@sienklogic/plan-build-run 2.22.2 → 2.24.0

package/CHANGELOG.md

@@ -5,6 +5,48 @@ All notable changes to Plan-Build-Run will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.24.0](https://github.com/SienkLogic/plan-build-run/compare/plan-build-run-v2.23.0...plan-build-run-v2.24.0) (2026-02-24)
+
+
+### Features
+
+* **35-05:** add Audit Reports view with /audits and /audits/:filename routes ([33dfae7](https://github.com/SienkLogic/plan-build-run/commit/33dfae7fff02cbba93e250211e54b26d565f4f76))
+* **35-05:** GREEN - implement audit.service.js with listAuditReports and getAuditReport ([c79179a](https://github.com/SienkLogic/plan-build-run/commit/c79179a75a386096e74589f13fea4a56174b1870))
+* **quick-003:** add data-flow to plan-format reference, verification template, and integration report template ([e73a31e](https://github.com/SienkLogic/plan-build-run/commit/e73a31e0c1eb9535014de4b60924bd98ced2f8cb))
+* **quick-003:** add data-flow verification to planner, verifier, and integration-checker agents ([e37e192](https://github.com/SienkLogic/plan-build-run/commit/e37e19297e038c38aecd7d04e93c007928242f0f))
+
+
+### Bug Fixes
+
+* **quick-003:** pass data.session_id to LLM operations instead of undefined ([df4d168](https://github.com/SienkLogic/plan-build-run/commit/df4d1682b50935b53ddcc665b8dcdc394b8b277e))
+
+## [2.23.0](https://github.com/SienkLogic/plan-build-run/compare/plan-build-run-v2.22.2...plan-build-run-v2.23.0) (2026-02-24)
+
+
+### Features
+
+* **28-01:** add local LLM foundation — client, health, metrics, config schema, hook integrations, tests ([44b5a77](https://github.com/SienkLogic/plan-build-run/commit/44b5a773fbb22d77ac0dbf3325201980dd1e9635))
+* **29-01:** integrate local LLM into hooks — artifact classification, task validation, error classification, CLI ([785a708](https://github.com/SienkLogic/plan-build-run/commit/785a708039b0c363589e7151c40df989bb2a7959))
+* **30-01:** add metrics display — session summaries, status skill, CLI, dashboard analytics ([d4ae4a4](https://github.com/SienkLogic/plan-build-run/commit/d4ae4a400932a324f61872169c1dae73cc2923ce))
+* **30-03:** add local-llm-metrics.service.js with getLlmMetrics and Vitest tests ([fc1dd8f](https://github.com/SienkLogic/plan-build-run/commit/fc1dd8f6fbada707543dea848e7355ff52896667))
+* **30-03:** wire getLlmMetrics into /analytics route and add Local LLM Offload section to EJS template ([5fcb61e](https://github.com/SienkLogic/plan-build-run/commit/5fcb61e25848395a4d59f4c555bbb8cf913efb72))
+* **31-01:** add adaptive router — complexity heuristic, confidence gate, 3 routing strategies ([7905462](https://github.com/SienkLogic/plan-build-run/commit/7905462a5dc11063813c1c31400a17f4d2314a23))
+* **32-01:** add agent support — source scoring, error classification, context summarization, prompt injection ([3693660](https://github.com/SienkLogic/plan-build-run/commit/36936609200596fe04cbf27f6eff41566733a74e))
+* **33-01:** add shadow mode, threshold tuner, comprehensive tests, docs, cross-plugin sync ([dbacfed](https://github.com/SienkLogic/plan-build-run/commit/dbacfed98bd6819babad2f07df588cf545d5b99c))
+* **34-01:** add config.features.source_scoring feature flag guard to score-source.js ([a0945a2](https://github.com/SienkLogic/plan-build-run/commit/a0945a2ffd1067ab3644063a8deee4e06a42ea9e))
+* **34-01:** wire runShadow() into router.js post-call path for all 3 routing strategies ([f233948](https://github.com/SienkLogic/plan-build-run/commit/f23394810ab0f647f8eb1ba1d8f78a5eb7d048d8))
+* **35-01:** GREEN - add escapeHtml helper and use it in HTMX error handler path ([a1830c9](https://github.com/SienkLogic/plan-build-run/commit/a1830c9230ba7ab1ea693a7ff2d36e786d5878d3))
+* **35-01:** GREEN - add sanitize-html post-processing to planning.repository ([6d8122b](https://github.com/SienkLogic/plan-build-run/commit/6d8122b83cf1ed62101a3e9fc2f436caf6b0858e))
+* **35-03:** add Quick Tasks view with /quick and /quick/:id routes ([22abe29](https://github.com/SienkLogic/plan-build-run/commit/22abe29e3951ea8e4fbd045116f6216326ee3907))
+
+
+### Documentation
+
+* **34-01:** mark all LLM-01 through LLM-34 traceability entries as Verified ([4311497](https://github.com/SienkLogic/plan-build-run/commit/4311497e1e91f55a575da4468924d21903457cdf))
+* **quick-002:** add .active-skill stale detection to health Check 10 ([3f95b16](https://github.com/SienkLogic/plan-build-run/commit/3f95b16461478bf4271ef4f7ce94582188869bae))
+* **quick-002:** fix NEXT UP banner indentation in milestone SKILL.md ([2983000](https://github.com/SienkLogic/plan-build-run/commit/2983000bd4df5e95c63cdc8f79601c7894883dbb))
+* **quick-002:** replace arrow-list with bullet style in help SKILL.md ([ad78663](https://github.com/SienkLogic/plan-build-run/commit/ad7866375c6f7fd7dda3e195413df95f3ee191bc))
+
 ## [2.22.2](https://github.com/SienkLogic/plan-build-run/compare/plan-build-run-v2.22.1...plan-build-run-v2.22.2) (2026-02-24)
 
