@mushi-mushi/mcp 0.10.0 → 0.11.0

package/README.md

@@ -1,4 +1,4 @@
-# mushi-mcp
+# @mushi-mushi/mcp
 
 > **Sentry sees what code throws. Mushi sees what users feel — and closes the loop with AI.**
 
@@ -20,7 +20,7 @@ That command reads `~/.mushirc`, writes `.cursor/mcp.json` with the `mushi` serv
 
 > **What this is, and what it isn't**
 >
-> - **This package** (`mushi-mcp`) is the MCP **server** — runs locally next to your editor, talks to the Mushi API, and presents bug reports as MCP tools/resources to your coding agent. The npm package name is `mushi-mcp`; the scoped alias `@mushi-mushi/mcp` still works.
+> - **This package** (`@mushi-mushi/mcp`) is the MCP **server** — runs locally next to your editor, talks to the Mushi API, and presents bug reports as MCP tools/resources to your coding agent. Always install it by its scoped name (`npx -y @mushi-mushi/mcp@latest`) — the bare `mushi-mcp` name was never published to npm.
 > - **`@mushi-mushi/agents`** ships the MCP **client adapter** — used by the autofix orchestrator when your project's `autofix_agent = 'mcp'`. See `packages/agents/src/adapters/mcp.ts`.
 > - The `generic_mcp` adapter shipped before V5.3 was a misnomer (it spoke plain REST). It is now `RestFixWorkerAgent`; the old export is kept as a deprecated alias for one more minor.
 
@@ -130,6 +130,8 @@ The endpoint accepts JSON-RPC 2.0 over POST (returns `application/json` or `text
 | `get_fix_timeline` | Ordered timeline of a fix attempt (dispatched → started → branch → commit → PR → CI → completed/failed) |
 | `get_blast_radius` | Graph traversal showing other components a bug group touches |
 | `get_knowledge_graph` | Traverse the knowledge graph from a seed component or page |
+| `setup_check` | The 4 **dispatch-readiness** checks (GitHub repo, codebase indexed, Anthropic key, autofix enabled) — run before `dispatch_fix` |
+| `ingest_setup_check` | The 4 **required ingest** checks (project, active API key, SDK heartbeat, first report) + `last_sdk_seen_at` diagnostics — run after wiring env vars to confirm the SDK is reporting |
 
 ### Write / agentic
 
@@ -366,3 +368,9 @@ In Cursor chat, type `/` — you should see the Mushi Mushi slash-prompts (`/sum
 ## License
 
 MIT
+
+
+<!-- mushi-readme-stats-footer -->
+---
+
+<sub>Monorepo scale (June 2026): 43 edge functions · 234 SQL migrations · 13 outbound plugins · 11 inbound adapters. Canonical counts: <a href="https://github.com/kensaurus/mushi-mushi/blob/master/docs/stats.md">docs/stats.md</a> · <code>pnpm docs-stats</code></sub>

