@crowley/rag-mcp 1.2.1 → 1.3.0

package/dist/schemas.d.ts

@@ -11,40 +11,57 @@ import type { ToolInputSchema } from "./types.js";
  * Used during Phase 2 migration while ToolRegistry still expects raw JSON Schema.
  * Phase 3 passes Zod schemas directly to McpServer.registerTool().
  */
-export declare function zodToInputSchema(schema: z.ZodObject<z.ZodRawShape>): ToolInputSchema;
+export declare function zodToInputSchema(schema: z.ZodObject<Record<string, z.ZodType>>): ToolInputSchema;
 export declare const QueryStr: z.ZodString;
 export declare const Limit: z.ZodDefault<z.ZodNumber>;
 export declare const Offset: z.ZodDefault<z.ZodNumber>;
 export declare const FilePath: z.ZodString;
-export declare const FilePaths: z.ZodArray<z.ZodString, "many">;
+export declare const FilePaths: z.ZodArray<z.ZodString>;
 export declare const Content: z.ZodString;
 export declare const CollectionSuffix: z.ZodString;
-export declare const MemoryType: z.ZodEnum<["decision", "insight", "pattern", "adr", "tech_debt", "todo", "architecture", "convention", "bug_fix", "optimization"]>;
-export declare const ResponseFormat: z.ZodDefault<z.ZodEnum<["json", "markdown"]>>;
-export declare const Importance: z.ZodDefault<z.ZodEnum<["low", "medium", "high", "critical"]>>;
-export declare const Priority: z.ZodEnum<["low", "medium", "high", "critical"]>;
-export declare const Severity: z.ZodEnum<["low", "medium", "high", "critical"]>;
+export declare const MemoryType: z.ZodEnum<{
+    decision: "decision";
+    insight: "insight";
+    todo: "todo";
+    pattern: "pattern";
+    adr: "adr";
+    architecture: "architecture";
+    tech_debt: "tech_debt";
+    convention: "convention";
+    bug_fix: "bug_fix";
+    optimization: "optimization";
+}>;
+export declare const ResponseFormat: z.ZodDefault<z.ZodEnum<{
+    markdown: "markdown";
+    json: "json";
+}>>;
+export declare const Importance: z.ZodDefault<z.ZodEnum<{
+    low: "low";
+    medium: "medium";
+    high: "high";
+    critical: "critical";
+}>>;
+export declare const Priority: z.ZodEnum<{
+    low: "low";
+    medium: "medium";
+    high: "high";
+    critical: "critical";
+}>;
+export declare const Severity: z.ZodEnum<{
+    low: "low";
+    medium: "medium";
+    high: "high";
+    critical: "critical";
+}>;
 export declare const PaginationParams: z.ZodObject<{
     limit: z.ZodOptional<z.ZodDefault<z.ZodNumber>>;
     offset: z.ZodOptional<z.ZodDefault<z.ZodNumber>>;
-}, "strip", z.ZodTypeAny, {
-    limit?: number | undefined;
-    offset?: number | undefined;
-}, {
-    limit?: number | undefined;
-    offset?: number | undefined;
-}>;
+}, z.core.$strip>;
 export declare const SearchFilters: z.ZodOptional<z.ZodObject<{
     file_type: z.ZodOptional<z.ZodString>;
     directory: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    file_type?: string | undefined;
-    directory?: string | undefined;
-}, {
-    file_type?: string | undefined;
-    directory?: string | undefined;
-}>>;
-export declare const Tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, z.core.$strip>>;
+export declare const Tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
 export declare const Confidence: z.ZodOptional<z.ZodNumber>;
 /** Base shape for search tools: query + optional limit + optional filters */
 export declare const SearchInput: z.ZodObject<{
@@ -53,45 +70,29 @@ export declare const SearchInput: z.ZodObject<{
     filters: z.ZodOptional<z.ZodObject<{
         file_type: z.ZodOptional<z.ZodString>;
         directory: z.ZodOptional<z.ZodString>;
-    }, "strip", z.ZodTypeAny, {
-        file_type?: string | undefined;
-        directory?: string | undefined;
-    }, {
-        file_type?: string | undefined;
-        directory?: string | undefined;
-    }>>;
-}, "strip", z.ZodTypeAny, {
-    query: string;
-    limit?: number | undefined;
-    filters?: {
-        file_type?: string | undefined;
-        directory?: string | undefined;
-    } | undefined;
-}, {
-    query: string;
-    limit?: number | undefined;
-    filters?: {
-        file_type?: string | undefined;
-        directory?: string | undefined;
-    } | undefined;
-}>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
 /** Base shape for memory record tools */
 export declare const MemoryRecordInput: z.ZodObject<{
     content: z.ZodString;
-    type: z.ZodEnum<["decision", "insight", "pattern", "adr", "tech_debt", "todo", "architecture", "convention", "bug_fix", "optimization"]>;
-    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
-    importance: z.ZodOptional<z.ZodDefault<z.ZodEnum<["low", "medium", "high", "critical"]>>>;
+    type: z.ZodEnum<{
+        decision: "decision";
+        insight: "insight";
+        todo: "todo";
+        pattern: "pattern";
+        adr: "adr";
+        architecture: "architecture";
+        tech_debt: "tech_debt";
+        convention: "convention";
+        bug_fix: "bug_fix";
+        optimization: "optimization";
+    }>;
+    tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    importance: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
+        low: "low";
+        medium: "medium";
+        high: "high";
+        critical: "critical";
+    }>>>;
     context: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    type: "decision" | "insight" | "todo" | "adr" | "pattern" | "architecture" | "tech_debt" | "convention" | "bug_fix" | "optimization";
-    content: string;
-    context?: string | undefined;
-    tags?: string[] | undefined;
-    importance?: "low" | "medium" | "high" | "critical" | undefined;
-}, {
-    type: "decision" | "insight" | "todo" | "adr" | "pattern" | "architecture" | "tech_debt" | "convention" | "bug_fix" | "optimization";
-    content: string;
-    context?: string | undefined;
-    tags?: string[] | undefined;
-    importance?: "low" | "medium" | "high" | "critical" | undefined;
-}>;
+}, z.core.$strip>;

