projscan 4.1.0 → 4.3.0

package/docs/demos/projscan-4-1-demo.html

@@ -422,33 +422,34 @@
       <section class="hero" aria-label="projscan Mission Control">
         <div class="intro">
           <div>
-            <p class="eyebrow">Unreleased developer-life upgrade</p>
-            <h1>Plain-language repo work, routed to proof.</h1>
+            <p class="eyebrow">Mission Outcome Loop</p>
+            <h1>Resume from real proof.</h1>
             <p class="lead">
-              projscan now turns a developer's intent into the right local
-              command, the first files to trust, the ready actions, and the
-              proof commands that make a PR reviewable.
+              projscan routes a developer goal, saves the mission, reads the
+              proof state, and tells the next agent what changed, what remains,
+              and whether the work is ready for version review.
             </p>
             <div class="pills" aria-label="Product capabilities">
               <span class="pill">Mission Control</span>
               <span class="pill">Local-first</span>
               <span class="pill">MCP-ready</span>
-              <span class="pill">No source upload</span>
+              <span class="pill">Outcome resume</span>
+              <span class="pill">Proof report</span>
             </div>
           </div>
 
           <div class="metric-row" aria-label="Release candidate signals">
             <div class="metric">
-              <strong>1 call</strong>
-              <span>intent to workflow</span>
+              <strong>1 bundle</strong>
+              <span>mission plus proof</span>
             </div>
             <div class="metric">
               <strong>45</strong>
-              <span>MCP tools preserved</span>
+              <span>MCP tools</span>
             </div>
             <div class="metric">
-              <strong>A</strong>
-              <span>dogfood health gate</span>
+              <strong>11 / 12</strong>
+              <span>AST adapters / languages</span>
             </div>
           </div>
         </div>
@@ -458,63 +459,78 @@
             <span class="dot red"></span>
             <span class="dot amber"></span>
             <span class="dot green"></span>
-            <span class="terminal-title">projscan start --intent</span>
+            <span class="terminal-title">projscan start --mission</span>
           </div>
           <div class="terminal-body">
             <span class="line"
               ><span class="prompt">$</span>
               <span class="cmd"
-                >projscan start --intent "is it safe to commit this
-                change?"</span
+                >projscan start --mission .projscan/mission</span
               ></span
             >
             <span class="line dim">ProjScan Mission Control</span>
-            <span class="line">Intent: is it safe to commit this change?</span>
-            <span class="line">Status: <span class="warn">needs_attention</span></span>
+            <span class="line">Mission: .projscan/mission</span>
+            <span class="line">Status: <span class="success">passed</span></span>
             <span class="line"
-              >Route:
-              <span class="notice">Safety gate via projscan_preflight</span></span
+              >Outcome:
+              <span class="notice">proof passed after 3 commands</span></span
             >
             <span class="line dim"
-              >confidence: high; matched: safe, commit</span
+              >read proof-logs/summary.json and status.jsonl</span
             >
 
             <div class="term-section">
-              <span class="line term-heading">Action Plan</span>
+              <span class="line term-heading">What Changed</span>
               <span class="line"
-                >- Use projscan_preflight before broader workflow
-                commands</span
+                >- Mission proof passed after 3 command(s).</span
               >
               <span class="line"
-                >- Preserve the original goal across follow-up evidence</span
+                >- 1 reviewer decision recorded.</span
               >
-              <span class="line"
-                >- Surface blockers with owner, file, or next command</span
+              <span class="line">- 0 failed gates remain.</span>
+            </div>
+
+            <div class="term-section">
+              <span class="line term-heading">What Remains</span>
+              <span class="line success"
+                >Run ./review.sh and choose a reviewer reply.</span
+              >
+              <span class="line success"
+                >Version candidate: review_candidate</span
               >
             </div>
 
