@meltstudio/meltctl 4.150.0 → 4.151.0

package/dist/index.js

@@ -14,7 +14,7 @@ var CLI_VERSION;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
-    CLI_VERSION = "4.150.0";
+    CLI_VERSION = "4.151.0";
   }
 });
 
@@ -1014,27 +1014,15 @@ function createPmResource(config) {
       const res = await apiFetch(config, `/pm/project-settings/${projectId}`, { method: "PATCH", body: JSON.stringify(input3) });
       return unwrap("update project settings", res);
     },
-    // ─── Audit flags ──────────────────────────────────────────────────────
-    async listAuditFlags(projectId, status = "open") {
-      const res = await apiFetch(config, `/pm/project-audit-flags?projectId=${projectId}&status=${status}`);
-      return unwrap("list audit flags", res);
-    },
     /**
-     * Cross-project audit-flag listing for the home action-items panel.
-     * Same shape as `listAuditFlags` but covers every project the caller can
-     * see. Defaults to open flags only.
+     * Read-only project context for the audit skill + other dev-callable
+     * tools (#464). Auth-only (no manager check) so devs can call it from
+     * their own MCP session. Returns project identity + canonical stage
+     * without paying for the full health composition.
      */
-    async listAllAuditFlags(status = "open") {
-      const res = await apiFetch(config, `/pm/project-audit-flags?status=${status}`);
-      return unwrap("list all audit flags", res);
-    },
-    async dismissAuditFlag(id, reason) {
-      const res = await apiFetch(config, `/pm/project-audit-flags/${id}/dismiss`, { method: "POST", body: JSON.stringify({ reason }) });
-      return unwrap("dismiss audit flag", res);
-    },
-    async getAuditCatalog() {
-      const res = await apiFetch(config, `/pm/project-audit-catalog`);
-      return unwrap("get audit catalog", res);
+    async getProjectContext(projectId) {
+      const res = await apiFetch(config, `/pm/project-context/${projectId}`);
+      return unwrap("get project context", res);
     },
     // ─── Risk-board mappings ──────────────────────────────────────────────
     /**
@@ -1391,6 +1379,15 @@ var ISSUE_RULES = [
     howToFix: "Open the Roadmap tab and attach the phase's planned features, or close the phase if it's done",
     scope: "project"
   },
+  {
+    id: "roadmap.no-features-with-active-phase",
+    dimension: "roadmap",
+    severity: "high",
+    label: "Active phase but no features",
+    category: "sprint",
+    howToFix: "Run a backlog-seeding session and add features to the active phase before the team starts",
+    scope: "project"
+  },
   // Delivery — Board
   {
     id: "board.no-mapping",
@@ -1401,6 +1398,15 @@ var ISSUE_RULES = [
     howToFix: "Open Project Settings and connect a Linear team or Jira project in the mappings card",
     scope: "project"
   },
+  {
+    id: "tracker.no-oauth",
+    dimension: "board",
+    severity: "high",
+    label: "Tracker needs OAuth connect",
+    category: "gaps",
+    howToFix: "Open Project Settings \u2192 Tracker connections and click Connect for the missing provider; that switches the project off Melt's shared key onto its own OAuth grant",
+    scope: "project"
+  },
   {
     id: "board.empty",
     dimension: "board",
@@ -1437,6 +1443,33 @@ var ISSUE_RULES = [
     howToFix: "Open the project page and click 'Run board audit' to refresh the score",
     scope: "project"
   },
+  {
+    id: "board.in-progress-stale",
+    dimension: "board",
+    severity: "medium",
+    label: "Stale in-progress tickets",
+    category: "sprint",
+    howToFix: "Open the project board, ask the assignees what's blocking, and either move the ticket forward or back to the backlog",
+    scope: "project"
+  },
+  {
+    id: "board.pm-silent-critical",
+    dimension: "board",
+    severity: "critical",
+    label: "PM silent in active cycle",
+    category: "sprint",
+    howToFix: "Comment on the active-cycle tickets to acknowledge progress, ask questions, or flag concerns",
+    scope: "project"
+  },
+  {
+    id: "board.pm-silent-medium",
+    dimension: "board",
+    severity: "medium",
+    label: "PM commenting on under 60% of active-cycle tickets",
+    category: "sprint",
+    howToFix: "Comment on the active-cycle tickets to acknowledge progress, ask questions, or flag concerns",
+    scope: "project"
+  },
   // Delivery — Risks
   {
     id: "risks.stale-red-zone",
@@ -3811,27 +3844,15 @@ function createPmResource2(config) {
       const res = await apiFetch2(config, `/pm/project-settings/${projectId}`, { method: "PATCH", body: JSON.stringify(input3) });
       return unwrap2("update project settings", res);
     },
-    // ─── Audit flags ──────────────────────────────────────────────────────
-    async listAuditFlags(projectId, status = "open") {
-      const res = await apiFetch2(config, `/pm/project-audit-flags?projectId=${projectId}&status=${status}`);
-      return unwrap2("list audit flags", res);
-    },
     /**
-     * Cross-project audit-flag listing for the home action-items panel.
