audit-trace 0.1.6 → 0.1.7

package/README.md

@@ -46,8 +46,24 @@ cd your-project
 audit-trace report
 audit-trace report --json
 audit-trace report --ci --fail-on high --prod-only
+audit-trace brief
 ```
 
+### AI-ready brief (vibe coding)
+
+```bash
+audit-trace brief
+audit-trace brief --top 3 --prod-only
+audit-trace brief --json
+```
+
+Produces a **prioritized fix plan** with ownership context and a **paste-ready prompt block** for AI assistants (Cursor, Copilot, etc.). When no vulnerabilities are found, output switches to a clean status message instead of an empty fix plan.
+
+- `--top <n>` — max action groups (default: `5`)
+- `--pkg <name>` — focus on one vulnerable package
+- `--no-prompt` — omit the AI prompt block
+- `--prod-only`, `--audit-file`, `--pm` — same as `report`
+
 ### Interactive UI (Ink)
 
 ```bash
@@ -61,6 +77,7 @@ Use **↑/↓** to browse findings, **q** to quit.
 | Command | Description |
 |--------|-------------|
 | `report` (default) | Run package-manager audit + lockfile graph; print ownership paths & remediation hints |
+| `brief` | AI-ready security brief with prioritized fix plan and paste-ready prompt |
 | `why <pkg>` | Shortest path(s) from workspace root(s) to a package in the lockfile graph |
 | `graph <pkg>` | Enumerate paths (capped) between roots and the package |
 | `impact <pkg>` | Transitive consumers (reverse reachability in the graph) |

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "audit-trace",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Dependency vulnerability analysis with ownership tracing and actionable remediation",
   "type": "module",
   "main": "./dist/index.js",