@vyuhlabs/dxkit 2.2.1 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (103) hide show
  1. package/CHANGELOG.md +173 -0
  2. package/README.md +40 -29
  3. package/dist/analyzers/bom/discovery.d.ts +38 -0
  4. package/dist/analyzers/bom/discovery.d.ts.map +1 -0
  5. package/dist/analyzers/bom/discovery.js +166 -0
  6. package/dist/analyzers/bom/discovery.js.map +1 -0
  7. package/dist/analyzers/bom/gather.d.ts +28 -0
  8. package/dist/analyzers/bom/gather.d.ts.map +1 -1
  9. package/dist/analyzers/bom/gather.js +98 -0
  10. package/dist/analyzers/bom/gather.js.map +1 -1
  11. package/dist/analyzers/bom/index.d.ts +49 -2
  12. package/dist/analyzers/bom/index.d.ts.map +1 -1
  13. package/dist/analyzers/bom/index.js +188 -12
  14. package/dist/analyzers/bom/index.js.map +1 -1
  15. package/dist/analyzers/bom/types.d.ts +33 -1
  16. package/dist/analyzers/bom/types.d.ts.map +1 -1
  17. package/dist/analyzers/licenses/index.d.ts +1 -1
  18. package/dist/analyzers/licenses/index.d.ts.map +1 -1
  19. package/dist/analyzers/licenses/index.js +22 -7
  20. package/dist/analyzers/licenses/index.js.map +1 -1
  21. package/dist/analyzers/security/detailed.d.ts.map +1 -1
  22. package/dist/analyzers/security/detailed.js +21 -8
  23. package/dist/analyzers/security/detailed.js.map +1 -1
  24. package/dist/analyzers/security/gather.d.ts.map +1 -1
  25. package/dist/analyzers/security/gather.js +76 -1
  26. package/dist/analyzers/security/gather.js.map +1 -1
  27. package/dist/analyzers/security/index.d.ts.map +1 -1
  28. package/dist/analyzers/security/index.js +20 -7
  29. package/dist/analyzers/security/index.js.map +1 -1
  30. package/dist/analyzers/tools/epss.d.ts +55 -0
  31. package/dist/analyzers/tools/epss.d.ts.map +1 -0
  32. package/dist/analyzers/tools/epss.js +133 -0
  33. package/dist/analyzers/tools/epss.js.map +1 -0
  34. package/dist/analyzers/tools/graphify.d.ts.map +1 -1
  35. package/dist/analyzers/tools/graphify.js +17 -7
  36. package/dist/analyzers/tools/graphify.js.map +1 -1
  37. package/dist/analyzers/tools/kev.d.ts +52 -0
  38. package/dist/analyzers/tools/kev.d.ts.map +1 -0
  39. package/dist/analyzers/tools/kev.js +95 -0
  40. package/dist/analyzers/tools/kev.js.map +1 -0
  41. package/dist/analyzers/tools/npm-registry.d.ts +43 -0
  42. package/dist/analyzers/tools/npm-registry.d.ts.map +1 -0
  43. package/dist/analyzers/tools/npm-registry.js +107 -0
  44. package/dist/analyzers/tools/npm-registry.js.map +1 -0
  45. package/dist/analyzers/tools/osv.d.ts +12 -0
  46. package/dist/analyzers/tools/osv.d.ts.map +1 -1
  47. package/dist/analyzers/tools/osv.js +45 -2
  48. package/dist/analyzers/tools/osv.js.map +1 -1
  49. package/dist/analyzers/tools/reachability.d.ts +60 -0
  50. package/dist/analyzers/tools/reachability.d.ts.map +1 -0
  51. package/dist/analyzers/tools/reachability.js +104 -0
  52. package/dist/analyzers/tools/reachability.js.map +1 -0
  53. package/dist/analyzers/tools/risk-score.d.ts +69 -0
  54. package/dist/analyzers/tools/risk-score.d.ts.map +1 -0
  55. package/dist/analyzers/tools/risk-score.js +86 -0
  56. package/dist/analyzers/tools/risk-score.js.map +1 -0
