{"id":49499549,"url":"https://github.com/jsonbored/nightward","last_synced_at":"2026-05-05T12:04:04.229Z","repository":{"id":354836118,"uuid":"1225465608","full_name":"JSONbored/nightward","owner":"JSONbored","description":"Local-first TUI for auditing AI agent state, MCP config, and dotfiles backup safety","archived":false,"fork":false,"pushed_at":"2026-04-30T11:47:18.000Z","size":61,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-30T12:16:02.364Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JSONbored.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-30T09:57:21.000Z","updated_at":"2026-04-30T09:57:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/JSONbored/nightward","commit_stats":null,"previous_names":["jsonbored/nightward"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/JSONbored/nightward","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JSONbored%2Fnightward","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JSONbored%2Fnightward/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JSONbored%2Fnightward/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JSONbored%2Fnightward/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JSONbored","download_url":"https://codeload.github.com/JSONbored/nightward/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JSONbored%2Fnightward/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32495949,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-01T12:00:35.371Z","updated_at":"2026-05-05T12:04:04.219Z","avatar_url":"https://github.com/JSONbored.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nightward\n\n[![CI](https://github.com/JSONbored/nightward/actions/workflows/ci.yml/badge.svg)](https://github.com/JSONbored/nightward/actions/workflows/ci.yml)\n[![Nightward Policy](https://github.com/JSONbored/nightward/actions/workflows/nightward-policy.yml/badge.svg)](https://github.com/JSONbored/nightward/actions/workflows/nightward-policy.yml)\n[![OpenSSF Scorecard](https://github.com/JSONbored/nightward/actions/workflows/scorecard.yml/badge.svg)](https://github.com/JSONbored/nightward/actions/workflows/scorecard.yml)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/12713/badge)](https://www.bestpractices.dev/projects/12713)\n[![License: MIT](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)\n\nNightward finds AI-tool risks before you sync: MCP risk, local-only state, secret exposure, and reviewable fix plans, all locally.\n\nIt scans common Codex, Claude, Cursor, Windsurf, VS Code, Raycast, JetBrains, Zed, Continue, Cline/Roo, Aider, OpenCode, Goose, LM Studio, Ollama/Open WebUI, Neovim, MCP config locations, and repo/workspace AI config; classifies what is portable versus local-only or secret; highlights MCP security findings; and produces redacted analysis signals, fix plans, SARIF policy output, snapshot plans, and dry-run backup plans.\n\nPublic docs and the fixture TUI walkthrough live at \u003chttps://nightward.aethereal.dev/\u003e.\n\nNightward does not mutate agent configs. It only writes explicit report/SARIF files when requested. Schedule install/remove commands are plan-only in v1.\n\n\u003e [!IMPORTANT]\n\u003e Nightward is local-first by design: no telemetry, no default network calls, no cloud dashboard, and no live agent-config mutation.\n\n## TUI Preview\n\n[![Scrubbed Nightward OpenTUI walkthrough showing overview, findings, analysis, fix plan, inventory, backup, and help screens](site/public/demo/nightward-opentui.gif)](site/guide/tui.md)\n\nThe README uses a GIF so the preview renders directly on GitHub. The docs homepage uses the lighter [WebM loop](site/public/demo/tui/nightward-opentui.webm), and the [TUI guide](site/guide/tui.md) keeps the full seven-screen gallery.