npm - @decantr/mcp-server - Versions diffs - 2.3.0 → 2.4.0 - Mend

@decantr/mcp-server 2.3.0 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +9 -3
package/dist/bin.js +1 -1
package/dist/{chunk-GIVGJE76.js → chunk-P2K3R43N.js} +66 -3
package/dist/index.js +1 -1
package/package.json +3 -3

package/README.md CHANGED Viewed

@@ -12,7 +12,7 @@ Design intelligence for AI-generated UI. Make Claude, Cursor, and Windsurf gener
 ![Decantr MCP demo](https://raw.githubusercontent.com/decantr-ai/decantr/main/packages/mcp-server/assets/decantr-demo.gif)
-- **Structured design context** -- gives your AI assistant patterns, layouts, component specs, Brownfield local law, and task-time context instead of letting it guess
+- **Structured design context** -- gives your AI assistant patterns, layouts, component specs, Brownfield/Hybrid authority, local law, and task-time context instead of letting it guess
 - **Evidence-backed repair loops** -- gives AI agents Project Health, Evidence Bundles, workspace health, and scoped repair prompts without uploading source
 - **Drift detection** -- catches when generated code deviates from your design intent
 - **Zero config** -- run with `npx`, no API keys or accounts required
@@ -136,7 +136,7 @@ The server exposes Decantr registry, context, benchmark, and verification tools.
 | `decantr_suggest_patterns` | Given a page description plus optional route/source excerpt, get ranked pattern suggestions | `{ "description": "recipe feed with avatars and infinite scroll", "route": "/feed" }` |
 | `decantr_check_drift` | Check if generated code violates the design intent in the Essence spec | `{ "page_id": "overview", "components_used": ["Card", "LineChart"], "theme_used": "auradecantism" }` |
 | `decantr_get_execution_pack` | Read compiled scaffold, section, page, review, or mutation execution packs, with hosted fallback when local context is missing | `{ "pack_type": "page", "id": "overview", "format": "json" }` |
-| `decantr_prepare_task_context` | Resolve compact route/task context, local law, evidence, and changed-file impact before editing a Brownfield or Essence route | `{ "route": "/feed", "task": "improve recipe card loading" }` |
+| `decantr_prepare_task_context` | Resolve compact route/task context, authority lane, local law, evidence, and changed-file impact before editing a Brownfield, Hybrid, or Essence route | `{ "route": "/feed", "task": "improve recipe card loading" }` |
 | `decantr_compile_execution_packs` | Compile a hosted execution-pack bundle from a local or inline essence document | `{ "path": "./decantr.essence.json", "namespace": "@official" }` |
 | `decantr_audit_project` | Run the schema-backed Decantr project audit against essence and compiled packs, with hosted fallback when local pack artifacts are missing | `{ "namespace": "@official" }` |
 | `decantr_critique` | Critique a file against the compiled review contract, with hosted fallback when local review packs are missing | `{ "file_path": "./src/pages/Overview.tsx", "namespace": "@official" }` |
@@ -148,6 +148,12 @@ The server exposes Decantr registry, context, benchmark, and verification tools.
 For the broader product surface and support policy, see the root Decantr docs and package support matrix.
+## Security And Permissions
+The MCP server reads Decantr files and selected project files from the active workspace. Write access is limited to explicit write tools such as `decantr_update_essence` and `decantr_accept_drift`, and paths are contained to the active workspace root.
+Registry and pack-resolution tools may call the configured Decantr API. Source upload fallbacks for hosted critique/audit are disabled unless the tool call explicitly passes `allow_hosted_upload: true`. The MCP server does not emit Decantr telemetry. See [security permissions](https://decantr.ai/reference/security-permissions.md).
 ## Compatibility
 `@decantr/mcp-server` is stable in the `2.x` line for the documented MCP tool surface.
@@ -171,7 +177,7 @@ The AI assistant calls these tools behind the scenes:
 3. `decantr_suggest_patterns` -- recommends `kpi-grid`, `chart-grid`, `data-table`, and `form-sections` for the described pages
 4. `decantr_resolve_pattern` -- fetches layout specs and component lists for each pattern
 5. `decantr_get_execution_pack` -- loads the compiled scaffold/page/review packs as the task contract, falling back to hosted compilation when local pack artifacts are missing
-6. `decantr_prepare_task_context` -- resolves route-local Brownfield context, accepted local law, changed-file impact, visual evidence, and theme inventory before editing an existing app
+6. `decantr_prepare_task_context` -- resolves route-local Brownfield/Hybrid context, active authority, accepted local law, changed-file impact, visual evidence, and theme inventory before editing an existing app
 7. `decantr_compile_execution_packs` -- compiles the hosted pack bundle when the task needs a fresh remote contract from the essence document
 8. `decantr_check_drift` -- validates the generated code against the Essence spec before presenting it
 9. `decantr_critique` -- critiques a specific file, falling back to the hosted verifier when the local review pack is missing

package/dist/bin.js CHANGED Viewed

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-import "./chunk-GIVGJE76.js";
+import "./chunk-P2K3R43N.js";

