npm - projscan - Versions diffs - 4.6.0 → 4.7.0 - Mend

projscan 4.6.0 → 4.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

package/README.md +24 -11
package/dist/cli/_shared.js +12 -44
package/dist/cli/_shared.js.map +1 -1
package/dist/cli/changedOnly.d.ts +16 -0
package/dist/cli/changedOnly.js +28 -0
package/dist/cli/changedOnly.js.map +1 -0
package/dist/cli/formatOptions.d.ts +4 -0
package/dist/cli/formatOptions.js +30 -0
package/dist/cli/formatOptions.js.map +1 -0
package/dist/core/agentBrief.js +6 -1
package/dist/core/agentBrief.js.map +1 -1
package/dist/core/astBodySignals.js +2 -3
package/dist/core/astBodySignals.js.map +1 -1
package/dist/core/astMembers.d.ts +1 -0
package/dist/core/astMembers.js +38 -9
package/dist/core/astMembers.js.map +1 -1
package/dist/core/bugHunt.js +2 -142
package/dist/core/bugHunt.js.map +1 -1
package/dist/core/bugHuntHotspotFindings.d.ts +2 -0
package/dist/core/bugHuntHotspotFindings.js +68 -0
package/dist/core/bugHuntHotspotFindings.js.map +1 -0
package/dist/core/bugHuntPreflightFindings.d.ts +3 -0
package/dist/core/bugHuntPreflightFindings.js +115 -0
package/dist/core/bugHuntPreflightFindings.js.map +1 -0
package/dist/core/codeGraph.d.ts +1 -8
package/dist/core/codeGraph.js +4 -30
package/dist/core/codeGraph.js.map +1 -1
package/dist/core/codeGraphFileSelection.d.ts +7 -0
package/dist/core/codeGraphFileSelection.js +19 -0
package/dist/core/codeGraphFileSelection.js.map +1 -0
package/dist/core/codeGraphQueries.d.ts +9 -0
package/dist/core/codeGraphQueries.js +25 -0
package/dist/core/codeGraphQueries.js.map +1 -0
package/dist/core/dataflow.js +3 -338
package/dist/core/dataflow.js.map +1 -1
package/dist/core/dataflowDatabaseSinks.d.ts +8 -0
package/dist/core/dataflowDatabaseSinks.js +78 -0
package/dist/core/dataflowDatabaseSinks.js.map +1 -0
package/dist/core/dataflowRiskAssembly.d.ts +11 -0
package/dist/core/dataflowRiskAssembly.js +117 -0
package/dist/core/dataflowRiskAssembly.js.map +1 -0
package/dist/core/dataflowTraversal.d.ts +25 -0
package/dist/core/dataflowTraversal.js +200 -0
package/dist/core/dataflowTraversal.js.map +1 -0
package/dist/core/fileInspectionReport.d.ts +13 -0
package/dist/core/fileInspectionReport.js +49 -0
package/dist/core/fileInspectionReport.js.map +1 -0
package/dist/core/fileInspector.d.ts +3 -11
package/dist/core/fileInspector.js +2 -46
package/dist/core/fileInspector.js.map +1 -1
package/dist/core/fixSuggest.d.ts +1 -9
package/dist/core/fixSuggest.js +2 -58
package/dist/core/fixSuggest.js.map +1 -1
package/dist/core/fixSuggestDependencyNames.d.ts +1 -0
package/dist/core/fixSuggestDependencyNames.js +9 -0
package/dist/core/fixSuggestDependencyNames.js.map +1 -0
package/dist/core/fixSuggestPreview.d.ts +10 -0
package/dist/core/fixSuggestPreview.js +87 -0
package/dist/core/fixSuggestPreview.js.map +1 -0
package/dist/core/frameworkHonoSources.js +7 -0
package/dist/core/frameworkHonoSources.js.map +1 -1
package/dist/core/frameworkNextRouteSources.d.ts +6 -1
package/dist/core/frameworkNextRouteSources.js +31 -1
package/dist/core/frameworkNextRouteSources.js.map +1 -1
package/dist/core/frameworkRemixSources.d.ts +2 -0
package/dist/core/frameworkRemixSources.js +63 -0
package/dist/core/frameworkRemixSources.js.map +1 -0
package/dist/core/frameworkSources.d.ts +15 -3
package/dist/core/frameworkSources.js +41 -10
package/dist/core/frameworkSources.js.map +1 -1
package/dist/core/intentRouter.d.ts +4 -14
package/dist/core/intentRouter.js +4 -29
package/dist/core/intentRouter.js.map +1 -1
package/dist/core/intentRouterCatalog.js +17 -0
package/dist/core/intentRouterCatalog.js.map +1 -1
package/dist/core/intentRouterKeywordWeights.js +13 -0
package/dist/core/intentRouterKeywordWeights.js.map +1 -1
package/dist/core/intentRouterReleaseSignals.js +119 -39
package/dist/core/intentRouterReleaseSignals.js.map +1 -1
package/dist/core/intentRouterResult.d.ts +16 -0
package/dist/core/intentRouterResult.js +34 -0
package/dist/core/intentRouterResult.js.map +1 -0
package/dist/core/intentRouterWorkSignals.js +18 -0
package/dist/core/intentRouterWorkSignals.js.map +1 -1
package/dist/core/languages/pythonLockfiles.d.ts +4 -0
