npm - projscan - Versions diffs - 4.1.0 → 4.2.0 - Mend

projscan 4.1.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +173 -25
package/dist/cli/commands/start.js +1022 -2
package/dist/cli/commands/start.js.map +1 -1
package/dist/core/start.js +1045 -8
package/dist/core/start.js.map +1 -1
package/dist/projscan-sbom.cdx.json +6 -6
package/dist/tool-manifest.json +2 -2
package/dist/types.d.ts +192 -0
package/docs/GUIDE.md +3 -1
package/docs/demos/projscan-4-1-demo.html +94 -65
package/docs/projscan-mission-control.png +0 -0
package/docs/projscan-proof-router.png +0 -0
package/package.json +1 -1
package/scripts/capture-readme-assets.mjs +1 -1

package/dist/types.d.ts CHANGED Viewed

@@ -720,7 +720,88 @@ export interface StartUnresolvedInput {
     sourceAction: string;
     instruction: string;
 }
+export interface StartMissionResumeReference {
+    id: string;
+    phaseId: StartExecutionPhaseId;
+    kind: StartExecutionStepKind;
+    status: StartExecutionStatus;
+    label: string;
+    instruction?: string;
+    command?: string;
+    placeholder?: string;
+}
+export interface StartMissionToolCall {
+    tool: string;
+    args?: Record<string, unknown>;
+}
+export interface StartMissionProofToolCall extends StartMissionToolCall {
+    stepId: string;
+    command: string;
+}
+export interface StartMissionProofItem {
+    stepId: string;
+    status: StartExecutionStatus;
+    label: string;
+    command: string;
+    toolCall?: StartMissionToolCall;
+}
+export interface StartMissionInputBinding {
+    inputId: string;
+    label: string;
+    placeholder: string;
+    instruction: string;
+    followUpIds: string[];
+}
+export type StartMissionResumeChecklistItemKind = 'run_current' | 'resolve_input' | 'run_follow_up' | 'run_proof' | 'confirm_done';
+export interface StartMissionResumeChecklistItem {
+    id: string;
+    kind: StartMissionResumeChecklistItemKind;
+    phaseId: StartExecutionPhaseId;
+    stepId: string;
+    status: StartExecutionStatus;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    placeholder?: string;
+    instruction?: string;
+    blockedBy?: string[];
+    dependsOn?: string[];
+    unlocks?: string[];
+    followUpIds?: string[];
+}
+export interface StartMissionResumeFollowUp {
+    id: string;
+    phaseId: StartExecutionPhaseId;
+    kind: StartExecutionStepKind;
+    status: StartExecutionStatus;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    blockedBy?: string[];
+    dependsOn?: string[];
+}
+export interface StartMissionResume {
+    currentStep: StartExecutionCursor;
+    status: StartExecutionStatus;
+    instruction: string;
+    prompt: string;
+    commandBlock?: string;
+    toolCall?: StartMissionToolCall;
+    followUps?: StartMissionResumeFollowUp[];
+    inputBindings?: StartMissionInputBinding[];
+    checklist?: StartMissionResumeChecklistItem[];
+    remainingProofItems?: StartMissionProofItem[];
+    remainingProofCommands?: string[];
+    remainingProofToolCalls?: StartMissionProofToolCall[];
+    unlocks?: StartMissionResumeReference[];
+    blockedBy?: StartMissionResumeReference[];
+}
 export interface StartMissionHandoff {
+    currentStep: StartExecutionCursor;
+    resume: StartMissionResume;
+    reviewGate: StartMissionReviewGate;
     nextAction: PreflightSuggestedAction;
     readyActions: PreflightSuggestedAction[];
     needsInput: StartUnresolvedInput[];
@@ -728,8 +809,114 @@ export interface StartMissionHandoff {
     readyProof: {
         summary: string;
         commands: string[];
+        toolCalls?: StartMissionProofToolCall[];
+        items?: StartMissionProofItem[];
     };
 }
+export type StartExecutionPhaseId = 'next_action' | 'ready_now' | 'resolve_inputs' | 'follow_up' | 'proof' | 'done_when';
+export type StartExecutionStatus = 'ready' | 'blocked' | 'pending';
