npm - projscan - Versions diffs - 4.9.2 → 4.10.0 - Mend

projscan 4.9.2 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (185) hide show

package/README.md +226 -1350
package/dist/analyzers/securityCheck.js +33 -15
package/dist/analyzers/securityCheck.js.map +1 -1
package/dist/analyzers/supplyChainCheck.js +9 -2
package/dist/analyzers/supplyChainCheck.js.map +1 -1
package/dist/cli/commands/bugHunt.js +3 -1
package/dist/cli/commands/bugHunt.js.map +1 -1
package/dist/cli/commands/ci.js +29 -13
package/dist/cli/commands/ci.js.map +1 -1
package/dist/cli/commands/dogfood.js +2 -0
package/dist/cli/commands/dogfood.js.map +1 -1
package/dist/cli/commands/feedback.js +21 -2
package/dist/cli/commands/feedback.js.map +1 -1
package/dist/cli/commands/init.js +3 -0
package/dist/cli/commands/init.js.map +1 -1
package/dist/cli/commands/route.js +3 -2
package/dist/cli/commands/route.js.map +1 -1
package/dist/core/adoption.js +50 -21
package/dist/core/adoption.js.map +1 -1
package/dist/core/agentBrief.js +2 -1
package/dist/core/agentBrief.js.map +1 -1
package/dist/core/bugHunt.js +51 -22
package/dist/core/bugHunt.js.map +1 -1
package/dist/core/bugHuntHotspotFindings.js +2 -1
package/dist/core/bugHuntHotspotFindings.js.map +1 -1
package/dist/core/ciGate.d.ts +10 -0
package/dist/core/ciGate.js +21 -0
package/dist/core/ciGate.js.map +1 -0
package/dist/core/dogfood.d.ts +1 -0
package/dist/core/dogfood.js +42 -20
package/dist/core/dogfood.js.map +1 -1
package/dist/core/dogfoodDiscovery.d.ts +8 -0
package/dist/core/dogfoodDiscovery.js +119 -0
package/dist/core/dogfoodDiscovery.js.map +1 -0
package/dist/core/feedback.js +73 -5
package/dist/core/feedback.js.map +1 -1
package/dist/core/fileInspectionReport.js +37 -0
package/dist/core/fileInspectionReport.js.map +1 -1
package/dist/core/intentRouterArchitectureKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterArchitectureKeywordWeights.js +69 -0
package/dist/core/intentRouterArchitectureKeywordWeights.js.map +1 -0
package/dist/core/intentRouterCatalog.js +85 -31
package/dist/core/intentRouterCatalog.js.map +1 -1
package/dist/core/intentRouterDependencyKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterDependencyKeywordWeights.js +100 -0
package/dist/core/intentRouterDependencyKeywordWeights.js.map +1 -0
package/dist/core/intentRouterFileImpactKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterFileImpactKeywordWeights.js +92 -0
package/dist/core/intentRouterFileImpactKeywordWeights.js.map +1 -0
package/dist/core/intentRouterKeywordEarlyGuards.js +8 -3
package/dist/core/intentRouterKeywordEarlyGuards.js.map +1 -1
package/dist/core/intentRouterKeywordSearchGuards.js +28 -24
package/dist/core/intentRouterKeywordSearchGuards.js.map +1 -1
package/dist/core/intentRouterKeywordToolGuards.js +43 -0
package/dist/core/intentRouterKeywordToolGuards.js.map +1 -1
package/dist/core/intentRouterKeywordWeights.js +40 -1222
package/dist/core/intentRouterKeywordWeights.js.map +1 -1
package/dist/core/intentRouterOperationalKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterOperationalKeywordWeights.js +203 -0
package/dist/core/intentRouterOperationalKeywordWeights.js.map +1 -0
