@mcptoolshop/brand 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 mcp-tool-shop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.es.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.md">English</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+Registro centralizado de activos de marca para la organización GitHub [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org). Un repositorio contiene todos los logotipos. Cada archivo README hace referencia a este repositorio. Actualiza una vez, y se actualiza en todas partes.
+
+## ¿Por qué?
+
+Cuando cada repositorio tiene su propia copia del logotipo, se produce duplicación, desviación e inconsistencia. Una actualización de la marca implica buscar en más de 80 repositorios. Este repositorio soluciona ese problema: los logotipos se encuentran aquí, y los archivos README los referencian a través de URLs de `raw.githubusercontent.com`.
+
+## Estructura
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 logotipos distribuidos en 81 repositorios. Los archivos PNG permanecen como PNG y los archivos JPEG como JPEG. El formato es una decisión de la marca, no un objetivo de compilación.
+
+## Interfaz de línea de comandos (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## Añadir un nuevo logotipo
+
+1. Copia el archivo en `logos/<slug>/readme.png` (o `.jpg`).
+2. Ejecuta `brand manifest` para actualizar los hashes de integridad.
+3. Realiza un commit tanto del logotipo como de `manifest.json` juntos.
+4. El sistema de integración continua (CI) verifica el manifiesto al realizar un push.
+
+## Seguridad
+
+Cada logotipo está rastreado mediante un hash SHA-256 en `manifest.json`. El sistema de integración continua (CI) ejecuta `brand manifest --check` en cada push que afecte a `logos/` o `manifest.json`. Cualquier discrepancia, ya sea una sobrescritura accidental, manipulación o desviación, provoca el fallo de la compilación.
+
+Consulta [docs/handbook.md](docs/handbook.md) para obtener más información: por qué los enlaces simbólicos no funcionan, cómo los distintivos interfieren con la detección de logotipos, las trampas de renderizado de Markdown que rompen las etiquetas `<img>`, y el protocolo de seguridad para la migración.
+
+## Licencia
+
+[MIT](LICENSE)

package/README.fr.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.md">English</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+Registre centralisé des éléments de marque pour l'organisation GitHub [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org). Un seul dépôt contient tous les logos. Chaque fichier README renvoie vers ce dépôt. Mettez à jour une seule fois, et la modification se propage partout.
+
+## Pourquoi ?
+
+Lorsque chaque dépôt contient sa propre copie du logo, cela entraîne une duplication, des divergences et une incohérence. Une modification de la marque implique de parcourir plus de 80 dépôts. Ce dépôt résout ce problème : les logos sont stockés ici, et les fichiers README les référencent via les URL `raw.githubusercontent.com`.
+
+## Structure
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 logos répartis dans 81 dépôts. Les fichiers PNG restent des fichiers PNG. Les fichiers JPEG restent des fichiers JPEG. Le format est une décision de marque, et non une cible de construction.
+
+## Interface en ligne de commande (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## Ajouter un nouveau logo
+
+1. Déposez le fichier dans `logos/<slug>/readme.png` (ou `.jpg`)
+2. Exécutez `brand manifest` pour mettre à jour les hachages d'intégrité
+3. Validez à la fois le logo et `manifest.json` ensemble
+4. L'intégration continue (CI) vérifie le fichier manifest lors de chaque envoi
+
+## Sécurité
+
+Chaque logo est suivi par un hachage SHA-256 dans `manifest.json`. L'intégration continue (CI) exécute `brand manifest --check` lors de chaque envoi qui modifie les fichiers `logos/` ou `manifest.json`. Toute incohérence – écrasement accidentel, manipulation, divergence – entraîne l'échec de la construction.
+
+Consultez [docs/handbook.md](docs/handbook.md) pour plus de détails : pourquoi les liens symboliques ne fonctionnent pas, comment les badges interfèrent avec la détection des logos, les pièges de rendu Markdown qui corrompent les balises `<img>`, et le protocole de sécurité de migration.
+
+## Licence
+
+[MIT](LICENSE)

