@meltstudio/meltctl 4.190.0 → 4.192.0

package/dist/index.js

@@ -14,7 +14,7 @@ var CLI_VERSION;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
-    CLI_VERSION = "4.190.0";
+    CLI_VERSION = "4.192.0";
   }
 });
 
@@ -723,6 +723,10 @@ function createFindingsResource(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.scope)
+        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -784,6 +788,20 @@ function createFindingsResource(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
+    },
+    /**
+     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
+     * non-manager callers get an empty array (the server enforces).
+     */
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch(config, "/findings/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
+      }
+      return data;
     }
   };
 }
@@ -1179,9 +1197,16 @@ function createPmResource(config) {
      * findings, board health, plan recency, activity, standup compliance,
      * tickets) into a single response. Powers the `get_project_health`
      * MCP tool.
+     *
+     * Pass `{ expandFindings: true }` to also receive `findingIssues`: the
+     * project's open `audit_findings` rendered as per-finding `HealthIssue`s
+     * for the project page's unified Issues section (#460/#461). The flag is
+     * opt-in so MCP tool calls keep their lean shape and findings-heavy
+     * projects don't blow up agent token budgets.
      */
-    async getProjectHealth(projectId) {
-      const res = await apiFetch(config, `/pm/project-health/${projectId}`);
+    async getProjectHealth(projectId, options) {
+      const query = options?.expandFindings ? "?expandFindings=1" : "";
+      const res = await apiFetch(config, `/pm/project-health/${projectId}${query}`);
       return unwrap("get project health", res);
     },
     // ─── Detailed risks (per-project + cross-project) ────────────────────
@@ -1548,7 +1573,13 @@ function createMeltClient(config) {
 import { z } from "zod";
 var auditFindingSchema = z.object({
   id: z.string(),
-  repository: z.string(),
+  // Discriminator added with #419. 'project' is the original code/security/UX
+  // shape — repository set, personEmail null. 'person' is the employee-profile
+  // shape — personEmail set, repository null. Existing consumers can still
+  // treat repository as the primary identity; the field is nullable now.
+  scope: z.enum(["project", "person"]),
+  repository: z.string().nullable(),
+  personEmail: z.string().nullable(),
   project: z.string(),
   auditType: z.string(),
   catalogCode: z.string().nullable(),
@@ -1600,6 +1631,12 @@ var findingsStatsSchema = z.object({
 });
 var findingsListFiltersSchema = z.object({
   repository: z.string().optional(),
+  // #419: filter to one employee's profile findings. Manager-only on the
+  // server; non-manager callers passing this get an empty result.
+  personEmail: z.string().optional(),
+  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
+  // managers cannot see scope='person' rows regardless of this value.
+  scope: z.enum(["project", "person"]).optional(),
   status: z.string().optional(),
   severity: z.string().optional(),
   effort: z.string().optional(),
@@ -1615,6 +1652,14 @@ var findingsStatsByRepositoryEntrySchema = findingsStatsSchema.extend({
   repository: z.string()
 });
 var findingsStatsByRepositorySchema = z.array(findingsStatsByRepositoryEntrySchema);
+var findingsStatsByPersonEntrySchema = z.object({
+  personEmail: z.string(),
+  personName: z.string().nullable(),
+  open: z.number(),
+  worstSeverity: z.enum(["critical", "high", "medium", "low"]).nullable(),
+  lastAuditedAt: z.string().nullable()
+});
+var findingsStatsByPersonSchema = z.array(findingsStatsByPersonEntrySchema);
 var extractionResultSchema = z.object({
   auditId: z.string(),
   findingsExtracted: z.number(),
@@ -3959,6 +4004,10 @@ function createFindingsResource2(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.scope)
+        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -4020,6 +4069,20 @@ function createFindingsResource2(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
+    },
+    /**
+     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
+     * non-manager callers get an empty array (the server enforces).
+     */
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch2(config, "/findings/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
+      }
+      return data;
     }
   };
 }
@@ -4409,9 +4472,16 @@ function createPmResource2(config) {
      * findings, board health, plan recency, activity, standup compliance,
      * tickets) into a single response. Powers the `get_project_health`
      * MCP tool.
+     *
+     * Pass `{ expandFindings: true }` to also receive `findingIssues`: the
+     * project's open `audit_findings` rendered as per-finding `HealthIssue`s
+     * for the project page's unified Issues section (#460/#461). The flag is
+     * opt-in so MCP tool calls keep their lean shape and findings-heavy
+     * projects don't blow up agent token budgets.
      */
-    async getProjectHealth(projectId) {
-      const res = await apiFetch2(config, `/pm/project-health/${projectId}`);
+    async getProjectHealth(projectId, options) {
+      const query = options?.expandFindings ? "?expandFindings=1" : "";
+      const res = await apiFetch2(config, `/pm/project-health/${projectId}${query}`);
       return unwrap2("get project health", res);
     },
     // ─── Detailed risks (per-project + cross-project) ────────────────────
@@ -4761,7 +4831,13 @@ function createMeltClient2(config) {
 }
 var auditFindingSchema2 = z2.object({
   id: z2.string(),
-  repository: z2.string(),
+  // Discriminator added with #419. 'project' is the original code/security/UX
