@kylewadegrove/cutline-mcp-cli 0.7.2 → 0.7.4

package/README.md

@@ -38,15 +38,15 @@ cutline-mcp init
 cutline-mcp setup
 ```
 
-Then ask your AI agent: **"Run an engineering audit on this codebase"**
+Then ask your AI agent: **"Run a code audit on this codebase"**
 
 ## What It Does
 
 | Capability | Free | Premium |
 |---|---|---|
-| **Engineering Audit** — security, reliability, scalability scan | 3/month | Unlimited |
+| **Code Audit** — security, reliability, scalability scan | 3/month | Unlimited |
 | **9 Compliance Frameworks** — SOC 2, PCI-DSS, HIPAA, GDPR, OWASP LLM, FedRAMP, GLBA, FERPA/COPPA | Auto-loaded | Auto-loaded |
-| **Code Audit** — deep scan + RGR remediation plan | — | Unlimited |
+| **Engineering Audit** — deep product-linked scan + RGR remediation plan | — | Unlimited |
 | **Pre-Mortem Analysis** — risks, assumptions, competitive threats | — | Unlimited |
 | **Constraint Graph** — product-specific NFR routing | — | Full access |
 | **AI Personas** — stakeholder feedback on features | — | Full access |
@@ -58,7 +58,7 @@ Then ask your AI agent: **"Run an engineering audit on this codebase"**
 
 | Tool | Description |
 |---|---|
-| `engineering_audit` | Security, reliability, and scalability scan (3/month) |
+| `code_audit` | Security, reliability, and scalability scan (3/month) |
 | `exploration_start` | Start a guided product idea exploration |
 | `exploration_chat` | Continue an exploration conversation |
 | `exploration_graduate` | Graduate top idea (teaser for free, full for premium) |
@@ -75,7 +75,7 @@ Then ask your AI agent: **"Run an engineering audit on this codebase"**
 
 **Graph Operations:** `graph_ingest_requirements`, `graph_get_boundaries`, `graph_bind_codebase`, `graph_bind_confirm`, `graph_view`, `graph_conflicts`, `graph_metrics`
 
-**Code & RGR:** `code_audit`, `rgr_plan`, `rgr_complete_phase`, `export_readiness_badge`
+**Code & RGR:** `engineering_audit`, `rgr_plan`, `rgr_complete_phase`, `export_readiness_badge`
 
 **Wiki & Integrations:** `wiki_load`, `wiki_save`, `wiki_apply_edits`, `agent_chat`, `integrations_create_issues`
 
@@ -105,7 +105,7 @@ cutline-mcp init --project-root /path/to/project
 ```
 
 **Free tier writes:**
-- `.cursor/rules/rgr-workflow.mdc` — RGR cycle with `engineering_audit`
+- `.cursor/rules/rgr-workflow.mdc` — RGR cycle with `code_audit`
 - `.cursor/rules/ambient-constraints.mdc` — Constraint checking guidance
 - `CLAUDE.local.md` — Same instructions for Claude Code
 

package/dist/commands/init.js

@@ -57,11 +57,11 @@ function cursorRgrRule(config, tier) {
     const productId = config?.product_id ?? '<from .cutline/config.json>';
     const productName = config?.product_name ?? 'your product';
     const verifyTool = tier === 'premium'
-        ? `\`code_audit(product_id: "${productId}", project_root: "<workspace>")\``
-        : `\`engineering_audit(project_root: "<workspace>")\``;
+        ? `\`engineering_audit(product_id: "${productId}", project_root: "<workspace>")\``
+        : `\`code_audit(project_root: "<workspace>")\``;
     const planStep = tier === 'premium'
         ? `1. **Plan**: \`rgr_plan(product_id: "${productId}", file_path: "<file>")\``
-        : `1. **Plan**: \`engineering_audit(project_root: "<workspace>")\` to identify top active issue`;
+        : `1. **Plan**: \`code_audit(project_root: "<workspace>")\` to identify top active issue`;
     return `---
 description: RGR development workflow using Cutline MCP tools
 globs:
@@ -102,7 +102,7 @@ alwaysApply: true
 
 # Cutline Constraints
 
-Run \`engineering_audit(project_root)\` before major implementations to check constraint coverage.
+Run \`code_audit(project_root)\` before major implementations to check constraint coverage.
 