package/dist/schemas.js

@@ -5,7 +5,6 @@
  * from raw JSON Schema objects to Zod-based inputSchema definitions.
  */
 import { z } from "zod";
-import { zodToJsonSchema } from "zod-to-json-schema";
 // ── JSON Schema conversion ──────────────────────────────────
 /**
  * Convert a Zod object schema to the MCP ToolInputSchema format.
@@ -13,7 +12,7 @@ import { zodToJsonSchema } from "zod-to-json-schema";
  * Phase 3 passes Zod schemas directly to McpServer.registerTool().
  */
 export function zodToInputSchema(schema) {
-    const jsonSchema = zodToJsonSchema(schema, { target: "openApi3" });
+    const jsonSchema = z.toJSONSchema(schema);
     return {
         type: "object",
         properties: (jsonSchema.properties ?? {}),

package/dist/tool-middleware.js

@@ -8,6 +8,7 @@
  * During Phase 2 migration, ToolRegistry continues to use its own copy.
  * Phase 3 replaces ToolRegistry with wrapHandler() + McpServer.registerTool().
  */
+import { validationPipeline } from "./validation-hooks.js";
 // ── Timeouts ────────────────────────────────────────────────
 /** Default tool timeout in milliseconds */
 const DEFAULT_TIMEOUT_MS = 30_000;
@@ -182,13 +183,22 @@ export function wrapHandler(name, handler, deps) {
         }
         const startTime = Date.now();
         try {
+            // Validate: run PreToolUse hooks
+            const validation = await validationPipeline.validate(name, args, ctx);
+            if (!validation.allowed) {
+                return `Blocked: ${validation.reason || 'validation failed'}`;
+            }
+            const validatedArgs = validation.modifiedArgs || args;
+            const warningPrefix = validation.warnings?.length
+                ? `⚠️ ${validation.warnings.join(' | ')}\n\n`
+                : '';
             // Before: auto-enrich context
             const contextPrefix = ctx.enrichmentEnabled && deps.enricher
-                ? await deps.enricher.before(name, args, ctx)
+                ? await deps.enricher.before(name, validatedArgs, ctx)
                 : null;
             // Execute original handler (with timeout)
             const timeoutMs = TOOL_TIMEOUTS[name] ?? DEFAULT_TIMEOUT_MS;
-            const result = await withTimeout(handler(args, ctx), timeoutMs, name);
+            const result = await withTimeout(handler(validatedArgs, ctx), timeoutMs, name);
             // Extract text for tracking/enrichment
             const text = typeof result === "string" ? result : result.text;
             // After: track interaction (fire-and-forget)
@@ -197,12 +207,13 @@ export function wrapHandler(name, handler, deps) {
             }
             // Track usage (fire-and-forget)
             trackUsage(name, args, startTime, true, text, undefined, ctx);
-            // Prepend context if available
-            if (contextPrefix) {
+            // Prepend context/warnings if available
+            const prefix = [warningPrefix, contextPrefix].filter(Boolean).join('');
+            if (prefix) {
                 if (typeof result === "string") {
-                    return contextPrefix + "\n\n" + result;
+                    return prefix + result;
                 }
-                return { text: contextPrefix + "\n\n" + result.text, structured: result.structured };
+                return { text: prefix + result.text, structured: result.structured };
             }
             return result;
         }

package/dist/tools/agents.js

@@ -59,6 +59,74 @@ export function createAgentTools(projectName) {
                 return result;
             },
         },
+        {
+            name: "tribunal_debate",
+            description: `Run an adversarial debate on a topic for ${projectName}. Multiple advocates argue positions, a judge renders a verdict. Use for architecture decisions, tech choices, or code approach trade-offs.`,