+export type StartExecutionStepKind = 'tool' | 'input' | 'proof' | 'criterion' | 'handoff';
+export interface StartExecutionStep {
+    id: string;
+    kind: StartExecutionStepKind;
+    status: StartExecutionStatus;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    instruction?: string;
+    placeholder?: string;
+    dependsOn?: string[];
+    blockedBy?: string[];
+    unlocks?: string[];
+}
+export interface StartExecutionPhase {
+    id: StartExecutionPhaseId;
+    title: string;
+    status: StartExecutionStatus;
+    steps: StartExecutionStep[];
+}
+export interface StartExecutionCursor {
+    phaseId: StartExecutionPhaseId;
+    stepId: string;
+    status: StartExecutionStatus;
+    kind: StartExecutionStepKind;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    instruction?: string;
+    placeholder?: string;
+    blockedBy?: string[];
+    unlocks?: string[];
+    reason: string;
+}
+export interface StartExecutionPlan {
+    summary: string;
+    currentPhase: StartExecutionPhaseId;
+    cursor: StartExecutionCursor;
+    phases: StartExecutionPhase[];
+}
+export interface StartMissionRunbook {
+    title: string;
+    status: StartMissionControlStatus;
+    currentPhase: StartExecutionPhaseId;
+    currentStep: StartExecutionCursor;
+    resume: StartMissionResume;
+    readyCommandBlock: string;
+    blockedInputSummary?: string;
+    markdown: string;
+}
+export interface StartMissionReviewWorktree {
+    available: boolean;
+    clean: boolean;
+    changedFileCount: number;
+    files: string[];
+    baseRef: string | null;
+    summary: string;
+    reason?: string;
+}
+export interface StartMissionReviewProof {
+    summary: string;
+    commands: string[];
+    toolCalls?: StartMissionProofToolCall[];
+    items?: StartMissionProofItem[];
+}
+export type StartMissionReviewBlockedAction = 'next_slice' | 'release' | 'publish' | 'deploy' | 'push' | 'merge' | 'version_bump';
+export interface StartMissionReviewPolicy {
+    approvalRequired: true;
+    blockedActions: StartMissionReviewBlockedAction[];
+    summary: string;
+}
+export interface StartMissionReviewDecision {
+    id: 'approve_next_slice' | 'request_changes' | 'review_version_candidate';
+    label: string;
+    description: string;
+    consequence: string;
+    reply: string;
+}
+export interface StartMissionReviewGate {
+    title: string;
+    required: true;
+    status: StartMissionControlStatus;
+    stopCondition: string;
+    reviewPrompt: string;
+    checklist: string[];
+    doneWhen: string[];
+    policy: StartMissionReviewPolicy;
+    decisions: StartMissionReviewDecision[];
+    commands: string[];
+    worktree: StartMissionReviewWorktree;
+    proof: StartMissionReviewProof;
+    markdown: string;
+}
+export interface StartMissionTaskCard {
+    title: string;
+    status: StartMissionControlStatus;
+    currentPhase: StartExecutionPhaseId;
+    currentStep: StartExecutionCursor;
+    markdown: string;
+}
 export interface StartMissionControl {
     intent?: string;
     status: StartMissionControlStatus;
@@ -745,7 +932,12 @@ export interface StartMissionControl {
     successCriteria: string[];
     proofSummary: string;
     proofCommands: string[];
+    resume: StartMissionResume;
     handoff: StartMissionHandoff;
+    executionPlan: StartExecutionPlan;
+    runbook: StartMissionRunbook;
+    reviewGate: StartMissionReviewGate;
+    taskCard: StartMissionTaskCard;
     handoffPrompt: string;
 }
 export interface StartReport {

package/docs/GUIDE.md CHANGED Viewed

@@ -205,7 +205,9 @@ When the agent first opens a repo, or before starting a refactor, the question i
 - **`projscan_coupling` / `projscan coupling`** — per-file fan-in / fan-out / instability plus circular-import cycles (Tarjan SCC). Use `direction: cycles_only` or `projscan coupling --cycles-only` to surface architectural debt directly.
