
"timestamp": "2026-05-23T21:32:37.336Z",
|
|
8
8
|
"tools": [
|
|
9
9
|
{
|
|
10
10
|
"vendor": "projscan",
|
|
11
11
|
"name": "projscan-sbom-generator",
|
|
12
|
-
"version": "
|
|
12
|
+
"version": "3.0.0"
|
|
13
13
|
}
|
|
14
14
|
],
|
|
15
15
|
"component": {
|
|
16
16
|
"type": "application",
|
|
17
|
-
"bom-ref": "pkg:npm/projscan@
|
|
17
|
+
"bom-ref": "pkg:npm/projscan@3.0.0",
|
|
18
18
|
"name": "projscan",
|
|
19
|
-
"version": "
|
|
20
|
-
"purl": "pkg:npm/projscan@
|
|
19
|
+
"version": "3.0.0",
|
|
20
|
+
"purl": "pkg:npm/projscan@3.0.0"
|
|
21
21
|
}
|
|
22
22
|
},
|
|
23
23
|
"components": [
|
package/dist/tool-manifest.json
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "projscan",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.0",
|
|
4
4
|
"mcpProtocolVersion": "2025-03-26",
|
|
5
|
-
"generatedAt": "2026-05-
|
|
6
|
-
"toolCount":
|
|
5
|
+
"generatedAt": "2026-05-23T21:32:42.491Z",
|
|
6
|
+
"toolCount": 39,
|
|
7
7
|
"tools": [
|
|
8
8
|
{
|
|
9
9
|
"name": "projscan_analyze",
|
|
@@ -264,6 +264,27 @@
|
|
|
264
264
|
]
|
|
265
265
|
}
|
|
266
266
|
},
|
|
267
|
+
{
|
|
268
|
+
"name": "projscan_semantic_graph",
|
|
269
|
+
"description": "Return the stable v3 semantic graph: file/function/package/symbol nodes plus imports, exports, defines, and calls edges. Use when an agent needs one normalized graph contract instead of several targeted graph queries.",
|
|
270
|
+
"inputSchema": {
|
|
271
|
+
"type": "object",
|
|
272
|
+
"properties": {
|
|
273
|
+
"max_nodes": {
|
|
274
|
+
"type": "number",
|
|
275
|
+
"description": "Maximum graph nodes to return. Default 10000."
|
|
276
|
+
},
|
|
277
|
+
"max_edges": {
|
|
278
|
+
"type": "number",
|
|
279
|
+
"description": "Maximum graph edges to return. Default 25000."
|
|
280
|
+
},
|
|
281
|
+
"max_tokens": {
|
|
282
|
+
"type": "number",
|
|
283
|
+
"description": "Cap the response to roughly this many tokens."
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
}
|
|
287
|
+
},
|
|
267
288
|
{
|
|
268
289
|
"name": "projscan_coupling",
|
|
269
290
|
"description": "Per-file coupling metrics (fan-in, fan-out, instability) and circular-import cycles, derived from the AST code graph. Use `direction` to focus the result: \"all\" returns every file sorted by fan-in; \"high_fan_in\" / \"high_fan_out\" sort accordingly; \"cycles_only\" returns just the files participating in import cycles. Cycles are reported separately as strongly-connected components of size >= 2.",
|
|
@@ -647,6 +668,37 @@
|
|
|
647
668
|
}
|
|
648
669
|
}
|
|
649
670
|
},
|
|
671
|
+
{
|
|
672
|
+
"name": "projscan_dataflow",
|
|
673
|
+
"description": "Return v3 dataflow risks over the function graph. Includes legacy direct/propagated taint projections plus bridge-helper risks where a wrapper calls both a source reader and a dangerous sink.",
|
|
674
|
+
"inputSchema": {
|
|
675
|
+
"type": "object",
|
|
676
|
+
"properties": {
|
|
677
|
+
"sources": {
|
|
678
|
+
"type": "array",
|
|
679
|
+
"items": {
|
|
680
|
+
"type": "string"
|
|
681
|
+
},
|
|
682
|
+
"description": "Additional source names to merge with defaults and .projscanrc taint.sources."
|
|
683
|
+
},
|
|
684
|
+
"sinks": {
|
|
685
|
+
"type": "array",
|
|
686
|
+
"items": {
|
|
687
|
+
"type": "string"
|
|
688
|
+
},
|
|
689
|
+
"description": "Additional sink names to merge with defaults and .projscanrc taint.sinks."
|
|
690
|
+
},
|
|
691
|
+
"max_risks": {
|
|
692
|
+
"type": "number",
|
|
693
|
+
"description": "Maximum risks to return. Default 50, max 500."
