@nerviq/cli 1.0.1 → 1.2.0

package/src/telemetry.js

@@ -0,0 +1,160 @@
+/**
+ * Nerviq Opt-In Telemetry Foundation
+ *
+ * Collects anonymous usage events ONLY when NERVIQ_TELEMETRY=1 is set.
+ * No PII, no file contents, no absolute paths are ever stored.
+ * Events are stored locally in <projectDir>/.nerviq/telemetry.json.
+ *
+ * This module is the foundation layer — actual transmission to a dashboard
+ * is an explicit opt-in step configured separately.
+ *
+ * Privacy guarantees:
+ *   - No usernames, emails, or identifiers
+ *   - No file contents or code
+ *   - No absolute paths (only hashed project fingerprint)
+ *   - Stored only on local disk
+ *   - Never sent anywhere without additional explicit configuration
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const crypto = require('crypto');
+
+const TELEMETRY_FILE = path.join(os.homedir(), '.nerviq', 'telemetry.json');
+const MAX_EVENTS = 500; // cap file size at ~500 events
+
+// ─── Opt-in check ─────────────────────────────────────────────────────────────
+
+/**
+ * Returns true only when the user has explicitly set NERVIQ_TELEMETRY=1.
+ * Telemetry is opt-IN, not opt-out.
+ * @returns {boolean}
+ */
+function shouldCollectTelemetry() {
+  return process.env.NERVIQ_TELEMETRY === '1';
+}
+
+// ─── Anonymous fingerprinting ─────────────────────────────────────────────────
+
+/**
+ * Creates a one-way hash of the project directory.
+ * This allows grouping events by project without exposing the path.
+ * @param {string} dir
+ * @returns {string} 8-char hex fingerprint
+ */
+function hashProject(dir) {
+  try {
+    return crypto.createHash('sha256').update(dir).digest('hex').slice(0, 8);
+  } catch {
+    return 'unknown';
+  }
+}
+
+// ─── Event collection ────────────────────────────────────────────────────────
+
+/**
+ * Collect an anonymous usage event and append it to the local telemetry file.
+ * Does nothing unless shouldCollectTelemetry() returns true.
+ *
+ * @param {string} event - Event name (e.g. 'audit', 'setup', 'convert')
+ * @param {object} [data] - Additional anonymous data
+ * @param {string} [data.platform] - Platform name (claude, codex, etc.)
+ * @param {number} [data.score] - Audit score
+ * @param {number} [data.checkCount] - Total checks evaluated
+ * @param {number} [data.durationMs] - Execution time in ms
+ * @param {string} [data.dir] - Project dir (hashed before storage)
+ * @returns {object|null} The recorded event object, or null if telemetry is off
+ */
+function collectAnonymousEvent(event, data = {}) {
+  if (!shouldCollectTelemetry()) return null;
+
+  const record = {
+    event: String(event),
+    platform: data.platform || null,
+    score: typeof data.score === 'number' ? data.score : null,
+    checkCount: typeof data.checkCount === 'number' ? data.checkCount : null,
+    durationMs: typeof data.durationMs === 'number' ? Math.round(data.durationMs) : null,
+    timestamp: new Date().toISOString(),
+    nodeVersion: process.version,
+    os: `${os.platform()}-${os.arch()}`,
+    projectFingerprint: data.dir ? hashProject(data.dir) : null,
+    // Explicitly omit: paths, file contents, usernames, email, tokens
+  };
+
+  try {
+    const telemetryDir = path.dirname(TELEMETRY_FILE);
+    fs.mkdirSync(telemetryDir, { recursive: true });
+
+    let events = [];
+    if (fs.existsSync(TELEMETRY_FILE)) {
+      try {
+        const raw = fs.readFileSync(TELEMETRY_FILE, 'utf8');
+        const parsed = JSON.parse(raw);
+        events = Array.isArray(parsed.events) ? parsed.events : [];
+      } catch {
+        events = [];
+      }
+    }
+
+    events.push(record);
+
+    // Cap at MAX_EVENTS to prevent unbounded growth
+    if (events.length > MAX_EVENTS) {
+      events = events.slice(events.length - MAX_EVENTS);
+    }
+
+    const payload = {
+      version: 1,
+      telemetryOptIn: true,
+      note: 'Local telemetry only. Set NERVIQ_TELEMETRY=0 or unset to disable.',
+      events,
+    };
+
+    fs.writeFileSync(TELEMETRY_FILE, JSON.stringify(payload, null, 2), 'utf8');
+  } catch {
+    // Telemetry failures are always silent — never block main flow
+  }
+
+  return record;
+}
+
+// ─── Read local telemetry ─────────────────────────────────────────────────────
+
+/**
+ * Read the local telemetry file.
+ * @returns {{ version: number, events: object[] } | null}
+ */
+function readLocalTelemetry() {
+  try {
+    if (!fs.existsSync(TELEMETRY_FILE)) return null;
+    return JSON.parse(fs.readFileSync(TELEMETRY_FILE, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Clear all local telemetry events.
+ * @returns {boolean} true if cleared successfully
+ */
+function clearLocalTelemetry() {
+  try {
+    if (fs.existsSync(TELEMETRY_FILE)) {
+      fs.writeFileSync(TELEMETRY_FILE, JSON.stringify({ version: 1, events: [] }, null, 2), 'utf8');
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+module.exports = {
+  shouldCollectTelemetry,
+  collectAnonymousEvent,
+  readLocalTelemetry,
+  clearLocalTelemetry,
+  TELEMETRY_FILE,
+};

