Marketing & Distribution: README, Landing Page, Installation Guide

[ProduktEntdecker]

Overview

Create marketing materials and improve documentation to make PatchPilot easy to discover, understand, and install.

Target Audience

Vibe Coders - Developers using AI coding tools (Claude Code, Cursor, Copilot) who want peace of mind while their AI agent installs packages.

Value Proposition

"Security scanner for vibe coders. Automatically blocks vulnerable packages before your AI agent installs them."

---

Tasks

1. README Overhaul

• Hero section with clear value prop
• Animated GIF/screenshot showing block in action
• One-liner installation: npm install -g patchpilot
• Copy-paste Claude Code settings snippet
• Badges (npm version, license, downloads)
• "Why PatchPilot?" section (problem → solution)
• Supported package managers (npm, pip, brew)
• How it works (simple diagram)
• FAQ section

2. Landing Page

• Domain: patchpilot.dev or similar
• Hero: "Stop worrying about what your AI is installing"
• Demo video/GIF
• Installation steps (3 easy steps)
• Testimonials (after beta)
• Pricing section (Free tier, Pro tier later)
• "Works with" logos (Claude Code, Cursor, etc.)

3. Installation Guide

• Quick start (30 seconds)
• Detailed guide with screenshots
• Troubleshooting section
• Multi-machine setup (Mac Mini + MacBook)
• Uninstall instructions

4. Distribution Channels

• npm registry (Issue Publish to npm registry #5)
• GitHub Releases with changelog
• Claude Code plugin marketplace (if available)
• MCP server registry
• Homebrew tap (optional)

5. Content Marketing

• Twitter/X announcement thread
• Dev.to / Hashnode article: "How I protect my codebase from AI-installed vulnerabilities"
• YouTube short demo
• Reddit posts (r/ClaudeAI, r/cursor, r/programming)

---

Key Messages

Audience Pain	PatchPilot Solution
"I don't know what packages AI is installing"	Automatic interception
"I can't evaluate if packages are safe"	OSV database check
"I want peace of mind, not paranoia"	Silent allow for safe, loud block for dangerous

---

Success Metrics

• 100 GitHub stars
• 500 npm weekly downloads
• 10 beta testers with feedback

Priority: P2 (after npm publish)

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

✅ Successfully generated implementation plan.

💡 Use @coderabbitai <feedback> to replan

Examples

• Example 1
• Example 2

---

🔗 Similar Issues

Related Issues

• Publish to npm registry #5
• Command parser for npm/pip/brew install #2
• OSV API integration for vulnerability checks #3

👤 Suggested Assignees

• ProduktEntdecker

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord!

[coderabbitai]

Coding Plan

Approach

Create comprehensive marketing materials and documentation to help "vibe coders" discover, understand, and install PatchPilot - transforming the minimal current documentation into a complete go-to-market package including README overhaul, landing page, demo assets, distribution setup, and content marketing materials.

Observations

PatchPilot is a TypeScript-based CLI security scanner (v0.2.0) that acts as a Claude Code pre-execution hook, checking npm/pip/brew packages against the OSV vulnerability database. Currently documented via a minimal 50-line README with basic installation instructions, the project has no marketing assets, no publishing infrastructure, and no comprehensive installation guides. The tool outputs clear severity-based decisions (allow/deny/ask) with emoji-rich messages ideal for demonstration, and is distributed via npx with configuration through ~/.claude/settings.json.

Assumptions

Assumption 1: MCP Server Registry listing

Options Considered:

• Skip MCP registry entirely and clarify this in documentation
• List in MCP registry anyway as a "tool" if the registry accepts non-server integrations

Chosen Option: 1

Rationale: Skip MCP registry listing and clearly document that PatchPilot is a Claude Code hook (not an MCP server), avoiding confusion about its architecture and integration model.