-     * Same shape as `listAuditFlags` but covers every project the caller can
-     * see. Defaults to open flags only.
+     * Read-only project context for the audit skill + other dev-callable
+     * tools (#464). Auth-only (no manager check) so devs can call it from
+     * their own MCP session. Returns project identity + canonical stage
+     * without paying for the full health composition.
      */
-    async listAllAuditFlags(status = "open") {
-      const res = await apiFetch2(config, `/pm/project-audit-flags?status=${status}`);
-      return unwrap2("list all audit flags", res);
-    },
-    async dismissAuditFlag(id, reason) {
-      const res = await apiFetch2(config, `/pm/project-audit-flags/${id}/dismiss`, { method: "POST", body: JSON.stringify({ reason }) });
-      return unwrap2("dismiss audit flag", res);
-    },
-    async getAuditCatalog() {
-      const res = await apiFetch2(config, `/pm/project-audit-catalog`);
-      return unwrap2("get audit catalog", res);
+    async getProjectContext(projectId) {
+      const res = await apiFetch2(config, `/pm/project-context/${projectId}`);
+      return unwrap2("get project context", res);
     },
     // ─── Risk-board mappings ──────────────────────────────────────────────
     /**
@@ -4175,6 +4196,15 @@ var ISSUE_RULES2 = [
     howToFix: "Open the Roadmap tab and attach the phase's planned features, or close the phase if it's done",
     scope: "project"
   },
+  {
+    id: "roadmap.no-features-with-active-phase",
+    dimension: "roadmap",
+    severity: "high",
+    label: "Active phase but no features",
+    category: "sprint",
+    howToFix: "Run a backlog-seeding session and add features to the active phase before the team starts",
+    scope: "project"
+  },
   // Delivery — Board
   {
     id: "board.no-mapping",
@@ -4185,6 +4215,15 @@ var ISSUE_RULES2 = [
     howToFix: "Open Project Settings and connect a Linear team or Jira project in the mappings card",
     scope: "project"
   },
+  {
+    id: "tracker.no-oauth",
+    dimension: "board",
+    severity: "high",
+    label: "Tracker needs OAuth connect",
+    category: "gaps",
+    howToFix: "Open Project Settings \u2192 Tracker connections and click Connect for the missing provider; that switches the project off Melt's shared key onto its own OAuth grant",
+    scope: "project"
+  },
   {
     id: "board.empty",
     dimension: "board",
@@ -4221,6 +4260,33 @@ var ISSUE_RULES2 = [
     howToFix: "Open the project page and click 'Run board audit' to refresh the score",
     scope: "project"
   },
+  {
+    id: "board.in-progress-stale",
+    dimension: "board",
+    severity: "medium",
+    label: "Stale in-progress tickets",
+    category: "sprint",
+    howToFix: "Open the project board, ask the assignees what's blocking, and either move the ticket forward or back to the backlog",
+    scope: "project"
+  },
+  {
+    id: "board.pm-silent-critical",
+    dimension: "board",
+    severity: "critical",
+    label: "PM silent in active cycle",
+    category: "sprint",
+    howToFix: "Comment on the active-cycle tickets to acknowledge progress, ask questions, or flag concerns",
+    scope: "project"
+  },
+  {
+    id: "board.pm-silent-medium",
+    dimension: "board",
+    severity: "medium",
+    label: "PM commenting on under 60% of active-cycle tickets",
+    category: "sprint",
+    howToFix: "Comment on the active-cycle tickets to acknowledge progress, ask questions, or flag concerns",
+    scope: "project"
+  },
   // Delivery — Risks
   {
     id: "risks.stale-red-zone",
@@ -4443,6 +4509,9 @@ async function listProjects(client) {
 async function getProjectSettings(client, input3) {
   return safe(() => client.pm.getProjectSettings(input3.projectId));
 }
+async function getProjectContext(client, input3) {
+  return safe(() => client.pm.getProjectContext(input3.projectId));
+}
 function registerProjectTools(server, getClient2) {
   server.registerTool(
     "list_projects",
@@ -4464,6 +4533,17 @@ function registerProjectTools(server, getClient2) {
     },
