projscan 4.7.0 → 4.8.0

package/dist/types/startMissionProof.d.ts

@@ -0,0 +1,91 @@
+import type { PreflightSuggestedAction } from './preflight.js';
+export type MissionRunStatus = 'not_run' | 'running' | 'passed' | 'failed' | 'unknown';
+export interface MissionProofStatusRow {
+    id: string;
+    label?: string;
+    log?: string;
+    command?: string;
+    exitCode?: number;
+}
+export interface MissionReviewDecisionRecord {
+    decision: 'approve_next_slice' | 'request_changes' | 'review_version_candidate' | string;
+    reviewer?: string;
+    at?: string;
+    note?: string;
+}
+export interface MissionOutcome {
+    schemaVersion: 1;
+    available: boolean;
+    missionDir: string;
+    status: MissionRunStatus;
+    reason?: string;
+    nextAction?: string;
+    proof: {
+        completedCommands: number;
+        failedCommands: number;
+        reruns: number;
+        totalCommands?: number;
+        failedStep?: string;
+        failedLog?: string;
+        exitCode?: number;
+        rows: MissionProofStatusRow[];
+    };
+    review: {
+        decisions: MissionReviewDecisionRecord[];
+        approvals: number;
+        changeRequests: number;
+        versionCandidateReviews: number;
+    };
+    whatChanged: string[];
+    whatRemains: string[];
+    versionCandidate: {
+        recommendation: 'run_proof' | 'wait' | 'review_candidate' | 'do_not_cut';
+        summary: string;
+    };
+    resumePrompt: string;
+}
+export interface MissionProofBaselineRun {
+    id: string;
+    status: MissionRunStatus;
+    failedGates?: number;
+    reruns?: number;
+    minutesSpent?: number;
+    reviewerApprovals?: number;
+}
+export interface MissionProofTotals {
+    missions: number;
+    passed: number;
+    failed: number;
+    running: number;
+    notRun: number;
+    unavailable: number;
+    proofCompletionRate: number;
+    reruns: number;
+    failedGates: number;
+    reviewerApprovals: number;
+}
+export interface MissionProofReport {
+    schemaVersion: 1;
+    readOnly: true;
+    rootPath: string;
+    summary: string;
+    missionControl: {
+        missions: MissionOutcome[];
+        totals: MissionProofTotals;
+    };
+    baseline?: {
+        path: string;
+        runs: MissionProofBaselineRun[];
+        totals: MissionProofTotals & {
+            minutesSpent: number;
+        };
+    };
+    comparison?: {
+        completionRateDelta: number;
+        rerunsAvoided: number;
+        failedGatesAvoided: number;
+        minutesSaved: number;
+    };
+    riskAvoided: string[];
+    nextActions: PreflightSuggestedAction[];
+}

package/dist/types/startMissionProof.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=startMissionProof.js.map

package/dist/types/startMissionProof.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"startMissionProof.js","sourceRoot":"","sources":["../../src/types/startMissionProof.ts"],"names":[],"mappings":""}

