@kylewadegrove/cutline-mcp-cli 0.4.2 → 0.5.0

package/dist/servers/score-history-HO5KRVGC.js

@@ -0,0 +1,6 @@
+import {
+  recordScoreSnapshot
+} from "./chunk-TGSEURMN.js";
+export {
+  recordScoreSnapshot
+};

package/dist/servers/tools-server.js

@@ -0,0 +1,291 @@
+#!/usr/bin/env node
+import {
+  isWriteTool
+} from "./chunk-KMUSQOTJ.js";
+import {
+  applyEditsLogic,
+  chatWithPersona,
+  generateChatSuggestion,
+  generateTrialRun,
+  getPersona,
+  getWikiMarkdown,
+  listPersonas,
+  saveWikiMarkdown
+} from "./chunk-IVWF7VYZ.js";
+import {
+  guardBoundary,
+  guardOutput,
+  initFirebase,
+  mapErrorToMcp,
+  requirePremiumWithAutoAuth,
+  resolveAuthContext,
+  validateAuth,
+  validateRequestSize,
+  withPerfTracking
+} from "./chunk-PD2HN2R5.js";
+import "./chunk-7FHM2GD3.js";
+import "./chunk-JBJYSV4P.js";
+
+// ../mcp/dist/mcp/src/tools-server.js
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ErrorCode, ListToolsRequestSchema, McpError } from "@modelcontextprotocol/sdk/types.js";
+var server = new Server({
+  name: "cutline-tools",
+  version: "0.1.0"
+}, {
+  capabilities: {
+    tools: {}
+  }
+});
+server.setRequestHandler(ListToolsRequestSchema, async () => {
+  return {
+    tools: [
+      {
+        name: "trial_generate",
+        description: "Generate a trial run response",
+        inputSchema: {
+          type: "object",
+          properties: {
+            prompt: { type: "string" }
+          },
+          required: ["prompt"]
+        }
+      },
+      {
+        name: "agent_chat",
+        description: "Get chat suggestions for wiki editing",
+        inputSchema: {
+          type: "object",
+          properties: {
+            prompt: { type: "string" },
+            wikiMarkdown: { type: "string" },
+            auth_token: { type: "string" }
+          },
+          required: ["prompt"]
+        }
+      },
+      {
+        name: "wiki_load",
+        description: "Load wiki markdown",
+        inputSchema: {
+          type: "object",
+          properties: {
+            projectId: { type: "string" },
+            auth_token: { type: "string" }
+          },
+          required: ["projectId"]
+        }
+      },
+      {
+        name: "wiki_save",
+        description: "Save wiki markdown",
+        inputSchema: {
+          type: "object",
+          properties: {
+            projectId: { type: "string" },
+            markdown: { type: "string" },
+            auth_token: { type: "string" }
+          },
+          required: ["projectId", "markdown"]
+        }
+      },
+      {
+        name: "wiki_apply_edits",
+        description: "Apply edits to wiki",
+        inputSchema: {
+          type: "object",
+          properties: {
+            edits: { type: "array", items: { type: "object" } },
+            auth_token: { type: "string" }
+          },
+          required: ["edits"]
+        }
+      },
+      {
+        name: "personas_list",
+        description: "List personas for the authenticated user, optionally filtered by productId",
+        inputSchema: {
+          type: "object",
+          properties: {
+            productId: { type: "string", description: "Optional product ID to filter personas" },
+            auth_token: { type: "string" }
+          },
+          required: ["auth_token"]
+        }
+      },
+      {
+        name: "personas_get",
+        description: "Get a specific persona by ID",
+        inputSchema: {
+          type: "object",
+          properties: {
+            personaId: { type: "string" },
+            auth_token: { type: "string" }
+          },
+          required: ["personaId", "auth_token"]
+        }
+      },
+      {
+        name: "personas_chat",
+        description: "Chat with a persona. The persona object should include name, description, role, segment, demographics, personality, and behaviors.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            persona: {
+              type: "object",
+              description: "Persona object with name, description, role, segment, demographics, personality, behaviors"
+            },
+            userMessage: { type: "string", description: "The user's message to the persona" },
+            product: {
+              type: "object",
+              description: "Optional product context (name, brief, etc.)"
+            },
+            conversationHistory: {
+              type: "array",
+              items: {
+                type: "object",
+                properties: {
+                  role: { type: "string", enum: ["user", "assistant"] },
+                  content: { type: "string" }
+                }
+              },
+              description: "Optional conversation history"
+            },
+            auth_token: { type: "string" }
+          },
+          required: ["persona", "userMessage", "auth_token"]
+        }
+      },
+      {
+        name: "podcast_get_participants",
+        description: "Get podcast-ready introductions for all personas in a product. Returns taglines, intro scripts, signature traits, and voice settings for each persona. Use this to have Cutline introduce podcast guests.",
+        inputSchema: {
+          type: "object",
+          properties: {