 Severity levels:
 - **CRITICAL**: Must address before proceeding
@@ -150,8 +150,8 @@ function claudeLocalContent(config, tier) {
     const productId = config?.product_id ?? '<product_id>';
     const productName = config?.product_name ?? 'your product';
     const verifyCmd = tier === 'premium'
-        ? `code_audit(product_id: "${productId}", project_root)`
-        : `engineering_audit(project_root)`;
+        ? `engineering_audit(product_id: "${productId}", project_root)`
+        : `code_audit(project_root)`;
     return `# Cutline Integration
 
 This file is auto-generated by \`cutline-mcp init\`. Do not commit to version control.
@@ -161,7 +161,7 @@ Tier: ${tier}
 
 ${tier === 'premium' ? `Read \`.cutline.md\` before planning or executing code in this repository.\n` : ''}## RGR Workflow
 
-1. **Plan**: ${tier === 'premium' ? `\`rgr_plan(product_id: "${productId}", file_path)\`` : `\`engineering_audit(project_root)\``} before writing code
+1. **Plan**: ${tier === 'premium' ? `\`rgr_plan(product_id: "${productId}", file_path)\`` : `\`code_audit(project_root)\``} before writing code
 2. **Implement**: Address constraints/findings from the plan
 3. **Verify**: \`${verifyCmd}\`
 4. **Complete**: ${tier === 'premium' ? `\`rgr_complete_phase(product_id: "${productId}", phase)\`` : 'Re-scan to confirm scores improved'}

package/dist/commands/setup.js

@@ -84,10 +84,12 @@ function prompt(question) {
     });
 }
 function buildServerConfig() {
+    const voltaNpx = join(homedir(), '.volta', 'bin', 'npx');
+    const npxCommand = existsSync(voltaNpx) ? voltaNpx : 'npx';
     const config = {};
     for (const name of SERVER_NAMES) {
         config[`cutline-${name}`] = {
-            command: 'npx',
+            command: npxCommand,
             args: ['-y', '@kylewadegrove/cutline-mcp-cli@latest', 'serve', name],
         };
     }
@@ -242,8 +244,8 @@ export async function setupCommand(options) {
         const items = [
             { cmd: 'Run a deep dive on my product idea', desc: 'Pre-mortem analysis — risks, assumptions, experiments' },
             { cmd: 'Plan this feature with constraints from my product', desc: 'RGR plan — constraint-aware implementation roadmap' },
-            { cmd: 'Run an audit over my code', desc: 'Quick security scan — safe for any codebase' },
-            { cmd: 'Run a code audit for my product', desc: 'Full engineering audit + RGR remediation plan' },
+            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability (generic, not product-linked)' },
+            { cmd: 'Run an engineering audit for my product', desc: 'Premium deep audit — product-linked analysis + RGR remediation plan' },
             { cmd: 'Check constraints for src/api/upload.ts', desc: 'Get NFR boundaries for a specific file' },
             { cmd: 'Generate .cutline.md for my product', desc: 'Write the constraint routing engine' },
             { cmd: 'What does my persona think about X?', desc: 'AI persona feedback on features' },
@@ -256,14 +258,16 @@ export async function setupCommand(options) {
     }
     else {
         const items = [
-            { cmd: 'Run an engineering audit on this codebase', desc: 'Security, reliability, and scalability scan (3/month free)' },
+            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability scan (3/month free)' },
+            { cmd: 'Explore a product idea', desc: 'Free 6-act discovery flow to identify pain points and opportunities' },
+            { cmd: 'Continue my exploration session', desc: 'Resume and refine an existing free exploration conversation' },
         ];
         for (const item of items) {
             console.log(`  ${chalk.cyan('→')} ${chalk.white(`"${item.cmd}"`)}`);
             console.log(`    ${chalk.dim(item.desc)}`);
         }
         console.log();
-        console.log(chalk.dim('  Upgrade to Premium for deep dives, code audits, constraint graphs, and personas'));
+        console.log(chalk.dim('  Want product-linked constraints, full code audit + RGR plans, and pre-mortem deep dives?'));
         console.log(chalk.dim('  →'), chalk.cyan('cutline-mcp upgrade'), chalk.dim('or https://thecutline.ai/upgrade'));
     }
     console.log();