package/README.hi.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.md">English</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+[mcp-tool-shop-org](https://github.com/mcp-tool-shop-org) गिटहब संगठन के लिए केंद्रीकृत ब्रांड एसेट रजिस्ट्री। एक रिपॉजिटरी में सभी लोगो मौजूद हैं। प्रत्येक README फ़ाइल यहां लिंक करती है। एक बार अपडेट करें, और हर जगह अपडेट हो जाएगा।
+
+## क्यों?
+
+जब प्रत्येक रिपॉजिटरी में लोगो की अपनी प्रति होती है, तो डुप्लीकेशन, विचलन और असंगति होती है। ब्रांडिंग में बदलाव करने का मतलब है 80 से अधिक रिपॉजिटरी में खोज करना। यह रिपॉजिटरी इस समस्या को हल करता है - लोगो यहां मौजूद हैं, और README फ़ाइलें `raw.githubusercontent.com` यूआरएल के माध्यम से उनका उल्लेख करती हैं।
+
+## संरचना
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 रिपॉजिटरी में 81 लोगो। PNG फ़ाइलें PNG ही रहेंगी, और JPEG फ़ाइलें JPEG ही रहेंगी। फ़ॉर्मेट एक ब्रांड संबंधी निर्णय है, न कि बिल्ड लक्ष्य।
+
+## कमांड-लाइन इंटरफेस (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## एक नया लोगो जोड़ना
+
+1. फ़ाइल को `logos/<slug>/readme.png` (या `.jpg`) में डालें।
+2. `brand manifest` कमांड चलाकर इंटीग्रिटी हैश अपडेट करें।
+3. लोगो और `manifest.json` दोनों को एक साथ कमिट करें।
+4. CI (निरंतर एकीकरण) सिस्टम, पुश करने पर मैनिफेस्ट को सत्यापित करता है।
+
+## सुरक्षा
+
+प्रत्येक लोगो को `manifest.json` में SHA-256 हैश द्वारा ट्रैक किया जाता है। CI सिस्टम, `logos/` या `manifest.json` को प्रभावित करने वाले प्रत्येक पुश पर `brand manifest --check` कमांड चलाता है। किसी भी प्रकार की विसंगति - चाहे वह आकस्मिक ओवरराइट हो, छेड़छाड़ हो, या विचलन - बिल्ड को विफल कर देती है।
+
+पूरे विवरण के लिए [docs/handbook.md](docs/handbook.md) देखें: इसमें बताया गया है कि सिंबोलिक लिंक क्यों काम नहीं करते हैं, बैज लोगो का पता लगाने के साथ कैसे टकराते हैं, और मार्कडाउन रेंडरिंग के कौन से जाल `<img>` टैग को तोड़ देते हैं, साथ ही माइग्रेशन सुरक्षा प्रोटोकॉल भी।
+
+## लाइसेंस
+
+[MIT](LICENSE)

package/README.it.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.md">English</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+Registro centralizzato delle risorse del marchio per l'organizzazione GitHub [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org). Un repository contiene tutti i loghi. Ogni file README fa riferimento a questo repository. Aggiornare una volta, aggiornare ovunque.
+
+## Perché
+
+Quando ogni repository contiene una propria copia del logo, si verificano duplicazioni, discrepanze e incoerenze. Un cambiamento di immagine richiede di cercare in oltre 80 repository. Questo repository risolve questo problema: i loghi sono memorizzati qui, e i file README li richiamano tramite URL `raw.githubusercontent.com`.
+
+## Struttura
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 loghi distribuiti in 81 repository. I file PNG rimangono file PNG, i file JPEG rimangono file JPEG. Il formato è una decisione del marchio, non un obiettivo di compilazione.
+
+## Interfaccia a riga di comando (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## Aggiungere un nuovo logo
+
+1. Copiare il file in `logos/<slug>/readme.png` (o `.jpg`)
+2. Eseguire `brand manifest` per aggiornare gli hash di integrità
+3. Effettuare il commit sia del logo che di `manifest.json` insieme
+4. Il sistema di integrazione continua (CI) verifica il file manifest ad ogni commit.
+
+## Sicurezza
+
+Ogni logo è tracciato tramite l'hash SHA-256 nel file `manifest.json`. Il sistema CI esegue `brand manifest --check` ad ogni commit che modifica i file in `logos/` o `manifest.json`. Qualsiasi discrepanza (sovrascrittura accidentale, manomissione, discrepanza) causa il fallimento della compilazione.
+
+Consultare [docs/handbook.md](docs/handbook.md) per maggiori dettagli: perché i collegamenti simbolici non funzionano, come i badge interferiscono con il rilevamento dei loghi, le trappole di rendering Markdown che compromettono i tag `<img>`, e il protocollo di sicurezza per la migrazione.
+
+## Licenza
+
+[MIT](LICENSE)

package/README.ja.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.md">English</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+[mcp-tool-shop-org] GitHub組織向けの、ブランドアセットの一元管理レジストリです。このリポジトリには、すべてのロゴが格納されています。各READMEファイルは、このリポジトリを指しています。一度更新すれば、すべての場所で更新されます。
+
+## なぜか
+
+各リポジトリが独自のロゴコピーを持っていると、重複、乖離、および不整合が発生します。ブランド変更を行うには、80以上のリポジトリを個別に確認する必要があります。このリポジトリはその問題を解決します。ロゴはここに保存され、READMEファイルは`raw.githubusercontent.com`のURLを通じてそれらを参照します。
+
+## 構造
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81個のロゴが、81個のリポジトリに分散して保存されています。PNGファイルはPNGのまま、JPEGファイルはJPEGのままです。ファイル形式は、ビルドの対象ではなく、ブランド側の決定です。
+
+## CLI (コマンドラインインターフェース)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## 新しいロゴの追加
+
+1. ファイルを`logos/<slug>/readme.png`（または`.jpg`）に配置します。
+2. `brand manifest`コマンドを実行して、整合性ハッシュを更新します。
+3. ロゴと`manifest.json`ファイルを一緒にコミットします。
+4. CI（継続的インテグレーション）は、プッシュ時に`manifest.json`の内容を検証します。
+
+## セキュリティ
+
+すべてのロゴは、`manifest.json`ファイル内のSHA-256ハッシュによって追跡されます。CIは、`logos/`または`manifest.json`に影響を与えるすべてのプッシュに対して、`brand manifest --check`コマンドを実行します。不整合（意図しない上書き、改ざん、乖離など）が発生した場合、ビルドは失敗します。
+
+詳細については、[docs/handbook.md](docs/handbook.md)を参照してください。シンボリックリンクが機能しない理由、バッジがロゴ検出と競合する理由、`<img>`タグを壊すMarkdownレンダリングの問題、および移行の安全プロトコルについて説明されています。
+
+## ライセンス
+
+[MIT](LICENSE)

