@klitchevo/code-council 0.0.11 → 0.0.13

package/README.md

@@ -19,6 +19,7 @@ An MCP (Model Context Protocol) server that provides AI-powered code review usin
 - 📋 **Plan Review** - Review implementation plans before writing code
 - 📝 **Git Changes Review** - Review staged, unstaged, branch diffs, or specific commits
 - 💬 **Council Discussions** - Multi-turn conversations with the AI council for deeper exploration
+- 🏭 **TPS Audit** - Toyota Production System analysis for flow, waste, bottlenecks, and quality
 - ⚡ **Parallel Execution** - All models run concurrently for fast results
 
 ## Quick Start
@@ -284,6 +285,46 @@ Use discuss_with_council with session_id=<id-from-previous-response> to ask: Can
 - Rate limited to 10 requests per minute per session
 - Context windowing keeps conversations efficient
 
+### `tps_audit`
+
+Analyze any codebase using Toyota Production System (TPS) principles. Generates beautiful HTML reports with scores for flow, waste, bottlenecks, and quality.
+
+**Parameters:**
+- `path` (optional): Path to repository root (auto-detects git root if not provided)
+- `focus_areas` (optional): Specific areas to focus on (e.g., `["flow", "security", "performance"]`)
+- `max_files` (optional): Maximum files to analyze (default: 50, max: 100)
+- `file_types` (optional): File extensions to include (default: common source files)
+- `include_sensitive` (optional): Include potentially sensitive files (default: false)
+- `output_format` (optional): `html`, `markdown`, or `json` (default: `html`)
+
+**Example usage in Claude:**
+```
+Use tps_audit to analyze this repository
+```
+
+```
+Use tps_audit with output_format=markdown and focus_areas=["security", "performance"]
+```
+
+**What it analyzes:**
+- **Flow**: How data and control flow through the system, entry points, pathways
+- **Muda (Waste)**: The 7 wastes - defects, overproduction, waiting, transportation, inventory, motion, extra-processing
+- **Bottlenecks**: Where flow is constrained, severity and impact
+- **Jidoka**: Built-in quality, fail-fast patterns, error handling
+- **Recommendations**: Prioritized improvements with effort/impact ratings
+
+**Security features:**
+- Automatically skips sensitive files (`.env`, credentials, keys, tokens)
+- Scans file contents for embedded secrets (AWS keys, GitHub PATs, etc.)
+- Validates paths to prevent directory traversal attacks
+- Enforces size limits to prevent resource exhaustion
+
+**Output:**
+Reports are saved to `.code-council/` directory:
+- `tps-audit.html` - Interactive styled report with glass-morphism dark theme
+- `tps-audit.md` - Markdown version
+- `tps-audit.json` - Raw JSON data
+
 ### `list_review_config`
 
 Show which AI models are currently configured for each review type.
@@ -300,6 +341,7 @@ You can customize which AI models are used for reviews by setting environment va
 - `BACKEND_REVIEW_MODELS` - Models for backend reviews
 - `PLAN_REVIEW_MODELS` - Models for plan reviews
 - `DISCUSSION_MODELS` - Models for council discussions
+- `TPS_AUDIT_MODELS` - Models for TPS codebase audits
 - `TEMPERATURE` - Control response randomness (0.0-2.0, default: 0.3)
 - `MAX_TOKENS` - Maximum response tokens (default: 16384)
 

