Every term SiteCMD uses with a specific meaning, in one place. If a word in the product or docs is doing more work than you think it is, it’s probably here.

Scan terms

Scan - A single run of SiteCMD’s check engine against a project. Produces a set of findings, a score, and updates the project’s history.

Run Scan - The user action that starts a scan. The top-bar button.

Live-site checks - The engine that fetches your URL and runs checks against the response. See Live-site checks.

Source audit / Code Scan - The engine that walks your linked source folder and analyzes files locally. See Source audit.

Polish signals - A subset of live-site checks that look for the patterns of vibe-coded sites. Inline-style density, AI-aesthetic gradients, em-dash overuse, default page titles, and similar.

Probe checks - Live-site checks that make their own follow-up HTTP requests (fetching /robots.txt, alternate URLs for security headers, etc.). Slower than HTML parse checks but run concurrently.

HTML parse checks - Live-site checks that operate on the page SiteCMD already fetched. Essentially free per scan.

Scheduled scan - A scan configured to run automatically on a daily or weekly schedule, per environment. Runs in the background, even when the app window is closed. See Scheduled scans.

Session scan / multi-page scan - A single scan run that covers more than one page of a site, grouped together under a session ID so the pages report as one scan.

Pre-deploy scan - A scan mode that skips checks requiring a live URL. Used by the CLI when scanning a build artifact before deployment.

Issue terms

Finding - A single thing SiteCMD detected. Also called an issue.

Severity - How bad a finding is if it’s real. Critical, High, Medium, or Low. See Understanding findings.

Confidence - How sure SiteCMD is that a finding is real. Confirmed, High, or Needs review.

Status - Where a finding sits in your workflow. New, Snoozed, Ignored, Blocked, or Verified.

Active findings - Findings in the New status. These count toward your score.

Dismissed - Catchall term for findings in any non-New status. The Dismissed view collects them.

Quick win - A finding whose fix guide marks the work as quick effort. Surfaced as a filter on the Issues page.

Fix guide - Step-by-step instructions for resolving a finding, with an effort estimate (quick, moderate, or involved) and framework-specific steps when your stack is detected. Gated to Core and above.

Fix prompt - An LLM-ready writeup of a finding, with enough context that an AI editor can act on it directly. Pulled by AI editors over MCP (get_fix_prompts) or exported from the issue.

Verified agent fix - The loop where SiteCMD briefs your coding agent on a finding, the agent makes the change, and SiteCMD re-runs the check to confirm it’s actually fixed. Free includes 3 a month; Core and Pro are unlimited.

Score terms

SiteCMD Score - The headline number out of 100 that summarizes your project’s health. See The SiteCMD Score.

Impact - The per-issue weight used to rank findings: the severity’s base points, scaled by confidence and status, boosted by occurrences. The Issues list sorts by impact, not by severity alone.

Diminishing returns - The deduction model behind the score. The first issue of a severity costs the most; each additional one costs a little less. Keeps a long tail of small issues from collapsing the score to zero.

Exploitable cap - The one hard cap on the score. A genuinely exploitable security finding (exposed secret, SQL injection, SSRF, and similar) at confirmed or high confidence caps the score at 49 until it’s resolved. Needs-review findings never trigger it.

Engine and architecture terms

Project - A single website tracked in SiteCMD. Has a name, one or more URL environments, and optionally a linked source folder.

Environment - One URL associated with a project, tagged with a role: production, staging, development, or local. Each project has one or more environments.

Linked source folder - A directory on your machine that SiteCMD is allowed to read for the source audit. Linked per-project.

Risk category - How SiteCMD groups findings for the score breakdown. Security, Performance, SEO, Accessibility, Database, Dependencies, Reliability, Compliance, Polish, AI safety, Architecture.

Detected framework - The framework SiteCMD identified for your project based on package.json, lockfiles, hosting config, and other markers. Used to pick framework-specific fix steps.

Integration terms

Integration - A connected third-party service that SiteCMD reads data from or writes findings to.

Cross-source correlation - When a scan finding and an integration event happen in the same window and SiteCMD ties them together. Gated to Core and above.

Ticket mirroring - Pushing a SiteCMD finding into GitHub Issues or Jira as a ticket. Gated to Core and above.

Webhooks - Outbound HTTP calls triggered by SiteCMD events. Gated to Pro.

CLI and developer terms

CLI - The sitecmd command-line binary. Same check engine as the desktop app, no UI, runs headless. See CLI reference.

Quality gate - A CI step that fails the build if a scan’s score drops below a threshold. See Quality gates in CI.

MCP - Model Context Protocol, the standard SiteCMD’s AI integration speaks. See AI editor overview.

MCP server - sitecmd-mcp, the binary that exposes scan data to MCP-capable AI editors. Bundled with the desktop app.

.sitecmd/ directory - Project-level configuration directory created by sitecmd init. Contains config.json (committed) and result files (typically ignored).

License and account terms

Tier - Free, Core, or Pro. See Tiers & pricing.

License key - The string you paste into SiteCMD to activate a paid tier.

Activation - Registering this machine with your license. Each license has a per-machine activation limit.

Offline grace period - The window during which premium features keep working when SiteCMD can’t reach the license server. Multiple days.

Storage terms

Storage directory - The per-user directory where SiteCMD keeps its local data. See Privacy & data for exact paths.

Audit log - audit.log in the storage directory. JSONL record of sensitive operations. Local-only.

OS keychain / credential store - Where SiteCMD keeps API keys and OAuth tokens. Keychain on macOS, Credential Manager on Windows, GNOME Keyring / KWallet on Linux. Never in the SiteCMD database.