package/README.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+Centralized brand asset registry for the [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org) GitHub org. One repo holds every logo. Every README points here. Update once, update everywhere.
+
+## Why
+
+When every repo carries its own copy of the logo, you get duplication, drift, and inconsistency. A rebrand means hunting through 80+ repos. This repo fixes that — logos live here, READMEs reference them via `raw.githubusercontent.com` URLs.
+
+## Structure
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 logos across 81 repos. PNGs stay PNGs. JPEGs stay JPEGs. Format is a brand decision, not a build target.
+
+## CLI
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## Adding a New Logo
+
+1. Drop the file into `logos/<slug>/readme.png` (or `.jpg`)
+2. Run `brand manifest` to update integrity hashes
+3. Commit both the logo and `manifest.json` together
+4. CI verifies the manifest on push
+
+## Security
+
+Every logo is tracked by SHA-256 hash in `manifest.json`. CI runs `brand manifest --check` on every push that touches `logos/` or `manifest.json`. Any mismatch — accidental overwrite, tampering, drift — fails the build.
+
+See [docs/handbook.md](docs/handbook.md) for the full story: why symlinks don't work, how badges collide with logo detection, the markdown rendering traps that break `<img>` tags, and the migration safety protocol.
+
+## License
+
+[MIT](LICENSE)

package/README.pt-BR.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.md">English</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+Registro centralizado de ativos da marca para a organização GitHub [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org). Um repositório contém todos os logotipos. Cada arquivo README aponta para este repositório. Atualize uma vez e atualize em todos os lugares.
+
+## Por que?
+
+Quando cada repositório possui sua própria cópia do logotipo, você obtém duplicação, desvio e inconsistência. Uma mudança de marca significa procurar em mais de 80 repositórios. Este repositório resolve isso: os logotipos ficam aqui, e os arquivos README fazem referência a eles por meio de URLs `raw.githubusercontent.com`.
+
+## Estrutura
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 logotipos em 81 repositórios. Os arquivos PNG permanecem como PNGs. Os arquivos JPEG permanecem como JPEGs. O formato é uma decisão da marca, não um alvo de compilação.
+
+## Interface de Linha de Comando (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## Adicionando um Novo Logotipo
+
+1. Arraste o arquivo para `logos/<slug>/readme.png` (ou `.jpg`)
+2. Execute `brand manifest` para atualizar os hashes de integridade
+3. Faça o commit tanto do logotipo quanto do `manifest.json` juntos
+4. O sistema de integração contínua (CI) verifica o manifesto a cada envio.
+
+## Segurança
+
+Cada logotipo é rastreado por um hash SHA-256 no `manifest.json`. O CI executa `brand manifest --check` em cada envio que afeta os arquivos `logos/` ou `manifest.json`. Qualquer incompatibilidade – sobrescrita acidental, adulteração, desvio – causa a falha da compilação.
+
+Consulte [docs/handbook.md](docs/handbook.md) para obter mais detalhes: por que os links simbólicos não funcionam, como os selos interferem na detecção de logotipos, as armadilhas de renderização de Markdown que quebram as tags `<img>`, e o protocolo de segurança para migração.
+
+## Licença
+
+[MIT](LICENSE)

package/README.zh.md

@@ -0,0 +1,69 @@
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.md">English</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
+<p align="center">
+  <img src="assets/logo.jpg" alt="Brand" width="400">
+</p>
+
+<p align="center">
+  <a href="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml"><img src="https://github.com/mcp-tool-shop-org/brand/actions/workflows/ci.yml/badge.svg" alt="CI"></a>
+  <a href="LICENSE"><img src="https://img.shields.io/badge/License-MIT-yellow" alt="License: MIT"></a>
+  <a href="https://mcp-tool-shop-org.github.io/brand/"><img src="https://img.shields.io/badge/Landing_Page-live-blue" alt="Landing Page"></a>
+</p>
+
+为 [mcp-tool-shop-org](https://github.com/mcp-tool-shop-org) GitHub 组织提供的集中式品牌资产注册库。一个仓库包含所有 logo。每个 README 文件都指向这里。只需更新一次，即可在所有地方同步更新。
+
+## 原因
+
+当每个仓库都包含自己的 logo 副本时，就会出现重复、偏差和不一致的情况。品牌重塑意味着需要在 80 多个仓库中进行搜索。这个仓库解决了这个问题——所有 logo 都存储在这里，README 文件通过 `raw.githubusercontent.com` URL 链接到它们。
+
+## 结构
+
+```
+logos/
+  <slug>/
+    readme.png    # or readme.jpg — format preserved as-is
+manifest.json     # SHA-256 integrity hashes for every asset
+docs/
+  handbook.md     # Lessons learned from migrating 80+ repos
+```
+
+81 个仓库，每个仓库包含一个 logo。PNG 格式的 logo 保持 PNG 格式，JPEG 格式的 logo 保持 JPEG 格式。文件格式是品牌决策，而不是构建目标。
+
+## 命令行工具 (CLI)
+
+```bash
+# Verify all logos match their manifest hashes
+brand verify
+
+# Regenerate manifest after adding/replacing a logo
+brand manifest
+
+# CI mode — fail if manifest is out of date
+brand manifest --check
+
+# Audit repos for broken refs, badge collisions, indentation traps
+brand audit --repos /path/to/clones
+
+# Migrate READMEs to point at brand repo (dry run first)
+brand migrate --repos /path/to/clones --dry-run
+brand migrate --repos /path/to/clones
+```
+
+## 添加新的 logo
+
+1. 将文件放入 `logos/<slug>/readme.png` (或 `.jpg`) 目录中。
+2. 运行 `brand manifest` 命令以更新完整性哈希值。
+3. 同时提交 logo 文件和 `manifest.json` 文件。
+4. CI 系统在每次提交时验证 `manifest.json` 文件的内容。
+
+## 安全性
+
+每个 logo 都通过 SHA-256 哈希值在 `manifest.json` 文件中进行跟踪。CI 系统在每次涉及 `logos/` 目录或 `manifest.json` 文件的提交时，都会运行 `brand manifest --check` 命令。任何不匹配的情况——意外覆盖、篡改或偏差——都会导致构建失败。
+
+请参阅 [docs/handbook.md](docs/handbook.md) 获取完整信息：为什么符号链接不可用，徽章如何与 logo 检测冲突，以及 markdown 渲染中可能导致 `<img>` 标签失效的陷阱，以及迁移的安全协议。
+
+## 许可证
+
+[MIT](LICENSE)

