Skip to content

Latest commit

 

History

History
179 lines (172 loc) · 14.6 KB

File metadata and controls

179 lines (172 loc) · 14.6 KB

Documentation Index

Start Here

  • README.md: project overview and quick start.
  • README.tr.md: Turkish overview and quick start.
  • docs/FIRST_FIVE_MINUTES.md: published-tool tutorial from install to scan, generated context, and first task.
  • docs/PREPARE_REPOSITORY_FOR_AI_AGENTS.md: existing-repository security, config, agent instruction, task-first, and CI-readiness workflow.
  • docs/PRODUCT_SPEC.md: product scope and MVP goals.
  • docs/ROADMAP.md: version roadmap.
  • docs/RELATED_PROJECTS.md: initial related-tool license, offline, overlap, complement, privacy, and decision matrix.
  • docs/OFFLINE_OSS_ECOSYSTEM.md: offline-first evaluation criteria and ecosystem category model.
  • docs/EXTERNAL_TOOL_WORKFLOWS.md: docs-only opt-in local workflow sketches for external tools.
  • docs/ECOSYSTEM_POSITIONING.md: product boundary versus packers, graphs, scanners, and docs tools.
  • docs/INTEROPERABILITY_BACKLOG.md: non-approved future external-tool command and adapter ideas.
  • docs/RELATED_TOOLS_COMPARISON_MATRIX.md: normalized runtime, offline/network, output, privacy, and recommendation matrix.
  • docs/RELATED_TOOLS_EVIDENCE.md: official-source evidence, confidence, and stale-after register.
  • docs/RELATED_TOOLS_REVIEW_POLICY.md: source priority, review cadence, and stale evidence behavior.
  • docs/ECOSYSTEM_EVIDENCE_SCHEMA.md: required ecosystem evidence fields and confidence contract.
  • docs/AGENT_CONTEXT_PIPELINE.md: Inspect through Release decision product taxonomy.
  • docs/README_POSITIONING_NOTES.md: concise public positioning language and guardrails.

Usage

  • docs/CLI_CONTRACT.md: stable CLI command contract review.
  • docs/CLI_REFERENCE.md: command reference.
  • docs/EXAMPLES.md: common command flows.
  • docs/EXAMPLE_WORKFLOWS.md: copy-paste-ready local workflow collections.
  • docs/SAMPLE_GALLERY.md: sample repository gallery with expected stacks, health gaps, commands, and risk behavior.
  • docs/DEMO_SCENARIOS.md: guided published package, source, sample, Web UI, report, and SARIF demos.
  • docs/GITHUB_ACTIONS_USAGE.md: GitHub Actions CI usage, SARIF, and smoke workflow guidance.
  • docs/CODE_SCANNING_DECISION.md: CodeQL and Code Scanning default/opt-in decision.
  • docs/SARIF_UPLOAD_WORKFLOW_DESIGN.md: manual, job-scoped Code Scanning upload design.
  • docs/SAMPLES.md: safe sample repositories.
  • docs/CONFIGURATION.md: .ackit/config.yml.
  • docs/CONFIGURATION_DIAGNOSTICS.md: stable config diagnostic codes, severities, safety checks, and compatibility boundary.
  • docs/CONFIG_GENERATED_CONVENTIONS.md: stable config and generated-file conventions.
  • docs/SCANNER_RULES.md: scanner rule catalog, SARIF mapping, and config allowlist behavior.
  • docs/SCANNER_FIXTURES.md: scanner regression matrix and safe synthetic fixture conventions.
  • docs/BASELINE_MODEL.md: versioned baseline identity, explicit local workflow, deterministic fingerprints, error codes, CI policy, and privacy boundary.
  • docs/SUPPRESSION_AUDIT.md: sanitized local audit output for configured non-Critical suppressions.
  • docs/JSON_OUTPUT.md: JSON output and exit codes.
  • docs/schemas/README.md: machine-readable command JSON, baseline, and SARIF profile schema catalog plus validation command.
  • docs/EXIT_CODES.md: CLI exit code matrix.
  • docs/SARIF_OUTPUT.md: SARIF 2.1.0 scanner output for local CI and future GitHub Code Scanning workflows.
  • docs/HTML_REPORTS.md: offline static HTML report generation.
  • docs/WEB_UI_PROTOTYPE.md: offline static Web UI prototype generation.
  • docs/WEB_UI_PREVIEW.md: local Web UI preview, screenshot workflow, and public artifact boundaries.
  • docs/VISUAL_ASSETS.md: public screenshot and visual asset policy.
  • docs/SCREENSHOT_CAPTURE_PLAN.md: disposable demo, capture, sanitization, metadata, naming, and commit review plan.
  • docs/DOCS_SITE_PLAN.md: hosted documentation and GitHub Pages decision, triggers, architecture, and maintainer-only activation plan.
  • docs/DOCS_QUALITY_TOOLCHAIN_DECISION.md: no-dependency current decision and optional future lint/prose/link/site roles.
  • docs/examples/external-tools/README.md: docs-only local external-tool workflow examples and privacy boundary.
  • docs/TROUBLESHOOTING.md: common problems and fixes.
  • docs/FAQ.md: frequently asked questions.
  • docs/SUPPORT_MATRIX.md: supported OS, .NET, shell, and command coverage.