  57. package/dist/analyzers/tools/tool-registry.d.ts +13 -0
  58. package/dist/analyzers/tools/tool-registry.d.ts.map +1 -1
  59. package/dist/analyzers/tools/tool-registry.js +81 -35
  60. package/dist/analyzers/tools/tool-registry.js.map +1 -1
  61. package/dist/analyzers/xlsx/bom.d.ts.map +1 -1
  62. package/dist/analyzers/xlsx/bom.js +1 -2
  63. package/dist/analyzers/xlsx/bom.js.map +1 -1
  64. package/dist/cli.d.ts.map +1 -1
  65. package/dist/cli.js +41 -10
  66. package/dist/cli.js.map +1 -1
  67. package/dist/languages/capabilities/types.d.ts +6 -0
  68. package/dist/languages/capabilities/types.d.ts.map +1 -1
  69. package/dist/languages/csharp.d.ts.map +1 -1
  70. package/dist/languages/csharp.js +8 -0
  71. package/dist/languages/csharp.js.map +1 -1
  72. package/dist/languages/go.d.ts.map +1 -1
  73. package/dist/languages/go.js +24 -7
  74. package/dist/languages/go.js.map +1 -1
  75. package/dist/languages/python.d.ts.map +1 -1
  76. package/dist/languages/python.js +8 -0
  77. package/dist/languages/python.js.map +1 -1
  78. package/dist/languages/rust.d.ts.map +1 -1
  79. package/dist/languages/rust.js +9 -0
  80. package/dist/languages/rust.js.map +1 -1
  81. package/dist/languages/typescript.d.ts.map +1 -1
  82. package/dist/languages/typescript.js +23 -1
  83. package/dist/languages/typescript.js.map +1 -1
  84. package/dist/tools-cli.d.ts.map +1 -1
  85. package/dist/tools-cli.js +10 -4
  86. package/dist/tools-cli.js.map +1 -1
  87. package/package.json +1 -1
  88. package/templates/.claude/agents-available/dashboard-builder.md +7 -7
  89. package/templates/.claude/agents-available/dev-report.md +4 -4
  90. package/templates/.claude/agents-available/health-auditor.md +1 -1
  91. package/templates/.claude/agents-available/strategic-planner.md +7 -7
  92. package/templates/.claude/agents-available/vulnerability-scanner.md +3 -3
  93. package/templates/.claude/commands/dashboard.md +1 -1
  94. package/templates/.claude/commands/deps.md +1 -1
  95. package/templates/.claude/commands/dev-report.md +2 -2
  96. package/templates/.claude/commands/docs.md +1 -1
  97. package/templates/.claude/commands/export-pdf.md +3 -3
  98. package/templates/.claude/commands/health.md +3 -3
  99. package/templates/.claude/commands/plan.md +1 -1
  100. package/templates/.claude/commands/quality.md.template +2 -2
  101. package/templates/.claude/commands/stealth-mode.md +1 -1
  102. package/templates/.claude/commands/test-gaps.md +2 -2
  103. package/templates/.claude/commands/vulnerabilities.md +3 -3
@@ -1,18 +1,18 @@
1
1
  ---
2
2
  name: dashboard-builder
3
- description: Generates a beautiful HTML dashboard from all reports in .ai/reports/. Use when asked to "build dashboard", "export reports", or "create report dashboard". Reads reports and generates a self-contained HTML file.
3
+ description: Generates a beautiful HTML dashboard from all reports in .dxkit/reports/. Use when asked to "build dashboard", "export reports", or "create report dashboard". Reads reports and generates a self-contained HTML file.
4
4
  model: sonnet
5
5
  tools: Read, Grep, Glob, Bash, Write
6
6
  ---
7
7
 
