日本語 | 中文 | Español | Français | हिन्दी | Italiano | Português (BR)
Centralized brand asset registry for the mcp-tool-shop-org GitHub org.
One repo holds every logo. Every README points here. Update once, update everywhere.
When every repo carries its own copy of the logo, you get duplication, drift, and inconsistency. A rebrand means hunting through 100+ repos. This repo fixes that — logos live here, READMEs reference them via raw.githubusercontent.com URLs.
logos/
<slug>/
readme.png # or readme.jpg — format preserved as-is
manifest.json # SHA-256 integrity hashes for every asset
docs/
handbook.md # Lessons learned from migrating 100+ repos
117 logos across the org. PNGs stay PNGs. JPEGs stay JPEGs. Format is a brand decision, not a build target.
npm install -g @mcptoolshop/brand
# Verify all logos match their manifest hashes
brand verify
# Regenerate manifest after adding/replacing a logo
brand manifest
# CI mode — fail if manifest is out of date
brand manifest --check
# Audit repos for broken refs, badge collisions, indentation traps
brand audit --repos /path/to/clones
# Migrate READMEs to point at brand repo (dry run first)
brand migrate --repos /path/to/clones --dry-run
brand migrate --repos /path/to/clones- Drop the file into
logos/<slug>/readme.png(or.jpg) - Run
brand manifestto update integrity hashes - Commit both the logo and
manifest.jsontogether - CI verifies the manifest on push
Every logo is tracked by SHA-256 hash in manifest.json. CI runs brand manifest --check on every push that touches logos/ or manifest.json. Any mismatch — accidental overwrite, tampering, drift — fails the build.
See SECURITY.md for the full security policy and docs/handbook.md for the migration handbook.
| Aspect | Detail |
|---|---|
| Data touched | Logo files in logos/ (read), manifest.json (read/write), README files (read/write during migration) |
| Data NOT touched | No telemetry, no analytics, no network calls, no code execution from logo files |
| Permissions | Read: logo files, manifest, READMEs. Write: manifest.json, READMEs (migration only) |
| Network | None — fully offline CLI tool |
| Telemetry | None collected or sent |
See SECURITY.md for vulnerability reporting and SHA-256 integrity features.
| Category | Score |
|---|---|
| A. Security | 10 |
| B. Error Handling | 10 |
| C. Operator Docs | 10 |
| D. Shipping Hygiene | 10 |
| E. Identity (soft) | 10 |
| Overall | 50/50 |
Full audit: SHIP_GATE.md · SCORECARD.md
Built by MCP Tool Shop