+            productId: { type: "string", description: "The product ID to get personas for" },
+            format: {
+              type: "string",
+              enum: ["json", "script", "bullets"],
+              description: "Output format: 'json' for structured data, 'script' for host-readable text, 'bullets' for quick reference"
+            },
+            auth_token: { type: "string" }
+          },
+          required: ["productId", "auth_token"]
+        }
+      }
+    ]
+  };
+});
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  try {
+    const { name, arguments: rawArgs } = request.params;
+    if (!rawArgs)
+      throw new McpError(ErrorCode.InvalidParams, "Missing arguments");
+    validateRequestSize(rawArgs);
+    const { args } = guardBoundary(name, rawArgs);
+    initFirebase();
+    const rawResponse = await withPerfTracking(name, async () => {
+      if (isWriteTool(name)) {
+        const peekToken = args.auth_token;
+        if (peekToken) {
+          const peekDecoded = await validateAuth(peekToken).catch(() => null);
+          if (peekDecoded && peekDecoded.accountType === "agent") {
+            throw new McpError(ErrorCode.InvalidRequest, "This is a read-only agent account. Write operations require the owner account.");
+          }
+        }
+      }
+      switch (name) {
+        case "trial_generate": {
+          const { prompt } = args;
+          const text = await generateTrialRun(prompt);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ ok: true, text }) }]
+          };
+        }
+        case "agent_chat": {
+          const { prompt, wikiMarkdown, auth_token } = args;
+          await requirePremiumWithAutoAuth(auth_token);
+          const text = await generateChatSuggestion(prompt, wikiMarkdown);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ text }) }]
+          };
+        }
+        case "wiki_load": {
+          const { projectId, auth_token } = args;
+          await requirePremiumWithAutoAuth(auth_token);
+          const markdown = await getWikiMarkdown(projectId);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ markdown }) }]
+          };
+        }
+        case "wiki_save": {
+          const { projectId, markdown, auth_token } = args;
+          const decoded = await requirePremiumWithAutoAuth(auth_token);
+          await saveWikiMarkdown(projectId, markdown, decoded?.uid);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ ok: true }) }]
+          };
+        }
+        case "wiki_apply_edits": {
+          const { edits, auth_token } = args;
+          await requirePremiumWithAutoAuth(auth_token);
+          const result = await applyEditsLogic(edits);
+          return {
+            content: [{ type: "text", text: JSON.stringify(result) }]
+          };
+        }
+        case "personas_list": {
+          const { productId, auth_token } = args;
+          const normalizedAuthToken = auth_token && auth_token !== "auto" && auth_token.trim() !== "" ? auth_token : void 0;
+          const { effectiveUid } = await resolveAuthContext(normalizedAuthToken);
+          const personas = await listPersonas(effectiveUid, productId);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ personas }) }]
+          };
+        }
+        case "personas_get": {
+          const { personaId, auth_token } = args;
+          const normalizedAuthToken = auth_token && auth_token !== "auto" && auth_token.trim() !== "" ? auth_token : void 0;
+          const { effectiveUid } = await resolveAuthContext(normalizedAuthToken);
+          const persona = await getPersona(effectiveUid, personaId);
+          return {
+            content: [{ type: "text", text: JSON.stringify({ persona }) }]
+          };
+        }
+        case "personas_chat": {
+          const { persona, userMessage, product, conversationHistory, auth_token } = args;
+          const normalizedAuthToken = auth_token && auth_token !== "auto" && auth_token.trim() !== "" ? auth_token : void 0;
+          await requirePremiumWithAutoAuth(normalizedAuthToken);
+          const result = await chatWithPersona(persona, userMessage, product, conversationHistory);
+          return {
+            content: [{ type: "text", text: JSON.stringify(result) }]
+          };
+        }
+        case "podcast_get_participants": {
+          const { productId, format, auth_token } = args;
+          const normalizedAuthToken = auth_token && auth_token !== "auto" && auth_token.trim() !== "" ? auth_token : void 0;
+          const { effectiveUid } = await resolveAuthContext(normalizedAuthToken);
+          const result = await (void 0)(effectiveUid, productId, format || "json");
+          return {
+            content: [{ type: "text", text: JSON.stringify(result) }]
+          };
+        }
+        default:
+          throw new McpError(ErrorCode.MethodNotFound, `Unknown tool: ${name}`);
+      }
+    });
+    return guardOutput(name, rawResponse);
+  } catch (error) {
+    throw mapErrorToMcp(error, { tool: request.params.name });
+  }
+});
+async function run() {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error("Cutline Tools MCP Server running on stdio");
+}
+run().catch((error) => {
+  console.error("Fatal error running server:", error);
+  process.exit(1);
+});

