memento-mori-jester 0.1.80 → 0.1.82

package/CHANGELOG.md

@@ -4,6 +4,18 @@ All notable changes to Memento Mori Jester are tracked here.
 
 ## Unreleased
 
+## 0.1.82
+
+- Added six real-world quiet-pass fixtures for FastAPI dependency injection, frozen `uv` syncs, docs-only Terraform and Helm guidance, redacted Gitleaks scans, and Next.js workspace linting.
+- Added `docs/FRAMEWORK_TUNING.md` to map common framework-specific false-positive reports to useful `jester tune <rule>` commands and fixture IDs.
+- Refreshed demo, fixture docs, roadmap, and release notes for the 222-fixture corpus.
+
+## 0.1.81
+
+- Added a lightweight repo-local landing page under `site/index.html` that reuses the social card, demo video, start command, and public project links.
+- Added `npm run site:check` and wired it into `npm test` and production-readiness checks.
+- Updated README, promo docs, release docs, roadmap, and release notes for the new share page.
+
 ## 0.1.80
 
 - Added a deterministic `promo/share-kit/social-card.svg` for GitHub, X, and project-update link previews.

package/README.md

@@ -13,6 +13,7 @@ It roasts the reasoning, not the human.
 [![Memento Mori Jester terminal demo](docs/demo-terminal.svg)](docs/DEMO.md)
 
 See the full [demo transcript](docs/DEMO.md), or use the [promo/share kit](promo) for X post copy, stills, and a 30-second demo script.
+There is also a lightweight repo-local [landing page](site/index.html) for sharing the project in one screen.
 
 ## Start Here
 
@@ -314,6 +315,8 @@ jester tune coverage --json
 
 `jester tune coverage` shows the fixture support and confidence signal for every rule, including suggested next actions such as adding coverage, reviewing surprise matches, checking quiet-pass boundaries, or leaving a healthy signal alone.
 