 

package/dashboard/package.json

@@ -19,16 +19,17 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@rollup/rollup-win32-x64-msvc": "^4.57.1",
     "chokidar": "^5.0.0",
     "commander": "^12.1.0",
     "ejs": "^3.1.10",
     "express": "^5.1.0",
     "gray-matter": "^4.0.3",
     "helmet": "^8.1.0",
-    "marked": "^17.0.1"
+    "marked": "^17.0.1",
+    "sanitize-html": "^2.13.0"
   },
   "devDependencies": {
+    "@rollup/rollup-win32-x64-msvc": "^4.57.1",
     "@vitest/coverage-v8": "^4.0.18",
     "memfs": "^4.56.10",
     "supertest": "^7.2.2",

package/dashboard/src/middleware/errorHandler.js

@@ -3,6 +3,16 @@
  * MUST have exactly 4 parameters for Express to recognize it as an error handler.
  */
 
+function escapeHtml(str) {
+  if (!str) return '';
+  return str
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#39;');
+}
+
 // eslint-disable-next-line no-unused-vars
 export default function errorHandler(err, req, res, next) {
   // If headers already sent, delegate to Express default handler
@@ -40,9 +50,9 @@ export default function errorHandler(err, req, res, next) {
 
   // Render response
   if (isHtmx) {
-    let html = `<h1>Error ${status}</h1><p>${templateData.message}</p>`;
+    let html = `<h1>Error ${status}</h1><p>${escapeHtml(templateData.message)}</p>`;
     if (templateData.stack) {
-      html += `<pre><code>${templateData.stack}</code></pre>`;
+      html += `<pre><code>${escapeHtml(templateData.stack)}</code></pre>`;
     }
     html += '<p><a href="/">Return to Dashboard</a></p>';
     return res.status(status).send(html);

package/dashboard/src/repositories/planning.repository.js

@@ -2,20 +2,11 @@ import { readFile, readdir } from 'node:fs/promises';
 import { join, resolve, relative, normalize } from 'node:path';
 import matter from 'gray-matter';
 import { marked } from 'marked';
+import sanitizeHtml from 'sanitize-html';
+import { stripBOM } from '../utils/strip-bom.js';
 
 marked.setOptions({ gfm: true, breaks: false });
 