     withClientArgs(getClient2, getProjectSettings)
   );
+  server.registerTool(
+    "get_project_context",
+    {
+      title: "Get project context",
+      description: "Read-only project identity + the PM-owned canonical project stage. Returns: projectId, projectName, client, pmEmail, repos[], projectStage (prototype | early_revenue | growth | scale | null), projectStageSetBy, projectStageSetAt. Call this at the start of an audit run instead of trusting AGENTS.md self-declaration \u2014 the stage drives audit calibration. Auth-only (no manager check), so devs running the audit skill from their own machine can call it directly.",
+      inputSchema: {
+        projectId: z22.number().int().positive().describe("Strapi project id from list_projects.")
+      }
+    },
+    withClientArgs(getClient2, getProjectContext)
+  );
 }
 var SHAPE_DESC = "crawling | walking | running. Target shape is intent (PM sets when creating); current shape is computed from feature stages.";
 async function listPhases(client, input3) {
@@ -4635,70 +4715,15 @@ function registerFeatureTools(server, getClient2) {
     withClientArgs(getClient2, updateFeature)
   );
 }
-var FLAG_STATUS_VALUES = ["open", "resolved", "dismissed", "all"];
-async function listAuditFlags(client, input3) {
-  return safe(() => client.pm.listAuditFlags(input3.projectId, input3.status ?? "open"));
-}
-async function dismissAuditFlag(client, input3) {
-  return safe(() => client.pm.dismissAuditFlag(input3.flagId, input3.reason));
-}
-async function getAuditCatalog(client) {
-  return safe(() => client.pm.getAuditCatalog());
-}
 async function runProjectAudit(client, input3) {
   return safe(() => client.pm.runProjectAudit(input3.projectId));
 }
-var listAuditFlagsInputSchema = z5.object({
-  projectId: z5.number().int().positive(),
-  status: z5.enum(FLAG_STATUS_VALUES).optional()
-});
-var dismissAuditFlagInputSchema = z5.object({
-  flagId: z5.string().uuid(),
-  reason: z5.string().min(1)
-});
 function registerAuditTools(server, getClient2) {
-  server.registerTool(
-    "list_audit_flags",
-    {
-      title: "List project audit flags",
-      description: "Lists audit flags the nightly cron has raised for a project. Each entry pairs the flag (id, severity, evidence, entity it points at, first/last seen, occurrence count, dismissed-by/reason if applicable) with its catalog entry (human-readable title + description + rule type). Default status='open'; pass 'all' to include resolved + dismissed for context.",
-      inputSchema: {
-        projectId: z5.number().int().positive(),
-        status: z5.enum(FLAG_STATUS_VALUES).optional().describe(
-          "Default 'open'. 'resolved' = fixed (flag no longer tripping on latest run). 'dismissed' = PM marked intentionally accepted. 'all' = every flag ever raised on this project."
-        )
-      }
-    },
-    withClientArgs(getClient2, listAuditFlags)
-  );
-  server.registerTool(
-    "get_audit_catalog",
-    {
-      title: "Get audit catalog",
-      description: "Returns every audit rule the system knows about (code, category, title, description, severity, rubric version). Use this to explain to a PM what a specific flag means, or to enumerate what kinds of things we audit for. Catalog is read-only \u2014 new entries land via migration.",
-      inputSchema: {}
-    },
-    withClient(getClient2, getAuditCatalog)
-  );
-  server.registerTool(
-    "dismiss_audit_flag",
-    {
-      title: "Dismiss audit flag",
-      description: "Marks an audit flag as intentionally dismissed with a reason. Use when the PM has reviewed the flag and decided it's a false positive, out of scope, or an accepted trade-off. The reason is stored on the flag + visible in the audit trail; dismissals show up again the next time the flag re-fires unless the underlying rule is retired. This is a write \u2014 confirm with the PM before calling.",
-      inputSchema: {
-        flagId: z5.string().uuid(),
-        reason: z5.string().min(1).describe(
-          "Why this flag is being dismissed. Stored verbatim and shown in the audit trail."