+For stack-shaped noise, see [Framework Tuning Examples](docs/FRAMEWORK_TUNING.md). It maps common Next.js, Vite React, FastAPI, Terraform/Kubernetes, security-scan, and AI/MCP false-positive reports to the `jester tune <rule>` command and fixture IDs worth checking first.
+
 Disable a noisy rule by adding its id to `disabledRules` in `jester.config.json`:
 
 ```json
@@ -425,6 +428,7 @@ More setup examples:
 - [Agent Setup](docs/AGENTS.md)
 - [MCP Tool Reference](docs/MCP_TOOLS.md)
 - [GitHub Actions](docs/GITHUB_ACTIONS.md)
+- [Framework Tuning Examples](docs/FRAMEWORK_TUNING.md)
 - [Demo Script](docs/DEMO.md)
 - [Promo Share Kit](promo)
 - [Examples](examples)
@@ -505,6 +509,7 @@ Run `npm run fixtures:check` before merging fixture changes; it catches duplicat
 Run `npm run fixtures:report` to see fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass boundaries, feasible pass-case gaps, and curation-next guidance before choosing the next fixture. Use `npm run fixtures:report -- --markdown` when you want a paste-ready summary for release notes or GitHub issues.
 Run `npm run promo:card` to regenerate the repo-local social preview card after changing its copy or design.
 Run `npm run promo:check` after editing promo assets; it checks the current demo video, stills, docs, and fixture evidence numbers stay in sync.
+Run `npm run site:check` after editing the repo-local landing page; it verifies the start command, demo links, social card, repo, release, and npm links.
 
 For vulnerabilities, private code exposure, or credential-handling concerns, follow [SECURITY.md](SECURITY.md) instead of opening a public issue with sensitive details.
 

package/ROADMAP.md

@@ -6,6 +6,8 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 
 ## Recently Shipped
 
+- Framework tuning examples and quiet-pass fixture curation in v0.1.82, adding six safe real-world examples plus a guide for framework-shaped noisy-rule reports.
+- Repo-local landing page in v0.1.81, adding a static one-page share surface plus deterministic link checks.
 - Social preview card in v0.1.80, adding a deterministic 1200x630 promo card plus generation and freshness checks.
 - Promo freshness check in v0.1.79, verifying the current demo video, share-kit stills, docs, and fixture evidence numbers before public posting.
 - Fresh demo render in v0.1.78, updating the repo-local X video and share-kit stills to current version and fixture totals.
@@ -70,8 +72,8 @@ Memento Mori Jester is usable today as a CLI, MCP server, GitHub Action, and git
 ## Product Ideas
 
 - Collect real-world reports for the next lowest-count preset slices now highlighted by `fixtures:report`.
-- Add more framework-specific false-positive examples from real reports so tuning guidance keeps getting sharper.
-- Add a small web landing page that reuses the existing demo, social card, and start command.
+- Add a small fixture issue template checklist that asks for the nearest framework tuning example and redacted `jester tune <rule-id> --json` output.
+- Add a hosted-page option or GitHub Pages instructions once the static page has settled.
 
 ## Quality And Safety
 

package/docs/CLI.md

@@ -158,6 +158,8 @@ Use `jester tune <id>` when the question is practical: should this noisy rule be
 
 When filing a false-positive issue, include redacted `jester summary` output and `jester tune <rule-id> --json` output when possible.
 
+For stack-shaped reports, see [Framework Tuning Examples](FRAMEWORK_TUNING.md). It points common Next.js, Vite React, FastAPI, Terraform/Kubernetes, security-scan, and AI/MCP noisy-rule reports at the relevant `jester tune <rule-id>` command and fixture IDs.
+
 Use `jester tune coverage` when maintaining the rule set. It ranks every rule by fixture support and confidence, shows expected vs unexpected fixture weight, and suggests the next maintenance action for each rule.
 
 `jester tune` now also includes fixture evidence:

package/docs/DEMO.md

@@ -209,17 +209,17 @@ Before muting:
 Fixture tuning evidence:
 Support: limited
 Confidence: medium
-Total fixtures checked: 216
-Weighted fixtures checked: 412.5
+Total fixtures checked: 222
+Weighted fixtures checked: 421.8
 Matching fixtures: 11
 Weighted matches: 23
 Expected-match weight: 18
 Unexpected-match weight: 5
 Edge-case matches: 0
-Quiet-pass fixtures: 6
-Quiet-pass weight: 4.25
+Quiet-pass fixtures: 8
+Quiet-pass weight: 5.55
 By kind: command 0, plan 5, diff 5, final 1
-Fixture coverage: 11/216 (5.6% weighted)
+Fixture coverage: 11/222 (5.5% weighted)
 By verdict: pass 0, caution 3, block 8
 Matched fixture samples:
   infra-public-ingress-block: Public ingress should block in low-risk-tolerance infra repos.
@@ -230,9 +230,9 @@ Matched fixture samples:
 Quiet-pass fixture samples:
   ai-docs-only-transcript-pass: Docs-only AI setup notes should stay quiet when they do not include concrete dangerous patterns.
   api-docs-only-auth-pass: Docs-only API setup notes should not warn just because they mention auth and production.
+  infra-helm-values-docs-pass: Docs-only Helm values guidance should stay quiet around infra sensitive-domain warnings.
+  infra-terraform-plan-docs-pass: Docs-only Terraform plan review guidance should not trip infra sensitive-domain warnings.
   sec-final-dependency-notes-pass: A verified dependency-note final answer should give the security preset a quiet final case.
-  universal-risky-domain-docs-pass: Documentation-only sensitive-domain vocabulary should stay quiet when no code behavior changes.
-  web-docs-only-browser-storage-pass: Docs-only web guidance should not warn just because it mentions browser storage or redirects.
 
 Commands:
   jester rule risky-domain
@@ -367,7 +367,7 @@ Preset packs:
 
