@meltstudio/meltctl 4.192.0 → 4.193.0

package/dist/index.js

@@ -14,7 +14,7 @@ var CLI_VERSION;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
-    CLI_VERSION = "4.192.0";
+    CLI_VERSION = "4.193.0";
   }
 });
 
@@ -723,10 +723,6 @@ function createFindingsResource(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
-      if (filters?.personEmail)
-        params.set("personEmail", filters.personEmail);
-      if (filters?.scope)
-        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -788,20 +784,6 @@ function createFindingsResource(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
-    },
-    /**
-     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
-     * non-manager callers get an empty array (the server enforces).
-     */
-    async getStatsByPerson() {
-      const { data, status } = await apiFetch(config, "/findings/stats/by-person");
-      if (status === 403)
-        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
-      if (status !== 200) {
-        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
-        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
-      }
-      return data;
     }
   };
 }
@@ -1531,6 +1513,67 @@ function createEndpointChecksResource(config) {
   };
 }
 
+// ../sdk/dist/resources/profile-audits.js
+function createProfileAuditsResource(config) {
+  return {
+    async list(filters) {
+      const params = new URLSearchParams();
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.status)
+        params.set("status", filters.status);
+      if (filters?.severity)
+        params.set("severity", filters.severity);
+      if (filters?.checkCode)
+        params.set("checkCode", filters.checkCode);
+      if (filters?.limit)
+        params.set("limit", String(filters.limit));
+      const query = params.toString();
+      const path9 = `/profile-audits${query ? `?${query}` : ""}`;
+      const { data, status } = await apiFetch(config, path9);
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can list profile audits.");
+      if (status !== 200)
+        throw new Error(data.error ?? `Failed to list profile audits (${status})`);
+      return data;
+    },
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch(config, "/profile-audits/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch profile audit stats (${status})`);
+      }
+      return data;
+    },
+    /** Read whether the on-demand "Run audit" button is currently
+     *  clickable, along with the last-run timestamp + cooldown window
+     *  the dashboard renders. Manager-only. */
+    async getRunStatus() {
+      const { data, status } = await apiFetch(config, "/profile-audits/status");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can read profile audit status.");
+      if (status !== 200)
+        throw new Error(data.error ?? `Failed to fetch profile audit status (${status})`);
+      return data;
+    },
+    /** Enqueue a one-off profile audit run. Returns the new job id +
+     *  the refreshed status (so the button can flip to disabled on the
+     *  client without waiting for a re-fetch). Resolves with the
+     *  cooldown / in-flight payload on 429 so the dashboard can render
+     *  the same disabled-with-reason UI without a special error path. */
+    async runNow() {
+      const { data, status } = await apiFetch(config, "/profile-audits/run", { method: "POST" });
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can run profile audits.");
+      if (status !== 202 && status !== 429)
+        throw new Error(data.error ?? `Failed to start profile audit (${status})`);
+      return data;
+    }
+  };
+}
+
 // ../sdk/dist/client.js
 async function apiFetch(config, path9, options = {}) {
   const response = await fetch(`${config.baseUrl}${path9}`, {
@@ -1565,7 +1608,8 @@ function createMeltClient(config) {
     chat: createChatResource(config),
     me: createMeResource(config),
     developers: createDevelopersResource(config),
-    endpointChecks: createEndpointChecksResource(config)
+    endpointChecks: createEndpointChecksResource(config),
+    profileAudits: createProfileAuditsResource(config)
   };
 }
 
@@ -1573,13 +1617,7 @@ function createMeltClient(config) {
 import { z } from "zod";
 var auditFindingSchema = z.object({
   id: z.string(),
-  // Discriminator added with #419. 'project' is the original code/security/UX
-  // shape — repository set, personEmail null. 'person' is the employee-profile
-  // shape — personEmail set, repository null. Existing consumers can still
-  // treat repository as the primary identity; the field is nullable now.