package/dist/chunk-Y77R7523.js

@@ -0,0 +1,142 @@
+// src/prompts/tps-audit.ts
+var SYSTEM_PROMPT = `You are an expert Toyota Production System (TPS) consultant analyzing software codebases. Your role is to "walk the production line" - examining how code flows from input to output, identifying waste (muda), spotting bottlenecks, and suggesting continuous improvement (kaizen).
+
+## TPS Principles for Software
+
+### 1. FLOW (Nagare)
+Analyze how data and control flow through the system:
+- Identify entry points and exit points
+- Map the critical paths
+- Look for smooth, uninterrupted flow
+- Identify where flow is blocked or redirected
+- Check for single-piece flow vs batch processing
+
+### 2. WASTE (Muda) - The 7 Wastes in Software
+Identify instances of each waste type:
+
+**Defects**: Bugs, error-prone code, missing validation
+**Overproduction**: Features nobody uses, over-engineered solutions
+**Waiting**: Blocking I/O, synchronous when async would work, slow tests
+**Non-utilized Talent**: Manual tasks that could be automated, repetitive code
+**Transportation**: Unnecessary data transformation, excessive API calls
+**Inventory**: Dead code, unused imports/exports, stale dependencies
+**Motion**: Complex navigation, scattered related code, poor organization
+**Extra-processing**: Premature optimization, unnecessary abstraction layers
+
+### 3. BOTTLENECKS
+Identify constraints that limit throughput:
+- Synchronous operations that block
+- Single points of failure
+- Resource contention
+- N+1 queries or API calls
+- Sequential operations that could be parallel
+
+### 4. PULL vs PUSH
+Evaluate if work is demand-driven:
+- Lazy evaluation vs eager computation
+- On-demand loading vs preloading everything
+- Event-driven vs polling
+- Streaming vs buffering all data
+
+### 5. JIDOKA (Built-in Quality)
+Assess quality mechanisms:
+- Error handling and recovery
+- Validation at boundaries
+- Fail-fast patterns
+- Type safety usage
+- Test coverage signals
+
+### 6. STANDARDIZATION
+Look for consistency:
+- Code style consistency
+- Pattern usage consistency
+- Error handling patterns
+- Naming conventions
+- File organization
+
+## Scoring Guidelines
+
+**Overall Score (0-100)**:
+- 90-100: Exceptional flow, minimal waste, excellent quality
+- 70-89: Good practices, some waste, room for improvement
+- 50-69: Average, significant waste or flow issues
+- 30-49: Poor flow, excessive waste, quality concerns
+- 0-29: Critical issues, major redesign needed
+
+**Flow Score**: How smoothly does data/control move through the system?
+**Waste Score**: Higher = less waste (100 = no waste identified)
+**Quality Score**: Built-in quality mechanisms, error handling, type safety
+
+## Output Requirements
+
+You MUST respond with valid JSON matching the TpsAnalysis interface. Do not include any text before or after the JSON.
+
+Focus on:
+1. Actionable findings with specific file/line references
+2. Prioritized recommendations (quick wins first)
+3. Concrete suggestions, not vague advice
+4. Balanced assessment - acknowledge strengths too
+5. Effort estimates for recommendations`;
+function buildUserMessage(aggregatedContent, options) {
+  const parts = [];
+  if (options?.repoName) {
+    parts.push(`## Repository: ${options.repoName}`);
+  }
+  if (options?.focusAreas && options.focusAreas.length > 0) {
+    parts.push(
+      `## Focus Areas
+Pay special attention to: ${options.focusAreas.join(", ")}`
+    );
+  }
+  if (options?.additionalContext) {
+    parts.push(`## Additional Context
+${options.additionalContext}`);
+  }
+  parts.push(`## Codebase to Audit
+
+Analyze this codebase using Toyota Production System principles. Walk the production line from entry points through to outputs. Identify waste, bottlenecks, and improvement opportunities.
+
+${aggregatedContent}
+
+## Response Format
+
+Respond with ONLY valid JSON matching the TpsAnalysis interface. Include:
+- Scores for overall, flow, waste, and quality (0-100)
+- Flow analysis with entry points and pathways
+- Specific bottlenecks with locations and suggestions
+- Waste items categorized by the 7 types
+- Jidoka (built-in quality) assessment
+- Prioritized recommendations
+- Summary with strengths, concerns, and quick wins
+
+Your JSON response:`);
+  return parts.join("\n\n");
+}
+function parseTpsAnalysis(response) {
+  try {
+    let jsonStr = response.trim();
+    if (jsonStr.startsWith("```json")) {
+      jsonStr = jsonStr.slice(7);
+    } else if (jsonStr.startsWith("```")) {
+      jsonStr = jsonStr.slice(3);
+    }
+    if (jsonStr.endsWith("```")) {
+      jsonStr = jsonStr.slice(0, -3);
+    }
+    jsonStr = jsonStr.trim();
+    const parsed = JSON.parse(jsonStr);
+    if (typeof parsed.scores?.overall !== "number" || !Array.isArray(parsed.bottlenecks) || !Array.isArray(parsed.recommendations)) {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+
+export {
+  SYSTEM_PROMPT,
+  buildUserMessage,
+  parseTpsAnalysis
+};
+//# sourceMappingURL=chunk-Y77R7523.js.map

package/dist/index.js

@@ -1,4 +1,8 @@
 #!/usr/bin/env node
+import {
+  SYSTEM_PROMPT,
+  buildUserMessage
+} from "./chunk-Y77R7523.js";
 
 // src/index.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
@@ -77,64 +81,10 @@ var DISCUSSION_MODELS = parseModels(
   process.env.DISCUSSION_MODELS,
   DEFAULT_MODELS
 );
-
-// src/logger.ts
-var Logger = class {
-  isDevelopment = process.env.NODE_ENV === "development";
-  debugEnabled = process.env.DEBUG === "true";
-  log(level, message, context) {
-    const logEntry = {
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      level,
-      message,
-      ...context
-    };
-    if (this.isDevelopment) {
-      const emoji = {
-        debug: "\u{1F50D}",
-        info: "\u2139\uFE0F",
-        warn: "\u26A0\uFE0F",
-        error: "\u274C"
-      }[level];
-      console.error(
-        `${emoji} [${level.toUpperCase()}] ${message}`,
-        context ? JSON.stringify(context, null, 2) : ""
-      );
-    } else {
-      console.error(JSON.stringify(logEntry));
-    }
-  }
-  debug(message, context) {
-    if (this.debugEnabled) {
-      this.log("debug", message, context);
-    }
-  }
-  info(message, context) {
-    this.log("info", message, context);
-  }
-  warn(message, context) {
-    this.log("warn", message, context);
-  }
-  error(message, error, context) {
-    const errorContext = {
-      ...context
-    };
-    if (error instanceof Error) {
-      errorContext.error = {
-        name: error.name,
-        message: error.message,
-        stack: error.stack
-      };
-    } else if (error) {
-      errorContext.error = error;
-    }
-    this.log("error", message, errorContext);
-  }
-};
-var logger = new Logger();
-
-// src/review-client.ts
-import { OpenRouter } from "@openrouter/sdk";
+var TPS_AUDIT_MODELS = parseModels(
+  process.env.TPS_AUDIT_MODELS,
+  DEFAULT_MODELS
+);
 
