ai-project-maintainer 0.3.0 → 0.3.1

package/README.md

@@ -1,8 +1,9 @@
 # AI Project Maintainer
 
-![AI coding](https://img.shields.io/badge/built%20for-AI%20coding-111827)
-![Production audit](https://img.shields.io/badge/gate-production%20audit-0f766e)
-![Account free](https://img.shields.io/badge/default-account%20free-2563eb)
+![AI coding](https://img.shields.io/badge/built%20for-AI%20coding-111827)
+![Production audit](https://img.shields.io/badge/gate-production%20audit-0f766e)
+![Account free](https://img.shields.io/badge/default-account%20free-2563eb)
+[![npm](https://img.shields.io/npm/v/ai-project-maintainer.svg)](https://www.npmjs.com/package/ai-project-maintainer)
 [![CI](https://github.com/xixifusi1213-gif/ai-project-maintainer/actions/workflows/ci.yml/badge.svg)](https://github.com/xixifusi1213-gif/ai-project-maintainer/actions/workflows/ci.yml)
 
 **A production-readiness gate for AI-coded projects.**
@@ -30,11 +31,13 @@ AI coding makes it easy to ship code that looks complete but quietly misses prod
 
 `ai-project-maintainer` makes those gaps visible before they become production surprises.
 
-## The 3-Minute Flow
-
-```powershell
-# 1. Add local and CI guardrails
-npx ai-project-maintainer init "E:\my-project" --profile oss --ci github
+## The 3-Minute Flow
+
+Requires Node.js 20+.
+
+```powershell
+# 1. Add local and CI guardrails
+npx ai-project-maintainer init "E:\my-project" --profile oss --ci github
 
 # 2. Create the production audit intake templates
 npx ai-project-maintainer init-audit "E:\my-project"
@@ -43,10 +46,10 @@ npx ai-project-maintainer init-audit "E:\my-project"
 npx ai-project-maintainer audit-plan "E:\my-project" --output reports/audit-plan.json
 
 # 4. Run the production gate
-npx ai-project-maintainer gate "E:\my-project" --production --strict --release --output reports/security-report.json
-```
-
-No npm publication is required for GitHub Actions. The generated workflow clones this repository and runs the Node scripts directly.
+npx ai-project-maintainer gate "E:\my-project" --production --strict --release --output reports/security-report.json
+```
+
+GitHub Actions templates can either use the npm package or clone this repository directly.
 
 ## What It Checks
 

package/docs/UPGRADE-ROADMAP.zh-CN.md

@@ -1,8 +1,18 @@
-# 升级路线图
-
-## V2：开源维护者专业半自动平台
-
-当前目标：
+# 升级路线图
+
+## v0.4.0：真实案例和重型安全 CI
+
+下一阶段优先增强：
+
+- 新增可复现的 `examples/demo-ai-app`，展示 `FAIL/GAP -> 修复 -> PASS` 的完整闭环。
+- 新增独立 `security.yml`，安装并运行 Gitleaks、Trivy、Semgrep 等真实阻断型扫描。
+- 制作 90 秒 GIF/视频，演示项目画像、审计计划、CI 门禁、证据报告和 AI 修复循环。
+
+`v0.3.1` 只做可信发布补强，不新增重型扫描能力。
+
+## V2：开源维护者专业半自动平台
+
+当前目标：
 
 - 提供 npm/npx CLI。
 - 保留 Codex skill 和旧 Node 脚本兼容。

package/package.json

@@ -1,11 +1,35 @@
 {
-  "name": "ai-project-maintainer",
-  "version": "0.3.0",
-  "description": "Production-readiness audit and CI gate for AI-coded projects.",
-  "type": "module",
-  "files": [
-    "ai-project-maintainer/",
-    "docs/",
+  "name": "ai-project-maintainer",
+  "version": "0.3.1",
+  "description": "Production-readiness audit and CI gate for AI-coded projects.",
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/xixifusi1213-gif/ai-project-maintainer.git"
+  },
+  "bugs": {
+    "url": "https://github.com/xixifusi1213-gif/ai-project-maintainer/issues"
+  },
+  "homepage": "https://github.com/xixifusi1213-gif/ai-project-maintainer#readme",
+  "keywords": [
+    "ai-coding",
+    "devsecops",
+    "security",
+    "production-readiness",
+    "github-actions",
+    "semgrep",
+    "trivy",
+    "gitleaks",
+    "codex",
+    "ai-agents"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "files": [
+    "ai-project-maintainer/",
+    "docs/",
     "README.md"
   ],
   "bin": {