8
- You are a dashboard builder. Your job is to create a beautiful, self-contained HTML dashboard that renders all markdown reports from `.ai/reports/`.
8
+ You are a dashboard builder. Your job is to create a beautiful, self-contained HTML dashboard that renders all markdown reports from `.dxkit/reports/`.
9
9
 
10
10
  ## Steps
11
11
 
12
- 1. **Find all reports**: Glob for `.ai/reports/*.md`
12
+ 1. **Find all reports**: Glob for `.dxkit/reports/*.md`
13
13
  2. **Read each report**: Get the markdown content
14
14
  3. **Detect project name**: From `CLAUDE.md`, `package.json`, or directory name
15
- 4. **Generate dashboard**: Create `.ai/reports/dashboard.html`
15
+ 4. **Generate dashboard**: Create `.dxkit/reports/dashboard.html`
16
16
 
17
17
  ## Dashboard Design
18
18
 
@@ -413,7 +413,7 @@ Generate this exact structure (fill in REPORTS_DATA and PROJECT_NAME):
413
413
 
414
414
  ## Building the REPORTS_JSON
415
415
 
416
- For each `.md` file in `.ai/reports/`:
416
+ For each `.md` file in `.dxkit/reports/`:
417
417
  1. Read the file content
418
418
  2. Escape for JavaScript: replace `\` with `\\`, backticks with `\`+backtick, `${` with `\${`, and `</script>` with `<\/script>`
419
419
  3. Build a JSON object: `{ "filename-without-ext": "escaped markdown content" }`
@@ -425,8 +425,8 @@ Replace `REPORTS_JSON` with the JSON object.
425
425
  ## After Generation
426
426
 
427
427
  Tell the user:
428
- - Dashboard saved to `.ai/reports/dashboard.html`
429
- - Open it in a browser: `open .ai/reports/dashboard.html` (macOS) or `xdg-open .ai/reports/dashboard.html` (Linux)
428
+ - Dashboard saved to `.dxkit/reports/dashboard.html`
429
+ - Open it in a browser: `open .dxkit/reports/dashboard.html` (macOS) or `xdg-open .dxkit/reports/dashboard.html` (Linux)
430
430
  - Print to PDF from the browser for a shareable document
431
431
 
432
432
  ---
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: dev-report
3
- description: Generates developer activity and code quality reports from git history. Use when asked about "developer report", "who introduced this bug?", "contribution analysis", or "team activity". Saves report to .ai/reports/.
3
+ description: Generates developer activity and code quality reports from git history. Use when asked about "developer report", "who introduced this bug?", "contribution analysis", or "team activity". Saves report to .dxkit/reports/.
4
4
  model: sonnet
5
5
  tools: Read, Grep, Glob, Bash, Write
6
6
  ---
@@ -35,7 +35,7 @@ When asked about a specific developer:
35
35
  ### 3. Code Quality by Developer
36
36
  Cross-reference git blame with known issues:
37
37
 
38
- - For files with known vulnerabilities (from `/vulnerabilities` report if available in `.ai/reports/`):
38
+ - For files with known vulnerabilities (from `/vulnerabilities` report if available in `.dxkit/reports/`):
39
39
  - `git blame <file>` on the problematic lines
40
40
  - Identify who introduced the issue and when
41
41
  - For files with no tests:
@@ -43,7 +43,7 @@ Cross-reference git blame with known issues:
43
43
 
44
44
  ## Output Format
45
45
 
46
- Save to `.ai/reports/developer-report-YYYY-MM-DD.md`:
46
+ Save to `.dxkit/reports/developer-report-YYYY-MM-DD.md`:
47
47
 
