projscan 4.13.0 → 4.15.0

package/dist/utils/changedFiles.js

@@ -21,6 +21,7 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
             uncommittedFiles: [],
         };
     }
+    const explicit = Boolean(explicitBaseRef);
     const candidates = explicitBaseRef ? [explicitBaseRef] : [...DEFAULT_BASE_REFS, 'HEAD~1'];
     let lastError = null;
     for (const ref of candidates) {
@@ -29,6 +30,21 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
             lastError = `ref not found: ${ref}`;
             continue;
         }
+        const resolvesToHead = await refResolvesToHead(rootPath, ref);
+        if (resolvesToHead) {
+            const reason = `base ref "${ref}" resolves to HEAD and would hide committed changes`;
+            if (explicit) {
+                return {
+                    available: false,
+                    reason,
+                    baseRef: null,
+                    files: [],
+                    uncommittedFiles: [],
+                };
+            }
+            lastError = reason;
+            continue;
+        }
         try {
             const { files, uncommittedFiles } = await diffNames(rootPath, ref);
             return { available: true, baseRef: ref, files, uncommittedFiles };
@@ -71,6 +87,24 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
         uncommittedFiles: [],
     };
 }
+async function refResolvesToHead(rootPath, ref) {
+    try {
+        const [head, candidate] = await Promise.all([
+            resolveRef(rootPath, 'HEAD'),
+            resolveRef(rootPath, ref),
+        ]);
+        return head === candidate;
+    }
+    catch {
+        return false;
+    }
+}
+async function resolveRef(rootPath, ref) {
+    const { stdout } = await execFileAsync('git', ['rev-parse', '--verify', ref], {
+        cwd: rootPath,
+    });
+    return stdout.trim();
+}
 async function isGitRepo(rootPath) {
     try {
         await execFileAsync('git', ['rev-parse', '--git-dir'], { cwd: rootPath });
@@ -90,7 +124,7 @@ async function refExists(rootPath, ref) {
     }
 }
 async function diffNames(rootPath, baseRef) {
-    const { stdout } = await execFileAsync('git', ['diff', '--name-only', '--diff-filter=d', `${baseRef}...HEAD`], { cwd: rootPath, maxBuffer: 10 * 1024 * 1024 });
+    const { stdout } = await execFileAsync('git', ['diff', '-z', '--name-only', `${baseRef}...HEAD`], { cwd: rootPath, encoding: 'buffer', maxBuffer: 10 * 1024 * 1024 });
     // Also include uncommitted changes so PR-style runs cover work-in-progress edits.
     let uncommitted = [];
     try {
@@ -100,32 +134,39 @@ async function diffNames(rootPath, baseRef) {
         // ignore
     }
     const set = new Set();
-    for (const raw of stdout.split('\n')) {
-        const line = raw.trim();
-        if (line)
-            set.add(normalizePath(line));
+    for (const file of parseNulList(stdout)) {
+        if (file)
+            set.add(normalizePath(file));
     }
     for (const f of uncommitted)
         set.add(f);
     return { files: [...set].sort(), uncommittedFiles: uncommitted };
 }
 async function statusNames(rootPath) {
-    const { stdout } = await execFileAsync('git', ['status', '--porcelain', '--untracked-files=all'], { cwd: rootPath, maxBuffer: 10 * 1024 * 1024 });
+    const { stdout } = await execFileAsync('git', ['status', '--porcelain=v1', '-z', '--untracked-files=all'], { cwd: rootPath, encoding: 'buffer', maxBuffer: 10 * 1024 * 1024 });
     const out = new Set();
-    for (const raw of stdout.split('\n')) {
-        if (!raw.trim())
+    const entries = parseNulList(stdout);
+    for (let index = 0; index < entries.length; index += 1) {
+        const raw = entries[index];
+        if (!raw)
+            continue;
+        const status = raw.slice(0, 2);
+        const file = raw.slice(3);
+        if (!file)
             continue;
-        // Format: "XY path" or "XY orig -> new" for renames. Keep leading
-        // status columns intact until after the regex strips them; trimming first
-        // turns " M file" into "M file" and leaks the status into the path.
-        const withoutStatus = raw.replace(/^..\s+/, '').trim();
-        const renamed = withoutStatus.includes(' -> ')
-            ? withoutStatus.split(' -> ').pop()
-            : withoutStatus;
-        out.add(normalizePath(renamed));
+        out.add(normalizePath(file));
+        if (isRenameOrCopyStatus(status))
+            index += 1;
     }
     return [...out];
 }
+function parseNulList(stdout) {
+    const value = Buffer.isBuffer(stdout) ? stdout.toString('utf-8') : stdout;
+    return value.split('\0').filter((entry) => entry.length > 0);
+}
+function isRenameOrCopyStatus(status) {
+    return status.includes('R') || status.includes('C');
+}
 function normalizePath(p) {
     return p.split(path.sep).join('/');
 }

