@atoms-tech/atoms-mcp 0.2.1 → 0.3.1

package/dist/config.js

@@ -1,19 +0,0 @@
-/**
- * ATOMS MCP Server — Public client configuration.
- *
- * These are PUBLISHABLE values — identical to the ones embedded in the
- * ATOMS.tech React frontend bundle (NEXT_PUBLIC_SUPABASE_*).
- *
- * The anon key is NOT a secret. It only grants access to Supabase's API
- * gateway. All data access is gated by Row Level Security (RLS) policies
- * which require a valid user JWT. Without authentication, these values
- * grant zero data access.
- *
- * This is the standard pattern used by Supabase, Firebase, and Clerk
- * for client-side applications.
- */
-export const ATOMS_SUPABASE_URL = "https://gmebjyhomsbvhrxffzre.supabase.co";
-export const ATOMS_SUPABASE_ANON_KEY = "sb_publishable_b49MUAB8XCrQiF7x5b9lUA_w1aplSBH";
-/** ATOMS web app URL — hosts the MCP consent page */
-export const ATOMS_APP_URL = process.env.ATOMS_APP_URL ?? "https://x.atoms.tech";
-//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,0CAA0C,CAAC;AAC7E,MAAM,CAAC,MAAM,uBAAuB,GAClC,gDAAgD,CAAC;AAEnD,qDAAqD;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,sBAAsB,CAAC"}

package/dist/db/client.d.ts

@@ -1,30 +0,0 @@
-/**
- * Supabase client factory for the MCP server.
- *
- * Creates a user-scoped client with JWT — RLS enforced automatically.
- * Never uses service role key (all queries respect user permissions).
- */
-import { type SupabaseClient } from "@supabase/supabase-js";
-/**
- * Get or create an authenticated Supabase client.
- * Auto-refreshes JWT when expired. All queries run with user's RLS permissions.
- */
-export declare function getClient(): Promise<SupabaseClient>;
-/**
- * Get the authenticated user's ID. Must call getClient() first.
- */
-export declare function getUserId(): string;
-/**
- * Get the authenticated user's email.
- */
-export declare function getUserEmail(): string;
-/**
- * Reset the cached client (for token refresh).
- */
-export declare function resetClient(): void;
-/**
- * Check if the user has write access to a project.
- * Returns the user's org role, or throws a descriptive error.
- */
-export declare function requireWriteAccess(client: SupabaseClient, projectId: string): Promise<string>;
-//# sourceMappingURL=client.d.ts.map

package/dist/db/client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/db/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAgB,KAAK,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAS1E;;;GAGG;AACH,wBAAsB,SAAS,IAAI,OAAO,CAAC,cAAc,CAAC,CAuCzD;AAED;;GAEG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAKlC;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAKlC;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,CAoCjB"}

