@forgespace/branding-mcp 0.6.2 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/.github/CODEOWNERS +1 -0
  2. package/.github/ISSUE_TEMPLATE/config.yml +8 -0
  3. package/.github/ISSUE_TEMPLATE/feature_request.md +22 -0
  4. package/.github/dependabot.yml +17 -0
  5. package/.github/workflows/ci.yml +4 -22
  6. package/.github/workflows/codeql.yml +47 -0
  7. package/.github/workflows/release-automation.yml +5 -5
  8. package/.github/workflows/secret-scan.yml +13 -0
  9. package/.github/workflows/security-scan.yml +4 -4
  10. package/.github/workflows/semgrep.yml +12 -0
  11. package/.github/workflows/trivy.yml +17 -0
  12. package/.husky/commit-msg +1 -0
  13. package/.nvmrc +1 -0
  14. package/CHANGELOG.md +22 -0
  15. package/catalog-info.yaml +16 -0
  16. package/commitlint.config.cjs +24 -0
  17. package/knip.json +10 -0
  18. package/package.json +8 -7
package/.github/CODEOWNERS ADDED
@@ -0,0 +1 @@
1
+ * @LucasSantana-Dev
package/.github/ISSUE_TEMPLATE/config.yml ADDED
@@ -0,0 +1,8 @@
1
+ blank_issues_enabled: false
2
+ contact_links:
3
+ - name: Forge Space Discussions
4
+ url: https://github.com/orgs/Forge-Space/discussions
5
+ about: Ask questions and share ideas
6
+ - name: Security Policy
7
+ url: https://github.com/Forge-Space/.github/security/policy
8
+ about: Report security vulnerabilities
package/.github/ISSUE_TEMPLATE/feature_request.md ADDED
@@ -0,0 +1,22 @@
1
+ ---
2
+ name: Feature Request
3
+ about: Suggest a new feature or improvement
4
+ title: '[FEATURE] '
5
+ labels: ['enhancement', 'needs-triage']
6
+ ---
7
+
8
+ ## Problem
9
+
10
+ <!-- What problem does this solve? -->
11
+
12
+ ## Proposed Solution
13
+
14
+ <!-- How should it work? -->
15
+
16
+ ## Alternatives Considered
17
+
18
+ <!-- Other approaches you thought of -->
19
+
20
+ ## Additional Context
21
+
22
+ <!-- Screenshots, examples, references -->
package/.github/dependabot.yml ADDED
@@ -0,0 +1,17 @@
1
+ version: 2
2
+ updates:
3
+ - package-ecosystem: 'npm'
4
+ directory: '/'
5
+ schedule:
6
+ interval: 'weekly'
7
+ day: 'monday'
8
+ groups:
9
+ forge-ecosystem:
10
+ patterns: ['@forgespace/*']
11
+ minor-and-patch:
12
+ update-types: ['minor', 'patch']
13
+ open-pull-requests-limit: 10
14
+ - package-ecosystem: 'github-actions'
15
+ directory: '/'
16
+ schedule:
17
+ interval: 'weekly'
package/.github/workflows/ci.yml CHANGED
@@ -15,12 +15,7 @@ jobs:
15
15
  name: Lint & Format
16
16
  runs-on: ubuntu-latest
17
17
  steps:
18
- - uses: actions/checkout@v4
19
- - uses: actions/setup-node@v4
20
- with:
21
- node-version: 22
22
- cache: npm
23
- - run: npm ci
18
+ - uses: Forge-Space/.github/.github/actions/setup-node@main
24
19
  - run: npm run lint:check
25
20
  - run: npm run format:check
26
21
 
@@ -28,12 +23,7 @@ jobs:
28
23
  name: Type Check
29
24
  runs-on: ubuntu-latest
30
25
  steps:
31
- - uses: actions/checkout@v4
32
- - uses: actions/setup-node@v4
33
- with:
34
- node-version: 22
35
- cache: npm
36
- - run: npm ci
26
+ - uses: Forge-Space/.github/.github/actions/setup-node@main
37
27
  - run: npm run typecheck
38
28
 
39
29
  test:
@@ -43,12 +33,9 @@ jobs:
43
33
  matrix:
44
34
  node-version: [22, 24]
45
35
  steps:
46
- - uses: actions/checkout@v4
47
- - uses: actions/setup-node@v4
36
+ - uses: Forge-Space/.github/.github/actions/setup-node@main
48
37
  with:
49
38
  node-version: ${{ matrix.node-version }}
50
- cache: npm
51
- - run: npm ci
52
39
  - run: npm run test:coverage
53
40
  - name: Upload coverage
54
41
  if: matrix.node-version == 22
@@ -62,12 +49,7 @@ jobs:
62
49
  runs-on: ubuntu-latest
63
50
  needs: [lint, typecheck, test]
64
51
  steps:
65
- - uses: actions/checkout@v4
66
- - uses: actions/setup-node@v4
67
- with:
68
- node-version: 22
69
- cache: npm
70
- - run: npm ci
52
+ - uses: Forge-Space/.github/.github/actions/setup-node@main
71
53
  - run: npm run build
72
54
  - name: Verify dist output
73
55
  run: test -f dist/index.js
package/.github/workflows/codeql.yml ADDED
@@ -0,0 +1,47 @@
1
+ name: CodeQL Security Analysis
2
+
3
+ on:
4
+ push:
5
+ branches: [main]
6
+ pull_request:
7
+ branches: [main]
8
+ schedule:
9
+ - cron: '0 2 * * 1'
10
+
11
+ jobs:
12
+ analyze:
13
+ name: Analyze
14
+ runs-on: ubuntu-latest
15
+ timeout-minutes: 360
16
+ permissions:
17
+ security-events: write
18
+ packages: read
19
+ actions: read
20
+ contents: read
21
+
22
+ steps:
23
+ - name: Checkout repository
24
+ uses: actions/checkout@v6
25
+
26
+ - name: Setup Node.js
27
+ uses: actions/setup-node@v6
28
+ with:
29
+ node-version: 22
30
+ cache: npm
31
+
32
+ - name: Install dependencies
33
+ run: npm ci
34
+
35
+ - name: Initialize CodeQL
36
+ uses: github/codeql-action/init@v4
37
+ with:
38
+ languages: javascript-typescript
39
+ queries: +security-and-quality
40
+
41
+ - name: Build project
42
+ run: npm run build
43
+
44
+ - name: Perform CodeQL Analysis
45
+ uses: github/codeql-action/analyze@v4
46
+ with:
47
+ category: '/language:javascript-typescript'
package/.github/workflows/release-automation.yml CHANGED
@@ -14,8 +14,8 @@ jobs:
14
14
  name: Validate
15
15
  runs-on: ubuntu-latest
16
16
  steps:
17
- - uses: actions/checkout@v4
18
- - uses: actions/setup-node@v4
17
+ - uses: actions/checkout@v6
18
+ - uses: actions/setup-node@v6
19
19
  with:
20
20
  node-version: 22
21
21
  cache: npm
@@ -30,7 +30,7 @@ jobs:
30
30
  permissions:
31
31
  contents: write
32
32
  steps:
33
- - uses: actions/checkout@v4
33
+ - uses: actions/checkout@v6
34
34
  - name: Create GitHub Release
35
35
  uses: softprops/action-gh-release@v2
36
36
  with:
@@ -43,8 +43,8 @@ jobs:
43
43
  permissions:
44
44
  contents: read
45
45
  steps:
46
- - uses: actions/checkout@v4
47
- - uses: actions/setup-node@v4
46
+ - uses: actions/checkout@v6
47
+ - uses: actions/setup-node@v6
48
48
  with:
49
49
  node-version: 22
50
50