package/dist/core/intentRouterPlanningSignals.js +4 -1
package/dist/core/intentRouterPlanningSignals.js.map +1 -1
package/dist/core/intentRouterPrDiffKeywords.d.ts +4 -0
package/dist/core/intentRouterPrDiffKeywords.js +64 -0
package/dist/core/intentRouterPrDiffKeywords.js.map +1 -0
package/dist/core/intentRouterPrDiffSignals.js +6 -0
package/dist/core/intentRouterPrDiffSignals.js.map +1 -1
package/dist/core/intentRouterProductImprovementSignals.d.ts +1 -0
package/dist/core/intentRouterProductImprovementSignals.js +48 -0
package/dist/core/intentRouterProductImprovementSignals.js.map +1 -0
package/dist/core/intentRouterRegressionKeywordMatches.js +3 -0
package/dist/core/intentRouterRegressionKeywordMatches.js.map +1 -1
package/dist/core/intentRouterRegressionKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterRegressionKeywordWeights.js +118 -0
package/dist/core/intentRouterRegressionKeywordWeights.js.map +1 -0
package/dist/core/intentRouterReleaseSignals.d.ts +1 -0
package/dist/core/intentRouterReleaseSignals.js +47 -0
package/dist/core/intentRouterReleaseSignals.js.map +1 -1
package/dist/core/intentRouterReviewSignals.d.ts +1 -0
package/dist/core/intentRouterReviewSignals.js +23 -1
package/dist/core/intentRouterReviewSignals.js.map +1 -1
package/dist/core/intentRouterSearchKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterSearchKeywordWeights.js +407 -0
package/dist/core/intentRouterSearchKeywordWeights.js.map +1 -0
package/dist/core/intentRouterSecurityKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterSecurityKeywordWeights.js +50 -0
package/dist/core/intentRouterSecurityKeywordWeights.js.map +1 -0
package/dist/core/intentRouterTrustFeedbackKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterTrustFeedbackKeywordWeights.js +222 -0
package/dist/core/intentRouterTrustFeedbackKeywordWeights.js.map +1 -0
package/dist/core/intentRouterUnderstandSignals.js +1 -0
package/dist/core/intentRouterUnderstandSignals.js.map +1 -1
package/dist/core/intentRouterWorkSignals.js +3 -0
package/dist/core/intentRouterWorkSignals.js.map +1 -1
package/dist/core/intentRouterWorkflowKeywordWeights.d.ts +1 -0
package/dist/core/intentRouterWorkflowKeywordWeights.js +124 -0
package/dist/core/intentRouterWorkflowKeywordWeights.js.map +1 -0
package/dist/core/issueEngine.js +46 -2
package/dist/core/issueEngine.js.map +1 -1
package/dist/core/memory.d.ts +2 -0
package/dist/core/memory.js +33 -1
package/dist/core/memory.js.map +1 -1
package/dist/core/preflightChangedFiles.d.ts +3 -0
package/dist/core/preflightChangedFiles.js +13 -0
package/dist/core/preflightChangedFiles.js.map +1 -1
package/dist/core/preflightEvidence.d.ts +3 -0
package/dist/core/preflightEvidence.js +3 -0
package/dist/core/preflightEvidence.js.map +1 -1
package/dist/core/privacy.d.ts +2 -0
package/dist/core/privacy.js +10 -0
package/dist/core/privacy.js.map +1 -1
package/dist/core/qualityScorecard.js +25 -13
package/dist/core/qualityScorecard.js.map +1 -1
package/dist/core/startEvidence.js +26 -1
package/dist/core/startEvidence.js.map +1 -1
package/dist/core/startFixedRouteCriteria.js +5 -0
package/dist/core/startFixedRouteCriteria.js.map +1 -1