package/dist/utils/changedFiles.js.map

@@ -1 +1 @@
-{"version":3,"file":"changedFiles.js","sourceRoot":"","sources":["../../src/utils/changedFiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;AAU7E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,eAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,EAAE;YACT,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC1F,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS,GAAG,kBAAkB,GAAG,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;QACpE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,iEAAiE;YACjE,iEAAiE;YACjE,gEAAgE;YAChE,kEAAkE;YAClE,+BAA+B;YAC/B,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,MAAM,EACJ,qBAAqB,GAAG,oCAAoC;wBAC5D,uEAAuE;oBACzE,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE;oBACT,gBAAgB,EAAE,EAAE;iBACrB,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,IAAI,0BAA0B;QAC/C,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,GAAW;IACpD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,OAAe;IAEf,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,GAAG,OAAO,SAAS,CAAC,EAC/D,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IAEF,kFAAkF;IAClF,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExC,OAAO,EAAE,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC;AACnE,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,QAAQ,EAAE,aAAa,EAAE,uBAAuB,CAAC,EAClD,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YAAE,SAAS;QAC1B,kEAAkE;QAClE,0EAA0E;QAC1E,oEAAoE;QACpE,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAG;YACpC,CAAC,CAAC,aAAa,CAAC;QAClB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA4C,CAAC;IACvD,IAAI,CAAC,CAAC,IAAI,KAAK,mCAAmC;QAAE,OAAO,IAAI,CAAC;IAChE,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,OAAO,KAAK,CAAC;AACf,CAAC"}
+{"version":3,"file":"changedFiles.js","sourceRoot":"","sources":["../../src/utils/changedFiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;AAU7E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,eAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,EAAE;YACT,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC1F,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS,GAAG,kBAAkB,GAAG,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,aAAa,GAAG,qDAAqD,CAAC;YACrF,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,MAAM;oBACN,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE;oBACT,gBAAgB,EAAE,EAAE;iBACrB,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,MAAM,CAAC;YACnB,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;QACpE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,iEAAiE;YACjE,iEAAiE;YACjE,gEAAgE;YAChE,kEAAkE;YAClE,+BAA+B;YAC/B,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,MAAM,EACJ,qBAAqB,GAAG,oCAAoC;wBAC5D,uEAAuE;oBACzE,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE;oBACT,gBAAgB,EAAE,EAAE;iBACrB,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,IAAI,0BAA0B;QAC/C,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,QAAgB,EAAE,GAAW;IAC5D,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC1C,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;YAC5B,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC;SAC1B,CAAC,CAAC;QACH,OAAO,IAAI,KAAK,SAAS,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,GAAW;IACrD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE;QAC5E,GAAG,EAAE,QAAQ;KACd,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;AACvB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,GAAW;IACpD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,OAAe;IAEf,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,OAAO,SAAS,CAAC,EAClD,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CACnE,CAAC;IAEF,kFAAkF;IAClF,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC;QACxC,IAAI,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExC,OAAO,EAAE,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC;AACnE,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,QAAQ,EAAE,gBAAgB,EAAE,IAAI,EAAE,uBAAuB,CAAC,EAC3D,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CACnE,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACrC,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACvD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7B,IAAI,oBAAoB,CAAC,MAAM,CAAC;YAAE,KAAK,IAAI,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,MAAuB;IAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC1E,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA4C,CAAC;IACvD,IAAI,CAAC,CAAC,IAAI,KAAK,mCAAmC;QAAE,OAAO,IAAI,CAAC;IAChE,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/utils/config.js

@@ -1,6 +1,7 @@
 import { applyBaseRef, applyDisableRules, applyFailOn, applyIgnore, applyMinScore, applySuppress, } from './configBasics.js';
 import { applyHotspots } from './configHotspots.js';
 import { applyMonorepo } from './configMonorepo.js';
+import { applyProofRecipes } from './configProofRecipes.js';
 import { applyReportPolicies } from './configReportPolicies.js';
 import { applyScan } from './configScan.js';
 import { applySeverityOverrides } from './configSeverity.js';
@@ -28,6 +29,7 @@ function normalize(input) {
     applySuppress(obj, out);
     applySeverityOverrides(obj, out);
     applyReportPolicies(obj, out);
+    applyProofRecipes(obj, out);
     applyMonorepo(obj, out);
     applyTaint(obj, out);
     return out;

package/dist/utils/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,YAAqB;IACtE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACjC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,WAAW,EACX,WAAW,EACX,aAAa,EACb,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAgB,EAAE,YAAqB;IACtE,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC9D,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;AACpE,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACjC,mBAAmB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9B,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC5B,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/utils/configProofRecipes.d.ts