package/dist/db/client.js

@@ -1,110 +0,0 @@
-/**
- * Supabase client factory for the MCP server.
- *
- * Creates a user-scoped client with JWT — RLS enforced automatically.
- * Never uses service role key (all queries respect user permissions).
- */
-import { createClient } from "@supabase/supabase-js";
-import { getValidToken } from "../auth/refresh.js";
-import { ATOMS_SUPABASE_URL, ATOMS_SUPABASE_ANON_KEY } from "../config.js";
-let cachedClient = null;
-let cachedUserId = null;
-let cachedEmail = null;
-let tokenExpiresAt = 0;
-/**
- * Get or create an authenticated Supabase client.
- * Auto-refreshes JWT when expired. All queries run with user's RLS permissions.
- */
-export async function getClient() {
-    // If token is within 60s of expiry, force refresh
-    if (cachedClient && tokenExpiresAt > Date.now() + 60_000) {
-        return cachedClient;
-    }
-    // Token expired or no client — get a fresh token
-    if (cachedClient) {
-        process.stderr.write("[atoms-mcp] Token expiring, refreshing client...\n");
-    }
-    const { access_token, user_id, email } = await getValidToken();
-    // Decode expiry from JWT
-    const parts = access_token.split(".");
-    if (parts.length === 3) {
-        try {
-            const payload = JSON.parse(Buffer.from(parts[1].replace(/-/g, "+").replace(/_/g, "/"), "base64").toString());
-            tokenExpiresAt = (payload.exp ?? 0) * 1000; // convert to ms
-        }
-        catch {
-            // Fallback: assume 1hr from now
-            tokenExpiresAt = Date.now() + 3600_000;
-        }
-    }
-    // Use global Authorization header — works with all Supabase key formats
-    const client = createClient(ATOMS_SUPABASE_URL, ATOMS_SUPABASE_ANON_KEY, {
-        global: {
-            headers: { Authorization: `Bearer ${access_token}` },
-        },
-    });
-    cachedClient = client;
-    cachedUserId = user_id;
-    cachedEmail = email;
-    return cachedClient;
-}
-/**
- * Get the authenticated user's ID. Must call getClient() first.
- */
-export function getUserId() {
-    if (!cachedUserId) {
-        throw new Error("Not authenticated. Call getClient() first.");
-    }
-    return cachedUserId;
-}
-/**
- * Get the authenticated user's email.
- */
-export function getUserEmail() {
-    return cachedEmail ?? "";
-}
-/**
- * Reset the cached client (for token refresh).
- */
-export function resetClient() {
-    cachedClient = null;
-    cachedUserId = null;
-    cachedEmail = null;
-    tokenExpiresAt = 0;
-}
-/**
- * Check if the user has write access to a project.
- * Returns the user's org role, or throws a descriptive error.
- */
-export async function requireWriteAccess(client, projectId) {
-    const userId = getUserId();
-    // Get the project's org
-    const { data: project, error: projErr } = await client
-        .from("projects")
-        .select("org_id")
-        .eq("id", projectId)
-        .maybeSingle();
-    if (projErr || !project) {
-        throw new Error(`Project '${projectId}' not found`);
-    }
-    // Get user's role in that org
-    const { data: membership, error: memErr } = await client
-        .from("org_members")
-        .select("role")
-        .eq("user_id", userId)
-        .eq("org_id", project.org_id)
-        .maybeSingle();
-    if (memErr || !membership) {
-        // Check if user is a platform admin (can access all orgs)
-        const { data: adminCheck } = await client.rpc("is_platform_admin");
-        if (adminCheck === true) {
-            return "admin";
-        }
-        throw new Error("Not a member of this project's organization");
-    }
-    if (membership.role === "viewer") {
-        throw new Error("VIEWER_ROLE");
-    }
-    return membership.role;
-}
-//# sourceMappingURL=client.js.map

package/dist/db/client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/db/client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAuB,MAAM,uBAAuB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAE3E,IAAI,YAAY,GAA0B,IAAI,CAAC;AAC/C,IAAI,YAAY,GAAkB,IAAI,CAAC;AACvC,IAAI,WAAW,GAAkB,IAAI,CAAC;AACtC,IAAI,cAAc,GAAW,CAAC,CAAC;AAE/B;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,kDAAkD;IAClD,IAAI,YAAY,IAAI,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;QACzD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,iDAAiD;IACjD,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,EAAE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;IAE/D,yBAAyB;IACzB,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAClF,CAAC;YACF,cAAc,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,gBAAgB;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;YAChC,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACzC,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,MAAM,MAAM,GAAG,YAAY,CAAC,kBAAkB,EAAE,uBAAuB,EAAE;QACvE,MAAM,EAAE;YACN,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,YAAY,EAAE,EAAE;SACrD;KACF,CAAC,CAAC;IAEH,YAAY,GAAG,MAAM,CAAC;IACtB,YAAY,GAAG,OAAO,CAAC;IACvB,WAAW,GAAG,KAAK,CAAC;IAEpB,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,WAAW,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,YAAY,GAAG,IAAI,CAAC;IACpB,YAAY,GAAG,IAAI,CAAC;IACpB,WAAW,GAAG,IAAI,CAAC;IACnB,cAAc,GAAG,CAAC,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAsB,EACtB,SAAiB;IAEjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,wBAAwB;IACxB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM;SACnD,IAAI,CAAC,UAAU,CAAC;SAChB,MAAM,CAAC,QAAQ,CAAC;SAChB,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC;SACnB,WAAW,EAAE,CAAC;IAEjB,IAAI,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,YAAY,SAAS,aAAa,CAAC,CAAC;IACtD,CAAC;IAED,8BAA8B;IAC9B,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM;SACrD,IAAI,CAAC,aAAa,CAAC;SACnB,MAAM,CAAC,MAAM,CAAC;SACd,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC;SAC5B,WAAW,EAAE,CAAC;IAEjB,IAAI,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAC1B,0DAA0D;QAC1D,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACnE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,IAAI,UAAU,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC;AACzB,CAAC"}