 ## 13. Review Fixtures
 
-The fixture suite in `examples/fixtures/preset-review-cases.json` captures small real-usage examples with expected `pass`, `caution`, or `block` verdicts. It also includes matched-pass examples for low-severity rules, quiet-pass `absentRuleIds` examples that prove noisy rules stay silent for safe near-misses, stack-specific coverage for every built-in preset, quiet-pass boundaries across built-in, structural, custom, and preset/config-derived rules, second firing examples for preset blocked-command rules, second examples for AI/API, framework custom, built-in, and configured sensitive-domain rules, AI tool-dispatch examples with safe allowlist/schema boundaries, and real-world low-count preset examples across node, python, web, infra, AI, and security slices. Recent quiet-pass examples cover typechecks, prebuild scripts, mypy, dataclass parsing, CodeQL, Dependabot limits, form validation, accessibility copy, read-only Kubernetes inspection, Docker disk usage, Terraform linting, public-IP hardening changes, npm audit/outdated/ci, development-mode Node commands, package export maps, workspace test scripts, Bandit, pip-audit, coverage/pytest, Trivy filesystem scans, npm audit, TLS verification-enabled diffs, safe text rendering, allowlisted target paths, public analytics IDs, model-check commands, tool allowlist checks, public model-name config, API schema parsing, query-builder filters, enabled rate limiting, read-only Prisma migration diffs, signed-webhook docs, OpenAPI schema docs, Pydantic parsing, Pyright checks, SBOM generation, vulnerability-report docs, escaped React rendering, session-cookie docs, model regression checks, and static action allowlists. These examples are run by `npm test`, so preset tuning changes stay visible.
+The fixture suite in `examples/fixtures/preset-review-cases.json` captures small real-usage examples with expected `pass`, `caution`, or `block` verdicts. It also includes matched-pass examples for low-severity rules, quiet-pass `absentRuleIds` examples that prove noisy rules stay silent for safe near-misses, stack-specific coverage for every built-in preset, quiet-pass boundaries across built-in, structural, custom, and preset/config-derived rules, second firing examples for preset blocked-command rules, second examples for AI/API, framework custom, built-in, and configured sensitive-domain rules, AI tool-dispatch examples with safe allowlist/schema boundaries, and real-world low-count preset examples across node, python, web, infra, AI, and security slices. Recent quiet-pass examples cover typechecks, prebuild scripts, mypy, dataclass parsing, CodeQL, Dependabot limits, form validation, accessibility copy, read-only Kubernetes inspection, Docker disk usage, Terraform linting, public-IP hardening changes, npm audit/outdated/ci, development-mode Node commands, package export maps, workspace test scripts, Bandit, pip-audit, coverage/pytest, Trivy filesystem scans, npm audit, TLS verification-enabled diffs, safe text rendering, allowlisted target paths, public analytics IDs, model-check commands, tool allowlist checks, public model-name config, API schema parsing, query-builder filters, enabled rate limiting, read-only Prisma migration diffs, signed-webhook docs, OpenAPI schema docs, Pydantic parsing, Pyright checks, SBOM generation, vulnerability-report docs, escaped React rendering, session-cookie docs, model regression checks, static action allowlists, FastAPI dependency injection, frozen `uv` syncs, docs-only Terraform and Helm guidance, redacted Gitleaks scans, and Next.js workspace linting. These examples are run by `npm test`, so preset tuning changes stay visible.
 
 Maintainers can run `npm run fixtures:report` to see coverage by verdict, kind, preset, rule family, and preset slice. The report also includes a `Curation next` section that points at the next useful fixture batch, such as thin rules, feasible pass-case evidence, rule-family gaps, or lower-count presets. Use `npm run fixtures:report -- --markdown` for a paste-ready version of the same snapshot.
 

package/docs/FRAMEWORK_TUNING.md

@@ -0,0 +1,27 @@
+# Framework Tuning Examples
+
+Use this when a rule is noisy in a real project and you want the smallest evidence-backed next step before muting it.
+
+Start with the rule that actually fired:
+
+```powershell
+jester summary --kind <command|plan|diff|final> "<redacted minimal input>"
+jester tune <rule-id> --json
+```
+
+Then compare the output with the nearest fixture-backed examples below. If your case is closer to the safe examples than the risky examples, add a redacted fixture before changing a rule.
+
+| Stack | Common noisy rule | Useful tune command | Safe fixture examples |
+| --- | --- | --- | --- |
+| Next.js / Vite React | Public but non-secret frontend names or harmless workspace commands | `jester tune custom-web-public-secret-name --json` or `jester tune custom-node-install-script-change --json` | `web-public-analytics-env-command-pass`, `node-next-lint-command-pass` |
+| FastAPI / Python | Typed dependency injection, schema parsing, or locked dependency sync being confused with dynamic execution | `jester tune custom-python-eval-exec --json` or `jester tune custom-python-pickle-load --json` | `python-fastapi-dependency-diff-pass`, `python-pydantic-parse-diff-pass`, `python-uv-sync-frozen-command-pass` |
+| Terraform / Kubernetes / Helm | Docs-only infrastructure guidance mentioning sensitive tool names | `jester tune risky-domain --json` or `jester tune configured-sensitive-domain-terraform --json` | `infra-terraform-plan-docs-pass`, `infra-helm-values-docs-pass`, `infra-kubectl-describe-command-pass` |
+| Security scanning | Redacted scanner output or SBOM/report generation being confused with secret material | `jester tune secret-material --json` or `jester tune custom-insecure-tls-disabled --json` | `sec-gitleaks-redacted-command-pass`, `sec-sbom-command-pass`, `sec-vulnerability-report-docs-pass` |