package/dist/index.js

@@ -133,10 +133,18 @@ var TOOL_CATALOG = [
   {
     name: "setup_check",
     title: "Dispatch preflight check",
-    description: "Run the 4 dispatch-readiness checks for a project and return their pass/fail status (GitHub repo connected, codebase indexed, Anthropic BYOK key present, autofix enabled). Also returns the target repo URL when GitHub is connected. Use this before calling dispatch_fix to understand why a dispatch might fail \u2014 or to validate that the onboarding wizard is complete.",
+    description: "Run the 4 **dispatch-readiness** checks for a project and return their pass/fail status (GitHub repo connected, codebase indexed, Anthropic BYOK key present, autofix enabled). Also returns the target repo URL when GitHub is connected. Use this before calling dispatch_fix to understand why a dispatch might fail. For SDK ingest health (API key \u2192 heartbeat \u2192 first report), call ingest_setup_check instead.",
     scope: "mcp:read",
     hints: { readOnly: true, idempotent: true, openWorld: true },
-    useCase: "Is this project ready to auto-fix bugs? What is blocking me?"
+    useCase: "Is this project ready to auto-fix bugs? What is blocking dispatch?"
+  },
+  {
+    name: "ingest_setup_check",
+    title: "Ingest setup check",
+    description: "Run the 4 **required ingest** checks for the project tied to this API key: project exists, active API key, SDK heartbeat (or real report), and at least one ingested report. Returns per-step pass/fail plus last_sdk_seen_at and endpoint host diagnostics. Use after wiring env vars or pasting the SDK snippet to confirm the banner will work.",
+    scope: "mcp:read",
+    hints: { readOnly: true, idempotent: true, openWorld: true },
+    useCase: "Is the SDK installed and ingesting reports? Why is my banner still missing?"
   },
   // --- Write / agentic ----------------------------------------------------
   {
@@ -289,6 +297,55 @@ var TDD_TOOL_CATALOG = [
     scope: "mcp:write",
     hints: { readOnly: false, destructive: false, idempotent: true, openWorld: true },
     useCase: "Approve this auto-generated test."
+  },
+  {
+    name: "reply_to_reporter",
+    title: "Reply to a reporter",
+    description: "Send a visible message to the end-user who filed a bug report. The reply appears in the in-app Mushi widget as an admin comment and creates an unread notification badge so the reporter sees it immediately. Use this to answer questions, request reproduction steps, or confirm a fix \u2014 without leaving the Cursor IDE.",
+    scope: "mcp:write",
+    hints: { readOnly: false, destructive: false, idempotent: false, openWorld: false },
+    useCase: "Reply to a reporter asking for more info or confirming a fix."
+  },
+  {
+    name: "list_qa_story_runs",
+    title: "Recent QA story runs",
+    description: "Return the most recent runs for a given QA story, newest first. Each row includes status (passed/failed/error/running), latency_ms, created_at, error_message headline, and assertion_failures (up to 10). Use this to understand whether a story is currently healthy, what the last failure was, and whether a manual run has completed.",
+    scope: "mcp:read",
+    hints: { readOnly: true, idempotent: true, openWorld: true },
+    useCase: 'Show me the last 10 runs for the "home page loads" story and why they failed.'
+  },
+  {
+    name: "get_qa_story_run",
+    title: "QA story run detail",
+    description: "Fetch the full detail for a single qa_story_run: status, error_message, assertion_failures, latency_ms, provider_session_url (Browserbase replay link when available), and screenshot URLs from qa_story_evidence. Use this to drill into a specific failing run and understand the exact error before deciding whether to improve the story script or fix the app.",
+    scope: "mcp:read",
+    hints: { readOnly: true, idempotent: true, openWorld: true },
+    useCase: "What exactly happened in this failed QA run? Show me the error and screenshots."
+  },
+  {
+    name: "test_notification_channel",
+    title: "Send a test notification",
+    description: 'Send a test notification to a configured notification channel for the project. Supported channel kinds: "slack" (posts a test Block Kit message to the configured channel), "discord" (posts to the project discord_webhook_url). Returns ok=true if the message was accepted. Use this to verify the integration is working after setup or after changing credentials.',
+    scope: "mcp:write",
+    hints: { readOnly: false, destructive: false, idempotent: false, openWorld: true },
+    useCase: 'Did "Add to Slack" work? Send a test ping to confirm.'
+  },
+  // ── Full-Stack Audit tools (Phase 5) ────────────────────────────────────────
+  {
+    name: "run_fullstack_audit",
+    title: "Run a full-stack health audit",
+    description: "Fan out a full-stack health audit for the current project: DB schema + advisors, API contract gate results (Gates 3\u20138), recent backend error logs, and RLS gap detection. Returns a PM-readable scorecard with severity-ranked findings and fix hints. Requires the project to have a Supabase PAT configured (Settings \u2192 API Keys, slug: supabase) and supabase_project_ref set in project settings for backend analysis. The audit completes synchronously in ~10 s. Triggers a background gate run for orphan_endpoint and unknown_call gates if they have not run today.",
+    scope: "mcp:write",
+    hints: { readOnly: false, destructive: false, idempotent: true, openWorld: true },
+    useCase: "Is this project healthy? Run a one-click full-stack audit to find API contract mismatches, unlinked backend features, schema drift, and security gaps."
+  },
+  {
+    name: "get_backend_health",
+    title: "Get backend health for a project",
+    description: 'Return the current backend health state for a linked Supabase project: table list (with RLS enabled status), recent API and Postgres error logs, and DB advisor findings. Uses the read-only Supabase MCP client via the stored PAT. Returns { tables, logs, advisors, projectRef } when the backend is linked, or { reason: "no_supabase_pat" | "no_project_ref" } when it is not configured. This is the read-only fast path \u2014 use run_fullstack_audit for the full scorecard including gate results.',
+    scope: "mcp:read",
+    hints: { readOnly: true, idempotent: true, openWorld: true },
+    useCase: "Are there any tables without RLS? Show me recent backend errors for this project."
   }
 ];
 