@@ -0,0 +1,2 @@
+import type { ProjscanConfig } from '../types/config.js';
+export declare function applyProofRecipes(obj: Record<string, unknown>, out: ProjscanConfig): void;

package/dist/utils/configProofRecipes.js

@@ -0,0 +1,91 @@
+const MAX_RECIPES = 50;
+const MAX_LIST_ITEMS = 50;
+const MAX_STRING_LENGTH = 300;
+const ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9._:-]{0,99}$/;
+const REVIEWER_PATTERN = /^[@A-Za-z0-9][A-Za-z0-9._/-]{0,99}$/;
+export function applyProofRecipes(obj, out) {
+    if (!Array.isArray(obj.proofRecipes))
+        return;
+    const seenIds = new Set();
+    const recipes = [];
+    for (const recipe of obj.proofRecipes.slice(0, MAX_RECIPES)) {
+        const normalized = normalizeProofRecipe(recipe);
+        if (!normalized || seenIds.has(normalized.id))
+            continue;
+        seenIds.add(normalized.id);
+        recipes.push(normalized);
+    }
+    if (recipes.length > 0)
+        out.proofRecipes = recipes;
+}
+function normalizeProofRecipe(raw) {
+    if (!raw || typeof raw !== 'object' || Array.isArray(raw))
+        return null;
+    const obj = raw;
+    const id = cleanRecipeId(obj.id);
+    const matches = cleanPatternList(obj.matches);
+    const requiredCommands = cleanCommandList(obj.requiredCommands);
+    if (!id || matches.length === 0 || requiredCommands.length === 0)
+        return null;
+    const recipe = {
+        id,
+        matches,
+        requiredCommands,
+    };
+    const requiredReviewers = cleanReviewerList(obj.requiredReviewers);
+    const forbiddenFiles = cleanPatternList(obj.forbiddenFiles);
+    const riskSurface = cleanString(obj.riskSurface);
+    const reason = cleanString(obj.reason);
+    if (requiredReviewers.length > 0)
+        recipe.requiredReviewers = requiredReviewers;
+    if (forbiddenFiles.length > 0)
+        recipe.forbiddenFiles = forbiddenFiles;
+    if (riskSurface)
+        recipe.riskSurface = riskSurface;
+    if (reason)
+        recipe.reason = reason;
+    return recipe;
+}
+function cleanCommandList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return unique(value
+        .slice(0, MAX_LIST_ITEMS)
+        .filter((entry) => typeof entry === 'string' && !entry.includes('\0') && !/[\r\n]/.test(entry))
+        .map(cleanString)
+        .filter((entry) => Boolean(entry)));
+}
+function cleanPatternList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return unique(value
+        .slice(0, MAX_LIST_ITEMS)
+        .map(cleanString)
+        .filter((entry) => typeof entry === 'string' && !/[`<>]/.test(entry)));
+}
+function cleanReviewerList(value) {
+    if (!Array.isArray(value))
+        return [];
+    return unique(value
+        .slice(0, MAX_LIST_ITEMS)
+        .map(cleanString)
+        .filter((entry) => typeof entry === 'string' && REVIEWER_PATTERN.test(entry)));
+}
+function cleanRecipeId(value) {
+    const id = cleanString(value);
+    return id && ID_PATTERN.test(id) ? id : undefined;
+}
+function cleanString(value) {
+    if (typeof value !== 'string')
+        return undefined;
+    if (/[\0\r\n\t]/.test(value))
+        return undefined;
+    const trimmed = value.trim().replace(/\s+/g, ' ');
+    if (!trimmed || trimmed.length > MAX_STRING_LENGTH)
+        return undefined;
+    return trimmed;
+}
+function unique(values) {
+    return [...new Set(values)];
+}
+//# sourceMappingURL=configProofRecipes.js.map