package/dist/cli.d.ts

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+/**
+ * brand CLI — Centralized brand asset management.
+ *
+ * Commands:
+ *   collect   Scan org repos, collect authoritative logos
+ *   migrate   Rewrite README logo references to brand repo
+ *   audit     Scan for broken refs, badge collisions, indentation traps
+ *   verify    Verify logo integrity against manifest
+ *   manifest  Regenerate manifest.json
+ *   push      Commit + push README changes across repos
+ *   revert    Revert a migration by commit message
+ */
+export {};

package/dist/cli.js

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+/**
+ * brand CLI — Centralized brand asset management.
+ *
+ * Commands:
+ *   collect   Scan org repos, collect authoritative logos
+ *   migrate   Rewrite README logo references to brand repo
+ *   audit     Scan for broken refs, badge collisions, indentation traps
+ *   verify    Verify logo integrity against manifest
+ *   manifest  Regenerate manifest.json
+ *   push      Commit + push README changes across repos
+ *   revert    Revert a migration by commit message
+ */
+import { Command } from 'commander';
+import { readFileSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+let version = '0.1.0';
+try {
+    const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
+    version = pkg.version;
+}
+catch {
+    // use default
+}
+const program = new Command();
+program
+    .name('brand')
+    .description('Centralized brand asset management — migration, audit, and integrity verification')
+    .version(version);
+program
+    .command('verify')
+    .description('Verify logo integrity against manifest')
+    .option('--manifest <path>', 'Path to manifest.json', 'manifest.json')
+    .option('--logos <path>', 'Path to logos directory', 'logos')
+    .action(async (opts) => {
+    const { runVerify } = await import('./commands/verify.js');
+    await runVerify(opts);
+});
+program
+    .command('manifest')
+    .description('Regenerate manifest.json from current logos')
+    .option('--logos <path>', 'Path to logos directory', 'logos')
+    .option('--output <path>', 'Output path for manifest', 'manifest.json')
+    .option('--check', 'Check mode — fail if manifest would change (for CI)')
+    .action(async (opts) => {
+    const { runManifest } = await import('./commands/manifest-cmd.js');
+    await runManifest(opts);
+});
+program
+    .command('audit')
+    .description('Scan org repos for broken logo refs, badge collisions, indentation traps')
+    .option('--repos <path>', 'Parent directory containing repo clones', '.')
+    .option('--brand-base <url>', 'Base URL for brand assets', 'https://raw.githubusercontent.com/mcp-tool-shop-org/brand/main')
+    .action(async (opts) => {
+    const { runAudit } = await import('./commands/audit.js');
+    await runAudit(opts);
+});
+program
+    .command('migrate')
+    .description('Rewrite README logo references to point at brand repo')
+    .option('--repos <path>', 'Parent directory containing repo clones', '.')
+    .option('--logos <path>', 'Path to logos directory', 'logos')
+    .option('--brand-base <url>', 'Base URL for brand logos', 'https://raw.githubusercontent.com/mcp-tool-shop-org/brand/main/logos')
+    .option('--dry-run', 'Preview changes without modifying files', false)
+    .action(async (opts) => {
+    const { runMigrate } = await import('./commands/migrate.js');
+    await runMigrate(opts);
+});
+program.parse();

package/dist/commands/audit.d.ts

@@ -0,0 +1,6 @@
+interface AuditOptions {
+    repos: string;
+    brandBase: string;
+}
+export declare function runAudit(opts: AuditOptions): Promise<void>;
+export {};

