npm - @avesta-hq/prevention - Versions diffs - 0.5.0 → 0.6.0-pre.10 - Mend

@avesta-hq/prevention 0.5.0 → 0.6.0-pre.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CLAUDE.md CHANGED Viewed

@@ -68,7 +68,7 @@
 ## MCP Server Integration
-This project uses Prevention as an MCP server with 15 tools, 26 agents, and 34 skills that provide all methodology knowledge (TDD, Clean Architecture, test pyramid, CI/CD, etc.) on demand.
+This project uses Prevention as two MCP servers: a local server (12 tools for workflow orchestration) and a remote server (3 tools for content delivery — skills, prompts, catalog).
 **When starting work:**
@@ -76,10 +76,13 @@ This project uses Prevention as an MCP server with 15 tools, 26 agents, and 34 s
 2. The workflow tracks your phase (vision → plan → atdd → tdd → review → ship)
 3. Gates enforce that prerequisites are met before advancing
-**Key tools:**
+**Key tools (local):**
 - `avesta_get_status` — Current phase, gates, next action
 - `avesta_dispatch` — Route tasks to the right workflow step
+**Key tools (remote — `prevention-content`):**
 - `avesta_get_catalog` — All available commands and skills
 - `avesta_get_skill` — Deep knowledge on any practice (testing, architecture, CI/CD)

package/bin/cli.js CHANGED Viewed

@@ -47,7 +47,7 @@ switch (command) {
     require('./lib/init').serve();
     break;
   case 'test-local':
-    require('./lib/test-local').testLocal(args[1]);
+    require('../scripts/lib/test-local').testLocal(args[1]);
     break;
   case 'session-start':
     require('./lib/session-start').sessionStart();

package/bin/lib/init.js CHANGED Viewed

@@ -1,7 +1,7 @@
 const fs = require('fs');
 const path = require('path');
 const { COMMANDS_DIR, AGENTS_DIR, AVESTA_DIR, GITHUB_RELEASES_REPO, copyDir, downloadBinary, getVersion } = require('./utils');
-const { configureMcpServer, configureSessionStartHook, configureEnforcementHooks, configureStatusLine, ensureClaudeMdSection } = require('./settings');
+const { configureMcpServer, configureSessionStartHook, configureEnforcementHooks, configurePermissions, configureStatusLine, ensureClaudeMdSection } = require('./settings');
 function getInstalledVersion(targetDir) {
   try {
@@ -49,6 +49,7 @@ function init() {
   configureMcpServer(targetDir, binaryPath);
   configureSessionStartHook(targetDir);
   configureEnforcementHooks(targetDir);
+  configurePermissions(targetDir);
   configureStatusLine(targetDir);
   ensureClaudeMdSection(targetDir);
@@ -110,8 +111,9 @@ function update() {
     process.exit(1);
   }
-  // Reconfigure hooks (picks up any new hook patterns)
+  // Reconfigure hooks and permissions (picks up any new patterns)
   configureEnforcementHooks(targetDir);
+  configurePermissions(targetDir);
   writeInstalledVersion(targetDir);
@@ -137,7 +139,7 @@ function serve() {
     return;
   }
-  const mcpServerPath = path.join(PACKAGE_ROOT, 'src', 'mcp-server.ts');
+  const mcpServerPath = path.join(PACKAGE_ROOT, 'package', 'mcp-server.ts');
   if (fs.existsSync(mcpServerPath)) {
     const { execFileSync } = require('child_process');
     try { execFileSync('npx', ['tsx', mcpServerPath], { stdio: 'inherit' }); } catch (e) { process.exit(e.status || 1); }