package/dist/core/languages/pythonLockfiles.js +6 -2
package/dist/core/languages/pythonLockfiles.js.map +1 -1
package/dist/core/languages/pythonManifests.js +5 -5
package/dist/core/languages/pythonManifests.js.map +1 -1
package/dist/core/languages/pythonProjectEvidence.js +1 -1
package/dist/core/languages/pythonProjectEvidence.js.map +1 -1
package/dist/core/languages/pythonRequirements.js +144 -18
package/dist/core/languages/pythonRequirements.js.map +1 -1
package/dist/core/pluginManifestValidation.d.ts +41 -0
package/dist/core/pluginManifestValidation.js +179 -0
package/dist/core/pluginManifestValidation.js.map +1 -0
package/dist/core/plugins.d.ts +3 -41
package/dist/core/plugins.js +2 -129
package/dist/core/plugins.js.map +1 -1
package/dist/core/regressionPlan.d.ts +2 -1
package/dist/core/regressionPlan.js +7 -1
package/dist/core/regressionPlan.js.map +1 -1
package/dist/core/releaseEvidence.js +6 -120
package/dist/core/releaseEvidence.js.map +1 -1
package/dist/core/releaseEvidenceArtifacts.d.ts +3 -0
package/dist/core/releaseEvidenceArtifacts.js +65 -0
package/dist/core/releaseEvidenceArtifacts.js.map +1 -0
package/dist/core/releaseEvidenceVerdict.d.ts +6 -0
package/dist/core/releaseEvidenceVerdict.js +54 -0
package/dist/core/releaseEvidenceVerdict.js.map +1 -0
package/dist/core/reportPathRedaction.d.ts +4 -0
package/dist/core/reportPathRedaction.js +64 -0
package/dist/core/reportPathRedaction.js.map +1 -0
package/dist/core/reportScope.js +2 -163
package/dist/core/reportScope.js.map +1 -1
package/dist/core/reportScopeFiltering.d.ts +9 -0
package/dist/core/reportScopeFiltering.js +102 -0
package/dist/core/reportScopeFiltering.js.map +1 -0
package/dist/core/searchIndex.d.ts +2 -14
package/dist/core/searchIndex.js +4 -227
package/dist/core/searchIndex.js.map +1 -1
package/dist/core/searchIndexFiles.d.ts +1 -0
package/dist/core/searchIndexFiles.js +26 -0
package/dist/core/searchIndexFiles.js.map +1 -0
package/dist/core/searchIndexText.d.ts +15 -0
package/dist/core/searchIndexText.js +204 -0
package/dist/core/searchIndexText.js.map +1 -0
package/dist/core/start.js +5 -46
package/dist/core/start.js.map +1 -1
package/dist/core/startEvidence.d.ts +1 -1
package/dist/core/startEvidence.js +16 -1
package/dist/core/startEvidence.js.map +1 -1
package/dist/core/startInputs.d.ts +1 -0
package/dist/core/startInputs.js +4 -1
package/dist/core/startInputs.js.map +1 -1
package/dist/core/startMissionPolicy.js +10 -0
package/dist/core/startMissionPolicy.js.map +1 -1
package/dist/core/startReportBuilder.d.ts +1 -0
package/dist/core/startReportBuilder.js +1 -0
package/dist/core/startReportBuilder.js.map +1 -1
package/dist/core/startReportContext.d.ts +23 -0
package/dist/core/startReportContext.js +51 -0
package/dist/core/startReportContext.js.map +1 -0
package/dist/core/startRoadmapPreview.d.ts +2 -0
package/dist/core/startRoadmapPreview.js +31 -0
package/dist/core/startRoadmapPreview.js.map +1 -0
package/dist/core/taint.d.ts +2 -67
package/dist/core/taint.js +41 -164
package/dist/core/taint.js.map +1 -1
package/dist/core/taintIndex.d.ts +20 -0
package/dist/core/taintIndex.js +81 -0
package/dist/core/taintIndex.js.map +1 -0
package/dist/core/taintTraversal.d.ts +8 -0
package/dist/core/taintTraversal.js +113 -0
package/dist/core/taintTraversal.js.map +1 -0
package/dist/core/taintTypes.d.ts +67 -0
package/dist/core/taintTypes.js +2 -0
package/dist/core/taintTypes.js.map +1 -0
package/dist/core/telemetry.js +36 -30
package/dist/core/telemetry.js.map +1 -1
package/dist/core/upgradePreviewPython.js +1 -1
package/dist/core/upgradePreviewPython.js.map +1 -1
package/dist/mcp/tools.js +11 -12
package/dist/mcp/tools.js.map +1 -1
package/dist/projscan-sbom.cdx.json +6 -6
package/dist/reporters/consoleFixReporter.d.ts +3 -0
package/dist/reporters/consoleFixReporter.js +41 -0
package/dist/reporters/consoleFixReporter.js.map +1 -0
package/dist/reporters/consoleReporter.d.ts +1 -3
package/dist/reporters/consoleReporter.js +1 -42
package/dist/reporters/consoleReporter.js.map +1 -1
package/dist/tool-manifest.json +2 -2
package/dist/types/start.d.ts +14 -0
package/docs/GUIDE.md +1 -1
package/docs/ROADMAP.md +16 -5
package/package.json +1 -1