package/dist/db/graph.d.ts

@@ -1,8 +0,0 @@
-export {};
-/**
- * Graph traversal helpers for traceability links.
- * Used by get-coverage and export-mermaid tools.
- *
- * TODO: Implement graph traversal in Phase 2.
- */
-//# sourceMappingURL=graph.d.ts.map

package/dist/db/graph.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../src/db/graph.ts"],"names":[],"mappings":";AAAA;;;;;GAKG"}

package/dist/db/graph.js

@@ -1,8 +0,0 @@
-export {};
-/**
- * Graph traversal helpers for traceability links.
- * Used by get-coverage and export-mermaid tools.
- *
- * TODO: Implement graph traversal in Phase 2.
- */
-//# sourceMappingURL=graph.js.map

package/dist/db/graph.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"graph.js","sourceRoot":"","sources":["../../src/db/graph.ts"],"names":[],"mappings":";AAAA;;;;;GAKG"}

package/dist/db/queries.d.ts

@@ -1,77 +0,0 @@
-/**
- * Shared Supabase query helpers for MCP tools.
- *
- * All queries use the user's JWT via RLS — no service role key.
- * Query patterns adapted from supabase/functions/.../db.ts.
- */
-import type { SupabaseClient } from "@supabase/supabase-js";
-import type { ItemRow } from "../types/work-item.js";
-/**
- * List projects the authenticated user has access to (via org membership).
- */
-export declare function listProjects(client: SupabaseClient): Promise<Array<{
-    id: string;
-    name: string;
-    description: string | null;
-    org_id: string;
-    org_name: string;
-    created_at: string;
-}>>;
-/**
- * List items in a project with optional filters.
- * Returns rows ordered by created_at, respects soft deletes.
- */
-export declare function listItems(client: SupabaseClient, projectId: string, opts: {
-    type?: string;
-    domain?: string;
-    level?: string;
-    limit: number;
-    offset: number;
-}): Promise<{
-    items: ItemRow[];
-    totalCount: number;
-}>;
-/**
- * Get a single item by ID (excludes soft-deleted).
- */
-export declare function getItemById(client: SupabaseClient, projectId: string, itemId: string): Promise<ItemRow | null>;
-/**
- * Full-text search across items in a project.
- * Uses ilike on title, body, and summary for broad matching.
- */
-export declare function searchItems(client: SupabaseClient, projectId: string, query: string, opts: {
-    type?: string;
-    limit: number;
-}): Promise<{
-    items: ItemRow[];
-    totalCount: number;
-}>;
-/**
- * Get all relationships for an item (both directions).
- */
-export declare function getItemRelationships(client: SupabaseClient, projectId: string, itemId: string): Promise<Array<{
-    from_id: string;
-    to_id: string;
-    type: string;
-}>>;
-/**
- * Get test coverage report: requirements with/without linked test cases.
- */
-export declare function getCoverageReport(client: SupabaseClient, projectId: string, opts: {
-    domain?: string;
-    level?: string;
-}): Promise<{
-    covered: ItemRow[];
-    uncovered: ItemRow[];
-    total: number;
-}>;
-/**
- * Get change history for an item, newest first.
- */
-export declare function getChangeHistory(client: SupabaseClient, projectId: string, itemId: string, limit: number): Promise<Array<Record<string, unknown>>>;
-/**
- * Generate the next item ID for a given type in a project.
- * Format: PREFIX-NNNNN (e.g., REQ-00058)
- */
-export declare function generateItemId(client: SupabaseClient, projectId: string, type: string): Promise<string>;
-//# sourceMappingURL=queries.d.ts.map