\n\n## At A Glance\n\n| Surface | What it does | Default write behavior |\n| --- | --- | --- |\n| TUI | Dashboard, inventory, findings, analysis, fix plan, backup preview | Read-only except explicit redacted export |\n| CLI | Scriptable scan, doctor, policy, SARIF, snapshot, schedule commands | Read-only unless explicit output/export paths are requested |\n| MCP server | Read-only stdio tools/resources for AI clients | No writes, no network listener, no online providers |\n| Raycast | macOS read-only companion commands | Clipboard/report-folder actions only |\n| GitHub Action | Workspace policy and SARIF checks | Writes only requested CI outputs |\n| Trunk plugin | Local workspace policy/analyze linters | Emits SARIF to stdout |\n\n## Sample Output\n\nThe sample below is generated from the committed fixture home at [testdata/homes/policy](testdata/homes/policy). Hostname, HOME, local paths, timestamps, and secret-looking fixture values are scrubbed before the JSON, report, or screenshot is committed.\n\n![Scrubbed Nightward HTML report generated from fixture data](site/public/demo/nightward-sample-report.png)\n\n- [Scrubbed sample scan JSON](site/public/demo/nightward-sample-scan.json)\n- [Static HTML report](site/public/demo/nightward-sample-report.html)\n- [OpenTUI gallery](site/guide/tui.md), [walkthrough GIF](site/public/demo/nightward-opentui.gif), and [homepage WebM loop](site/public/demo/tui/nightward-opentui.webm)\n- Regenerate the JSON, HTML report, and report screenshot with `make demo-assets` using Chrome, Chromium, Brave, or `NIGHTWARD_CHROME=/path/to/browser`. Regenerate fixture-only TUI media with `make tui-media` and review every frame before committing.\n\n```mermaid\nflowchart LR\n  configs[\"AI agent/devtool config\"] --\u003e scan[\"nw scan\"]\n  scan --\u003e classify[\"classify paths\"]\n  scan --\u003e mcp[\"review MCP trust boundaries\"]\n  classify --\u003e tui[\"TUI\"]\n  classify --\u003e json[\"redacted JSON\"]\n  mcp --\u003e findings[\"findings + analysis signals\"]\n  findings --\u003e fix[\"plan-only fix exports\"]\n  findings --\u003e sarif[\"policy SARIF\"]\n  classify --\u003e backup[\"dry-run backup plan\"]\n```\n\n## Why\n\nAI coding tools scatter useful state across config files, MCP server definitions, skills, rules, commands, extension settings, credentials, caches, and app-owned databases. Blindly syncing all of it is fragile and unsafe.\n\nNightward answers the practical questions first:\n\n- What exists on this machine?\n- What is portable enough for a private dotfiles repo?\n- What is machine-local, app-owned, runtime cache, or credential material?\n- Which MCP configs deserve security review?\n- What exact remediation plan should I consider before syncing?\n- What would a backup plan include, review, or exclude before it writes anything?\n\n## Highlights\n\n- OpenTUI-powered interactive app with dashboard, findings, analysis, fix plan, inventory, backup preview, and help sections.\n- `nightward` canonical command plus `nw` short alias.\n- Redacted JSON for automation and CI.\n- HOME scanning for local machines and `--workspace` scanning for CI, Trunk, and dotfiles repos.\n- MCP findings for unpinned package execution, shell wrappers, sensitive env keys, sensitive headers, local endpoints, broad filesystem access, token paths, parse failures, and unknown server shapes.\n- Offline analysis signals for supply-chain, secret exposure, filesystem scope, network exposure, execution risk, machine-local, and app-owned state review.\n- Optional provider framework for local and online-capable tools; CLI providers never auto-install and online-capable providers stay blocked unless explicitly enabled.\n- Scan summaries separate inventory buckets from finding buckets: item classification/risk/tool counts are distinct from finding severity/rule/tool counts.\n- Plan-only remediation metadata: fix kind, confidence, risk, review requirement, impact, and steps.\n- SARIF output for GitHub code scanning.\n- Importable Trunk plugin definition for `nightward-policy` and `nightward-analyze` from pinned release tags.