  cache: npm
package/.github/workflows/secret-scan.yml ADDED
@@ -0,0 +1,13 @@
1
+ name: Secret Scanning
2
+
3
+ on:
4
+ push:
5
+ branches: ['**']
6
+ pull_request:
7
+ branches: [main]
8
+
9
+ jobs:
10
+ secrets:
11
+ uses: Forge-Space/.github/.github/workflows/reusable-secret-scan.yml@main
12
+ permissions:
13
+ contents: read
package/.github/workflows/security-scan.yml CHANGED
@@ -13,8 +13,8 @@ jobs:
13
13
  name: Dependency Audit
14
14
  runs-on: ubuntu-latest
15
15
  steps:
16
- - uses: actions/checkout@v4
17
- - uses: actions/setup-node@v4
16
+ - uses: actions/checkout@v6
17
+ - uses: actions/setup-node@v6
18
18
  with:
19
19
  node-version: 22
20
20
  cache: npm
@@ -29,9 +29,9 @@ jobs:
29
29
  name: Secret Scanning
30
30
  runs-on: ubuntu-latest
31
31
  steps:
32
- - uses: actions/checkout@v4
32
+ - uses: actions/checkout@v6
33
33
  with:
34
34
  fetch-depth: 0
35
- - uses: trufflesecurity/trufflehog@v3.93.4
35
+ - uses: trufflesecurity/trufflehog@v3.93.7
36
36
  with:
37
37
  extra_args: --only-verified
package/.github/workflows/semgrep.yml ADDED
@@ -0,0 +1,12 @@
1
+ name: Semgrep CE
2
+
3
+ on:
4
+ pull_request: {}
5
+ push:
6
+ branches: [main]
7
+ paths:
8
+ - .github/workflows/semgrep.yml
9
+
10
+ jobs:
11
+ semgrep:
12
+ uses: Forge-Space/.github/.github/workflows/reusable-semgrep.yml@main
package/.github/workflows/trivy.yml ADDED
@@ -0,0 +1,17 @@
1
+ name: Trivy Security Scan
2
+
3
+ on:
4
+ pull_request: {}
5
+ push:
6
+ branches: [main]
7
+
8
+ permissions:
9
+ contents: read
10
+ security-events: write
11
+
12
+ jobs:
13
+ trivy:
14
+ uses: Forge-Space/.github/.github/workflows/reusable-trivy.yml@main
15
+ permissions:
16
+ contents: read
17
+ security-events: write
package/.husky/commit-msg ADDED
@@ -0,0 +1 @@
1
+ npx --no -- commitlint --edit "$1"
package/.nvmrc ADDED
@@ -0,0 +1 @@
1
+ 22
package/CHANGELOG.md CHANGED
@@ -2,6 +2,28 @@
2
2
 
3
3
  All notable changes to this project will be documented in this file.
4
4
 
5
+ ## [Unreleased]
6
+
7
+ ## [0.7.0] - 2026-03-07
8
+
9
+ ### Added
10
+
11
+ - **Import cycle detection** — `madge --circular` via `npm run check:cycles`
12
+ - **Dead code detection** — knip config with library export exclusions
13
+ - **Security scanning** — Semgrep CE and Trivy integration in CI
14
+ - **Issue templates** — Bug report and feature request templates
15
+ - **Service catalog** — catalog-info.yaml for IDP service discovery
16
+ - **Ecosystem health** — Dependabot config, .nvmrc, CODEOWNERS
17
+
18
+ ### Changed
19
+
20
+ - **CI workflows** — Migrated to org-wide reusable workflows for security scans and Node.js setup
21
+ - **Dependency updates** — Bumped lint-staged (15.5.2→16.3.2), actions/setup-node (4→6), actions/checkout (4→6), trufflesecurity/trufflehog (3.93.3→3.93.7), and minor/patch group updates
22
+
23
+ ### Removed
24
+
25
+ - Unused dependencies: `culori`, `pdfkit`, `satori`, `sharp`, `@types/pdfkit`