+            schema: z.object({
+                topic: z.string().describe("The debate topic (e.g., 'Should we use REST or gRPC for the new API?')"),
+                positions: z.array(z.string()).min(2).max(4).describe("Positions to debate (2-4 options, e.g., ['REST', 'gRPC'])"),
+                context: z.string().optional().describe("Additional context for the debate"),
+                maxRounds: z.coerce.number().optional().describe("Number of rebuttal rounds (default: 1, max: 3)"),
+                useCodeContext: z.boolean().optional().describe("Fetch relevant code, ADRs, and patterns as evidence (default: false)"),
+                autoRecord: z.boolean().optional().describe("Save verdict as a decision in project memory (default: false)"),
+            }),
+            annotations: TOOL_ANNOTATIONS["tribunal_debate"] || { priority: 0.4, readOnlyHint: true },
+            handler: async (args, ctx) => {
+                const { topic, positions, context, maxRounds, useCodeContext, autoRecord } = args;
+                const response = await ctx.api.post("/api/tribunal/debate", {
+                    projectName: ctx.projectName,
+                    topic,
+                    positions,
+                    context,
+                    maxRounds,
+                    useCodeContext,
+                    autoRecord,
+                });
+                const data = response.data;
+                // Format result as markdown
+                let result = `## Tribunal Debate: ${data.topic}\n`;
+                result += `**Status:** ${data.status}`;
+                result += ` | **Duration:** ${Math.round(data.durationMs / 1000)}s`;
+                result += ` | **Cost:** ~$${data.cost?.estimatedUsd?.toFixed(3) || '?'}\n\n`;
+                // Phases summary
+                if (data.phases) {
+                    result += `### Phases\n`;
+                    for (const phase of data.phases) {
+                        result += `- **${phase.name}**: ${Math.round(phase.durationMs / 1000)}s, ${phase.tokens} tokens\n`;
+                    }
+                    result += `\n`;
+                }
+                // Arguments
+                if (data.arguments && data.arguments.length > 0) {
+                    result += `### Arguments\n`;
+                    for (const arg of data.arguments) {
+                        const label = arg.round === 0 ? 'Initial' : `Rebuttal R${arg.round}`;
+                        result += `#### ${arg.position} (${label})\n${arg.content}\n\n`;
+                    }
+                }
+                // Verdict
+                if (data.verdict) {
+                    result += `### Verdict\n`;
+                    result += `**Recommendation:** ${data.verdict.recommendation}\n`;
+                    result += `**Confidence:** ${data.verdict.confidence}\n\n`;
+                    if (data.verdict.scores) {
+                        result += `**Scores:**\n`;
+                        for (const s of data.verdict.scores) {
+                            result += `- ${s.position}: ${s.score}/10\n`;
+                        }
+                        result += `\n`;
+                    }
+                    result += `**Reasoning:**\n${data.verdict.reasoning}\n\n`;
+                    result += `**Trade-offs:**\n${data.verdict.tradeoffs}\n\n`;
+                    result += `**Dissent:**\n${data.verdict.dissent}\n\n`;
+                    result += `**Conditions:**\n${data.verdict.conditions}\n`;
+                }
+                if (data.error) {
+                    result += `\n**Error:** ${data.error}\n`;
+                }
+                return result;
+            },
+        },
         {
             name: "get_agent_types",
             description: `List available agent types for ${projectName} with descriptions.`,