package/dist/commands/upgrade.js

@@ -89,8 +89,8 @@ export async function upgradeCommand(options) {
         const items = [
             { cmd: 'Run a deep dive on my product idea', desc: 'Pre-mortem analysis — risks, assumptions, experiments' },
             { cmd: 'Plan this feature with constraints from my product', desc: 'RGR plan — constraint-aware implementation roadmap' },
-            { cmd: 'Run an audit over my code', desc: 'Quick security scan — safe for any codebase' },
-            { cmd: 'Run a code audit for my product', desc: 'Full engineering audit + RGR remediation plan' },
+            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability (generic, not product-linked)' },
+            { cmd: 'Run an engineering audit for my product', desc: 'Premium deep audit — product-linked analysis + RGR remediation plan' },
             { cmd: 'Generate .cutline.md for my product', desc: 'Write the constraint routing engine' },
         ];
         for (const item of items) {

package/dist/servers/cutline-server.js

@@ -6824,7 +6824,7 @@ async function handleSecurityScan(genericGraphId, uid, args, deps) {
     try {
       scaFindings = await scanDependencies(scan.dependencies);
     } catch (e) {
-      console.warn("[engineering_audit] SCA scan failed:", e.message);
+      console.warn("[code_audit] SCA scan failed:", e.message);
     }
   }
   const sensitiveFilePaths = new Set(scan.sensitive_data.fields?.map((f) => f.file).filter(Boolean) ?? []);
@@ -6970,7 +6970,7 @@ function formatAuditOutput(result, reportId) {
   const p = result.previousMetrics;
   const isRescan = !!p;
   const lines = [
-    `# Cutline Engineering Audit`,
+    `# Cutline Code Audit`,
     ``,
     `**Ecosystem:** ${result.ecosystem.languages.join(", ")} / ${result.ecosystem.frameworks.join(", ") || "none detected"}`,
     `**Sensitive data locations:** ${result.sensitiveDataCount}`
@@ -6994,7 +6994,7 @@ function formatAuditOutput(result, reportId) {
   const criticalCount = result.gatedGapDetails.filter((g) => g.severity === "critical" || g.severity === "high").length;
   if (totalFindings > 0) {
     const topFinding = result.gatedGapDetails[0];
-    lines.push(``, `## #1 Finding \u2014 Fix This Now`, ``, `**[${topFinding.severity.toUpperCase()}] ${topFinding.title}**`, `*Category: ${topFinding.category}*`, ``, topFinding.description || "Address this finding to improve your readiness scores.", ``, `> Fix this issue, then re-run \`engineering_audit\` to see your scores improve.`);
+    lines.push(``, `## #1 Finding \u2014 Fix This Now`, ``, `**[${topFinding.severity.toUpperCase()}] ${topFinding.title}**`, `*Category: ${topFinding.category}*`, ``, topFinding.description || "Address this finding to improve your readiness scores.", ``, `> Fix this issue, then re-run \`code_audit\` to see your scores improve.`);
     const remaining = result.gatedGapDetails.slice(1);
     if (remaining.length > 0) {
       lines.push(``, `## ${remaining.length} More Finding${remaining.length > 1 ? "s" : ""} Detected`);
@@ -7903,32 +7903,32 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "code_audit",
-        description: "\u{1F512} PREMIUM - Security-focused code audit. Scans the local workspace, reads security-relevant files, cross-references the product constraint graph, runs an LLM extraction for security gaps, builds an RGR remediation plan, and optionally queues a deep dive job. Returns the job URL, RGR plan, security gaps, binding health, and ecosystem fingerprint.",
+        description: "\u{1F513} FREE - Code audit. Evaluates your codebase against a stack-aware constraint graph covering security, reliability, and scalability. No deep dive or product_id required \u2014 just point at your codebase. Shows aggregate readiness scores and top critical findings; detailed analysis and remediation require Premium. Requires a Cutline account (free). 3 scans/month.",
         inputSchema: {
           type: "object",
           properties: {
-            product_id: { type: "string", description: "Product ID from .cutline/config.json" },
-            project_root: { type: "string", description: "Absolute path to the workspace root" },
-            file_paths: { type: "array", items: { type: "string" }, description: "Specific files to audit (overrides automatic scan selection)" },