Assumption 2: Landing page technology stack

Options Considered:

• Static HTML/CSS with Tailwind (simplest, zero build step)
• Astro static site (modern, excellent performance, good DX)
• Next.js (more complex, overkill for simple landing page)

Chosen Option: 2

Rationale: Astro provides excellent developer experience, built-in optimizations, and component-based structure while keeping the site completely static, aligning with the minimal-budget hosting requirement (Cloudflare Pages/Vercel free tier).

Assumption 3: Demo asset format

Options Considered:

• Traditional screen recording (OBS/QuickTime) → GIF conversion
• asciinema text-based recording → SVG or optimized GIF

Chosen Option: 2

Rationale: asciinema provides sharper text, smaller file sizes, and ability to regenerate assets with timing adjustments, following best practices for developer tool marketing.

💡 User Tips

Regenerate the plan with different choices with @coderabbitai <feedback>.

Implementation Steps

Phase 1: Core Documentation Enhancement

Establish comprehensive documentation foundation that allows developers to understand and install PatchPilot without requiring additional marketing materials.

Task 1: README Overhaul

Transform README.md into a complete project introduction with clear value proposition, installation, and usage guidance.

• Replace existing content with hero section including tagline "Security scanner for vibe coders" and value proposition
• Add npm badge, license badge, and downloads badge placeholders (shields.io format)
• Create "Why PatchPilot?" section contrasting the problem (unknown AI-installed packages) with the solution (automatic OSV checking)
• Document supported package managers (npm/npx, pip/pip3, brew) with command examples from src/parser.ts patterns
• Expand "How It Works" section with text-based flow diagram showing Agent → PatchPilot → OSV → Decision
• Add FAQ section covering common questions: "Does this slow down AI?", "What happens on false positives?", "Can I customize severity thresholds?"
• Include placeholder for demo GIF/screenshot (to be added in Phase 2)
• Update installation section with global install command: npm install -g patchpilot
• Keep existing Claude Code settings snippet but improve formatting and explanation

Task 2: Create Installation Guide

Add INSTALL.md providing detailed setup instructions beyond README's quick start.

• Create new INSTALL.md in repository root
• Write "Quick Start (30 seconds)" section with copy-paste commands for global install and settings configuration
• Add "Detailed Setup" section with step-by-step instructions including prerequisites (Node.js version requirement)
• Document multi-machine setup pattern referencing ~/.claude/settings.json synchronization approaches
• Create "Troubleshooting" section addressing: command not found errors, timeout configuration adjustments, permission issues, OSV API connectivity problems
• Add "Uninstall" section with npm uninstall -g patchpilot and settings cleanup instructions
• Include "Verifying Installation" section with test command to confirm PatchPilot responds correctly

Task 3: Create Changelog Infrastructure

Establish version history tracking for GitHub releases and npm publishing.

• Create CHANGELOG.md in repository root following Keep a Changelog format
• Document v0.2.0 with existing features: npm/pip/brew support, OSV integration, severity-based decisions
• Add "Unreleased" section header for tracking future changes
• Structure with categories: Added, Changed, Deprecated, Removed, Fixed, Security

🤖 Prompt for AI agents

Enhance PatchPilot's core documentation to provide comprehensive understanding
and installation guidance for developers.

Overhaul README.md:
- Add hero section with "Security scanner for vibe coders" tagline and value
proposition
- Include npm, license, and downloads badges using shields.io format
- Create "Why PatchPilot?" section explaining the problem/solution
- Document supported package managers (npm/npx, pip/pip3, brew) with command
examples
- Add text-based flow diagram: Agent → PatchPilot → OSV → Decision
- Include FAQ section addressing performance, false positives, and customization
- Add placeholder for demo GIF
- Update installation section with `npm install -g patchpilot`
- Improve Claude Code settings snippet formatting

Create INSTALL.md:
- Add "Quick Start (30 seconds)" with copy-paste commands
- Write "Detailed Setup" with prerequisites and step-by-step instructions
- Document multi-machine setup patterns
- Create "Troubleshooting" section for common issues
- Add "Uninstall" section with cleanup instructions
- Include "Verifying Installation" section

Create CHANGELOG.md:
- Follow Keep a Changelog format
- Document v0.2.0 features
- Add "Unreleased" section
- Use standard categories: Added, Changed, Deprecated, Removed, Fixed, Security

Phase 2: Marketing Assets Creation

Develop visual and media assets that demonstrate PatchPilot in action for use across all marketing channels.

