A: Thanks for the detailed questions.

1. Monorepo scans — sub-directory targeting on PRs

Today, a scan audits the whole repository, not just the changed sub-directory. We clone the target branch and run the analyzers across the full tree; there is no diff-scoped / changed-files-only "PR mode" yet. You can suppress findings by path with an exclude_paths / per-path ignore config (.rafter.yml), which is how most monorepo customers keep their PR signal clean—but to be candid, that filters results after the fact; it doesn't skip scanning those paths, so you don't save scan time by excluding apps/api/** or apps/web/**. True changed-path / merge-base-diff scoping is on our roadmap but not shipped. If per-PR sub-project targeting is a hard requirement for you, we can talk more.

Learn more: https://docs.rafter.so/suppression

2. .NET 10 depth (Isolated Worker, C#)

This is AST-level, not regex. C# is analyzed by our engine against ~40 C#-specific rules spanning injection (SQL, command, LDAP, XPath, code-injection-via-reflection), unsafe deserialization (BinaryFormatter, Newtonsoft TypeNameHandling, LosFormatter), weak crypto, SSRF, XXE, and an ASP.NET set (anti-forgery/CSRF, CORS-allow-all, [AllowAnonymous] on sensitive endpoints, clickjacking)—including taint-tracking rules that follow user input to an XSS sink through sanitizer-aware data flow.

Limits: For .NET you get strong pattern + taint analysis, but not full cross-procedure Roslyn-style type inference. We have solid generic ASP.NET coverage but no rules specific to Azure Functions Isolated Worker bindings/triggers/managed-identity patterns yet. For the HTTP-trigger function code itself (where most injection/authz bugs live) the existing rules apply well.

3. MCP privacy — local vs cloud

Two distinct paths, and the distinction matters for your privacy posture:

- The MCP server (rafter mcp serve)—what your agents in Cursor / Windsurf / Claude / Continue / etc. call—runs entirely locally. It exposes local toolkit tools (secret scanning, command/policy evaluation, audit-log reads, config) over stdio. No API key, no account, no telemetry, and no source code or metadata leaves your machine.
- Our deep Fast and Plus scans (rafter run) use our cloud-based Code Security Engine—these are not local. That engine analyzes your repository server-side (it runs against your remote GitHub repo). Your code is deleted immediately after analysis completes, and this path is opt-in (requires an API key).

So: the agent-facing MCP layer is fully local; the heavyweight cloud analysis is explicit opt-in via rafter run and processes your code server-side, then deletes it.

4. Quota / billing

Billing is tied to Rafter Code Security Engine scans, regardless of how many languages or Nx sub-projects it touches. We don't bill per language or per sub-project—a single monorepo scan that covers your React PWA and .NET Functions together is metered as one scan. Locally operations (offline secrets scans, local tooling) don't consume cloud scan quota.