package/dist/types/startMissionResume.d.ts

@@ -0,0 +1,100 @@
+import type { PreflightSuggestedAction } from './preflight.js';
+import type { StartMissionControlStatus, StartUnresolvedInput } from './startCommon.js';
+import type { StartExecutionCursor, StartExecutionPhaseId, StartExecutionStatus, StartExecutionStepKind } from './startExecution.js';
+import type { StartMissionReviewGate } from './startMissionReview.js';
+import type { StartMissionProofItem, StartMissionProofToolCall, StartMissionToolCall } from './startMissionTooling.js';
+export interface StartMissionResumeReference {
+    id: string;
+    phaseId: StartExecutionPhaseId;
+    kind: StartExecutionStepKind;
+    status: StartExecutionStatus;
+    label: string;
+    instruction?: string;
+    command?: string;
+    placeholder?: string;
+}
+export interface StartMissionInputBinding {
+    inputId: string;
+    label: string;
+    placeholder: string;
+    instruction: string;
+    followUpIds: string[];
+}
+export type StartMissionResumeChecklistItemKind = 'run_current' | 'resolve_input' | 'run_follow_up' | 'run_proof' | 'confirm_done';
+export interface StartMissionResumeChecklistItem {
+    id: string;
+    kind: StartMissionResumeChecklistItemKind;
+    phaseId: StartExecutionPhaseId;
+    stepId: string;
+    status: StartExecutionStatus;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    placeholder?: string;
+    instruction?: string;
+    blockedBy?: string[];
+    dependsOn?: string[];
+    unlocks?: string[];
+    followUpIds?: string[];
+}
+export interface StartMissionResumeFollowUp {
+    id: string;
+    phaseId: StartExecutionPhaseId;
+    kind: StartExecutionStepKind;
+    status: StartExecutionStatus;
+    label: string;
+    command?: string;
+    tool?: string;
+    args?: Record<string, unknown>;
+    blockedBy?: string[];
+    dependsOn?: string[];
+}
+export interface StartMissionResume {
+    currentStep: StartExecutionCursor;
+    status: StartExecutionStatus;
+    instruction: string;
+    prompt: string;
+    commandBlock?: string;
+    toolCall?: StartMissionToolCall;
+    followUps?: StartMissionResumeFollowUp[];
+    inputBindings?: StartMissionInputBinding[];
+    checklist?: StartMissionResumeChecklistItem[];
+    remainingProofItems?: StartMissionProofItem[];
+    remainingProofCommands?: string[];
+    remainingProofToolCalls?: StartMissionProofToolCall[];
+    unlocks?: StartMissionResumeReference[];
+    blockedBy?: StartMissionResumeReference[];
+}
+export interface StartMissionHandoff {
+    currentStep: StartExecutionCursor;
+    resume: StartMissionResume;
+    reviewGate: StartMissionReviewGate;
+    nextAction: PreflightSuggestedAction;
+    readyActions: PreflightSuggestedAction[];
+    needsInput: StartUnresolvedInput[];
+    doneWhen: string[];
+    readyProof: {
+        summary: string;
+        commands: string[];
+        toolCalls?: StartMissionProofToolCall[];
+        items?: StartMissionProofItem[];
+    };
+}
+export interface StartMissionRunbook {
+    title: string;
+    status: StartMissionControlStatus;
+    currentPhase: StartExecutionPhaseId;
+    currentStep: StartExecutionCursor;
+    resume: StartMissionResume;
+    readyCommandBlock: string;
+    blockedInputSummary?: string;
+    markdown: string;
+}
+export interface StartMissionTaskCard {
+    title: string;
+    status: StartMissionControlStatus;
+    currentPhase: StartExecutionPhaseId;
+    currentStep: StartExecutionCursor;
+    markdown: string;
+}

package/dist/types/startMissionResume.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=startMissionResume.js.map

package/dist/types/startMissionResume.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"startMissionResume.js","sourceRoot":"","sources":["../../src/types/startMissionResume.ts"],"names":[],"mappings":""}

package/dist/types/startMissionReview.d.ts

@@ -0,0 +1,45 @@
+import type { StartMissionControlStatus } from './startCommon.js';
+import type { StartMissionProofItem, StartMissionProofToolCall } from './startMissionTooling.js';
+export interface StartMissionReviewWorktree {
+    available: boolean;
+    clean: boolean;
+    changedFileCount: number;
+    files: string[];
+    baseRef: string | null;
+    summary: string;
+    reason?: string;
+}
+export interface StartMissionReviewProof {
+    summary: string;
+    commands: string[];
+    toolCalls?: StartMissionProofToolCall[];
+    items?: StartMissionProofItem[];
+}
+export type StartMissionReviewBlockedAction = 'next_slice' | 'release' | 'publish' | 'deploy' | 'push' | 'merge' | 'version_bump';
+export interface StartMissionReviewPolicy {
+    approvalRequired: true;
+    blockedActions: StartMissionReviewBlockedAction[];
+    summary: string;
+}
+export interface StartMissionReviewDecision {
+    id: 'approve_next_slice' | 'request_changes' | 'review_version_candidate';
+    label: string;
+    description: string;
+    consequence: string;
+    reply: string;
+}
+export interface StartMissionReviewGate {
+    title: string;
+    required: true;
+    status: StartMissionControlStatus;
+    stopCondition: string;
+    reviewPrompt: string;
+    checklist: string[];
+    doneWhen: string[];
+    policy: StartMissionReviewPolicy;
+    decisions: StartMissionReviewDecision[];
+    commands: string[];
+    worktree: StartMissionReviewWorktree;
+    proof: StartMissionReviewProof;
+    markdown: string;
+}