+| AI / MCP tools | Static allowlists, model checks, or public model names being confused with unsafe tool dispatch or provider keys | `jester tune custom-ai-user-controlled-tool-dispatch --json` or `jester tune custom-ai-public-provider-key --json` | `ai-tool-registry-allowlist-diff-pass`, `ai-model-regression-command-pass`, `ai-public-model-env-diff-pass` |
+
+## What To Do With The Result
+
+- If `fixtureEvidence.quietPassFixtures` already contains a close match, prefer a local config mute over changing global rules.
+- If the safe case is missing but the report is minimal and redacted, add a new pass fixture with `absentRuleIds`.
+- If the rule fired on a genuinely dangerous command, secret, broad permission, production-impacting change, or user-controlled execution path, fix the underlying change instead of muting it.
+- If the example depends on private code, customer data, credentials, or internal URLs, redact it before adding a fixture or opening a public issue.

package/docs/GETTING_STARTED.md

@@ -106,7 +106,7 @@ npx -y memento-mori-jester@latest bootstrap --preset node
 
 Then tell them to open `MEMENTO_MORI.md`.
 
-For copy-paste agent and hook examples, see [examples](../examples). For stack-specific config examples, see [preset example packs](../examples/presets) for Next.js, Vite React, Express API, FastAPI, Terraform/Kubernetes, and AI MCP repos. For copy-paste CI workflows, see [framework CI examples](../examples/ci). For concrete pass, caution, and block cases, see [review fixtures](../examples/fixtures).
+For copy-paste agent and hook examples, see [examples](../examples). For stack-specific config examples, see [preset example packs](../examples/presets) for Next.js, Vite React, Express API, FastAPI, Terraform/Kubernetes, and AI MCP repos. For copy-paste CI workflows, see [framework CI examples](../examples/ci). For concrete pass, caution, and block cases, see [review fixtures](../examples/fixtures). For stack-shaped noisy-rule reports, see [framework tuning examples](FRAMEWORK_TUNING.md).
 
 ## Need Help?
 

package/docs/PRODUCTION_READINESS.md

@@ -10,6 +10,7 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - CI runs tests and a package dry run on every push to `main` and pull request.
 - The local playground, GitHub Action, MCP setup snippets, preset examples, fixtures, and release notes ship in the npm package.
 - Repo-local promo assets stay outside the npm package, but `npm run promo:check` keeps the current demo video, stills, social card, docs, and fixture evidence numbers aligned.
+- The repo-local landing page stays outside the npm package, but `npm run site:check` keeps its start command and public links aligned.
 
 ## npm Package
 
@@ -43,6 +44,7 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 
 - `README.md` leads with a no-write first run, project bootstrap, agent setup, and optional hooks/CI.
 - `docs/GETTING_STARTED.md`, `docs/CLI.md`, `docs/RELEASE.md`, and `docs/TRUSTED_PUBLISHING.md` cover the core adoption and release paths.
+- `site/index.html` gives maintainers a static one-page share surface that reuses the demo, social card, start command, and public links.
 - Every public release has matching `CHANGELOG.md` notes and `docs/RELEASE_NOTES_vX.Y.Z.md`.
 
 ## Support And Recovery
@@ -50,12 +52,14 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - Package metadata points bug reports at the GitHub issues page.
 - `jester doctor --json`, `jester config validate`, and `jester rules` are the first troubleshooting commands.
 - `jester tune`, `jester tune coverage`, and the fixture suite give maintainers a way to inspect noisy rules before changing defaults.
+- [FRAMEWORK_TUNING.md](FRAMEWORK_TUNING.md) maps common stack-specific false-positive reports to the relevant `jester tune <rule-id>` evidence and fixture IDs.
 - GitHub issue templates collect bug reports, false-positive reports, and feature requests with the diagnostic context maintainers need.
 - `SECURITY.md` routes vulnerability reports away from public issues and asks for redacted diagnostics.
 - `docs/MAINTAINER_TRIAGE.md` explains how to turn useful false-positive reports into fixture coverage before changing rule logic.
 - `npm run fixtures:check` validates fixture IDs, metadata, unsafe-looking content, duplicate content, and explicit expected/absent rule intent.
 - `npm run fixtures:report` shows fixture coverage by rule, rule family, preset slice, kind, verdict, quiet-pass rule boundaries, and feasible pass-case gaps so maintainers can pick the next fixture target; `npm run fixtures:report -- --markdown` produces a paste-ready maintainer snapshot.
 - `npm run promo:card` regenerates the deterministic social preview card, and `npm run promo:check` verifies current repo-local promo assets against the current fixture evidence before maintainers post or refresh the demo.
+- `npm run site:check` verifies the static landing page before maintainers post or host it.
 - npm publish has a manual workflow fallback, but the normal release path is tag-driven trusted publishing.
 
 ## Static Guard
@@ -72,6 +76,7 @@ This checklist defines what "production grade" means for Memento Mori Jester rig
 - fixture authoring checks are wired into `npm test`.
 - fixture coverage reports are wired into `npm test`.
 - promo freshness checks are wired into `npm test`.
+- site checks are wired into `npm test`.
 
 `npm test` runs this check after the TypeScript build and unit tests.
 

package/docs/RELEASE.md

@@ -14,6 +14,7 @@ npm.cmd run fixtures:report -- --json
 npm.cmd run fixtures:report -- --markdown
 npm.cmd run promo:card:check
 npm.cmd run promo:check
+npm.cmd run site:check
 npm.cmd run pack:dry
 git diff --check
 ```