package/dist/reporters/consoleReporter.d.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import type { Issue, Fix, FixResult } from '../types.js';
 export { reportDiagram, reportStructure } from './consoleArchitectureReporter.js';
 export { reportAnalysis } from './consoleAnalysisReporter.js';
 export { reportAudit } from './consoleAuditReporter.js';
@@ -7,6 +6,7 @@ export { reportCoupling } from './consoleCouplingReporter.js';
 export { reportDependencies } from './consoleDependencyReporter.js';
 export { reportDiff } from './consoleDiffReporter.js';
 export { reportExplanation } from './consoleExplanationReporter.js';
+export { reportDetectedIssues, reportFixResults } from './consoleFixReporter.js';
 export { reportExplainIssue, reportFixSuggest } from './consoleFixGuidanceReporter.js';
 export { reportFileInspection } from './consoleFileReporter.js';
 export { reportHealth } from './consoleHealthReporter.js';
@@ -19,5 +19,3 @@ export { reportReview } from './consoleReviewReporter.js';
 export { reportUpgrade } from './consoleUpgradeReporter.js';
 export { reportCoverage } from './consoleCoverageReporter.js';
 export { reportWorkspaces } from './consoleWorkspaceReporter.js';
-export declare function reportDetectedIssues(issues: Issue[], fixes: Fix[]): void;
-export declare function reportFixResults(results: FixResult[]): void;