package/dist/types/startMissionReview.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=startMissionReview.js.map

package/dist/types/startMissionReview.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"startMissionReview.js","sourceRoot":"","sources":["../../src/types/startMissionReview.ts"],"names":[],"mappings":""}

package/dist/types/startMissionTooling.d.ts

@@ -0,0 +1,16 @@
+import type { StartExecutionStatus } from './startExecution.js';
+export interface StartMissionToolCall {
+    tool: string;
+    args?: Record<string, unknown>;
+}
+export interface StartMissionProofToolCall extends StartMissionToolCall {
+    stepId: string;
+    command: string;
+}
+export interface StartMissionProofItem {
+    stepId: string;
+    status: StartExecutionStatus;
+    label: string;
+    command: string;
+    toolCall?: StartMissionToolCall;
+}

package/dist/types/startMissionTooling.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=startMissionTooling.js.map

package/dist/types/startMissionTooling.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"startMissionTooling.js","sourceRoot":"","sources":["../../src/types/startMissionTooling.ts"],"names":[],"mappings":""}

package/dist/utils/changedFiles.d.ts

@@ -3,6 +3,7 @@ export interface ChangedFilesResult {
     reason?: string;
     baseRef: string | null;
     files: string[];
+    uncommittedFiles: string[];
 }
 /**
  * Return files changed since a git base ref. Uses three-dot diff semantics

package/dist/utils/changedFiles.js

@@ -18,6 +18,7 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
             reason: 'not a git repository',
             baseRef: null,
             files: [],
+            uncommittedFiles: [],
         };
     }
     const candidates = explicitBaseRef ? [explicitBaseRef] : [...DEFAULT_BASE_REFS, 'HEAD~1'];
@@ -29,8 +30,8 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
             continue;
         }
         try {
-            const files = await diffNames(rootPath, ref);
-            return { available: true, baseRef: ref, files };
+            const { files, uncommittedFiles } = await diffNames(rootPath, ref);
+            return { available: true, baseRef: ref, files, uncommittedFiles };
         }
         catch (err) {
             // 1.10+ — surface stdio-too-large explicitly instead of letting it
@@ -46,6 +47,7 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
                         '(typically > 100K files changed). Use --base-ref to pin a closer ref.',
                     baseRef: null,
                     files: [],
+                    uncommittedFiles: [],
                 };
             }
             lastError = err instanceof Error ? err.message : String(err);
@@ -55,7 +57,7 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
     try {
         const files = await statusNames(rootPath);
         if (files.length > 0) {
-            return { available: true, baseRef: '(working tree)', files };
+            return { available: true, baseRef: '(working tree)', files, uncommittedFiles: files };
         }
     }
     catch (err) {
@@ -66,6 +68,7 @@ export async function getChangedFiles(rootPath, explicitBaseRef) {
         reason: lastError ?? 'no usable base ref found',
         baseRef: null,
         files: [],
+        uncommittedFiles: [],
     };
 }
 async function isGitRepo(rootPath) {
@@ -104,7 +107,7 @@ async function diffNames(rootPath, baseRef) {
     }
     for (const f of uncommitted)
         set.add(f);
-    return [...set].sort();
+    return { files: [...set].sort(), uncommittedFiles: uncommitted };
 }
 async function statusNames(rootPath) {
     const { stdout } = await execFileAsync('git', ['status', '--porcelain', '--untracked-files=all'], { cwd: rootPath, maxBuffer: 10 * 1024 * 1024 });