 // src/errors.ts
 var AppError = class extends Error {
@@ -198,9 +148,67 @@ function formatError(error) {
   };
 }
 
+// src/logger.ts
+var Logger = class {
+  isDevelopment = process.env.NODE_ENV === "development";
+  debugEnabled = process.env.DEBUG === "true";
+  log(level, message, context) {
+    const logEntry = {
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      level,
+      message,
+      ...context
+    };
+    if (this.isDevelopment) {
+      const emoji = {
+        debug: "\u{1F50D}",
+        info: "\u2139\uFE0F",
+        warn: "\u26A0\uFE0F",
+        error: "\u274C"
+      }[level];
+      console.error(
+        `${emoji} [${level.toUpperCase()}] ${message}`,
+        context ? JSON.stringify(context, null, 2) : ""
+      );
+    } else {
+      console.error(JSON.stringify(logEntry));
+    }
+  }
+  debug(message, context) {
+    if (this.debugEnabled) {
+      this.log("debug", message, context);
+    }
+  }
+  info(message, context) {
+    this.log("info", message, context);
+  }
+  warn(message, context) {
+    this.log("warn", message, context);
+  }
+  error(message, error, context) {
+    const errorContext = {
+      ...context
+    };
+    if (error instanceof Error) {
+      errorContext.error = {
+        name: error.name,
+        message: error.message,
+        stack: error.stack
+      };
+    } else if (error) {
+      errorContext.error = error;
+    }
+    this.log("error", message, errorContext);
+  }
+};
+var logger = new Logger();
+
+// src/review-client.ts
+import { OpenRouter } from "@openrouter/sdk";
+
 // src/prompts/backend-review.ts
-var SYSTEM_PROMPT = `You are an expert backend developer and security specialist. Review backend code for security, performance, and architecture.`;
-function buildUserMessage(code, reviewType = "full", language, context) {
+var SYSTEM_PROMPT2 = `You are an expert backend developer and security specialist. Review backend code for security, performance, and architecture.`;
+function buildUserMessage2(code, reviewType = "full", language, context) {
   const focusArea = getFocusArea(reviewType);
   const languageContext = language ? `Language/Framework: ${language}
 ` : "";
@@ -227,7 +235,7 @@ function getFocusArea(reviewType) {
 }
 
 // src/prompts/code-review.ts
-var SYSTEM_PROMPT2 = `You are an expert code reviewer. Analyze the code for:
+var SYSTEM_PROMPT3 = `You are an expert code reviewer. Analyze the code for:
 - Code quality and best practices
 - Potential bugs and edge cases
 - Performance issues
@@ -235,7 +243,7 @@ var SYSTEM_PROMPT2 = `You are an expert code reviewer. Analyze the code for:
 - Maintainability concerns
 
 Provide specific, actionable feedback.`;
-function buildUserMessage2(code, context) {
+function buildUserMessage3(code, context) {
   if (context) {
     return `${context}
 
@@ -251,8 +259,8 @@ ${code}
 }
 
 // src/prompts/frontend-review.ts
-var SYSTEM_PROMPT3 = `You are an expert frontend developer and UX specialist. Review frontend code for best practices.`;
-function buildUserMessage3(code, reviewType = "full", framework, context) {
+var SYSTEM_PROMPT4 = `You are an expert frontend developer and UX specialist. Review frontend code for best practices.`;
+function buildUserMessage4(code, reviewType = "full", framework, context) {
   const focusArea = getFocusArea2(reviewType);
   const frameworkContext = framework ? `Framework: ${framework}
 ` : "";
@@ -279,8 +287,8 @@ function getFocusArea2(reviewType) {
 }
 