-/**
- * Strip UTF-8 BOM (Byte Order Mark) if present.
- * Windows editors (Notepad, older VS Code) may prepend BOM to UTF-8 files.
- * gray-matter will fail to detect frontmatter delimiters if BOM is present.
- * @param {string} content - Raw file content
- * @returns {string} Content without BOM
- */
-function stripBOM(content) {
-  return content.replace(/^\uFEFF/, '');
-}
-
 /**
  * Validate that a resolved path stays within the base directory.
  * Prevents path traversal attacks (e.g., ../../etc/passwd).
@@ -76,9 +67,30 @@ export async function readMarkdownFile(filePath) {
 
   const html = marked.parse(content);
 
+  const sanitizedHtml = sanitizeHtml(html, {
+    allowedTags: sanitizeHtml.defaults.allowedTags.concat([
+      'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+      'img', 'details', 'summary', 'del', 'ins',
+      'sup', 'sub', 'abbr', 'kbd', 'mark'
+    ]),
+    allowedAttributes: {
+      ...sanitizeHtml.defaults.allowedAttributes,
+      'a': ['href', 'name', 'target', 'rel'],
+      'img': ['src', 'alt', 'title', 'width', 'height'],
+      'code': ['class'],
+      'pre': ['class'],
+      'span': ['class'],
+      'div': ['class'],
+      'td': ['align'],
+      'th': ['align', 'scope'],
+      'h1': ['id'], 'h2': ['id'], 'h3': ['id'],
+      'h4': ['id'], 'h5': ['id'], 'h6': ['id']
+    }
+  });
+
   return {
     frontmatter: data,
-    html,
+    html: sanitizedHtml,
     rawContent: content
   };
 }

package/dashboard/src/routes/pages.routes.js

@@ -2,10 +2,13 @@ import { Router } from 'express';
 import { getPhaseDetail, getPhaseDocument } from '../services/phase.service.js';
 import { getRoadmapData, generateDependencyMermaid } from '../services/roadmap.service.js';
 import { parseStateFile, derivePhaseStatuses } from '../services/dashboard.service.js';
-import { listPendingTodos, getTodoDetail, createTodo, completeTodo } from '../services/todo.service.js';
+import { listPendingTodos, getTodoDetail, createTodo, completeTodo, listDoneTodos } from '../services/todo.service.js';
 import { getAllMilestones, getMilestoneDetail } from '../services/milestone.service.js';
 import { getProjectAnalytics } from '../services/analytics.service.js';
-import { listNotes } from '../services/notes.service.js';
+import { getLlmMetrics } from '../services/local-llm-metrics.service.js';
+import { listNotes, getNoteBySlug } from '../services/notes.service.js';
+import { listQuickTasks, getQuickTask } from '../services/quick.service.js';
+import { listAuditReports, getAuditReport } from '../services/audit.service.js';
 
 const router = Router();
 
@@ -188,6 +191,27 @@ router.get('/todos/new', (req, res) => {
   }
 });
 
+router.get('/todos/done', async (req, res) => {
+  const projectDir = req.app.locals.projectDir;
+  const todos = await listDoneTodos(projectDir);
+
+  const templateData = {
+    title: 'Completed Todos',
+    activePage: 'todos',
+    currentPath: '/todos/done',
+    breadcrumbs: [{ label: 'Todos', url: '/todos' }, { label: 'Completed' }],
+    todos
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/todos-done-content', templateData);
+  } else {
+    res.render('todos-done', templateData);
+  }
+});
+
 router.get('/todos/:id', async (req, res) => {
   const { id } = req.params;
 
