npm - @meltstudio/meltctl - Versions diffs - 4.191.0 → 4.192.0 - Mend

@meltstudio/meltctl 4.191.0 → 4.192.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +94 -6
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -14,7 +14,7 @@ var CLI_VERSION;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
-    CLI_VERSION = "4.191.0";
+    CLI_VERSION = "4.192.0";
   }
 });
@@ -723,6 +723,10 @@ function createFindingsResource(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.scope)
+        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -784,6 +788,20 @@ function createFindingsResource(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
+    },
+    /**
+     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
+     * non-manager callers get an empty array (the server enforces).
+     */
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch(config, "/findings/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
+      }
+      return data;
     }
   };
 }
@@ -1555,7 +1573,13 @@ function createMeltClient(config) {
 import { z } from "zod";
 var auditFindingSchema = z.object({
   id: z.string(),
-  repository: z.string(),
+  // Discriminator added with #419. 'project' is the original code/security/UX
+  // shape — repository set, personEmail null. 'person' is the employee-profile
+  // shape — personEmail set, repository null. Existing consumers can still
+  // treat repository as the primary identity; the field is nullable now.
+  scope: z.enum(["project", "person"]),
+  repository: z.string().nullable(),
+  personEmail: z.string().nullable(),
   project: z.string(),
   auditType: z.string(),
   catalogCode: z.string().nullable(),
@@ -1607,6 +1631,12 @@ var findingsStatsSchema = z.object({
 });
 var findingsListFiltersSchema = z.object({
   repository: z.string().optional(),
+  // #419: filter to one employee's profile findings. Manager-only on the
+  // server; non-manager callers passing this get an empty result.
+  personEmail: z.string().optional(),
+  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
+  // managers cannot see scope='person' rows regardless of this value.
+  scope: z.enum(["project", "person"]).optional(),
   status: z.string().optional(),
   severity: z.string().optional(),
   effort: z.string().optional(),
@@ -1622,6 +1652,14 @@ var findingsStatsByRepositoryEntrySchema = findingsStatsSchema.extend({
   repository: z.string()
 });
 var findingsStatsByRepositorySchema = z.array(findingsStatsByRepositoryEntrySchema);
+var findingsStatsByPersonEntrySchema = z.object({
+  personEmail: z.string(),
+  personName: z.string().nullable(),
+  open: z.number(),
+  worstSeverity: z.enum(["critical", "high", "medium", "low"]).nullable(),
+  lastAuditedAt: z.string().nullable()
+});
+var findingsStatsByPersonSchema = z.array(findingsStatsByPersonEntrySchema);
 var extractionResultSchema = z.object({
   auditId: z.string(),
   findingsExtracted: z.number(),
@@ -3966,6 +4004,10 @@ function createFindingsResource2(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.scope)
+        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -4027,6 +4069,20 @@ function createFindingsResource2(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
+    },
+    /**
+     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
+     * non-manager callers get an empty array (the server enforces).
+     */
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch2(config, "/findings/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
+      }
+      return data;
     }
   };
 }
@@ -4775,7 +4831,13 @@ function createMeltClient2(config) {
 }
 var auditFindingSchema2 = z2.object({
   id: z2.string(),
-  repository: z2.string(),
+  // Discriminator added with #419. 'project' is the original code/security/UX
+  // shape — repository set, personEmail null. 'person' is the employee-profile
+  // shape — personEmail set, repository null. Existing consumers can still
+  // treat repository as the primary identity; the field is nullable now.
+  scope: z2.enum(["project", "person"]),
+  repository: z2.string().nullable(),
+  personEmail: z2.string().nullable(),
   project: z2.string(),
   auditType: z2.string(),
   catalogCode: z2.string().nullable(),
@@ -4827,6 +4889,12 @@ var findingsStatsSchema2 = z2.object({
 });
 var findingsListFiltersSchema2 = z2.object({
   repository: z2.string().optional(),
+  // #419: filter to one employee's profile findings. Manager-only on the
+  // server; non-manager callers passing this get an empty result.
+  personEmail: z2.string().optional(),
+  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
+  // managers cannot see scope='person' rows regardless of this value.