-  scope: z.enum(["project", "person"]),
-  repository: z.string().nullable(),
-  personEmail: z.string().nullable(),
+  repository: z.string(),
   project: z.string(),
   auditType: z.string(),
   catalogCode: z.string().nullable(),
@@ -1631,12 +1669,6 @@ var findingsStatsSchema = z.object({
 });
 var findingsListFiltersSchema = z.object({
   repository: z.string().optional(),
-  // #419: filter to one employee's profile findings. Manager-only on the
-  // server; non-manager callers passing this get an empty result.
-  personEmail: z.string().optional(),
-  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
-  // managers cannot see scope='person' rows regardless of this value.
-  scope: z.enum(["project", "person"]).optional(),
   status: z.string().optional(),
   severity: z.string().optional(),
   effort: z.string().optional(),
@@ -1652,14 +1684,6 @@ var findingsStatsByRepositoryEntrySchema = findingsStatsSchema.extend({
   repository: z.string()
 });
 var findingsStatsByRepositorySchema = z.array(findingsStatsByRepositoryEntrySchema);
-var findingsStatsByPersonEntrySchema = z.object({
-  personEmail: z.string(),
-  personName: z.string().nullable(),
-  open: z.number(),
-  worstSeverity: z.enum(["critical", "high", "medium", "low"]).nullable(),
-  lastAuditedAt: z.string().nullable()
-});
-var findingsStatsByPersonSchema = z.array(findingsStatsByPersonEntrySchema);
 var extractionResultSchema = z.object({
   auditId: z.string(),
   findingsExtracted: z.number(),
@@ -4004,10 +4028,6 @@ function createFindingsResource2(config) {
       const params = new URLSearchParams();
       if (filters?.repository)
         params.set("repository", filters.repository);
-      if (filters?.personEmail)
-        params.set("personEmail", filters.personEmail);
-      if (filters?.scope)
-        params.set("scope", filters.scope);
       if (filters?.status)
         params.set("status", filters.status);
       if (filters?.severity)
@@ -4069,20 +4089,6 @@ function createFindingsResource2(config) {
         throw new Error(errMessage ?? `Failed to fetch findings stats (${status})`);
       }
       return data;
-    },
-    /**
-     * #419: per-person rollup for the /findings "By Person" tab. Manager-only;
-     * non-manager callers get an empty array (the server enforces).
-     */
-    async getStatsByPerson() {
-      const { data, status } = await apiFetch2(config, "/findings/stats/by-person");
-      if (status === 403)
-        throw new Error("Access denied. Only Team Managers can view profile-audit stats.");
-      if (status !== 200) {
-        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
-        throw new Error(errMessage ?? `Failed to fetch findings-by-person stats (${status})`);
-      }
-      return data;
     }
   };
 }
@@ -4793,6 +4799,65 @@ function createEndpointChecksResource2(config) {
     }
   };
 }
+function createProfileAuditsResource2(config) {
+  return {
+    async list(filters) {
+      const params = new URLSearchParams();
+      if (filters?.personEmail)
+        params.set("personEmail", filters.personEmail);
+      if (filters?.status)
+        params.set("status", filters.status);
+      if (filters?.severity)
+        params.set("severity", filters.severity);
+      if (filters?.checkCode)
+        params.set("checkCode", filters.checkCode);
+      if (filters?.limit)
+        params.set("limit", String(filters.limit));
+      const query = params.toString();
+      const path22 = `/profile-audits${query ? `?${query}` : ""}`;
+      const { data, status } = await apiFetch2(config, path22);
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can list profile audits.");
+      if (status !== 200)
+        throw new Error(data.error ?? `Failed to list profile audits (${status})`);
+      return data;
+    },
+    async getStatsByPerson() {
+      const { data, status } = await apiFetch2(config, "/profile-audits/stats/by-person");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can view profile audit stats.");
+      if (status !== 200) {
+        const errMessage = data && typeof data === "object" && "error" in data ? data.error : void 0;
