README.md: project overview and quick start.README.tr.md: Turkish overview and quick start.docs/FIRST_FIVE_MINUTES.md: published-tool tutorial from install to scan, generated context, and first task.docs/PREPARE_REPOSITORY_FOR_AI_AGENTS.md: existing-repository security, config, agent instruction, task-first, and CI-readiness workflow.docs/PRODUCT_SPEC.md: product scope and MVP goals.docs/ROADMAP.md: version roadmap.docs/RELATED_PROJECTS.md: initial related-tool license, offline, overlap, complement, privacy, and decision matrix.docs/OFFLINE_OSS_ECOSYSTEM.md: offline-first evaluation criteria and ecosystem category model.docs/EXTERNAL_TOOL_WORKFLOWS.md: docs-only opt-in local workflow sketches for external tools.docs/ECOSYSTEM_POSITIONING.md: product boundary versus packers, graphs, scanners, and docs tools.docs/INTEROPERABILITY_BACKLOG.md: non-approved future external-tool command and adapter ideas.docs/RELATED_TOOLS_COMPARISON_MATRIX.md: normalized runtime, offline/network, output, privacy, and recommendation matrix.docs/RELATED_TOOLS_EVIDENCE.md: official-source evidence, confidence, and stale-after register.docs/RELATED_TOOLS_REVIEW_POLICY.md: source priority, review cadence, and stale evidence behavior.docs/ECOSYSTEM_EVIDENCE_SCHEMA.md: required ecosystem evidence fields and confidence contract.docs/AGENT_CONTEXT_PIPELINE.md: Inspect through Release decision product taxonomy.docs/README_POSITIONING_NOTES.md: concise public positioning language and guardrails.
docs/CLI_CONTRACT.md: stable CLI command contract review.docs/CLI_REFERENCE.md: command reference.docs/EXAMPLES.md: common command flows.docs/EXAMPLE_WORKFLOWS.md: copy-paste-ready local workflow collections.docs/SAMPLE_GALLERY.md: sample repository gallery with expected stacks, health gaps, commands, and risk behavior.docs/DEMO_SCENARIOS.md: guided published package, source, sample, Web UI, report, and SARIF demos.docs/GITHUB_ACTIONS_USAGE.md: GitHub Actions CI usage, SARIF, and smoke workflow guidance.docs/CODE_SCANNING_DECISION.md: CodeQL and Code Scanning default/opt-in decision.docs/SARIF_UPLOAD_WORKFLOW_DESIGN.md: manual, job-scoped Code Scanning upload design.docs/SAMPLES.md: safe sample repositories.docs/CONFIGURATION.md:.ackit/config.yml.docs/CONFIGURATION_DIAGNOSTICS.md: stable config diagnostic codes, severities, safety checks, and compatibility boundary.docs/CONFIG_GENERATED_CONVENTIONS.md: stable config and generated-file conventions.docs/SCANNER_RULES.md: scanner rule catalog, SARIF mapping, and config allowlist behavior.docs/SCANNER_FIXTURES.md: scanner regression matrix and safe synthetic fixture conventions.docs/BASELINE_MODEL.md: versioned baseline identity, explicit local workflow, deterministic fingerprints, error codes, CI policy, and privacy boundary.docs/SUPPRESSION_AUDIT.md: sanitized local audit output for configured non-Critical suppressions.docs/JSON_OUTPUT.md: JSON output and exit codes.docs/schemas/README.md: machine-readable command JSON, baseline, and SARIF profile schema catalog plus validation command.docs/EXIT_CODES.md: CLI exit code matrix.docs/SARIF_OUTPUT.md: SARIF 2.1.0 scanner output for local CI and future GitHub Code Scanning workflows.docs/HTML_REPORTS.md: offline static HTML report generation.docs/WEB_UI_PROTOTYPE.md: offline static Web UI prototype generation.docs/WEB_UI_PREVIEW.md: local Web UI preview, screenshot workflow, and public artifact boundaries.docs/VISUAL_ASSETS.md: public screenshot and visual asset policy.docs/SCREENSHOT_CAPTURE_PLAN.md: disposable demo, capture, sanitization, metadata, naming, and commit review plan.docs/DOCS_SITE_PLAN.md: hosted documentation and GitHub Pages decision, triggers, architecture, and maintainer-only activation plan.docs/DOCS_QUALITY_TOOLCHAIN_DECISION.md: no-dependency current decision and optional future lint/prose/link/site roles.docs/examples/external-tools/README.md: docs-only local external-tool workflow examples and privacy boundary.docs/TROUBLESHOOTING.md: common problems and fixes.docs/FAQ.md: frequently asked questions.docs/SUPPORT_MATRIX.md: supported OS, .NET, shell, and command coverage.
