thuban 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/README.md +137 -102
  2. package/dist/LICENSE +21 -0
  3. package/dist/README.md +185 -0
  4. package/dist/cli.js +2 -0
  5. package/dist/packages/scanner/ai-confidence-scorer.js +1 -0
  6. package/dist/packages/scanner/alert-manager.js +1 -0
  7. package/dist/packages/scanner/baseline-manager.js +1 -0
  8. package/dist/packages/scanner/code-scanner.js +1 -0
  9. package/dist/packages/scanner/codebase-passport.js +1 -0
  10. package/dist/packages/scanner/copy-paste-detector.js +1 -0
  11. package/dist/packages/scanner/dependency-graph.js +1 -0
  12. package/dist/packages/scanner/drift-detector.js +1 -0
  13. package/dist/packages/scanner/executive-report.js +1 -0
  14. package/dist/packages/scanner/file-collector.js +1 -0
  15. package/dist/packages/scanner/file-watcher.js +1 -0
  16. package/dist/packages/scanner/ghost-code-detector.js +1 -0
  17. package/dist/packages/scanner/hallucination-detector.js +1 -0
  18. package/dist/packages/scanner/health-checker.js +1 -0
  19. package/dist/packages/scanner/html-report.js +1 -0
  20. package/dist/packages/scanner/index.js +1 -0
  21. package/dist/packages/scanner/license-manager.js +1 -0
  22. package/dist/packages/scanner/master-health-checker.js +1 -0
  23. package/dist/packages/scanner/monitor-notifier.js +1 -0
  24. package/dist/packages/scanner/monitor-service.js +1 -0
  25. package/dist/packages/scanner/monitor-store.js +1 -0
  26. package/dist/packages/scanner/pre-commit-gate.js +1 -0
  27. package/dist/packages/scanner/scan-diff.js +1 -0
  28. package/dist/packages/scanner/scan-runner.js +1 -0
  29. package/dist/packages/scanner/secret-scanner.js +1 -0
  30. package/dist/packages/scanner/sentinel-core.js +1 -0
  31. package/dist/packages/scanner/sentinel-knowledge.js +1 -0
  32. package/dist/packages/scanner/tech-debt-analyzer.js +1 -0
  33. package/dist/packages/scanner/tech-debt-cost.js +1 -0
  34. package/dist/packages/scanner/widget-generator.js +1 -0
  35. package/package.json +16 -8
  36. package/cli.js +0 -2412
  37. package/packages/scanner/ai-confidence-scorer.js +0 -260
  38. package/packages/scanner/alert-manager.js +0 -398
  39. package/packages/scanner/baseline-manager.js +0 -109
  40. package/packages/scanner/code-scanner.js +0 -713
  41. package/packages/scanner/codebase-passport.js +0 -299
  42. package/packages/scanner/copy-paste-detector.js +0 -250
  43. package/packages/scanner/dependency-graph.js +0 -536
  44. package/packages/scanner/drift-detector.js +0 -423
  45. package/packages/scanner/executive-report.js +0 -774
  46. package/packages/scanner/file-watcher.js +0 -323
  47. package/packages/scanner/ghost-code-detector.js +0 -226
  48. package/packages/scanner/hallucination-detector.js +0 -652
  49. package/packages/scanner/health-checker.js +0 -586
  50. package/packages/scanner/html-report.js +0 -634
  51. package/packages/scanner/index.js +0 -92
  52. package/packages/scanner/license-manager.js +0 -318
  53. package/packages/scanner/master-health-checker.js +0 -513
  54. package/packages/scanner/pre-commit-gate.js +0 -216
  55. package/packages/scanner/sentinel-core.js +0 -608
  56. package/packages/scanner/sentinel-knowledge.js +0 -322
  57. package/packages/scanner/tech-debt-analyzer.js +0 -565
  58. package/packages/scanner/tech-debt-cost.js +0 -194
  59. package/packages/scanner/widget-generator.js +0 -415
package/README.md CHANGED
@@ -1,150 +1,185 @@
1
- # Thuban — Code Health Engine
1
+ # Thuban
2
2
 
3
- **The safety layer for AI-coded software.**
3
+ Thuban is an independent AI software assurance platform for pull requests, releases, and codebase trust. It combines codebase intelligence, scanner-driven risk detection, and Forge-style verification so teams can decide whether AI-assisted changes are safe to merge.
4
4
 
