You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
projscan plugin test now validates statically by default and imports/runs plugin code only when --execute or --confirm-execute is passed with PROJSCAN_PLUGINS_PREVIEW=1 already set.
MCP projscan_workplanenable_plugins now only requests plugin evidence when the server process already has PROJSCAN_PLUGINS_PREVIEW=1; preflight no longer mutates PROJSCAN_PLUGINS_PREVIEW internally.
MCP projscan_plugin validate now rejects absolute paths, .. traversal, and manifests outside <root>/.projscan-plugins/ after realpath resolution.
Cross-repo workspace graph now reads locally trusted registrations from .projscan-cache/workspace.json, ignores project-root .projscan-workspace.json, canonicalizes sibling repo paths, caps registered repos, and avoids unbounded trusted workspace graph scans.
Upgraded Vitest to ^4.1.8 and changed the release gate to run a full dependency audit, including dev dependencies.
