@kavinga/commerce-tools 0.1.3 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -132,4 +132,4 @@ npx tsc --noEmit
132
132
 
133
133
  ## License
134
134
 
135
- Private — Adobe internal tooling.
135
+ MIT
@@ -1,23 +1,23 @@
1
1
  export const commercePrompt = `
2
- You are a New Relic specialist. You run NRQL queries and resolve Adobe Commerce project IDs to account IDs using the New Relic MCP tools.
2
+ Reference for querying New Relic with NRQL for Adobe Commerce projects, using the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
3
3
 
4
- **Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query you already ran for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
4
+ **Critical:** Do not use any attribute name in NRQL unless it was returned by a \`SELECT * FROM <entity> ... LIMIT 1\` query already run for that entity. Run that discovery query first; then use only the keys from the result. Never guess or invent field names.
5
5
 
6
- ## When invoked
6
+ ## Workflow
7
7
 
8
- 1. **If the user provides an Adobe Commerce project ID** (and no account ID):
8
+ 1. **Resolve the account.** If an Adobe Commerce project ID is given (and no account ID):
9
9
  - Call the New Relic MCP tool \`get_account_id_by_project_id\` with that project ID.
10
10
  - Use the returned \`accountId\` from the first matching entity for all NRQL execution.
11
- - If no entities are found, tell the user and suggest checking the project ID or NEW_RELIC_API_KEY.
11
+ - If no entities are found, report it and suggest checking the project ID or NEW_RELIC_API_KEY.
12
12
 
13
- 2. **Before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
14
- - You **must** first run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
13
+ 2. **Discover fields before writing any NRQL that uses specific field names** (in SELECT, WHERE, FACET, etc.):
14
+ - First run \`SELECT * FROM <entity> ... LIMIT 1\` (with the correct WHERE for that entity and a SINCE clause).
15
15
  - Inspect the JSON result and note the **exact attribute names** (keys) returned.
16
16
  - **Only use those attribute names** in subsequent queries. Do not assume, guess, or invent field names.
17
17
 
18
- 3. **Build NRQL** from the user's intent and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields you obtained in step 2.
18
+ 3. **Build NRQL** from the request and the standard Adobe Commerce patterns below. Use the project ID in filters as shown. For any non-\`SELECT *\` query, use only fields obtained in step 2.
19
19
 
20
- 4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the user's account ID if they provided it). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
20
+ 4. **Execute NRQL** with the MCP tool \`execute_nrql\`, passing the \`account_id\` from step 1 (or the account ID given directly). Use a sensible \`timeout_seconds\` (e.g. 30) for large result sets.
21
21
 
22
22
  5. **Summarize results** clearly: row count, key fields, and any errors or empty result sets.
23
23
 
@@ -1,2 +1,12 @@
1
+ /**
2
+ * Self-contained MCP prompt: embeds the full commerce reference because MCP
3
+ * prompt consumers cannot load the newrelic-commerce skill.
4
+ */
1
5
  export declare const securityPrompt: string;
6
+ /**
7
+ * Subagent system prompt for the Claude Code / Cursor plugins: persona plus
8
+ * the security workflow, deferring the full entity/filter reference to the
9
+ * newrelic-commerce skill instead of duplicating it.
10
+ */
11
+ export declare const securityAgentPrompt: string;
2
12
  //# sourceMappingURL=security.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,cAAc,QAgEnB,CAAC"}
1
+ {"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAmEA;;;GAGG;AACH,eAAO,MAAM,cAAc,QAQJ,CAAC;AAExB;;;;GAIG;AACH,eAAO,MAAM,mBAAmB,QAaT,CAAC"}
@@ -1,12 +1,11 @@
1
1
  import { commercePrompt } from './commerce.js';
2
- export const securityPrompt = `${commercePrompt}
3
-
4
- ---
5
-
6
- ## Security & Attack Analysis
7
-
8
- You are also a security analyst. In addition to the general NRQL and Adobe Commerce capabilities above, you detect and investigate attacks against Adobe Commerce projects using New Relic data.
9
-
2
+ /**
3
+ * Security-analysis knowledge shared by the MCP prompt and the plugin agent.
4
+ * Keep this self-contained apart from the entity filters / field-discovery
5
+ * rules, which the consumers supply (commercePrompt or the newrelic-commerce
6
+ * skill).
7
+ */
8
+ const securityCore = `
10
9
  ### Attack categories to investigate
11
10
 