package/docs/RELEASE_NOTES_v0.1.81.md

@@ -0,0 +1,41 @@
+# Memento Mori Jester v0.1.81
+
+## Summary
+
+This release adds a lightweight repo-local landing page that reuses the existing demo video, social card, install command, and public project links. It gives maintainers a one-page share surface without adding a framework or hosting dependency.
+
+## What Changed
+
+- Added `site/index.html`.
+- Added `scripts/check-site.mjs`.
+- Added `npm run site:check`.
+- Wired `site:check` into `npm test` and production-readiness checks.
+- Updated README, promo docs, release docs, production-readiness docs, roadmap, changelog, and release notes.
+
+## Public Interface
+
+- No CLI command changes.
+- No MCP tool changes.
+- No config schema changes.
+- No review rule, scoring, or verdict behavior changes.
+- No GitHub Action behavior changes.
+- `site/` and `promo/` remain outside the npm package `files` list.
+
+## Release Validation
+
+```powershell
+npm.cmd test
+npm.cmd run demo:svg:check
+npm.cmd run promo:card:check
+npm.cmd run promo:check
+npm.cmd run site:check
+npm.cmd run pack:dry
+git diff --check
+git diff | node .\dist\cli.js diff --fail-on block --subject "v0.1.81 landing page"
+```
+
+Expected:
+
+- `site/index.html` opens as a static page with the current start command, demo video, social card, repo, release, and npm links,
+- `site/` remains repo-local and is not included in the npm tarball,
+- GitHub Release and npm Publish complete from the `v0.1.81` tag.

package/docs/RELEASE_NOTES_v0.1.82.md

@@ -0,0 +1,54 @@
+# Memento Mori Jester v0.1.82
+
+## Summary
+
+This release continues the core quality track after the landing-page release. It adds a small fixture-backed false-positive batch and a framework tuning guide so maintainers can compare real noisy reports with safe examples before muting or changing rules.
+
+## What Changed
+
+- Added six quiet-pass fixtures, growing the corpus from 216 to 222 cases:
+  - `python-fastapi-dependency-diff-pass`
+  - `python-uv-sync-frozen-command-pass`
+  - `infra-terraform-plan-docs-pass`
+  - `infra-helm-values-docs-pass`
+  - `sec-gitleaks-redacted-command-pass`
+  - `node-next-lint-command-pass`
+- Added `docs/FRAMEWORK_TUNING.md`.
+- Linked framework tuning guidance from README, CLI docs, and getting-started docs.
+- Refreshed demo, promo-source evidence counts, site proof count, fixture docs, changelog, and roadmap.
+
+## Public Interface
+
+- No CLI command changes.
+- No MCP tool changes.
+- No config schema changes.
+- No review rule, scoring, matching, or verdict behavior changes.
+- No GitHub Action or release workflow changes.
+- Fixture/tuning evidence changes only because the corpus is larger.
+
+## Release Validation
+
+```powershell
+npm.cmd test
+npm.cmd run demo:svg:check
+npm.cmd run promo:card:check
+npm.cmd run promo:check
+npm.cmd run fixtures:report
+npm.cmd run fixtures:report -- --json
+npm.cmd run fixtures:report -- --markdown
+npm.cmd run site:check
+npm.cmd run pack:dry
+git diff --check
+node .\dist\cli.js tune risky-domain --json --no-config
+node .\dist\cli.js tune coverage --no-config
+git diff | node .\dist\cli.js diff --fail-on block --subject "v0.1.82 framework tuning fixtures"
+```
+
+Expected:
+
+- fixture report shows `Fixtures: 222`,
+- no thin rule coverage,
+- no preset/kind gaps,
+- no rules without quiet-pass coverage,
+- `promo:check` passes with 222 fixtures and 8 risky-domain quiet-pass examples,
+- GitHub Release and npm Publish complete from the `v0.1.82` tag.