+        throw new Error(errMessage ?? `Failed to fetch profile audit stats (${status})`);
+      }
+      return data;
+    },
+    /** Read whether the on-demand "Run audit" button is currently
+     *  clickable, along with the last-run timestamp + cooldown window
+     *  the dashboard renders. Manager-only. */
+    async getRunStatus() {
+      const { data, status } = await apiFetch2(config, "/profile-audits/status");
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can read profile audit status.");
+      if (status !== 200)
+        throw new Error(data.error ?? `Failed to fetch profile audit status (${status})`);
+      return data;
+    },
+    /** Enqueue a one-off profile audit run. Returns the new job id +
+     *  the refreshed status (so the button can flip to disabled on the
+     *  client without waiting for a re-fetch). Resolves with the
+     *  cooldown / in-flight payload on 429 so the dashboard can render
+     *  the same disabled-with-reason UI without a special error path. */
+    async runNow() {
+      const { data, status } = await apiFetch2(config, "/profile-audits/run", { method: "POST" });
+      if (status === 403)
+        throw new Error("Access denied. Only Team Managers can run profile audits.");
+      if (status !== 202 && status !== 429)
+        throw new Error(data.error ?? `Failed to start profile audit (${status})`);
+      return data;
+    }
+  };
+}
 async function apiFetch2(config, path22, options = {}) {
   const response = await fetch(`${config.baseUrl}${path22}`, {
     ...options,
@@ -4826,18 +4891,13 @@ function createMeltClient2(config) {
     chat: createChatResource2(config),
     me: createMeResource2(config),
     developers: createDevelopersResource2(config),
-    endpointChecks: createEndpointChecksResource2(config)
+    endpointChecks: createEndpointChecksResource2(config),
+    profileAudits: createProfileAuditsResource2(config)
   };
 }
 var auditFindingSchema2 = z2.object({
   id: z2.string(),
-  // Discriminator added with #419. 'project' is the original code/security/UX
-  // shape — repository set, personEmail null. 'person' is the employee-profile
-  // shape — personEmail set, repository null. Existing consumers can still
-  // treat repository as the primary identity; the field is nullable now.
-  scope: z2.enum(["project", "person"]),
-  repository: z2.string().nullable(),
-  personEmail: z2.string().nullable(),
+  repository: z2.string(),
   project: z2.string(),
   auditType: z2.string(),
   catalogCode: z2.string().nullable(),
@@ -4889,12 +4949,6 @@ var findingsStatsSchema2 = z2.object({
 });
 var findingsListFiltersSchema2 = z2.object({
   repository: z2.string().optional(),
-  // #419: filter to one employee's profile findings. Manager-only on the
-  // server; non-manager callers passing this get an empty result.
-  personEmail: z2.string().optional(),
-  // #419: 'project' | 'person'. Defaults to no filter when absent. Non-
-  // managers cannot see scope='person' rows regardless of this value.
-  scope: z2.enum(["project", "person"]).optional(),
   status: z2.string().optional(),
   severity: z2.string().optional(),
   effort: z2.string().optional(),
@@ -4910,14 +4964,6 @@ var findingsStatsByRepositoryEntrySchema2 = findingsStatsSchema2.extend({
   repository: z2.string()
 });
 var findingsStatsByRepositorySchema2 = z2.array(findingsStatsByRepositoryEntrySchema2);
-var findingsStatsByPersonEntrySchema2 = z2.object({
-  personEmail: z2.string(),
-  personName: z2.string().nullable(),
-  open: z2.number(),
-  worstSeverity: z2.enum(["critical", "high", "medium", "low"]).nullable(),
-  lastAuditedAt: z2.string().nullable()
-});
-var findingsStatsByPersonSchema2 = z2.array(findingsStatsByPersonEntrySchema2);
 var extractionResultSchema2 = z2.object({
   auditId: z2.string(),
   findingsExtracted: z2.number(),
@@ -5979,14 +6025,10 @@ async function listFindings(client, input3 = {}) {
 var listFindingsInputSchema = z10.object({
   projectId: z10.number().int().positive().optional(),
   repository: z10.string().optional(),
-  // #419: filter to one employee's profile-audit findings. Manager-gated
-  // server-side; non-manager callers get an empty result.