package/dist/db/queries.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"queries.d.ts","sourceRoot":"","sources":["../../src/db/queries.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAMrD;;GAEG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAiBhI;AAMD;;;GAGG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE;IACJ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB,GACA,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CAkCnD;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAWzB;AAED;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACrC,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CA2BnD;AAMD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CASlE;AAMD;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACxC,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,SAAS,EAAE,OAAO,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC,CAwCD;AAMD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAWzC;AAMD;;;GAGG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,cAAc,EACtB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,CAejB"}

package/dist/db/queries.js

@@ -1,210 +0,0 @@
-/**
- * Shared Supabase query helpers for MCP tools.
- *
- * All queries use the user's JWT via RLS — no service role key.
- * Query patterns adapted from supabase/functions/.../db.ts.
- */
-// ---------------------------------------------------------------------------
-// Project queries
-// ---------------------------------------------------------------------------
-/**
- * List projects the authenticated user has access to (via org membership).
- */
-export async function listProjects(client) {
-    const { data, error } = await client
-        .from("projects")
-        .select("id, name, description, org_id, created_at, organizations(name)")
-        .is("deleted_at", null)
-        .order("created_at", { ascending: false });
-    if (error)
-        throw new Error(error.message);
-    return (data ?? []).map((p) => ({
-        id: p.id,
-        name: p.name,
-        description: p.description,
-        org_id: p.org_id,
-        org_name: p.organizations?.name ?? "Unknown",
-        created_at: p.created_at,
-    }));
-}
-// ---------------------------------------------------------------------------
-// Item queries
-// ---------------------------------------------------------------------------
-/**
- * List items in a project with optional filters.
- * Returns rows ordered by created_at, respects soft deletes.
- */
-export async function listItems(client, projectId, opts) {
-    let query = client
-        .from("items")
-        .select("*", { count: "exact" })
-        .eq("project_id", projectId)
-        .is("deleted_at", null)
-        .order("created_at", { ascending: true })
-        .range(opts.offset, opts.offset + opts.limit - 1);
-    if (opts.type) {
-        query = query.eq("type", opts.type);
-    }
-    const { data, error, count } = await query;
-    if (error)
-        throw new Error(error.message);
-    // Apply domain/level filters in JS (JSONB nested field filtering)
-    let filtered = (data ?? []);
-    if (opts.domain) {
-        filtered = filtered.filter((item) => {
-            const domains = item.data?.tags?.domains ?? [];
-            return domains.includes(opts.domain);
-        });
-    }
-    if (opts.level) {
-        filtered = filtered.filter((item) => {
-            return item.data?.tags?.level === opts.level;
-        });
-    }
-    return {
-        items: filtered,
-        totalCount: opts.domain || opts.level ? filtered.length : (count ?? 0),
-    };
-}
-/**
- * Get a single item by ID (excludes soft-deleted).
- */
-export async function getItemById(client, projectId, itemId) {
-    const { data, error } = await client
-        .from("items")
-        .select("*")
-        .eq("id", itemId)
-        .eq("project_id", projectId)
-        .is("deleted_at", null)
-        .maybeSingle();
-    if (error)
-        throw new Error(error.message);
-    return data;
-}
-/**
- * Full-text search across items in a project.
- * Uses ilike on title, body, and summary for broad matching.
- */
-export async function searchItems(client, projectId, query, opts) {
-    const searchTerm = query.trim();
-    if (!searchTerm) {
-        return { items: [], totalCount: 0 };
-    }
-    // Use ilike for broad matching across title and JSONB fields
-    let queryBuilder = client
-        .from("items")
-        .select("*", { count: "exact" })
-        .eq("project_id", projectId)