Architecture And Development

  • docs/ARCHITECTURE.md: solution structure and boundaries.
  • docs/DEVELOPMENT_STANDARD.md: engineering workflow.
  • docs/SOURCE_HYGIENE.md: source and package hygiene rules.
  • docs/SOURCE_ARCHIVE.md: local ZIP/RAR source archive hygiene.
  • docs/assets/diagrams/ackit-flow.svg: safe public flow diagram for README/docs.
  • docs/LOCALIZATION.md: English/Turkish support.
  • docs/DECISIONS.md: architecture decision records.
  • docs/LLM_INTEGRATION_ARCHITECTURE.md: optional future LLM provider architecture.
  • docs/INTEROPERABILITY_DESIGN.md: no-dependency external executable/profile lifecycle and failure isolation design.
  • docs/EXTERNAL_TOOL_CONTRACTS.md: design-only external profile/result/namespace contract.
  • docs/EXTERNAL_TOOLS_COMMAND_DESIGN.md: non-shipped ackit external-tools discovery design.
  • docs/WORKFLOW_COMMAND_DESIGN.md: non-shipped guidance-only ackit workflow design.
  • docs/EXTERNAL_OUTPUT_IMPORT_BOUNDARY.md: design-only SARIF/JSON/SBOM/graph import constraints.
  • docs/DISPOSABLE_EXTERNAL_WORKFLOW_LAB.md: synthetic no-secret future external-tool smoke lab plan.
  • docs/PROJECT_MAP.md: generated project map.
  • docs/AI_WORKFLOW.md: generated AI workflow.

Security And Privacy

  • SECURITY.md: security policy.
  • docs/SECURITY_RESPONSE_READINESS.md: disclosure channel, response expectations, and RC security evidence.
  • docs/SECURITY_SUPPLY_CHAIN_EVIDENCE.md: local versus maintainer security/signing/SBOM/provenance evidence register.
  • docs/MAINTAINER_SECURITY_SUPPLY_CHAIN_HANDOFF.md: manual private-reporting and supply-chain decision procedure.
  • docs/SECURITY_MODEL.md: scanner and trust boundary model.
  • docs/SCANNER_RULES.md: stable ACKIT rule IDs and Critical suppression boundaries.
  • docs/SECURITY_NOTES.md: generated security notes.
  • docs/PRIVACY.md: local-only data handling.
  • docs/NO_NETWORK_DEFAULT_POLICY.md: authoritative default no-upload/no-AI-call/no-telemetry/no-external-execution policy.
  • docs/EXTERNAL_OUTPUT_PRIVACY.md: local storage, sanitization, and sharing rules for source-derived external outputs.
  • docs/EXTERNAL_TOOL_PRIVACY_THREAT_MODEL.md: external executable/output assets, threats, mitigations, and residual risks.