package/dist/utils/changedFiles.js.map

@@ -1 +1 @@
-{"version":3,"file":"changedFiles.js","sourceRoot":"","sources":["../../src/utils/changedFiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;AAS7E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,eAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,EAAE;SACV,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC1F,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS,GAAG,kBAAkB,GAAG,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YAC7C,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,iEAAiE;YACjE,iEAAiE;YACjE,gEAAgE;YAChE,kEAAkE;YAClE,+BAA+B;YAC/B,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,MAAM,EACJ,qBAAqB,GAAG,oCAAoC;wBAC5D,uEAAuE;oBACzE,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE;iBACV,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;QAC/D,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,IAAI,0BAA0B;QAC/C,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;KACV,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,GAAW;IACpD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,OAAe;IACxD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,GAAG,OAAO,SAAS,CAAC,EAC/D,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IAEF,kFAAkF;IAClF,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,QAAQ,EAAE,aAAa,EAAE,uBAAuB,CAAC,EAClD,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YAAE,SAAS;QAC1B,kEAAkE;QAClE,0EAA0E;QAC1E,oEAAoE;QACpE,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAG;YACpC,CAAC,CAAC,aAAa,CAAC;QAClB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA4C,CAAC;IACvD,IAAI,CAAC,CAAC,IAAI,KAAK,mCAAmC;QAAE,OAAO,IAAI,CAAC;IAChE,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,OAAO,KAAK,CAAC;AACf,CAAC"}
+{"version":3,"file":"changedFiles.js","sourceRoot":"","sources":["../../src/utils/changedFiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,iBAAiB,GAAG,CAAC,aAAa,EAAE,eAAe,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;AAU7E;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,eAAwB;IAExB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,EAAE;YACT,gBAAgB,EAAE,EAAE;SACrB,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,iBAAiB,EAAE,QAAQ,CAAC,CAAC;IAC1F,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS,GAAG,kBAAkB,GAAG,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;QACpE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,mEAAmE;YACnE,iEAAiE;YACjE,iEAAiE;YACjE,gEAAgE;YAChE,kEAAkE;YAClE,+BAA+B;YAC/B,IAAI,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,SAAS,EAAE,KAAK;oBAChB,MAAM,EACJ,qBAAqB,GAAG,oCAAoC;wBAC5D,uEAAuE;oBACzE,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,EAAE;oBACT,gBAAgB,EAAE,EAAE;iBACrB,CAAC;YACJ,CAAC;YACD,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,gBAAgB,EAAE,KAAK,EAAE,CAAC;QACxF,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,OAAO;QACL,SAAS,EAAE,KAAK;QAChB,MAAM,EAAE,SAAS,IAAI,0BAA0B;QAC/C,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,gBAAgB,EAAE,EAAE;KACrB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,GAAW;IACpD,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACzF,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,QAAgB,EAChB,OAAe;IAEf,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,GAAG,OAAO,SAAS,CAAC,EAC/D,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IAEF,kFAAkF;IAClF,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,WAAW,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QACxB,IAAI,IAAI;YAAE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW;QAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAExC,OAAO,EAAE,KAAK,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,gBAAgB,EAAE,WAAW,EAAE,CAAC;AACnE,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAgB;IACzC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,KAAK,EACL,CAAC,QAAQ,EAAE,aAAa,EAAE,uBAAuB,CAAC,EAClD,EAAE,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAC/C,CAAC;IACF,MAAM,GAAG,GAAG,IAAI,GAAG,EAAU,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;YAAE,SAAS;QAC1B,kEAAkE;QAClE,0EAA0E;QAC1E,oEAAoE;QACpE,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC5C,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAG;YACpC,CAAC,CAAC,aAAa,CAAC;QAClB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC;AAClB,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAY;IACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,CAAC,GAAG,GAA4C,CAAC;IACvD,IAAI,CAAC,CAAC,IAAI,KAAK,mCAAmC;QAAE,OAAO,IAAI,CAAC;IAChE,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,4BAA4B,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/F,OAAO,KAAK,CAAC;AACf,CAAC"}