|
|
694
|
+
},
|
|
695
|
+
"max_tokens": {
|
|
696
|
+
"type": "number",
|
|
697
|
+
"description": "Cap the response to roughly this many tokens."
|
|
698
|
+
}
|
|
699
|
+
}
|
|
700
|
+
}
|
|
701
|
+
},
|
|
650
702
|
{
|
|
651
703
|
"name": "projscan_cost_summary",
|
|
652
704
|
"description": "Aggregate token-cost analytics from the current session's tool-call history. action:\"snapshot\" (default) returns total tokens spent, top spenders, per-tool typical/p95 estimates, and a static expected-cost catalog so the agent can budget pre-call. 1.10+: action:\"start_stream\" / \"stop_stream\" / \"list_streams\" turns this into a live cost dashboard — the server polls the session log on an interval and emits notifications/projscan/cost_delta whenever new tool calls have accrued, with the per-tool deltas and the new cumulative totals inline. Pairs with the `_cost` sidecar attached to every tool result. Read-only. Note: the session event log is bounded at 500 entries — for long-running sessions, older calls are dropped from the snapshot.",
|
package/dist/types.d.ts
CHANGED
|
@@ -906,6 +906,76 @@ export interface PrDiffReport {
|
|
|
906
906
|
filesModified: FileAstDiff[];
|
|
907
907
|
totalFilesChanged: number;
|
|
908
908
|
}
|
|
909
|
+
export type SemanticGraphNodeKind = 'file' | 'function' | 'package' | 'symbol';
|
|
910
|
+
export interface SemanticGraphNode {
|
|
911
|
+
id: string;
|
|
912
|
+
kind: SemanticGraphNodeKind;
|
|
913
|
+
label: string;
|
|
914
|
+
file?: string;
|
|
915
|
+
line?: number;
|
|
916
|
+
endLine?: number;
|
|
917
|
+
adapterId?: string;
|
|
918
|
+
metrics?: {
|
|
919
|
+
lineCount?: number;
|
|
920
|
+
cyclomaticComplexity?: number;
|
|
921
|
+
fanIn?: number;
|
|
922
|
+
fanOut?: number;
|
|
923
|
+
};
|
|
924
|
+
}
|
|
925
|
+
export type SemanticGraphEdgeKind = 'defines' | 'imports' | 'imports_package' | 'exports' | 'calls';
|
|
926
|
+
export interface SemanticGraphEdge {
|
|
927
|
+
from: string;
|
|
928
|
+
to: string;
|
|
929
|
+
kind: SemanticGraphEdgeKind;
|
|
930
|
+
label?: string;
|
|
931
|
+
}
|
|
932
|
+
export interface SemanticGraphReport {
|
|
933
|
+
schemaVersion: 3;
|
|
934
|
+
nodes: SemanticGraphNode[];
|
|
935
|
+
edges: SemanticGraphEdge[];
|
|
936
|
+
metrics: {
|
|
937
|
+
totalFiles: number;
|
|
938
|
+
totalFunctions: number;
|
|
939
|
+
totalPackages: number;
|
|
940
|
+
totalSymbols: number;
|
|
941
|
+
totalEdges: number;
|
|
942
|
+
};
|
|
943
|
+
truncated: boolean;
|
|
944
|
+
limits: {
|
|
945
|
+
maxNodes: number;
|
|
946
|
+
maxEdges: number;
|
|
947
|
+
};
|
|
948
|
+
}
|
|
949
|
+
export type DataflowRiskKind = 'direct' | 'propagated' | 'bridge';
|
|
950
|
+
export type DataflowRiskSeverity = 'warning' | 'error';
|
|
951
|
+
export type DataflowRiskConfidence = 'low' | 'medium' | 'high';
|
|
952
|
+
export interface DataflowRisk {
|
|
953
|
+
key: string;
|
|
954
|
+
kind: DataflowRiskKind;
|
|
955
|
+
severity: DataflowRiskSeverity;
|
|
956
|
+
confidence: DataflowRiskConfidence;
|
|
957
|
+
sourceFn: string;
|
|
958
|
+
sinkFn: string;
|
|
959
|
+
bridgeFn?: string;
|
|
960
|
+
source: string;
|
|
961
|
+
sink: string;
|
|
962
|
+
path: string[];
|
|
963
|
+
sourcePath?: string[];
|
|
964
|
+
sinkPath?: string[];
|
|
965
|
+
pathLength: number;
|
|
966
|
+
files: string[];
|
|
967
|
+
}
|
|
968
|
+
export interface DataflowReport {
|
|
969
|
+
available: boolean;
|
|
970
|
+
reason?: string;
|
|
971
|
+
riskCount: number;
|
|
972
|
+
risks: DataflowRisk[];
|
|
973
|
+
effectiveSources: string[];
|
|
974
|
+
effectiveSinks: string[];
|
|
975
|
+
truncated?: boolean;
|
|
976
|
+
truncatedSources?: string[];
|
|
977
|
+
maxDepth?: number;
|
|
978
|
+
}
|
|
909
979
|
/**
|
|
910
980
|
* One changed file enriched with risk signals. The agent calling
|
|
911
981
|
* projscan_review uses these to decide which files need careful review.