48
48
  ```markdown
49
49
  ## Developer Activity Report
@@ -104,5 +104,5 @@ Issues from vulnerability scan attributed to authors:
104
104
  - **Focus on patterns** — one missed test is noise; consistently missing tests is a pattern
105
105
  - **Respect privacy** — this report may be sensitive; don't include in public repos
106
106
  - **Never output secrets** found in git history
107
- - Save report to `.ai/reports/developer-report-YYYY-MM-DD.md`
107
+ - Save report to `.dxkit/reports/developer-report-YYYY-MM-DD.md`
108
108
  - **Always end the report with:** `---` followed by `*Generated by [VyuhLabs DXKit](https://www.npmjs.com/package/@vyuhlabs/dxkit) dev-report agent*`
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: health-auditor
3
- description: Audits overall codebase health — tests, linting, docs, complexity, tech debt. Use when asked "how healthy is this codebase?", "what should we improve?", or "give me a quality report". Saves reports to .ai/reports/.
3
+ description: Audits overall codebase health — tests, linting, docs, complexity, tech debt. Use when asked "how healthy is this codebase?", "what should we improve?", or "give me a quality report". Saves reports to .dxkit/reports/.
4
4
  model: sonnet
5
5
  tools: Read, Grep, Glob, Bash, Write
6
6
  ---
@@ -11,13 +11,13 @@ You are a strategic planning specialist. Your job is to turn DXKit reports into
11
11
 
12
12
  ### Phase 1: Gather Intelligence
13
13
 
14
- Read all existing reports in `.ai/reports/`. If key reports are missing, tell the user which commands to run first:
15
- - `.ai/reports/health-audit-*.md` — Overall health scores
16
- - `.ai/reports/vulnerability-scan-*.md` — Security findings
17
- - `.ai/reports/test-gaps-*.md` — Untested code
18
- - `.ai/reports/developer-report-*.md` — Team patterns
19
- - `.ai/reports/docs-audit-*.md` — Documentation gaps
20
- - `.ai/reports/dependency-map-*.md` — Architecture dependencies
14
+ Read all existing reports in `.dxkit/reports/`. If key reports are missing, tell the user which commands to run first:
15
+ - `.dxkit/reports/health-audit-*.md` — Overall health scores
16
+ - `.dxkit/reports/vulnerability-scan-*.md` — Security findings
17
+ - `.dxkit/reports/test-gaps-*.md` — Untested code
18
+ - `.dxkit/reports/developer-report-*.md` — Team patterns
19
+ - `.dxkit/reports/docs-audit-*.md` — Documentation gaps
20
+ - `.dxkit/reports/dependency-map-*.md` — Architecture dependencies
21
21
 
22
22
  Also read:
23
23
  - `.claude/skills/codebase/SKILL.md` — Language breakdown, testing status
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  name: vulnerability-scanner
3
- description: Comprehensive security vulnerability scanner — dependencies (with CWE classification), code patterns, file uploads, decompression bombs, recursion depth, native modules, resource limits. Use when asked about vulnerabilities, "is this secure?", "audit dependencies", or "security scan". Saves report to .ai/reports/.
3
+ description: Comprehensive security vulnerability scanner — dependencies (with CWE classification), code patterns, file uploads, decompression bombs, recursion depth, native modules, resource limits. Use when asked about vulnerabilities, "is this secure?", "audit dependencies", or "security scan". Saves report to .dxkit/reports/.
4
4
  model: sonnet
5
5
  tools: Read, Grep, Glob, Bash, Write
6
6
  ---
@@ -108,7 +108,7 @@ Flag native modules not covered by npm audit for manual review.
108
108
 
109
109
  ## Phase 5: Generate Report
110
110
 
111
- Save to `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`:
111
+ Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`:
112
112
 
113
113
  ```markdown
114
114
  ## Vulnerability Scan Report
@@ -170,4 +170,4 @@ Save to `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`:
170
170
  - **Prioritize by exploitability** — a reachable RCE is worse than a theoretical DoS
171
171
  - **Include fix instructions** — "upgrade X to Y" or "replace pattern A with B"
172
172
  - **Never output actual secret values** — say "hardcoded secret found at file:line", don't print it
173
- - Save the report to `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`
173
+ - Save the report to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`
@@ -2,7 +2,7 @@
2
2
  description: Generate a beautiful HTML dashboard from all reports
3
3
  ---
4
4
 
5
- Delegate to the **dashboard-builder** agent. It will read all reports from `.ai/reports/` and generate a self-contained HTML dashboard at `.ai/reports/dashboard.html`.
5
+ Delegate to the **dashboard-builder** agent. It will read all reports from `.dxkit/reports/` and generate a self-contained HTML dashboard at `.dxkit/reports/dashboard.html`.
6
6
 
7
7
  The dashboard features:
8
8
  - Dark theme with modern design
@@ -4,7 +4,7 @@ description: Map dependencies — "what depends on X?" or "what breaks if I chan
4
4
 
5
5
  Delegate to the **dependency-mapper** agent. It will trace import chains and show what depends on what.
6
6
 