package/dist/commands/audit.js

@@ -0,0 +1,104 @@
+import chalk from 'chalk';
+import { readFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { globSync } from 'glob';
+import { findLogoImgTags } from '../utils/readme-parser.js';
+export async function runAudit(opts) {
+    const logosDir = join(opts.repos, 'logos');
+    const issues = [];
+    // Get all logo slugs
+    const slugDirs = globSync('*/', { cwd: logosDir }).map(d => d.replace(/\/$/, ''));
+    for (const slug of slugDirs) {
+        const repoDir = join(opts.repos, '..', slug);
+        if (!existsSync(repoDir))
+            continue;
+        // Find README files
+        const readmes = globSync('README*.md', { cwd: repoDir });
+        if (readmes.length === 0) {
+            issues.push({ repo: slug, file: '-', issue: 'no-readme', detail: 'No README.md found' });
+            continue;
+        }
+        for (const readmeFile of readmes) {
+            const readmePath = join(repoDir, readmeFile);
+            const content = readFileSync(readmePath, 'utf-8');
+            const lines = content.split('\n');
+            // Check: does the README reference the brand repo?
+            const logoMatches = findLogoImgTags(content);
+            if (logoMatches.length === 0 && readmeFile === 'README.md') {
+                issues.push({ repo: slug, file: readmeFile, issue: 'no-logo-ref', detail: 'No logo <img> tag found' });
+                continue;
+            }
+            for (const match of logoMatches) {
+                // Check: is the src pointing at the brand repo?
+                if (!match.src.includes('brand/main/logos')) {
+                    issues.push({
+                        repo: slug,
+                        file: readmeFile,
+                        issue: 'local-logo-ref',
+                        line: match.line,
+                        detail: `Still points to: ${match.src}`,
+                    });
+                }
+                // Check: indentation trap (4+ spaces before <img)
+                const lineContent = match.content;
+                const leadingSpaces = lineContent.match(/^(\s*)/)?.[1]?.length ?? 0;
+                if (leadingSpaces >= 4 && !lineContent.trimStart().startsWith('<p')) {
+                    issues.push({
+                        repo: slug,
+                        file: readmeFile,
+                        issue: 'indentation-trap',
+                        line: match.line,
+                        detail: `${leadingSpaces} spaces of indentation — will render as code block`,
+                    });
+                }
+            }
+            // Check: multiple logo matches (possible badge collision)
+            if (logoMatches.length > 1) {
+                issues.push({
+                    repo: slug,
+                    file: readmeFile,
+                    issue: 'multiple-logo-matches',
+                    detail: `${logoMatches.length} logo <img> tags found — possible badge collision`,
+                });
+            }
+            // Check: brand URL that 404s (format mismatch)
+            for (const match of logoMatches) {
+                if (match.src.includes('brand/main/logos')) {
+                    const expectedPng = join(logosDir, slug, 'readme.png');
+                    const expectedJpg = join(logosDir, slug, 'readme.jpg');
+                    if (!existsSync(expectedPng) && !existsSync(expectedJpg)) {
+                        issues.push({
+                            repo: slug,
+                            file: readmeFile,
+                            issue: 'missing-brand-asset',
+                            line: match.line,
+                            detail: `Brand asset not found for slug: ${slug}`,
+                        });
+                    }
+                }
+            }
+        }
+    }
+    // Report
+    if (issues.length === 0) {
+        console.log(chalk.green(`\n  ✓ Audit clean — ${slugDirs.length} repos checked, no issues.\n`));
+        return;
+    }
+    console.log(chalk.yellow(`\n  Found ${issues.length} issue(s) across ${new Set(issues.map(i => i.repo)).size} repos:\n`));
+    const grouped = new Map();
+    for (const issue of issues) {
+        const key = issue.repo;
+        if (!grouped.has(key))
+            grouped.set(key, []);
+        grouped.get(key).push(issue);
+    }
+    for (const [repo, repoIssues] of grouped) {
+        console.log(chalk.white(`  ${repo}`));
+        for (const issue of repoIssues) {
+            const lineRef = issue.line ? `:${issue.line}` : '';
+            const color = issue.issue.includes('trap') || issue.issue.includes('collision') ? chalk.red : chalk.yellow;
+            console.log(color(`    [${issue.issue}] ${issue.file}${lineRef} — ${issue.detail}`));
+        }
+    }
+    console.log('');
+}

package/dist/commands/manifest-cmd.d.ts

@@ -0,0 +1,7 @@
+interface ManifestOptions {
+    logos: string;
+    output: string;
+    check?: boolean;
+}
+export declare function runManifest(opts: ManifestOptions): Promise<void>;
+export {};

package/dist/commands/manifest-cmd.js

@@ -0,0 +1,49 @@
+import chalk from 'chalk';
+import { existsSync } from 'node:fs';
+import { generateManifest, writeManifest, readManifest } from '../manifest.js';
+export async function runManifest(opts) {
+    const current = generateManifest(opts.logos);
+    if (opts.check) {
+        // CI mode: fail if manifest would change
+        if (!existsSync(opts.output)) {
+            console.error(chalk.red('  ✗ No manifest found. Run `brand manifest` to generate one.'));
+            process.exit(1);
+        }
+        const stored = readManifest(opts.output);
+        const storedKeys = Object.keys(stored.assets).sort();
+        const currentKeys = Object.keys(current.assets).sort();
+        let drift = false;
+        // Check for key differences
+        const storedSet = new Set(storedKeys);
+        const currentSet = new Set(currentKeys);
+        for (const key of currentSet) {
+            if (!storedSet.has(key)) {
+                console.error(chalk.yellow(`  + ${key} (new, not in manifest)`));
+                drift = true;
+            }
+        }
+        for (const key of storedSet) {
+            if (!currentSet.has(key)) {
+                console.error(chalk.red(`  × ${key} (removed, still in manifest)`));
+                drift = true;
+            }
+        }
+        // Check hash differences
+        for (const key of currentKeys) {
+            if (storedSet.has(key) && stored.assets[key].hash !== current.assets[key].hash) {
+                console.error(chalk.red(`  ~ ${key} (hash changed)`));
+                drift = true;
+            }
+        }
+        if (drift) {
+            console.error(chalk.red('\n  ✗ Manifest is out of date. Run `brand manifest` to update.\n'));
+            process.exit(1);
+        }
+        console.log(chalk.green(`  ✓ Manifest is up to date (${currentKeys.length} assets).\n`));
+        return;
+    }
+    // Generate mode: write manifest
+    writeManifest(current, opts.output);
+    const count = Object.keys(current.assets).length;
+    console.log(chalk.green(`  ✓ Manifest written: ${opts.output} (${count} assets)\n`));
+}