-            task_description: { type: "string", description: "What the user is building \u2014 provides context for the audit" },
-            audit_mode: { type: "string", enum: ["security", "full"], description: "Audit focus: 'security' (default) or 'full' for broader product analysis" },
-            max_file_bytes: { type: "number", description: "Max bytes to read per file (default: 50000)" },
-            auto_start: { type: "boolean", description: "Automatically queue a deep dive job (default: true)" }
+            project_root: { type: "string", description: "Absolute path to the workspace root to scan" },
+            task_description: { type: "string", description: "Optional context about what you're building" },
+            max_file_bytes: { type: "number", description: "Max bytes to read per file (default: 50000)" }
           },
-          required: ["product_id", "project_root"]
+          required: ["project_root"]
         }
       },
       {
         name: "engineering_audit",
-        description: "\u{1F513} FREE - Cutline Engineering Audit. Evaluates your codebase against a stack-aware constraint graph covering security, reliability, and scalability. No deep dive or product_id required \u2014 just point at your codebase. Shows aggregate readiness scores and top critical findings; detailed analysis and remediation require Pro. Scores serve as a prior if you later run a deep dive. Requires a Cutline account (free). 3 scans/month.",
+        description: "\u{1F512} PREMIUM - Engineering audit for your product. Security-focused deep audit that scans local code, cross-references the product constraint graph, extracts security gaps, builds an RGR remediation plan, and optionally queues a deep dive job.",
         inputSchema: {
           type: "object",
           properties: {
-            project_root: { type: "string", description: "Absolute path to the workspace root to scan" },
-            task_description: { type: "string", description: "Optional context about what you're building" },
-            max_file_bytes: { type: "number", description: "Max bytes to read per file (default: 50000)" }
+            product_id: { type: "string", description: "Product ID from .cutline/config.json" },
+            project_root: { type: "string", description: "Absolute path to the workspace root" },
+            file_paths: { type: "array", items: { type: "string" }, description: "Specific files to audit (overrides automatic scan selection)" },
+            task_description: { type: "string", description: "What the user is building \u2014 provides context for the audit" },
+            audit_mode: { type: "string", enum: ["security", "full"], description: "Audit focus: 'security' (default) or 'full' for broader product analysis" },
+            max_file_bytes: { type: "number", description: "Max bytes to read per file (default: 50000)" },
+            auto_start: { type: "boolean", description: "Automatically queue a deep dive job (default: true)" }
           },
-          required: ["project_root"]
+          required: ["product_id", "project_root"]
         }
       }
     ]
@@ -8214,7 +8214,7 @@ Why AI: ${idea.whyAI}`
         const text = await cfGenerateTrialRun(prompt);
         return { content: [{ type: "text", text: JSON.stringify({ text }) }] };
       }
-      if (name2 === "engineering_audit") {
+      if (name2 === "code_audit") {
         const scanArgs = args;
         if (!scanArgs.project_root) {
           throw new McpError(ErrorCode.InvalidParams, "project_root is required");
@@ -8250,9 +8250,9 @@ Why AI: ${idea.whyAI}`
           updateGraphMetadata: (pid, patch) => updateGraphMetadata(pid, patch)
         });
         try {
-          await recordScoreSnapshot(genericGraphId, result.metrics, "engineering_audit");
+          await recordScoreSnapshot(genericGraphId, result.metrics, "code_audit");
         } catch (e) {
-          console.error("[engineering_audit] Score snapshot failed (non-fatal):", e);
+          console.error("[code_audit] Score snapshot failed (non-fatal):", e);
         }
         let reportId;
         try {
@@ -8281,7 +8281,7 @@ Why AI: ${idea.whyAI}`
           });
           reportId = saved.id;
         } catch (e) {
-          console.error("[engineering_audit] Report persistence failed (non-fatal):", e);
+          console.error("[code_audit] Report persistence failed (non-fatal):", e);