-  personEmail: z10.string().email().optional(),
-  scope: z10.enum(["project", "person"]).optional(),
   status: z10.enum(["pass", "warning", "missing", "na"]).optional(),
   severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
   effort: z10.enum(["low", "medium", "high", "unknown"]).optional(),
-  auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional(),
+  auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
   limit: z10.number().int().positive().max(500).optional()
 });
 function registerFindingsTools(server, getClient2) {
@@ -5994,24 +6036,16 @@ function registerFindingsTools(server, getClient2) {
     "list_findings",
     {
       title: "List audit findings",
-      description: "Lists code/security/UX audit findings, plus the People-Ops-facing Notion employee-profile audit (auditType='profile-audit', personEmail-keyed, manager-only). Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository (project-scoped) or personEmail (person-scoped), and evidence (file/symbol or sentence) so you can see exactly what to fix. Filter by projectId, repository, personEmail, scope, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Profile-audit findings are filtered out for non-manager callers regardless of filters \u2014 they carry sensitive employee context. Read-only.",
+      description: "Lists code/security/UX audit findings. Each finding carries its check code, category, status (pass/warning/missing/na), severity (critical/high/medium/low), effort (low/medium/high \u2014 how much work the fix is, independent of severity), repository, and evidence (file/symbol) so you can see exactly what to fix. Filter by projectId, repository, status, severity, effort, or auditType. Results are ordered worst-first (missing > warning, then critical > high > \u2026). Use this to answer 'what's open on the app I'm working on?' \u2014 pass status='missing' or severity='critical' to focus on what matters, or effort='low' with severity='high'/'critical' to find cheap high-leverage wins. Read-only and open to any @meltstudio.co user.",
       inputSchema: {
         projectId: z10.number().int().positive().optional().describe("Strapi project id \u2014 scopes findings to that project\u2019s repos."),
         repository: z10.string().optional().describe("Full repo slug, e.g. 'MeltStudio/atlas-api'. Scopes to a single repo."),
-        personEmail: z10.string().email().optional().describe(
-          "Scopes to one employee's profile-audit findings (#419). Manager-only \u2014 non-manager callers get an empty result."
-        ),
-        scope: z10.enum(["project", "person"]).optional().describe(
-          "Filter by scope. 'project' = repo-scoped findings; 'person' = employee profile audits (manager-only)."
-        ),
         status: z10.enum(["pass", "warning", "missing", "na"]).optional().describe("Filter by check status. 'missing' = the check failed outright."),
         severity: z10.enum(["critical", "high", "medium", "low"]).optional(),
         effort: z10.enum(["low", "medium", "high", "unknown"]).optional().describe(
           "Remediation effort. Combine effort=low with a high severity to find quick wins. 'unknown' = pass/na or not yet rated."
         ),
-        auditType: z10.enum(["audit", "ux-audit", "security-audit", "profile-audit"]).optional().describe(
-          "'audit' = tech, 'ux-audit' = UX, 'security-audit' = security, 'profile-audit' = employee Notion profile (manager-only)."
-        ),
+        auditType: z10.enum(["audit", "ux-audit", "security-audit"]).optional(),
         limit: z10.number().int().positive().max(500).optional()
       }
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meltstudio/meltctl",
-  "version": "4.192.0",
+  "version": "4.193.0",
   "description": "AI-first development tools for teams - set up AGENTS.md, Claude Code, Cursor, and OpenCode standards",
   "main": "dist/index.js",
   "type": "module",