package/bin/lib/settings.js CHANGED Viewed

@@ -122,6 +122,19 @@ function configureEnforcementHooks(targetDir) {
   console.log('  ✓ Configured workflow enforcement hooks (PreToolUse, UserPromptSubmit, SubagentStart)');
 }
+function configurePermissions(targetDir) {
+  const settings = readSettings(targetDir);
+  if (!settings.permissions) settings.permissions = {};
+  if (!settings.permissions.allow) settings.permissions.allow = [];
+  const rule = 'mcp__prevention__*';
+  if (!settings.permissions.allow.includes(rule)) {
+    settings.permissions.allow.push(rule);
+  }
+  writeSettings(targetDir, settings);
+}
 function configureStatusLine(targetDir) {
   const statusLineSrc = path.join(targetDir, '.avesta', 'statusLine.js');
   if (!fs.existsSync(statusLineSrc)) return;
@@ -131,7 +144,7 @@ function configureStatusLine(targetDir) {
   writeSettings(targetDir, settings);
 }
-function configureMcpServer(targetDir, binaryPath) {
+function configureMcpServer(targetDir, binaryPath, options = {}) {
   const mcpJsonPath = path.join(targetDir, '.mcp.json');
   let mcpConfig = {};
   if (fs.existsSync(mcpJsonPath)) {
@@ -140,11 +153,51 @@ function configureMcpServer(targetDir, binaryPath) {
   if (!mcpConfig.mcpServers) mcpConfig.mcpServers = {};
-  if (binaryPath) {
-    mcpConfig.mcpServers['prevention'] = { command: path.resolve(binaryPath) };
+  // Local MCP server: workflow orchestration tools
+  // Pass through API/MCP URLs so the server process can reach them
+  const env = {};
+  if (process.env.AVESTA_API_URL) env.AVESTA_API_URL = process.env.AVESTA_API_URL;
+  if (process.env.AVESTA_MCP_URL) env.AVESTA_MCP_URL = process.env.AVESTA_MCP_URL;
+  const hasEnv = Object.keys(env).length > 0;
+  if (options.localSource) {
+    // Dev mode: run from source via tsx
+    const entry = { command: 'npx', args: ['tsx', options.localSource] };
+    if (hasEnv) entry.env = env;
+    mcpConfig.mcpServers['prevention'] = entry;
+  } else if (binaryPath) {
+    const entry = { command: path.resolve(binaryPath) };
+    if (hasEnv) entry.env = env;
+    mcpConfig.mcpServers['prevention'] = entry;
   } else {
-    mcpConfig.mcpServers['prevention'] = { command: 'npx', args: ['@avesta-hq/prevention', 'serve'] };
+    const entry = { command: 'npx', args: ['@avesta-hq/prevention', 'serve'] };
+    if (hasEnv) entry.env = env;
+    mcpConfig.mcpServers['prevention'] = entry;
+  }
+  // Remote MCP server: content delivery (skills, prompts, catalog)
+  // Pre-populate auth token from existing session if available
+  const remoteUrl = process.env.AVESTA_MCP_URL || 'https://prevention-production.up.railway.app/mcp';
+  const existingRemote = mcpConfig.mcpServers['prevention-content'];
+  const existingToken = existingRemote?.headers?.Authorization;
+  let authToken = existingToken || '';
+  if (!authToken) {
+    try {
+      const sessionPath = path.join(require('os').homedir(), '.avesta', 'session.json');
+      if (fs.existsSync(sessionPath)) {
+        const session = JSON.parse(fs.readFileSync(sessionPath, 'utf8'));
+        if (session.access_token) {
+          authToken = `Bearer ${session.access_token}`;
+        }
+      }
+    } catch {}
   }
+  const headers = authToken ? { Authorization: authToken } : {};
+  mcpConfig.mcpServers['prevention-content'] = {
+    type: 'http',
+    url: remoteUrl,
+    headers,
+  };
   fs.writeFileSync(mcpJsonPath, JSON.stringify(mcpConfig, null, 2) + '\n');
 }
@@ -177,6 +230,7 @@ function ensureClaudeMdSection(targetDir) {
 module.exports = {
   configureSessionStartHook,
   configureEnforcementHooks,
+  configurePermissions,
   configureStatusLine,
   configureMcpServer,
   ensureClaudeMdSection,