package/dist/core/startInputs.d.ts +3 -0
package/dist/core/startMissionPolicy.d.ts +1 -1
package/dist/core/startMissionPolicy.js +18 -7
package/dist/core/startMissionPolicy.js.map +1 -1
package/dist/core/startMode.js +17 -4
package/dist/core/startMode.js.map +1 -1
package/dist/core/startReportBuilder.js +1 -1
package/dist/core/startReportBuilder.js.map +1 -1
package/dist/core/startReviewGate.js +26 -4
package/dist/core/startReviewGate.js.map +1 -1
package/dist/core/startRouteActions.js +6 -0
package/dist/core/startRouteActions.js.map +1 -1
package/dist/core/understand.js +60 -13
package/dist/core/understand.js.map +1 -1
package/dist/core/workplan.js +99 -17
package/dist/core/workplan.js.map +1 -1
package/dist/projscan-sbom.cdx.json +6 -6
package/dist/reporters/ciIssueDetails.d.ts +10 -0
package/dist/reporters/ciIssueDetails.js +37 -0
package/dist/reporters/ciIssueDetails.js.map +1 -0
package/dist/reporters/consoleCiReporter.d.ts +2 -1
package/dist/reporters/consoleCiReporter.js +26 -9
package/dist/reporters/consoleCiReporter.js.map +1 -1
package/dist/reporters/consoleFileReporter.js +10 -0
package/dist/reporters/consoleFileReporter.js.map +1 -1
package/dist/reporters/consoleHealthReporter.js +3 -1
package/dist/reporters/consoleHealthReporter.js.map +1 -1
package/dist/reporters/jsonReporter.d.ts +2 -1
package/dist/reporters/jsonReporter.js +17 -10
package/dist/reporters/jsonReporter.js.map +1 -1
package/dist/reporters/markdownFileReporter.js +11 -0
package/dist/reporters/markdownFileReporter.js.map +1 -1
package/dist/reporters/markdownHealthReporter.d.ts +2 -1
package/dist/reporters/markdownHealthReporter.js +5 -5
package/dist/reporters/markdownHealthReporter.js.map +1 -1
package/dist/reporters/scoreBreakdownReporter.d.ts +2 -0
package/dist/reporters/scoreBreakdownReporter.js +24 -0
package/dist/reporters/scoreBreakdownReporter.js.map +1 -0
package/dist/tool-manifest.json +2 -2
package/dist/types/analysis.d.ts +21 -1
package/dist/types/bugHunt.d.ts +3 -0
package/dist/types/config.d.ts +9 -0
package/dist/types/dogfood.d.ts +15 -1
package/dist/types/inspection.d.ts +3 -0
package/dist/types/preflight.d.ts +3 -0
package/dist/types/startMissionControl.d.ts +3 -0
package/dist/types/startMissionReview.d.ts +2 -0
package/dist/utils/ciFailOn.d.ts +5 -0
package/dist/utils/ciFailOn.js +12 -0
package/dist/utils/ciFailOn.js.map +1 -0
package/dist/utils/config.js +3 -1
package/dist/utils/config.js.map +1 -1
package/dist/utils/configBasics.d.ts +2 -0
package/dist/utils/configBasics.js +21 -0
package/dist/utils/configBasics.js.map +1 -1
package/dist/utils/configIssueRules.js +64 -0
package/dist/utils/configIssueRules.js.map +1 -1
package/dist/utils/scoreCalculator.js +77 -16
package/dist/utils/scoreCalculator.js.map +1 -1
package/docs/GUIDE.md +36 -6
package/docs/demos/projscan-4-1-demo.html +8 -8
package/docs/demos/projscan-mission-control.tape +2 -2
package/docs/demos/projscan-mission-proof.tape +9 -5
package/docs/projscan-mission-control.gif +0 -0
package/docs/projscan-mission-control.png +0 -0
package/docs/projscan-mission-proof.gif +0 -0
package/docs/projscan-proof-router.png +0 -0
package/package.json +1 -1