@@ -358,14 +382,18 @@ router.get('/dependencies', async (req, res) => {
 
 router.get('/analytics', async (req, res) => {
   const projectDir = req.app.locals.projectDir;
-  const analytics = await getProjectAnalytics(projectDir);
+  const [analytics, llmMetrics] = await Promise.all([
+    getProjectAnalytics(projectDir),
+    getLlmMetrics(projectDir)
+  ]);
 
   const templateData = {
     title: 'Analytics',
     activePage: 'analytics',
     currentPath: '/analytics',
     breadcrumbs: [{ label: 'Analytics' }],
-    analytics
+    analytics,
+    llmMetrics
   };
 
   res.setHeader('Vary', 'HX-Request');
@@ -398,6 +426,42 @@ router.get('/notes', async (req, res) => {
   }
 });
 
+router.get('/notes/:slug', async (req, res) => {
+  const { slug } = req.params;
+
+  // Validate slug: lowercase alphanumeric and dashes only
+  if (!/^[a-z0-9-]+$/.test(slug)) {
+    const err = new Error('Invalid note slug format');
+    err.status = 404;
+    throw err;
+  }
+
+  const projectDir = req.app.locals.projectDir;
+  const note = await getNoteBySlug(projectDir, slug);
+
+  if (!note) {
+    const err = new Error(`Note "${slug}" not found`);
+    err.status = 404;
+    throw err;
+  }
+
+  const templateData = {
+    title: note.title,
+    activePage: 'notes',
+    currentPath: '/notes/' + slug,
+    breadcrumbs: [{ label: 'Notes', url: '/notes' }, { label: note.title }],
+    ...note
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/note-detail-content', templateData);
+  } else {
+    res.render('note-detail', templateData);
+  }
+});
+
 router.get('/roadmap', async (req, res) => {
   const projectDir = req.app.locals.projectDir;
   const [roadmapData, stateData] = await Promise.all([
@@ -423,4 +487,118 @@ router.get('/roadmap', async (req, res) => {
   }
 });
 
+router.get('/quick', async (req, res) => {
+  const projectDir = req.app.locals.projectDir;
+  const tasks = await listQuickTasks(projectDir);
+
+  const templateData = {
+    title: 'Quick Tasks',
+    activePage: 'quick',
+    currentPath: '/quick',
+    breadcrumbs: [{ label: 'Quick Tasks' }],
+    tasks
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/quick-content', templateData);
+  } else {
+    res.render('quick', templateData);
+  }
+});
+
+router.get('/quick/:id', async (req, res) => {
+  const { id } = req.params;
+
+  // Validate ID format: must be exactly three digits
+  if (!/^\d{3}$/.test(id)) {
+    const err = new Error('Quick Task ID must be a three-digit number (e.g., 001, 005, 042)');
+    err.status = 404;
+    throw err;
+  }
+
+  const projectDir = req.app.locals.projectDir;
+  const task = await getQuickTask(projectDir, id);
+
+  if (!task) {
+    const err = new Error(`Quick task ${id} not found`);
+    err.status = 404;
+    throw err;
+  }
+
+  const templateData = {
+    title: `Quick Task ${task.id}: ${task.title}`,
+    activePage: 'quick',
+    currentPath: '/quick/' + id,
+    breadcrumbs: [{ label: 'Quick Tasks', url: '/quick' }, { label: 'Task ' + id }],
+    ...task
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/quick-detail-content', templateData);
+  } else {
+    res.render('quick-detail', templateData);
+  }
+});
+
+router.get('/audits', async (req, res) => {
+  const projectDir = req.app.locals.projectDir;
+  const reports = await listAuditReports(projectDir);
+
+  const templateData = {
+    title: 'Audit Reports',
+    activePage: 'audits',
+    currentPath: '/audits',
+    breadcrumbs: [{ label: 'Audit Reports' }],
+    reports
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/audits-content', templateData);
+  } else {
+    res.render('audits', templateData);
+  }
+});
+
+router.get('/audits/:filename', async (req, res) => {
+  const { filename } = req.params;
+
+  // Validate filename: safe characters only, must end in .md
+  if (!/^[\w.-]+\.md$/.test(filename)) {
+    const err = new Error('Invalid audit report filename');
+    err.status = 404;
+    throw err;
+  }
+
+  const projectDir = req.app.locals.projectDir;
+  const report = await getAuditReport(projectDir, filename);
+
+  if (!report) {
+    const err = new Error(`Audit report "${filename}" not found`);
+    err.status = 404;
+    throw err;
+  }
+
+  const templateData = {
+    title: report.title,
+    activePage: 'audits',
+    currentPath: '/audits/' + filename,
+    breadcrumbs: [{ label: 'Audit Reports', url: '/audits' }, { label: report.title }],
+    ...report
+  };
+
+  res.setHeader('Vary', 'HX-Request');
+
+  if (req.get('HX-Request') === 'true') {
+    res.render('partials/audit-detail-content', templateData);
+  } else {
+    res.render('audit-detail', templateData);
+  }
+});
+
 export default router;

