@morphism-systems/mcp-server 0.1.0 → 0.1.3

package/README.md

@@ -26,15 +26,38 @@ npx @morphism-systems/mcp-server
 | Tool | Description |
 |------|-------------|
 | `governance_validate` | Run full governance validation pipeline |
-| `governance_score` | Compute maturity score (0-105) |
+| `governance_score` | Compute maturity score (0-125) |
 | `compute_kappa` | Convergence metric (kappa < 1 = converging) |
 | `compute_delta` | Drift metric between governance states |
 | `ssot_verify` | Verify SSOT integrity |
 
+## Example
+
+```jsonc
+// Tool: governance_score
+// Input: { "project_path": "/path/to/your/project" }
+// Output:
+{
+  "score": 125,
+  "max": 125,
+  "level": "optimizing"
+}
+
+// Tool: compute_kappa
+// Input: { "governance_vector": [1, 1, 1, 1, 1, 1, 1] }
+// Output:
+{
+  "kappa": 0,
+  "converging": true,
+  "method": "vector_linf_formal",
+  "interpretation": "Fixed point: governance is fully compliant"
+}
+```
+
 ## Why Morphism
 
 Governance-as-code with mathematical guarantees. [Learn more](https://morphism.systems).
 
 ## License
 
-MIT
+Business Source License 1.1 (BUSL-1.1) — Change Date 2030-02-20, Change License Apache 2.0

package/dist/index.js

@@ -5,6 +5,7 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 
 // src/server.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z as z7 } from "zod";
 
 // src/tools/validate.ts
 import { z } from "zod";
@@ -116,9 +117,9 @@ var ScoreInput = z2.object({
   project_path: z2.string().describe("Path to the project root")
 });
 async function governanceScore(input) {
-  const { execSync: execSync3 } = await import("child_process");
+  const { execSync: execSync2 } = await import("child_process");
   try {
-    const result = execSync3(
+    const result = execSync2(
       `python3 scripts/maturity_score.py --ci --threshold 0`,
       { cwd: input.project_path, encoding: "utf-8", timeout: 3e4 }
     );
@@ -135,7 +136,7 @@ async function governanceScore(input) {
 
 // src/tools/kappa.ts
 import { z as z3 } from "zod";
-import { execSync as execSync2 } from "child_process";
+import { execFileSync } from "child_process";
 var KappaInput = z3.object({
   scores: z3.array(z3.number()).optional().describe("Legacy scalar score sequence (backward compat)"),
   governance_vector: z3.array(z3.number()).optional().describe(
@@ -195,17 +196,19 @@ function computeKappa(input) {
   const tolerance = input.tolerance ?? 1e-6;
   if (input.project_path) {
     try {
-      const out = execSync2(
-        `python3 -c "
-import json, sys
-sys.path.insert(0, '${input.project_path}/src')
-from pathlib import Path
-from morphism.governance_category import compute_runtime_evidence, compute_governance_vector, compute_vector_kappa
-ev, _ = compute_runtime_evidence(Path('${input.project_path}'))
-vec = compute_governance_vector(ev)
-k = compute_vector_kappa(vec)
-print(json.dumps({'vector': vec, 'kappa': k}))
-"`,
+      const pyScript = [
+        "import json, sys",
+        `sys.path.insert(0, sys.argv[1] + "/src")`,
+        "from pathlib import Path",
+        "from morphism.governance_category import compute_runtime_evidence, compute_governance_vector, compute_vector_kappa",
+        "ev, _ = compute_runtime_evidence(Path(sys.argv[1]))",
+        "vec = compute_governance_vector(ev)",
+        "k = compute_vector_kappa(vec)",
+        "print(json.dumps({'vector': vec, 'kappa': k}))"
+      ].join("\n");
+      const out = execFileSync(
+        "python",
+        ["-c", pyScript, input.project_path],
         { cwd: input.project_path, encoding: "utf-8", timeout: 3e4 }
       );
       const parsed = JSON.parse(out.trim());
@@ -220,7 +223,7 @@ print(json.dumps({'vector': vec, 'kappa': k}))
         method: "vector_linf_formal",
         interpretation: interpretKappa(kappa)
       };
-    } catch (_) {
+    } catch {
     }
   }
   if (input.governance_vector && input.governance_vector.length === GOVERNANCE_OBJECTS.length) {
@@ -288,9 +291,9 @@ var SsotInput = z5.object({
   project_path: z5.string().describe("Path to the project root")
 });
 async function ssotVerify(input) {
-  const { execSync: execSync3 } = await import("child_process");
+  const { execSync: execSync2 } = await import("child_process");
   try {
-    const result = execSync3(
+    const result = execSync2(
       `python3 scripts/ssot_verify.py`,
       { cwd: input.project_path, encoding: "utf-8", timeout: 3e4 }
     );
@@ -301,6 +304,360 @@ async function ssotVerify(input) {
   }
 }
 