package/docs/GUIDE.md

@@ -167,6 +167,7 @@ When the agent first opens a repo, or before starting a refactor, the question i
   For risky-file, complexity, refactor-priority, and codebase-performance questions, such as `projscan start --intent "what files are risky to touch?"`, `projscan start --intent "which files are too complex?"`, `projscan start --intent "what file should I refactor first?"`, `projscan start --intent "find performance bottlenecks"`, or `projscan start --intent "where are the slow files?"`, it routes to `projscan_hotspots` so the developer sees the highest-risk files before editing. For exact-file risk questions, such as `projscan start --intent "why is src/core/start.ts risky?"`, it routes to `projscan_file` so the file's hotspot, ownership, issue, import, and export context explains the risk. For cleanup questions, such as `projscan start --intent "find dead code"`, `projscan start --intent "find dead code and unused exports I can delete"`, `projscan start --intent "what can I safely delete?"`, or `projscan start --intent "what can I remove safely?"`, it routes to `projscan_doctor` so dead code, unused exports, and adjacent health issues are reviewed before files are removed.
   For tech-debt and simplification questions, such as `projscan start --intent "what tech debt should I pay down?"` or `projscan start --intent "what code should I simplify?"`, it routes to `projscan_hotspots` instead of incident handling for the word `down`.
   For reviewer-proof requests, such as `projscan start --intent "write a PR comment for reviewers"`, `projscan start --intent "write a PR description"`, `projscan start --intent "what should my PR say?"`, `projscan start --intent "make a PR checklist"`, `projscan start --intent "summarize my changes for reviewers"`, or `projscan start --intent "what should I tell my team about this change?"`, it routes to `projscan_evidence_pack` with `pr_comment: true` so the developer gets a paste-ready verdict, top risks, owner routing, and next commands.
+  For shareable scoped-evidence requests, such as `projscan start --intent "share redacted evidence for src/api with a partner"`, it routes to `projscan_analyze` and returns ready analyze, doctor, and CI commands with `--report-scope` and `--redact-paths` so security reviewers and partners can receive path-safe artifacts without a full repo map.
   For reviewer-routing questions, such as `projscan start --intent "who should review this PR?"`, it routes to `projscan_evidence_pack` so likely owners and reviewer-facing context are prepared before a full review.
   For PR-readiness questions, such as `projscan start --intent "am I ready to open a PR?"`, it routes to `projscan_evidence_pack` so preflight, owner routing, top risks, and reviewer-facing proof are prepared before review starts.
   For changed-file owner questions, such as `projscan start --intent "who owns the changed files?"`, it routes to `projscan_evidence_pack` so changed-file owner routing is prepared without confusing it with single-file ownership inspection.
@@ -180,7 +181,7 @@ When the agent first opens a repo, or before starting a refactor, the question i
   For short proof-command phrasing, such as `projscan start --intent "give me proof commands"`, it also routes to `projscan_regression_plan --level focused`; reviewer-proof wording with PR comments still routes to `projscan_evidence_pack`.
   For pre-push command questions, such as `projscan start --intent "what commands should I run before pushing?"`, it routes to `projscan_regression_plan --level focused` so the branch has a small verification loop before it leaves the workstation.
   For release-readiness wording, such as `projscan start --intent "what should I check before release?"`, `projscan start --intent "can I deploy this?"`, `projscan start --intent "prepare this branch for deployment"`, `projscan start --intent "what changed since last release?"`, `projscan start --intent "write a release note for this change"`, or `projscan start --intent "draft changelog entry"`, it routes to `projscan_release_train` so changelog, package, SBOM, provenance, and blockers are reviewed before deploying or publishing.
-  For product-planning questions, such as `projscan start --intent "what should we build next?"` or `projscan start --intent "plan the product roadmap"`, it routes to `projscan_release_train` / `projscan release-train` so broad product direction becomes read-only roadmap planning with current post-4.4 workstreams and `evidence.roadmapPreview` instead of a generic before-edit orientation.
+  For generic build-next questions, such as `projscan start --intent "what should we build next?"`, it routes to `projscan_workplan --mode before_edit` so the next implementation slice starts with an ordered plan and verification instead of release readiness. For explicit product-roadmap questions, such as `projscan start --intent "plan the product roadmap"`, it routes to `projscan_release_train` / `projscan release-train` so broad product direction becomes read-only roadmap planning with current post-4.4 workstreams and `evidence.roadmapPreview`.
   For broad improvement-planning questions, such as `projscan start --intent "what should we improve next?"`, it routes to `projscan_bug_hunt` so the agent gets an actionable ranked queue; technical variants such as tests, performance, release, dependencies, or safety keep their specialized routes.
   For quick-win and low-risk improvement wording, such as `projscan start --intent "find a quick win"`, `projscan start --intent "what is a low risk improvement?"`, or `projscan start --intent "pick a small safe task"`, it routes to `projscan_bug_hunt` so a ranked, verifiable action queue is selected instead of a generic quality readout.
   For tiny-task and beginner-safe wording, such as `projscan start --intent "what can I do in five minutes?"`, `projscan start --intent "pick an easy task for me"`, or `projscan start --intent "what should an intern work on?"`, it also routes to `projscan_bug_hunt`.
@@ -204,7 +205,7 @@ When the agent first opens a repo, or before starting a refactor, the question i
 - **`projscan_preflight` / `projscan preflight`** — agent safety gate. Returns `proceed`, `caution`, or `block` with health, changed-file, review, remembered session, hotspot, plugin-policy, supply-chain, and release-scale evidence. `evidence.riskSources.currentWorktree` is current Git/worktree evidence; `evidence.riskSources.sessionMemory` is remembered handoff context. Use `--mode before_edit` at the start of work and `--mode before_commit` / `--mode before_merge` before handing off or merging; scale-only commit blocks are cautions, while merge gates still require manual release sign-off.
 - **`projscan_hotspots` / `projscan hotspots`** — files ranked by `git churn × AST cyclomatic complexity × open issues × ownership × coverage`. Pass `view: "functions"` for top-N risky individual functions across the repo (0.13+).
 - **`projscan_semantic_graph` / `projscan semantic-graph`** — stable v3 graph contract with file, function, package, and symbol nodes plus imports, exports, definitions, and calls edges. Use it when an agent needs one normalized graph shape instead of several targeted queries.
-- **`projscan_dataflow` / `projscan dataflow`** — direct, propagated, and bridge source-to-sink dataflow risks, including framework-aware Next.js route request body and URL sources. Use it for a focused safety pass before touching command execution, raw SQL, filesystem writes, or DOM sinks.
+- **`projscan_dataflow` / `projscan dataflow`** — direct, propagated, and bridge source-to-sink dataflow risks, including framework-aware Next.js, Remix, SvelteKit, Hono, Express, Fastify, and Koa request sources. Use it for a focused safety pass before touching command execution, raw SQL, filesystem writes, or DOM sinks.
 - **`projscan_coupling` / `projscan coupling`** — per-file fan-in / fan-out / instability plus circular-import cycles (Tarjan SCC). Use `direction: cycles_only` or `projscan coupling --cycles-only` to surface architectural debt directly.
 - **`projscan_analyze` / `projscan analyze`** — the everything report; useful at session start but verbose.
 