package/dist/commands/migrate.d.ts

@@ -0,0 +1,8 @@
+interface MigrateOptions {
+    repos: string;
+    logos: string;
+    brandBase: string;
+    dryRun: boolean;
+}
+export declare function runMigrate(opts: MigrateOptions): Promise<void>;
+export {};

package/dist/commands/migrate.js

@@ -0,0 +1,61 @@
+import chalk from 'chalk';
+import { readFileSync, writeFileSync, existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { globSync } from 'glob';
+import { findLogoImgTags, rewriteLogoSrc } from '../utils/readme-parser.js';
+export async function runMigrate(opts) {
+    const logosDir = opts.logos;
+    const slugDirs = globSync('*/', { cwd: logosDir }).map(d => d.replace(/\/$/, ''));
+    let total = 0;
+    let updated = 0;
+    let skipped = 0;
+    if (opts.dryRun) {
+        console.log(chalk.cyan('\n  DRY RUN — no files will be modified.\n'));
+    }
+    for (const slug of slugDirs) {
+        const repoDir = join(opts.repos, '..', slug);
+        if (!existsSync(repoDir)) {
+            skipped++;
+            continue;
+        }
+        total++;
+        // Determine the correct file extension for this logo
+        let ext = 'png';
+        if (existsSync(join(logosDir, slug, 'readme.jpg')))
+            ext = 'jpg';
+        const newSrc = `${opts.brandBase}/${slug}/readme.${ext}`;
+        const readmes = globSync('README*.md', { cwd: repoDir });
+        let repoChanged = false;
+        for (const readmeFile of readmes) {
+            const readmePath = join(repoDir, readmeFile);
+            const content = readFileSync(readmePath, 'utf-8');
+            const matches = findLogoImgTags(content);
+            if (matches.length === 0)
+                continue;
+            // Check if already pointing at brand repo
+            const needsUpdate = matches.some(m => !m.src.includes('brand/main/logos'));
+            if (!needsUpdate)
+                continue;
+            if (opts.dryRun) {
+                for (const match of matches) {
+                    if (!match.src.includes('brand/main/logos')) {
+                        console.log(`  ~ ${slug}/${readmeFile}`);
+                        console.log(chalk.red(`    old: ${match.src}`));
+                        console.log(chalk.green(`    new: ${newSrc}`));
+                    }
+                }
+            }
+            else {
+                const rewritten = rewriteLogoSrc(content, newSrc);
+                writeFileSync(readmePath, rewritten, 'utf-8');
+                console.log(chalk.green(`  ✓ ${slug}/${readmeFile}`));
+            }
+            repoChanged = true;
+        }
+        if (repoChanged)
+            updated++;
+    }
+    console.log(`\n  Repos scanned: ${total}`);
+    console.log(`  Repos updated: ${updated}`);
+    console.log(`  Repos skipped: ${skipped} (no local clone)\n`);
+}

package/dist/commands/verify.d.ts

@@ -0,0 +1,6 @@
+interface VerifyOptions {
+    manifest: string;
+    logos: string;
+}
+export declare function runVerify(opts: VerifyOptions): Promise<void>;
+export {};

package/dist/commands/verify.js

@@ -0,0 +1,39 @@
+import chalk from 'chalk';
+import { verifyManifest } from '../manifest.js';
+export async function runVerify(opts) {
+    try {
+        const result = verifyManifest(opts.manifest, opts.logos);
+        if (result.ok) {
+            console.log(chalk.green(`\n  ✓ All ${result.verified.length} assets verified — integrity intact.\n`));
+            return;
+        }
+        console.log(chalk.red('\n  ✗ Integrity check failed.\n'));
+        if (result.changed.length > 0) {
+            console.log(chalk.red('  Changed (hash mismatch):'));
+            for (const f of result.changed) {
+                console.log(chalk.red(`    - ${f}`));
+            }
+        }
+        if (result.added.length > 0) {
+            console.log(chalk.yellow('\n  Added (not in manifest):'));
+            for (const f of result.added) {
+                console.log(chalk.yellow(`    + ${f}`));
+            }
+        }
+        if (result.removed.length > 0) {
+            console.log(chalk.red('\n  Removed (in manifest but missing):'));
+            for (const f of result.removed) {
+                console.log(chalk.red(`    × ${f}`));
+            }
+        }
+        if (result.verified.length > 0) {
+            console.log(chalk.green(`\n  ${result.verified.length} assets verified OK.`));
+        }
+        console.log('');
+        process.exit(1);
+    }
+    catch (err) {
+        console.error(chalk.red(`Error: ${err.message}`));
+        process.exit(1);
+    }
+}