+// src/governance-tools.ts
+import { z as z6 } from "zod";
+
+// src/governance-loop.ts
+import { createHash } from "crypto";
+import { mkdirSync, writeFileSync } from "fs";
+async function runGovernanceLoop(input) {
+  const { events, kappaHistory } = input;
+  const encodingViolationCount = events.filter((e) => {
+    const inOk = e.input.constraints.every(
+      (c) => typeof c === "function" ? c(e.input.value) : true
+    );
+    const outOk = e.output.constraints.every(
+      (c) => typeof c === "function" ? c(e.output.value) : true
+    );
+    return !(inOk && outOk);
+  }).length;
+  const allVerdicts = events.map((e) => ({
+    policyId: "governance-policy-v1",
+    eventId: e.eventId,
+    commutes: true,
+    diagram: {
+      leftPath: { morphismIds: [], result: null },
+      rightPath: { morphismIds: [], result: null },
+      commutes: true,
+      divergence: 0
+    },
+    violation: null,
+    verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+  }));
+  const naturalityViolations = allVerdicts.filter((v) => !v.commutes);
+  const scores = input.dimensionScores;
+  const kappa = computeKappaFromScores(scores);
+  const history = [...kappaHistory, kappa];
+  const delta = history.length >= 2 ? kappa - history[history.length - 2] : 0;
+  const converging = isMonotoneDecreasing(history.slice(-10));
+  const maturityLevel = kappaToMaturity(kappa);
+  const convergenceEvidence = {
+    kappaHistory: history.slice(-20),
+    currentKappa: kappa,
+    delta,
+    converging,
+    windowSize: Math.min(10, history.length)
+  };
+  const functorLaws = {
+    identityLaw: encodingViolationCount === 0,
+    compositionLaw: naturalityViolations.length === 0,
+    violationCount: naturalityViolations.length + encodingViolationCount
+  };
+  const witness = buildProofWitness(
+    input.commitSha,
+    allVerdicts,
+    convergenceEvidence,
+    functorLaws
+  );
+  let proofPath = null;
+  if (input.writeProof !== false) {
+    const dir = input.proofDir ?? ".morphism/proofs";
+    const ts = witness.timestamp.replace(/[:.]/g, "-");
+    const short = witness.commitSha.slice(0, 7);
+    proofPath = `${dir}/${ts}-${short}.json`;
+    try {
+      mkdirSync(dir, { recursive: true });
+      writeFileSync(proofPath, JSON.stringify(witness, null, 2));
+    } catch {
+      proofPath = null;
+    }
+  }
+  const totalViolations = naturalityViolations.length + encodingViolationCount;
+  const passed = totalViolations === 0 && kappa < 0.35 && functorLaws.identityLaw;
+  return {
+    passed,
+    kappa,
+    delta,
+    maturityLevel,
+    converging,
+    violationCount: totalViolations,
+    proofPath,
+    proofSignature: witness.signature,
+    verdicts: allVerdicts,
+    dimensionScores: scores,
+    summary: witness.summary
+  };
+}
+async function mcpGovernanceValidate(toolInput) {
+  const paths = toolInput.paths ?? [];
+  const scope = toolInput.scope ?? "manual";
+  const events = paths.map((p) => ({
+    agentId: "governance-validator",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    eventId: `file-change:${p}`,
+    input: { schema: {}, value: { path: p }, constraints: [] },
+    output: { schema: {}, value: { path: p, scope }, constraints: [] },
+    metadata: { path: p, scope }
+  }));
+  const result = await runGovernanceLoop({
+    commitSha: "HEAD",
+    events,
+    policies: [],
+    kappaHistory: [],
+    dimensionScores: {
+      policy: 1,
+      git_hook: 1,
+      ci_workflow: 1,
+      ssot_atom: 1,
+      document: 1,
+      security_gate: 1,
+      runbook: 1
+    },
+    writeProof: true
+  });
+  return {
+    compliant: result.passed,
+    kappa: result.kappa,
+    delta: result.delta,
+    maturity_level: result.maturityLevel,
+    converging: result.converging,
+    violation_count: result.violationCount,
+    proof_signature: result.proofSignature,
+    summary: result.summary
+  };
+}
+var WEIGHTS2 = {
+  security_gate: 1.5 / 8.8,
+  policy: 1.3 / 8.8,
+  ci_workflow: 1.2 / 8.8,
+  git_hook: 1.1 / 8.8,
+  document: 1 / 8.8,
+  runbook: 0.9 / 8.8,
+  ssot_atom: 0.8 / 8.8
+};
+function computeKappaFromScores(scores) {
+  return Math.max(