@@ -434,8 +435,9 @@ graph. Bridge risks are graph-backed dataflow additions: a wrapper that calls a
 and a sink wrapper is surfaced even when legacy taint reachability cannot see a
 downstream call path from source to sink. By default, dataflow suppresses test-file paths,
 broad readFile/writeFile-style noise, and JavaScript RegExp.exec false positives.
-Framework request-source detection covers narrow tested patterns for Next.js, Hono,
-Express, Fastify, and Koa handlers, including Hono validator output,
+Framework request-source detection covers narrow tested patterns for Next.js, Remix,
+SvelteKit, Hono, Express, Fastify, and Koa handlers, including SvelteKit
+`RequestEvent` request/body/url/params/cookies evidence, Hono validator output,
 Express/Fastify/Koa request IP metadata, Fastify host/hostname and raw
 URL/header evidence, and Express/Koa header accessors plus Express
 `req.param(...)` and `req.originalUrl`, while
@@ -702,8 +704,8 @@ Preview the impact of upgrading a package. The default path is fully offline; pa
 - Breaking-change markers found in the CHANGELOG: scans for `BREAKING CHANGE`, `deprecated`, `removed support`, `no longer supported`, and section headers containing "breaking"
 - CHANGELOG excerpt sliced to the relevant version range (read from `node_modules/<pkg>/CHANGELOG.md`)
 - Importer list - every file in your source tree that imports the package (direct or sub-path)
-- Python manifest evidence for packages declared in `pyproject.toml` (including PEP 735 `dependency-groups`, Poetry dependency groups, and legacy `tool.poetry.dev-dependencies`), `setup.cfg`, `setup.py`, or root `requirements*.txt`. Root Python manifests are sufficient local evidence even before `.py` files exist.
-- Python current-version evidence from `poetry.lock` / `uv.lock` / `pdm.lock` package blocks, `conda-lock.yml` / `conda-lock.yaml` package entries, `Pipfile.lock` exact versions, pinned root `requirements*.txt`, or pinned root `constraints*.txt` entries
+- Python manifest evidence for packages declared in `pyproject.toml` (including PEP 735 `dependency-groups`, Poetry dependency groups, and legacy `tool.poetry.dev-dependencies`), `setup.cfg`, `setup.py`, root `requirements*.txt`, or common `requirements/*.txt` / `requirements/*.in` manifests such as `requirements/base.txt` and `requirements/dev.in`. Python manifests are sufficient local evidence even before `.py` files exist.
+- Python current-version evidence from `poetry.lock` / `uv.lock` / `pdm.lock` package blocks, `conda-lock.yml` / `conda-lock.yaml` package entries, `Pipfile.lock` exact versions, pinned root or recognized nested `requirements/*.txt`, or pinned root or recognized nested `constraints/*.txt` entries
 