package/dist/types.d.ts

@@ -2,7 +2,7 @@
  * Shared types for the MCP server tool modules.
  */
 import type { AxiosInstance } from "axios";
-import type { ZodObject, ZodRawShape } from "zod";
+import type { z } from "zod";
 import type { ToolAnnotations } from "./annotations.js";
 /** MCP tool input schema shape (raw JSON Schema) */
 export interface ToolInputSchema {
@@ -42,8 +42,8 @@ export interface ToolModule {
 export interface ToolSpec {
     name: string;
     description: string;
-    schema: ZodObject<ZodRawShape>;
-    outputSchema?: ZodObject<ZodRawShape>;
+    schema: z.ZodObject<Record<string, z.ZodType>>;
+    outputSchema?: z.ZodObject<Record<string, z.ZodType>>;
     annotations?: ToolAnnotations;
     handler: ToolHandler;
 }

package/dist/validation-hooks.d.ts

@@ -0,0 +1,40 @@
+/**
+ * PreToolUse Validation Hooks
+ *
+ * Validation pipeline that runs before tool execution.
+ * Hooks can block execution, modify args, or add warnings.
+ *
+ * Inspired by claude-quanta-plugin's PreToolUse hooks pattern.
+ */
+import type { ToolContext } from "./types.js";
+export interface ValidationResult {
+    allowed: boolean;
+    reason?: string;
+    warnings?: string[];
+    modifiedArgs?: Record<string, unknown>;
+}
+export type ValidationHook = (toolName: string, args: Record<string, unknown>, ctx: ToolContext) => Promise<ValidationResult> | ValidationResult;
+/**
+ * Prevent destructive operations without explicit confirmation.
+ * Blocks: index_codebase with force=true, forget (memory deletion).
+ */
+export declare const destructiveGuard: ValidationHook;
+/**
+ * Validate required fields for critical tools.
+ */
+export declare const requiredFieldsValidator: ValidationHook;
+/**
+ * Sanitize inputs — trim strings, enforce reasonable limits.
+ */
+export declare const inputSanitizer: ValidationHook;
+export declare class ValidationPipeline {
+    private hooks;
+    constructor(hooks?: ValidationHook[]);
+    addHook(hook: ValidationHook): void;
+    /**
+     * Run all hooks in sequence. First rejection stops the pipeline.
+     * Args can be modified by hooks (each hook sees the potentially modified args).
+     */
+    validate(toolName: string, args: Record<string, unknown>, ctx: ToolContext): Promise<ValidationResult>;
+}
+export declare const validationPipeline: ValidationPipeline;