docs/ARCHITECTURE.md: solution structure and boundaries.docs/DEVELOPMENT_STANDARD.md: engineering workflow.docs/SOURCE_HYGIENE.md: source and package hygiene rules.docs/SOURCE_ARCHIVE.md: local ZIP/RAR source archive hygiene.docs/assets/diagrams/ackit-flow.svg: safe public flow diagram for README/docs.docs/LOCALIZATION.md: English/Turkish support.docs/DECISIONS.md: architecture decision records.docs/LLM_INTEGRATION_ARCHITECTURE.md: optional future LLM provider architecture.docs/INTEROPERABILITY_DESIGN.md: no-dependency external executable/profile lifecycle and failure isolation design.docs/EXTERNAL_TOOL_CONTRACTS.md: design-only external profile/result/namespace contract.docs/EXTERNAL_TOOLS_COMMAND_DESIGN.md: non-shippedackit external-toolsdiscovery design.docs/WORKFLOW_COMMAND_DESIGN.md: non-shipped guidance-onlyackit workflowdesign.docs/EXTERNAL_OUTPUT_IMPORT_BOUNDARY.md: design-only SARIF/JSON/SBOM/graph import constraints.docs/DISPOSABLE_EXTERNAL_WORKFLOW_LAB.md: synthetic no-secret future external-tool smoke lab plan.docs/PROJECT_MAP.md: generated project map.docs/AI_WORKFLOW.md: generated AI workflow.
SECURITY.md: security policy.docs/SECURITY_RESPONSE_READINESS.md: disclosure channel, response expectations, and RC security evidence.docs/SECURITY_SUPPLY_CHAIN_EVIDENCE.md: local versus maintainer security/signing/SBOM/provenance evidence register.docs/MAINTAINER_SECURITY_SUPPLY_CHAIN_HANDOFF.md: manual private-reporting and supply-chain decision procedure.docs/SECURITY_MODEL.md: scanner and trust boundary model.docs/SCANNER_RULES.md: stableACKITrule IDs and Critical suppression boundaries.docs/SECURITY_NOTES.md: generated security notes.docs/PRIVACY.md: local-only data handling.docs/NO_NETWORK_DEFAULT_POLICY.md: authoritative default no-upload/no-AI-call/no-telemetry/no-external-execution policy.docs/EXTERNAL_OUTPUT_PRIVACY.md: local storage, sanitization, and sharing rules for source-derived external outputs.docs/EXTERNAL_TOOL_PRIVACY_THREAT_MODEL.md: external executable/output assets, threats, mitigations, and residual risks.