Task 1: Record Terminal Demo Sessions

Create high-quality terminal recordings showing PatchPilot blocking vulnerable packages.

• Set up demo environment with clean terminal theme, appropriate font size (14-16pt), and ~80 column width
• Create demo script showing: safe package (allows silently), package with HIGH severity vulnerability (blocks with detailed message), package with MODERATE severity (asks for confirmation)
• Record three scenarios using asciinema: npm install lodash@latest (safe), npm install lodash@4.17.20 (vulnerable), pip install django==2.0 (vulnerable)
• Use asciinema's idle-time-limit flag to trim pauses and keep demos under 15 seconds each
• Save recordings in new demos/ directory as .cast files for future regeneration

Task 2: Generate Demo Assets

Convert terminal recordings into embeddable formats for README and landing page.

• Create demos/ directory for storing all demo assets
• Use agg (asciinema GIF generator) to create optimized animated GIFs from .cast files
• Use svg-term-cli to generate SVG versions for README embedding (sharper text, smaller files)
• Generate three asset sets: demo-allow.gif/.svg, demo-deny.gif/.svg, demo-ask.gif/.svg
• Optimize GIF file sizes to stay under 2MB each using gifski or similar compression
• Create a combined "showcase" GIF showing all three scenarios in sequence for hero section

Task 3: Create Diagram Assets

Design visual explanations of PatchPilot's architecture and flow.

• Create assets/ directory for storing diagrams and static images
• Design "How It Works" flow diagram showing: AI Agent → Bash Command → PatchPilot Hook → Package Parser → OSV API → Security Decision → Allow/Deny/Ask
• Create "Supported Ecosystems" diagram showing npm/pip/brew logos with checkmarks
• Generate SVG versions using tools like Excalidraw, draw.io, or similar for crisp scaling
• Export PNG versions at 2x resolution for non-SVG contexts
• Add attribution/license info for any third-party logos used

🤖 Prompt for AI agents

Create visual and media assets demonstrating PatchPilot's functionality for
marketing use.

Record terminal demos:
- Set up clean demo environment with 14-16pt font and ~80 column width
- Record three asciinema scenarios:
  - Safe package: `npm install lodash@latest`
  - HIGH severity: `npm install lodash@4.17.20`
  - MODERATE severity: `pip install django==2.0`
- Use idle-time-limit to keep demos under 15 seconds
- Save as .cast files in demos/ directory

Generate demo assets:
- Create demos/ directory
- Convert .cast files to GIFs using agg
- Generate SVG versions using svg-term-cli
- Create three asset sets: demo-allow, demo-deny, demo-ask (GIF and SVG)
- Optimize GIFs to under 2MB
- Create combined showcase GIF with all three scenarios

Create diagrams:
- Create assets/ directory
- Design flow diagram: AI Agent → Bash Command → PatchPilot Hook → Package
Parser → OSV API → Security Decision → Allow/Deny/Ask
- Create ecosystem diagram with npm/pip/brew logos
- Generate SVG and PNG (2x resolution) versions
- Add attribution for third-party logos

Phase 3: Landing Page Development

Build patchpilot.dev website that serves as the primary marketing destination and installation guide.

Task 1: Set Up Landing Page Repository

Create separate repository and deployment infrastructure for the landing page.

• Create new repository (e.g., patchpilot-landing or landing.patchpilot.dev)
• Initialize Astro project with minimal template: npm create astro@latest
• Configure for static site generation (Astro's default mode)
• Add Tailwind CSS for styling via Astro integration
• Set up Cloudflare Pages or Vercel deployment via Git integration
• Configure custom domain patchpilot.dev with DNS pointing to deployment platform

Task 2: Build Landing Page Sections

Create marketing-focused website with clear value proposition and installation flow.