5
- Scan your codebase for hallucinated APIs, ghost code, architecture drift, and tech debt. Fix what can be fixed automatically. One command. Zero dependencies. Zero config.
5
+ ## Product wedge
6
6
 
7
- ```bash
8
- npx thuban scan .
7
+ Thuban is built around a PR assurance wedge:
8
+
9
+ - connect a GitHub repository through a future GitHub App
10
+ - analyze changed files and architectural blast radius
11
+ - run assurance checks and evidence collection
12
+ - issue a clear verdict with remediation guidance
13
+
14
+ This standalone extraction is based on the Thuban product strategy and the prior CODEX specifications inside `orion-main`.
15
+
16
+ ## Repository layout
17
+
18
+ ```text
19
+ apps/
20
+ api/ Express placeholder API for ingestion, assurance, and attestations
21
+ web/ Next.js placeholder operator UI
22
+ packages/
23
+ scanner/ Extracted Sentinel scanner and monitoring substrate
24
+ forge/ Extracted Forge verifier and verification data
25
+ docs/
26
+ source/ Original CODEX and Orion intelligence specs
27
+ strategy/ Product strategy and viability docs
28
+ schema/ Thuban-only database schema extract
29
+ venture/ Original venture README source
9
30
  ```
10
31
 
11
- ---
32
+ ## What is real today
12
33
 
13
- ## Why Thuban?
34
+ - `packages/scanner/` contains extracted working Sentinel code from Orion
35
+ - `packages/forge/forge-verifier.js` contains extracted Forge verification logic
36
+ - `packages/forge/data/forge-verifications/` contains historical verification artifacts
37
+ - `docs/` contains the original strategy, viability, and CODEX-era source materials
14
38
 
15
- AI coding tools (Copilot, Cursor, Claude, ChatGPT) generate code that **looks correct but isn't**. They invent API methods that don't exist. They paste helper functions nobody calls. They use deprecated patterns from their training data.
39
+ ## What is placeholder today
16
40
 
17
- Linters don't catch this. Code review misses it. Thuban was built specifically for it.
41
+ - `apps/api/` is an Express starter aligned to the target product shape
42
+ - `apps/web/` is a minimal Next.js starter for the future assurance dashboard
43
+ - Postgres integration, GitHub App auth, webhook ingestion, PR check-runs, and production orchestration are planned but not yet implemented here
18
44
 
19
- ---
45
+ See `ARCHITECTURE.md` for a clear real-vs-placeholder breakdown.
20
46
 
21
- ## What It Does
47
+ ## Architecture overview
22
48
 
23
- | Command | What it does |
24
- |---------|-------------|
25
- | `thuban scan [path]` | Full codebase health scan with score (A-F) |
26
- | `thuban fix [path] --fix` | Auto-fix all fixable issues |
27
- | `thuban hallucinate [path]` | Detect AI hallucinated APIs |
28
- | `thuban gate` | Pre-commit hook — blocks hallucinated code in 3 seconds |
29
- | `thuban gate --fix` | Install the pre-commit gate |
30
- | `thuban cost [path]` | Tech debt cost calculator (hours + pounds) |
31
- | `thuban ghosts [path]` | Find dead functions never called |
32
- | `thuban ai-score [path]` | AI risk score per function (0-100%) |
33
- | `thuban clones [path]` | Copy-paste drift detection |
34
- | `thuban passport [path]` | Generate codebase identity file |
35
- | `thuban executive [path]` | CTO-ready PDF report |
36
- | `thuban dashboard [path]` | Visual HTML dashboard |
37
- | `thuban watch [path]` | Live sentinel monitoring |
38
- | `thuban diff [path]` | Scan only git-changed files |
39
- | `thuban drift [path]` | Detect annotation/purpose drift |
40
- | `thuban deps [path]` | Dependency graph + circular detection |
41
- | `thuban status` | Show license and usage info |
42
- | `thuban upgrade` | View pricing and subscribe |
43
- | `thuban activate [key]` | Activate a license key |
49
+ ### Apps
44
50
 
45
- ---
51
+ - `apps/api`: future control plane and integration surface for repos, pull requests, audits, policies, and attestations
52
+ - `apps/web`: future UI for onboarding repos, reviewing audit evidence, and tracking trust history
46
53
 
47
- ## Quick Start
54
+ ### Packages
48
55
 
49
- ### Scan your project
50
- ```bash
51
- npx thuban scan .
52
- ```
56
+ - `packages/scanner`: repository scanning, dependency graphing, drift detection, health checks, alerting, and secret/credential exposure scanning for hardcoded API keys, passwords, secrets in source code, `.env` files not gitignored, database connection strings with passwords, private keys, high-entropy strings, and secrets still exposed in git history, and secret/credential exposure scanning for hardcoded API keys, passwords, secrets in source code, `.env` files not gitignored, database connection strings with passwords, private keys, high-entropy strings, and secrets still exposed in git history
57
+ - `packages/forge`: attestation and verification workflow plus verification history
53
58
 
54
- ### See what it costs you
55
- ```bash
56
- npx thuban cost .
57
- ```
59
+ ### Data
58
60
 
59
- ### Find ghost code
60
- ```bash
61
- npx thuban ghosts .
62
- ```
61
+ - Postgres is the intended system of record
62
+ - the included schema extract in `docs/schema/ORION-ECOSYSTEM-SCHEMA.thuban.json` contains only the `thuban` tables from Orion
63
+ - packaged JSON artifacts are historical examples, not the final persistence model
64
+
65
+ ## Getting started
66
+
67
+ ### Prerequisites
68
+
69
+ - Node.js 20+
70
+ - npm 10+
71
+ - Postgres 15+ for future API work
72
+
73
+ ### Install
63
74
 
64
- ### Block hallucinations on every commit
65
75
  ```bash
66
- npx thuban gate --fix
76
+ npm install
67
77
  ```
68
78
 
69
- ### Generate a CTO report
79
+ ### Run the placeholder apps
80
+
70
81
  ```bash
71
- npx thuban executive .
82
+ npm run dev:api
83
+ npm run dev:web
72
84
  ```
73
85
 
74
- ---
86
+ ### Explore the extracted code
75
87
 
76
- ## Example Output
88
+ - scanner entrypoint: `packages/scanner/index.js`
89
+ - secret scan utility: `quickSecretScan([...files], { rootPath })` or `new SecretScanner({ rootPath }).scanAll()` with output including file path, line number, secret type, severity, and fix recommendation
90
+ - forge verifier: `packages/forge/forge-verifier.js`
91
+ - product strategy: `docs/strategy/THUBAN-PRODUCT-STRATEGY.md`
92
+ - architecture notes: `ARCHITECTURE.md`
77
93
 
78
- ```
79
- THUBAN — Code Health Report
94
+ ## Thuban Pro recurring scans
80
95
 