package/dist/reporters/consoleReporter.js CHANGED Viewed

@@ -1,4 +1,3 @@
-import chalk from 'chalk';
 export { reportDiagram, reportStructure } from './consoleArchitectureReporter.js';
 export { reportAnalysis } from './consoleAnalysisReporter.js';
 export { reportAudit } from './consoleAuditReporter.js';
@@ -7,6 +6,7 @@ export { reportCoupling } from './consoleCouplingReporter.js';
 export { reportDependencies } from './consoleDependencyReporter.js';
 export { reportDiff } from './consoleDiffReporter.js';
 export { reportExplanation } from './consoleExplanationReporter.js';
+export { reportDetectedIssues, reportFixResults } from './consoleFixReporter.js';
 export { reportExplainIssue, reportFixSuggest } from './consoleFixGuidanceReporter.js';
 export { reportFileInspection } from './consoleFileReporter.js';
 export { reportHealth } from './consoleHealthReporter.js';
@@ -18,45 +18,4 @@ export { reportReview } from './consoleReviewReporter.js';
 export { reportUpgrade } from './consoleUpgradeReporter.js';
 export { reportCoverage } from './consoleCoverageReporter.js';
 export { reportWorkspaces } from './consoleWorkspaceReporter.js';
-// ── Helpers ───────────────────────────────────────────────
-function header(title) {
-    const line = '─'.repeat(Math.max(title.length + 2, 40));
-    return `\n${chalk.bold.cyan(title)}\n${chalk.dim(line)}`;
-}
-function severityIcon(severity) {
-    switch (severity) {
-        case 'error':
-            return chalk.red('✗');
-        case 'warning':
-            return chalk.yellow('⚠');
-        case 'info':
-            return chalk.blue('ℹ');
-        default:
-            return chalk.dim('·');
-    }
-}
-// ── Report: fix ───────────────────────────────────────────
-export function reportDetectedIssues(issues, fixes) {
-    console.log(header('Detected Issues'));
-    for (const issue of issues.filter((i) => i.fixAvailable)) {
-        console.log(`  ${severityIcon(issue.severity)} ${issue.title}`);
-    }
-    console.log(header('Proposed Fixes'));
-    for (let i = 0; i < fixes.length; i++) {
-        console.log(`  ${chalk.bold(String(i + 1) + '.')} ${fixes[i].title}`);
-    }
-    console.log('');
-}
-export function reportFixResults(results) {
-    console.log('');
-    for (const result of results) {
-        if (result.success) {
-            console.log(`  ${chalk.green('✔')} ${result.fix.title}`);
-        }
-        else {
-            console.log(`  ${chalk.red('✗')} ${result.fix.title} - ${chalk.dim(result.error ?? 'unknown error')}`);
-        }
-    }
-    console.log('');
-}
 //# sourceMappingURL=consoleReporter.js.map

package/dist/reporters/consoleReporter.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"consoleReporter.js","sourceRoot":"","sources":["../../src/reporters/consoleReporter.ts"],"names":[],"mappings":"AAAA,OAAO,~~KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,~~EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAEjE,6DAA6D;AAE7D,SAAS,MAAM,CAAC,KAAa;IAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,KAAK,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;AAC3D,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxB,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,MAAM;YACT,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACzB;YACE,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,6DAA6D;AAE7D,MAAM,UAAU,oBAAoB,CAAC,MAAe,EAAE,KAAY;IAChE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC;IACvC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAoB;IACnD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CACT,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,MAAM,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,EAAE,CAC1F,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}
1	+ {"version":3,"file":"consoleReporter.js","sourceRoot":"","sources":["../../src/reporters/consoleReporter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC"}