OSS And Maintainers

  • CONTRIBUTING.md: contribution rules.
  • docs/CONTRIBUTOR_ONBOARDING.md: contributor setup, task-first workflow, and validation.
  • CODE_OF_CONDUCT.md: conduct expectations.
  • docs/SUPPORT.md: support scope.
  • docs/SUPPORT_MATRIX.md: supported platforms, .NET version, shells, and tested command classes.
  • docs/SUPPORT_LIFECYCLE.md: support window, predecessor, runner, and end-of-life policy.
  • docs/MAINTAINER_GUIDE.md: maintainer change, release, NuGet, and rollback workflow.
  • docs/GITHUB_REPO_HYGIENE.md: GitHub metadata, templates, branch protection, and Actions hygiene.
  • docs/GITHUB_LABELS.md: recommended GitHub labels and optional maintainer-only label commands.
  • docs/GITHUB_SETTINGS_CHECKLIST.md: repository metadata, branch protection, security, and release settings checklist.
  • docs/ISSUE_BACKLOG.md: copy-ready first issue backlog.
  • docs/ISSUE_TRIAGE.md: issue labels, routing, severity, and closure rules.
  • docs/GOVERNANCE.md: decision and release governance.
  • docs/MAINTAINERS.md: maintainer responsibilities.
  • docs/OSS_READINESS.md: OSS readiness goals.
  • docs/CODEX_FOR_OSS_APPLICATION.md: Codex for OSS application pack.
  • docs/THIRD_PARTY_NOTICES.md: dependency/license notes.