 // src/prompts/plan-review.ts
-var SYSTEM_PROMPT4 = `You are an expert software architect and project planner. Review implementation plans before code is written to catch issues early.`;
-function buildUserMessage4(plan, reviewType = "full", context) {
+var SYSTEM_PROMPT5 = `You are an expert software architect and project planner. Review implementation plans before code is written to catch issues early.`;
+function buildUserMessage5(plan, reviewType = "full", context) {
   const focusArea = getFocusArea3(reviewType);
   const additionalContext = context ? `${context}
 ` : "";
@@ -380,17 +388,17 @@ var ReviewClient = class {
    * @returns Array of review results from each model
    */
   async reviewCode(code, models, context) {
-    const userMessage = buildUserMessage2(code, context);
+    const userMessage = buildUserMessage3(code, context);
     return executeInParallel(
       models,
-      (model) => this.chat(model, SYSTEM_PROMPT2, userMessage)
+      (model) => this.chat(model, SYSTEM_PROMPT3, userMessage)
     );
   }
   /**
    * Review frontend code for accessibility, performance, and UX
    */
   async reviewFrontend(code, models, options) {
-    const userMessage = buildUserMessage3(
+    const userMessage = buildUserMessage4(
       code,
       options?.reviewType || "full",
       options?.framework,
@@ -398,14 +406,14 @@ var ReviewClient = class {
     );
     return executeInParallel(
       models,
-      (model) => this.chat(model, SYSTEM_PROMPT3, userMessage)
+      (model) => this.chat(model, SYSTEM_PROMPT4, userMessage)
     );
   }
   /**
    * Review backend code for security, performance, and architecture
    */
   async reviewBackend(code, models, options) {
-    const userMessage = buildUserMessage(
+    const userMessage = buildUserMessage2(
       code,
       options?.reviewType || "full",
       options?.language,
@@ -413,21 +421,21 @@ var ReviewClient = class {
     );
     return executeInParallel(
       models,
-      (model) => this.chat(model, SYSTEM_PROMPT, userMessage)
+      (model) => this.chat(model, SYSTEM_PROMPT2, userMessage)
     );
   }
   /**
    * Review implementation plans before code is written
    */
   async reviewPlan(plan, models, options) {
-    const userMessage = buildUserMessage4(
+    const userMessage = buildUserMessage5(
       plan,
       options?.reviewType || "full",
       options?.context
     );
     return executeInParallel(
       models,
-      (model) => this.chat(model, SYSTEM_PROMPT4, userMessage)
+      (model) => this.chat(model, SYSTEM_PROMPT5, userMessage)
     );
   }
   /**
@@ -508,6 +516,30 @@ var ReviewClient = class {
       return this.chatMultiTurn(model, messages);
     });
   }
+  /**
+   * Perform TPS (Toyota Production System) audit on aggregated codebase content
+   * Analyzes code for flow, waste, bottlenecks, and quality using TPS principles
+   *
+   * @param aggregatedContent - Aggregated file contents from repo scanner
+   * @param models - Array of model identifiers to use
+   * @param options - Optional configuration
+   * @returns Array of TPS analysis results from each model
+   */
+  async tpsAudit(aggregatedContent, models, options) {
+    const userMessage = buildUserMessage(aggregatedContent, {
+      focusAreas: options?.focusAreas,
+      repoName: options?.repoName
+    });
+    logger.debug("Starting TPS audit", {
+      contentLength: aggregatedContent.length,
+      modelCount: models.length,
+      focusAreas: options?.focusAreas
+    });
+    return executeInParallel(
+      models,
+      (model) => this.chat(model, SYSTEM_PROMPT, userMessage)
+    );
+  }
 };
 
 // src/session/in-memory-store.ts
@@ -982,6 +1014,9 @@ async function handleDiscussCouncil(client2, input, sessionStore2) {
 }
 
 // src/tools/factory.ts
+import { readFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
 function formatResults(results) {
   return results.map((r) => {
     if (r.error) {
@@ -994,6 +1029,39 @@ function formatResults(results) {
 ${r.review}`;
   }).join("\n\n---\n\n");
 }
+function formatResultsAsHtml(results, templatePath, data = {}) {
+  try {
+    let template = readFileSync(templatePath, "utf-8");
+    const modelPerspectives = results.map((r) => ({
+      model: r.model,
+      content: r.error ? `Error: ${r.error}` : r.review,
+      hasError: !!r.error
+    }));
+    const reportData = {
+      analysis: data.analysis || null,
+      repoName: data.repoName || "Unknown Repository",
+      modelPerspectives,
+      generatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    template = template.replace(
+      "{{REPORT_DATA}}",
+      JSON.stringify(reportData, null, 2)
+    );
+    return template;
+  } catch (error) {
+    logger.error("Failed to generate HTML report", error);
+    return formatResults(results);
+  }
+}
+function getTemplatesDir() {
+  try {
+    const __filename2 = fileURLToPath(import.meta.url);
+    const __dirname2 = dirname(__filename2);
+    return join(__dirname2, "..", "..", "templates");
+  } catch {
+    return join(process.cwd(), "templates");
+  }
+}
 function createReviewTool(server2, config) {
   server2.registerTool(
     config.name,
@@ -1239,6 +1307,598 @@ async function handlePlanReview(client2, input) {
   };
 }
 