-        .is("deleted_at", null)
-        .or(`title.ilike.%${searchTerm}%,` +
-        `data->>body.ilike.%${searchTerm}%,` +
-        `data->>summary.ilike.%${searchTerm}%`)
-        .limit(opts.limit);
-    if (opts.type) {
-        queryBuilder = queryBuilder.eq("type", opts.type);
-    }
-    const { data, error, count } = await queryBuilder;
-    if (error)
-        throw new Error(error.message);
-    return { items: (data ?? []), totalCount: count ?? 0 };
-}
-// ---------------------------------------------------------------------------
-// Relationship queries
-// ---------------------------------------------------------------------------
-/**
- * Get all relationships for an item (both directions).
- */
-export async function getItemRelationships(client, projectId, itemId) {
-    const { data, error } = await client
-        .from("item_relationships")
-        .select("from_id, to_id, type")
-        .eq("project_id", projectId)
-        .or(`from_id.eq.${itemId},to_id.eq.${itemId}`);
-    if (error)
-        throw new Error(error.message);
-    return data ?? [];
-}
-// ---------------------------------------------------------------------------
-// Coverage queries
-// ---------------------------------------------------------------------------
-/**
- * Get test coverage report: requirements with/without linked test cases.
- */
-export async function getCoverageReport(client, projectId, opts) {
-    // Get all requirements in the project
-    const { data: requirements, error: reqErr } = await client
-        .from("items")
-        .select("*")
-        .eq("project_id", projectId)
-        .eq("type", "requirement")
-        .is("deleted_at", null);
-    if (reqErr)
-        throw new Error(reqErr.message);
-    const allReqs = (requirements ?? []);
-    // Filter by domain/level on the JSONB data
-    const filteredReqs = allReqs.filter((req) => {
-        if (opts.domain) {
-            const domains = req.data?.tags?.domains ?? [];
-            if (!domains.includes(opts.domain))
-                return false;
-        }
-        if (opts.level) {
-            if (req.data?.tags?.level !== opts.level)
-                return false;
-        }
-        return true;
-    });
-    // Get all verified_by relationships for this project
-    const { data: verifiedRels, error: relErr } = await client
-        .from("item_relationships")
-        .select("from_id")
-        .eq("project_id", projectId)
-        .eq("type", "verified_by");
-    if (relErr)
-        throw new Error(relErr.message);
-    const coveredIds = new Set((verifiedRels ?? []).map((r) => r.from_id));
-    const covered = filteredReqs.filter((r) => coveredIds.has(r.id));
-    const uncovered = filteredReqs.filter((r) => !coveredIds.has(r.id));
-    return { covered, uncovered, total: filteredReqs.length };
-}
-// ---------------------------------------------------------------------------
-// History queries
-// ---------------------------------------------------------------------------
-/**
- * Get change history for an item, newest first.
- */
-export async function getChangeHistory(client, projectId, itemId, limit) {
-    const { data, error } = await client
-        .from("change_history")
-        .select("*")
-        .eq("item_id", itemId)
-        .eq("project_id", projectId)
-        .order("changed_at", { ascending: false })
-        .limit(limit);
-    if (error)
-        throw new Error(error.message);
-    return data ?? [];
-}
-// ---------------------------------------------------------------------------
-// Item mutations (for write tools — Phase 3)
-// ---------------------------------------------------------------------------
-/**
- * Generate the next item ID for a given type in a project.
- * Format: PREFIX-NNNNN (e.g., REQ-00058)
- */
-export async function generateItemId(client, projectId, type) {
-    const prefix = type === "requirement" ? "REQ"
-        : type === "test-case" ? "TC"
-            : type === "note" ? "NOTE"
-                : "TABLE";
-    // Use Postgres SECURITY DEFINER function that sees ALL items (including soft-deleted)
-    // to avoid ID collisions. Only returns the next ID string, never exposes item data.
-    const { data, error } = await client.rpc("next_item_id", {
-        p_project_id: projectId,
-        p_prefix: prefix,
-    });
-    if (error)
-        throw new Error(`ID generation failed: ${error.message}`);
-    return data;
-}
-//# sourceMappingURL=queries.js.map