package/dist/utils/scoreCalculator.js CHANGED Viewed

@@ -1,3 +1,9 @@
+const BASE_SCORE = 100;
+const SEVERITY_WEIGHTS = {
+    error: 20,
+    warning: 10,
+    info: 3,
+};
 /**
  * Calculate a project health score (0–100) and letter grade from detected issues.
  *
@@ -14,23 +20,78 @@
  *   F  < 60
  */
 export function calculateScore(issues) {
-    const errors = issues.filter((i) => i.severity === 'error').length;
-    const warnings = issues.filter((i) => i.severity === 'warning').length;
-    const infos = issues.filter((i) => i.severity === 'info').length;
-    const deductions = errors * 20 + warnings * 10 + infos * 3;
-    const score = Math.max(0, 100 - deductions);
-    let grade;
+    const errors = countSeverity(issues, 'error');
+    const warnings = countSeverity(issues, 'warning');
+    const infos = countSeverity(issues, 'info');
+    const uncappedPenalty = penaltyFor('error', errors) + penaltyFor('warning', warnings) + penaltyFor('info', infos);
+    const totalPenalty = Math.min(BASE_SCORE, uncappedPenalty);
+    const score = Math.max(0, BASE_SCORE - uncappedPenalty);
+    const grade = gradeForScore(score);
+    return {
+        score,
+        grade,
+        errors,
+        warnings,
+        infos,
+        scoreBreakdown: buildScoreBreakdown(issues, {
+            score,
+            grade,
+            errors,
+            warnings,
+            infos,
+            totalPenalty,
+            uncappedPenalty,
+        }),
+    };
+}
+function countSeverity(issues, severity) {
+    return issues.filter((issue) => issue.severity === severity).length;
+}
+function penaltyFor(severity, count) {
+    return count * SEVERITY_WEIGHTS[severity];
+}
+function gradeForScore(score) {
     if (score >= 90)
-        grade = 'A';
-    else if (score >= 80)
-        grade = 'B';
-    else if (score >= 70)
-        grade = 'C';
-    else if (score >= 60)
-        grade = 'D';
-    else
-        grade = 'F';
-    return { score, grade, errors, warnings, infos };
+        return 'A';
+    if (score >= 80)
+        return 'B';
+    if (score >= 70)
+        return 'C';
+    if (score >= 60)
+        return 'D';
+    return 'F';
+}
+function buildScoreBreakdown(issues, score) {
+    return {
+        baseScore: BASE_SCORE,
+        finalScore: score.score,
+        grade: score.grade,
+        totalPenalty: score.totalPenalty,
+        uncappedPenalty: score.uncappedPenalty,
+        bySeverity: {
+            error: severityBreakdown(score.errors, 'error'),
+            warning: severityBreakdown(score.warnings, 'warning'),
+            info: severityBreakdown(score.infos, 'info'),
+        },
+        byCategory: categoryBreakdown(issues),
+    };
+}
+function severityBreakdown(count, severity) {
+    const weight = SEVERITY_WEIGHTS[severity];
+    return { count, weight, penalty: count * weight };
+}
+function categoryBreakdown(issues) {
+    const categories = new Map();
+    for (const issue of issues) {
+        const category = issue.category || 'uncategorized';
+        const current = categories.get(category) ?? { count: 0, penalty: 0 };
+        current.count += 1;
+        current.penalty += SEVERITY_WEIGHTS[issue.severity];
+        categories.set(category, current);
+    }
+    return [...categories.entries()]
+        .sort(([a], [b]) => a.localeCompare(b))
+        .map(([category, value]) => ({ category, ...value }));
 }
 const GRADE_COLORS = {
     A: 'brightgreen',