|
|
@@ -981,6 +1051,24 @@ export interface ReviewTaintFlow {
|
|
|
981
1051
|
/** 1.9+ — set when `projscan_review` was called with an `intent` arg. Absent otherwise. */
|
|
982
1052
|
intentAlignment?: 'expected' | 'unexpected' | 'out-of-scope' | 'unknown';
|
|
983
1053
|
}
|
|
1054
|
+
/**
|
|
1055
|
+
* 3.0+ — Review-time dataflow risks that are not represented by legacy
|
|
1056
|
+
* taint reachability, especially bridge helpers that call both a source
|
|
1057
|
+
* wrapper and a sink wrapper.
|
|
1058
|
+
*/
|
|
1059
|
+
export interface ReviewDataflowRisk {
|
|
1060
|
+
kind: DataflowRiskKind;
|
|
1061
|
+
sourceFn: string;
|
|
1062
|
+
sinkFn: string;
|
|
1063
|
+
bridgeFn?: string;
|
|
1064
|
+
source: string;
|
|
1065
|
+
sink: string;
|
|
1066
|
+
pathLength: number;
|
|
1067
|
+
files: string[];
|
|
1068
|
+
severity: DataflowRiskSeverity;
|
|
1069
|
+
confidence: DataflowRiskConfidence;
|
|
1070
|
+
intentAlignment?: 'expected' | 'unexpected' | 'out-of-scope' | 'unknown';
|
|
1071
|
+
}
|
|
984
1072
|
/** Workspace-package-scoped dependency change. Aggregates root + workspaces. */
|
|
985
1073
|
export interface ReviewDependencyChange {
|
|
986
1074
|
/** Workspace name; '' for the root manifest. */
|
|
@@ -1046,6 +1134,11 @@ export interface ReviewReport {
|
|
|
1046
1134
|
* (no per-function callSites at either side).
|
|
1047
1135
|
*/
|
|
1048
1136
|
newTaintFlows: ReviewTaintFlow[];
|
|
1137
|
+
/**
|
|
1138
|
+
* 3.0+ — NEW dataflow risks introduced by this PR that are outside the
|
|
1139
|
+
* legacy source-to-sink taint flow list. Empty when unavailable or clean.
|
|
1140
|
+
*/
|
|
1141
|
+
newDataflowRisks: ReviewDataflowRisk[];
|
|
1049
1142
|
/** 'ok' = ship it; 'review' = needs careful look; 'block' = strongly suggests rework. */
|
|
1050
1143
|
verdict: 'ok' | 'review' | 'block';
|
|
1051
1144
|
/** One-line bullets explaining the verdict. */
|
|
@@ -1074,7 +1167,7 @@ export interface ReviewReport {
|
|
|
1074
1167
|
intentAnalysis?: {
|
|
1075
1168
|
totals: Record<'expected' | 'unexpected' | 'out-of-scope' | 'unknown', number>;
|
|
1076
1169
|
notable: Array<{
|
|
1077
|
-
kind: 'file' | 'function' | 'cycle' | 'taint' | 'dependency';
|
|
1170
|
+
kind: 'file' | 'function' | 'cycle' | 'taint' | 'dataflow' | 'dependency';
|
|
1078
1171
|
label: string;
|
|
1079
1172
|
alignment: 'expected' | 'unexpected' | 'out-of-scope' | 'unknown';
|
|
1080
1173
|
reason: string;
|
|
@@ -11,6 +11,7 @@ export declare const COMMAND_FORMAT_SUPPORT: {
|
|
|
11
11
|
readonly coupling: readonly ["console", "json", "markdown", "html"];
|
|
12
12
|
readonly coverage: readonly ["console", "json", "markdown", "html"];
|
|
13
13
|
readonly dependencies: readonly ["console", "json", "markdown"];
|
|
14
|
+
readonly dataflow: readonly ["console", "json"];
|
|
14
15
|
readonly diagram: readonly ["console", "json", "markdown"];
|
|
15
16
|
readonly diff: readonly ["console", "json", "markdown"];
|
|
16
17
|
readonly doctor: readonly ["console", "json", "markdown", "sarif", "html"];
|
|
@@ -46,6 +47,7 @@ export declare const COMMAND_FORMAT_SUPPORT: {
|
|
|
46
47
|
readonly recipes: readonly ["console", "json"];
|
|
47
48
|
readonly review: readonly ["console", "json", "markdown", "html"];
|
|
48
49
|
readonly search: readonly ["console", "json", "markdown"];
|
|
50
|
+
readonly 'semantic-graph': readonly ["console", "json"];
|
|
49
51
|
readonly session: readonly ["console", "json"];
|
|
50
52
|
readonly 'session touched': readonly ["console", "json"];
|
|
51
53
|
readonly 'session events': readonly ["console", "json"];
|
|
@@ -10,6 +10,7 @@ export const COMMAND_FORMAT_SUPPORT = {
|
|
|
10
10
|
coupling: ['console', 'json', 'markdown', 'html'],
|
|
11
11
|
coverage: ['console', 'json', 'markdown', 'html'],
|
|
12
12
|
dependencies: ['console', 'json', 'markdown'],
|
|
13
|
+
dataflow: ['console', 'json'],
|
|
13
14
|
diagram: ['console', 'json', 'markdown'],
|
|
14
15
|
diff: ['console', 'json', 'markdown'],
|
|
15
16
|
doctor: ['console', 'json', 'markdown', 'sarif', 'html'],
|
|
@@ -45,6 +46,7 @@ export const COMMAND_FORMAT_SUPPORT = {
|
|
|
45
46
|
recipes: ['console', 'json'],
|
|
46
47
|
review: ['console', 'json', 'markdown', 'html'],