package/dist/db/queries.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../src/db/queries.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAsB;IAEtB,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM;SACjC,IAAI,CAAC,UAAU,CAAC;SAChB,MAAM,CAAC,gEAAgE,CAAC;SACxE,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC;SACtB,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IAE7C,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE1C,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,CAAC;QACvD,EAAE,EAAE,CAAC,CAAC,EAAY;QAClB,IAAI,EAAE,CAAC,CAAC,IAAc;QACtB,WAAW,EAAE,CAAC,CAAC,WAA4B;QAC3C,MAAM,EAAE,CAAC,CAAC,MAAgB;QAC1B,QAAQ,EAAI,CAAC,CAAC,aAAyC,EAAE,IAAe,IAAI,SAAS;QACrF,UAAU,EAAE,CAAC,CAAC,UAAoB;KACnC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAsB,EACtB,SAAiB,EACjB,IAMC;IAED,IAAI,KAAK,GAAG,MAAM;SACf,IAAI,CAAC,OAAO,CAAC;SACb,MAAM,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SAC/B,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC;SACtB,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;SACxC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;IAEpD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,MAAM,KAAK,CAAC;IAC3C,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE1C,kEAAkE;IAClE,IAAI,QAAQ,GAAG,CAAC,IAAI,IAAI,EAAE,CAAc,CAAC;IACzC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;YAClC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;YAClC,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,KAAK,IAAI,CAAC,KAAK,CAAC;QAC/C,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;KACvE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAsB,EACtB,SAAiB,EACjB,MAAc;IAEd,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM;SACjC,IAAI,CAAC,OAAO,CAAC;SACb,MAAM,CAAC,GAAG,CAAC;SACX,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;SAChB,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC;SACtB,WAAW,EAAE,CAAC;IAEjB,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,IAAsB,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAsB,EACtB,SAAiB,EACjB,KAAa,EACb,IAAsC;IAEtC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IACtC,CAAC;IAED,6DAA6D;IAC7D,IAAI,YAAY,GAAG,MAAM;SACtB,IAAI,CAAC,OAAO,CAAC;SACb,MAAM,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;SAC/B,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC;SACtB,EAAE,CACD,gBAAgB,UAAU,IAAI;QAC9B,sBAAsB,UAAU,IAAI;QACpC,yBAAyB,UAAU,GAAG,CACvC;SACA,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAErB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,YAAY,GAAG,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,MAAM,YAAY,CAAC;IAClD,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE1C,OAAO,EAAE,KAAK,EAAE,CAAC,IAAI,IAAI,EAAE,CAAc,EAAE,UAAU,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAsB,EACtB,SAAiB,EACjB,MAAc;IAEd,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM;SACjC,IAAI,CAAC,oBAAoB,CAAC;SAC1B,MAAM,CAAC,sBAAsB,CAAC;SAC9B,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,cAAc,MAAM,aAAa,MAAM,EAAE,CAAC,CAAC;IAEjD,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,IAAI,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAsB,EACtB,SAAiB,EACjB,IAAyC;IAMzC,sCAAsC;IACtC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM;SACvD,IAAI,CAAC,OAAO,CAAC;SACb,MAAM,CAAC,GAAG,CAAC;SACX,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC;SACzB,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IAE1B,IAAI,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,OAAO,GAAG,CAAC,YAAY,IAAI,EAAE,CAAc,CAAC;IAElD,2CAA2C;IAC3C,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,IAAI,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;QACnD,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,KAAK,IAAI,CAAC,KAAK;gBAAE,OAAO,KAAK,CAAC;QACzD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM;SACvD,IAAI,CAAC,oBAAoB,CAAC;SAC1B,MAAM,CAAC,SAAS,CAAC;SACjB,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAE7B,IAAI,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE5C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAEvE,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEpE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC;AAC5D,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAsB,EACtB,SAAiB,EACjB,MAAc,EACd,KAAa;IAEb,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM;SACjC,IAAI,CAAC,gBAAgB,CAAC;SACtB,MAAM,CAAC,GAAG,CAAC;SACX,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SAC3B,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;SACzC,KAAK,CAAC,KAAK,CAAC,CAAC;IAEhB,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC1C,OAAO,IAAI,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAsB,EACtB,SAAiB,EACjB,IAAY;IAEZ,MAAM,MAAM,GAAG,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,KAAK;QAC3C,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI;YAC7B,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM;gBAC1B,CAAC,CAAC,OAAO,CAAC;IAEZ,sFAAsF;IACtF,oFAAoF;IACpF,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,cAAc,EAAE;QACvD,YAAY,EAAE,SAAS;QACvB,QAAQ,EAAE,MAAM;KACjB,CAAC,CAAC;IAEH,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,OAAO,IAAc,CAAC;AACxB,CAAC"}