package/dist/utils/config-store.js

@@ -1,34 +1,26 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.saveConfig = saveConfig;
-exports.loadConfig = loadConfig;
-exports.getRefreshTokenFromFile = getRefreshTokenFromFile;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const os_1 = __importDefault(require("os"));
-const CONFIG_DIR = path_1.default.join(os_1.default.homedir(), '.cutline-mcp');
-const CONFIG_FILE = path_1.default.join(CONFIG_DIR, 'config.json');
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+const CONFIG_DIR = path.join(os.homedir(), '.cutline-mcp');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
 function ensureConfigDir() {
-    if (!fs_1.default.existsSync(CONFIG_DIR)) {
-        fs_1.default.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    if (!fs.existsSync(CONFIG_DIR)) {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
     }
 }
-function saveConfig(config) {
+export function saveConfig(config) {
     ensureConfigDir();
     const current = loadConfig();
     const newConfig = { ...current, ...config };
     // Remove legacy fields that are no longer stored (e.g. firebaseApiKey)
     // to prevent stale values from causing cross-project auth mismatches
     delete newConfig.firebaseApiKey;
-    fs_1.default.writeFileSync(CONFIG_FILE, JSON.stringify(newConfig, null, 2), { mode: 0o600 });
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(newConfig, null, 2), { mode: 0o600 });
 }
-function loadConfig() {
+export function loadConfig() {
     try {
-        if (fs_1.default.existsSync(CONFIG_FILE)) {
-            const content = fs_1.default.readFileSync(CONFIG_FILE, 'utf-8');
+        if (fs.existsSync(CONFIG_FILE)) {
+            const content = fs.readFileSync(CONFIG_FILE, 'utf-8');
             return JSON.parse(content);
         }
     }
@@ -37,7 +29,7 @@ function loadConfig() {
     }
     return {};
 }
-function getRefreshTokenFromFile() {
+export function getRefreshTokenFromFile() {
     const config = loadConfig();
     return config.refreshToken || null;
 }

package/dist/utils/config.js

@@ -1,11 +1,7 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = getConfig;
-exports.fetchFirebaseApiKey = fetchFirebaseApiKey;
 /**
  * Get static config (URLs only, no API key)
  */
-function getConfig(options = {}) {
+export function getConfig(options = {}) {
     if (options.staging) {
         return {
             AUTH_URL: process.env.CUTLINE_AUTH_URL || 'https://cutline-staging.web.app/mcp-auth',
@@ -24,7 +20,7 @@ function getConfig(options = {}) {
  * This avoids hardcoding API keys in source code.
  * Falls back to environment variables if fetch fails.
  */
-async function fetchFirebaseApiKey(options = {}) {
+export async function fetchFirebaseApiKey(options = {}) {
     // First check environment variables
     const envKey = process.env.FIREBASE_API_KEY || process.env.NEXT_PUBLIC_FIREBASE_API_KEY;
     if (envKey) {