7
- **Save the report to `.ai/reports/dependency-map-YYYY-MM-DD.md`** (use today's date).
7
+ **Save the report to `.dxkit/reports/dependency-map-YYYY-MM-DD.md`** (use today's date).
8
8
 
9
9
  **IMPORTANT: End the report with this exact footer:**
10
10
  ```
@@ -5,7 +5,7 @@ description: Generate developer activity and code quality report from git histor
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/developer-report-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/developer-report-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The commit counts, contributor stats, and velocity data are deterministic. Skip to Step 3.
@@ -35,7 +35,7 @@ Using the git data, add:
35
35
 
36
36
  **Do not change commit counts, contributor stats, or velocity numbers from the deterministic report.**
37
37
 
38
- Save to `.ai/reports/developer-report-YYYY-MM-DD.md`.
38
+ Save to `.dxkit/reports/developer-report-YYYY-MM-DD.md`.
39
39
 
40
40
  Examples:
41
41
  - `/dev-report` — Team overview (last 3 months)
@@ -4,7 +4,7 @@ description: Audit documentation gaps or write/improve docs
4
4
 
5
5
  Delegate to the **doc-writer** agent. It can audit documentation quality, identify gaps, and help write or improve docs.
6
6
 
7
- When auditing, **save the report to `.ai/reports/docs-audit-YYYY-MM-DD.md`** (use today's date).
7
+ When auditing, **save the report to `.dxkit/reports/docs-audit-YYYY-MM-DD.md`** (use today's date).
8
8
 
9
9
  Examples:
10
10
  - `/docs audit` — Assess documentation quality and list gaps
@@ -7,7 +7,7 @@ Convert markdown report(s) to PDF.
7
7
 
8
8
  ## Arguments
9
9
  - `$ARGUMENTS`
10
- - If empty or "all", convert all reports in `.ai/reports/`
10
+ - If empty or "all", convert all reports in `.dxkit/reports/`
11
11
  - If a file path, convert that specific file
12
12
 
13
13
  ## How to Convert
@@ -20,11 +20,11 @@ Try these tools in order (use whichever is available):
20
20
 
21
21
  ## For "all" reports
22
22
  ```
23
- for f in .ai/reports/*.md; do
23
+ for f in .dxkit/reports/*.md; do
24
24
  npx md-to-pdf "$f"
25
25
  done
26
26
  ```
27
27
 
28
28
  ## Output
29
- - PDFs are saved alongside the markdown files in `.ai/reports/`
29
+ - PDFs are saved alongside the markdown files in `.dxkit/reports/`
30
30
  - Report which files were converted and their paths
@@ -7,7 +7,7 @@ description: Run a comprehensive codebase health audit (tests, quality, docs, se
7
7
  Check if a deterministic report already exists:
8
8
 
9
9
  ```bash
10
- ls .ai/reports/health-audit-*.md 2>/dev/null | tail -1
10
+ ls .dxkit/reports/health-audit-*.md 2>/dev/null | tail -1
11
11
  ```
12
12
 
13
13
  **If a report exists**: Read it. The scores and metrics are deterministic ground truth — do not change them. Skip to Step 3.
@@ -23,7 +23,7 @@ npx vyuh-dxkit health . --json 2>/dev/null
23
23
  ```
24
24
 
25
25
  **If the command succeeds** (returns JSON with `summary.overallScore`):
26
- - The CLI saves a report to `.ai/reports/health-audit-YYYY-MM-DD.md`
26
+ - The CLI saves a report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`
27
27
  - Read that report. Proceed to Step 3.
28
28
 
29
29
  **If the command fails** (not installed or errors):
@@ -47,7 +47,7 @@ Add a **Prioritized Action Items** section at the end:
47
47
 
48
48
  **If you have deterministic scores: keep all numbers exactly as reported. Add context and explanations only — do not re-score.**
49
49
 
50
- Save the enriched report to `.ai/reports/health-audit-YYYY-MM-DD.md`.
50
+ Save the enriched report to `.dxkit/reports/health-audit-YYYY-MM-DD.md`.
51
51
 