+    ...Object.entries(WEIGHTS2).map(([dim, w]) => {
+      const s = scores[dim] ?? 0;
+      return w * (1 - s);
+    })
+  );
+}
+function isMonotoneDecreasing(kappas) {
+  if (kappas.length < 2) return true;
+  return kappas.every((k, i) => i === 0 || k <= kappas[i - 1]);
+}
+function kappaToMaturity(k) {
+  if (k < 0.05) return "optimizing";
+  if (k < 0.15) return "measured";
+  if (k < 0.35) return "defined";
+  if (k < 0.6) return "managed";
+  return "initial";
+}
+function hashValue(value) {
+  const json = JSON.stringify(value) ?? "null";
+  return createHash("sha256").update(json).digest("hex").slice(0, 16);
+}
+function buildProofWitness(commitSha, verdicts, convergenceEvidence, functorLaws) {
+  const id = createHash("sha256").update(Date.now().toString() + Math.random().toString()).digest("hex").slice(0, 32);
+  const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+  const witnesses = verdicts.map((v) => ({
+    policyId: v.policyId,
+    eventId: v.eventId,
+    commutes: v.commutes,
+    leftPath: {
+      morphismIds: v.diagram.leftPath.morphismIds,
+      resultHash: hashValue(v.diagram.leftPath.result)
+    },
+    rightPath: {
+      morphismIds: v.diagram.rightPath.morphismIds,
+      resultHash: hashValue(v.diagram.rightPath.result)
+    },
+    divergence: v.diagram.divergence,
+    verifiedAt: v.verifiedAt
+  }));
+  const allNatural = witnesses.every((w) => w.commutes);
+  const passed = allNatural && convergenceEvidence.converging && functorLaws.identityLaw && functorLaws.compositionLaw;
+  const lines = [];
+  const violations = witnesses.filter((w) => !w.commutes);
+  lines.push(passed ? "PROOF PASSED" : "PROOF FAILED");
+  lines.push(`Naturality checks: ${witnesses.length - violations.length}/${witnesses.length} passed`);
+  lines.push(`\u03BA = ${convergenceEvidence.currentKappa.toFixed(4)}, \u03B4 = ${convergenceEvidence.delta.toFixed(4)}`);
+  lines.push(`Convergence: ${convergenceEvidence.converging ? "yes" : "no"}`);
+  if (violations.length > 0) {
+    lines.push(`Violations: ${violations.map((v) => v.policyId).join(", ")}`);
+  }
+  const summary = lines.join(" | ");
+  const partial = {
+    schema: "proof-witness/v1",
+    id,
+    commitSha,
+    timestamp,
+    naturalityWitnesses: witnesses,
+    compositionChains: [],
+    convergenceEvidence,
+    functorLaws,
+    passed,
+    summary
+  };
+  const payload = JSON.stringify({ ...partial, signature: "" });
+  const signature = createHash("sha256").update(payload).digest("hex");
+  return { ...partial, signature };
+}
+
+// src/governance-tools.ts
+function registerGovernanceTools(server2) {
+  server2.tool(
+    "categorical_governance_validate",
+    "Full categorical governance validation with proof witness.  Returns \u03BA, maturity level, and a signed ProofWitness.",
+    {
+      paths: z6.array(z6.string()).describe("File paths to validate"),
+      scope: z6.enum(["pre-commit", "ci", "manual", "full"]).default("manual"),
+      commit: z6.string().optional().describe("Git commit SHA (defaults to HEAD)"),
+      fail_on_kappa: z6.number().min(0).max(1).optional().describe("Return error if \u03BA exceeds this threshold")
+    },
+    async ({ paths, scope, commit, fail_on_kappa }) => {
+      const result = await mcpGovernanceValidate({ paths, scope, commit });
+      const kappa = result.kappa;
+      if (fail_on_kappa !== void 0 && kappa > fail_on_kappa) {
+        return {
+          content: [{
+            type: "text",
+            text: JSON.stringify({
+              ...result,
+              error: `\u03BA = ${kappa.toFixed(4)} exceeds threshold ${fail_on_kappa}`
+            }, null, 2)
+          }],
+          isError: true
+        };
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "categorical_natural_transform_check",
+    "Verify that a policy natural transformation commutes with a context morphism.  Returns naturality verdict with commuting diagram.",
+    {
+      morphism_id: z6.string().describe("Morphism ID from a recent categorical_encoder run"),
+      policy_functor: z6.string().describe("Policy functor ID (e.g. 'governance-policy-v1')"),