+// src/tools/tps-audit.ts
+import { join as join4 } from "path";
+import { z as z7 } from "zod";
+
+// src/utils/repo-scanner.ts
+import { readdirSync, readFileSync as readFileSync2, statSync } from "fs";
+import { extname, join as join3, relative as relative2 } from "path";
+import ignore from "ignore";
+
+// src/utils/git-operations.ts
+import { execSync as execSync2 } from "child_process";
+import { existsSync, lstatSync, realpathSync } from "fs";
+import { dirname as dirname2, join as join2, normalize, relative, resolve } from "path";
+var MAX_TRAVERSAL_DEPTH = 20;
+function findGitRoot(startPath) {
+  let currentPath = resolve(startPath);
+  let depth = 0;
+  while (depth < MAX_TRAVERSAL_DEPTH) {
+    const gitPath = join2(currentPath, ".git");
+    if (existsSync(gitPath)) {
+      logger.debug("Found git root", { path: currentPath, depth });
+      return currentPath;
+    }
+    const parentPath = dirname2(currentPath);
+    if (parentPath === currentPath) {
+      throw new Error(
+        `Not in a git repository. Searched from ${startPath} to filesystem root.`
+      );
+    }
+    currentPath = parentPath;
+    depth++;
+  }
+  throw new Error(
+    `Max directory traversal depth (${MAX_TRAVERSAL_DEPTH}) exceeded while searching for git root.`
+  );
+}
+function isInsideRepo(filePath, repoRoot) {
+  try {
+    const normalizedRepo = normalize(resolve(repoRoot));
+    const normalizedFile = normalize(resolve(filePath));
+    const relativePath = relative(normalizedRepo, normalizedFile);
+    if (relativePath.startsWith("..") || resolve(relativePath) === relativePath) {
+      return false;
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+function resolveAndValidatePath(filePath, repoRoot) {
+  try {
+    const absolutePath = resolve(repoRoot, filePath);
+    const stats = lstatSync(absolutePath);
+    if (stats.isSymbolicLink()) {
+      const realPath = realpathSync(absolutePath);
+      if (!isInsideRepo(realPath, repoRoot)) {
+        logger.warn("Symlink target outside repository", {
+          symlink: filePath,
+          target: realPath,
+          repo: repoRoot
+        });
+        return null;
+      }
+      return realPath;
+    }
+    if (!isInsideRepo(absolutePath, repoRoot)) {
+      return null;
+    }
+    return absolutePath;
+  } catch (error) {
+    logger.debug("Path resolution failed", { filePath, error });
+    return null;
+  }
+}
+
+// src/utils/repo-scanner.ts
+var SENSITIVE_FILE_PATTERNS = [
+  ".env",
+  ".env.*",
+  "*.pem",
+  "*.key",
+  "*.p12",
+  "*.pfx",
+  "*.crt",
+  "*credentials*",
+  "*secret*",
+  "id_rsa*",
+  "id_ed25519*",
+  "id_dsa*",
+  "id_ecdsa*",
+  ".npmrc",
+  ".pypirc",
+  "kubeconfig",
+  ".kube/config",
+  ".docker/config.json",
+  "*password*",
+  "*token*",
+  "auth.json",
+  ".netrc",
+  ".git-credentials",
+  "*.keystore",
+  "*.jks",
+  "service-account*.json",
+  "gcloud*.json"
+];
+var SECRET_CONTENT_PATTERNS = [
+  /AKIA[0-9A-Z]{16}/g,
+  // AWS Access Key ID
+  /-----BEGIN\s+(RSA |DSA |EC |OPENSSH )?PRIVATE KEY-----/g,
+  // Private keys
+  /-----BEGIN\s+PGP PRIVATE KEY BLOCK-----/g,
+  // PGP private key
+  /ghp_[a-zA-Z0-9]{36}/g,
+  // GitHub Personal Access Token
+  /gho_[a-zA-Z0-9]{36}/g,
+  // GitHub OAuth Token
+  /ghs_[a-zA-Z0-9]{36}/g,
+  // GitHub Server Token
+  /ghu_[a-zA-Z0-9]{36}/g,
+  // GitHub User Token
+  /sk-[a-zA-Z0-9]{48}/g,
+  // OpenAI API Key
+  /sk-proj-[a-zA-Z0-9]{48}/g,
+  // OpenAI Project Key
+  /xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24}/g,
+  // Slack tokens
+  /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g,
+  // JWT tokens
+  /AIza[0-9A-Za-z_-]{35}/g,
+  // Google API Key
+  /[0-9a-f]{32}-us[0-9]+/g,
+  // Mailchimp API Key
+  /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g,
+  // SendGrid API Key
+  /sq0[a-z]{3}-[0-9A-Za-z_-]{22}/g
+  // Square tokens
+];
+var DEFAULT_FILE_EXTENSIONS = [
+  ".ts",
+  ".tsx",
+  ".js",
+  ".jsx",
+  ".mjs",
+  ".cjs",
+  ".py",
+  ".go",
+  ".rs",
+  ".java",
+  ".kt",
+  ".scala",
+  ".rb",
+  ".php",
+  ".cs",
+  ".cpp",
+  ".c",
+  ".h",
+  ".hpp",
+  ".swift",
+  ".vue",
+  ".svelte",
+  ".astro"
+];
+var EXCLUDED_DIRS = [
+  "node_modules",
+  ".git",
+  "dist",
+  "build",
+  "out",
+  ".next",
+  ".nuxt",
+  "__pycache__",
+  ".pytest_cache",
+  ".mypy_cache",
+  "venv",
+  ".venv",
+  "env",
+  ".env",
+  "vendor",
+  "target",
+  ".idea",
+  ".vscode",
+  "coverage",
+  ".nyc_output"
+];
+var HARD_LIMITS = {
+  MAX_FILES: 100,
+  MAX_FILE_SIZE: 100 * 1024,
+  // 100KB per file
+  MAX_TOTAL_SIZE: 1024 * 1024
+  // 1MB total
+};
+var DEFAULT_OPTIONS = {
+  maxFiles: 50,
+  maxFileSize: 50 * 1024,
+  // 50KB
+  maxTotalSize: 500 * 1024,
+  // 500KB
+  fileTypes: DEFAULT_FILE_EXTENSIONS,
+  skipSensitive: true,
+  detectSecrets: true
+};
+function isSensitiveFile(filename) {
+  const lowerName = filename.toLowerCase();
+  for (const pattern of SENSITIVE_FILE_PATTERNS) {