package/dist/utils/configProofRecipes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"configProofRecipes.js","sourceRoot":"","sources":["../../src/utils/configProofRecipes.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,UAAU,GAAG,oCAAoC,CAAC;AACxD,MAAM,gBAAgB,GAAG,qCAAqC,CAAC;AAE/D,MAAM,UAAU,iBAAiB,CAAC,GAA4B,EAAE,GAAmB;IACjF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QAAE,OAAO;IAC7C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAAE,SAAS;QACxD,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3B,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,GAAG,CAAC,YAAY,GAAG,OAAO,CAAC;AACrD,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY;IACxC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvE,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChE,IAAI,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9E,MAAM,MAAM,GAAsB;QAChC,EAAE;QACF,OAAO;QACP,gBAAgB;KACjB,CAAC;IACF,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACnE,MAAM,cAAc,GAAG,gBAAgB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;IAC/E,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC;IACtE,IAAI,WAAW;QAAE,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IAClD,IAAI,MAAM;QAAE,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;IACnC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,MAAM,CACX,KAAK;SACF,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC;SACxB,MAAM,CACL,CAAC,KAAK,EAAmB,EAAE,CACzB,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAC9E;SACA,GAAG,CAAC,WAAW,CAAC;SAChB,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CACtD,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,MAAM,CACX,KAAK;SACF,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC;SACxB,GAAG,CAAC,WAAW,CAAC;SAChB,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CACzF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,MAAM,CACX,KAAK;SACF,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC;SACxB,GAAG,CAAC,WAAW,CAAC;SAChB,MAAM,CAAC,CAAC,KAAK,EAAmB,EAAE,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CACjG,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACpD,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,iBAAiB;QAAE,OAAO,SAAS,CAAC;IACrE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,MAAM,CAAI,MAAW;IAC5B,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;AAC9B,CAAC"}

package/docs/GUIDE.md

@@ -22,7 +22,16 @@ This guide starts with demonstrated workflows before the command reference. For
   - [ci](#ci)
   - [diff](#diff)
   - [fix](#fix)
-  - [explain](#explain)
+  - [explain-issue](#explain-issue)
+  - [assess](#assess)
+  - [simulate](#simulate)
+  - [prove](#prove)
+  - [evidence-pack](#evidence-pack)
+  - [privacy-check](#privacy-check)
+  - [mission-proof](#mission-proof)
+  - [trial](#trial)
+  - [telemetry](#telemetry)
+  - [dogfood](#dogfood)
   - [diagram](#diagram)
   - [structure](#structure)
   - [dependencies](#dependencies)
@@ -32,7 +41,6 @@ This guide starts with demonstrated workflows before the command reference. For
   - [coverage](#coverage)
   - [badge](#badge)
   - [mcp](#mcp)
-  - [dogfood](#dogfood)
 - [Health Score](#health-score)
 - [Output Formats](#output-formats)
   - [Console](#console-default)
@@ -113,6 +121,7 @@ paths.
 
 ```bash
 projscan start --intent "what files do I need to change for auth?"
+projscan start --intent "is my agent allowed to change billing retry logic?"
 projscan understand --view change --intent "add auth token refresh" --format json
 projscan prove --intent "is my agent allowed to change billing retry logic?"
 projscan preflight --mode before_edit --format json
@@ -121,21 +130,47 @@ projscan preflight --mode before_edit --format json
 Success criteria: the agent starts with cited files, change-readiness evidence,
 an executable Proof Contract, and a before-edit gate instead of a free-form plan.
 
-### Before handing work to an agent
+### Verified change workflow
 
