@meltstudio/meltctl 4.27.0 → 4.28.0

package/dist/commands/audit.js

@@ -4,7 +4,12 @@ import path from 'path';
 import { getToken, tokenFetch } from '../utils/api.js';
 import { getGitBranch, getGitCommit, getGitRepository, getProjectName, findMdFiles, } from '../utils/git.js';
 function detectAuditType(filename) {
-    return filename.toLowerCase().includes('ux-audit') ? 'ux-audit' : 'audit';
+    const lower = filename.toLowerCase();
+    if (lower.includes('security-audit'))
+        return 'security-audit';
+    if (lower.includes('ux-audit'))
+        return 'ux-audit';
+    return 'audit';
 }
 async function autoDetectAuditFile() {
     const cwd = process.cwd();
@@ -13,7 +18,7 @@ async function autoDetectAuditFile() {
     if (auditFiles.length > 0) {
         return auditFiles[0] ?? null;
     }
-    const candidates = ['AUDIT.md', 'UX-AUDIT.md'];
+    const candidates = ['AUDIT.md', 'UX-AUDIT.md', 'SECURITY-AUDIT.md'];
     for (const name of candidates) {
         const filePath = path.join(cwd, name);
         if (await fs.pathExists(filePath)) {
@@ -111,6 +116,7 @@ export async function auditListCommand(options) {
         const typeLabels = {
             audit: 'Tech Audit',
             'ux-audit': 'UX Audit',
+            'security-audit': 'Security',
         };
         if (options.latest) {
             console.log(chalk.bold(`\n  Latest Audits (${body.count}):\n`));
@@ -126,9 +132,24 @@ export async function auditListCommand(options) {
                 });
                 const repo = r.repository ?? r.project;
                 const label = typeLabels[r.type] ?? r.type;
-                const typeColor = r.type === 'ux-audit' ? chalk.yellow : chalk.magenta;
+                const typeColor = r.type === 'ux-audit'
+                    ? chalk.yellow
+                    : r.type === 'security-audit'
+                        ? chalk.red
+                        : chalk.magenta;
                 const ageText = daysAgo === 0 ? 'today' : `${daysAgo}d ago`;
-                const ageColor = daysAgo <= 7 ? chalk.green : daysAgo <= 30 ? chalk.yellow : chalk.red;
+                const isSecurityAudit = r.type === 'security-audit';
+                const ageColor = isSecurityAudit
+                    ? daysAgo <= 30
+                        ? chalk.green
+                        : daysAgo <= 90
+                            ? chalk.yellow
+                            : chalk.red
+                    : daysAgo <= 7
+                        ? chalk.green
+                        : daysAgo <= 30
+                            ? chalk.yellow
+                            : chalk.red;
                 console.log(`  ${typeColor(label.padEnd(12))} ${chalk.white(repo.padEnd(40))} ${ageColor(ageText.padEnd(10))} ${chalk.dim(r.author.padEnd(30))} ${chalk.dim(date)}`);
             }
         }
@@ -147,7 +168,11 @@ export async function auditListCommand(options) {
                 });
                 const repo = r.repository ?? r.project;
                 const label = typeLabels[r.type] ?? r.type;
-                const typeColor = r.type === 'ux-audit' ? chalk.yellow : chalk.magenta;
+                const typeColor = r.type === 'ux-audit'
+                    ? chalk.yellow
+                    : r.type === 'security-audit'
+                        ? chalk.red
+                        : chalk.magenta;
                 console.log(`  ${typeColor(label.padEnd(12))} ${chalk.white(repo.padEnd(40))} ${chalk.dim(r.author.padEnd(30))} ${chalk.dim(date)}`);
                 if (r.branch && r.branch !== 'main') {
                     console.log(`  ${' '.padEnd(12)} ${chalk.dim(`branch: ${r.branch}  commit: ${r.commit ?? 'N/A'}`)}`);

package/dist/commands/init.js

@@ -75,6 +75,17 @@ description: >-
   plan, scopes to the current feature and appends results to the plan file.
 ---
 
+`,
+    'security-audit': `---
+user-invocable: true
+description: >-
+  Run a comprehensive security posture audit across the entire platform.
+  Use when the developer wants to assess security, says "security audit",
+  or "check our security posture". Covers infrastructure, encryption, auth,
+  application security, data protection, CI/CD, and compliance readiness.
+  Investigates all platform repositories for a holistic view.
+---
+
 `,
     validate: `---
 user-invocable: true
@@ -143,6 +154,11 @@ description: Run a comprehensive project compliance audit against team standards
 description: Review the project's UI against usability heuristics using Chrome DevTools MCP.
 ---
 
+`,
+    'security-audit': `---
+description: Run a comprehensive security posture audit across the entire platform.
+---
+
 `,
     validate: `---
 description: Run the validation plan from the plan document after implementation.
@@ -302,6 +318,7 @@ export async function initCommand(options) {
         'debug',
         'audit',
         'ux-audit',
+        'security-audit',
         'update',
         'help',
     ];
@@ -336,7 +353,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(skillDir, 'SKILL.md'), skillContent, 'utf-8');
             }
         }
-        createdFiles.push('.claude/skills/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}/SKILL.md');
+        createdFiles.push('.claude/skills/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}/SKILL.md');
     }
     // Cursor files
     if (tools.cursor) {
@@ -347,7 +364,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(cwd, `.cursor/commands/melt-${name}.md`), workflowContent, 'utf-8');
             }
         }
-        createdFiles.push('.cursor/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}.md');
+        createdFiles.push('.cursor/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}.md');
     }
     // OpenCode files
     if (tools.opencode) {
@@ -359,7 +376,7 @@ export async function initCommand(options) {
                 await fs.writeFile(path.join(cwd, `.opencode/commands/melt-${name}.md`), commandContent, 'utf-8');
             }
         }
-        createdFiles.push('.opencode/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,update,help}.md');
+        createdFiles.push('.opencode/commands/melt-{setup,plan,validate,review,pr,debug,audit,ux-audit,security-audit,update,help}.md');
     }
     // Print summary
     console.log(chalk.green('Created files:'));
@@ -371,7 +388,7 @@ export async function initCommand(options) {
         console.log(chalk.cyan('Want support for your tool? Let us know in #dev on Slack'));
         console.log();
     }
-    const commandNames = 'melt-setup, melt-plan, melt-validate, melt-review, melt-pr, melt-debug, melt-audit, melt-ux-audit, melt-update, melt-help';
+    const commandNames = 'melt-setup, melt-plan, melt-validate, melt-review, melt-pr, melt-debug, melt-audit, melt-ux-audit, melt-security-audit, melt-update, melt-help';
     if (tools.claude) {
         console.log(chalk.dim(`Available skills: /${commandNames.replace(/, /g, ', /')}`));
     }

package/dist/index.js

@@ -102,7 +102,7 @@ audit
 audit
     .command('list')
     .description('list submitted audits (Team Managers only)')
-    .option('--type <type>', 'filter by type (audit, ux-audit)')
+    .option('--type <type>', 'filter by type (audit, ux-audit, security-audit)')
     .option('--repository <repo>', 'filter by repository (owner/repo)')
     .option('--latest', 'show only the latest audit per project and type')
     .option('--limit <n>', 'max results (default 50, max 200)')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meltstudio/meltctl",
-  "version": "4.27.0",
+  "version": "4.28.0",
   "description": "AI-first development tools for teams - set up AGENTS.md, Claude Code, Cursor, and OpenCode standards",
   "main": "dist/index.js",
   "type": "module",