package/mcpb/manifest.json

@@ -0,0 +1,77 @@
+{
+  "manifest_version": "0.3",
+  "name": "cutline-mcp",
+  "display_name": "Cutline — Engineering Guardrails",
+  "version": "0.5.0",
+  "description": "Security, reliability, and scalability constraints for your coding agent. Free code audits with 9 compliance frameworks built in.",
+  "long_description": "Cutline is a guardrail middleware for AI coding agents. It extracts non-functional requirements (security, scalability, reliability) from your ideas and injects them as structured constraints into your agent's context. Includes free engineering audits (3/month), SOC 2 / PCI-DSS / HIPAA / GDPR / OWASP LLM Top 10 compliance frameworks, pre-mortem risk analysis, and a Red-Green-Refactor workflow for systematic remediation.",
+  "author": {
+    "name": "Cutline",
+    "url": "https://thecutline.ai"
+  },
+  "repository": "https://github.com/kylewadegrove/cutline",
+  "homepage": "https://thecutline.ai",
+  "documentation": "https://thecutline.ai/docs/setup",
+  "license": "MIT",
+  "keywords": [
+    "security",
+    "guardrail",
+    "vibecoding",
+    "code-audit",
+    "compliance",
+    "soc2",
+    "nfr",
+    "constraint",
+    "pre-mortem"
+  ],
+  "server": {
+    "type": "node",
+    "entry_point": "server/cutline-server.js",
+    "mcp_config": {
+      "command": "npx",
+      "args": ["-y", "@kylewadegrove/cutline-mcp-cli@latest", "serve", "constraints"]
+    }
+  },
+  "tools": [
+    {
+      "name": "engineering_audit",
+      "description": "Free security, reliability, and scalability scan of your codebase (3/month)"
+    },
+    {
+      "name": "code_audit",
+      "description": "Premium deep code audit with RGR remediation plan"
+    },
+    {
+      "name": "constraints_auto",
+      "description": "Auto-inject relevant constraints based on file context"
+    },
+    {
+      "name": "constraints_query",
+      "description": "Query product constraints by keyword"
+    },
+    {
+      "name": "exploration_start",
+      "description": "Start a guided product idea exploration"
+    },
+    {
+      "name": "premortem_run",
+      "description": "Run a full pre-mortem risk analysis on a product idea"
+    },
+    {
+      "name": "graph_metrics",
+      "description": "Get engineering readiness scores and NFR coverage"
+    }
+  ],
+  "user_config": {
+    "properties": {
+      "CUTLINE_ENVIRONMENT": {
+        "type": "string",
+        "description": "Environment: 'production' or 'staging'",
+        "default": "production"
+      }
+    }
+  },
+  "compatibility": {
+    "clients": ["claude-desktop"]
+  }
+}