package/dashboard/src/server.js

@@ -1,6 +1,8 @@
 import { createApp } from './app.js';
 import { createWatcher } from './services/watcher.service.js';
 import { broadcast } from './services/sse.service.js';
+import { cache as milestoneCache } from './services/milestone.service.js';
+import { cache as analyticsCache } from './services/analytics.service.js';
 
 export function startServer(config) {
   const app = createApp(config);
@@ -8,6 +10,8 @@ export function startServer(config) {
 
   // Start file watcher for live updates
   const watcher = createWatcher(projectDir, (event) => {
+    milestoneCache.invalidateAll();
+    analyticsCache.invalidateAll();
     broadcast('file-change', event);
   });
 

package/dashboard/src/services/audit.service.js

@@ -0,0 +1,42 @@
+import { readdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { readMarkdownFile } from '../repositories/planning.repository.js';
+
+export async function listAuditReports(projectDir) {
+  const auditsDir = join(projectDir, '.planning', 'audits');
+  let entries;
+  try {
+    entries = await readdir(auditsDir);
+  } catch (err) {
+    if (err.code === 'ENOENT') return [];
+    throw err;
+  }
+  const mdFiles = entries.filter(f => f.endsWith('.md')).sort().reverse();
+  const reports = [];
+  for (const filename of mdFiles) {
+    const dateMatch = filename.match(/^(\d{4}-\d{2}-\d{2})-(.+)\.md$/);
+    const date = dateMatch ? dateMatch[1] : null;
+    const slug = dateMatch ? dateMatch[2] : filename.replace(/\.md$/, '');
+    const title = slug.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+    reports.push({ filename, date, slug, title });
+  }
+  return reports;
+}
+
+export async function getAuditReport(projectDir, filename) {
+  if (!/^[\w.-]+\.md$/.test(filename)) return null;
+  if (filename.includes('/') || filename.includes('\\') || filename.includes('..')) return null;
+
+  const auditsDir = join(projectDir, '.planning', 'audits');
+  try {
+    const { frontmatter, html } = await readMarkdownFile(join(auditsDir, filename));
+    const dateMatch = filename.match(/^(\d{4}-\d{2}-\d{2})-(.+)\.md$/);
+    const date = dateMatch ? dateMatch[1] : null;
+    const slug = dateMatch ? dateMatch[2] : filename.replace(/\.md$/, '');
+    const title = slug.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+    return { filename, date, slug, title, frontmatter, html };
+  } catch (err) {
+    if (err.code === 'ENOENT') return null;
+    throw err;
+  }
+}

package/dashboard/src/services/dashboard.service.js

@@ -1,17 +1,6 @@
 import { readFile } from 'node:fs/promises';
 import { join } from 'node:path';
-
-/**
- * Strip UTF-8 BOM from file content.
- * Duplicated from planning.repository.js intentionally --
- * this service reads raw text, not via the repository layer.
- *
- * @param {string} content - Raw file content
- * @returns {string} Content without BOM
- */
-function stripBOM(content) {
-  return content.replace(/^\uFEFF/, '');
-}
+import { stripBOM } from '../utils/strip-bom.js';
 