\n- Optional `.nightward.yml` policy config with reason-required ignores.\n- Redacted plan-only remediation exports for parseable MCP config findings.\n- Read-only snapshot plan commands.\n- Reusable GitHub Action for scan, policy, and SARIF modes.\n- Read-only Raycast extension for Dashboard, Findings, Analysis, Provider Doctor, Explain Finding/Signal, Fix Plan/Analysis export, and report-folder access.\n- Read-only stdio MCP server for AI clients that need local scan, finding, rule, provider, policy, and fix-plan context.\n- User-level nightly scan scheduling for macOS launchd, Linux systemd user timers, and cron text fallback.\n- No telemetry, no cloud dashboard, no default network calls from Nightward runtime, and no live config mutation.\n- OpenSSF-oriented project hygiene: DCO, governance docs, threat model, coverage gate, pinned CI actions, release snapshot checks, signed release configuration, and security reporting policy.\n\n\u003e [!TIP]\n\u003e A practical first pass is `nw`, then `nw scan --json`, then `nw doctor --json`.\n\n## Install\n\nTry the release-gated npm launcher:\n\n```sh\nnpx @jsonbored/nightward scan\nnpm install -g @jsonbored/nightward\nnw\n```\n\nThis installs one Nightward CLI distribution with two command names:\n\n- `nightward`: canonical project command\n- `nw`: short alias for frequent terminal/TUI use\n\nFor local development from this checkout:\n\n```sh\nmake install-local\n```\n\nThe npm package is intentionally a thin launcher for GitHub Release binaries. It does not run a `postinstall` script; on first execution it downloads the matching release archive, verifies the archive SHA-256 from `checksums.txt`, caches the binaries locally, and then runs `nightward` or `nw`.\n\n## Quick Start\n\nOpen the TUI:\n\n```sh\nnw\n```\n\nReview a saved scan in the same TUI:\n\n```sh\nnw tui --input scan.json\n```\n\nScan local HOME state and emit redacted JSON:\n\n```sh\nnw scan --json\n```\n\nScan a repo/workspace instead of HOME:\n\n```sh\nnw scan --workspace . --json\n```\n\nCheck local assumptions:\n\n```sh\nnw doctor --json\n```\n\nList and explain findings:\n\n```sh\nnw findings list\nnw findings explain mcp_unpinned_package-abc123\n```\n\nGenerate a plan-only fix report:\n\n```sh\nnw fix plan --json\nnw fix plan --rule mcp_secret_env\nnw fix export --format markdown\n```\n\nRun offline analysis and provider checks:\n\n```sh\nnw analyze --json\nnw analyze --workspace . --json\nnw analyze package npm:@modelcontextprotocol/server-filesystem --json\nnw analyze finding mcp_unpinned_package-abc123 --json\nnw providers list --json\nnw providers doctor --with socket --json\nnw rules list --json\nnw rules explain mcp_secret_header --json\n```\n\nOnline-capable providers remain blocked until explicitly allowed:\n\n```sh\nnw providers doctor --with socket --online --json\nnw analyze --workspace . --with trivy,osv-scanner,socket --online --json\n```\n\nCreate or explain policy config:\n\n```sh\nnw policy init\nnw policy explain\nnw policy check --config .nightward.yml --strict --json\n```\n\nGenerate a dry-run backup plan:\n\n```sh\nnw plan backup\n```\n\nGenerate a read-only snapshot plan:\n\n```sh\nnw snapshot plan --output ~/nightward-snapshots --json\n```\n\nRender a local static HTML report from redacted scan JSON:\n\n```sh\nnw scan --json --output /tmp/nightward-scan.json\nnw report html --input /tmp/nightward-scan.json --output /tmp/nightward-report.html\nnw report diff --from /tmp/previous-scan.json --to /tmp/nightward-scan.json\nnw report html --from /tmp/previous-scan.json --to /tmp/nightward-scan.json --output /tmp/nightward-report.html\nnw tui --from /tmp/previous-scan.json --to /tmp/nightward-scan.json\nnw report html\nnw report history\nnw report latest\n```\n\nRun policy checks or generate SARIF:\n\n```sh\nnw policy check --strict --json\nnw policy sarif --output nightward.sarif\nnw policy check --workspace . --include-analysis --strict --json\nnw policy sarif --workspace . --include-analysis --output -\nnw policy badge --workspace . --include-analysis --sarif-url https://example.invalid/nightward.sarif --output nightward-badge.json\n```\n\nExpose Nightward to MCP-capable AI clients:\n\n```sh\nnw mcp serve\n```\n\nPreview scheduled nightly scans:\n\n```sh\nnw schedule plan --preset nightly\nnw schedule install --preset nightly --dry-run\nnw schedule remove --dry-run\n```\n\n## Classification Model\n\nNightward classifies discovered state as:\n\n- `portable`: usually safe to sync after review\n- `machine-local`: tied to local paths, identities, or machine assumptions\n- `secret-auth`: credentials or auth material; excluded by default\n- `runtime-cache`: generated runtime data; excluded by default\n- `app-owned`: databases, extension binaries, encrypted app state, or caches owned by another app\n- `unknown`: found state Nightward cannot classify confidently\n\nBackup plans include portable items, mark machine-local/unknown items for review, and exclude secret/auth, runtime-cache, and app-owned state by default.\n\n```mermaid\nflowchart TD\n  found[\"Discovered path\"] --\u003e bucket{\"Classification\"}\n  bucket --\u003e|portable| include[\"include in private backup plan\"]\n  bucket --\u003e|machine-local or unknown| review[\"review before syncing\"]\n  bucket --\u003e|secret-auth| excludeSecret[\"exclude by default\"]\n  bucket --\u003e|runtime-cache| excludeCache[\"exclude by default\"]\n  bucket --\u003e|app-owned| export[\"prefer app-supported export\"]\n```\n\n\u003e [!WARNING]\n\u003e Do not blindly sync `secret-auth`, `runtime-cache`, or `app-owned` paths. Nightward excludes them by default because those files often contain credentials, generated state, or app-private databases.\n\n## Fix Plan Model\n\nNightward does not apply fixes yet. \"Autofix\" currently means structured, reviewable fix plans:\n\n- `pin-package`: pin `npx`, `uvx`, or `pipx` package execution when the package name is parseable\n- `externalize-secret`: move inline secret values out of agent config and keep only env key names or setup docs\n- `replace-shell-wrapper`: replace simple shell passthroughs with direct executable invocation\n- `narrow-filesystem`: replace broad filesystem access with explicit paths after human review\n- `manual-review`: inspect unsupported, ambiguous, or high-risk config manually\n- `ignore-with-reason`: keep an advisory finding only after documenting why it is expected\n\nSecret values are never emitted in scan JSON, findings output, fix-plan JSON, Markdown exports, SARIF, or TUI detail text.\n\n`scan --json` is pre-1.0 and may make breaking shape improvements. The current summary schema uses explicit keys such as `items_by_classification`, `items_by_risk`, `findings_by_severity`, and `findings_by_rule` so item risk is not confused with finding severity.\n\n## Analysis Model\n\n`nw analyze` turns scan findings and classifications into explainable signals. It does not claim a package, server, binary, or URL is safe. It reports what Nightward can prove from local structure, why it matters, and how confident the signal is.\n\nDefault analysis is offline and built in. Optional providers are discovered by `providers doctor`; Nightward does not install them or call online services unless a user explicitly selects providers and opts into network-capable behavior. Explicit local providers are `gitleaks`, `trufflehog`, and `semgrep`. Online-capable providers are `trivy`, `osv-scanner`, and `socket`, and they require both `--with` and `--online`. Socket support creates a remote Socket scan artifact from dependency manifest metadata; Nightward does not fetch or normalize remote Socket reports in v1.