52
52
  **IMPORTANT: End the report with this exact footer:**
53
53
  ```
@@ -2,7 +2,7 @@
2
2
  description: Generate improvement plans with KPIs from reports (or list existing plans)
3
3
  ---
4
4
 
5
- Delegate to the **strategic-planner** agent. It reads all reports in `.ai/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
5
+ Delegate to the **strategic-planner** agent. It reads all reports in `.dxkit/reports/`, proposes measurable KPIs, and generates actionable plans in `.ai/plans/`.
6
6
 
7
7
  If reports don't exist yet, it will tell you which commands to run first (`/health`, `/vulnerabilities`, `/test-gaps`, etc.).
8
8
 
@@ -5,7 +5,7 @@ description: Run code quality analysis with slop detection
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/quality-review-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/quality-review-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The slop score, duplication %, and metrics are deterministic. Skip to Step 3.
@@ -54,7 +54,7 @@ Using the quality metrics, add:
54
54
 
55
55
  **Do not change the slop score, duplication %, or metric counts from the deterministic report.**
56
56
 
57
- Save to `.ai/reports/quality-review-YYYY-MM-DD.md`.
57
+ Save to `.dxkit/reports/quality-review-YYYY-MM-DD.md`.
58
58
 
59
59
  **IMPORTANT: End the report with this exact footer:**
60
60
  ```
@@ -5,7 +5,7 @@ description: Configure DXKit as local-only (gitignore all generated files) + ins
5
5
  Delegate to the **hooks-configurator** agent with stealth mode enabled.
6
6
 
7
7
  This will:
8
- 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
8
+ 1. Add all DXKit files to `.gitignore` (`.claude/`, `.ai/`, `.dxkit/`, `CLAUDE.md`, `.vyuh-dxkit.json`)
9
9
  2. Ask which hooks to enable (quality, test, vulnerability)
10
10
  3. Generate `.githooks/` directory (committed — all devs get the hooks)
11
11
  4. Install hooks with `git config core.hooksPath .githooks`
@@ -5,7 +5,7 @@ description: Find critical code paths that lack test coverage
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/test-gaps-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/test-gaps-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The file counts, coverage %, and risk tiers are deterministic. Skip to Step 3.
@@ -38,7 +38,7 @@ Add a **Test Infrastructure Setup** section if tests are at 0%:
38
38
 
39
39
  **Do not change coverage %, file counts, or risk classifications from the deterministic report.**
40
40
 
41
- Save to `.ai/reports/test-gaps-YYYY-MM-DD.md`.
41
+ Save to `.dxkit/reports/test-gaps-YYYY-MM-DD.md`.
42
42
 
43
43
  **IMPORTANT: End the report with this exact footer:**
44
44
  ```
@@ -5,7 +5,7 @@ description: Scan dependencies and code for security vulnerabilities
5
5
  ## Step 1: Check for Existing Report
6
6
 
7
7
  ```bash
8
- ls .ai/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
8
+ ls .dxkit/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
9
9
  ```
10
10
 
11
11
  **If a report exists**: Read it. The findings and severity counts are deterministic — do not change them. Skip to Step 3.
@@ -18,7 +18,7 @@ ls .ai/reports/vulnerability-scan-*.md 2>/dev/null | tail -1
18
18
  npx vyuh-dxkit vulnerabilities . --json 2>/dev/null
19
19
  ```
20
20
 
21
- **If the command succeeds**: Read the saved report from `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
21
+ **If the command succeeds**: Read the saved report from `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`. Proceed to Step 3.
22
22
 
23
23
  **If the command fails**: Run your own security analysis — check for hardcoded secrets, eval/exec calls, dependency vulnerabilities (`npm audit`), private keys in git, disabled TLS. Note: "Findings are AI-estimated. Install `@vyuhlabs/dxkit` for deterministic scanning with gitleaks + semgrep."
24
24
 
@@ -38,7 +38,7 @@ Add a **Remediation Plan** section:
38
38
 
39
39
  **Do not change severity counts or finding details from the deterministic report.**
40
40
 
41
- Save to `.ai/reports/vulnerability-scan-YYYY-MM-DD.md`.
41
+ Save to `.dxkit/reports/vulnerability-scan-YYYY-MM-DD.md`.
42
42
 
43
43
  **IMPORTANT: End the report with this exact footer:**
44
44
  ```