+  // shape — repository set, personEmail null. 'person' is the employee-profile
+  // shape — personEmail set, repository null. Existing consumers can still
+  // treat repository as the primary identity; the field is nullable now.
+  scope: z2.enum(["project", "person"]),
+  repository: z2.string().nullable(),
+  personEmail: z2.string().nullable(),
   project: z2.string(),
   auditType: z2.string(),
   catalogCode: z2.string().nullable(),
@@ -4813,6 +4889,12 @@ var findingsStatsSchema2 = z2.object({
 });
 var findingsListFiltersSchema2 = z2.object({
   repository: z2.string().optional(),
+  // #419: filter to one employee's profile findings. Manager-only on the
+  // server; non-manager callers passing this get an empty result.
+  personEmail: z2.string().optional(),
+  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
+  // managers cannot see scope='person' rows regardless of this value.
+  scope: z2.enum(["project", "person"]).optional(),
   status: z2.string().optional(),
   severity: z2.string().optional(),
   effort: z2.string().optional(),
@@ -4828,6 +4910,14 @@ var findingsStatsByRepositoryEntrySchema2 = findingsStatsSchema2.extend({
   repository: z2.string()
 });
 var findingsStatsByRepositorySchema2 = z2.array(findingsStatsByRepositoryEntrySchema2);
+var findingsStatsByPersonEntrySchema2 = z2.object({
+  personEmail: z2.string(),
+  personName: z2.string().nullable(),
+  open: z2.number(),
+  worstSeverity: z2.enum(["critical", "high", "medium", "low"]).nullable(),
+  lastAuditedAt: z2.string().nullable()
+});
+var findingsStatsByPersonSchema2 = z2.array(findingsStatsByPersonEntrySchema2);
 var extractionResultSchema2 = z2.object({
   auditId: z2.string(),
   findingsExtracted: z2.number(),
@@ -5889,10 +5979,14 @@ async function listFindings(client, input3 = {}) {
 var listFindingsInputSchema = z10.object({
   projectId: z10.number().int().positive().optional(),
   repository: z10.string().optional(),
+  // #419: filter to one employee's profile-audit findings. Manager-gated
+  // server-side; non-manager callers get an empty result.
+  personEmail: z10.string().email().optional(),
+  scope: z10.enum(["project", "person"]).optional(),
   status: z10.enum(["pass", "warning", "missing", "na"]).optional(),
   severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
   effort: z10.enum(["low", "medium", "high", "unknown"]).optional(),
-  auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
+  auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional(),
   limit: z10.number().int().positive().max(500).optional()
 });
 function registerFindingsTools(server, getClient2) {
@@ -5900,16 +5994,24 @@ function registerFindingsTools(server, getClient2) {
     "list_findings",
     {
       title: "List audit findings",
-      description: "Lists code/security/UX audit findings. Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository, and evidence (file/symbol) so you can see exactly what to fix. Filter by projectId, repository, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Use this to answer 'what's open on the app I'm working on?' \u2014 pass status='missing' or severity='critical' to focus on what matters, or effort='low' with severity='high'/'critical' to find cheap high-leverage wins. Read-only and open to any @meltstudio.co user.",
+      description: "Lists code/security/UX audit findings, plus the People-Ops-facing Notion employee-profile audit (auditType='profile-audit', personEmail-keyed, manager-only). Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository (project-scoped) or personEmail (person-scoped), and evidence (file/symbol or sentence) so you can see exactly what to fix. Filter by projectId, repository, personEmail, scope, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Profile-audit findings are filtered out for non-manager callers regardless of filters \u2014 they carry sensitive employee context. Read-only.",
       inputSchema: {
         projectId: z10.number().int().positive().optional().describe("Strapi project id \u2014 scopes findings to that project\u2019s repos."),
         repository: z10.string().optional().describe("Full repo slug, e.g. 'MeltStudio/atlas-api'. Scopes to a single repo."),
+        personEmail: z10.string().email().optional().describe(
+          "Scopes to one employee's profile-audit findings (#419). Manager-only \u2014 non-manager callers get an empty result."
+        ),
+        scope: z10.enum(["project", "person"]).optional().describe(
+          "Filter by scope. 'project' = repo-scoped findings; 'person' = employee profile audits (manager-only)."
+        ),
         status: z10.enum(["pass", "warning", "missing", "na"]).optional().describe("Filter by check status. 'missing' = the check failed outright."),
         severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
         effort: z10.enum(["low", "medium", "high", "unknown"]).optional().describe(
           "Remediation effort. Combine effort=low with a high severity to find quick wins. 'unknown' = pass/na or not yet rated."
         ),
-        auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
+        auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional().describe(
+          "'audit' = tech, 'ux-audit' = UX, 'security-audit' = security, 'profile-audit' = employee Notion profile (manager-only)."
+        ),
         limit: z10.number().int().positive().max(500).optional()
       }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meltstudio/meltctl",
-  "version": "4.190.0",
+  "version": "4.192.0",
   "description": "AI-first development tools for teams - set up AGENTS.md, Claude Code, Cursor, and OpenCode standards",
   "main": "dist/index.js",
   "type": "module",