package/bin/lib/utils.js CHANGED Viewed

@@ -70,16 +70,23 @@ function getPlatformBinaryName() {
 }
 function getLatestVersion() {
-  try {
-    const result = execSync(
-      `curl -sI "https://github.com/${GITHUB_RELEASES_REPO}/releases/latest" | grep -i ^location:`,
-      { encoding: 'utf8', timeout: 10000 }
-    );
-    const match = result.match(/\/tag\/(v[^\s\r\n]+)/);
-    return match ? match[1] : null;
-  } catch {
-    return null;
+  // Use package version to match the corresponding GitHub Release
+  const pkgVersion = `v${getVersion()}`;
+  // For stable releases, verify the release exists via GitHub latest redirect
+  // (handles partial release failures where npm published but binary upload failed)
+  if (!pkgVersion.includes('-pre')) {
+    try {
+      const result = execSync(
+        `curl -sI "https://github.com/${GITHUB_RELEASES_REPO}/releases/latest" | grep -i ^location:`,
+        { encoding: 'utf8', timeout: 10000 }
+      );
+      const match = result.match(/\/tag\/(v[^\s\r\n]+)/);
+      if (match) return match[1];
+    } catch {}
   }
+  return pkgVersion;
 }
 function downloadBinary(targetDir) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@avesta-hq/prevention",
-  "version": "0.5.0",
+  "version": "0.6.0-pre.10",
   "description": "XP/CD development agent commands for Claude Code - achieve Elite DORA metrics through disciplined TDD and Continuous Delivery practices",
   "keywords": [
     "claude-code",
@@ -16,14 +16,7 @@
   ],
   "author": "Avesta Technologies",
   "license": "UNLICENSED",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/avesta-hq/prevention.git"
-  },
-  "homepage": "https://github.com/avesta-hq/prevention#readme",
-  "bugs": {
-    "url": "https://github.com/avesta-hq/prevention/issues"
-  },
+  "homepage": "https://avestahq.com/prevention",
   "bin": {
     "prevention": "./bin/cli.js"
   },
@@ -37,13 +30,12 @@
   ],
   "scripts": {
     "build": "tsc",
-    "dev": "tsx src/mcp-server.ts",
+    "dev": "tsx package/mcp-server.ts",
     "test": "jest",
-    "test:evals": "cd src/_deprecated/evals && python -m pytest test_cases/orchestrator/ -v",
     "generate:catalog": "tsx scripts/generate-catalog-data.ts",
-    "prebuild:assets": "tsx scripts/generate-catalog-data.ts && tsx scripts/embed-assets.ts",
-    "build:binary": "npm run prebuild:assets && bun build src/mcp-server.ts --compile --outfile dist/prevention",
-    "build:all": "npm run prebuild:assets && bun build src/mcp-server.ts --compile --target=bun-linux-x64 --outfile dist/prevention-linux-x64 && bun build src/mcp-server.ts --compile --target=bun-darwin-arm64 --outfile dist/prevention-darwin-arm64 && bun build src/mcp-server.ts --compile --target=bun-darwin-x64 --outfile dist/prevention-darwin-x64"
+    "prebuild": "tsx scripts/generate-catalog-data.ts",
+    "build:binary": "pnpm prebuild && bun build package/mcp-server.ts --compile --outfile dist/prevention",
+    "build:all": "pnpm prebuild && bun build package/mcp-server.ts --compile --target=bun-linux-x64 --outfile dist/prevention-linux-x64 && bun build package/mcp-server.ts --compile --target=bun-darwin-arm64 --outfile dist/prevention-darwin-arm64 && bun build package/mcp-server.ts --compile --target=bun-darwin-x64 --outfile dist/prevention-darwin-x64"
   },
   "engines": {
     "node": ">=18.0.0"