 - **`projscan_analyze` / `projscan analyze`** — the everything report; useful at session start but verbose.
-**Typical agent flow:** start with `projscan privacy-check`, then `projscan_start` with an optional plain-language intent. If no explicit mode is supplied, start infers the workflow mode from the intent, such as `before_commit` for commit-safety checks; read `modeSource` and `modeReason` to see whether the mode was explicit, inferred, or defaulted. `modeReason` distinguishes workflow-mode defaulting from action routing, so an impact intent can still route through Mission Control while the workflow stays `before_edit`. The `firstTenMinutes` path and current-worktree coordination hint follow that resolved mode, so a commit-safety start does not send the developer back through a before-edit gate. Follow `missionControl.actionPlan`, call `missionControl.readyActions` immediately, use routed-intent weighted `confidence`, `score`, and `matchedKeywords` to judge weak or ambiguous matches, and read the same confidence line in console output when working manually. Fill any `missionControl.unresolvedInputs` before running placeholder follow-ups, inspect `missionControl.alternatives` when the intent mixes goals, stop only when `missionControl.successCriteria` is satisfied, and hand off with `missionControl.handoff` or the concise `missionControl.handoffPrompt`. Cite `missionControl.proofSummary` plus the runnable-only `missionControl.proofCommands` in the handoff. MCP agents should call each action by its `tool` and `args`; humans can run the matching `command`. Use `projscan_understand` and `projscan_preflight` when you need broader context or a safety gate. Use `projscan_workplan` when you need an ordered execution plan, `projscan_agent_brief` for a compact handoff, and `projscan_evidence_pack --pr-comment` when you need reviewer-facing proof. Deeper tools such as `doctor`, `hotspots`, `dataflow`, `review`, `bug-hunt`, `quality-scorecard`, `dogfood`, and `trial` are follow-up tools.
+**Typical agent flow:** start with `projscan privacy-check`, then `projscan_start` with an optional plain-language intent. If no explicit mode is supplied, start infers the workflow mode from the intent, such as `before_commit` for commit-safety checks; read `modeSource` and `modeReason` to see whether the mode was explicit, inferred, or defaulted. `modeReason` distinguishes workflow-mode defaulting from action routing, so an impact intent can still route through Mission Control while the workflow stays `before_edit`. The `firstTenMinutes` path and current-worktree coordination hint follow that resolved mode, so a commit-safety start does not send the developer back through a before-edit gate. Follow `missionControl.actionPlan`, call `missionControl.readyActions` immediately, use `missionControl.executionPlan.currentPhase` as the cursor-aligned phase pointer, and use `missionControl.executionPlan.cursor.tool` / `args` when the cursor is directly MCP-callable. Use routed-intent weighted `confidence`, `score`, and `matchedKeywords` to judge weak or ambiguous matches, and read the same confidence line in console output when working manually. Fill any `missionControl.unresolvedInputs` before running placeholder follow-ups, inspect `missionControl.alternatives` when the intent mixes goals, stop only when `missionControl.successCriteria` is satisfied, and hand off with `missionControl.handoff`, `missionControl.runbook`, or the concise `missionControl.handoffPrompt`. Use `missionControl.reviewGate` as the autonomous-work stop boundary: finish the current checklist and proof, capture `git status --short` and `git diff --stat`, then wait for approval before another slice, release, publish, or deploy. Read `missionControl.reviewGate.worktree` for current worktree availability, changed-file count, base ref, and visible changed files. Use `missionControl.reviewGate.proof` when the reviewer needs the remaining proof queue without reading the full resume object. Read `missionControl.reviewGate.doneWhen` for the success criteria the reviewer must confirm before approving more work. Read `missionControl.reviewGate.policy` before continuing from a review handoff; it lists the actions blocked until explicit reviewer approval: another slice, release, publish, deploy, push, merge, and version bump. Use `projscan start --review-gate-json --intent "<goal>"` or saved `review-gate.json` when a script needs proof, worktree evidence, done criteria, decisions, and policy in one review object. Use `projscan start --review-policy --intent "<goal>"` or saved `review-policy.json` when a script only needs that approval boundary. Use `missionControl.reviewGate.decisions` as the approval menu in review gates, task cards, and runbooks; each decision includes copyable reviewer reply text so agents do not infer permission to continue, release, or publish. The default console review gate, saved mission bundle README, concise handoff prompt, `--review-replies`, and saved `review-replies.txt` show those replies for first-open review. `missionControl.handoff.reviewGate`, `--handoff-json`, and saved `handoff.json` carry that same gate for transfer-only flows. The handoff prompt starts with `missionControl.resume.prompt`, so it carries the current cursor, runnable command or blocked input instruction, labeled unlocks or blockers, done criteria, ready proof, review stop condition, and reviewer replies in one copyable sentence; the normal console prints that same value as `Handoff Prompt` without requiring JSON or `--include-handoff`, `projscan start --handoff-prompt --intent "<goal>"` prints only that prompt for piping or copy/paste, and the Markdown runbook renders it as `## Handoff Prompt` so copied runbooks carry the same next-agent prompt. When a human just needs the runnable shell step, `projscan start --next-command --intent "<goal>"` prints only the current cursor command; when an MCP agent needs the callable equivalent, `projscan start --next-tool-call --intent "<goal>"` prints the current cursor tool call as compact JSON. Cite `missionControl.proofSummary` plus the runnable-only `missionControl.proofCommands` in broad handoff notes, and use `missionControl.handoff.readyProof.items` when resuming because it is the complete ordered remaining-proof queue; each item carries its CLI command and an optional MCP `toolCall`. `missionControl.handoff.readyProof.commands` and `toolCalls` remain convenient command-only and MCP-callable views. MCP agents should use `missionControl.resume.toolCall` when present, use `missionControl.resume.inputBindings` to map unlocked placeholders to input steps, then call `missionControl.resume.followUps` as the next template calls; when they need one ordered sequence, follow `missionControl.resume.checklist`, whose `run_proof` rows include `tool` and `args` for MCP-callable proof steps. The normal console `Resume Checklist` and Markdown runbook checklist print callable rows inline as `(MCP: ...)` and mark unmapped proof rows as `(CLI only)`, so a copied runbook or default terminal run remains self-contained even outside the JSON payload. After the current action, prefer `missionControl.resume.remainingProofItems` for complete proof, using `remainingProofToolCalls` for the callable MCP subset without rerunning the current command. Humans can run the matching `command`; the normal console `Ready Proof` command list, normal console `Proof Queue`, and runbook `Proof queue` all use remaining proof so the current cursor command is not repeated, and each queued item shows either its MCP call or `CLI only`. Use `projscan_understand` and `projscan_preflight` when you need broader context or a safety gate. Use `projscan_workplan` when you need an ordered execution plan, `projscan_agent_brief` for a compact handoff, and `projscan_evidence_pack --pr-comment` when you need reviewer-facing proof. Deeper tools such as `doctor`, `hotspots`, `dataflow`, `review`, `bug-hunt`, `quality-scorecard`, `dogfood`, and `trial` are follow-up tools.