+    if (pattern.includes("*")) {
+      const regex = new RegExp(
+        "^" + pattern.replace(/\./g, "\\.").replace(/\*/g, ".*") + "$",
+        "i"
+      );
+      if (regex.test(lowerName)) {
+        return true;
+      }
+    } else if (lowerName === pattern.toLowerCase() || lowerName.endsWith(`/${pattern.toLowerCase()}`)) {
+      return true;
+    }
+  }
+  return false;
+}
+function detectEmbeddedSecrets(content) {
+  const detected = [];
+  const secretTypes = [
+    { pattern: SECRET_CONTENT_PATTERNS[0], name: "AWS Access Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[1], name: "Private Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[2], name: "PGP Private Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[3], name: "GitHub PAT" },
+    { pattern: SECRET_CONTENT_PATTERNS[4], name: "GitHub OAuth Token" },
+    { pattern: SECRET_CONTENT_PATTERNS[5], name: "GitHub Server Token" },
+    { pattern: SECRET_CONTENT_PATTERNS[6], name: "GitHub User Token" },
+    { pattern: SECRET_CONTENT_PATTERNS[7], name: "OpenAI API Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[8], name: "OpenAI Project Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[9], name: "Slack Token" },
+    { pattern: SECRET_CONTENT_PATTERNS[10], name: "JWT Token" },
+    { pattern: SECRET_CONTENT_PATTERNS[11], name: "Google API Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[12], name: "Mailchimp API Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[13], name: "SendGrid API Key" },
+    { pattern: SECRET_CONTENT_PATTERNS[14], name: "Square Token" }
+  ];
+  for (const { pattern, name } of secretTypes) {
+    if (!pattern) continue;
+    pattern.lastIndex = 0;
+    if (pattern.test(content)) {
+      detected.push(name);
+    }
+  }
+  return detected;
+}
+function isBinaryContent(content) {
+  for (let i = 0; i < Math.min(content.length, 8e3); i++) {
+    if (content[i] === 0) {
+      return true;
+    }
+  }
+  return false;
+}
+function estimateTokens(content) {
+  return Math.ceil(content.length / 4);
+}
+async function scanRepository(startPath, options = {}) {
+  const opts = {
+    ...DEFAULT_OPTIONS,
+    ...options,
+    maxFiles: Math.min(
+      options.maxFiles ?? DEFAULT_OPTIONS.maxFiles,
+      HARD_LIMITS.MAX_FILES
+    ),
+    maxFileSize: Math.min(
+      options.maxFileSize ?? DEFAULT_OPTIONS.maxFileSize,
+      HARD_LIMITS.MAX_FILE_SIZE
+    ),
+    maxTotalSize: Math.min(
+      options.maxTotalSize ?? DEFAULT_OPTIONS.maxTotalSize,
+      HARD_LIMITS.MAX_TOTAL_SIZE
+    )
+  };
+  const repoRoot = findGitRoot(startPath);
+  logger.info("Scanning repository", { repoRoot, options: opts });
+  const ig = ignore();
+  try {
+    const gitignorePath = join3(repoRoot, ".gitignore");
+    const gitignoreContent = readFileSync2(gitignorePath, "utf-8");
+    ig.add(gitignoreContent);
+  } catch {
+  }
+  ig.add(EXCLUDED_DIRS);
+  const files = [];
+  const skipped = [];
+  const warnings = [];
+  let totalSize = 0;
+  let totalFilesFound = 0;
+  function scanDir(dirPath, depth = 0) {
+    if (depth > 20) {
+      return;
+    }
+    if (files.length >= opts.maxFiles) {
+      return;
+    }
+    let entries;
+    try {
+      entries = readdirSync(dirPath);
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (files.length >= opts.maxFiles) {
+        break;
+      }
+      const fullPath = join3(dirPath, entry);
+      const relativePath = relative2(repoRoot, fullPath);
+      if (ig.ignores(relativePath)) {
+        continue;
+      }
+      const validPath = resolveAndValidatePath(fullPath, repoRoot);
+      if (!validPath) {
+        skipped.push({
+          path: relativePath,
+          reason: "Path outside repository or invalid symlink"
+        });
+        continue;
+      }
+      let stats2;
+      try {
+        stats2 = statSync(validPath);
+      } catch {
+        continue;
+      }
+      if (stats2.isDirectory()) {
+        scanDir(fullPath, depth + 1);
+      } else if (stats2.isFile()) {
+        totalFilesFound++;
+        const ext = extname(entry).toLowerCase();
+        if (!opts.fileTypes.includes(ext)) {
+          continue;
+        }
+        if (opts.skipSensitive && isSensitiveFile(entry)) {
+          skipped.push({
+            path: relativePath,
+            reason: "Potentially sensitive file"
+          });
+          warnings.push(`Skipped sensitive file: ${relativePath}`);
+          continue;
+        }
+        if (stats2.size > opts.maxFileSize) {
+          skipped.push({
+            path: relativePath,
+            reason: `File too large (${stats2.size} bytes)`
+          });
+          continue;
+        }
+        if (totalSize + stats2.size > opts.maxTotalSize) {
+          skipped.push({
+            path: relativePath,
+            reason: "Total size limit reached"
+          });
+          continue;
+        }
+        let content;
+        try {