package/dist/utils/scoreCalculator.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"scoreCalculator.js","sourceRoot":"","sources":["../../src/utils/scoreCalculator.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAG,~~MAAM~~,CAAC,MAAM,CAAC,CAAC,CAAC,~~EAAE~~,EAAE,~~CAAC~~,CAAC,CAAC,~~QAAQ~~,KAAK,~~OAAO~~,~~CAAC~~,CAAC,MAAM,CAAC;~~IACnE~~,MAAM,QAAQ,GAAG,~~MAAM~~,CAAC,MAAM,CAAC,CAAC,CAAC,~~EAAE~~,EAAE,~~CAAC~~,CAAC,CAAC,~~QAAQ~~,KAAK,~~SAAS~~,CAAC,CAAC,~~MAAM~~,CAAC;~~IACvE~~,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,~~EAAE~~,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,~~MAAM~~,CAAC,CAAC,MAAM,CAAC;~~IAEjE~~,~~MAAM~~,UAAU,~~GAAG~~,~~MAAM~~,~~GAAG,~~EAAE,GAAG,QAAQ,~~GAAG~~,EAAE,GAAG,KAAK,GAAG,CAAC,CAAC;~~IAC3D~~,~~MAAM~~,KAAK,GAAG,~~IAAI,~~CAAC,GAAG,CAAC,CAAC,~~EAAE~~,~~GAAG~~,~~GAAG~~,UAAU,CAAC,CAAC;~~IAE5C~~,~~IAAI~~,~~KAA2B~~,CAAC;~~IAChC~~,~~IAAI~~,KAAK,~~IAAI~~,EAAE;~~QAAE~~,KAAK,~~GAAG~~,~~GAAG~~,CAAC;~~SACxB~~,~~IAAI~~,KAAK,~~IAAI~~,EAAE;~~QAAE~~,KAAK,GAAG,GAAG,CAAC;~~SAC7B~~,IAAI,KAAK,IAAI,EAAE;~~QAAE~~,KAAK,GAAG,GAAG,CAAC~~;SAC7B~~,IAAI,KAAK,~~IAAI~~,EAAE;~~QAAE~~,KAAK,~~GAAG~~,~~GAAG~~,CAAC~~;;QAC7B~~,KAAK,~~GAAG~~,GAAG,CAAC;~~IAEjB~~,OAAO,EAAE,~~KAAK~~,EAAE,KAAK,EAAE,~~MAAM~~,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;~~AACnD~~,CAAC;AAED,MAAM,YAAY,GAAyC;IACzD,CAAC,EAAE,aAAa;IAChB,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,QAAQ;IACX,CAAC,EAAE,QAAQ;IACX,CAAC,EAAE,KAAK;CACT,CAAC;AAEF,MAAM,UAAU,QAAQ,CAAC,KAA2B;IAClD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAClC,OAAO,yCAAyC,KAAK,IAAI,KAAK,EAAE,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAA2B;IACvD,OAAO,uBAAuB,QAAQ,CAAC,KAAK,CAAC,iDAAiD,CAAC;AACjG,CAAC"}
1	+ {"version":3,"file":"scoreCalculator.js","sourceRoot":"","sources":["../../src/utils/scoreCalculator.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,MAAM,gBAAgB,GAAkC;IACtD,KAAK,EAAE,EAAE;IACT,OAAO,EAAE,EAAE;IACX,IAAI,EAAE,CAAC;CACR,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAAC,MAAe;IAC5C,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5C,MAAM,eAAe,GACnB,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,GAAG,UAAU,CAAC,SAAS,EAAE,QAAQ,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5F,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;IAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,eAAe,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAEnC,OAAO;QACL,KAAK;QACL,KAAK;QACL,MAAM;QACN,QAAQ;QACR,KAAK;QACL,cAAc,EAAE,mBAAmB,CAAC,MAAM,EAAE;YAC1C,KAAK;YACL,KAAK;YACL,MAAM;YACN,QAAQ;YACR,KAAK;YACL,YAAY;YACZ,eAAe;SAChB,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,MAAe,EAAE,QAAuB;IAC7D,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;AACtE,CAAC;AAED,SAAS,UAAU,CAAC,QAAuB,EAAE,KAAa;IACxD,OAAO,KAAK,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,mBAAmB,CAC1B,MAAe,EACf,KAAsE;IAEtE,OAAO;QACL,SAAS,EAAE,UAAU;QACrB,UAAU,EAAE,KAAK,CAAC,KAAK;QACvB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,UAAU,EAAE;YACV,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC;YAC/C,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,CAAC;YACrD,IAAI,EAAE,iBAAiB,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC;SAC7C;QACD,UAAU,EAAE,iBAAiB,CAAC,MAAM,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa,EAAE,QAAuB;IAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAC1C,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,GAAG,MAAM,EAAE,CAAC;AACpD,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAe;IACxC,MAAM,UAAU,GAAG,IAAI,GAAG,EAA8C,CAAC;IACzE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,eAAe,CAAC;QACnD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;QACrE,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC;QACnB,OAAO,CAAC,OAAO,IAAI,gBAAgB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACpD,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,CAAC,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;SAC7B,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,YAAY,GAAyC;IACzD,CAAC,EAAE,aAAa;IAChB,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,QAAQ;IACX,CAAC,EAAE,QAAQ;IACX,CAAC,EAAE,KAAK;CACT,CAAC;AAEF,MAAM,UAAU,QAAQ,CAAC,KAA2B;IAClD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAClC,OAAO,yCAAyC,KAAK,IAAI,KAAK,EAAE,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAA2B;IACvD,OAAO,uBAAuB,QAAQ,CAAC,KAAK,CAAC,iDAAiD,CAAC;AACjG,CAAC"}