 ```bash
+projscan start --intent "is my agent allowed to change billing retry logic?"
 projscan prove --intent "is my agent allowed to change billing retry logic?" --save-contract .projscan/proof-contract.json
-projscan prove --record-command "npm test -- tests/billing/retry.test.ts" --exit-code 0 --duration-ms 1842 --summary "billing retry tests passed"
+# Make the bounded edit, then run the proof command.
+projscan prove --run -- npm test -- tests/billing/retry.test.ts
 projscan prove --changed --contract .projscan/proof-contract.json --format markdown
 ```
 
+The path is `start -> prove -> run -> changed`. Agent-permission intents route
+from `start` to `prove`. Intent mode writes a contract only when
+`--save-contract` is present. Make the bounded edit after the contract exists
+and before run mode. Run mode executes an explicit local command after the `--`
+delimiter, captures exit code, duration, redacted output, log path, and
+changed-file fingerprint, then appends a `prove-run` row to the local ledger.
+Record mode remains available for imported CI or external evidence when
+projscan did not run the command. Changed mode checks the working tree against
+the contract and local ledger.
+
 Success criteria: the agent gets allowed files, forbidden files, risky contracts,
 likely tests, proof commands, rollback notes, confidence, and reviewer guidance
 before editing. After editing, the Proof Receipt shows whether the actual working
 tree stayed inside scope and classifies changed files as allowed production,
 expected tests, docs, generated proof artifacts, config/security drift,
-forbidden touches, or unexpected production. It also reports whether proof
-commands passed and whether that proof is stale after newer edits.
+forbidden touches, or unexpected production. The receipt reports proof command
+state, freshness after newer edits, proof replay status, `proofReplay` timeline
+events, `changedAfterProof`, receipt fingerprint, and sufficiency for the
+changed risk surface.
+
+Every prove report includes `verifiedWorkflow`, a compact JSON summary for agents
+and MCP clients. It names the phase, next action, next command, scope status,
+proof status, proof sufficiency status, risk delta direction, reviewer decision,
+and stale/missing/failed proof flags.
+
+Team Proof Recipes let the repo encode path-specific proof in `proofRecipes`;
+when a matching recipe is configured, `prove --intent` adds its required
+commands, reviewers, and forbidden files to the Proof Contract. `prove --changed`
+and `projscan evidence-pack --pr-comment` then show missing recipe proof,
+required reviewers, and recipe drift in the Proof Receipt. A recipe does not run proof commands by itself. Use `prove --run -- <command...>` or
+`prove --record-command` to add proof to the local ledger.
 
 ### Before handoff or commit
 
@@ -168,18 +203,25 @@ and does not execute the plan.
 
 `projscan prove --intent "<change>"` turns the simulation into an executable
 Proof Contract for humans, agents, CI, and reviewers. Intent mode is read-only
-unless `--save-contract <path>` is supplied. `projscan prove --changed` reads
-that contract, checks local git changed-file evidence, and emits a Proof Receipt
-with changed-file classes, proof replay status, a reviewer checklist, and a
-copyable decision. Use `projscan prove --record-command "<command>" --exit-code
-<code> --duration-ms <ms>` to append a local Proof Ledger row before replaying
-the receipt. The ledger stores command, exit code, duration, changed-file
-fingerprint, redacted summary, and optional log path under `.projscan/`. If no
-contract exists, changed mode still reports the working tree, but marks the
-result as needing review because there is no contract to enforce. When you pass
-`--feedback .projscan-feedback.json`, Trust Memory can lower the confidence
-reason when prior reviewers reported missing signals, noisy findings, false
-positives, or rejected proof outcomes.
+unless `--save-contract <path>` is supplied. Use `projscan prove --run --
+<command...>` when projscan should execute a local proof command and append the
+result. Use `projscan prove --record-command "<command>" --exit-code <code>
+--duration-ms <ms>` only when importing proof from CI or another runner.
+`projscan prove --changed` reads the contract, checks local git changed-file
+evidence, and emits a Proof Receipt with changed-file classes, proof replay
+status, Proof Sufficiency, a Verified Workflow section, a reviewer checklist,
+and a copyable decision. The contract JSON includes `proofRequirements`; the
+receipt JSON includes `proofReplay` with replay status, timeline events,
+`changedAfterProof`, replay command, and receipt fingerprint. It also includes
+`proofSufficiency` with strong, adequate, weak, missing, stale, or failed proof
+per changed risk surface. The ledger stores command, exit code, duration,
+changed-file fingerprint, redacted summary, source, and log path under `.projscan/`. Local
+`.projscan/` proof artifacts do not count as scope drift. If no contract exists,
+changed mode still reports the working tree, but marks the result as needing
+review because there is no contract to enforce. When you pass `--feedback
+.projscan-feedback.json`, Trust Memory can lower the confidence reason when
