@danainnovations/cortex-mcp 1.0.102 → 1.0.103

package/dist/{constants-66VQYSV7.js → constants-AJADVACN.js}

@@ -9,7 +9,7 @@ import {
   DEFAULT_SERVER_URL,
   MCP_NAMES,
   PROTOCOL_VERSION
-} from "./chunk-RB5AKDLX.js";
+} from "./chunk-35KL5IIO.js";
 export {
   AVAILABLE_MCPS,
   CONFIG_DIR_NAME,
@@ -21,4 +21,4 @@ export {
   MCP_NAMES,
   PROTOCOL_VERSION
 };
-//# sourceMappingURL=constants-66VQYSV7.js.map
+//# sourceMappingURL=constants-AJADVACN.js.map

package/dist/index.d.ts

@@ -207,8 +207,8 @@ declare const AVAILABLE_MCPS: readonly [{
 }];
 /** All available MCP names */
 declare const MCP_NAMES: string[];
-/** Shared API key embedded in the package (no user prompt needed) */
-declare const DEFAULT_API_KEY = "ctx_07d37a81_9f7be06af38d04753090a4034f907a65ec06cd675ed26f65653898388e2d1709";
+/** @deprecated Shared default key removed — users must run `cortex-mcp login` */
+declare const DEFAULT_API_KEY = "";
 
 /** Stored credentials from a successful login */
 interface CortexCredentials {
@@ -221,7 +221,10 @@ interface CortexCredentials {
 declare function readCredentials(): CortexCredentials | null;
 /**
  * Get the effective API key to use.
- * Priority: CORTEX_API_KEY env var > stored credentials > config file > default shared key
+ * Priority: CORTEX_API_KEY env var > stored credentials > config file
+ *
+ * Returns empty string if no key is available — callers should check
+ * and prompt the user to run `cortex-mcp login`.
  */
 declare function getEffectiveApiKey(): string;
 