@@ -696,6 +753,36 @@ function createMushiServer(config) {
       });
     }
   );
+  server.registerTool(
+    "ingest_setup_check",
+    {
+      title: titleOf("ingest_setup_check"),
+      description: descOf("ingest_setup_check"),
+      annotations: annotationsFor("ingest_setup_check"),
+      inputSchema: {}
+    },
+    async () => {
+      const data = await apiCall("/v1/sync/ingest-setup");
+      const failed = data.steps.filter((s) => s.required && !s.complete);
+      const summary = data.ready ? `Ingest setup complete (${data.required_complete}/${data.required_total}) for ${data.project_name}.` : `Ingest incomplete (${data.required_complete}/${data.required_total}) \u2014 still need: ${failed.map((s) => s.label).join(", ")}.`;
+      return jsonText({
+        ready: data.ready,
+        projectId: data.project_id,
+        projectName: data.project_name,
+        requiredComplete: data.required_complete,
+        requiredTotal: data.required_total,
+        steps: data.steps.map((s) => ({
+          id: s.id,
+          label: s.label,
+          passed: s.complete,
+          required: s.required,
+          hint: s.hint
+        })),
+        diagnostic: data.diagnostic ?? null,
+        summary
+      });
+    }
+  );
   server.registerTool(
     "submit_fix_result",
     {
@@ -1249,6 +1336,138 @@ Prefer items that are bottlenecks or critical severity. Skip filler.`
       return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
     }
   );
+  server.registerTool(
+    "reply_to_reporter",
+    {
+      title: titleOf("reply_to_reporter", TDD_TOOL_CATALOG),
+      description: descOf("reply_to_reporter", TDD_TOOL_CATALOG),
+      annotations: annotationsFor("reply_to_reporter", TDD_TOOL_CATALOG),
+      inputSchema: {
+        reportId: z.string().describe("Report id to reply to"),
+        message: z.string().min(1).max(1e4).describe("Message text to send to the reporter"),
+        authorName: z.string().optional().describe('Display name for the admin sender (default: "Mushi Admin")')
+      }
+    },
+    async ({ reportId, message, authorName }) => {
+      const data = await apiCall(
+        `/v1/sync/reports/${reportId}/reply`,
+        {
+          method: "POST",
+          body: JSON.stringify({ message, author_name: authorName })
+        }
+      );
+      return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+  );
+  server.registerTool(
+    "list_qa_story_runs",
+    {
+      title: titleOf("list_qa_story_runs", TDD_TOOL_CATALOG),
+      description: descOf("list_qa_story_runs", TDD_TOOL_CATALOG),
+      annotations: annotationsFor("list_qa_story_runs", TDD_TOOL_CATALOG),
+      inputSchema: {
+        storyId: z.string().describe("QA story id (uuid)"),
+        limit: z.number().int().min(1).max(50).optional().default(10).describe("Max runs to return (default 10)")
+      }
+    },
+    async ({ storyId, limit }) => {
+      const data = await apiCall(
+        `/v1/admin/projects/${config.projectId}/qa-stories/${storyId}/runs?limit=${limit ?? 10}`
+      );
+      return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+  );
+  server.registerTool(
+    "get_qa_story_run",
+    {
+      title: titleOf("get_qa_story_run", TDD_TOOL_CATALOG),
+      description: descOf("get_qa_story_run", TDD_TOOL_CATALOG),
+      annotations: annotationsFor("get_qa_story_run", TDD_TOOL_CATALOG),
+      inputSchema: {
+        storyId: z.string().describe("QA story id (uuid)"),
+        runId: z.string().describe("Run id (uuid) to fetch detail for")
+      }
+    },
+    async ({ storyId, runId }) => {
+      const data = await apiCall(
+        `/v1/admin/projects/${config.projectId}/qa-stories/${storyId}/runs?limit=50`
+      );
+      const run = data?.data?.runs?.find((r) => r.id === runId) ?? null;
+      if (!run) {
+        throw new MushiApiError(
+          404,
+          "RUN_NOT_FOUND",
+          `Run ${runId} not found in the 50 most recent runs for story ${storyId}`
+        );
+      }
+      return { content: [{ type: "text", text: JSON.stringify(run, null, 2) }] };
+    }
+  );
+  server.registerTool(
+    "test_notification_channel",
+    {
+      title: titleOf("test_notification_channel", TDD_TOOL_CATALOG),
+      description: descOf("test_notification_channel", TDD_TOOL_CATALOG),
+      annotations: annotationsFor("test_notification_channel", TDD_TOOL_CATALOG),
+      inputSchema: {
+        kind: z.enum(["slack", "discord"]).describe("Notification channel kind to test")