package/dist/index.d.ts

@@ -1,12 +0,0 @@
-#!/usr/bin/env node
-/**
- * ATOMS MCP Server — CLI Entry Point
- *
- * Commands:
- *   npx @atoms-tech/atoms-mcp           → Start MCP server (stdio transport)
- *   npx @atoms-tech/atoms-mcp login     → Authenticate with ATOMS.tech
- *   npx @atoms-tech/atoms-mcp whoami    → Show current user
- *   npx @atoms-tech/atoms-mcp --version → Show version
- */
-export {};
-//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG"}

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAExB,KAAK,UAAU,IAAI;IACjB,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAClD,IAAI,CAAC;gBACH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,KAAK,EAAE,CAAC;gBAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,KAAK,IAAI,CAAC,CAAC;gBACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;gBAC9F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2EAA2E,CAAC,CAAC;gBAClG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBACvF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gKAAgK,CAAC,CAAC;YACzL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAC/E,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YAC5D,IAAI,CAAC;gBACH,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;gBACjD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,KAAK,wBAAwB,OAAO,aAAa,CAAC,CAAC;YAC/G,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF,CACtF,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;YACnE,MAAM,gBAAgB,EAAE,CAAC;YACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;YAC3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;YACvF,MAAM;QACR,CAAC;QAED,KAAK,WAAW,CAAC;QACjB,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACvD,MAAM;QACR,CAAC;QAED,KAAK,QAAQ,CAAC;QACd,KAAK,IAAI,CAAC,CAAC,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yEAAyE;gBACzE,UAAU;gBACV,kEAAkE;gBAClE,sEAAsE;gBACtE,4EAA4E;gBAC5E,2DAA2D;gBAC3D,sDAAsD,CACvD,CAAC;YACF,MAAM;QACR,CAAC;QAED,OAAO,CAAC,CAAC,CAAC;YACR,sCAAsC;YACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAEvE,IAAI,CAAC;gBACH,2BAA2B;gBAC3B,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;gBAC5D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,aAAa,EAAE,CAAC;gBACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,KAAK,IAAI,CAAC,CAAC;YAClE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wBAAwB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI;oBAC5E,2DAA2D,CAC5D,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;YAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/middleware/audit.d.ts

@@ -1,26 +0,0 @@
-/**
- * Fire-and-forget MCP audit logging.
- *
- * Every tool call is logged to mcp_audit_log for enterprise compliance.
- * Logging NEVER blocks or delays the tool response.
- */
-import type { SupabaseClient } from "@supabase/supabase-js";
-export interface AuditEntry {
-    tool_name: string;
-    params: Record<string, unknown>;
-    status: "success" | "error";
-    duration_ms: number;
-    error_msg?: string;
-    project_id?: string;
-    session_id?: string;
-    client_name?: string;
-}
-/**
- * Log a tool call to mcp_audit_log. Fire-and-forget — errors are swallowed.
- */
-export declare function logAudit(client: SupabaseClient, userId: string, entry: AuditEntry): void;
-/**
- * Timer utility for measuring tool duration.
- */
-export declare function startTimer(): () => number;
-//# sourceMappingURL=audit.d.ts.map