81
- Score: D+ (38/100)
96
+ Thuban Pro adds scheduled recurring scans for local repositories with change detection, local history, and notification stubs.
82
97
 
83
- CRITICAL: 3 Hallucinated APIs
84
- src/api/payments.js:47
85
- stripe.charges.createImmediate()
86
- ^^^ This method does not exist in Stripe SDK.
98
+ ### What it does
87
99
 
88
- GHOST CODE: 16 functions exist but are never called
89
- 407 wasted lines (1.9% of codebase)
100
+ - stores monitor configuration per repo in `~/.thuban/monitor/config.json`
101
+ - runs the existing scanner pipeline on a schedule
102
+ - saves each run as JSON history in `~/.thuban/monitor/runs/<repo-id>/`
103
+ - compares each run to the previous run to surface:
104
+ - new issues
105
+ - resolved issues
106
+ - issue-count trend
107
+ - hallucination / secret / tech-debt metric deltas
108
+ - writes notification records to `~/.thuban/monitor/notifications.json`
109
+ - gates monitor/history/trend commands to Pro and above
90
110
 
91
- TECH DEBT COST:
92
- Manual fix: 47 hours (£3,760 at £80/hr)
93
- With Thuban: 4 hours
94
- You save: £3,440 (91%)
111
+ ### Commands
95
112
 
96
- Run: thuban fix . --fix
113
+ ```bash
114
+ npx thuban monitor . --once
115
+ npx thuban monitor . --frequency daily
116
+ npx thuban monitor . --frequency weekly
117
+ npx thuban monitor . --frequency custom --interval-ms 3600000
118
+ npx thuban history .
119
+ npx thuban trend .
97
120
  ```
98
121
 
99
- ---
122
+ ### Notification channels
123
+
124
+ Current implementation supports:
125
+
126
+ - `inbox` — local notification inbox persisted to disk
127
+ - `console` — console alert via the existing alert manager
128
+ - `email` — stubbed for future delivery integration
129
+ - `webhook` — stubbed for future delivery integration
130
+
131
+ Example:
132
+
133
+ ```bash
134
+ npx thuban monitor . --once --notify inbox,console
135
+ ```
100
136
 