package/dist/index.js

@@ -104,7 +104,7 @@ var AVAILABLE_MCPS = [
 ];
 var MCP_NAMES = AVAILABLE_MCPS.map((m) => m.name);
 var DEFAULT_MCPS = [...MCP_NAMES];
-var DEFAULT_API_KEY = "ctx_07d37a81_9f7be06af38d04753090a4034f907a65ec06cd675ed26f65653898388e2d1709";
+var DEFAULT_API_KEY = "";
 var CONFIG_DIR_NAME = ".cortex-mcp";
 var CONFIG_FILE_NAME = "config.json";
 var CREDENTIALS_FILE_NAME = "credentials.json";
@@ -1094,6 +1094,79 @@ async function startStdioServer(options) {
     }
     initialized = true;
   }
+  const VIBE_CODING_GUIDE_TOOL = {
+    name: "vibe_coding_guide",
+    description: "IMPORTANT: Call this tool FIRST before building any new application. Returns the required Cortex workflow for creating branded, production-ready apps deployed to Vercel with GitHub, Supabase, and Sonance Brand integration. This ensures every app follows the correct pipeline: branded proof-of-concept \u2192 user approval \u2192 infrastructure setup \u2192 code with brand components \u2192 deploy \u2192 verify.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        project_type: {
+          type: "string",
+          description: "Optional: 'new' for greenfield apps, 'existing' for changes to existing projects. Defaults to 'new'."
+        }
+      }
+    }
+  };
+  const VIBE_CODING_GUIDE_RESPONSE = [
+    "# Cortex Vibe Coding Workflow",
+    "",
+    "Follow this pipeline when building apps with Cortex MCP tools.",
+    "",
+    "## New App (Greenfield)",
+    "",
+    "### Phase 1: Design & Approve",
+    "1. Call `sonance_brand__design_app` with the app description to get the branded starter blueprint (CSS, components, layout)",
+    "2. Call `sonance_brand__get_css_theme` for the full CSS variables and Tailwind config",
+    "3. Create a single branded HTML proof-of-concept file and show the user",
+    "4. Ask the user: 'Does this look right? Ready to build the full app?'",
+    "5. Do NOT proceed until the user approves",
+    "",
+    "### Phase 2: Plan Infrastructure",
+    "6. Determine if the app needs a database (user accounts, persistent data \u2192 yes; static content \u2192 no)",
+    "7. Determine if the app needs authentication (multi-user, personalized data \u2192 yes; public content \u2192 no)",
+    "8. Present the plan to the user: 'Your app needs: GitHub repo, Vercel deployment, [Supabase DB + auth / no DB]'",
+    "",
+    "### Phase 3: Build with Brand",
+    "9. Write Next.js + TypeScript code using Sonance Brand components:",
+    "   - Call `sonance_brand__get_components_by_category` for pre-built UI components",
+    "   - Call `sonance_brand__get_component` for specific components",
+    "   - Use brand CSS tokens for all colors/typography \u2014 never hardcode hex values",
+    "10. Structure code modularly: components in /components, utilities in /lib, routes in /app",
+    "    - No single file over 300 lines",
+    "    - Always use TypeScript (.tsx/.ts)",
+    "",
+    "### Phase 4: Deploy",
+    "11. If auth needed: call `supabase__setup_cortex_auth` \u2014 returns client_id, client_secret, cortex_url",
+    "    - Include auth template files: login page, callback route, middleware, sign-out",
+    "12. Create private GitHub repo: `github__create_repository` + `github__push_files`",
+    "    - Include .gitignore, .env.example, README.md \u2014 NEVER push .env or secrets",
+    "13. Set ALL env vars on Vercel using `vercel__set_env_vars_batch` BEFORE deploying:",
+    "    - Supabase: NEXT_PUBLIC_SUPABASE_URL, NEXT_PUBLIC_SUPABASE_ANON_KEY, SUPABASE_SERVICE_ROLE_KEY",
+    "    - Auth: NEXT_PUBLIC_CORTEX_URL, NEXT_PUBLIC_CORTEX_CLIENT_ID, CORTEX_CLIENT_ID, CORTEX_CLIENT_SECRET",
+    "    - Extract ALL values from tool responses \u2014 NEVER ask the user to copy keys",
+    "14. Deploy: `vercel__deploy` then verify with `vercel__get_deployment`",
+    "    - If ERROR: get logs, fix code, push fix, retry until READY",
+    "    - NEVER tell the user the app is live without confirming READY status",
+    "15. If auth: register redirect URI with `supabase__add_redirect_uri`",
+    "",
+    "### Phase 5: Quality",
+    "16. Run `security_scan__scan_code_security`, `code_analysis__lint_directory`, `code_review__review_directory`",
+    "17. Call `sonance_brand__evaluate_design` \u2014 must score Tier 3+ (>= 60) before finalizing",
+    "",
+    "## Existing Project",
+    "",
+    "If the user references an existing repo/project ('add auth to...', 'fix the deployment on...'),",
+    "skip the POC and go directly to the requested changes. Still apply:",
+    "- Brand components and CSS tokens for any new UI",
+    "- Env vars before deploying",
+    "- Deployment verification",
+    "- Quality checks and brand evaluation",
+    "",
+    "## Key Rules",
+    "- The user should NEVER manually set env vars, copy keys, or configure auth",
+    "- Always use Next.js + TypeScript, never plain React or HTML for production apps",
+    "- Always use Sonance Brand components \u2014 never write custom Button/Card/Navbar with hardcoded styles"
+  ].join("\n");
   server.setRequestHandler(ListToolsRequestSchema, async () => {
     await ensureInitialized();
     const response = await cortex.listTools();
@@ -1102,12 +1175,18 @@ async function startStdioServer(options) {
     }
     const result = response.result;
     const tools = (result.tools || []).map(overrideUploadToolSchema);
-    return { tools };
+    return { tools: [VIBE_CODING_GUIDE_TOOL, ...tools] };
   });
   server.setRequestHandler(CallToolRequestSchema, async (request) => {
     await ensureInitialized();
     const { name, arguments: args } = request.params;
     const typedArgs = args ?? {};
+    if (name === "vibe_coding_guide") {
+      return {
+        content: [{ type: "text", text: VIBE_CODING_GUIDE_RESPONSE }],
+        isError: false
+      };
+    }
     const baseName = name.includes("__") ? name.split("__").pop() : name;
     if (UPLOAD_TOOLS.has(baseName) && typedArgs.file_path) {
       return handleLocalFileUpload(cortex, name, typedArgs);
@@ -1752,7 +1831,7 @@ function getEffectiveApiKey() {
   if (creds?.apiKey) return creds.apiKey;
   const config = readConfig();
   if (config?.apiKey) return config.apiKey;
-  return DEFAULT_API_KEY;
+  return "";
 }
 
 // src/client/mcp-namespace.ts