package/docs/GUIDE.md CHANGED Viewed

@@ -551,13 +551,14 @@ Natural follow-up to `projscan hotspots` - once hotspots tells you _which_ file
 projscan ci
 ```
-A CI-pipeline-friendly health gate. Runs the full health check and exits with code 1 if the score falls below a threshold. No spinners or banners - clean output for CI logs.
+A CI-pipeline-friendly health gate. Runs the full health check and exits with code 1 if the score falls below a threshold and at least one finding meets the `failOn` severity floor. No spinners or banners - clean output for CI logs.
 **Options:**
 | Flag               | Description                                      | Default                                                     |
 | ------------------ | ------------------------------------------------ | ----------------------------------------------------------- |
 | `--min-score <n>`  | Minimum passing score (0–100)                    | `minScore` from `.projscanrc`, else 70                      |
+| `--fail-on <severity>` | Lowest severity that can fail a below-threshold gate: `info`, `warning`, or `error` | `failOn` from `.projscanrc`, else `warning` |
 | `--changed-only`   | Gate only on issues in files changed vs base ref | off                                                         |
 | `--base-ref <ref>` | Git base ref for `--changed-only`                | auto (origin/main → origin/master → main → master → HEAD~1) |
@@ -566,7 +567,7 @@ A CI-pipeline-friendly health gate. Runs the full health check and exits with co
 ```bash
 $ projscan ci --min-score 80
-projscan: B (82/100) - 0 errors, 2 warnings, 1 info - PASS (threshold: 80)
+projscan: B (82/100) - 0 errors, 2 warnings, 1 info - PASS (threshold: 80, failOn: warning)
 ```
 <img src="npx%20projscan%20ci%20--min-score%2070.gif" alt="npx projscan ci" width="700">
@@ -574,7 +575,8 @@ projscan: B (82/100) - 0 errors, 2 warnings, 1 info - PASS (threshold: 80)
 **Exit codes:**
 - `0` - Score meets or exceeds the threshold
-- `1` - Score is below the threshold
+- `0` - Score is below the threshold but no finding meets the `failOn` floor
+- `1` - Score is below the threshold and at least one finding meets the `failOn` floor
 **JSON output** (useful for scripts):
@@ -582,6 +584,10 @@ projscan: B (82/100) - 0 errors, 2 warnings, 1 info - PASS (threshold: 80)
 projscan ci --min-score 70 --format json
 ```
+Every `ci.issues[]` item keeps the original issue fields and adds
+annotation-friendly fields: `ruleId`, `message`, primary `location`, all
+`locations`, and `remediation` when a fix hint is available.
 **SARIF output** (for GitHub Code Scanning or any SARIF consumer):
 ```bash
@@ -887,6 +893,9 @@ Use it before broader rollout. The report includes feedback questions for the fi
 ## Health Score
 Every `projscan doctor` and `projscan badge` run calculates a health score from 0 to 100 based on detected issues.
+`doctor --format json` and `ci --format json` include `scoreBreakdown` so scripts
+and reviewers can see the base score, per-severity weights, category penalties,
+total penalty, final score, and grade.
 **Scoring:**
@@ -909,7 +918,8 @@ Every `projscan doctor` and `projscan badge` run calculates a health score from
 The score appears in all output formats:
 - **Console**: Shown at the top of the doctor report
-- **JSON**: Included as `health.score` and `health.grade` fields
+- **JSON**: Included as `health.score`, `health.grade`, and `health.scoreBreakdown`
+  fields. CI uses the same structure under `ci.scoreBreakdown`.
 - **Markdown**: Shown as a heading with an auto-generated shields.io badge
 - **HTML**: Shown in the health summary card
 - **SARIF**: Not surfaced directly - SARIF is per-issue, not per-project. The score still drives `ci`'s exit code.
@@ -1005,6 +1015,7 @@ ProjScan loads a project-wide config from one of:
 ```json
 {
   "minScore": 80,
+  "failOn": "warning",
   "baseRef": "origin/main",
   "ignore": ["**/fixtures/**", "**/generated/**"],
   "scan": {
@@ -1013,6 +1024,9 @@ ProjScan loads a project-wide config from one of:
     "offline": false
   },
   "disableRules": ["missing-editorconfig", "large-*"],
+  "suppress": {
+    "hardcoded-secret": ["src/firebase.ts"]
+  },
   "severityOverrides": {
     "missing-prettier": "info"
   },
@@ -1034,12 +1048,14 @@ ProjScan loads a project-wide config from one of:
 | Field                 | Type                                             | Effect                                                                                                                                                        |
 | --------------------- | ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | `minScore`            | number (0–100)                                   | Default threshold for `projscan ci`. Clamped to 0–100.                                                                                                        |