+  scope: z2.enum(["project", "person"]).optional(),
   status: z2.string().optional(),
   severity: z2.string().optional(),
   effort: z2.string().optional(),
@@ -4842,6 +4910,14 @@ var findingsStatsByRepositoryEntrySchema2 = findingsStatsSchema2.extend({
   repository: z2.string()
 });
 var findingsStatsByRepositorySchema2 = z2.array(findingsStatsByRepositoryEntrySchema2);
+var findingsStatsByPersonEntrySchema2 = z2.object({
+  personEmail: z2.string(),
+  personName: z2.string().nullable(),
+  open: z2.number(),
+  worstSeverity: z2.enum(["critical", "high", "medium", "low"]).nullable(),
+  lastAuditedAt: z2.string().nullable()
+});
+var findingsStatsByPersonSchema2 = z2.array(findingsStatsByPersonEntrySchema2);
 var extractionResultSchema2 = z2.object({
   auditId: z2.string(),
   findingsExtracted: z2.number(),
@@ -5903,10 +5979,14 @@ async function listFindings(client, input3 = {}) {
 var listFindingsInputSchema = z10.object({
   projectId: z10.number().int().positive().optional(),
   repository: z10.string().optional(),
+  // #419: filter to one employee's profile-audit findings. Manager-gated
+  // server-side; non-manager callers get an empty result.
+  personEmail: z10.string().email().optional(),
+  scope: z10.enum(["project", "person"]).optional(),
   status: z10.enum(["pass", "warning", "missing", "na"]).optional(),
   severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
   effort: z10.enum(["low", "medium", "high", "unknown"]).optional(),
-  auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
+  auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional(),
   limit: z10.number().int().positive().max(500).optional()
 });
 function registerFindingsTools(server, getClient2) {
@@ -5914,16 +5994,24 @@ function registerFindingsTools(server, getClient2) {
     "list_findings",
     {
       title: "List audit findings",
-      description: "Lists code/security/UX audit findings. Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository, and evidence (file/symbol) so you can see exactly what to fix. Filter by projectId, repository, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Use this to answer 'what's open on the app I'm working on?' \u2014 pass status='missing' or severity='critical' to focus on what matters, or effort='low' with severity='high'/'critical' to find cheap high-leverage wins. Read-only and open to any @meltstudio.co user.",
+      description: "Lists code/security/UX audit findings, plus the People-Ops-facing Notion employee-profile audit (auditType='profile-audit', personEmail-keyed, manager-only). Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository (project-scoped) or personEmail (person-scoped), and evidence (file/symbol or sentence) so you can see exactly what to fix. Filter by projectId, repository, personEmail, scope, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Profile-audit findings are filtered out for non-manager callers regardless of filters \u2014 they carry sensitive employee context. Read-only.",
       inputSchema: {
         projectId: z10.number().int().positive().optional().describe("Strapi project id \u2014 scopes findings to that project\u2019s repos."),
         repository: z10.string().optional().describe("Full repo slug, e.g. 'MeltStudio/atlas-api'. Scopes to a single repo."),
+        personEmail: z10.string().email().optional().describe(
+          "Scopes to one employee's profile-audit findings (#419). Manager-only \u2014 non-manager callers get an empty result."
+        ),
+        scope: z10.enum(["project", "person"]).optional().describe(
+          "Filter by scope. 'project' = repo-scoped findings; 'person' = employee profile audits (manager-only)."
+        ),
         status: z10.enum(["pass", "warning", "missing", "na"]).optional().describe("Filter by check status. 'missing' = the check failed outright."),
         severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
         effort: z10.enum(["low", "medium", "high", "unknown"]).optional().describe(
           "Remediation effort. Combine effort=low with a high severity to find quick wins. 'unknown' = pass/na or not yet rated."
         ),
-        auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
+        auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional().describe(
+          "'audit' = tech, 'ux-audit' = UX, 'security-audit' = security, 'profile-audit' = employee Notion profile (manager-only)."
+        ),
         limit: z10.number().int().positive().max(500).optional()
       }
     },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@meltstudio/meltctl",
-  "version": "4.191.0",
+  "version": "4.192.0",
   "description": "AI-first development tools for teams - set up AGENTS.md, Claude Code, Cursor, and OpenCode standards",
   "main": "dist/index.js",
   "type": "module",