+For shortcut discovery, `projscan start --shortcuts --intent "<goal>"` prints the copyable command menu for the current mission, and `projscan start --shortcuts-json --intent "<goal>"` prints the same menu as JSON for agents and scripts. For shell copy/paste, `projscan start --mission-script --intent "<goal>"` prints a POSIX script that runs the current cursor command, then the remaining proof queue, then prints the review evidence commands. For MCP queue copy/paste, `projscan start --ready-tool-calls --intent "<goal>"` prints the current cursor call followed by remaining MCP-callable proof as compact JSON. For structured resume handoff, `projscan start --resume-json --intent "<goal>"` prints only `missionControl.resume`. For the complete transfer object, `projscan start --handoff-json --intent "<goal>"` prints only `missionControl.handoff`. For a file bundle, `projscan start --save-mission .projscan/mission --intent "<goal>"` writes `README.md`, `next-command.txt`, `next-tool-call.json`, `handoff-prompt.txt`, `resume-prompt.txt`, `task-card.md`, `review-gate.md`, `review-gate.json`, `review-policy.json`, `review-replies.txt`, the runbook, handoff JSON, resume JSON, `ready-tool-calls.json`, `shortcuts.json`, `mission.sh`, `status.sh`, `proof-logs/README.md`, `proof-logs/status.jsonl`, `proof-logs/run-report.md`, `proof-logs/summary.json`, proof commands, and manifest. Saved `mission.sh` writes current-command and proof-command output under `proof-logs/`, appends exit-code rows to `status.jsonl`, refreshes `run-report.md`, and writes `summary.json`, so reviewers and wrappers can scan pass/fail proof before opening raw logs. Bundle `status.sh` reads `summary.json` and uses exit codes `0`, `1`, and `2` for passed, failed, and not-ready states. For verification-only copy/paste, `projscan start --proof-commands --intent "<goal>"` prints the remaining ready proof commands one per line without the rest of the start report. For an ordered checklist without the full report, `projscan start --checklist --intent "<goal>"` prints only the resume checklist rows. For paste-ready PR, issue, or handoff notes, `projscan start --task-card --intent "<goal>"` prints the Markdown task card. MCP agents can read `missionControl.taskCard.markdown` when they need the same checklist without rendering it from `resume.checklist`. For stop-and-review notes, `projscan start --review-gate --intent "<goal>"` prints only `missionControl.reviewGate.markdown`, `projscan start --review-gate-json --intent "<goal>"` prints only the review gate JSON, `projscan start --review-policy --intent "<goal>"` prints only the review policy JSON, and `projscan start --review-replies --intent "<goal>"` prints only the copyable reviewer replies. For a full Markdown artifact, `projscan start --runbook --intent "<goal>"` prints the mission runbook.
 ### 2. Review — "is this PR safe to merge?"

package/docs/demos/projscan-4-1-demo.html CHANGED Viewed

@@ -422,18 +422,19 @@
       <section class="hero" aria-label="projscan Mission Control">
         <div class="intro">
           <div>
-            <p class="eyebrow">Unreleased developer-life upgrade</p>
-            <h1>Plain-language repo work, routed to proof.</h1>
+            <p class="eyebrow">Developer-life upgrade</p>
+            <h1>Tell projscan what you are doing.</h1>
             <p class="lead">
-              projscan now turns a developer's intent into the right local
-              command, the first files to trust, the ready actions, and the
-              proof commands that make a PR reviewable.
+              projscan routes a developer goal to the next safe command, the
+              MCP call an agent can run, and the proof that makes a handoff
+              reviewable.