|
|
47
48
|
search: ['console', 'json', 'markdown'],
|
|
49
|
+
'semantic-graph': ['console', 'json'],
|
|
48
50
|
session: ['console', 'json'],
|
|
49
51
|
'session touched': ['console', 'json'],
|
|
50
52
|
'session events': ['console', 'json'],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"formatSupport.js","sourceRoot":"","sources":["../../src/utils/formatSupport.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAA4C,CAAC;AAE1H,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACzD,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC/C,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,EAAE,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC5C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC7C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACxD,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAChD,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC9C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAClD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAClD,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACvC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC1C,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,CAAC;IAC/B,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC3C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;CAC6B,CAAC;AAI7D,MAAM,UAAU,UAAU,CAAC,UAAmC,cAAc;IAC1E,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,OAAQ,sBAAkE,CAAC,WAAW,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAA4B;QACrC,OAAO;KACR,CAAC,CAAC,CAAC;AACN,CAAC"}
|
|
1
|
+
{"version":3,"file":"formatSupport.js","sourceRoot":"","sources":["../../src/utils/formatSupport.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAA4C,CAAC;AAE1H,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACzD,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC/C,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,EAAE,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAC5C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC7C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC7B,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC;IACxD,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAChD,IAAI,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACrC,WAAW,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAChC,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC9C,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IACjD,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,SAAS,CAAC;IACjB,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC/B,cAAc,EAAE,CAAC,SAAS,CAAC;IAC3B,GAAG,EAAE,CAAC,SAAS,CAAC;IAChB,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;IAClD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAClC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC9B,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAClD,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACxC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC;IAC/C,MAAM,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACvC,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC5B,iBAAiB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACpC,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC1C,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IACxC,KAAK,EAAE,CAAC,SAAS,CAAC;IAClB,gBAAgB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;IACrC,eAAe,EAAE,CAAC,SAAS,CAAC;IAC5B,kBAAkB,EAAE,CAAC,SAAS,CAAC;IAC/B,UAAU,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,CAAC;IAC3C,QAAQ,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;CAC6B,CAAC;AAI7D,MAAM,UAAU,UAAU,CAAC,UAAmC,cAAc;IAC1E,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,WAAmB;IACzD,OAAQ,sBAAkE,CAAC,WAAW,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,OAAO,EAAE,OAA4B;QACrC,OAAO;KACR,CAAC,CAAC,CAAC;AACN,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "projscan",
|
|
3
3
|
"mcpName": "io.github.abhiyoheswaran1/projscan",
|
|
4
|
-
"version": "
|
|
5
|
-
"description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
|
|
4
|
+
"version": "3.0.0",
|
|
5
|
+
"description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "./dist/index.js",
|
|
8
8
|
"types": "./dist/index.d.ts",
|