         }
         return {
           content: [{ type: "text", text: formatAuditOutput(result, reportId) }]
@@ -10026,7 +10026,7 @@ ${JSON.stringify(metrics, null, 2)}` }
               ``,
               `1. **Plan**: \`rgr_plan(product_id: "${product_id}", file_path: "<file>")\``,
               `2. **Implement**: Address constraints from the plan`,
-              `3. **Verify**: \`code_audit(product_id: "${product_id}", project_root: "${genProjectRoot}")\``,
+              `3. **Verify**: \`engineering_audit(product_id: "${product_id}", project_root: "${genProjectRoot}")\``,
               `4. **Complete**: \`rgr_complete_phase(product_id: "${product_id}", phase: "<phase>")\``,
               ``,
               `## When to use RGR`,
@@ -10052,7 +10052,7 @@ ${JSON.stringify(metrics, null, 2)}` }
               ``,
               `1. **Plan**: Call \`rgr_plan(product_id: "${product_id}", file_path)\` before writing code`,
               `2. **Implement**: Address constraints from the plan`,
-              `3. **Verify**: Run \`code_audit(product_id: "${product_id}", project_root)\``,
+              `3. **Verify**: Run \`engineering_audit(product_id: "${product_id}", project_root)\``,
               `4. **Complete**: Call \`rgr_complete_phase(product_id: "${product_id}", phase)\``,
               ``,
               `Use RGR for: new features, security/auth, billing, API endpoints, DB schema, infra.`,
@@ -10212,9 +10212,9 @@ Meta: ${JSON.stringify({
           };
         }
         // ─────────────────────────────────────────────────────────────────
-        // CODE_AUDIT
+        // ENGINEERING_AUDIT (premium)
         // ─────────────────────────────────────────────────────────────────
-        case "code_audit": {
+        case "engineering_audit": {
           const auditArgs = args;
           if (!auditArgs.product_id) {
             throw new McpError(ErrorCode.InvalidParams, "product_id is required");
@@ -10260,7 +10260,7 @@ Meta: ${JSON.stringify({
               const { id: newJobId } = await createPremortem({
                 status: "queued",
                 payload: { ...runInput, productId: void 0 },
-                source: "code_audit",
+                source: "engineering_audit",
                 mode: "product",
                 codeContext: payload.codeContext || null
               });
@@ -10270,7 +10270,7 @@ Meta: ${JSON.stringify({
             }
           });
           const sections = [
-            `## Code Audit Complete
+            `## Engineering Audit Complete
 `,
             result.url ? `**Deep Dive Queued** \u2192 [View Results](${result.url})
 ` : `*Deep dive not started (auto_start=false)*
@@ -10370,10 +10370,10 @@ These constraints will now fire via \`constraints_auto\` when you edit matched f
             const nextPhase = rgrPhases[0];
             sections.push(`Active issues found. Start the RGR cycle:`);
             sections.push(`1. **Fix** the top findings above`);
-            sections.push(`2. **Verify** by re-running \`code_audit\``);
+            sections.push(`2. **Verify** by re-running \`engineering_audit\``);
             sections.push(`3. **Complete** the phase: \`rgr_complete_phase(product_id, phase: "${nextPhase.label}")\``);
           } else if (failCount > 0) {
-            sections.push(`Active issues found. Fix them, then re-run \`code_audit\` to verify.`);
+            sections.push(`Active issues found. Fix them, then re-run \`engineering_audit\` to verify.`);
             sections.push(`When clean, call \`rgr_complete_phase(product_id, phase: "security")\` to update scores.`);
           } else {
             sections.push(`No active issues. Call \`rgr_complete_phase(product_id, phase: "security")\` to record progress.`);
@@ -10389,7 +10389,7 @@ These constraints will now fire via \`constraints_auto\` when you edit matched f
             await updateGraphMetadata(auditArgs.product_id, {
               metrics: auditMetrics
             });
-            await recordScoreSnapshot(auditArgs.product_id, auditMetrics, "code_audit");
+            await recordScoreSnapshot(auditArgs.product_id, auditMetrics, "engineering_audit");
             await updatePremortem(auditArgs.product_id, { metrics: auditMetrics });
           } catch (e) {
             console.error("Metrics recompute after code audit failed (non-fatal):", e);