             <div class="term-section">
-              <span class="line term-heading">Ready Proof</span>
+              <span class="line term-heading">Outcome Commands</span>
               <span class="line success"
-                >- projscan preflight --mode before_commit --format json</span
+                >projscan start --mission .projscan/mission</span
               >
               <span class="line success"
-                >- projscan understand --view verify --format json</span
+                >projscan mission-proof --mission .projscan/mission</span
               >
               <span class="line success"
-                >- projscan session touched --format json</span
+                >projscan mission-proof --baseline manual-runs.json</span
               >
+              <span class="line dim">all source stays local</span>
             </div>
 
             <div class="term-section">
-              <span class="line term-heading">Done When</span>
-              <span class="line"
-                >- Preflight returns proceed or documented manual review</span
+              <span class="line term-heading">Proof Evidence</span>
+              <span class="line success"
+                >proof-logs/summary.json: passed</span
               >
-              <span class="line"
-                >- Every blocker has a concrete follow-up command</span
+              <span class="line success"
+                >proof-logs/status.jsonl: 3 rows</span
               >
             </div>
+
+            <div class="term-section">
+              <span class="line term-heading">Review Gate</span>
+              <span class="line">capture: git status --short</span>
+              <span class="line">capture: git diff --stat</span>
+              <span class="line success">reply: review version candidate</span>
+              <span class="line warn">do not publish until approved</span>
+            </div>
           </div>
         </section>
       </section>
@@ -522,7 +538,7 @@
       <section class="grid" aria-label="New developer workflows">
         <article class="card">
           <span class="label green">Goal routing</span>
-          <h2>Ask in human language.</h2>
+          <h2>Ask in plain language.</h2>
           <p>
             Route privacy, merge readiness, refactor risk, local setup,
             ownership, dependency, release, and handoff questions to the right
@@ -530,21 +546,21 @@
           </p>
         </article>
         <article class="card">
-          <span class="label blue">Repo context</span>
-          <h2>Start from cited evidence.</h2>
+          <span class="label blue">Outcome resume</span>
+          <h2>Start from saved proof.</h2>
           <p>
-            Repo maps now include read-first files, package contracts, runtime
-            flows, public exports, proof tiers, setup commands, and unknowns
-            that need human input.
+            <code>projscan start --mission</code> reads the bundle proof state
+            and gives the next agent a focused "what changed / what remains"
+            handoff.
           </p>
         </article>
         <article class="card">
-          <span class="label amber">Review proof</span>
-          <h2>Make PRs easier to approve.</h2>
+          <span class="label amber">Proof report</span>
+          <h2>Measure the saved work.</h2>
           <p>
-            Mission Control carries the original intent into preflight,
-            verification, session memory, evidence packs, and reviewer-ready
-            next commands.
+            <code>projscan mission-proof</code> reports proof completion,
+            reviewer approvals, reruns, failed gates, time saved, and local
+            risk avoided.
           </p>
         </article>
       </section>
@@ -552,12 +568,13 @@
       <section class="proof" id="proof" aria-label="Proof and dependency view">
         <div class="proof-header">
           <div>
-            <p class="eyebrow">Intent, graph, and dependency intelligence</p>
-            <h2>Fewer dead-end agent turns.</h2>
+            <p class="eyebrow">Proof, review, and adoption evidence</p>
+            <h2>Close the loop.</h2>
           </div>
           <p>
-            The new flow is built for a developer asking "what now?" after a
-            change, a failed run, a risky rename, or a dependency question.
+            Developers and agents can resume from a saved mission bundle,
+            summarize pass/fail evidence, and compare local proof against a
+            manual baseline without sending source code anywhere.
           </p>
         </div>
 