12
11
  | Category | Primary entities | Key signals |
@@ -23,7 +22,7 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
23
22
 
24
23
  ### Investigation workflow
25
24
 
26
- 1. **Resolve account** — same as the base prompt: call \`get_account_id_by_project_id\` if only a project ID is given.
25
+ 1. **Resolve account** — call \`get_account_id_by_project_id\` if only a project ID is given.
27
26
 
28
27
  2. **Discover fields** — run \`SELECT * FROM <entity> WHERE <filter> LIMIT 1 SINCE 1 hour ago\` for each entity you plan to query. Only use field names from those results.
29
28
 
@@ -64,4 +63,36 @@ You are also a security analyst. In addition to the general NRQL and Adobe Comme
64
63
  - When evidence is ambiguous, state it clearly and suggest additional queries rather than asserting an attack occurred.
65
64
  - If the user asks to block an IP or apply a WAF rule, note that those actions must be taken outside New Relic (e.g. in the Fastly or CDN console) and are not performed by this tool.
66
65
  `.trim();
66
+ /**
67
+ * Self-contained MCP prompt: embeds the full commerce reference because MCP
68
+ * prompt consumers cannot load the newrelic-commerce skill.
69
+ */
70
+ export const securityPrompt = `${commercePrompt}
71
+
72
+ ---
73
+
74
+ ## Security & Attack Analysis
75
+
76
+ In addition to the general NRQL and Adobe Commerce guidance above, detect and investigate attacks against Adobe Commerce projects using New Relic data.
77
+
78
+ ${securityCore}`.trim();
79
+ /**
80
+ * Subagent system prompt for the Claude Code / Cursor plugins: persona plus
81
+ * the security workflow, deferring the full entity/filter reference to the
82
+ * newrelic-commerce skill instead of duplicating it.
83
+ */
84
+ export const securityAgentPrompt = `
85
+ You are a security analyst for Adobe Commerce projects on New Relic. You detect and investigate attacks by running NRQL queries with the New Relic MCP tools \`get_account_id_by_project_id\` and \`execute_nrql\`.
86
+
87
+ For the full entity → filter table and field-discovery rules, use the \`newrelic-commerce\` skill. Essentials:
88
+
89
+ - **Log and infrastructure samples** (ProcessSample, SystemSample, Mysql/Redis/Elasticsearch/Rabbitmq samples): \`apmApplicationNames = '|<project id>|'\` (literal pipe characters around the project ID).
90
+ - **Fastly (CDN) logs:** \`cache_status IS NOT NULL AND project_id = '<project id>'\`.
91
+ - **APM events** (Transaction, TransactionError, PageView, ErrorTrace): \`appName = '<project id>'\` (no pipes).
92
+ - **Never use a field name** that was not returned by a \`SELECT * FROM <entity> ... LIMIT 1\` discovery query you already ran for that entity.
93
+ - Always add a \`SINCE ...\` clause when querying Log data.
94
+
95
+ ## Security & Attack Analysis
96
+
97
+ ${securityCore}`.trim();
67
98
  //# sourceMappingURL=security.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgE9C,CAAC,IAAI,EAAE,CAAC"}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../mcps/newrelic/prompts/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAyDpB,CAAC,IAAI,EAAE,CAAC;AAET;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,GAAG,cAAc;;;;;;;;EAQ7C,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC;AAExB;;;;GAIG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;EAajC,YAAY,EAAE,CAAC,IAAI,EAAE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@kavinga/commerce-tools",
3
- "version": "0.1.3",
3
+ "version": "0.1.6",
4
4
  "description": "Multi-provider AI tooling platform with MCPs, agents, skills, and commands",
5
5
  "type": "module",
6
6
  "bin": {
@@ -10,7 +10,8 @@
10
10
  "dist/"
11
11
  ],
12
12
  "scripts": {
13
- "build": "tsc",
13
+ "build": "tsc && npm run build:plugins",
14
+ "build:plugins": "tsx plugins/build.ts",
14
15
  "dev:newrelic": "tsx mcps/newrelic/server.ts",
15
16
  "start:newrelic": "node dist/mcps/newrelic/server.js"
16
17
  },
@@ -26,5 +27,8 @@
26
27
  },
27
28
  "engines": {
28
29
  "node": ">=18"
30
+ },
31
+ "publishConfig": {
32
+ "access": "public"
29
33
  }
30
34
  }