CONTRIBUTING.md: contribution rules.docs/CONTRIBUTOR_ONBOARDING.md: contributor setup, task-first workflow, and validation.CODE_OF_CONDUCT.md: conduct expectations.docs/SUPPORT.md: support scope.docs/SUPPORT_MATRIX.md: supported platforms, .NET version, shells, and tested command classes.docs/SUPPORT_LIFECYCLE.md: support window, predecessor, runner, and end-of-life policy.docs/MAINTAINER_GUIDE.md: maintainer change, release, NuGet, and rollback workflow.docs/GITHUB_REPO_HYGIENE.md: GitHub metadata, templates, branch protection, and Actions hygiene.docs/GITHUB_LABELS.md: recommended GitHub labels and optional maintainer-only label commands.docs/GITHUB_SETTINGS_CHECKLIST.md: repository metadata, branch protection, security, and release settings checklist.docs/ISSUE_BACKLOG.md: copy-ready first issue backlog.docs/ISSUE_TRIAGE.md: issue labels, routing, severity, and closure rules.docs/GOVERNANCE.md: decision and release governance.docs/MAINTAINERS.md: maintainer responsibilities.docs/OSS_READINESS.md: OSS readiness goals.docs/CODEX_FOR_OSS_APPLICATION.md: Codex for OSS application pack.docs/THIRD_PARTY_NOTICES.md: dependency/license notes.
docs/PACKAGING.md: NuGet tool packaging.docs/UPGRADE_COMPATIBILITY.md: supported predecessor, upgrade fixtures, compatibility, and rollback notes.docs/PERFORMANCE_POLICY.md: local benchmark scope, tripwire, and non-guarantees.docs/SUPPLY_CHAIN_POLICY.md: dependency, artifact, signing, SBOM, provenance, and recovery policy.docs/RELEASE_CANDIDATE_EVIDENCE.md: dated local evidence and remaining hosted/maintainer blockers.docs/RELEASE_CANDIDATE_CONTRACT_FREEZE.md: conditional local CLI/config/JSON/baseline/SARIF/upgrade contract freeze.docs/MAINTAINER_RC_DECISION.md: release-candidate GO/NO-GO inputs, conditions, and remote-write boundary.docs/RC_HOSTED_EVIDENCE.md: manual three-OS predecessor/config/baseline/performance workflow procedure.scripts/check-release-candidate-inputs.ps1: exact commit and candidate/predecessor version boundary for hosted RC evidence.scripts/test-release-candidate-inputs.ps1: positive and negative RC workflow input tests.scripts/check-json-contract-assets.ps1: parses schema/golden assets and runs live-output contract tests.scripts/check-localization-parity.ps1: validates English/Turkish help, human/error exits, and JSON semantic invariance.scripts/check-local-markdown-links.ps1: validates repository-local Markdown targets without network access.scripts/test-local-markdown-links.ps1: exercises passing, skipped-external, inline-code, and broken-link cases for the local Markdown gate.docs/RELEASE_AUTOMATION.md: exact-commit publish workflow, OIDC boundary, and read-only existing-release recovery verification.scripts/check-release-workflow.ps1: static permission and mutation-boundary gate for publish and verify-existing jobs.scripts/verify-existing-release.ps1: read-only NuGet/tag/release/asset/metadata/hash and installed-tool verification.scripts/test-release-recovery.ps1: network-free positive, negative, and idempotency recovery fixtures.scripts/prepare-release.ps1: version, commit, source-smoke, verification, and tag-target consistency check.scripts/verify-published-package.ps1: disposable NuGet/local-package install and full installed-tool smoke verification.scripts/check-security-supply-chain-evidence.ps1: validates pending/verified evidence structure and optionally reruns dependency reviews.scripts/check-private-vulnerability-reporting.ps1: performs metadata-only GitHub verification and can requireenabled: true.scripts/test-supply-chain-workflow.ps1: positive/negative release provenance permission and action tests.docs/RC_LOCAL_READINESS.md: consolidated local RC evidence with an explicit remote NO-GO boundary.scripts/check-rc-local-readiness.ps1: read-only orchestration gate for final local RC evidence.docs/HOSTED_VALIDATION_STATUS.md: exact standard