+prior reviewers reported missing signals, noisy findings, false positives, or
+rejected proof outcomes.
 
 Weekly or before a larger refactor, run the broader assessment and simulator:
 
@@ -293,7 +335,7 @@ When the agent first opens a repo, or before starting a refactor, the question i
 - **`projscan_quality_scorecard` / `projscan quality-scorecard`** — dimensioned quality view across health, security, tests, maintainability, coordination, top risks, and verification commands.
 - **`projscan_assess` / `projscan assess`** — proof-first assessment. Composes quality-scorecard, bug-hunt, and preflight into Proof Cards with local evidence, impact, a safe fix shape, verification commands, feedback or suppression guidance, and risk delta. Proof Cards include evidence strength, confidence reason, ranking reasons, trust memory, evidence gaps, and an AgentLoopKit handoff packet. Use `projscan assess --goal "make this repo safer to ship this week"` for a broad weekly pass, `projscan assess --mode fix-first --format markdown` when you want one or two next actions instead of a long list, `--feedback .projscan-feedback.json` when local reviewer memory should affect ranking, or `--baseline previous-assess.json` to compare against a prior assessment. The command is read-only and does not release, tag, publish, or deploy.
 - **`projscan_simulate` / `projscan simulate`** — risk delta simulator. Evaluates a proposed change plan before editing and returns likely touched files, affected tests, contract surfaces, rollout steps, proof commands, confidence, projected before/after risk, alternatives, and a recommended option. Use `projscan simulate --plan "split bugHunt.ts into ranking, evidence, and output modules"` before doing a refactor. The command is read-only and does not execute the plan.
-- **`projscan_prove` / `projscan prove`** — executable Proof Contracts and Proof Replay. Use `projscan prove --intent "<change>"` before editing to get allowed files, forbidden files, risky contracts, likely tests, proof commands, rollback, confidence, Trust Memory signals, and reviewer guidance. Use `projscan prove --record-command "<command>" --exit-code <code>` to record proof outcomes in the local ledger. Use `projscan prove --changed --contract .projscan/proof-contract.json --format markdown` after editing to produce a Proof Receipt with changed-file classes, scope drift, forbidden touches, proof status, stale proof, failed proof, risk delta, reviewer decision, and commit readiness.
+- **`projscan_prove` / `projscan prove`** — executable Proof Contracts, Verified Workflow JSON, Proof Replay, and Proof Sufficiency. Use `projscan prove --intent "<change>"` before editing to get allowed files, forbidden files, risky contracts, likely tests, proof commands, rollback, confidence, Trust Memory signals, reviewer guidance, and `proofRequirements`. Use `projscan prove --run -- <command...>` to execute a local proof command and record a `prove-run` ledger row. Use `projscan prove --record-command "<command>" --exit-code <code>` for imported proof outcomes from CI or another runner. Use `projscan prove --changed --contract .projscan/proof-contract.json --format markdown` after editing to produce a Proof Receipt with changed-file classes, scope drift, forbidden touches, proof status, `proofReplay`, `changedAfterProof`, receipt fingerprint, `proofSufficiency`, stale proof, failed proof, risk delta, reviewer decision, and commit readiness. MCP can create and replay contracts and record imported proof; only the CLI `prove --run` executes local commands. Read `verifiedWorkflow` when an agent needs the next action without parsing Markdown.
 - **`projscan_understand` / `projscan understand`** — cited repo-comprehension surface. Returns repo maps, runtime flow maps, contract maps, change-readiness guidance, verification tiers, unknowns, read-first files, and exact next commands.
 - **`projscan_adoption` / `projscan init team` / `projscan init mcp` / `projscan mcp doctor` / `projscan init policy` / `projscan init github-action` / `projscan recipes` / `projscan first-run` / `projscan telemetry` / `projscan dogfood`** — adoption layer. Returns MCP client config snippets, setup verification, policy starters, PR workflow scaffolding with validated PR comments and block-only enforcement, baseline memory, ownership routing, first-PR onboarding steps, repeatable team-bootstrap and PR-automation recipes, multi-repo dogfood evidence, measured reviewer feedback, default-off telemetry controls, adoption trial reports, and setup diagnostics.
 - **`projscan_release_train` / `projscan release-train`** — product-line readiness planner. Plans upcoming product lines with version, scope, readiness, and next-action evidence.
@@ -720,6 +762,14 @@ projscan fix -y
 | Test framework | `vitest.config.ts` + sample test file, adds `test` script to package.json | `vitest`                                               |
 | EditorConfig   | `.editorconfig` (UTF-8, LF, 2-space indent, trim trailing whitespace)     | Nothing                                                |
 
+### explain-issue
+
+```bash
+projscan explain-issue <issue_id>
+```
+
+Shows the code excerpt, related issues in the same file, similar past fixes from git history, and the structured fix suggestion for one issue id.
+
 ### diagram
 