package/package.json

@@ -1,36 +1,82 @@
 {
     "name": "@kylewadegrove/cutline-mcp-cli",
-    "version": "0.4.2",
-    "description": "CLI tool for authenticating with Cutline MCP servers",
+    "version": "0.5.0",
+    "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
+    "type": "module",
     "main": "dist/index.js",
     "bin": {
         "cutline-mcp": "./dist/index.js"
     },
+    "files": [
+        "dist/**/*",
+        "README.md",
+        "server.json",
+        "smithery.yaml",
+        "Dockerfile",
+        "mcpb/manifest.json"
+    ],
     "scripts": {
-        "build": "tsc",
+        "build:cli": "tsc",
+        "build:servers": "node scripts/bundle-servers.mjs",
+        "build": "npm run build:cli && npm run build:servers",
+        "build:mcpb": "bash scripts/build-mcpb.sh",
         "dev": "tsc --watch",
-        "start": "node dist/index.js"
+        "start": "node dist/index.js",
+        "prepublishOnly": "npm run build"
     },
+    "mcpName": "ai.thecutline/cutline-mcp",
     "keywords": [
         "cutline",
         "mcp",
+        "mcp-server",
+        "model-context-protocol",
         "cli",
-        "authentication"
+        "security",
+        "guardrail",
+        "vibecoding",
+        "cursor",
+        "claude",
+        "windsurf",
+        "code-audit",
+        "engineering-audit",
+        "nfr",
+        "constraint",
+        "soc2",
+        "hipaa",
+        "pci-dss",
+        "gdpr",
+        "owasp",
+        "pre-mortem",
+        "ai-safety",
+        "cursor-security"
     ],
     "author": "Cutline",
     "license": "MIT",
     "dependencies": {
+        "@google-cloud/storage": "^7.7.0",
+        "@google-cloud/vertexai": "^1.9.2",
+        "@modelcontextprotocol/sdk": "^1.0.0",
+        "@pdf-lib/fontkit": "^1.1.1",
+        "chalk": "^4.1.2",
         "commander": "^11.1.0",
-        "keytar": "^7.9.0",
-        "open": "^9.1.0",
+        "customerio-node": "^4.0.0",
+        "dotenv": "^16.4.5",
         "express": "^4.18.2",
         "firebase-admin": "^12.0.0",
-        "chalk": "^4.1.2",
-        "ora": "^5.4.1"
+        "firebase-functions": "^6.3.0",
+        "google-auth-library": "^9.14.2",
+        "keytar": "^7.9.0",
+        "node-fetch": "^3.3.2",
+        "open": "^9.1.0",
+        "ora": "^5.4.1",
+        "pdf-lib": "^1.17.1",
+        "stripe": "^14.20.0",
+        "zod": "^3.23.8"
     },
     "devDependencies": {
         "@types/express": "^4.17.21",
         "@types/node": "^20.0.0",
+        "esbuild": "^0.25.0",
         "typescript": "^5.3.0"
     },
     "engines": {

package/server.json

@@ -0,0 +1,42 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "ai.thecutline/cutline-mcp",
+  "title": "Cutline — Engineering Guardrails for Vibecoding",
+  "description": "Security, reliability, and scalability constraints for your coding agent. Free code audits, compliance frameworks, and pre-mortem analysis.",
+  "version": "0.5.0",
+  "repository": {
+    "url": "https://github.com/kylewadegrove/cutline",
+    "source": "github"
+  },
+  "websiteUrl": "https://thecutline.ai",
+  "icons": {
+    "light": "https://thecutline.ai/assets/brand/cutline-icon-light.png",
+    "dark": "https://thecutline.ai/assets/brand/cutline-icon-dark.png"
+  },
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "@kylewadegrove/cutline-mcp-cli",
+      "version": "0.5.0",
+      "transport": {
+        "type": "stdio"
+      },
+      "environment_variables": [
+        {
+          "name": "CUTLINE_AUTH",
+          "description": "Authentication is handled via `cutline-mcp login` (stored in keychain). No manual env vars needed.",
+          "required": false
+        }
+      ]
+    }
+  ],
+  "_meta": {
+    "io.modelcontextprotocol.registry/publisher-provided": {
+      "categories": ["security", "infrastructure", "developer-tools"],
+      "compliance_frameworks": ["SOC 2", "PCI-DSS", "HIPAA", "GDPR/CCPA", "OWASP LLM Top 10", "FedRAMP", "GLBA", "FERPA/COPPA"],
+      "free_tier": true,
+      "free_tools": ["engineering_audit", "exploration_start", "exploration_chat", "exploration_graduate", "llm_status", "perf_status"],
+      "tool_count": 54
+    }
+  }
+}

package/smithery.yaml

@@ -0,0 +1,10 @@
+# Smithery registry configuration for Cutline MCP
+# https://smithery.ai/docs/publishing
+
+runtime: "container"
+
+env:
+  NODE_ENV: "production"
+
+# The Dockerfile builds a minimal image with the bundled MCP server
+# and exposes the stdio transport for Smithery's container runtime.