Actions run evidence and the remaining manual RC workflow gap.docs/PRIVATE_VULNERABILITY_REPORTING_STATUS.md: verified enablement metadata, public entry-point evidence, and repeatable read-only checks.docs/SECURITY_NOTIFICATION_OWNERSHIP.md: primary/backup notification ownership and continuity boundary.docs/PACKAGE_RECOVERY.md: immutable-package recovery thresholds, ownership, communication, and tabletop evidence.docs/NUGET_OWNER_IDENTITY.md: verifiedCyranth/Cynrathboundary and bounded accepted-risk disposition.docs/SUPPLY_CHAIN_DECISIONS.md: author-signing and SBOM deferrals plus future-release provenance implementation.docs/PUBLISHED_SUPPLY_CHAIN_STATUS.md: exact published package signature, owner identity, SBOM, release asset, and provenance-attestation audit.scripts/check-published-supply-chain-status.ps1: local structure gate for the published supply-chain truth boundary.scripts/test-samples.ps1: local sample smoke validation helper.docs/examples/github-actions-scan-ci.yml: non-active CI scan example.docs/examples/github-actions-sarif-upload.yml: non-active example workflow for SARIF upload after maintainer approval.docs/examples/github-actions-published-tool-smoke.yml: non-active published NuGet tool smoke example.docs/examples/github-actions-source-package-smoke.yml: non-active current source package smoke example.docs/NUGET_METADATA.md: NuGet package metadata review workflow.docs/V020_READINESS.md: v0.2 local readiness review.docs/V020_ALPHA2_SCOPE.md: compatibility-preserving alpha.2 package scope, exclusions, and release gates.docs/V020_ALPHA3_PLAN.md: planning-only next prerelease scope, compatibility boundary, and publication blockers.docs/V020_ALPHA3_RELEASE_DECISION.md: alpha.3 hosted evidence, publish decision, immutable release evidence, and follow-up conditions.docs/V030_READINESS.md: v0.3 local readiness review.docs/V030_ROADMAP_DECISION.md: next v0.3 product direction, compatibility rules, security boundaries, and candidate delivery sequence.docs/V040_READINESS.md: v0.4 local readiness review.docs/V050_READINESS.md: v0.5 local readiness review.docs/V100_STABILIZATION_PLAN.md: v1.0 local stabilization plan.docs/V100_DOCUMENTATION_RELEASE_GATE_FREEZE.md: v1.0 documentation and release gate freeze.docs/V100_READINESS.md: v1.0 final local readiness review.docs/V100_GAP_ANALYSIS.md: current 1.0 P0/P1/P2 gap register, owners, evidence, and release criteria.docs/MAINTAINER_RELEASE_HANDOFF.md: maintainer-only public release handoff.docs/PUBLIC_RELEASE_AUDIT.md: final public release audit workflow.docs/PUBLIC_RELEASE_GATES.md: package metadata, audit, and blocker gate orchestration.docs/RELEASE_VALIDATION.md: local release validation.docs/RELEASE_BLOCKERS.md: public-release blocker/follow-up state and guard script.docs/RELEASE_CHECKLIST.md: release checklist.docs/RELEASE_BODY_V020_ALPHA1.md: corrected GitHub Release body draft for the publishedv0.2.0-alpha.1pre-release.docs/RELEASE_BODY_V020_ALPHA2.md: validated GitHub pre-release body for thev0.2.0-alpha.2exact-commit OIDC release workflow.docs/NEXT_TASKS.md: unified next task roadmap.docs/PROJECT_EXECUTION_QUEUE.md: execution queue with validation and remote-write status.docs/RELEASE_BLOCKER_BOARD.md: consolidated open maintainer-gated P0/P1 blocker visibility.docs/MAINTAINER_DECISION_REGISTER.md: pending/accepted maintainer decision evidence register.docs/V020_ALPHA2_PLAN.md: planning-only next alpha scope and prerequisite boundary.docs/CHANGELOG.md: documentation-roadmap planning log; rootCHANGELOG.mdremains release history.docs/RELEASE_CANDIDATE_0.1.0-alpha.1.md: current RC report.docs/tasks/TASK-0065-v020-alpha1-publish-verification.md:0.2.0-alpha.1publication verification and docs sync.CHANGELOG.md: release notes.
docs/tasks/: task-first implementation records..codex/SESSION_HANDOFF.md: current session handoff..codex/NEXT_STEPS.md: next action list.