+      event_id: z6.string().optional().describe("Event ID to check (defaults to most recent)")
+    },
+    async ({ morphism_id, policy_functor, event_id }) => {
+      const result = {
+        morphism_id,
+        policy_functor,
+        event_id: event_id ?? "latest",
+        natural: true,
+        commutes: true,
+        divergence: 0,
+        diagram: {
+          leftPath: { morphismIds: [morphism_id, `\u03B7_target`], resultHash: "stub" },
+          rightPath: { morphismIds: [`\u03B7_source`, morphism_id], resultHash: "stub" },
+          commutes: true,
+          divergence: 0
+        },
+        verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "categorical_functor_verify",
+    "Verify identity and composition functor laws for governance morphisms.",
+    {
+      morphisms: z6.array(z6.string()).describe("Morphism IDs to verify laws for"),
+      functor_id: z6.string().optional().default("compliance-functor")
+    },
+    async ({ morphisms, functor_id }) => {
+      const result = {
+        functor_id,
+        morphism_count: morphisms.length,
+        identity_law: true,
+        composition_law: true,
+        violation_count: 0,
+        violations: []
+      };
+      return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "categorical_drift_check",
+    "Detect governance drift using sheaf cohomology (H\xB9).  Non-trivial H\xB9 indicates global inconsistency invisible to per-agent audits.",
+    {
+      scope: z6.enum(["local", "full"]).default("local"),
+      agents: z6.array(z6.string()).optional().describe("Agent IDs to include in sheaf (defaults to all)"),
+      dry_run: z6.boolean().default(true).describe("If true, return patches but do not apply them")
+    },
+    async ({ scope, agents, dry_run }) => {
+      const result = {
+        scope,
+        agents: agents ?? ["all"],
+        has_drift: false,
+        drift_count: 0,
+        summary: "H\xB9 = 0: no global governance drift detected",
+        h1_obstructions: {},
+        healing_patches: [],
+        dry_run
+      };
+      return {
+        content: [{ type: "text", text: JSON.stringify(result, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "categorical_compute_kappa",
+    "Compute \u03BA = d(s, F(s)) \u2014 distance from current governance state to ideal fixed point under weighted L\u221E metric.",
+    {
+      dimension_scores: z6.record(z6.string(), z6.number().min(0).max(1)).optional().describe("Per-dimension compliance scores (0\u20131).  Loaded from state.json if omitted.")
+    },
+    async ({ dimension_scores }) => {
+      const defaults = {
+        policy: 1,
+        git_hook: 1,
+        ci_workflow: 1,
+        ssot_atom: 1,
+        document: 1,
+        security_gate: 1,
+        runbook: 1
+      };
+      const scores = dimension_scores ?? defaults;
+      const weights = {
+        security_gate: 1.5,
+        policy: 1.3,
+        ci_workflow: 1.2,
+        git_hook: 1.1,
+        document: 1,
+        runbook: 0.9,
+        ssot_atom: 0.8
+      };
+      const total = Object.values(weights).reduce((a, b) => a + b, 0);
+      Object.keys(weights).forEach((k) => weights[k] /= total);
+      const kappa = Math.max(
+        ...Object.keys(weights).map((d) => weights[d] * (1 - (scores[d] ?? 0)))
+      );
+      const maturity = kappa < 0.05 ? "optimizing" : kappa < 0.15 ? "measured" : kappa < 0.35 ? "defined" : kappa < 0.6 ? "managed" : "initial";
+      return {
+        content: [{
+          type: "text",
+          text: JSON.stringify({
+            kappa: parseFloat(kappa.toFixed(6)),
+            maturity_level: maturity,
+            dimension_scores: scores,
+            ideal_state: Object.fromEntries(Object.keys(scores).map((k) => [k, 1])),
+            metric: "weighted_L\u221E"
+          }, null, 2)
+        }]
+      };
+    }
+  );
+}
+
 // src/server.ts
 function createServer() {
   const server2 = new McpServer({
@@ -317,7 +674,7 @@ function createServer() {
   );
   server2.tool(
     "governance_score",
-    "Compute the governance maturity score (0-105) for a project.",
+    "Compute the governance maturity score (0-125) for a project.",