Packaging And Release

  • docs/PACKAGING.md: NuGet tool packaging.
  • docs/UPGRADE_COMPATIBILITY.md: supported predecessor, upgrade fixtures, compatibility, and rollback notes.
  • docs/PERFORMANCE_POLICY.md: local benchmark scope, tripwire, and non-guarantees.
  • docs/SUPPLY_CHAIN_POLICY.md: dependency, artifact, signing, SBOM, provenance, and recovery policy.
  • docs/RELEASE_CANDIDATE_EVIDENCE.md: dated local evidence and remaining hosted/maintainer blockers.
  • docs/RELEASE_CANDIDATE_CONTRACT_FREEZE.md: conditional local CLI/config/JSON/baseline/SARIF/upgrade contract freeze.
  • docs/MAINTAINER_RC_DECISION.md: release-candidate GO/NO-GO inputs, conditions, and remote-write boundary.
  • docs/RC_HOSTED_EVIDENCE.md: manual three-OS predecessor/config/baseline/performance workflow procedure.
  • scripts/check-release-candidate-inputs.ps1: exact commit and candidate/predecessor version boundary for hosted RC evidence.
  • scripts/test-release-candidate-inputs.ps1: positive and negative RC workflow input tests.
  • scripts/check-json-contract-assets.ps1: parses schema/golden assets and runs live-output contract tests.
  • scripts/check-localization-parity.ps1: validates English/Turkish help, human/error exits, and JSON semantic invariance.
  • scripts/check-local-markdown-links.ps1: validates repository-local Markdown targets without network access.
  • scripts/test-local-markdown-links.ps1: exercises passing, skipped-external, inline-code, and broken-link cases for the local Markdown gate.
  • docs/RELEASE_AUTOMATION.md: exact-commit publish workflow, OIDC boundary, and read-only existing-release recovery verification.
  • scripts/check-release-workflow.ps1: static permission and mutation-boundary gate for publish and verify-existing jobs.
  • scripts/verify-existing-release.ps1: read-only NuGet/tag/release/asset/metadata/hash and installed-tool verification.
  • scripts/test-release-recovery.ps1: network-free positive, negative, and idempotency recovery fixtures.
  • scripts/prepare-release.ps1: version, commit, source-smoke, verification, and tag-target consistency check.
  • scripts/verify-published-package.ps1: disposable NuGet/local-package install and full installed-tool smoke verification.
  • scripts/check-security-supply-chain-evidence.ps1: validates pending/verified evidence structure and optionally reruns dependency reviews.
  • scripts/check-private-vulnerability-reporting.ps1: performs metadata-only GitHub verification and can require enabled: true.
  • scripts/test-supply-chain-workflow.ps1: positive/negative release provenance permission and action tests.
  • docs/RC_LOCAL_READINESS.md: consolidated local RC evidence with an explicit remote NO-GO boundary.
  • scripts/check-rc-local-readiness.ps1: read-only orchestration gate for final local RC evidence.
  • docs/HOSTED_VALIDATION_STATUS.md: exact standard Actions run evidence and the remaining manual RC workflow gap.
  • docs/PRIVATE_VULNERABILITY_REPORTING_STATUS.md: verified enablement metadata, public entry-point evidence, and repeatable read-only checks.
  • docs/SECURITY_NOTIFICATION_OWNERSHIP.md: primary/backup notification ownership and continuity boundary.
  • docs/PACKAGE_RECOVERY.md: immutable-package recovery thresholds, ownership, communication, and tabletop evidence.
  • docs/NUGET_OWNER_IDENTITY.md: verified Cyranth/Cynrath boundary and bounded accepted-risk disposition.
  • docs/SUPPLY_CHAIN_DECISIONS.md: author-signing and SBOM deferrals plus future-release provenance implementation.
  • docs/PUBLISHED_SUPPLY_CHAIN_STATUS.md: exact published package signature, owner identity, SBOM, release asset, and provenance-attestation audit.
  • scripts/check-published-supply-chain-status.ps1: local structure gate for the published supply-chain truth boundary.
  • scripts/test-samples.ps1: local sample smoke validation helper.
  • docs/examples/github-actions-scan-ci.yml: non-active CI scan example.
  • docs/examples/github-actions-sarif-upload.yml: non-active example workflow for SARIF upload after maintainer approval.
  • docs/examples/github-actions-published-tool-smoke.yml: non-active published NuGet tool smoke example.
  • docs/examples/github-actions-source-package-smoke.yml: non-active current source package smoke example.
  • docs/NUGET_METADATA.md: NuGet package metadata review workflow.
  • docs/V020_READINESS.md: v0.2 local readiness review.
  • docs/V020_ALPHA2_SCOPE.md: compatibility-preserving alpha.2 package scope, exclusions, and release gates.
  • docs/V020_ALPHA3_PLAN.md: planning-only next prerelease scope, compatibility boundary, and publication blockers.
  • docs/V020_ALPHA3_RELEASE_DECISION.md: alpha.3 hosted evidence, publish decision, immutable release evidence, and follow-up conditions.
  • docs/V030_READINESS.md: v0.3 local readiness review.
  • docs/V030_ROADMAP_DECISION.md: next v0.3 product direction, compatibility rules, security boundaries, and candidate delivery sequence.
  • docs/V040_READINESS.md: v0.4 local readiness review.
  • docs/V050_READINESS.md: v0.5 local readiness review.
  • docs/V100_STABILIZATION_PLAN.md: v1.0 local stabilization plan.
  • docs/V100_DOCUMENTATION_RELEASE_GATE_FREEZE.md: v1.0 documentation and release gate freeze.
  • docs/V100_READINESS.md: v1.0 final local readiness review.
  • docs/V100_GAP_ANALYSIS.md: current 1.0 P0/P1/P2 gap register, owners, evidence, and release criteria.
  • docs/MAINTAINER_RELEASE_HANDOFF.md: maintainer-only public release handoff.
  • docs/PUBLIC_RELEASE_AUDIT.md: final public release audit workflow.
  • docs/PUBLIC_RELEASE_GATES.md: package metadata, audit, and blocker gate orchestration.
  • docs/RELEASE_VALIDATION.md: local release validation.
  • docs/RELEASE_BLOCKERS.md: public-release blocker/follow-up state and guard script.
  • docs/RELEASE_CHECKLIST.md: release checklist.
  • docs/RELEASE_BODY_V020_ALPHA1.md: corrected GitHub Release body draft for the published v0.2.0-alpha.1 pre-release.
  • docs/RELEASE_BODY_V020_ALPHA2.md: validated GitHub pre-release body for the v0.2.0-alpha.2 exact-commit OIDC release workflow.
  • docs/NEXT_TASKS.md: unified next task roadmap.
  • docs/PROJECT_EXECUTION_QUEUE.md: execution queue with validation and remote-write status.
  • docs/RELEASE_BLOCKER_BOARD.md: consolidated open maintainer-gated P0/P1 blocker visibility.
  • docs/MAINTAINER_DECISION_REGISTER.md: pending/accepted maintainer decision evidence register.
  • docs/V020_ALPHA2_PLAN.md: planning-only next alpha scope and prerequisite boundary.
  • docs/CHANGELOG.md: documentation-roadmap planning log; root CHANGELOG.md remains release history.
  • docs/RELEASE_CANDIDATE_0.1.0-alpha.1.md: current RC report.
  • docs/tasks/TASK-0065-v020-alpha1-publish-verification.md: 0.2.0-alpha.1 publication verification and docs sync.
  • CHANGELOG.md: release notes.

Task Tracking

  • docs/tasks/: task-first implementation records.
  • .codex/SESSION_HANDOFF.md: current session handoff.
  • .codex/NEXT_STEPS.md: next action list.