package/dist/tool-manifest.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "projscan",
-  "version": "4.6.0",
+  "version": "4.7.0",
   "mcpProtocolVersion": null,
-  "generatedAt": "2026-06-17T15:59:22.201Z",
+  "generatedAt": "2026-06-17T22:15:49.227Z",
   "toolCount": 45,
   "tools": [
     {

package/dist/types/start.d.ts CHANGED Viewed

@@ -37,6 +37,19 @@ export interface StartAdoptionLoop {
     metrics: StartAdoptionLoopMetric[];
     nextCommands: string[];
 }
+export interface StartRoadmapWorkstream {
+    id: string;
+    title: string;
+    priority: WorkplanPriority;
+    track: string;
+    verificationCommand?: string;
+}
+export interface StartRoadmapPreview {
+    policy: 'product-readiness-plan';
+    readOnly: true;
+    lines: string[];
+    workstreams: StartRoadmapWorkstream[];
+}
 export interface StartFirstTenMinutesStep {
     id: string;
     label: string;
@@ -426,6 +439,7 @@ export interface StartReport {
                 truncated?: boolean;
             };
         };
+        roadmapPreview?: StartRoadmapPreview;
     };
     topRisks: StartRisk[];
     fixFirst?: FixFirstRecommendation;

package/docs/GUIDE.md CHANGED Viewed

@@ -180,7 +180,7 @@ When the agent first opens a repo, or before starting a refactor, the question i
   For short proof-command phrasing, such as `projscan start --intent "give me proof commands"`, it also routes to `projscan_regression_plan --level focused`; reviewer-proof wording with PR comments still routes to `projscan_evidence_pack`.
   For pre-push command questions, such as `projscan start --intent "what commands should I run before pushing?"`, it routes to `projscan_regression_plan --level focused` so the branch has a small verification loop before it leaves the workstation.
   For release-readiness wording, such as `projscan start --intent "what should I check before release?"`, `projscan start --intent "can I deploy this?"`, `projscan start --intent "prepare this branch for deployment"`, `projscan start --intent "what changed since last release?"`, `projscan start --intent "write a release note for this change"`, or `projscan start --intent "draft changelog entry"`, it routes to `projscan_release_train` so changelog, package, SBOM, provenance, and blockers are reviewed before deploying or publishing.
-  For product-planning questions, such as `projscan start --intent "what should we build next?"` or `projscan start --intent "plan the product roadmap"`, it routes to `projscan_workplan --mode bug_hunt` so broad product direction becomes an ordered, verifiable product-planning workplan with explicit accept, defer, or split criteria instead of a generic before-edit orientation.
+  For product-planning questions, such as `projscan start --intent "what should we build next?"` or `projscan start --intent "plan the product roadmap"`, it routes to `projscan_release_train` / `projscan release-train` so broad product direction becomes read-only roadmap planning with current post-4.4 workstreams and `evidence.roadmapPreview` instead of a generic before-edit orientation.
   For broad improvement-planning questions, such as `projscan start --intent "what should we improve next?"`, it routes to `projscan_bug_hunt` so the agent gets an actionable ranked queue; technical variants such as tests, performance, release, dependencies, or safety keep their specialized routes.
   For quick-win and low-risk improvement wording, such as `projscan start --intent "find a quick win"`, `projscan start --intent "what is a low risk improvement?"`, or `projscan start --intent "pick a small safe task"`, it routes to `projscan_bug_hunt` so a ranked, verifiable action queue is selected instead of a generic quality readout.
   For tiny-task and beginner-safe wording, such as `projscan start --intent "what can I do in five minutes?"`, `projscan start --intent "pick an easy task for me"`, or `projscan start --intent "what should an intern work on?"`, it also routes to `projscan_bug_hunt`.