101
- ## Features
137
+ ### How scheduling works
102
138
 
103
- - **AI Hallucination Detection** finds phantom imports and invented APIs
104
- - **Pre-Commit Gate** 3-second check blocks bad code before it enters your repo
105
- - **Ghost Code Detection** finds functions that exist but are never called
106
- - **AI Risk Score** per-function assessment of AI-generated code
107
- - **Tech Debt Cost Calculator** translates debt into hours and pounds
108
- - **Copy-Paste Drift** — finds duplicated code drifting apart across files
109
- - **Codebase Passport** — one JSON file describing your entire project
110
- - **Mother Code DNA** — contextual annotations that make your codebase self-aware
111
- - **Executive Report** — board-ready HTML report (print to PDF)
112
- - **Auto-Fix** — one command fixes hundreds of issues automatically
113
- - **Live Sentinel** — real-time monitoring on file save
114
- - **Visual Dashboard** — HTML reports with score rings and category breakdowns
115
- - **GitHub CI Action** — grade every PR, block merges below threshold
139
+ - `daily` = every 24 hours
140
+ - `weekly` = every 7 days
141
+ - `custom` = any interval via `--interval-ms`
142
+ - `npx thuban monitor .` starts a foreground daemon-like process until stopped
143
+ - `npx thuban monitor . --once` performs one scheduled-style run immediately and stores history
116
144
 
117
- ---
145
+ ### Diff detection
118
146
 
119
- ## Pricing
147
+ Each issue is fingerprinted from file, category, id, line, and message. Thuban compares the latest run against the previous run and records:
120
148
 
121
- | Tier | Price | What you get |
122
- |------|-------|-------------|
123
- | **Free** | £0 | 5 scans/month, 100 files, summary output |
124
- | **Pro** | £19/mo | Unlimited scans, full details, auto-fix, all features |
125
- | **Team** | £99/mo | 5 seats, CI Action, team reports |
126
- | **Enterprise** | Custom | Unlimited seats, self-hosted, SLA, SSO |
149
+ - `added`: issues not seen in the previous run
150
+ - `resolved`: issues that disappeared
151
+ - `metricsDelta`: changes in issue count, hallucinations, secrets, and tech debt metrics
127
152
 
128
- ---
153
+ This makes recurring scans useful for “what changed since yesterday?” rather than just “scan again.”
129
154
 
130
- ## Requirements
155
+ ## Website deployment
131
156
 
132
- - Node.js 16+
133
- - Works on Windows, macOS, Linux
134
- - Zero npm dependencies — runs with just Node.js built-ins
157
+ The public site at `https://thuban.dev` is deployed from the repository root `docs/` folder via GitHub Pages.
135
158
 
136
- ---
159
+ - workflow: `.github/workflows/deploy-website.yml`
160
+ - trigger: pushes to `main` that change `docs/**`, or manual `workflow_dispatch`
161
+ - deploy artifact: the `docs/` directory uploaded directly to GitHub Pages
162
+ - custom domain: `docs/CNAME`
137
163
 
138
- ## How It Works
164
+ Important deployment notes:
139
165
 
140
- Thuban runs entirely locally. Your code never leaves your machine. It uses static analysis, pattern matching, and heuristic detection no API calls, no cloud, no telemetry.
166
+ - `apps/web/` is a placeholder Next.js app and is not part of the live GitHub Pages deployment
167
+ - there is currently no build/export pipeline from `apps/web/` into `docs/`
168
+ - updating `apps/web/` alone will not change `thuban.dev`
169
+ - to update the live site, edit the static files in `docs/` or add a future export step that writes static output into `docs/`
141
170
 
142
- ---
171
+ Current practical workflow:
143
172
 
144
- ## License
173
+ 1. make website content changes in `docs/`
174
+ 2. commit and push to `main`
175
+ 3. GitHub Actions runs `Deploy Website to GitHub Pages`
176
+ 4. GitHub Pages publishes the uploaded `docs/` artifact to `https://thuban.dev`
145
177
 
146
- Proprietary. Free tier available. See [thuban.dev](https://thuban.dev) for details.
178
+ ## Planned next steps
147
179
 
