projscan 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/README.md +26 -26
  2. package/dist/cli/commands/recipes.js +6 -0
  3. package/dist/cli/commands/recipes.js.map +1 -1
  4. package/dist/core/adoption.d.ts +2 -1
  5. package/dist/core/adoption.js +9 -2
  6. package/dist/core/adoption.js.map +1 -1
  7. package/dist/core/agentBrief.js +13 -1
  8. package/dist/core/agentBrief.js.map +1 -1
  9. package/dist/core/dogfood.js +64 -0
  10. package/dist/core/dogfood.js.map +1 -1
  11. package/dist/core/frameworkSources.js +39 -0
  12. package/dist/core/frameworkSources.js.map +1 -1
  13. package/dist/core/onboarding.d.ts +2 -0
  14. package/dist/core/onboarding.js +51 -0
  15. package/dist/core/onboarding.js.map +1 -0
  16. package/dist/core/pluginDx.js +55 -4
  17. package/dist/core/pluginDx.js.map +1 -1
  18. package/dist/core/releaseEvidence.js +33 -0
  19. package/dist/core/releaseEvidence.js.map +1 -1
  20. package/dist/core/releaseTrain.js +10 -0
  21. package/dist/core/releaseTrain.js.map +1 -1
  22. package/dist/core/roadmapCatalog.d.ts +5 -0
  23. package/dist/core/roadmapCatalog.js +213 -0
  24. package/dist/core/roadmapCatalog.js.map +1 -0
  25. package/dist/core/sessionResources.js +30 -0
  26. package/dist/core/sessionResources.js.map +1 -1
  27. package/dist/core/start.js +4 -0
  28. package/dist/core/start.js.map +1 -1
  29. package/dist/index.d.ts +1 -1
  30. package/dist/projscan-sbom.cdx.json +6 -6
  31. package/dist/tool-manifest.json +2 -2
  32. package/dist/types.d.ts +44 -0
  33. package/docs/PLUGIN-AUTHORING.md +8 -0
  34. package/docs/PLUGIN-GALLERY.md +2 -2
  35. package/package.json +1 -1
package/docs/PLUGIN-GALLERY.md CHANGED
@@ -9,7 +9,7 @@ projscan plugin test .projscan-plugins/<name>.projscan-plugin.json
9
9
  PROJSCAN_PLUGINS_PREVIEW=1 projscan doctor
10
10
  ```
11
11
 
12
- Local plugins are code execution. Only enable plugins you trust.
12
+ Local plugins are code execution. Only enable plugins you trust. `projscan plugin test --format json` returns `trust`, `commands`, and `context` guidance so agents can validate a plugin, see the preview flag, and detect graph/dataflow context needs before execution.
13
13
 
14
14
  ## Analyzer Plugins
15
15
 
@@ -34,7 +34,7 @@ Files:
34
34
 
35
35
  ### `graph-context`
36
36
 
37
- Demonstrates analyzer access to the optional graph/dataflow context. It reads the semantic graph and dataflow report through `context.getSemanticGraph()` and `context.getDataflow()` and emits a compact architecture summary issue.
37
+ Demonstrates analyzer access to the optional graph/dataflow context. It reads the semantic graph and dataflow report through `context.getSemanticGraph()` and `context.getDataflow()` and emits a compact architecture summary issue. The test result marks `context.requested: true` and lists `semanticGraph` plus `dataflow` capabilities.
38
38
 
39
39
  Files:
40
40
  - `docs/examples/plugins/graph-context.projscan-plugin.json`
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "projscan",
3
3
  "mcpName": "io.github.abhiyoheswaran1/projscan",
4
- "version": "3.1.0",
4
+ "version": "3.2.0",
5
5
  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
6
6
  "type": "module",
7
7
  "main": "./dist/index.js",