package/src/windsurf/domain-packs.js

@@ -10,7 +10,9 @@
  * - No background agents (unlike Cursor)
  */
 
-const WINDSURF_DOMAIN_PACKS = [
+const { buildAdditionalDomainPacks, detectAdditionalDomainPacks } = require('../domain-pack-expansion');
+
+const BASE_WINDSURF_DOMAIN_PACKS = [
   {
     key: 'baseline-general',
     label: 'Baseline General',
@@ -173,6 +175,13 @@ const WINDSURF_DOMAIN_PACKS = [
   },
 ];
 
+const WINDSURF_DOMAIN_PACKS = [
+  ...BASE_WINDSURF_DOMAIN_PACKS,
+  ...buildAdditionalDomainPacks('windsurf', {
+    existingKeys: new Set(BASE_WINDSURF_DOMAIN_PACKS.map((pack) => pack.key)),
+  }),
+];
+
 function uniqueByKey(items) {
   const seen = new Set();
   const result = [];
@@ -330,6 +339,19 @@ function detectWindsurfDomainPacks(ctx, stacks = [], assets = {}) {
     addMatch('security-focused', ['Detected security-focused repo signals.', ctx.fileContent('SECURITY.md') ? 'SECURITY.md present.' : null]);
   }
 
+  detectAdditionalDomainPacks({
+    ctx,
+    pkg,
+    deps,
+    stackKeys,
+    addMatch,
+    hasBackend,
+    hasFrontend,
+    hasInfra,
+    hasCi,
+    isEnterpriseGoverned,
+  });
+
   if (matches.length === 0) {
     addMatch('baseline-general', [
       'No stronger platform-specific domain dominated, so a safe general Windsurf baseline is the best starting point.',

