upkeep-auditlisted

# Upkeep Local Audit Run the full Upkeep audit pipeline (discovery → parallel reviewers → synthesis → HTML report) against a local repository. Output-only: the target repo is never modified. ## Steps 1. **Ensure the Upkeep checkout** at `~/.cache/upkeep`: - Missing: `git clone --depth 1 https://github.com/wei18/upkeep ~/.cache/upkeep` - Present: `git -C ~/.cache/upkeep pull --ff-only` (if the pull fails — diverged or dirty checkout — delete `~/.cache/upkeep` and re-clone; it is disposable) - Then `(cd ~/.cache/upkeep && npm ci)` after a fresh clone or whenever the pull changed `package-lock.json` (when unsure, run it — it is idempotent). 2. **Run the audit** (takes several minutes; reviewers run as parallel `claude -p` subprocesses — run it in the background and report progress): ```bash ~/.cache/upkeep/scripts/local-audit.sh <target-path> [--model M] [--rubric-lang L] [--max-turns N] [--out FILE] ``` Pass flags only when the user asked for them, with one exception: the report defaults to `./upkeep-report.html` in the current working directory, so if the working directory is inside the target repo, pass `--out` pointing outside it (e.g. `~/upkeep-report.html`) — the audit must never write into the target repo. Other defaults match the CI inputs (`claude-opus-4-8`, rubric `en`, `30` turns); `--rubric-lang` accepts `en` or `zh-TW`. 3. **Summarize**: the script prints the report markdown at the end. Present the findings grouped by severity (high → medium