feat: add platform and supply-chain audit commands (#1926)

scripts/ecc.js

@@ -45,6 +45,14 @@ const COMMANDS = {
     script: 'status.js',
     description: 'Query the ECC SQLite state store status summary',
   },
+  'platform-audit': {
+    script: 'platform-audit.js',
+    description: 'Audit GitHub queues, discussions, roadmap, release, and security evidence',
+  },
+  'security-ioc-scan': {
+    script: 'ci/scan-supply-chain-iocs.js',
+    description: 'Scan dependency and AI-tool persistence surfaces for active supply-chain IOCs',
+  },
   sessions: {
     script: 'sessions-cli.js',
     description: 'List or inspect ECC sessions from the SQLite state store',
@@ -77,6 +85,8 @@ const PRIMARY_COMMANDS = [
   'repair',
   'auto-update',
   'status',
+  'platform-audit',
+  'security-ioc-scan',
   'sessions',
   'work-items',
   'session-inspect',
@@ -115,6 +125,8 @@ Examples:
   ecc status --json
   ecc status --exit-code
   ecc status --markdown --write status.md
+  ecc platform-audit --json --allow-untracked docs/drafts/
+  ecc security-ioc-scan --home
   ecc sessions
   ecc sessions session-active --json
   ecc work-items upsert linear-ecc-20 --source linear --source-id ECC-20 --title "Review control-plane contract" --status blocked