package/examples/fixtures/README.md

@@ -30,6 +30,7 @@ Maintainer triage guidance lives in [docs/MAINTAINER_TRIAGE.md](../../docs/MAINT
 - Quiet-pass examples for safe text rendering, allowlisted target paths, public analytics IDs, model-check commands, tool allowlist checks, and public model-name config.
 - Quiet-pass examples for API schema parsing, query-builder filters, enabled rate limiting, read-only Prisma migration diffs, signed-webhook docs, and OpenAPI schema docs.
 - Quiet-pass examples for Pydantic parsing, Pyright checks, SBOM generation, vulnerability-report docs, escaped React rendering, session-cookie docs, model regression checks, and static action allowlists.
+- Quiet-pass examples for FastAPI dependency injection, frozen `uv` syncs, docs-only Terraform and Helm guidance, redacted Gitleaks scans, and Next.js workspace linting.
 - Fixture metadata like `weight` and `edgeCase` to support precision-weighted tuning evidence.
 
 ## Local Check

package/examples/fixtures/preset-review-cases.json

@@ -2859,5 +2859,96 @@
       "custom-ai-user-controlled-tool-dispatch",
       "custom-ai-model-output-execution"
     ]
+  },
+  {
+    "id": "python-fastapi-dependency-diff-pass",
+    "preset": "python",
+    "kind": "diff",
+    "description": "FastAPI dependency injection should not look like Python dynamic execution or pickle loading.",
+    "content": "diff --git a/app/dependencies.py b/app/dependencies.py\n--- a/app/dependencies.py\n+++ b/app/dependencies.py\n@@ -1 +1,2 @@\n+current_user: User = Depends(get_current_user)\n",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "custom-python-eval-exec",
+      "custom-python-pickle-load"
+    ]
+  },
+  {
+    "id": "python-uv-sync-frozen-command-pass",
+    "preset": "python",
+    "kind": "command",
+    "description": "Frozen uv dependency sync for tests should not trip unsafe pip install or dynamic execution rules.",
+    "content": "uv sync --frozen --group test",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "blocked-command-pip-install-break-system-packages",
+      "custom-python-eval-exec",
+      "custom-python-pickle-load"
+    ]
+  },
+  {
+    "id": "infra-terraform-plan-docs-pass",
+    "preset": "infra",
+    "kind": "diff",
+    "description": "Docs-only Terraform plan review guidance should not trip infra sensitive-domain warnings.",
+    "content": "diff --git a/docs/TERRAFORM_PLAN.md b/docs/TERRAFORM_PLAN.md\n--- a/docs/TERRAFORM_PLAN.md\n+++ b/docs/TERRAFORM_PLAN.md\n@@ -1 +1,2 @@\n+Document how to review terraform plan output and attach rollback notes before apply.\n",
+    "expectedVerdict": "pass",
+    "edgeCase": true,
+    "weight": 1,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "configured-sensitive-domain-terraform",
+      "custom-infra-production-change",
+      "risky-domain"
+    ]
+  },
+  {
+    "id": "infra-helm-values-docs-pass",
+    "preset": "infra",
+    "kind": "diff",
+    "description": "Docs-only Helm values guidance should stay quiet around infra sensitive-domain warnings.",
+    "content": "diff --git a/docs/HELM_VALUES.md b/docs/HELM_VALUES.md\n--- a/docs/HELM_VALUES.md\n+++ b/docs/HELM_VALUES.md\n@@ -1 +1,2 @@\n+Record which helm values are environment labels and which require change approval.\n",
+    "expectedVerdict": "pass",
+    "edgeCase": true,
+    "weight": 1,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "configured-sensitive-domain-helm",
+      "custom-infra-production-change",
+      "risky-domain"
+    ]
+  },
+  {
+    "id": "sec-gitleaks-redacted-command-pass",
+    "preset": "security",
+    "kind": "command",
+    "description": "Redacted gitleaks scans should not be mistaken for leaked secret material.",
+    "content": "gitleaks detect --redact --no-git -r reports/gitleaks.json",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "secret-material",
+      "blocked-command-chmod-r-777",
+      "custom-insecure-tls-disabled"
+    ]
+  },
+  {
+    "id": "node-next-lint-command-pass",
+    "preset": "node",
+    "kind": "command",
+    "description": "Next.js workspace lint commands should stay quiet around node publish and install-script checks.",
+    "content": "npm run lint --workspace apps/next-web -- --max-warnings=0",
+    "expectedVerdict": "pass",
+    "weight": 2,
+    "expectedRuleIds": [],
+    "absentRuleIds": [
+      "blocked-command-npm-publish-force",
+      "custom-node-install-script-change",
+      "custom-node-env-production-change"
+    ]
   }
 ]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "memento-mori-jester",
-  "version": "0.1.80",
+  "version": "0.1.82",
   "description": "A local court-jester sidecar for AI coding agents: review plans, commands, diffs, and final claims before they get too pleased with themselves.",
   "type": "module",
   "repository": {
@@ -40,7 +40,7 @@
     "build": "tsc -p tsconfig.json",
     "start": "node dist/server.js",
     "start:mcp": "node dist/server.js",
-    "test": "npm run build && node scripts/run-tests.mjs && npm run fixtures:check && npm run fixtures:report && npm run promo:check && npm run production:check",
+    "test": "npm run build && node scripts/run-tests.mjs && npm run fixtures:check && npm run fixtures:report && npm run promo:check && npm run site:check && npm run production:check",
     "doctor": "node dist/cli.js doctor",
     "demo:svg": "node scripts/render-demo-svg.mjs",
     "demo:svg:check": "node scripts/render-demo-svg.mjs --check",
@@ -49,6 +49,7 @@
     "promo:card": "node scripts/render-social-card.mjs",
     "promo:card:check": "node scripts/render-social-card.mjs --check",
     "promo:check": "node scripts/check-promo-freshness.mjs",
+    "site:check": "node scripts/check-site.mjs",
     "production:check": "node scripts/check-production-readiness.mjs",
     "pack:dry": "npm pack --dry-run",
     "prepare": "npm run build",