 /**
  * Parse STATE.md to extract project status information.

package/dashboard/src/services/local-llm-metrics.service.js

@@ -0,0 +1,81 @@
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+
+/**
+ * Read and aggregate local LLM metrics from .planning/logs/local-llm-metrics.jsonl.
+ *
+ * @param {string} projectDir - Absolute path to the project root
+ * @returns {Promise<{summary: object, byOperation: Array, baseline: object}|null>}
+ *   Returns null if the file does not exist, is empty, or has no valid entries.
+ */
+export async function getLlmMetrics(projectDir) {
+  try {
+    const filePath = join(projectDir, '.planning', 'logs', 'local-llm-metrics.jsonl');
+
+    let raw;
+    try {
+      raw = await readFile(filePath, 'utf8');
+    } catch (err) {
+      if (err.code === 'ENOENT') return null;
+      throw err;
+    }
+
+    // Parse valid JSON lines, skip malformed
+    const entries = [];
+    for (const line of raw.split('\n')) {
+      const trimmed = line.trim();
+      if (!trimmed) continue;
+      try {
+        entries.push(JSON.parse(trimmed));
+      } catch {
+        // skip malformed lines
+      }
+    }
+
+    if (entries.length === 0) return null;
+
+    // Compute aggregate summary
+    const total_calls = entries.length;
+    const fallback_count = entries.filter(e => e.fallback_used === true).length;
+    const fallback_rate_pct = Math.round(fallback_count / total_calls * 100);
+    const avg_latency_ms = Math.round(
+      entries.reduce((sum, e) => sum + (e.latency_ms || 0), 0) / total_calls
+    );
+    const tokens_saved = entries.reduce((sum, e) => sum + (e.tokens_saved_frontier || 0), 0);
+    const cost_saved_usd = parseFloat((tokens_saved * (3.0 / 1_000_000)).toFixed(4));
+
+    const summary = {
+      total_calls,
+      fallback_count,
+      fallback_rate_pct,
+      avg_latency_ms,
+      tokens_saved,
+      cost_saved_usd
+    };
+
+    // Compute byOperation: group entries by operation field
+    const opMap = new Map();
+    for (const e of entries) {
+      const op = e.operation || 'unknown';
+      if (!opMap.has(op)) {
+        opMap.set(op, { operation: op, calls: 0, fallbacks: 0, tokens_saved: 0 });
+      }
+      const rec = opMap.get(op);
+      rec.calls += 1;
+      if (e.fallback_used === true) rec.fallbacks += 1;
+      rec.tokens_saved += e.tokens_saved_frontier || 0;
+    }
+
+    const byOperation = Array.from(opMap.values()).sort((a, b) => b.calls - a.calls);
+
+    // Compute baseline (LLM-15)
+    const baseline = {
+      hook_invocations: total_calls,
+      estimated_frontier_tokens_without_local: tokens_saved
+    };
+
+    return { summary, byOperation, baseline };
+  } catch {
+    return null;
+  }
+}