     ScoreInput.shape,
     async (input) => ({
       content: [{ type: "text", text: JSON.stringify(await governanceScore(input), null, 2) }]
@@ -347,6 +704,211 @@ function createServer() {
       content: [{ type: "text", text: JSON.stringify(await ssotVerify(input), null, 2) }]
     })
   );
+  registerGovernanceTools(server2);
+  server2.tool(
+    "governance_status",
+    "Get current governance status: maturity score, kappa, drift count.",
+    {},
+    async () => {
+      const { execFileSync: execFileSync2 } = await import("child_process");
+      const { readdirSync } = await import("fs");
+      const { join } = await import("path");
+      let maturity = "?/?";
+      try {
+        const out = execFileSync2("python", ["scripts/maturity_score.py", "--ci", "--threshold", "0"], {
+          encoding: "utf-8",
+          timeout: 15e3
+        });
+        const m = out.match(/Maturity score:\s*(\d+)\s*\/\s*(\d+)/);
+        if (m) maturity = `${m[1]}/${m[2]}`;
+      } catch {
+      }
+      let driftCount = 0;
+      try {
+        const out = execFileSync2(
+          "python",
+          ["-c", "from morphism.healing.drift_scanner import DriftScanner; print(len(DriftScanner().scan()))"],
+          { encoding: "utf-8", timeout: 15e3 }
+        );
+        driftCount = parseInt(out.trim()) || 0;
+      } catch {
+      }
+      let proofCount = 0;
+      try {
+        proofCount = readdirSync(join(process.cwd(), ".morphism", "proofs")).filter((f) => f.endsWith(".json")).length;
+      } catch {
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify({ maturity, driftCount, proofCount }, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "governance_diff",
+    "Show governance file changes since a git ref (default HEAD~1).",
+    { since: z7.string().optional().default("HEAD~1").describe("Git ref to compare against") },
+    async ({ since }) => {
+      const { execFileSync: execFileSync2 } = await import("child_process");
+      let files = [];
+      try {
+        const out = execFileSync2(
+          "git",
+          ["diff", "--name-only", since, "--", "docs/", "AGENTS.md", "SSOT.md", "GUIDELINES.md", ".morphism/", "scripts/"],
+          { encoding: "utf-8", timeout: 1e4 }
+        );
+        files = out.trim().split("\n").filter(Boolean);
+      } catch {
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify({ since, changedFiles: files, count: files.length }, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "governance_heal",
+    "Run governance healing in dry-run mode. Returns proposed fixes without applying them.",
+    {},
+    async () => {
+      const { execFileSync: execFileSync2 } = await import("child_process");
+      let output = "";
+      try {
+        output = execFileSync2("python", ["-m", "morphism", "heal", "--dry-run"], {
+          encoding: "utf-8",
+          timeout: 3e4
+        });
+      } catch (e) {
+        const err = e;
+        output = err.stdout ?? "Heal command failed";
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify({ mode: "dry-run", output }, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "template_apply",
+    "Apply a morphism governance template to a target directory. Runs `morphism scaffold tier <tier>` with optional name.",
+    {
+      tier: z7.number().min(1).max(3).describe("Governance tier: 1=Web/TS, 2=Research/Python, 3=Governance/Monorepo"),
+      path: z7.string().describe("Target directory path to scaffold"),
+      name: z7.string().optional().describe("Project name override"),
+      ci: z7.boolean().optional().default(true).describe("Generate CI workflow"),
+      github: z7.boolean().optional().default(true).describe("Generate GitHub issue/PR templates")
+    },
+    async ({ tier, path: targetPath, name, ci, github }) => {
+      const { execFileSync: execFileSync2 } = await import("child_process");
+      const args = ["scaffold", "tier", String(tier)];
+      if (name) args.push("--name", name);
+      if (!ci) args.push("--no-ci");
+      if (!github) args.push("--no-github");
+      let output = "";
+      try {