package/dist/manifest.d.ts

@@ -0,0 +1,34 @@
+/**
+ * manifest.ts — SHA-256 integrity manifest for brand assets.
+ *
+ * The manifest is the trust foundation. It maps every logo file to its
+ * SHA-256 hash so you can verify nothing has been tampered with.
+ */
+export interface AssetEntry {
+    hash: string;
+    size: number;
+    format: string;
+}
+export interface Manifest {
+    version: string;
+    generated: string;
+    algorithm: string;
+    assets: Record<string, AssetEntry>;
+}
+export interface VerifyResult {
+    verified: string[];
+    changed: string[];
+    added: string[];
+    removed: string[];
+    ok: boolean;
+}
+/** Compute SHA-256 hash of a file, returned as "sha256:<hex>" */
+export declare function hashFile(filePath: string): string;
+/** Generate a manifest from all files under logosDir */
+export declare function generateManifest(logosDir: string): Manifest;
+/** Write manifest to disk as pretty-printed JSON */
+export declare function writeManifest(manifest: Manifest, outputPath: string): void;
+/** Read manifest from disk */
+export declare function readManifest(manifestPath: string): Manifest;
+/** Verify current files against a stored manifest */
+export declare function verifyManifest(manifestPath: string, logosDir: string): VerifyResult;

package/dist/manifest.js

@@ -0,0 +1,94 @@
+/**
+ * manifest.ts — SHA-256 integrity manifest for brand assets.
+ *
+ * The manifest is the trust foundation. It maps every logo file to its
+ * SHA-256 hash so you can verify nothing has been tampered with.
+ */
+import { createHash } from 'node:crypto';
+import { readFileSync, writeFileSync, existsSync, statSync } from 'node:fs';
+import { join, extname } from 'node:path';
+import { globSync } from 'glob';
+const FORMAT_MAP = {
+    '.png': 'png',
+    '.jpg': 'jpeg',
+    '.jpeg': 'jpeg',
+    '.svg': 'svg',
+    '.webp': 'webp',
+};
+/** Compute SHA-256 hash of a file, returned as "sha256:<hex>" */
+export function hashFile(filePath) {
+    const content = readFileSync(filePath);
+    const hex = createHash('sha256').update(content).digest('hex');
+    return `sha256:${hex}`;
+}
+/** Detect image format from extension */
+function detectFormat(filePath) {
+    return FORMAT_MAP[extname(filePath).toLowerCase()] ?? 'unknown';
+}
+/** Generate a manifest from all files under logosDir */
+export function generateManifest(logosDir) {
+    const files = globSync('**/*', { cwd: logosDir, nodir: true }).sort();
+    const assets = {};
+    for (const file of files) {
+        const fullPath = join(logosDir, file);
+        const key = `logos/${file}`.replace(/\\/g, '/');
+        assets[key] = {
+            hash: hashFile(fullPath),
+            size: statSync(fullPath).size,
+            format: detectFormat(fullPath),
+        };
+    }
+    return {
+        version: '1.0',
+        generated: new Date().toISOString(),
+        algorithm: 'sha256',
+        assets,
+    };
+}
+/** Write manifest to disk as pretty-printed JSON */
+export function writeManifest(manifest, outputPath) {
+    writeFileSync(outputPath, JSON.stringify(manifest, null, 2) + '\n', 'utf-8');
+}
+/** Read manifest from disk */
+export function readManifest(manifestPath) {
+    if (!existsSync(manifestPath)) {
+        throw new Error(`Manifest not found: ${manifestPath}`);
+    }
+    return JSON.parse(readFileSync(manifestPath, 'utf-8'));
+}
+/** Verify current files against a stored manifest */
+export function verifyManifest(manifestPath, logosDir) {
+    const stored = readManifest(manifestPath);
+    const current = generateManifest(logosDir);
+    const storedKeys = new Set(Object.keys(stored.assets));
+    const currentKeys = new Set(Object.keys(current.assets));
+    const verified = [];
+    const changed = [];
+    const added = [];
+    const removed = [];
+    // Check files that exist now
+    for (const key of currentKeys) {
+        if (!storedKeys.has(key)) {
+            added.push(key);
+        }
+        else if (stored.assets[key].hash !== current.assets[key].hash) {
+            changed.push(key);
+        }
+        else {
+            verified.push(key);
+        }
+    }
+    // Check files that were in manifest but no longer exist
+    for (const key of storedKeys) {
+        if (!currentKeys.has(key)) {
+            removed.push(key);
+        }
+    }
+    return {
+        verified,
+        changed,
+        added,
+        removed,
+        ok: changed.length === 0 && added.length === 0 && removed.length === 0,
+    };
+}