+          const buffer = readFileSync2(validPath);
+          if (isBinaryContent(buffer)) {
+            skipped.push({ path: relativePath, reason: "Binary file" });
+            continue;
+          }
+          content = buffer.toString("utf-8");
+        } catch {
+          skipped.push({ path: relativePath, reason: "Could not read file" });
+          continue;
+        }
+        if (opts.detectSecrets) {
+          const secrets = detectEmbeddedSecrets(content);
+          if (secrets.length > 0) {
+            skipped.push({
+              path: relativePath,
+              reason: `Contains potential secrets: ${secrets.join(", ")}`
+            });
+            warnings.push(
+              `Skipped file with potential secrets: ${relativePath} (${secrets.join(", ")})`
+            );
+            continue;
+          }
+        }
+        files.push({ path: relativePath, content });
+        totalSize += stats2.size;
+      }
+    }
+  }
+  scanDir(repoRoot);
+  const stats = {
+    totalFilesFound,
+    totalFilesIncluded: files.length,
+    totalSize,
+    tokenEstimate: files.reduce((sum, f) => sum + estimateTokens(f.content), 0)
+  };
+  logger.info("Repository scan complete", {
+    filesIncluded: files.length,
+    filesSkipped: skipped.length,
+    totalSize,
+    tokenEstimate: stats.tokenEstimate,
+    warnings: warnings.length
+  });
+  return {
+    files,
+    skipped,
+    warnings,
+    stats,
+    repoRoot
+  };
+}
+function aggregateFiles(files) {
+  return files.map(
+    (f) => `=== FILE: ${f.path} ===
+${f.content}
+=== END FILE: ${f.path} ===`
+  ).join("\n\n");
+}
+
+// src/tools/tps-audit.ts
+var tpsAuditSchemaObj = z7.object({
+  path: z7.string().optional().describe(
+    "Path to repo root (auto-detects current directory if not provided)"
+  ),
+  focus_areas: z7.array(z7.string()).optional().describe("Specific areas to focus on (e.g., 'performance', 'security')"),
+  max_files: z7.number().max(100).optional().describe("Maximum files to analyze (default: 50, max: 100)"),
+  file_types: z7.array(z7.string()).optional().describe("File extensions to include (e.g., ['.ts', '.js'])"),
+  include_sensitive: z7.boolean().optional().describe(
+    "Include potentially sensitive files (default: false, use with caution)"
+  ),
+  output_format: z7.enum(["html", "markdown", "json"]).optional().describe("Output format (default: html)")
+});
+var tpsAuditSchema = tpsAuditSchemaObj.shape;
+async function handleTpsAudit(client2, models, input) {
+  const startPath = input.path || process.cwd();
+  const outputFormat = input.output_format || "html";
+  logger.info("Starting TPS audit", {
+    startPath,
+    maxFiles: input.max_files,
+    focusAreas: input.focus_areas,
+    outputFormat,
+    modelCount: models.length
+  });
+  const scanResult = await scanRepository(startPath, {
+    maxFiles: input.max_files,
+    fileTypes: input.file_types,
+    skipSensitive: !input.include_sensitive,
+    detectSecrets: !input.include_sensitive
+  });
+  if (scanResult.files.length === 0) {
+    logger.warn("No files found to analyze", {
+      totalFilesFound: scanResult.stats.totalFilesFound,
+      skipped: scanResult.skipped.length
+    });
+    return {
+      results: [
+        {
+          model: "system",
+          review: "No files found to analyze. Check that the repository contains supported file types and that files are not excluded by .gitignore or security filters."
+        }
+      ],
+      models: ["system"],
+      scanResult,
+      analysis: null,
+      outputFormat
+    };
+  }
+  if (scanResult.warnings.length > 0) {
+    logger.warn("Security warnings during scan", {
+      warnings: scanResult.warnings
+    });
+  }
+  const aggregatedContent = aggregateFiles(scanResult.files);
+  logger.info("Repository scanned", {
+    filesIncluded: scanResult.files.length,
+    totalSize: scanResult.stats.totalSize,
+    tokenEstimate: scanResult.stats.tokenEstimate
+  });
+  if (scanResult.stats.tokenEstimate > 1e5) {
+    logger.warn("Large token count", {
+      estimate: scanResult.stats.tokenEstimate
+    });
+  }
+  const results = await client2.tpsAudit(aggregatedContent, models, {
+    focusAreas: input.focus_areas,
+    repoName: scanResult.repoRoot.split("/").pop()
+  });
+  let analysis = null;
+  for (const result of results) {
+    if (!result.error && result.review) {
+      const { parseTpsAnalysis } = await import("./tps-audit-GNK4VIKA.js");
+      analysis = parseTpsAnalysis(result.review);
+      if (analysis) break;
+    }
+  }
+  return {
+    results,
+    models,
+    scanResult,
+    analysis,
+    outputFormat
+  };
+}
+function formatTpsAuditResults(auditResult) {
+  const { results, scanResult, analysis, outputFormat } = auditResult;
+  switch (outputFormat) {
+    case "html": {
+      const templatePath = join4(getTemplatesDir(), "tps-report.html");