 **Example:**
 
@@ -725,7 +727,7 @@ $ projscan upgrade react --format markdown
 
 - Reads the CHANGELOG that npm already placed in `node_modules/`. If the package author doesn't ship one, you'll see "No local CHANGELOG found."
 - Without `--check-registry`, works with what's **installed** and reports `latestSource: "installed"`. With `--check-registry`, npm registry lookup is attempted and failures fall back to the installed version with `registryError`.
-- Python previews stay offline. They do not query PyPI; current-version evidence comes from supported local lockfiles, pinned root requirements, or pinned root constraints.
+- Python previews stay offline. They do not query PyPI; current-version evidence comes from supported local lockfiles, pinned root or recognized nested requirements, or pinned root or recognized nested constraints.
 
 ### coverage
 

package/docs/ROADMAP.md

@@ -65,7 +65,7 @@ The active validation lines are:
 - **Swarm coordination evidence.** Validate how real agents use `collisions`, `claim`, `merge-risk`, `coordinate`, and `coordinate --watch`; deepen only the coordination paths that prevent integration failures.
 - **Evidence export adoption.** Prove scoped/redacted report controls work for partner, security, and release-review handoffs without leaking unnecessary repo structure.
 - **Python upgrade coverage.** Extend lockfile support only after Poetry and pinned-requirement evidence prove useful in real repos.
-- **Framework dataflow precision.** Add more framework patterns only when each has a narrow request source, sink, and false-positive fixture.
+- **Framework dataflow precision.** Add more framework patterns only when each has a narrow request source, sink, and false-positive fixture; current validation includes Remix route data and SvelteKit `RequestEvent` coverage.
 - **Hotspot maintainability.** Continue extracting and covering high-churn start/review/type surfaces when they show concrete review or defect risk.
 
 Strictly **local-first** throughout: same-repo / same-machine evidence, no daemon, no cloud, no hidden network calls, no new telemetry, and no secret-value reads.
@@ -90,7 +90,7 @@ Success signals: teams copy the adoption examples into real reviews, scoped/reda
 - Roadmap and release-train planning now default to the current post-4.4 product lines instead of stale shipped work.
 - Adoption examples cover agent orchestration, package ownership, custom policy plugins, swarm coordination, and scoped evidence exports.
 - `analyze`, `doctor`, and `ci` can scope and redact shareable evidence with direct flags or named `reportPolicies` presets.
-- `projscan upgrade` and MCP `projscan_upgrade` support offline Python previews from manifests, Poetry/Pipfile/uv/PDM/Conda lockfiles, pinned requirements/constraints, and Python importers.
+- `projscan upgrade` and MCP `projscan_upgrade` support offline Python previews from manifests, Poetry/Pipfile/uv/PDM/Conda lockfiles, root and recognized nested requirements/constraints, and Python importers.
 - Dataflow detects narrow Fastify and Koa request-source patterns, including Fastify raw URL/header and Koa IP evidence, while suppressing lookalike helpers and Koa response-body writes.
 - Start next-action assembly and taint function identity were tightened during release readiness cleanup.
 

package/docs/examples/adoption-workflows.md

@@ -50,7 +50,9 @@ projscan agent-brief --intent "handoff package ownership for fastapi" --format j
 For Node packages, `upgrade` reads local `package.json`, `node_modules`, local
 CHANGELOG files, and importer evidence. For Python packages, it reads
 `pyproject.toml`, `setup.cfg`, `setup.py`, root `requirements*.txt` files,
-Poetry/Pipfile/uv/PDM/Conda lockfiles, and pinned root requirements/constraints, then
+common `requirements/*.txt` / `requirements/*.in` manifests,
+Poetry/Pipfile/uv/PDM/Conda lockfiles, and pinned root or recognized nested
+requirements/constraints, then
 returns declared scope, current-version source, drift, and Python importers.
 
 Decision loop:
@@ -93,6 +95,15 @@ Decision loop:
 Use this when a team wants to share a health or CI artifact without exposing
 repo layout or sensitive paths.
 