             </p>
             <div class="pills" aria-label="Product capabilities">
               <span class="pill">Mission Control</span>
               <span class="pill">Local-first</span>
               <span class="pill">MCP-ready</span>
-              <span class="pill">No source upload</span>
+              <span class="pill">Copyable handoff</span>
+              <span class="pill">Review gate</span>
             </div>
           </div>
@@ -443,12 +444,12 @@
               <span>intent to workflow</span>
             </div>
             <div class="metric">
-              <strong>45</strong>
-              <span>MCP tools preserved</span>
+              <strong>1 JSON</strong>
+              <span>next MCP call</span>
             </div>
             <div class="metric">
-              <strong>A</strong>
-              <span>dogfood health gate</span>
+              <strong>0</strong>
+              <span>source uploads</span>
             </div>
           </div>
         </div>
@@ -458,63 +459,93 @@
             <span class="dot red"></span>
             <span class="dot amber"></span>
             <span class="dot green"></span>
-            <span class="terminal-title">projscan start --intent</span>
+            <span class="terminal-title">projscan start shortcuts</span>
           </div>
           <div class="terminal-body">
             <span class="line"
               ><span class="prompt">$</span>
               <span class="cmd"
-                >projscan start --intent "is it safe to commit this
-                change?"</span
+                >projscan start --intent "what breaks if I rename the auth
+                token loader"</span
               ></span
             >
             <span class="line dim">ProjScan Mission Control</span>
-            <span class="line">Intent: is it safe to commit this change?</span>
+            <span class="line">Intent: what breaks if I rename the auth token loader</span>
             <span class="line">Status: <span class="warn">needs_attention</span></span>
             <span class="line"
               >Route:
-              <span class="notice">Safety gate via projscan_preflight</span></span
+              <span class="notice">Impact analysis via projscan_search</span></span
             >
             <span class="line dim"
-              >confidence: high; matched: safe, commit</span
+              >confidence: high; matched: breaks, rename</span
             >
             <div class="term-section">
-              <span class="line term-heading">Action Plan</span>
+              <span class="line term-heading">Run Cursor</span>
               <span class="line"
-                >- Use projscan_preflight before broader workflow
-                commands</span
+                >command: projscan search "auth token loader" --format
+                json</span
               >
               <span class="line"
-                >- Preserve the original goal across follow-up evidence</span
+                >MCP call: projscan_search {"query":"auth token loader"}</span
               >
-              <span class="line"
-                >- Surface blockers with owner, file, or next command</span
+              <span class="line">unlocks: symbol input, file input</span>
+            </div>
+            <div class="term-section">
+              <span class="line term-heading">Copyable Shortcuts</span>
+              <span class="line success"
+                >projscan start --shortcuts --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --next-command --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --next-tool-call --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --task-card --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --mission-script --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --review-gate --intent "..."</span
+              >
+              <span class="line success"
+                >projscan start --save-mission .projscan/mission --intent
+                "..."</span
               >
+              <span class="line dim">writes task card, review gate, mission.sh</span>
             </div>
             <div class="term-section">
               <span class="line term-heading">Ready Proof</span>
               <span class="line success"
-                >- projscan preflight --mode before_commit --format json</span
+                >- projscan preflight --mode before_edit --format json</span
               >
               <span class="line success"
                 >- projscan understand --view verify --format json</span
               >
-              <span class="line success"
-                >- projscan session touched --format json</span
-              >
             </div>
             <div class="term-section">
               <span class="line term-heading">Done When</span>
               <span class="line"
-                >- Preflight returns proceed or documented manual review</span
+                >- Search returns an exact symbol or file path</span
               >
               <span class="line"
-                >- Every blocker has a concrete follow-up command</span
+                >- Impact is reviewed before code edits</span
               >
             </div>
+            <div class="term-section">
+              <span class="line term-heading">Review Gate</span>
+              <span class="line">capture: git status --short</span>
+              <span class="line">capture: git diff --stat</span>
+              <span class="line success">reply: Approved, one bounded slice</span>
+              <span class="line warn">stop before another slice or release</span>
+            </div>
           </div>
         </section>
       </section>
@@ -552,12 +583,13 @@
       <section class="proof" id="proof" aria-label="Proof and dependency view">
         <div class="proof-header">
           <div>
-            <p class="eyebrow">Intent, graph, and dependency intelligence</p>
-            <h2>Fewer dead-end agent turns.</h2>
+            <p class="eyebrow">Intent, graph, and handoff intelligence</p>
+            <h2>Copy the next move.</h2>
           </div>
           <p>
-            The new flow is built for a developer asking "what now?" after a
-            change, a failed run, a risky rename, or a dependency question.
+            Developers and agents can list the shortcut menu, pull the next
+            shell command, fetch the MCP call, or copy the checklist and
+            Markdown runbook without reading the full report.
