Sloppify

ideas/dev-tooling/dependency-vulnerability-watcher.md

@@ -0,0 +1,25 @@
+# Dependency Vulnerability Watcher
+
+Continuously watch dependency manifests and lockfiles, detect newly disclosed vulnerabilities, and open remediation issues or pull requests automatically.
+
+## Problem
+Security advisories often arrive after dependencies are already deployed; manual tracking leads to delayed patches and inconsistent follow-up.
+
+## Core capabilities
+- Scan manifests and lockfiles across selected repositories.
+- Correlate package versions with advisory feeds (NVD, GitHub Advisories, ecosystem feeds).
+- Create severity-based issues with affected services and upgrade guidance.
+- Open update PRs with changelog notes and risk labels for safe upgrades.
+
+## MVP scope
+- Support npm, pip, and Docker base image checks.
+- Daily scheduled scans plus webhook-triggered scans on advisory updates.
+- Slack or email alerts for high and critical findings.
+
+## Success criteria
+- Mean time to patch critical CVEs drops below a target SLA.
+- 100% of critical findings have a tracked issue or PR within 24 hours.
+
+## Stretch ideas
+- Auto-rollout low-risk patch updates behind feature flags.
+- Policy engine to block release pipelines when unresolved critical CVEs exist.

ideas/dev-tooling/pr-conflict-predictor.md

@@ -0,0 +1,25 @@
+# PR Conflict Predictor
+
+Predict likely merge conflicts before a pull request is ready to merge, so teams can rebase earlier and avoid last-minute integration pain.
+
+## Problem
+Large repos with many parallel branches often discover conflicts only at merge time, when context is cold and release pressure is high.
+
+## Core capabilities
+- Track active branches and PRs, including touched files and dependency graph impact.
+- Compute a conflict risk score based on overlap, file churn, and branch age.
+- Post proactive PR comments when risk crosses a threshold.
+- Suggest mitigation steps: rebase now, split PR, or coordinate with specific authors.
+
+## MVP scope
+- Integrate with GitHub or Gitea API for open PR metadata.
+- Build nightly and on-push risk analysis.
+- Add a dashboard with high-risk PRs and conflicting file hotspots.
+
+## Success criteria
+- Fewer merge-blocking conflicts in release branches.
+- Lower average time from review complete to merge.
+
+## Stretch ideas
+- Simulate merge outcomes in a temporary branch.
+- Learn repo-specific risk patterns from historical conflict data.

ideas/dev-tooling/test-coverage-enforcer.md

@@ -0,0 +1,25 @@
+# Test Coverage Enforcer
+
+Enforce coverage quality gates in pull requests, and provide concrete suggestions on untested code paths before changes are merged.
+
+## Problem
+Coverage drifts over time because teams notice regression too late, and raw percentages rarely tell contributors what to test next.
+
+## Core capabilities
+- Track global and per-module coverage thresholds.
+- Fail checks or post PR comments when coverage regresses.
+- Map changed lines to missing tests and suggest test targets.
+- Maintain allowlists for generated code and low-value files.
+
+## MVP scope
+- GitHub/Gitea status checks with configurable thresholds.
+- PR comment bot showing delta coverage and top uncovered files.
+- Optional soft mode (warn only) before strict enforcement.
+
+## Success criteria
+- Coverage regressions are caught before merge.
+- Test additions increase specifically around changed business logic.
+
+## Stretch ideas
+- Suggest concrete test skeletons using project conventions.
+- Score tests by mutation-testing signals, not only line coverage.