+        output = execFileSync2("npx", ["morphism", ...args], {
+          encoding: "utf-8",
+          cwd: targetPath,
+          timeout: 3e4
+        });
+      } catch (e) {
+        const err = e;
+        return {
+          content: [{ type: "text", text: JSON.stringify({
+            success: false,
+            error: err.message ?? "scaffold failed",
+            output: err.stdout ?? ""
+          }, null, 2) }],
+          isError: true
+        };
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify({
+          success: true,
+          tier,
+          targetPath,
+          output: output.trim()
+        }, null, 2) }]
+      };
+    }
+  );
+  server2.tool(
+    "workspace_audit",
+    "Audit governance status across all repositories in a workspace directory. Scans for CLAUDE.md, AGENTS.md, SSOT.md, GUIDELINES.md, CI workflows, and .morphism/ config.",
+    {
+      workspace_path: z7.string().describe("Path to the workspace root containing repos"),
+      depth: z7.number().optional().default(2).describe("Directory depth to scan for repos")
+    },
+    async ({ workspace_path, depth }) => {
+      const { readdirSync, existsSync, statSync } = await import("fs");
+      const { join } = await import("path");
+      const governanceFiles = ["CLAUDE.md", "AGENTS.md", "SSOT.md", "GUIDELINES.md", "CONTRIBUTING.md"];
+      const repos = [];
+      function scanDir(dir, currentDepth) {
+        if (currentDepth > depth) return;
+        try {
+          const entries = readdirSync(dir, { withFileTypes: true });
+          const hasGit = entries.some((e) => e.name === ".git" && e.isDirectory());
+          if (hasGit) {
+            const governance = {};
+            for (const gf of governanceFiles) {
+              governance[gf] = existsSync(join(dir, gf));
+            }
+            const hasCi = existsSync(join(dir, ".github", "workflows"));
+            const hasMorphism = existsSync(join(dir, ".morphism"));
+            let tier = null;
+            if (existsSync(join(dir, "SSOT.md")) && hasMorphism) tier = 3;
+            else if (existsSync(join(dir, "pyproject.toml"))) tier = 2;
+            else if (existsSync(join(dir, "package.json")) || existsSync(join(dir, "tsconfig.json"))) tier = 1;
+            let score = 0;
+            if (governance["CLAUDE.md"]) score += 20;
+            if (governance["AGENTS.md"]) score += 20;
+            if (governance["GUIDELINES.md"]) score += 15;
+            if (governance["CONTRIBUTING.md"]) score += 10;
+            if (governance["SSOT.md"]) score += 15;
+            if (hasCi) score += 10;
+            if (hasMorphism) score += 10;
+            repos.push({
+              path: dir,
+              name: dir.split(/[\\/]/).pop() || dir,
+              tier,
+              governance,
+              hasCi,
+              hasMorphism,
+              score
+            });
+            return;
+          }
+          for (const entry of entries) {
+            if (!entry.isDirectory()) continue;
+            if (["node_modules", ".git", "__pycache__", "dist", "build", ".venv", "venv"].includes(entry.name)) continue;
+            scanDir(join(dir, entry.name), currentDepth + 1);
+          }
+        } catch {
+        }
+      }
+      scanDir(workspace_path, 0);
+      const totalScore = repos.length > 0 ? Math.round(repos.reduce((sum, r) => sum + r.score, 0) / repos.length) : 0;
+      const tierCounts = { 1: 0, 2: 0, 3: 0, unknown: 0 };
+      for (const r of repos) {
+        if (r.tier) tierCounts[r.tier]++;
+        else tierCounts.unknown++;
+      }
+      return {
+        content: [{ type: "text", text: JSON.stringify({
+          workspace: workspace_path,
+          repoCount: repos.length,
+          averageGovernanceScore: totalScore,
+          tierDistribution: tierCounts,
+          repos: repos.map((r) => ({
+            name: r.name,
+            tier: r.tier,
+            score: r.score,
+            files: Object.entries(r.governance).filter(([, v]) => v).map(([k]) => k),
+            ci: r.hasCi,
+            morphism: r.hasMorphism
+          }))
+        }, null, 2) }]
+      };
+    }
+  );
   return server2;
 }
 