-        )
-      }
-    },
-    withClientArgs(getClient2, dismissAuditFlag)
-  );
   server.registerTool(
     "run_project_audit",
     {
       title: "Run project audit now",
-      description: "Triggers an immediate audit run for a single project (same checks the nightly cron performs). Returns {fired, resolved, checkErrors}: how many new flags raised, how many existing flags cleared, and any per-check errors. Useful after a PM fixes something and wants to verify it cleared without waiting for tomorrow's cron.",
+      description: "Triggers an immediate audit run for a single project. Refreshes the cache tables that drive the SDK rule engine (in-progress staleness, PM comment presence) and runs the inactive-codes sweep over any legacy open flag rows. Returns {fired, resolved, checkErrors}. Useful after a PM fixes something and wants the next dashboard load to reflect it without waiting for tomorrow's nightly cron.",
       inputSchema: {
         projectId: z5.number().int().positive()
       }
@@ -4804,7 +4829,7 @@ function registerBoardAuditTools(server, getClient2) {
     "get_board_audit_catalog",
     {
       title: "Get board-audit catalog",
-      description: "Returns every board-audit rule the system knows about (code, category, title, description, severity). Complements `get_audit_catalog` (which is for project-level flags); this one covers ticket-tracker hygiene checks.",
+      description: "Returns every board-audit rule the system knows about (code, category, title, description, severity). Covers ticket-tracker hygiene checks (story quality, workflow correctness); project-level health rules live in the SDK rule engine and surface via `get_project_health`.",
       inputSchema: {}
     },
     withClient(getClient2, getBoardAuditCatalog)
@@ -4841,7 +4866,7 @@ function registerPortfolioStatusTools(server, getClient2) {
     "get_my_portfolio_status",
     {
       title: "Get my portfolio status",
-      description: "Cross-project ranked answer to 'where do I focus next?'. Returns one entry per project the caller can see, sorted by urgency desc. Each entry includes: 0\u2013100 health score (same formula as the dashboard cards), open audit-flag counts grouped by severity (critical/high/medium/low), up to 3 short topAttentionReasons derived from the highest-severity open flags, latest plan score across the project's repos, and the most recent audit timestamp. Default scope is the caller's own projects; managers can pass `pmEmail` to view another PM's portfolio or omit it to see the org-wide top `limit` projects (default 10). Use this for 'how is my portfolio doing?' and 'which project of <person>'s needs help?' questions \u2014 it pulls in one tool call what would otherwise be `list_projects` + N \xD7 `get_project_health` + N \xD7 `list_audit_flags`.",
+      description: "Cross-project ranked answer to 'where do I focus next?'. Returns one entry per project the caller can see, sorted by urgency desc. Each entry includes: 0\u2013100 health score (same formula as the dashboard cards), open-issue counts grouped by severity (critical/high/medium/low) from the SDK rule engine, up to 3 short topAttentionReasons derived from the highest-severity open issues, latest plan score across the project's repos, and the most recent audit timestamp. Default scope is the caller's own projects; managers can pass `pmEmail` to view another PM's portfolio or omit it to see the org-wide top `limit` projects (default 10). Use this for 'how is my portfolio doing?' and 'which project of <person>'s needs help?' questions \u2014 it pulls in one tool call what would otherwise be `list_projects` + N \xD7 `get_project_health`.",
       inputSchema: {
         pmEmail: z9.string().email().optional().describe(
           "Manager-only override. When set, scopes the response to that PM's projects. Non-managers may only set this to their own email; any other value returns 403."

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meltstudio/meltctl",
-  "version": "4.150.0",
+  "version": "4.151.0",
   "description": "AI-first development tools for teams - set up AGENTS.md, Claude Code, Cursor, and OpenCode standards",
   "main": "dist/index.js",
   "type": "module",