package/docs/ROADMAP.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # ProjScan Roadmap
-Last reviewed 2026-06-16.
+Last reviewed 2026-06-17.
 ---
@@ -45,7 +45,7 @@ Four plays, in order:
 3. **Become the operator, not the advisor** — stop suggesting and start acting (cross-repo, apply, security gate). ✅ Shipped in the 1.6 arc.
 4. **Expand the moat** — depth where it matters (CFG / dataflow on hot paths, more languages, sub-file embeddings, cost analytics, live PR review, plugin extensibility). Not everywhere; we're not trying to be Cody. ✅ The 1.7 → 2.0 arc turns this into a platform contract.
 5. **Coordinate the swarm** — collision detection, claims/leases, merge-risk preflight, intent routing, one-call coordination, and live coordinate watch shipped across the 3.6 through 3.7 arc, with the 4.0 tool-surface consolidation now complete. The next work is evidence: prove which commands agents reach for in real multi-worktree sessions, then deepen only the paths that prevent integration failures.
-6. **Make agent proof release-ready** — 4.1 through 4.5 turned Mission Control into a goal → mission → proof → review harness and packaged the post-4.4 implementation train: current planning surfaces, adoption examples, precise framework dataflow, scoped/redacted evidence exports, Python upgrade previews, and hotspot maintainability cleanup.
+6. **Make agent proof release-ready** — 4.1 through 4.6 turned Mission Control into a goal → mission → proof → review harness and packaged the post-4.4 implementation train: current planning surfaces, adoption examples, precise framework dataflow, scoped/redacted evidence exports, Python upgrade previews, coordination evidence, public graph types, and hotspot maintainability cleanup.
 We are _not_ trying to be:
@@ -56,9 +56,9 @@ We are _not_ trying to be:
 ## Now / Next / Later
-### Now — Post-4.5 Validation
+### Now — Post-4.6 Validation
-4.5.0 "Review-Ready Intelligence Train" packages the post-4.4 implementation train. The next work is validation and selective hardening from real use, not another broad feature push.
+4.6.0 "Agent Coordination And Routing Hardening" packages the latest post-4.4 implementation train. The next work is validation and selective hardening from real use, not another broad feature push or another release push.
 The active validation lines are:
@@ -70,7 +70,18 @@ The active validation lines are:
 Strictly **local-first** throughout: same-repo / same-machine evidence, no daemon, no cloud, no hidden network calls, no new telemetry, and no secret-value reads.
-Success signals: teams copy the adoption examples into real reviews, scoped/redacted artifacts are accepted by reviewers, Python upgrade previews identify useful local evidence, dataflow additions stay quiet on lookalikes, and release bug-hunts remain free of concrete defects.
+Success signals: teams copy the adoption examples into real reviews, scoped/redacted artifacts are accepted by reviewers, Python upgrade previews identify useful local evidence, coordination evidence explains multi-agent decisions, dataflow additions stay quiet on lookalikes, and release bug-hunts remain free of concrete defects.
+### Recently Completed — 4.6.0 (2026)
+**4.6.0 "Agent Coordination And Routing Hardening"** shipped the next hardening pass after the review-ready train:
+- Framework-gated request-source coverage now includes Next `nextUrl`, Hono URL reads, Express URL reads, Koa URL reads, and Fastify URL reads.
+- Agent hints include concrete local coordination evidence for multi-agent collision, handoff, and coordination decisions.
+- Public consumers can import code graph result types.
+- Mission Control start, intent router, review, CLI, and MCP test surfaces were split into focused suites while preserving public behavior.
+- Intent routing, code graph parsing/indexing, release evidence, upgrade preview, CLI reporting, and MCP transport helpers moved into smaller modules.
+- MCP watch IDs, request notifications, no-release continuation routing, agent harness proof routing, Python upgrade evidence, scoped dependency redaction, path-safe file links, unresolved review refs, and inspector purpose detection were tightened.
 ### Recently Completed — 4.5.0 (2026)

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.6.0",
+  "version": "4.7.0",
   "description": "Agent-first code intelligence. MCP server (2025-03-26) with 11 AST adapters covering 12 named languages: JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; repo understanding maps (projscan_understand), stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",