 ```bash
@@ -882,10 +932,62 @@ projscan mcp --watch    # 1.3+: also push notifications/file_changed on every ba
 
 Runs ProjScan as an [MCP (Model Context Protocol)](https://modelcontextprotocol.io) server over stdio. AI coding agents (Claude Code, Cursor, Windsurf, any MCP client) can call ProjScan during a session to ground their suggestions in live project state.
 
-With `--watch`, the server starts an in-process file watcher and emits a JSON-RPC `notifications/file_changed` notification on every debounced batch (paths + post-update graph size + timestamp). The capability is advertised under `experimental.fileChanged` on the `initialize` response so clients can detect support before subscribing. Off by default — agents that don't need push updates pay nothing for it.
+With `--watch`, the server starts an in-process file watcher and emits a JSON-RPC `notifications/file_changed` notification on every debounced batch (paths + post-update graph size + timestamp). The capability is advertised under `experimental.fileChanged` on the `initialize` response so clients can detect support before subscribing. Agents that do not need push updates can leave it off.
 
 See [MCP Server for AI Agents](#mcp-server-for-ai-agents).
 
+### assess
+
+```bash
+projscan assess --goal "make this repo safer to ship this week" --format json
+projscan assess --mode fix-first --format markdown
+```
+
+Runs a proof-first assessment from local quality, bug-hunt, preflight, hotspot, and feedback evidence. Use `--mode fix-first` when you want one or two ranked actions instead of a long report.
+
+### simulate
+
+```bash
+projscan simulate --plan "split bugHunt.ts into ranking, evidence, and output modules" --format json
+```
+
+Predicts likely files, affected tests, contract surfaces, rollout steps, proof commands, and before/after risk for a proposed plan. It is read-only: it does not edit files, run tests, tag, publish, or deploy.
+
+### prove
+
+```bash
+projscan prove --intent "is my agent allowed to change billing retry logic?" --save-contract .projscan/proof-contract.json
+# Make the bounded edit, then run the proof command.
+projscan prove --run -- npm test -- tests/billing/retry.test.ts
+projscan prove --changed --contract .projscan/proof-contract.json --format markdown
+```
+
+Creates a local Proof Contract, records explicit proof command outcomes in the Proof Ledger, and checks the current working tree against the saved contract after the edit. `prove --run` executes only the command after `--` and keeps shell execution disabled. `prove --record-command` imports external proof into the local ledger without running it.
+
+### evidence-pack
+
+```bash
+projscan evidence-pack --pr-comment
+```
+
+Builds a reviewer-facing evidence packet from release-train, bug-hunt, workplan, preflight, and the latest Proof Receipt when available. Use the PR comment output when reviewers need risk, owner, proof, and next-command context in one Markdown block.
+
+### privacy-check
+
+```bash
+projscan privacy-check --format markdown
+```
+
+Shows which paths projscan reads, which files stay ignored, which features can touch the network, and whether telemetry can send anything from the current configuration.
+
+### mission-proof
+
+```bash
+projscan mission-proof --mission .projscan/mission --format markdown
+```
+
+Summarizes saved Mission Control proof logs, pass/fail status, reviewer gate evidence, reruns, and optional manual baseline comparisons.
+
 ### session _(1.4+)_
 
 ```bash
@@ -1090,6 +1192,15 @@ ProjScan loads a project-wide config from one of:
   "severityOverrides": {
     "missing-prettier": "info"
   },
+  "proofRecipes": [
+    {
+      "id": "billing-critical",
+      "matches": ["src/billing/**"],
+      "requiredCommands": ["npm test -- tests/billing/retry.test.ts"],
+      "requiredReviewers": ["@platform"],
+      "forbiddenFiles": ["src/auth/**"]
+    }
+  ],
   "reportPolicies": {
     "apiEvidence": {
       "reportScope": ["src/api", "packages/backend"],
@@ -1117,6 +1228,7 @@ ProjScan loads a project-wide config from one of:
 | `disableRules`        | string[]                                         | Silence rules by id. Exact match (`missing-prettier`) or wildcard prefix (`large-*`).                                                                         |
 | `suppress`            | `Record<string, string[]>`                       | Silence a rule only for matching paths/globs, for example `{ "hardcoded-secret": ["src/firebase.ts"] }`. Other rules still run on that file.                  |
 | `severityOverrides`   | `Record<string, 'info' \| 'warning' \| 'error'>` | Remap a rule's severity. Useful for downgrading project-specific false positives without disabling them.                                                      |
+| `proofRecipes`        | `{ id: string; matches: string[]; requiredCommands: string[]; requiredReviewers?: string[]; forbiddenFiles?: string[]; riskSurface?: string; reason?: string }[]` | Add Team Proof Recipes to `projscan prove` contracts and receipts when a matching recipe is configured. Recipes without a command are skipped; recipes do not execute commands. |
 | `reportPolicies`      | `Record<string, { reportScope?: string[]; redactPaths?: boolean }>` | Named evidence export presets selected with `--report-policy <name>` on `analyze`, `doctor`, and `ci`.                                      |
 | `hotspots.limit`      | number (1–100)                                   | Default limit for `projscan hotspots`.                                                                                                                        |
 | `hotspots.since`      | string                                           | Default git history window for `projscan hotspots`.                                                                                                           |
@@ -1129,6 +1241,14 @@ Use inline suppressions for a single confirmed false positive:
 const firebaseKey = "AIza..." // projscan-ignore-line hardcoded-secret -- Firebase web keys are public identifiers
 ```
 