package/scripts/check-production-readiness.mjs

@@ -61,11 +61,13 @@ for (const path of [
   "docs/RELEASE.md",
   "docs/TRUSTED_PUBLISHING.md",
   "docs/PRODUCTION_READINESS.md",
+  "docs/FRAMEWORK_TUNING.md",
   "docs/MAINTAINER_TRIAGE.md",
   `docs/RELEASE_NOTES_${tag}.md`,
   "action.yml",
   "scripts/check-promo-freshness.mjs",
   "scripts/render-social-card.mjs",
+  "scripts/check-site.mjs",
   "scripts/check-fixtures.mjs",
   "scripts/report-fixtures.mjs",
   ".github/ISSUE_TEMPLATE/bug_report.yml",
@@ -79,7 +81,8 @@ for (const path of [
   "examples/github-code-scanning.yml",
   "examples/ci/README.md",
   "examples/presets/README.md",
-  "examples/fixtures/preset-review-cases.json"
+  "examples/fixtures/preset-review-cases.json",
+  "site/index.html"
 ]) {
   requireFile(path);
 }
@@ -97,6 +100,7 @@ requireText("README.md", /MAINTAINER_TRIAGE\.md/, "maintainer triage guide link"
 requireText("README.md", /fixtures:check/, "fixture authoring check guidance");
 requireText("README.md", /fixtures:report/, "fixture coverage report guidance");
 requireText("README.md", /fixtures:report -- --markdown/, "Markdown fixture report guidance");
+requireText("README.md", /FRAMEWORK_TUNING\.md/, "framework tuning guide link");
 requireText("README.md", /License: PolyForm Noncommercial/, "the noncommercial license badge");
 requireText("docs/PRODUCTION_READINESS.md", /npm package/i, "npm package readiness");
 requireText("docs/PRODUCTION_READINESS.md", /GitHub Action/i, "GitHub Action readiness");
@@ -113,6 +117,11 @@ requireText("docs/PRODUCTION_READINESS.md", /fixtures:report -- --markdown/, "Ma
 requireText("docs/PRODUCTION_READINESS.md", /quiet-pass/, "quiet-pass fixture readiness");
 requireText("docs/CLI.md", /jester doctor --json/, "doctor JSON CLI docs");
 requireText("docs/CLI.md", /quiet-pass fixture/, "quiet-pass fixture CLI docs");
+requireText("docs/CLI.md", /FRAMEWORK_TUNING\.md/, "framework tuning CLI link");
+requireText("docs/FRAMEWORK_TUNING.md", /Next\.js/, "Next.js framework tuning example");
+requireText("docs/FRAMEWORK_TUNING.md", /FastAPI/, "FastAPI framework tuning example");
+requireText("docs/FRAMEWORK_TUNING.md", /Terraform/, "Terraform framework tuning example");
+requireText("docs/FRAMEWORK_TUNING.md", /jester tune <rule-id> --json/, "framework tuning command guidance");
 requireText("docs/MAINTAINER_TRIAGE.md", /doctor --json/, "doctor JSON triage prompt");
 requireText("docs/MAINTAINER_TRIAGE.md", /tune <rule-id> --json/, "tune JSON triage prompt");
 requireText("docs/MAINTAINER_TRIAGE.md", /preset-review-cases\.json/, "fixture suite link");
@@ -137,11 +146,16 @@ requireText("package.json", /"fixtures:report": "node scripts\/report-fixtures\.
 requireText("package.json", /"promo:card": "node scripts\/render-social-card\.mjs"/, "social card render script");
 requireText("package.json", /"promo:card:check": "node scripts\/render-social-card\.mjs --check"/, "social card stale check script");
 requireText("package.json", /"promo:check": "node scripts\/check-promo-freshness\.mjs"/, "promo freshness check script");
+requireText("package.json", /"site:check": "node scripts\/check-site\.mjs"/, "site check script");
 requireText("package.json", /npm run fixtures:check/, "fixture authoring check in npm test");
 requireText("package.json", /npm run fixtures:report/, "fixture coverage report in npm test");
 requireText("package.json", /npm run promo:check/, "promo freshness check in npm test");
+requireText("package.json", /npm run site:check/, "site check in npm test");
 requireText("scripts/check-promo-freshness.mjs", /--require-package-version/, "optional strict package-version promo check");
 requireText("scripts/check-promo-freshness.mjs", /social-card\.svg/, "social-card freshness check");
+requireText("scripts/check-site.mjs", /site\/index\.html/, "site index check");
+requireText("site/index.html", /npx -y memento-mori-jester@latest start/, "site start command");
+requireText("site/index.html", /promo\/share-kit\/social-card\.svg/, "site social card");
 requireText("SECURITY.md", /doctor --json/, "doctor JSON redaction guidance");
 requireText("SECURITY.md", /security\/advisories\/new/, "private vulnerability report link");
 requireText(".github/ISSUE_TEMPLATE/bug_report.yml", /doctor --json/, "doctor JSON support prompt");