\n\nProvider runs use explicit skip/block/ready states, timeouts, bounded output capture, and redacted metadata only. Oversized provider stdout fails closed as a provider warning instead of being partially parsed. Semgrep execution requires a repo-local config file so Nightward does not use automatic rule discovery by default.\n\nPolicy config can enable analysis and selected provider execution with `include_analysis`, `analysis_threshold`, `analysis_providers`, and `allow_online_providers`; online-capable providers still require explicit policy opt-in.\n\n```mermaid\nsequenceDiagram\n  participant User\n  participant Nightward\n  participant LocalTool as Optional local provider\n  User-\u003e\u003eNightward: nw analyze\n  Nightward--\u003e\u003eUser: offline built-in signals\n  User-\u003e\u003eNightward: nw analyze --workspace . --with gitleaks\n  Nightward-\u003e\u003eLocalTool: run only after explicit provider selection\n  LocalTool--\u003e\u003eNightward: provider signals\n  Nightward--\u003e\u003eUser: redacted analysis report\n```\n\n## TUI\n\nThe default `nightward` / `nw` command opens the TUI:\n\n- Dashboard: scan counts and schedule status\n- Inventory: discovered paths by tool, classification, and risk\n- Findings: severity/tool/rule filters with a selected-finding detail pane\n- Analysis: offline risk signals and provider warning summary\n- Fix Plan: safe/review/blocked remediation groups\n- Backup Plan: private-dotfiles dry-run preview\n\nThe TUI is now part of the Rust CLI binary and uses `opentui_rust` directly for the colored dashboard, filled panels, severity ribbons, and fixture-driven screenshots. Release archives and npm-downloaded binaries only need `nightward` and `nw`.\n\nKeyboard shortcuts:\n\n- `1`-`7`: switch sections\n- arrow keys or `h`/`j`/`k`/`l`: navigate\n- `/`: search findings\n- `s`: cycle severity\n- `x`: clear filters\n- `q` or `esc`: quit\n\nFixture-only OpenTUI demo: [TUI gallery](site/guide/tui.md), [dashboard PNG](site/public/demo/tui/overview.png), [walkthrough GIF](site/public/demo/nightward-opentui.gif), and [homepage WebM loop](site/public/demo/tui/nightward-opentui.webm).\n\n## MCP Server\n\nNightward can expose local, read-only context to MCP-capable AI clients:\n\n```json\n{\n  \"mcpServers\": {\n    \"nightward\": {\n      \"command\": \"nw\",\n      \"args\": [\"mcp\", \"serve\"]\n    }\n  }\n}\n```\n\nThe server supports scan, doctor, findings, finding explanation, fix-plan, policy-check, and rules tools plus latest-summary and rules resources. It uses stdio only, does not open a network listener, does not mutate config, and does not enable online-capable providers in v1.\n\n## GitHub Action\n\nNightward can run as a local GitHub Action in scan, policy, or SARIF mode:\n\n```yaml\n- uses: JSONbored/nightward@v0.1.4\n  with:\n    mode: sarif\n    output: nightward.sarif\n```\n\nSee [docs/action.md](docs/action.md) for inputs, outputs, and SARIF upload examples.\n\n## Website\n\nNightward's public docs/marketing site lives in [site](site) and uses VitePress with local search. It is designed as a repo-owned static site with no analytics by default; the deployed public site can opt into self-hosted Umami through build-time environment variables.\n\n```sh\ncd site\nnpm ci\nnpm run build\n```\n\nSee [docs/website.md](docs/website.md) for the page map, custom-domain notes, analytics boundary, and Stitch landing-page brief.\n\n## Trunk Plugin\n\nNightward includes an in-repo `plugin.yaml` for Trunk Check. Import a pinned release tag and enable repo/workspace policy scans:\n\n```sh\ntrunk plugins add --id nightward https://github.com/JSONbored/nightward v0.1.4\ntrunk check enable nightward-policy\n```\n\n`nightward-policy` emits SARIF from `nw policy sarif --workspace ${workspace} --output -`. `nightward-analyze` adds offline analysis signals with `--include-analysis`.\n\n## Raycast Extension\n\nThe read-only Raycast extension lives in [integrations/raycast](integrations/raycast).