package/dist/middleware/audit.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/middleware/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,wBAAgB,QAAQ,CACtB,MAAM,EAAE,cAAc,EACtB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,UAAU,GAChB,IAAI,CA6BN;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,MAAM,MAAM,CAGzC"}

package/dist/middleware/audit.js

@@ -1,44 +0,0 @@
-/**
- * Fire-and-forget MCP audit logging.
- *
- * Every tool call is logged to mcp_audit_log for enterprise compliance.
- * Logging NEVER blocks or delays the tool response.
- */
-/**
- * Log a tool call to mcp_audit_log. Fire-and-forget — errors are swallowed.
- */
-export function logAudit(client, userId, entry) {
-    // Sanitize params — strip any secrets
-    const sanitizedParams = { ...entry.params };
-    delete sanitizedParams.access_token;
-    delete sanitizedParams.refresh_token;
-    delete sanitizedParams.password;
-    // Fire and forget — don't await
-    client
-        .from("mcp_audit_log")
-        .insert({
-        user_id: userId,
-        tool_name: entry.tool_name,
-        params: sanitizedParams,
-        status: entry.status,
-        duration_ms: entry.duration_ms,
-        error_msg: entry.error_msg ?? null,
-        project_id: entry.project_id ?? null,
-        session_id: entry.session_id ?? null,
-        client_name: entry.client_name ?? null,
-    })
-        .then(({ error }) => {
-        if (error) {
-            // Log to stderr, never throw
-            process.stderr.write(`[audit] Failed to log: ${error.message}\n`);
-        }
-    });
-}
-/**
- * Timer utility for measuring tool duration.
- */
-export function startTimer() {
-    const start = performance.now();
-    return () => Math.round(performance.now() - start);
-}
-//# sourceMappingURL=audit.js.map

package/dist/middleware/audit.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/middleware/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAeH;;GAEG;AACH,MAAM,UAAU,QAAQ,CACtB,MAAsB,EACtB,MAAc,EACd,KAAiB;IAEjB,sCAAsC;IACtC,MAAM,eAAe,GAAG,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;IAC5C,OAAO,eAAe,CAAC,YAAY,CAAC;IACpC,OAAO,eAAe,CAAC,aAAa,CAAC;IACrC,OAAO,eAAe,CAAC,QAAQ,CAAC;IAEhC,gCAAgC;IAChC,MAAM;SACH,IAAI,CAAC,eAAe,CAAC;SACrB,MAAM,CAAC;QACN,OAAO,EAAE,MAAM;QACf,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,MAAM,EAAE,eAAe;QACvB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;QAClC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;QACpC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;QACpC,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;KACvC,CAAC;SACD,IAAI,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QAClB,IAAI,KAAK,EAAE,CAAC;YACV,6BAA6B;YAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0BAA0B,KAAK,CAAC,OAAO,IAAI,CAC5C,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAChC,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;AACrD,CAAC"}

package/dist/middleware/rate-limiter.d.ts

@@ -1,21 +0,0 @@
-/**
- * In-memory per-user rate limiting for MCP tool calls.
- *
- * Default: 60 requests/minute. Configurable via ATOMS_RATE_LIMIT_RPM env var.
- * Uses sliding window algorithm.
- */
-/**
- * Check if a user has exceeded their rate limit.
- * Returns { allowed: true } or { allowed: false, retryAfterSeconds }.
- */
-export declare function checkRateLimit(userId: string): {
-    allowed: true;
-} | {
-    allowed: false;
-    retryAfterSeconds: number;
-};
-/**
- * Clear rate limit state. Useful for testing.
- */
-export declare function clearRateLimits(): void;
-//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/middleware/rate-limiter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/middleware/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAWH;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,GACb;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,CA0BnE;AAED;;GAEG;AACH,wBAAgB,eAAe,IAAI,IAAI,CAEtC"}