+      }
+    },
+    async ({ kind }) => {
+      const data = await apiCall(
+        `/v1/admin/projects/${config.projectId}/integrations/${kind}/test`,
+        { method: "POST" }
+      );
+      return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+  );
+  server.registerTool(
+    "run_fullstack_audit",
+    {
+      title: titleOf("run_fullstack_audit"),
+      description: descOf("run_fullstack_audit"),
+      annotations: annotationsFor("run_fullstack_audit"),
+      inputSchema: {
+        project_id: z.string().optional().describe("Project ID to audit. Defaults to the configured project.")
+      }
+    },
+    async ({ project_id }) => {
+      const pid = project_id ?? config.projectId;
+      if (!pid) throw new MushiApiError(400, "MISSING_PROJECT_ID", "project_id is required");
+      const data = await apiCall(
+        `/v1/admin/projects/${pid}/audit`,
+        { method: "POST", body: "{}" }
+      );
+      return { content: [{ type: "text", text: JSON.stringify(data, null, 2) }] };
+    }
+  );
+  server.registerTool(
+    "get_backend_health",
+    {
+      title: titleOf("get_backend_health"),
+      description: descOf("get_backend_health"),
+      annotations: annotationsFor("get_backend_health"),
+      inputSchema: {
+        project_id: z.string().optional().describe("Project ID. Defaults to the configured project."),
+        include_logs: z.boolean().optional().describe("Whether to include recent backend error logs (default: true).")
+      }
+    },
+    async ({ project_id, include_logs = true }) => {
+      const pid = project_id ?? config.projectId;
+      if (!pid) throw new MushiApiError(400, "MISSING_PROJECT_ID", "project_id is required");
+      const [schemaRes, advisorsRes, logsRes] = await Promise.allSettled([
+        apiCall(`/v1/admin/projects/${pid}/backend/schema`),
+        apiCall(`/v1/admin/projects/${pid}/db-advisors`),
+        include_logs ? apiCall(`/v1/admin/projects/${pid}/backend/logs?service=api`) : Promise.resolve(null)
+      ]);
+      const result = {
+        schema: schemaRes.status === "fulfilled" ? schemaRes.value : { error: String(schemaRes.reason) },
+        advisors: advisorsRes.status === "fulfilled" ? advisorsRes.value : { error: String(advisorsRes.reason) },
+        logs: logsRes.status === "fulfilled" ? logsRes.value : include_logs ? { error: String(logsRes.reason) } : null
+      };
+      return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+  );
   const grantedScopes = config.scopes;
   if (grantedScopes !== void 0) {
     const toolRegistry = server._registeredTools;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mushi-mushi/mcp",
-  "version": "0.10.0",
+  "version": "0.11.0",
   "license": "MIT",
   "description": "MCP server exposing Mushi Mushi reports to coding agents",
   "type": "module",
@@ -23,30 +23,18 @@
     "CODE_OF_CONDUCT.md",
     "SECURITY.md"
   ],
-  "scripts": {
-    "build": "tsup",
-    "clean:types": "node -e \"require('node:fs').rmSync('dist', { recursive: true, force: true })\"",
-    "dev": "tsup --watch",
-    "lint": "eslint src/",
-    "test": "vitest run",
-    "test:smoke": "node scripts/smoke-stdio.mjs",
-    "test:localhost": "node scripts/localhost-e2e.mjs",
-    "demo": "node scripts/demo-terminal-config.mjs",
-    "inspector": "npx --yes @modelcontextprotocol/inspector@latest node ./dist/index.js",
-    "typecheck": "tsc --noEmit"
-  },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "@mushi-mushi/core": "workspace:^",
+    "@mushi-mushi/core": "^1.9.0",
     "zod": "^4.4.2"
   },
   "devDependencies": {
-    "@mushi-mushi/eslint-config": "workspace:*",
     "@types/node": "^22.19.17",
     "eslint": "^10.3.0",
     "tsup": "^8.5.1",
     "typescript": "^6.0.3",
-    "vitest": "^4.1.5"
+    "vitest": "^4.1.5",
+    "@mushi-mushi/eslint-config": "0.0.0"
   },
   "repository": {
     "type": "git",
@@ -85,5 +73,17 @@
   ],
   "engines": {
     "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsup",
+    "clean:types": "node -e \"require('node:fs').rmSync('dist', { recursive: true, force: true })\"",
+    "dev": "tsup --watch",
+    "lint": "eslint src/",
+    "test": "vitest run",
+    "test:smoke": "node scripts/smoke-stdio.mjs",
+    "test:localhost": "node scripts/localhost-e2e.mjs",
+    "demo": "node scripts/demo-terminal-config.mjs",
+    "inspector": "npx --yes @modelcontextprotocol/inspector@latest node ./dist/index.js",
+    "typecheck": "tsc --noEmit"
   }
-}
+}