+      return formatResultsAsHtml(results, templatePath, {
+        analysis,
+        repoName: scanResult.repoRoot.split("/").pop()
+      });
+    }
+    case "json": {
+      return JSON.stringify(
+        {
+          analysis,
+          scanStats: scanResult.stats,
+          warnings: scanResult.warnings,
+          skipped: scanResult.skipped,
+          modelResponses: results.map((r) => ({
+            model: r.model,
+            hasError: !!r.error,
+            content: r.error || r.review
+          }))
+        },
+        null,
+        2
+      );
+    }
+    case "markdown":
+    default: {
+      const parts = [];
+      parts.push("# TPS Audit Report\n");
+      parts.push(`**Repository:** ${scanResult.repoRoot}
+`);
+      parts.push(`**Files Analyzed:** ${scanResult.files.length}
+`);
+      parts.push(`**Token Estimate:** ~${scanResult.stats.tokenEstimate}
+`);
+      if (scanResult.warnings.length > 0) {
+        parts.push("\n## Warnings\n");
+        for (const w of scanResult.warnings) {
+          parts.push(`- ${w}
+`);
+        }
+      }
+      if (analysis) {
+        parts.push("\n## Scores\n");
+        parts.push(`- **Overall:** ${analysis.scores.overall}/100
+`);
+        parts.push(`- **Flow:** ${analysis.scores.flow}/100
+`);
+        parts.push(`- **Waste Efficiency:** ${analysis.scores.waste}/100
+`);
+        parts.push(`- **Quality:** ${analysis.scores.quality}/100
+`);
+        parts.push("\n## Summary\n");
+        parts.push("\n### Strengths\n");
+        for (const s of analysis.summary.strengths) {
+          parts.push(`- ${s}
+`);
+        }
+        parts.push("\n### Concerns\n");
+        for (const c of analysis.summary.concerns) {
+          parts.push(`- ${c}
+`);
+        }
+        parts.push("\n### Quick Wins\n");
+        for (const q of analysis.summary.quickWins) {
+          parts.push(`- ${q}
+`);
+        }
+      }
+      parts.push("\n## Model Perspectives\n");
+      results.forEach((r) => {
+        if (r.error) {
+          parts.push(`
+### ${r.model}
+
+**Error:** ${r.error}
+`);
+        } else {
+          parts.push(`
+### ${r.model}
+
+${r.review}
+`);
+        }
+        parts.push("\n---\n");
+      });
+      return parts.join("");
+    }
+  }
+}
+
 // src/index.ts
 var OPENROUTER_API_KEY = process.env.OPENROUTER_API_KEY;
 if (!OPENROUTER_API_KEY) {
@@ -1287,6 +1947,42 @@ createReviewTool(server, {
   inputSchema: gitReviewSchema,
   handler: (input) => handleGitReview(client, CODE_REVIEW_MODELS, input)
 });
+server.registerTool(
+  "tps_audit",
+  {
+    description: "Toyota Production System audit - analyze a codebase for flow, waste, bottlenecks, and quality. Scans the repository, identifies entry points, maps data flow, and provides actionable recommendations. Outputs interactive HTML report by default, or markdown/JSON.",
+    inputSchema: tpsAuditSchema
+  },
+  async (input) => {
+    try {
+      logger.debug("Starting tps_audit", {
+        inputKeys: Object.keys(input)
+      });
+      const result = await handleTpsAudit(client, TPS_AUDIT_MODELS, input);
+      const formattedOutput = formatTpsAuditResults(result);
+      logger.info("Completed tps_audit", {
+        modelCount: result.models.length,
+        filesScanned: result.scanResult.files.length,
+        outputFormat: result.outputFormat,
+        hasAnalysis: !!result.analysis
+      });
+      return {
+        content: [
+          {
+            type: "text",
+            text: formattedOutput
+          }
+        ]
+      };
+    } catch (error) {
+      logger.error(
+        "Error in tps_audit",
+        error instanceof Error ? error : new Error(String(error))
+      );
+      return formatError(error);
+    }
+  }
+);
 server.registerTool(
   "list_review_config",
   { description: "Show current model configuration" },
@@ -1322,7 +2018,8 @@ async function main() {
     frontendReviewModels: FRONTEND_REVIEW_MODELS,
     backendReviewModels: BACKEND_REVIEW_MODELS,
     planReviewModels: PLAN_REVIEW_MODELS,
-    discussionModels: DISCUSSION_MODELS
+    discussionModels: DISCUSSION_MODELS,
+    tpsAuditModels: TPS_AUDIT_MODELS
   });
 }
 main().catch((error) => {

package/dist/tps-audit-GNK4VIKA.js

@@ -0,0 +1,11 @@
+import {
+  SYSTEM_PROMPT,
+  buildUserMessage,
+  parseTpsAnalysis
+} from "./chunk-Y77R7523.js";
+export {
+  SYSTEM_PROMPT,
+  buildUserMessage,
+  parseTpsAnalysis
+};
+//# sourceMappingURL=tps-audit-GNK4VIKA.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@klitchevo/code-council",
-	"version": "0.0.11",
+	"version": "0.0.13",
 	"description": "Multi-model AI code review server using OpenRouter - get diverse perspectives from multiple LLMs in parallel",
 	"main": "dist/index.js",
 	"type": "module",
@@ -64,6 +64,7 @@
 	"dependencies": {
 		"@modelcontextprotocol/sdk": "1.25.1",
 		"@openrouter/sdk": "0.3.10",
+		"ignore": "^7.0.5",
 		"zod": "4.2.1"
 	},
 	"devDependencies": {