package/dashboard/src/services/quick.service.js

@@ -0,0 +1,62 @@
+import { readdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { readMarkdownFile } from '../repositories/planning.repository.js';
+
+export async function listQuickTasks(projectDir) {
+  const quickDir = join(projectDir, '.planning', 'quick');
+  let entries;
+  try {
+    entries = await readdir(quickDir, { withFileTypes: true });
+  } catch (err) {
+    if (err.code === 'ENOENT') return [];
+    throw err;
+  }
+
+  const dirs = entries.filter(e => e.isDirectory()).map(e => e.name).sort();
+  const tasks = [];
+  for (const dirName of dirs) {
+    const match = dirName.match(/^(\d{3})-(.+)$/);
+    if (!match) continue;
+    const [, id, slug] = match;
+    const title = slug.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+    let status = 'in-progress';
+    try {
+      const summaryPath = join(quickDir, dirName, 'SUMMARY.md');
+      const { frontmatter } = await readMarkdownFile(summaryPath);
+      if (frontmatter.status) status = frontmatter.status;
+    } catch { /* No SUMMARY.md yet */ }
+    tasks.push({ id, slug, dirName, title, status });
+  }
+  return tasks;
+}
+
+export async function getQuickTask(projectDir, id) {
+  const quickDir = join(projectDir, '.planning', 'quick');
+  let entries;
+  try {
+    entries = await readdir(quickDir, { withFileTypes: true });
+  } catch (err) {
+    if (err.code === 'ENOENT') return null;
+    throw err;
+  }
+  const dirEntry = entries.filter(e => e.isDirectory()).find(e => e.name.startsWith(id + '-'));
+  if (!dirEntry) return null;
+
+  const taskDir = join(quickDir, dirEntry.name);
+  const match = dirEntry.name.match(/^(\d{3})-(.+)$/);
+  const slug = match ? match[2] : dirEntry.name;
+  const title = slug.split('-').map(w => w.charAt(0).toUpperCase() + w.slice(1)).join(' ');
+
+  let planHtml = null, summaryHtml = null, summaryFrontmatter = {};
+  try {
+    const plan = await readMarkdownFile(join(taskDir, 'PLAN.md'));
+    planHtml = plan.html;
+  } catch { /* missing */ }
+  try {
+    const summary = await readMarkdownFile(join(taskDir, 'SUMMARY.md'));
+    summaryHtml = summary.html;
+    summaryFrontmatter = summary.frontmatter;
+  } catch { /* missing */ }
+
+  return { id, slug, dirName: dirEntry.name, title, status: summaryFrontmatter.status || 'in-progress', planHtml, summaryHtml };
+}

package/dashboard/src/services/roadmap.service.js

@@ -1,17 +1,7 @@
 import { readFile, readdir } from 'node:fs/promises';
 import { join } from 'node:path';
 import { parseRoadmapFile } from './dashboard.service.js';
-
-/**
- * Strip UTF-8 BOM from file content.
- * Duplicated intentionally -- this service reads raw text, not via the repository layer.
- *
- * @param {string} content - Raw file content
- * @returns {string} Content without BOM
- */
-function stripBOM(content) {
-  return content.replace(/^\uFEFF/, '');
-}
+import { stripBOM } from '../utils/strip-bom.js';
 
 /**
  * Count the number of PLAN.md files in a phase directory.

package/dashboard/src/utils/strip-bom.js

@@ -0,0 +1,8 @@
+/**
+ * Strip UTF-8 BOM (Byte Order Mark) if present.
+ * @param {string} content
+ * @returns {string}
+ */
+export function stripBOM(content) {
+  return content.replace(/^\uFEFF/, '');
+}

package/dashboard/src/views/audit-detail.ejs

@@ -0,0 +1,5 @@
+<%- include('partials/layout-top', { title: title, activePage: 'audits' }) %>
+
+<%- include('partials/audit-detail-content') %>
+
+<%- include('partials/layout-bottom') %>

package/dashboard/src/views/audits.ejs

@@ -0,0 +1,5 @@
+<%- include('partials/layout-top', { title: 'Audit Reports', activePage: 'audits' }) %>
+
+<%- include('partials/audits-content') %>
+
+<%- include('partials/layout-bottom') %>