26
+
5
27
  ## [0.6.2] - 2026-03-07
6
28
 
7
29
  ### Fixed
package/catalog-info.yaml ADDED
@@ -0,0 +1,16 @@
1
+ apiVersion: backstage.io/v1alpha1
2
+ kind: Service
3
+ metadata:
4
+ name: branding-mcp
5
+ description: MCP server for brand-aware design generation and WCAG validation
6
+ tags:
7
+ - typescript
8
+ - mcp
9
+ - design
10
+ - npm
11
+ spec:
12
+ owner: forge-space
13
+ system: siza
14
+ lifecycle: production
15
+ dependsOn:
16
+ - brand-guide
package/commitlint.config.cjs ADDED
@@ -0,0 +1,24 @@
1
+ module.exports = {
2
+ extends: ['@commitlint/config-conventional'],
3
+ rules: {
4
+ 'type-enum': [
5
+ 2,
6
+ 'always',
7
+ [
8
+ 'feat',
9
+ 'fix',
10
+ 'docs',
11
+ 'style',
12
+ 'refactor',
13
+ 'perf',
14
+ 'test',
15
+ 'chore',
16
+ 'ci',
17
+ 'build',
18
+ 'revert',
19
+ ],
20
+ ],
21
+ 'header-max-length': [2, 'always', 100],
22
+ 'subject-case': [0],
23
+ },
24
+ };
package/knip.json ADDED
@@ -0,0 +1,10 @@
1
+ {
2
+ "$schema": "https://unpkg.com/knip@5/schema.json",
3
+ "ignoreDependencies": ["lint-staged"],
4
+ "ignore": [
5
+ "src/lib/branding-core/documents/html-generator.ts",
6
+ "src/lib/branding-core/documents/pdf-generator.ts"
7
+ ],
8
+ "ignoreExportsUsedInFile": true,
9
+ "exclude": ["exports", "types"]
10
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forgespace/branding-mcp",
3
- "version": "0.6.2",
3
+ "version": "0.7.0",
4
4
  "description": "MCP server for AI-powered brand identity generation — color palettes, typography systems, design tokens, and brand guidelines with multi-format export",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -24,6 +24,8 @@
24
24
  "test:coverage": "NODE_OPTIONS=--experimental-vm-modules jest --coverage",
25
25
  "test:watch": "NODE_OPTIONS=--experimental-vm-modules jest --watch",
26
26
  "typecheck": "tsc --noEmit",
27
+ "check:cycles": "madge --circular --extensions ts src/",
28
+ "knip": "knip",
27
29
  "pre-commit": "npm run lint && npm run format && npm run test",
28
30
  "prepare": "husky"
29
31
  },
@@ -49,22 +51,21 @@
49
51
  "homepage": "https://github.com/Forge-Space/branding-mcp#readme",
50
52
  "dependencies": {
51
53
  "@modelcontextprotocol/sdk": "^1.26.0",
52
- "culori": "^4.0.1",
53
- "pdfkit": "^0.16.0",
54
54
  "pino": "^10.3.1",
55
- "satori": "^0.12.1",
56
- "sharp": "^0.34.5",
57
55
  "zod": "^3.24.0"
58
56
  },
59
57
  "devDependencies": {
58
+ "@commitlint/cli": "^20.4.3",
59
+ "@commitlint/config-conventional": "^20.4.3",
60
60
  "@types/node": "^22.15.0",
61
- "@types/pdfkit": "^0.13.8",
62
61
  "@typescript-eslint/eslint-plugin": "^8.32.0",
63
62
  "@typescript-eslint/parser": "^8.32.0",
64
63
  "eslint": "^9.0.0",
65
64
  "husky": "^9.0.0",
66
65
  "jest": "^29.7.0",
67
- "lint-staged": "^15.0.0",
66
+ "knip": "^5.86.0",
67
+ "lint-staged": "^16.3.2",
68
+ "madge": "^8.0.0",
68
69
  "prettier": "^3.0.0",
69
70
  "ts-jest": "^29.4.6",
70
71
  "typescript": "^5.1.6"