148
- ---
180
+ 1. implement GitHub App installation and webhook ingestion
181
+ 2. persist repos, analyses, issues, and fixes in Postgres
182
+ 3. convert Sentinel and Forge flows into API-driven services
183
+ 4. connect PR check-runs and release attestation exports
184
+ 5. build the dashboard for audit runs, verdicts, and trust history
149
185
 
150
- Built by [Silverwings](https://silverwingsbenefits.com)
package/dist/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Silverwings Benefits Ltd
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/dist/README.md ADDED
@@ -0,0 +1,185 @@
1
+ # Thuban
2
+
3
+ Thuban is an independent AI software assurance platform for pull requests, releases, and codebase trust. It combines codebase intelligence, scanner-driven risk detection, and Forge-style verification so teams can decide whether AI-assisted changes are safe to merge.
4
+
5
+ ## Product wedge
6
+
7
+ Thuban is built around a PR assurance wedge:
8
+
9
+ - connect a GitHub repository through a future GitHub App
10
+ - analyze changed files and architectural blast radius
11
+ - run assurance checks and evidence collection
12
+ - issue a clear verdict with remediation guidance
13
+
14
+ This standalone extraction is based on the Thuban product strategy and the prior CODEX specifications inside `orion-main`.
15
+
16
+ ## Repository layout
17
+
18
+ ```text
19
+ apps/
20
+ api/ Express placeholder API for ingestion, assurance, and attestations
21
+ web/ Next.js placeholder operator UI
22
+ packages/
23
+ scanner/ Extracted Sentinel scanner and monitoring substrate
24
+ forge/ Extracted Forge verifier and verification data
25
+ docs/
26
+ source/ Original CODEX and Orion intelligence specs
27
+ strategy/ Product strategy and viability docs
28
+ schema/ Thuban-only database schema extract
29
+ venture/ Original venture README source
30
+ ```
31
+
32
+ ## What is real today
33
+
34
+ - `packages/scanner/` contains extracted working Sentinel code from Orion
35
+ - `packages/forge/forge-verifier.js` contains extracted Forge verification logic
36
+ - `packages/forge/data/forge-verifications/` contains historical verification artifacts
37
+ - `docs/` contains the original strategy, viability, and CODEX-era source materials
38
+
39
+ ## What is placeholder today
40
+
41
+ - `apps/api/` is an Express starter aligned to the target product shape
42
+ - `apps/web/` is a minimal Next.js starter for the future assurance dashboard
43
+ - Postgres integration, GitHub App auth, webhook ingestion, PR check-runs, and production orchestration are planned but not yet implemented here
44
+
45
+ See `ARCHITECTURE.md` for a clear real-vs-placeholder breakdown.
46
+
47
+ ## Architecture overview
48
+
49
+ ### Apps
50
+
51
+ - `apps/api`: future control plane and integration surface for repos, pull requests, audits, policies, and attestations
52
+ - `apps/web`: future UI for onboarding repos, reviewing audit evidence, and tracking trust history
53
+
54
+ ### Packages
55
+
56
+ - `packages/scanner`: repository scanning, dependency graphing, drift detection, health checks, alerting, and secret/credential exposure scanning for hardcoded API keys, passwords, secrets in source code, `.env` files not gitignored, database connection strings with passwords, private keys, high-entropy strings, and secrets still exposed in git history, and secret/credential exposure scanning for hardcoded API keys, passwords, secrets in source code, `.env` files not gitignored, database connection strings with passwords, private keys, high-entropy strings, and secrets still exposed in git history
57
+ - `packages/forge`: attestation and verification workflow plus verification history
58
+
59
+ ### Data
60
+
61
+ - Postgres is the intended system of record
62
+ - the included schema extract in `docs/schema/ORION-ECOSYSTEM-SCHEMA.thuban.json` contains only the `thuban` tables from Orion
63
+ - packaged JSON artifacts are historical examples, not the final persistence model
64
+
65
+ ## Getting started
66
+
67
+ ### Prerequisites
68
+
69
+ - Node.js 20+
70
+ - npm 10+
71
+ - Postgres 15+ for future API work
72
+
73
+ ### Install
74
+
75
+ ```bash
76
+ npm install
77
+ ```
78
+
79
+ ### Run the placeholder apps
80
+
81
+ ```bash
82
+ npm run dev:api
83
+ npm run dev:web
84
+ ```
85
+
86