+Use `proofRecipes` when a sensitive path needs team proof. When a matching
+recipe is configured, `projscan prove` adds its commands, reviewers, and
+forbidden files to the Proof Contract and Proof Receipt. The recipe does not run proof commands by itself.
+Recipe IDs and reviewer handles use a conservative identifier shape, duplicate
+recipe IDs keep the first recipe, and path patterns support exact paths plus
+`*` and `**` globs. Broad `forbiddenFiles` globs can mark many changed files as
+drift, so keep them scoped to the smallest risky area.
+
 ### Embedded config in `package.json`
 
 If you prefer to keep everything in `package.json`:
@@ -1234,7 +1354,7 @@ projscan ci --help
 
 ### Languages
 
-ProjScan maps file extensions to language names. Supported languages include TypeScript, JavaScript, Python, Go, Rust, Java, C#, C++, C, Ruby, PHP, Swift, Kotlin, Dart, Lua, Scala, R, Shell, CSS, SCSS/Sass, HTML, JSON, YAML, Markdown, SQL, and more.
+ProjScan maps file extensions to language names. AST-aware adapters cover TypeScript, JavaScript, Python, Go, Rust, Java, C#, C++, Ruby, PHP, Swift, and Kotlin. File-level detection also covers C, Dart, Lua, Scala, R, Shell, CSS, SCSS/Sass, HTML, JSON, YAML, Markdown, SQL, and related project files.
 
 The **primary language** is the one with the most files.
 
@@ -1368,7 +1488,7 @@ This is heuristic-based and works best with conventional project structures. Pro
 
 ## File Explanation Engine
 
-The `explain` command performs regex-based static analysis. It does not execute your code or make network calls.
+The `explain-issue` command performs regex-based static analysis around one issue. It does not execute your code or make network calls.
 
 **Import detection** handles:
 
@@ -1445,7 +1565,7 @@ _Structural / agent-native:_
 - `projscan_quality_scorecard` — dimensioned quality view with top risks and verification commands.
 - `projscan_assess` — proof-first assessment with Proof Cards, risk delta, and fix-first guidance.
 - `projscan_simulate` — risk delta simulator for proposed change plans before editing.
-- `projscan_prove` — executable Proof Contracts, local Proof Ledger rows, and replayed Proof Receipts for proposed and completed changes.
+- `projscan_prove` — Proof Contracts and Proof Receipts for proposed and completed changes. MCP records and replays imported proof; only CLI `prove --run` executes commands.
 - `projscan_adoption` — adoption helper for MCP client snippets, MCP setup doctor, agent workflow recipes, and first-run diagnostics.
 - `projscan_release_train` — product-line readiness plan with scope and next-action evidence.
 - `projscan_evidence_pack` — approval packet with planning, bug-hunt, workplan, preflight, changelog, and website prompt evidence.
@@ -1608,7 +1728,7 @@ ProjScan has three first-class CI integration paths:
 
 ### 1. First-party GitHub Action (recommended)
 
-The easiest path - installs projscan, runs the health gate, uploads SARIF to GitHub Code Scanning.
+The GitHub Action installs projscan, runs the health gate, and uploads SARIF to GitHub Code Scanning.
 
 ```yaml
 name: ProjScan
@@ -1691,7 +1811,7 @@ projscan diff --format json          # Shows new/resolved issues + hotspot movem
 
 ### "No package.json found"
 
-The `dependencies` and `fix` commands require a `package.json` in the current directory. Other commands (`analyze`, `structure`, `diagram`, `explain`) work without one.
+The `dependencies` and `fix` commands require a `package.json` in the current directory. Other commands (`analyze`, `structure`, `diagram`, `explain-issue`) work without one.
 
 ### Scan is slow
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.13.0",
+  "version": "4.15.0",
   "description": "Local code intelligence for agent-assisted engineering. Focused daily workflows for repo orientation before edits, proof before handoff or commit, and release-candidate review, with AST-backed evidence through an MCP server and CLI. Runs locally by default.",
   "type": "module",
   "main": "./dist/index.js",