• Design hero section in src/pages/index.astro with headline "Stop worrying about what your AI is installing", subheadline with value prop, and demo GIF from Phase 2
• Create "Installation" section with three clear steps: (1) Install globally, (2) Add to Claude Code settings, (3) Watch your AI work safely
• Add "How It Works" section embedding Phase 2 flow diagram and brief technical explanation
• Build "Supported Tools" section with logos/icons for Claude Code, Cursor, GitHub Copilot (mark Cursor/Copilot as "compatible via standard hooks")
• Create "Open Source" section highlighting MIT license, GitHub link, npm link with live badge
• Add placeholder "Testimonials" section with structure for future beta tester quotes (hidden via feature flag or commented out)
• Include simple "FAQ" section pulling from README FAQ content
• Add footer with GitHub, Twitter/X links and copyright notice

Task 3: Configure Landing Page Infrastructure

Set up deployment, analytics, and domain infrastructure for production use.

• Configure Cloudflare Pages build settings: build command npm run build, output directory dist/
• Set up custom domain DNS records (A/AAAA or CNAME) pointing to Cloudflare Pages
• Enable HTTPS with automatic certificate provisioning
• Add lightweight analytics (Cloudflare Web Analytics or Plausible) with privacy-friendly configuration
• Create simple contact form or GitHub Discussions link for beta tester feedback
• Set up deployment previews for all commits on non-main branches

🤖 Prompt for AI agents

Build and deploy patchpilot.dev landing page as the primary marketing
destination.

Set up repository:
- Create new repository for landing page
- Initialize Astro project: `npm create astro@latest`
- Add Tailwind CSS via Astro integration
- Set up Cloudflare Pages or Vercel deployment
- Configure patchpilot.dev custom domain

Build landing page sections in src/pages/index.astro:
- Hero: "Stop worrying about what your AI is installing" headline with demo GIF
- Installation: Three-step guide (install globally, add to settings, work
safely)
- How It Works: Flow diagram from Phase 2 with technical explanation
- Supported Tools: Claude Code, Cursor, GitHub Copilot (note compatibility)
- Open Source: MIT license, GitHub/npm links with badges
- Testimonials: Placeholder structure (hidden/commented)
- FAQ: Pull from README FAQ
- Footer: GitHub, Twitter/X links, copyright

Configure infrastructure:
- Set Cloudflare Pages build command: `npm run build`, output: `dist/`
- Configure custom domain DNS
- Enable HTTPS auto-provisioning
- Add privacy-friendly analytics (Cloudflare Web Analytics or Plausible)
- Add contact form or GitHub Discussions link
- Enable deployment previews for non-main branches

Phase 4: Distribution Infrastructure

Establish publishing channels and release automation for making PatchPilot discoverable through standard distribution channels.

Task 1: Prepare npm Publishing

Configure package.json and add pre-publish automation for npm registry distribution.

• Update package.json with files array specifying what to publish: ["dist/", "README.md", "LICENSE"]
• Add prepublishOnly script to ensure TypeScript compilation runs before publishing: "prepublishOnly": "npm run build"
• Add publishConfig field with access: "public" for scoped packages
• Update package.json keywords field with discoverable terms: ["security", "claude-code", "ai", "vulnerability", "npm", "pip", "brew", "osv"]
• Add homepage field pointing to patchpilot.dev once live
• Add repository field with GitHub URL and bugs field with GitHub issues URL
• Verify main and bin entries are correct for distribution

Task 2: Create Release Infrastructure

Set up GitHub releases with automated changelog generation and asset packaging.