\n\n```sh\ncd integrations/raycast\nnpm ci\nnpm run build\nnpm run dev\n```\n\nCommands:\n\n- `Nightward Dashboard`\n- `Nightward Status`\n- `Nightward Findings`\n- `Nightward Analysis`\n- `Nightward Provider Doctor`\n- `Explain Nightward Finding`\n- `Explain Nightward Signal`\n- `Export Nightward Fix Plan`\n- `Export Nightward Analysis`\n- `Open Nightward Reports`\n\nThe extension shells out to `nw` or `nightward`, renders redacted output, copies explicitly requested exports, and opens the local reports folder. Provider Doctor can enable/disable provider selection for Raycast Analysis and, after confirmation, install known provider CLIs with the displayed Homebrew/npm command. It does not mutate agent configs or install schedules.\n\nSee [docs/raycast-extension.md](docs/raycast-extension.md) for preferences, validation, and read-only boundaries.\n\n## Scheduling\n\nThe plan-only `nightly` preset describes running:\n\n```sh\nnightward scan --json\n```\n\nPlanned user-level schedule targets:\n\n- macOS: `launchd` user agent\n- Linux: systemd user timer\n- Other platforms: generated cron text only\n\nSchedule plans never copy secrets, mutate dotfiles, restore files, or push to Git.\n\n## Development\n\n```sh\nmake test\nmake test-race\nmake test-junit\nmake coverage-check\nmake fuzz-smoke\nmake trunk-flaky-validate\nmake trunk-check\nmake ci-scripts-test\nmake raycast-verify\nmake npm-package-verify\nmake release-snapshot\nmake verify\ncargo run --bin nightward -- --help\ncargo run --bin nw -- scan --json\ncargo run --bin nw -- scan --workspace . --json\ncargo run --bin nw -- scan --json | jq '.summary'\ncargo run --bin nw -- findings list --json\ncargo run --bin nw -- findings list --json | jq '[.[] | select(.rule==\"mcp_server_review\")]'\ncargo run --bin nw -- analyze --all --json\ncargo run --bin nw -- providers doctor --json\ncargo run --bin nw -- rules list --json\ncargo run --bin nw -- fix plan --json\ncargo run --bin nw -- fix export --format markdown\ncargo run --bin nw -- policy sarif --output /tmp/nightward.sarif\ncargo run --bin nw -- policy sarif --workspace . --include-analysis --output -\ncargo run --bin nw -- schedule plan --json\n```\n\nLocal security checks used by maintainers:\n\n```sh\ntrunk check --show-existing --all\nmake gitleaks\nmake cargo-audit\nmake cargo-deny\nmake coverage-check\nmake fuzz-smoke\nmake release-snapshot\n```\n\n## Project Docs\n\n- [Security policy](SECURITY.md)\n- [Governance](GOVERNANCE.md)\n- [Maintainers](MAINTAINERS.md)\n- [Contributing guide](CONTRIBUTING.md)\n- [Contributing fixtures](docs/contributing-fixtures.md)\n- [Code of conduct](CODE_OF_CONDUCT.md)\n- [Support](SUPPORT.md)\n- [Roadmap](ROADMAP.md)\n- [Install and release channels](docs/install.md)\n- [Distribution plan](docs/distribution.md)\n- [Website and docs plan](docs/website.md)\n- [Growth backlog](docs/growth.md)\n- [Adapters](docs/adapters.md)\n- [Analysis](docs/analysis.md)\n- [Remediation](docs/remediation.md)\n- [Testing](docs/testing.md)\n- [Dependency maintenance](docs/dependency-maintenance.md)\n- [GitHub Action](docs/action.md)\n- [MCP server](docs/mcp-server.md)\n- [Raycast extension](docs/raycast-extension.md)\n- [CI/security notes](docs/ci-security.md)\n- [Release process](docs/release.md)\n- [Threat model](docs/threat-model.md)\n- [OpenSSF evidence](docs/openssf-best-practices.md)\n- [Privacy model](docs/privacy-model.md)\n- [Screenshot/GIF capture plan](docs/screenshots.md)\n\n## Contributors\n\n[![Contributors](https://contrib.rocks/image?repo=JSONbored/nightward)](https://github.com/JSONbored/nightward/graphs/contributors)\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=JSONbored/nightward\u0026type=Date)](https://www.star-history.com/#JSONbored/nightward\u0026Date)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsonbored%2Fnightward","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsonbored%2Fnightward","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsonbored%2Fnightward/lists"}