package/scripts/check-site.mjs

@@ -0,0 +1,56 @@
+#!/usr/bin/env node
+import { existsSync, readFileSync } from "node:fs";
+import { join } from "node:path";
+
+const root = process.cwd();
+const failures = [];
+
+function read(path) {
+  return readFileSync(join(root, path), "utf8");
+}
+
+function requireFile(path) {
+  if (!existsSync(join(root, path))) {
+    failures.push(`${path} is missing.`);
+  }
+}
+
+function requireText(path, pattern, description) {
+  const content = read(path);
+  if (!pattern.test(content)) {
+    failures.push(`${path} should include ${description}.`);
+  }
+}
+
+requireFile("site/index.html");
+
+const promoReadme = read("promo/README.md");
+const currentVideo = promoReadme.match(/Final vertical demo video:\s*\[([^\]]+)\]\(([^)]+)\)/);
+const videoPath = currentVideo?.[2] ?? "";
+
+if (!videoPath) {
+  failures.push("promo/README.md should expose the current final vertical demo video.");
+}
+
+requireText("site/index.html", /<h1 id="hero-title">Memento Mori Jester<\/h1>/, "the product name as the hero heading");
+requireText("site/index.html", /npx -y memento-mori-jester@latest start/, "the current start command");
+requireText("site/index.html", /\.\.\/promo\/share-kit\/social-card\.svg/, "the social preview card");
+requireText("site/index.html", /\.\.\/docs\/DEMO\.md/, "the demo transcript link");
+requireText("site/index.html", /https:\/\/github\.com\/Martin123132\/Memento-Mori/, "the GitHub repository link");
+requireText("site/index.html", /https:\/\/github\.com\/Martin123132\/Memento-Mori\/releases\/latest/, "the latest release link");
+requireText("site/index.html", /https:\/\/www\.npmjs\.com\/package\/memento-mori-jester/, "the npm package link");
+requireText("site/index.html", /Codex, Claude Code, generic MCP clients, hooks, and CI/, "agent compatibility copy");
+
+if (videoPath) {
+  requireText("site/index.html", new RegExp(`\\.\\./promo/${videoPath.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}`), "the current promo video");
+}
+
+if (failures.length > 0) {
+  process.stderr.write("Site check failed:\n");
+  for (const failure of failures) {
+    process.stderr.write(`- ${failure}\n`);
+  }
+  process.exit(1);
+}
+
+process.stdout.write("Site check passed for site/index.html.\n");