package/dist/validation-hooks.js

@@ -0,0 +1,108 @@
+/**
+ * PreToolUse Validation Hooks
+ *
+ * Validation pipeline that runs before tool execution.
+ * Hooks can block execution, modify args, or add warnings.
+ *
+ * Inspired by claude-quanta-plugin's PreToolUse hooks pattern.
+ */
+// ── Built-in Hooks ──────────────────────────────────────────
+/**
+ * Prevent destructive operations without explicit confirmation.
+ * Blocks: index_codebase with force=true, forget (memory deletion).
+ */
+export const destructiveGuard = (toolName, args) => {
+    if (toolName === 'index_codebase' && args.force === true) {
+        return {
+            allowed: true,
+            warnings: ['Force reindex will delete and rebuild the entire index. This may take several minutes.'],
+        };
+    }
+    if (toolName === 'forget') {
+        return {
+            allowed: true,
+            warnings: ['This will permanently delete a memory entry.'],
+        };
+    }
+    return { allowed: true };
+};
+/**
+ * Validate required fields for critical tools.
+ */
+export const requiredFieldsValidator = (toolName, args) => {
+    // Search tools must have a query
+    const searchTools = ['search_codebase', 'hybrid_search', 'search_docs', 'find_feature', 'ask_codebase'];
+    if (searchTools.includes(toolName)) {
+        const query = args.query || args.question;
+        if (!query || (typeof query === 'string' && query.trim().length < 3)) {
+            return { allowed: false, reason: `${toolName} requires a query of at least 3 characters` };
+        }
+    }
+    // Memory tools must have content
+    if (toolName === 'remember' && (!args.content || (typeof args.content === 'string' && args.content.trim().length < 10))) {
+        return { allowed: false, reason: 'remember requires content of at least 10 characters' };
+    }
+    return { allowed: true };
+};
+/**
+ * Sanitize inputs — trim strings, enforce reasonable limits.
+ */
+export const inputSanitizer = (toolName, args) => {
+    const modified = { ...args };
+    let changed = false;
+    // Trim string values
+    for (const [key, value] of Object.entries(modified)) {
+        if (typeof value === 'string' && value !== value.trim()) {
+            modified[key] = value.trim();
+            changed = true;
+        }
+    }
+    // Cap limit params to prevent excessive results
+    if (typeof modified.limit === 'number' && modified.limit > 50) {
+        modified.limit = 50;
+        changed = true;
+    }
+    return changed
+        ? { allowed: true, modifiedArgs: modified }
+        : { allowed: true };
+};
+// ── Validation Pipeline ─────────────────────────────────────
+export class ValidationPipeline {
+    hooks = [];
+    constructor(hooks) {
+        this.hooks = hooks || [
+            destructiveGuard,
+            requiredFieldsValidator,
+            inputSanitizer,
+        ];
+    }
+    addHook(hook) {
+        this.hooks.push(hook);
+    }
+    /**
+     * Run all hooks in sequence. First rejection stops the pipeline.
+     * Args can be modified by hooks (each hook sees the potentially modified args).
+     */
+    async validate(toolName, args, ctx) {
+        let currentArgs = { ...args };
+        const allWarnings = [];
+        for (const hook of this.hooks) {
+            const result = await hook(toolName, currentArgs, ctx);
+            if (!result.allowed) {
+                return result;
+            }
+            if (result.warnings) {
+                allWarnings.push(...result.warnings);
+            }
+            if (result.modifiedArgs) {
+                currentArgs = result.modifiedArgs;
+            }
+        }
+        return {
+            allowed: true,
+            warnings: allWarnings.length > 0 ? allWarnings : undefined,
+            modifiedArgs: currentArgs !== args ? currentArgs : undefined,
+        };
+    }
+}
+export const validationPipeline = new ValidationPipeline();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crowley/rag-mcp",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "Universal RAG MCP Server for any project",
   "type": "module",
   "main": "dist/index.js",
@@ -35,8 +35,7 @@
     "@modelcontextprotocol/sdk": "^1.0.0",
     "axios": "^1.6.0",
     "glob": "^11.0.0",
-    "zod": "^3.25.76",
-    "zod-to-json-schema": "^3.25.1"
+    "zod": "^4.0.0"
   },
   "devDependencies": {
     "@types/node": "^20.10.0",