package/mcpb/manifest.json

@@ -4,7 +4,7 @@
   "display_name": "Cutline — Engineering Guardrails",
   "version": "0.5.0",
   "description": "Security, reliability, and scalability constraints for your coding agent. Free code audits with 9 compliance frameworks built in.",
-  "long_description": "Cutline is a guardrail middleware for AI coding agents. It extracts non-functional requirements (security, scalability, reliability) from your ideas and injects them as structured constraints into your agent's context. Includes free engineering audits (3/month), SOC 2 / PCI-DSS / HIPAA / GDPR / OWASP LLM Top 10 compliance frameworks, pre-mortem risk analysis, and a Red-Green-Refactor workflow for systematic remediation.",
+  "long_description": "Cutline is a guardrail middleware for AI coding agents. It extracts non-functional requirements (security, scalability, reliability) from your ideas and injects them as structured constraints into your agent's context. Includes free code audits (3/month), SOC 2 / PCI-DSS / HIPAA / GDPR / OWASP LLM Top 10 compliance frameworks, pre-mortem risk analysis, and a Red-Green-Refactor workflow for systematic remediation.",
   "author": {
     "name": "Cutline",
     "url": "https://thecutline.ai"
@@ -35,11 +35,11 @@
   "tools": [
     {
       "name": "engineering_audit",
-      "description": "Free security, reliability, and scalability scan of your codebase (3/month)"
+      "description": "Premium deep, product-linked engineering audit with RGR remediation planning"
     },
     {
       "name": "code_audit",
-      "description": "Premium deep code audit with RGR remediation plan"
+      "description": "Free security, reliability, and scalability code audit of your codebase (3/month)"
     },
     {
       "name": "constraints_auto",

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@kylewadegrove/cutline-mcp-cli",
-    "version": "0.7.2",
+    "version": "0.7.4",
     "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
     "type": "module",
     "main": "dist/index.js",

package/server.json

@@ -35,7 +35,7 @@
       "categories": ["security", "infrastructure", "developer-tools"],
       "compliance_frameworks": ["SOC 2", "PCI-DSS", "HIPAA", "GDPR/CCPA", "OWASP LLM Top 10", "FedRAMP", "GLBA", "FERPA/COPPA"],
       "free_tier": true,
-      "free_tools": ["engineering_audit", "exploration_start", "exploration_chat", "exploration_graduate", "llm_status", "perf_status"],
+      "free_tools": ["code_audit", "exploration_start", "exploration_chat", "exploration_graduate", "llm_status", "perf_status"],
       "tool_count": 54
     }
   }