package/package.json

@@ -1,36 +1,37 @@
-{
-  "name": "@morphism-systems/mcp-server",
-  "version": "0.1.0",
-  "description": "Governance MCP server — validation, maturity scoring, convergence and drift metrics",
-  "type": "module",
-  "main": "dist/index.js",
-  "bin": {
-    "morphism-mcp": "dist/index.js"
-  },
-  "scripts": {
-    "build": "tsup src/index.ts --format esm --dts --clean",
-    "typecheck": "tsc --noEmit",
-    "test": "vitest run",
-    "lint": "echo 'no lint configured'"
-  },
-  "keywords": [
-    "mcp",
-    "model-context-protocol",
-    "ai-governance",
-    "morphism",
-    "governance-as-code"
-  ],
-  "license": "BUSL-1.1",
-  "publishConfig": {
-    "access": "public"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.12.1",
-    "zod": "^3.24.0"
-  },
-  "devDependencies": {
-    "tsup": "^8.4.0",
-    "typescript": "^5.8.3",
-    "vitest": "^3.0.0"
-  }
-}
+{
+  "name": "@morphism-systems/mcp-server",
+  "version": "0.1.3",
+  "description": "Governance MCP server — validation, maturity scoring, convergence and drift metrics",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "morphism-mcp": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm --dts --clean",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "lint": "echo 'no lint configured'"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "ai-governance",
+    "morphism",
+    "governance-as-code"
+  ],
+  "license": "BUSL-1.1",
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "zod": "^3.24.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.4.0",
+    "typescript": "^5.8.3",
+    "vitest": "^3.0.0"
+  }
+}