@@ -567,34 +584,32 @@
               <span class="dot red"></span>
               <span class="dot amber"></span>
               <span class="dot green"></span>
-              <span class="terminal-title">projscan route</span>
+              <span class="terminal-title">projscan mission-proof</span>
             </div>
             <div class="terminal-body">
               <span class="line"
                 ><span class="prompt">$</span>
                 <span class="cmd"
-                  >projscan route "what breaks if I rename the auth token
-                  loader"</span
+                  >projscan mission-proof --mission .projscan/mission --format
+                  json</span
                 ></span
               >
-              <span class="line dim">Best tools for the developer goal</span>
+              <span class="line dim">Local proof summary</span>
               <span class="line">&nbsp;</span>
-              <span class="line term-heading">1. projscan_impact</span>
-              <span class="line">confidence: high</span>
-              <span class="line">matched: breaks, rename</span>
-              <span class="line notice"
-                >Before renaming or deleting, see every caller that
-                breaks.</span
-              >
+              <span class="line term-heading">{"passed":1,"failed":0,</span>
               <span class="line success"
-                >projscan impact --symbol buildCodeGraph --format json</span
+                >&nbsp;"reruns":0,"reviewerApprovals":1}</span
               >
               <span class="line">&nbsp;</span>
-              <span class="line term-heading">2. projscan_dataflow</span>
-              <span class="line">confidence: high</span>
-              <span class="line">matched: token</span>
+              <span class="line term-heading">Risk avoided</span>
+              <span class="line success"
+                >- proof gate passed before release</span
+              >
+              <span class="line success"
+                >- version review is safe to request</span
+              >
               <span class="line notice"
-                >Spot request-data reaching dangerous sinks.</span
+                >Next: projscan start --mission .projscan/mission</span
               >
             </div>
           </section>
@@ -603,35 +618,33 @@
             <div class="signal">
               <span class="tag green">Verify</span>
               <span>
-                <strong>Proof selection</strong>
-                Which tests should I run? now routes to
-                <code>understand --view verify</code> instead of generic
-                regression planning.
+                <strong>Outcome resume</strong>
+                <code>--mission</code> reads <code>summary.json</code>, status
+                rows, and reviewer decisions.
               </span>
             </div>
             <div class="signal">
-              <span class="tag blue">Setup</span>
+              <span class="tag blue">MCP</span>
               <span>
-                <strong>Local command discovery</strong>
-                npm scripts, lint, typecheck, Storybook, Cypress, Playwright,
-                Docker Compose, migrations, and seed/reset commands are called
-                out where agents need them.
+                <strong>MCP start input</strong>
+                <code>mission_dir</code> carries the same proof outcome to
+                agent clients.
               </span>
             </div>
             <div class="signal">
-              <span class="tag amber">License</span>
+              <span class="tag amber">List</span>
               <span>
-                <strong>Dependency intelligence</strong>
-                Dependency reports now summarize known licenses, copyleft risk,
-                installed package sizes, and package importer lookups.
+                <strong>Proof summary</strong>
+                <code>mission-proof</code> reports completion, reruns, failed
+                gates, and approvals.
               </span>
             </div>
             <div class="signal">
-              <span class="tag red">Trust</span>
+              <span class="tag red">Gate</span>
               <span>
-                <strong>Release review guardrails</strong>
-                Stable-surface checks preserve public CLI and MCP contracts
-                while allowing additive intent support.
+                <strong>Version review</strong>
+                Outcome data says whether to request review or keep fixing
+                failed proof.
               </span>
             </div>
           </div>

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.1.0",
-  "description": "Agent-first code intelligence. MCP server (2025-03-26) with AST parsing for JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; repo understanding maps (projscan_understand), stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
+  "version": "4.3.0",
+  "description": "Agent-first code intelligence. MCP server (2025-03-26) with 11 AST adapters covering 12 named languages: JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; repo understanding maps (projscan_understand), stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/scripts/capture-readme-assets.mjs

@@ -16,7 +16,7 @@ const captures = [
     name: 'Mission Control hero',
     url: pathToFileURL(demoPath).href,
     output: path.join(repoRoot, 'docs', 'projscan-mission-control.png'),
-    viewport: '1440,960',
+    viewport: '1440,1120',
   },
   {
     name: 'Intent and proof workflow',