+ ### Explore the extracted code
87
+
88
+ - scanner entrypoint: `packages/scanner/index.js`
89
+ - secret scan utility: `quickSecretScan([...files], { rootPath })` or `new SecretScanner({ rootPath }).scanAll()` with output including file path, line number, secret type, severity, and fix recommendation
90
+ - forge verifier: `packages/forge/forge-verifier.js`
91
+ - product strategy: `docs/strategy/THUBAN-PRODUCT-STRATEGY.md`
92
+ - architecture notes: `ARCHITECTURE.md`
93
+
94
+ ## Thuban Pro recurring scans
95
+
96
+ Thuban Pro adds scheduled recurring scans for local repositories with change detection, local history, and notification stubs.
97
+
98
+ ### What it does
99
+
100
+ - stores monitor configuration per repo in `~/.thuban/monitor/config.json`
101
+ - runs the existing scanner pipeline on a schedule
102
+ - saves each run as JSON history in `~/.thuban/monitor/runs/<repo-id>/`
103
+ - compares each run to the previous run to surface:
104
+ - new issues
105
+ - resolved issues
106
+ - issue-count trend
107
+ - hallucination / secret / tech-debt metric deltas
108
+ - writes notification records to `~/.thuban/monitor/notifications.json`
109
+ - gates monitor/history/trend commands to Pro and above
110
+
111
+ ### Commands
112
+
113
+ ```bash
114
+ npx thuban monitor . --once
115
+ npx thuban monitor . --frequency daily
116
+ npx thuban monitor . --frequency weekly
117
+ npx thuban monitor . --frequency custom --interval-ms 3600000
118
+ npx thuban history .
119
+ npx thuban trend .
120
+ ```
121
+
122
+ ### Notification channels
123
+
124
+ Current implementation supports:
125
+
126
+ - `inbox` — local notification inbox persisted to disk
127
+ - `console` — console alert via the existing alert manager
128
+ - `email` — stubbed for future delivery integration
129
+ - `webhook` — stubbed for future delivery integration
130
+
131
+ Example:
132
+
133
+ ```bash
134
+ npx thuban monitor . --once --notify inbox,console
135
+ ```
136
+
137
+ ### How scheduling works
138
+
139
+ - `daily` = every 24 hours
140
+ - `weekly` = every 7 days
141
+ - `custom` = any interval via `--interval-ms`
142
+ - `npx thuban monitor .` starts a foreground daemon-like process until stopped
143
+ - `npx thuban monitor . --once` performs one scheduled-style run immediately and stores history
144
+
145
+ ### Diff detection
146
+
147
+ Each issue is fingerprinted from file, category, id, line, and message. Thuban compares the latest run against the previous run and records:
148
+
149
+ - `added`: issues not seen in the previous run
150
+ - `resolved`: issues that disappeared
151
+ - `metricsDelta`: changes in issue count, hallucinations, secrets, and tech debt metrics
152
+
153
+ This makes recurring scans useful for “what changed since yesterday?” rather than just “scan again.”
154
+
155
+ ## Website deployment
156
+
157
+ The public site at `https://thuban.dev` is deployed from the repository root `docs/` folder via GitHub Pages.
158
+
159
+ - workflow: `.github/workflows/deploy-website.yml`
160
+ - trigger: pushes to `main` that change `docs/**`, or manual `workflow_dispatch`
161
+ - deploy artifact: the `docs/` directory uploaded directly to GitHub Pages
162
+ - custom domain: `docs/CNAME`
163
+
164
+ Important deployment notes:
165
+
166
+ - `apps/web/` is a placeholder Next.js app and is not part of the live GitHub Pages deployment
167
+ - there is currently no build/export pipeline from `apps/web/` into `docs/`
168
+ - updating `apps/web/` alone will not change `thuban.dev`
169
+ - to update the live site, edit the static files in `docs/` or add a future export step that writes static output into `docs/`
170
+
171
+ Current practical workflow:
172
+
173
+ 1. make website content changes in `docs/`
174
+ 2. commit and push to `main`
175
+ 3. GitHub Actions runs `Deploy Website to GitHub Pages`
176
+ 4. GitHub Pages publishes the uploaded `docs/` artifact to `https://thuban.dev`
177
+
178
+ ## Planned next steps
179
+
180
+ 1. implement GitHub App installation and webhook ingestion
181
+ 2. persist repos, analyses, issues, and fixes in Postgres
182
+ 3. convert Sentinel and Forge flows into API-driven services
183
+ 4. connect PR check-runs and release attestation exports
184
+ 5. build the dashboard for audit runs, verdicts, and trust history
185
+