package/dist/{chunk-GIVGJE76.js → chunk-P2K3R43N.js} RENAMED Viewed

@@ -160,9 +160,7 @@ function changedFilesForTask(projectRoot) {
   return [...changed].sort();
 }
 function impactedRoutesForFiles(projectRoot, files) {
-  const analysis = readJsonIfExists(
-    join2(projectRoot, ".decantr", "analysis.json")
-  );
+  const analysis = readJsonIfExists(join2(projectRoot, ".decantr", "analysis.json"));
   const routeEntries = analysis?.routes?.routes ?? [];
   const impacted = /* @__PURE__ */ new Set();
   for (const file of files) {
@@ -193,6 +191,63 @@ function localLawSummary(projectRoot) {
     })) ?? []
   };
 }
+function mentionsWord(text, term) {
+  const escaped = term.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  return new RegExp(`\\b${escaped}\\b`, "i").test(text);
+}
+function taskAuthoritySummary(input) {
+  const hasLocalLaw = input.localLaw.patterns.length > 0 || input.localLaw.rules.length > 0;
+  let lane = "Brownfield contract-only";
+  let sourceAuthority = "Existing app is authoritative; Decantr supplies contract context.";
+  let styleAuthority = "Use the existing styling system.";
+  const activeAuthorities = ["existing source", "Essence V4 contract"];
+  if (input.workflowMode === "hybrid-compose") {
+    lane = "Hybrid composition";
+    sourceAuthority = "Existing app plus selected Decantr/local law are authoritative.";
+  } else if (input.workflowMode === "brownfield-attach" && input.adoptionMode === "decantr-css") {
+    lane = "Hybrid with Decantr CSS";
+    sourceAuthority = "Existing app remains authoritative except where Decantr CSS is explicitly adopted.";
+    styleAuthority = "Decantr CSS runtime is active where adopted.";
+    activeAuthorities.push("Decantr CSS runtime");
+  } else if (input.workflowMode === "brownfield-attach" && input.adoptionMode === "style-bridge") {
+    lane = "Hybrid style bridge";
+    sourceAuthority = "Existing app remains authoritative; Decantr intent maps through the style bridge.";
+    styleAuthority = "Use bridge tokens/classes as a mapping layer onto the app styling system.";
+    activeAuthorities.push("style bridge");
+  } else if (input.workflowMode === "brownfield-attach" && hasLocalLaw) {
+    lane = "Hybrid local law";
+    sourceAuthority = "Existing app plus accepted project-owned UI law are authoritative.";
+    styleAuthority = "Use project-owned components, tokens, classes, and accepted local rules.";
+  } else if (input.workflowMode?.startsWith("greenfield")) {
+    lane = input.workflowMode === "greenfield-contract-only" ? "Greenfield contract-only" : "Greenfield scaffold";
+    sourceAuthority = "Essence V4 and generated context are authoritative.";
+    styleAuthority = input.adoptionMode === "contract-only" ? "Use the project-chosen styling system." : "Use Decantr CSS where generated by the adapter.";
+  }
+  if (hasLocalLaw) activeAuthorities.push("accepted local patterns/rules");
+  if (input.hasPackManifest) activeAuthorities.push("hosted execution packs as guidance");
+  const warnings = [];
+  const task = input.task;
+  for (const term of ["angular", "vue", "svelte", "solid", "bootstrap", "shadcn"]) {
+    if (mentionsWord(task, term)) {
+      warnings.push(
+        `Task mentions ${term}; treat it as optional Hybrid guidance unless this workspace already owns that runtime/library or the user explicitly asks for a reviewed adoption plan.`
+      );
+    }
+  }
+  if (input.adoptionMode !== "decantr-css" && (/@decantr\/css/i.test(task) || /\bdecantr css\b/i.test(task) || /\bd-[a-z0-9-]+/i.test(task))) {
+    warnings.push(
+      "This project is not in decantr-css adoption mode. Do not add @decantr/css or d-* classes unless the user explicitly changes adoption mode."
+    );
+  }
+  return {
+    lane,
+    source_authority: sourceAuthority,
+    style_authority: styleAuthority,
+    active_authorities: activeAuthorities,
+    runtime_boundary: "Preserve the current workspace runtime unless the task is explicitly a reviewed migration or isolated integration plan.",
+    warnings
+  };
+}
 function extractPatternIdsFromLayoutItem(item, ids) {
   if (typeof item === "string") {
     ids.add(item);
@@ -2428,6 +2483,7 @@ async function handleTool(name, args) {
         join2(process.cwd(), ".decantr", "theme-inventory.json")
       );
       const localLaw = localLawSummary(process.cwd());
+      const projectJson = readJsonIfExists(join2(process.cwd(), ".decantr", "project.json"));
       const changedFiles = changedFilesForTask(process.cwd());
       const changedRoutes = impactedRoutesForFiles(process.cwd(), changedFiles);
       const patternIds = extractPagePatternIds(page);
@@ -2479,6 +2535,13 @@ async function handleTool(name, args) {
           path: ".decantr/theme-inventory.json"
         } : null,
         local_law: localLaw,
+        authority: taskAuthoritySummary({
+          workflowMode: projectJson?.initialized?.workflowMode ?? null,
+          adoptionMode: projectJson?.initialized?.adoptionMode ?? null,
+          localLaw,
+          hasPackManifest: Boolean(manifest),
+          task
+        }),
         change_impact: {
           changed_files: changedFiles.slice(0, 40),
           changed_file_count: changedFiles.length,

package/dist/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import "./chunk-~~GIVGJE76~~.js";
1	+ import "./chunk-P2K3R43N.js";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@decantr/mcp-server",
-  "version": "2.3.0",
+  "version": "2.4.0",
   "mcpName": "io.github.decantr-ai/mcp-server",
   "description": "MCP server for Decantr — exposes design intelligence, packs, and verification to AI coding assistants",
   "keywords": [
@@ -50,8 +50,8 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
     "@decantr/essence-spec": "2.0.1",
-    "@decantr/registry": "2.2.0",
-    "@decantr/verifier": "2.2.0"
+    "@decantr/verifier": "2.3.3",
+    "@decantr/registry": "2.2.0"
   },
   "scripts": {
     "build": "tsup",