• Create .github/workflows/ directory for GitHub Actions
• Add release.yml workflow triggered on version tags (e.g., v*) that: builds TypeScript, runs tests, creates GitHub release with CHANGELOG excerpt, attaches compiled artifacts
• Document release process in CONTRIBUTING.md (new file): version bump in package.json, update CHANGELOG.md, commit with "Release v0.X.X", tag commit, push tag to trigger workflow
• Configure GitHub repository settings to create release notes automatically from commits
• Add release checklist template in .github/ISSUE_TEMPLATE/release.md

Task 3: Set Up Additional Distribution Channels

Prepare for alternative installation methods beyond npm.

• Create .github/workflows/homebrew-update.yml (optional, for future) that automatically updates Homebrew tap on release
• Document in CONTRIBUTING.md that MCP server registry is not applicable (PatchPilot is a hook, not MCP server)
• Add note to README that npx installation is preferred over global install for users who don't want permanent installation
• Create installation verification script that can be used across all distribution channels
• Add "Installation via npx" section to INSTALL.md for users who prefer not to install globally

🤖 Prompt for AI agents

Set up publishing channels and release automation for npm distribution and
discoverability.

Prepare npm publishing in package.json:
- Add `files` array: `["dist/", "README.md", "LICENSE"]`
- Add `prepublishOnly` script: `"npm run build"`
- Add `publishConfig` with `access: "public"`
- Update `keywords`: `["security", "claude-code", "ai", "vulnerability", "npm",
"pip", "brew", "osv"]`
- Add `homepage`: patchpilot.dev
- Add `repository` and `bugs` fields with GitHub URLs
- Verify `main` and `bin` entries

Create release infrastructure:
- Create .github/workflows/release.yml triggered on v* tags
- Workflow: build TypeScript, run tests, create GitHub release with CHANGELOG
excerpt, attach artifacts
- Create CONTRIBUTING.md documenting release process: version bump, update
CHANGELOG, commit, tag, push
- Configure automatic release notes from commits
- Add release checklist template in .github/ISSUE_TEMPLATE/release.md

Set up additional distribution:
- Create .github/workflows/homebrew-update.yml (optional, for future)
- Document in CONTRIBUTING.md that MCP registry is not applicable
- Add npx installation note to README
- Create installation verification script
- Add "Installation via npx" section to INSTALL.md

Phase 5: Content Marketing Materials

Create promotional content for distribution across developer communities and social platforms.

Task 1: Write Launch Blog Post

Create comprehensive article explaining PatchPilot's value and technical approach.

• Create blog-post.md in new content/ directory with article titled "How I Protect My Codebase from AI-Installed Vulnerabilities"
• Structure article: Problem statement (AI agents installing unknown packages), Solution overview (PatchPilot as pre-execution hook), Technical deep-dive (OSV integration, severity mapping), Installation guide, Call to action (GitHub star, npm install)
• Include code examples showing vulnerable package detection with actual CVE references
• Add demo GIFs from Phase 2 showing blocks in action
• Include performance notes (8-second timeout, negligible overhead)
• End with invitation to contribute and roadmap teaser
• Prepare for cross-posting to Dev.to, Hashnode, Medium

Task 2: Create Social Media Content

Develop promotional posts and threads for developer communities.

• Write Twitter/X launch thread (5-7 tweets) in content/twitter-thread.md: Hook (Ever worry what your AI is installing?), Problem statement, Solution demo with GIF, Technical highlight (OSV database), Installation one-liner, Call to action
• Create Reddit post template in content/reddit-post.md for r/ClaudeAI, r/cursor, r/programming with community-appropriate tone adjustments
• Write Hacker News submission title and comment in content/hackernews.md
• Prepare LinkedIn post version in content/linkedin-post.md with professional framing
• Include relevant hashtags for each platform and links to landing page + GitHub

Task 3: Prepare Video Demo Script

Outline short-form video content for YouTube and social media.

• Create content/video-script.md with storyboard for 60-90 second demo video
• Script sections: Problem setup (5s), Demo of PatchPilot blocking vulnerability (30s), Installation steps (20s), Call to action (5s)
• Note key talking points and visual cues
• Reference demo assets from Phase 2 for screen recording portions
• Include note that video production can be done after Phase 1-4 are complete
• Add recommendation to use asciinema for terminal portions and simple screen recording for installation steps

🤖 Prompt for AI agents

Create promotional content for distribution across developer communities and
social platforms.