           </p>
         </div>
@@ -567,34 +599,33 @@
               <span class="dot red"></span>
               <span class="dot amber"></span>
               <span class="dot green"></span>
-              <span class="terminal-title">projscan route</span>
+              <span class="terminal-title">projscan start --next-tool-call</span>
             </div>
             <div class="terminal-body">
               <span class="line"
                 ><span class="prompt">$</span>
                 <span class="cmd"
-                  >projscan route "what breaks if I rename the auth token
-                  loader"</span
+                  >projscan start --next-tool-call --intent "what breaks if I
+                  rename the auth token loader"</span
                 ></span
               >
-              <span class="line dim">Best tools for the developer goal</span>
+              <span class="line dim">Current cursor as MCP JSON</span>
               <span class="line">&nbsp;</span>
-              <span class="line term-heading">1. projscan_impact</span>
-              <span class="line">confidence: high</span>
-              <span class="line">matched: breaks, rename</span>
-              <span class="line notice"
-                >Before renaming or deleting, see every caller that
-                breaks.</span
-              >
+              <span class="line term-heading">{"tool":"projscan_search",</span>
               <span class="line success"
-                >projscan impact --symbol buildCodeGraph --format json</span
+                >&nbsp;"args":{"query":"auth token loader"}}</span
               >
               <span class="line">&nbsp;</span>
-              <span class="line term-heading">2. projscan_dataflow</span>
-              <span class="line">confidence: high</span>
-              <span class="line">matched: token</span>
+              <span class="line term-heading">Checklist handoff</span>
+              <span class="line success"
+                >- [ready] run_current ready-1</span
+              >
+              <span class="line success"
+                >- [blocked] resolve_input input-1</span
+              >
+              <span class="line success">- [ready] run_proof proof-2</span>
               <span class="line notice"
-                >Spot request-data reaching dangerous sinks.</span
+                >Review gate: capture status, diff, then wait.</span
               >
             </div>
           </section>
@@ -603,35 +634,33 @@
             <div class="signal">
               <span class="tag green">Verify</span>
               <span>
-                <strong>Proof selection</strong>
-                Which tests should I run? now routes to
-                <code>understand --view verify</code> instead of generic
-                regression planning.
+                <strong>Proof commands</strong>
+                <code>--proof-commands</code> returns the remaining
+                verification commands, one per line.
               </span>
             </div>
             <div class="signal">
-              <span class="tag blue">Setup</span>
+              <span class="tag blue">MCP</span>
               <span>
-                <strong>Local command discovery</strong>
-                npm scripts, lint, typecheck, Storybook, Cypress, Playwright,
-                Docker Compose, migrations, and seed/reset commands are called
-                out where agents need them.
+                <strong>MCP call shortcut</strong>
+                <code>--next-tool-call</code> returns the cursor tool and args
+                as compact JSON.
               </span>
             </div>
             <div class="signal">
-              <span class="tag amber">License</span>
+              <span class="tag amber">List</span>
               <span>
-                <strong>Dependency intelligence</strong>
-                Dependency reports now summarize known licenses, copyleft risk,
-                installed package sizes, and package importer lookups.
+                <strong>Checklist shortcut</strong>
+                <code>--checklist</code> returns current, blocked, follow-up,
+                proof, and done rows.
               </span>
             </div>
             <div class="signal">
-              <span class="tag red">Trust</span>
+              <span class="tag red">Gate</span>
               <span>
-                <strong>Release review guardrails</strong>
-                Stable-surface checks preserve public CLI and MCP contracts
-                while allowing additive intent support.
+                <strong>Review gate</strong>
+                <code>--review-gate</code> returns the stop checklist before
+                another slice, release, publish, or deploy.
               </span>
             </div>
           </div>

package/docs/projscan-mission-control.png CHANGED Viewed

Binary file

package/docs/projscan-proof-router.png CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.1.0",
+  "version": "4.2.0",
   "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; repo understanding maps (projscan_understand), stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",

package/scripts/capture-readme-assets.mjs CHANGED Viewed

@@ -16,7 +16,7 @@ const captures = [
     name: 'Mission Control hero',
     url: pathToFileURL(demoPath).href,
     output: path.join(repoRoot, 'docs', 'projscan-mission-control.png'),
-    viewport: '1440,960',
+    viewport: '1440,1120',
   },
   {
     name: 'Intent and proof workflow',