+| `failOn`              | `'info' \| 'warning' \| 'error'`                 | Lowest severity that can fail a below-threshold `projscan ci` gate. Default `warning`; set `info` for legacy strictness or `error` for error-only blocking. |
 | `baseRef`             | string                                           | Default base ref for `--changed-only`.                                                                                                                        |
 | `ignore`              | string[]                                         | Extra glob patterns added to the built-in ignore list (`node_modules`, `.git`, `dist`, `build`, `coverage`, `.next`, `.nuxt`, `.cache`, `.turbo`, `.output`). |
 | `scan.includeIgnored` | boolean                                          | Explicitly include files hidden by Git ignore rules. Default `false`.                                                                                         |
 | `scan.scanEnvValues`  | boolean                                          | Explicitly read `.env*` contents during secret-pattern checks. Default `false`; `.env` files are path-only.                                                   |
 | `scan.offline`        | boolean                                          | Block projscan network-capable features: telemetry sending, `audit`, registry checks, and optional semantic model loading. Default `false`.                   |
 | `disableRules`        | string[]                                         | Silence rules by id. Exact match (`missing-prettier`) or wildcard prefix (`large-*`).                                                                         |
+| `suppress`            | `Record<string, string[]>`                       | Silence a rule only for matching paths/globs, for example `{ "hardcoded-secret": ["src/firebase.ts"] }`. Other rules still run on that file.                  |
 | `severityOverrides`   | `Record<string, 'info' \| 'warning' \| 'error'>` | Remap a rule's severity. Useful for downgrading project-specific false positives without disabling them.                                                      |
 | `reportPolicies`      | `Record<string, { reportScope?: string[]; redactPaths?: boolean }>` | Named evidence export presets selected with `--report-policy <name>` on `analyze`, `doctor`, and `ci`.                                      |
 | `hotspots.limit`      | number (1–100)                                   | Default limit for `projscan hotspots`.                                                                                                                        |
@@ -1047,6 +1063,12 @@ ProjScan loads a project-wide config from one of:
 Invalid JSON in a discovered config file is a hard error - projscan exits rather than silently ignoring it.
+Use inline suppressions for a single confirmed false positive:
+```ts
+const firebaseKey = "AIza..." // projscan-ignore-line hardcoded-secret -- Firebase web keys are public identifiers
+```
 ### Embedded config in `package.json`
 If you prefer to keep everything in `package.json`:
@@ -1564,8 +1586,10 @@ If you'd rather skip Code Scanning, `projscan init github-action` writes a pull-
 The `ci` command is purpose-built for pipelines:
 ```bash
-projscan ci                                 # Fail if score < 70 (default)
+projscan ci                                 # Fail if score < 70 and warning/error findings exist
 projscan ci --min-score 80                  # Custom threshold
+projscan ci --fail-on info                  # Legacy strictness: info can fail the gate
+projscan ci --fail-on error                 # Only errors can fail a below-threshold gate
 projscan ci --changed-only                  # Gate only on PR diff
 projscan ci --format json                   # JSON output for scripts
 projscan ci --format sarif > projscan.sarif # SARIF for any consumer
@@ -1577,9 +1601,15 @@ projscan ci --format sarif > projscan.sarif # SARIF for any consumer
 result=$(projscan ci --min-score 0 --format json)
 pass=$(echo "$result" | jq '.ci.pass')
 score=$(echo "$result" | jq '.ci.score')
-echo "Score: $score, Pass: $pass"
+fail_on=$(echo "$result" | jq -r '.ci.failOn')
+echo "Score: $score, Pass: $pass, FailOn: $fail_on"
 ```
+For PR annotation tooling, read `.ci.issues[]`. Each issue includes `ruleId`,
+`severity`, `message`, primary `location`, all `locations`, and `remediation`
+when available. Gate metadata lives at `.ci.failOn`, `.ci.scorePass`, and
+`.ci.severityFloorMet`.
 ### Tracking health over time in CI
 Combine `ci` with `diff` to track regressions:

package/docs/demos/projscan-4-1-demo.html CHANGED Viewed

@@ -426,11 +426,11 @@
       <section class="hero" aria-label="projscan Mission Control">
         <div class="intro">
           <div>
-            <p class="eyebrow">Mission Outcome Loop</p>
+            <p class="eyebrow">Mission proof loop</p>
             <h1>Resume from saved proof.</h1>
             <p class="lead">
-              projscan routes a developer goal, saves the mission, reads the proof state, and tells
-              the next agent what changed, what remains, and whether the work is ready for version
+              projscan routes a developer goal, saves the mission, reads proof state, and tells the
+              next agent which proof passed, which work remains, and whether to request version
               review.
             </p>
             <div class="pills" aria-label="Product capabilities">
@@ -445,7 +445,7 @@
           <div class="metric-row" aria-label="Release candidate signals">
             <div class="metric">
               <strong>1 bundle</strong>
-              <span>mission plus proof</span>
+              <span>mission and proof</span>
             </div>
             <div class="metric">
               <strong>45</strong>
@@ -479,14 +479,14 @@
             <span class="line dim">read proof-logs/summary.json and status.jsonl</span>
             <div class="term-section">
-              <span class="line term-heading">What Changed</span>
+              <span class="line term-heading">Completed Proof</span>
               <span class="line">- Mission proof passed after 3 command(s).</span>
               <span class="line">- 1 reviewer decision recorded.</span>
               <span class="line">- 0 failed gates remain.</span>
             </div>
             <div class="term-section">
-              <span class="line term-heading">What Remains</span>
+              <span class="line term-heading">Remaining Work</span>
               <span class="line success">Run ./review.sh and choose a reviewer reply.</span>
               <span class="line success">Version candidate: review_candidate</span>
             </div>
@@ -531,7 +531,7 @@
           <h2>Start from saved proof.</h2>
           <p>
             <code>projscan start --mission</code> reads the bundle proof state and gives the next
-            agent a focused "what changed / what remains" handoff.
+            agent a focused proof status and remaining-work handoff.
           </p>
         </article>
         <article class="card">
@@ -611,7 +611,7 @@
               <span class="tag red">Gate</span>
               <span>
                 <strong>Version review</strong>
-                Outcome data says whether to request review or keep fixing failed proof.
+                Use outcome data to request review or keep fixing failed proof.
               </span>
             </div>
           </div>

package/docs/demos/projscan-mission-control.tape CHANGED Viewed

@@ -8,6 +8,6 @@ Set Theme "Catppuccin Mocha"
 Set TypingSpeed 35ms
 Set Padding 16
-Type "projscan start --shortcuts --intent 'is it safe to commit this change?'"
+Type "projscan start --shortcuts --intent 'is it safe to commit this change?' --quiet"
 Enter
-Sleep 12s
+Sleep 24s

package/docs/demos/projscan-mission-proof.tape CHANGED Viewed

@@ -12,14 +12,18 @@ Type "rm -rf .projscan/vhs-mission"
 Enter
 Sleep 500ms
-Type "projscan start --save-mission .projscan/vhs-mission --intent 'is it safe to commit this change?'"
+Type "projscan start --save-mission .projscan/vhs-mission --intent 'what can projscan read?' --quiet"
 Enter
-Sleep 10s
+Sleep 30s
-Type "projscan mission-proof --mission .projscan/vhs-mission --format markdown | sed -n '1,38p'"
+Type "sh .projscan/vhs-mission/review.sh | sed -n '1,34p'"
 Enter
 Sleep 8s
-Type "projscan start --mission .projscan/vhs-mission --handoff-prompt | sed -n '1,8p'"
+Type "projscan mission-proof --mission .projscan/vhs-mission --format markdown --quiet | sed -n '1,32p'"
+Enter
+Sleep 10s
+Type "projscan start --mission .projscan/vhs-mission --review-gate --quiet | sed -n '1,24p'"
 Enter
-Sleep 16s
+Sleep 24s

package/docs/projscan-mission-control.gif CHANGED Viewed

Binary file

package/docs/projscan-mission-control.png CHANGED Viewed

Binary file

package/docs/projscan-mission-proof.gif CHANGED Viewed

Binary file

package/docs/projscan-proof-router.png CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "projscan",
   "mcpName": "io.github.abhiyoheswaran1/projscan",
-  "version": "4.9.2",
+  "version": "4.10.0",
   "description": "Local code intelligence for agent-assisted engineering. Focused daily workflows for repo orientation before edits, proof before handoff or commit, and release-candidate review, with AST-backed evidence through an MCP server and CLI. Runs locally by default.",
   "type": "module",
   "main": "./dist/index.js",