+Start from Mission Control when the reviewer asks in plain language:
+
+```bash
+projscan start --intent "share redacted evidence for src/api with a partner" --format json
+```
+
+The routed start output returns the three artifact commands below as ready
+actions, using the requested scope when one is present in the intent.
+
 ```bash
 projscan analyze --report-scope src/api --redact-paths --format json > reports/api-analysis.json
 projscan doctor --report-scope src/api --redact-paths --format markdown > reports/api-health.md

package/docs/examples/swarm-coordination.md

@@ -56,11 +56,20 @@ with the active command path, current worktree state, local-only source signals,
 the validation workflow above, and a reminder that session memory is separate
 from current Git/worktree evidence. The default `coordinate` console view prints
 the same session-boundary reminder inside its `Evidence` section.
+Read `currentWorktree.changedFileCount` as the branch/base delta used for
+collision detection, including local commits and any dirty files. Read
+`currentWorktree.uncommittedChangedFileCount` as the current dirty worktree
+count from `git status`. A clean worktree can therefore show changed files
+against `origin/main` while still reporting `0` uncommitted files.
 When multiple worktrees are present, `agent-brief` also carries a
 `context.coordinationHints` entry even for a clear swarm, so the next agent knows
 to validate locally with `projscan coordinate --format json`,
 `projscan coordinate --watch --interval 5 --format json`, and
 `projscan agent-brief --format json` before continuing parallel edits.
+`preflight` also carries this proof path under `evidence.coordination`: it keeps
+the compact readiness counts and adds the local-only command path, current
+worktree summary, validation workflow, and session-boundary reminder used by
+`coordinate`.
 
 For MCP clients that support long-running notifications, use the watch tool:
 
@@ -116,5 +125,5 @@ These are the next hardening targets for real swarm usage:
 - transitive collision recall: prove dependent-file conflicts are caught, not
   only same-file conflicts
 - live watch adoption: prove agents notice and act on coordination changes
-- preflight and agent-brief integration: prove the same coordination facts show
-  up where agents already look before editing or handing off
+- preflight and handoff adoption: prove agents consistently cite the shared
+  coordination proof path before editing, committing, and handing off

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.7.0",
+  "version": "4.8.0",
   "description": "Agent-first code intelligence. MCP server (2025-03-26) with 11 AST adapters covering 12 named languages: JavaScript, TypeScript, Python, Go, Java, Ruby, Rust, PHP, C#, Kotlin, Swift, and C++; repo understanding maps (projscan_understand), stable v3 semantic graph (projscan_semantic_graph), dataflow risk engine with bridge-helper detection (projscan_dataflow), code graph, file + per-function AST cyclomatic complexity, per-function fan-in + fan-out, coupling + cycle detection, structural PR diff with HTML reporter, coverage report with HTML reporter, intent-grounded one-call PR review (projscan_review with optional `intent` arg, new taint flows, contract changes, and newDataflowRisks) and long-running PR-watch mode with structured per-bucket deltas (projscan_review_watch), first-60-seconds workflow orientation (projscan_start), agent workplans (projscan_workplan), bug-hunt queues (projscan_bug_hunt), product-line planning (projscan_release_train), evidence packs (projscan_evidence_pack), regression planning (projscan_regression_plan), agent briefs (projscan_agent_brief), quality scorecards (projscan_quality_scorecard), and preflight with supply-chain IOC evidence, rule-driven fix suggestions + mechanical apply layer with rollback (projscan_apply_fix, projscan_fix_suggest, projscan_explain_issue), source-to-sink taint analysis (projscan_taint) with truncation reporting, transitive blast-radius analysis with cross-repo mode (projscan_impact for files and symbols), cross-repo workspace registration + intelligence (projscan_workspace_graph), per-function semantic search chunks (sub-file embeddings), per-rule confidence + severity drift + cost-summary analytics with live streaming (projscan_cost_summary), stable local analyzer + reporter plugin API (projscan_plugin, CLI --reporter, opt-in via PROJSCAN_PLUGINS_PREVIEW=1), monorepo workspace awareness with cross-package import policy + per-package dependencies / outdated / audit, BM25 + optional semantic search, cursor pagination, progress notifications, context-budgeted output, and a stable-surface CI guard. CLI on the side.",
   "type": "module",
   "main": "./dist/index.js",