package/bin/lib/test-local.js DELETED Viewed

@@ -1,121 +0,0 @@
-#!/usr/bin/env node
-/**
- * Local Testing Setup
- *
- * Sets up a target project to use the local Prevention source code
- * instead of the published npm package. Copies agents, commands,
- * configures hooks, and points MCP server at local source.
- *
- * Usage:
- *   cd ~/Projects/my-test-project
- *   node ~/Projects/cd-agent/bin/lib/test-local.js
- *
- * Or via CLI:
- *   node ~/Projects/cd-agent/bin/cli.js test-local [target-dir]
- */
-const fs = require('fs');
-const path = require('path');
-const { execSync } = require('child_process');
-const { PACKAGE_ROOT, COMMANDS_DIR, AGENTS_DIR, AVESTA_DIR, copyDir, getVersion } = require('./utils');
-const {
-  configureSessionStartHook,
-  configureEnforcementHooks,
-  configureStatusLine,
-  ensureClaudeMdSection,
-} = require('./settings');
-function testLocal(targetDir) {
-  targetDir = targetDir || process.cwd();
-  const cdAgentRoot = PACKAGE_ROOT;
-  console.log(`\n  Setting up local Prevention test environment...`);
-  console.log(`  Source:  ${cdAgentRoot}`);
-  console.log(`  Target:  ${targetDir}\n`);
-  // Step 1: Rebuild embedded assets
-  console.log('  [1/5] Rebuilding catalog + embedded assets...');
-  try {
-    execSync('pnpm run prebuild:assets', { cwd: cdAgentRoot, stdio: 'pipe' });
-    console.log('  ✓ Assets rebuilt');
-  } catch (e) {
-    console.error('  ✗ Asset rebuild failed:', e.message);
-    console.error('    Try running manually: cd ' + cdAgentRoot + ' && pnpm run prebuild:assets');
-    process.exit(1);
-  }
-  // Step 2: Copy agents + commands
-  console.log('  [2/5] Copying agents and commands...');
-  const claudeDir = path.join(targetDir, '.claude');
-  if (!fs.existsSync(claudeDir)) fs.mkdirSync(claudeDir, { recursive: true });
-  if (fs.existsSync(COMMANDS_DIR)) {
-    copyDir(COMMANDS_DIR, path.join(claudeDir, 'commands'));
-  }
-  if (fs.existsSync(AGENTS_DIR)) {
-    copyDir(AGENTS_DIR, path.join(claudeDir, 'agents'));
-  }
-  if (fs.existsSync(AVESTA_DIR)) {
-    copyDir(AVESTA_DIR, path.join(targetDir, '.avesta'));
-  }
-  const commandCount = fs.existsSync(COMMANDS_DIR) ? fs.readdirSync(COMMANDS_DIR).filter(f => f.endsWith('.md')).length : 0;
-  const agentCount = fs.existsSync(AGENTS_DIR) ? fs.readdirSync(AGENTS_DIR).filter(f => f.endsWith('.md')).length : 0;
-  console.log(`  ✓ Copied ${commandCount} commands, ${agentCount} agents`);
-  // Step 3: Configure MCP server to use local source via tsx
-  console.log('  [3/5] Configuring MCP server (local source)...');
-  const mcpJsonPath = path.join(targetDir, '.mcp.json');
-  let mcpConfig = {};
-  if (fs.existsSync(mcpJsonPath)) {
-    try { mcpConfig = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8')); } catch {}
-  }
-  if (!mcpConfig.mcpServers) mcpConfig.mcpServers = {};
-  const mcpServerPath = path.join(cdAgentRoot, 'src', 'mcp-server.ts');
-  mcpConfig.mcpServers['prevention'] = {
-    command: 'npx',
-    args: ['tsx', mcpServerPath],
-  };
-  fs.writeFileSync(mcpJsonPath, JSON.stringify(mcpConfig, null, 2) + '\n');
-  console.log(`  ✓ MCP server → npx tsx ${mcpServerPath}`);
-  // Step 4: Configure hooks (pointing at local CLI)
-  console.log('  [4/5] Configuring hooks...');
-  configureSessionStartHook(targetDir);
-  configureEnforcementHooks(targetDir);
-  configureStatusLine(targetDir);
-  ensureClaudeMdSection(targetDir);
-  // Step 5: Show result
-  console.log('  [5/5] Verifying setup...');
-  const settings = JSON.parse(fs.readFileSync(path.join(claudeDir, 'settings.json'), 'utf8'));
-  const hookTypes = Object.keys(settings.hooks || {});
-  console.log(`  ✓ Hooks configured: ${hookTypes.join(', ')}`);
-  const mcpFinal = JSON.parse(fs.readFileSync(mcpJsonPath, 'utf8'));
-  const mcpCmd = mcpFinal.mcpServers?.prevention?.command || '?';
-  const mcpArgs = (mcpFinal.mcpServers?.prevention?.args || []).join(' ');
-  console.log(`  ✓ MCP server: ${mcpCmd} ${mcpArgs}`);
-  console.log(`
-  ✅ Local test environment ready! (v${getVersion()})
-  Changes from source at ${cdAgentRoot} are active.
-  No npm publish needed — MCP server runs from source via tsx.
-  To test:
-    1. Open Claude Code in ${targetDir}
-    2. Run /avesta-init backend (or frontend)
-    3. Test skill enforcement: /avesta-red should block writes until skills loaded
-    4. Test gate enforcement: git commit should be blocked without review gate
-  To revert to published version:
-    node ${path.join(cdAgentRoot, 'bin', 'cli.js')} update
-`);
-}
-if (require.main === module) {
-  testLocal(process.argv[2]);
-}
-module.exports = { testLocal };