Write launch blog post:
- Create content/blog-post.md: "How I Protect My Codebase from AI-Installed
Vulnerabilities"
- Structure: Problem statement, Solution overview, Technical deep-dive (OSV
integration, severity mapping), Installation guide, Call to action
- Include code examples with CVE references
- Add demo GIFs from Phase 2
- Include performance notes (8-second timeout)
- Add contribution invitation and roadmap teaser
- Prepare for cross-posting to Dev.to, Hashnode, Medium

Create social media content:
- Write content/twitter-thread.md: 5-7 tweet thread with hook, problem, solution
demo, OSV highlight, installation, CTA
- Create content/reddit-post.md for r/ClaudeAI, r/cursor, r/programming with
tone adjustments
- Write content/hackernews.md with submission title and comment
- Prepare content/linkedin-post.md with professional framing
- Include platform-appropriate hashtags and links

Prepare video demo script:
- Create content/video-script.md for 60-90 second video
- Script sections: Problem (5s), Demo (30s), Installation (20s), CTA (5s)
- Note talking points and visual cues
- Reference Phase 2 demo assets
- Note video production can follow Phase 1-4
- Recommend asciinema for terminal portions

---

🚀 Next Steps

🤖 All AI agent prompts combined

Task: 1

Enhance PatchPilot's core documentation to provide comprehensive understanding
and installation guidance for developers.

Overhaul README.md:
- Add hero section with "Security scanner for vibe coders" tagline and value
proposition
- Include npm, license, and downloads badges using shields.io format
- Create "Why PatchPilot?" section explaining the problem/solution
- Document supported package managers (npm/npx, pip/pip3, brew) with command
examples
- Add text-based flow diagram: Agent → PatchPilot → OSV → Decision
- Include FAQ section addressing performance, false positives, and customization
- Add placeholder for demo GIF
- Update installation section with `npm install -g patchpilot`
- Improve Claude Code settings snippet formatting

Create INSTALL.md:
- Add "Quick Start (30 seconds)" with copy-paste commands
- Write "Detailed Setup" with prerequisites and step-by-step instructions
- Document multi-machine setup patterns
- Create "Troubleshooting" section for common issues
- Add "Uninstall" section with cleanup instructions
- Include "Verifying Installation" section

Create CHANGELOG.md:
- Follow Keep a Changelog format
- Document v0.2.0 features
- Add "Unreleased" section
- Use standard categories: Added, Changed, Deprecated, Removed, Fixed, Security
===============================================================================

Task: 2

Create visual and media assets demonstrating PatchPilot's functionality for
marketing use.

Record terminal demos:
- Set up clean demo environment with 14-16pt font and ~80 column width
- Record three asciinema scenarios:
  - Safe package: `npm install lodash@latest`
  - HIGH severity: `npm install lodash@4.17.20`
  - MODERATE severity: `pip install django==2.0`
- Use idle-time-limit to keep demos under 15 seconds
- Save as .cast files in demos/ directory

Generate demo assets:
- Create demos/ directory
- Convert .cast files to GIFs using agg
- Generate SVG versions using svg-term-cli
- Create three asset sets: demo-allow, demo-deny, demo-ask (GIF and SVG)
- Optimize GIFs to under 2MB
- Create combined showcase GIF with all three scenarios

Create diagrams:
- Create assets/ directory
- Design flow diagram: AI Agent → Bash Command → PatchPilot Hook → Package
Parser → OSV API → Security Decision → Allow/Deny/Ask
- Create ecosystem diagram with npm/pip/brew logos
- Generate SVG and PNG (2x resolution) versions
- Add attribution for third-party logos
===============================================================================

Task: 3

Build and deploy patchpilot.dev landing page as the primary marketing
destination.