package/dist/utils/readme-parser.d.ts

@@ -0,0 +1,35 @@
+/**
+ * readme-parser.ts — Multi-gate logo detection for README img tags.
+ *
+ * Hard-won rules from real migration failures:
+ * 1. Never inject whitespace — replace ONLY the src value on the same line
+ * 2. shields.io URLs with &logo= are NOT brand logos — always exclude
+ * 3. Badge <img> tags inside <a> tags are NOT brand logos — always exclude
+ * 4. Standalone badges (not in <a>) with shields.io/actions/badge paths — exclude
+ * 5. <p><img> on the same line is a valid logo pattern — must match
+ * 6. 4+ spaces of indentation = markdown code block — never add indentation
+ */
+export interface LogoMatch {
+    /** Line number (1-indexed) */
+    line: number;
+    /** The full line content */
+    content: string;
+    /** The extracted src value */
+    src: string;
+}
+/**
+ * Find all logo <img> tags in a README.
+ *
+ * Gate 1: Line must contain <img with src="..."
+ * Gate 2: Line must NOT be a badge (no <a>, no shields.io, no /badge, no actions/workflows)
+ * Gate 3: The src must contain "logo" (brand asset indicator)
+ */
+export declare function findLogoImgTags(content: string): LogoMatch[];
+/**
+ * Rewrite logo src values in a README.
+ *
+ * Only replaces src in lines that pass all three gates.
+ * Preserves indentation, attributes, and surrounding HTML exactly.
+ * Returns the modified content.
+ */
+export declare function rewriteLogoSrc(content: string, newSrc: string): string;

package/dist/utils/readme-parser.js

@@ -0,0 +1,97 @@
+/**
+ * readme-parser.ts — Multi-gate logo detection for README img tags.
+ *
+ * Hard-won rules from real migration failures:
+ * 1. Never inject whitespace — replace ONLY the src value on the same line
+ * 2. shields.io URLs with &logo= are NOT brand logos — always exclude
+ * 3. Badge <img> tags inside <a> tags are NOT brand logos — always exclude
+ * 4. Standalone badges (not in <a>) with shields.io/actions/badge paths — exclude
+ * 5. <p><img> on the same line is a valid logo pattern — must match
+ * 6. 4+ spaces of indentation = markdown code block — never add indentation
+ */
+/** Patterns that identify a line as a badge, not a logo */
+const BADGE_PATTERNS = [
+    /shields\.io/i,
+    /\/badge[./?]/i,
+    /actions\/workflows/i,
+    /img\.shields/i,
+    /badge\.svg/i,
+];
+/** Returns true if this line is a badge, not a brand logo */
+function isBadgeLine(line) {
+    // Any <a> tag wrapping the <img> = badge
+    if (/<a\s/i.test(line))
+        return true;
+    // Known badge URL patterns in the src
+    for (const pattern of BADGE_PATTERNS) {
+        if (pattern.test(line))
+            return true;
+    }
+    return false;
+}
+/** Returns true if the <img> src looks like a logo reference */
+function isLogoSrc(src) {
+    // Must contain "logo" somewhere in the path
+    return /logo/i.test(src);
+}
+/**
+ * Extract the src value from an <img> tag on a line.
+ * Returns null if no <img> with src is found.
+ */
+function extractImgSrc(line) {
+    const match = line.match(/<img\s[^>]*src="([^"]*)"/i);
+    return match ? match[1] : null;
+}
+/**
+ * Find all logo <img> tags in a README.
+ *
+ * Gate 1: Line must contain <img with src="..."
+ * Gate 2: Line must NOT be a badge (no <a>, no shields.io, no /badge, no actions/workflows)
+ * Gate 3: The src must contain "logo" (brand asset indicator)
+ */
+export function findLogoImgTags(content) {
+    const lines = content.split('\n');
+    const matches = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        // Gate 1: must have an <img> with src
+        const src = extractImgSrc(line);
+        if (!src)
+            continue;
+        // Gate 2: must not be a badge
+        if (isBadgeLine(line))
+            continue;
+        // Gate 3: src must look like a logo
+        if (!isLogoSrc(src))
+            continue;
+        matches.push({
+            line: i + 1,
+            content: line,
+            src,
+        });
+    }
+    return matches;
+}
+/**
+ * Rewrite logo src values in a README.
+ *
+ * Only replaces src in lines that pass all three gates.
+ * Preserves indentation, attributes, and surrounding HTML exactly.
+ * Returns the modified content.
+ */
+export function rewriteLogoSrc(content, newSrc) {
+    const lines = content.split('\n');
+    const result = [];
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        const src = extractImgSrc(line);
+        if (src && !isBadgeLine(line) && isLogoSrc(src)) {
+            // Replace only the src value — nothing else on the line changes
+            result.push(line.replace(`src="${src}"`, `src="${newSrc}"`));
+        }
+        else {
+            result.push(line);
+        }
+    }
+    return result.join('\n');
+}

package/package.json

@@ -0,0 +1,53 @@
+{
+  "name": "@mcptoolshop/brand",
+  "version": "0.1.0",
+  "description": "Centralized brand asset management — migration, audit, and integrity verification for GitHub orgs",
+  "type": "module",
+  "bin": {
+    "brand": "./dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "brand",
+    "assets",
+    "logo",
+    "integrity",
+    "sha256",
+    "migration",
+    "github",
+    "cli"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mcp-tool-shop-org/brand.git"
+  },
+  "homepage": "https://mcp-tool-shop-org.github.io/brand/",
+  "scripts": {
+    "build": "tsc",
+    "clean": "rimraf dist",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "author": "mcp-tool-shop",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "chalk": "^5.3.0",
+    "glob": "^11.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "rimraf": "^5.0.0",
+    "typescript": "^5.4.0",
+    "vitest": "^2.0.0"
+  }
+}