Set up repository:
- Create new repository for landing page
- Initialize Astro project: `npm create astro@latest`
- Add Tailwind CSS via Astro integration
- Set up Cloudflare Pages or Vercel deployment
- Configure patchpilot.dev custom domain

Build landing page sections in src/pages/index.astro:
- Hero: "Stop worrying about what your AI is installing" headline with demo GIF
- Installation: Three-step guide (install globally, add to settings, work
safely)
- How It Works: Flow diagram from Phase 2 with technical explanation
- Supported Tools: Claude Code, Cursor, GitHub Copilot (note compatibility)
- Open Source: MIT license, GitHub/npm links with badges
- Testimonials: Placeholder structure (hidden/commented)
- FAQ: Pull from README FAQ
- Footer: GitHub, Twitter/X links, copyright

Configure infrastructure:
- Set Cloudflare Pages build command: `npm run build`, output: `dist/`
- Configure custom domain DNS
- Enable HTTPS auto-provisioning
- Add privacy-friendly analytics (Cloudflare Web Analytics or Plausible)
- Add contact form or GitHub Discussions link
- Enable deployment previews for non-main branches
===============================================================================

Task: 4

Set up publishing channels and release automation for npm distribution and
discoverability.

Prepare npm publishing in package.json:
- Add `files` array: `["dist/", "README.md", "LICENSE"]`
- Add `prepublishOnly` script: `"npm run build"`
- Add `publishConfig` with `access: "public"`
- Update `keywords`: `["security", "claude-code", "ai", "vulnerability", "npm",
"pip", "brew", "osv"]`
- Add `homepage`: patchpilot.dev
- Add `repository` and `bugs` fields with GitHub URLs
- Verify `main` and `bin` entries

Create release infrastructure:
- Create .github/workflows/release.yml triggered on v* tags
- Workflow: build TypeScript, run tests, create GitHub release with CHANGELOG
excerpt, attach artifacts
- Create CONTRIBUTING.md documenting release process: version bump, update
CHANGELOG, commit, tag, push
- Configure automatic release notes from commits
- Add release checklist template in .github/ISSUE_TEMPLATE/release.md

Set up additional distribution:
- Create .github/workflows/homebrew-update.yml (optional, for future)
- Document in CONTRIBUTING.md that MCP registry is not applicable
- Add npx installation note to README
- Create installation verification script
- Add "Installation via npx" section to INSTALL.md
===============================================================================

Task: 5

Create promotional content for distribution across developer communities and
social platforms.

Write launch blog post:
- Create content/blog-post.md: "How I Protect My Codebase from AI-Installed
Vulnerabilities"
- Structure: Problem statement, Solution overview, Technical deep-dive (OSV
integration, severity mapping), Installation guide, Call to action
- Include code examples with CVE references
- Add demo GIFs from Phase 2
- Include performance notes (8-second timeout)
- Add contribution invitation and roadmap teaser
- Prepare for cross-posting to Dev.to, Hashnode, Medium

Create social media content:
- Write content/twitter-thread.md: 5-7 tweet thread with hook, problem, solution
demo, OSV highlight, installation, CTA
- Create content/reddit-post.md for r/ClaudeAI, r/cursor, r/programming with
tone adjustments
- Write content/hackernews.md with submission title and comment
- Prepare content/linkedin-post.md with professional framing
- Include platform-appropriate hashtags and links

Prepare video demo script:
- Create content/video-script.md for 60-90 second video
- Script sections: Problem (5s), Demo (30s), Installation (20s), CTA (5s)
- Note talking points and visual cues
- Reference Phase 2 demo assets
- Note video production can follow Phase 1-4
- Recommend asciinema for terminal portions

💡 Iterate on the plan with: @coderabbitai <feedback>

Example Feedback
- @coderabbitai You can skip phase 3. Add a simple unit test case for phase 2.
- @coderabbitai For assumption 1 go ahead with option 3 and replan.

---

💬 Have feedback or questions? Drop into our discord!