package/src/windsurf/mcp-packs.js

@@ -359,6 +359,237 @@ const WINDSURF_MCP_PACKS = [
     jsonProjection: { command: 'npx', args: ['-y', 'huggingface-mcp-server'], env: { HF_TOKEN: '${env:HF_TOKEN}' } },
     excludeTools: [],
   },
+  // ── 23 new packs ─────────────────────────────────────────────────────────
+  {
+    key: 'supabase-mcp', label: 'Supabase',
+    description: 'Database, auth, and storage for Supabase.',
+    useWhen: 'Repos using Supabase.',
+    adoption: 'Requires: SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['SUPABASE_URL', 'SUPABASE_SERVICE_ROLE_KEY'],
+    serverName: 'supabase',
+    jsonProjection: { command: 'npx', args: ['-y', '@supabase/mcp-server-supabase@latest'], env: { SUPABASE_URL: '${env:SUPABASE_URL}', SUPABASE_SERVICE_ROLE_KEY: '${env:SUPABASE_SERVICE_ROLE_KEY}' } },
+    excludeTools: ['delete_project', 'drop_table'],
+  },
+  {
+    key: 'prisma-mcp', label: 'Prisma ORM',
+    description: 'Schema inspection and migrations via Prisma.',
+    useWhen: 'Repos with a Prisma schema.',
+    adoption: 'Requires: DATABASE_URL.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['DATABASE_URL'],
+    serverName: 'prisma',
+    jsonProjection: { command: 'npx', args: ['-y', 'prisma-mcp-server@latest'], env: { DATABASE_URL: '${env:DATABASE_URL}' } },
+    excludeTools: ['drop_database'],
+  },
+  {
+    key: 'vercel-mcp', label: 'Vercel',
+    description: 'Deployment management via Vercel.',
+    useWhen: 'Repos deployed on Vercel.',
+    adoption: 'Requires: VERCEL_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['VERCEL_TOKEN'],
+    serverName: 'vercel',
+    jsonProjection: { command: 'npx', args: ['-y', '@vercel/mcp-server@latest'], env: { VERCEL_TOKEN: '${env:VERCEL_TOKEN}' } },
+    excludeTools: ['delete_project', 'delete_deployment'],
+  },
+  {
+    key: 'cloudflare-mcp', label: 'Cloudflare',
+    description: 'Workers, KV, R2, and D1 management.',
+    useWhen: 'Repos using Cloudflare edge.',
+    adoption: 'Requires: CLOUDFLARE_API_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['CLOUDFLARE_API_TOKEN'],
+    serverName: 'cloudflare',
+    jsonProjection: { command: 'npx', args: ['-y', '@cloudflare/mcp-server-cloudflare@latest'], env: { CLOUDFLARE_API_TOKEN: '${env:CLOUDFLARE_API_TOKEN}' } },
+    excludeTools: ['delete_worker', 'purge_cache'],
+  },
+  {
+    key: 'aws-mcp', label: 'AWS',
+    description: 'S3, Lambda, DynamoDB access.',
+    useWhen: 'Repos using AWS.',
+    adoption: 'Requires: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION.',
+    trustLevel: 'low', transport: 'stdio', requiredAuth: ['AWS_ACCESS_KEY_ID', 'AWS_SECRET_ACCESS_KEY', 'AWS_REGION'],
+    serverName: 'aws',
+    jsonProjection: { command: 'npx', args: ['-y', '@aws-samples/mcp-server-aws@latest'], env: { AWS_ACCESS_KEY_ID: '${env:AWS_ACCESS_KEY_ID}', AWS_SECRET_ACCESS_KEY: '${env:AWS_SECRET_ACCESS_KEY}', AWS_REGION: '${env:AWS_REGION}' } },
+    excludeTools: ['delete_stack', 'terminate_instances', 'delete_bucket'],
+  },
+  {
+    key: 'redis-mcp', label: 'Redis',
+    description: 'Cache and session management.',
+    useWhen: 'Repos using Redis.',
+    adoption: 'Requires: REDIS_URL.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['REDIS_URL'],
+    serverName: 'redis',
+    jsonProjection: { command: 'npx', args: ['-y', 'redis-mcp-server@latest'], env: { REDIS_URL: '${env:REDIS_URL}' } },
+    excludeTools: ['flushall', 'flushdb'],
+  },
+  {
+    key: 'mongodb-mcp', label: 'MongoDB',
+    description: 'Document database access.',
+    useWhen: 'Repos using MongoDB.',
+    adoption: 'Requires: MONGODB_URI.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['MONGODB_URI'],
+    serverName: 'mongodb',
+    jsonProjection: { command: 'npx', args: ['-y', '@mongodb-js/mongodb-mcp-server@latest'], env: { MONGODB_URI: '${env:MONGODB_URI}' } },
+    excludeTools: ['drop_collection', 'drop_database'],
+  },
+  {
+    key: 'twilio-mcp', label: 'Twilio',
+    description: 'SMS, voice, and messaging.',
+    useWhen: 'Repos using Twilio.',
+    adoption: 'Requires: TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN.',
+    trustLevel: 'low', transport: 'stdio', requiredAuth: ['TWILIO_ACCOUNT_SID', 'TWILIO_AUTH_TOKEN'],
+    serverName: 'twilio',
+    jsonProjection: { command: 'npx', args: ['-y', 'twilio-mcp-server@latest'], env: { TWILIO_ACCOUNT_SID: '${env:TWILIO_ACCOUNT_SID}', TWILIO_AUTH_TOKEN: '${env:TWILIO_AUTH_TOKEN}' } },
+    excludeTools: ['delete_message'],
+  },
+  {
+    key: 'sendgrid-mcp', label: 'SendGrid',
+    description: 'Transactional email delivery.',
+    useWhen: 'Repos using SendGrid.',
+    adoption: 'Requires: SENDGRID_API_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['SENDGRID_API_KEY'],
+    serverName: 'sendgrid',
+    jsonProjection: { command: 'npx', args: ['-y', 'sendgrid-mcp-server@latest'], env: { SENDGRID_API_KEY: '${env:SENDGRID_API_KEY}' } },
+    excludeTools: [],
+  },
+  {
+    key: 'algolia-mcp', label: 'Algolia Search',
+    description: 'Search indexing via Algolia.',
+    useWhen: 'Repos using Algolia.',
+    adoption: 'Requires: ALGOLIA_APP_ID, ALGOLIA_API_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['ALGOLIA_APP_ID', 'ALGOLIA_API_KEY'],
+    serverName: 'algolia',
+    jsonProjection: { command: 'npx', args: ['-y', 'algolia-mcp-server@latest'], env: { ALGOLIA_APP_ID: '${env:ALGOLIA_APP_ID}', ALGOLIA_API_KEY: '${env:ALGOLIA_API_KEY}' } },
+    excludeTools: ['delete_index'],
+  },
+  {
+    key: 'planetscale-mcp', label: 'PlanetScale',
+    description: 'Serverless MySQL via PlanetScale.',
+    useWhen: 'Repos on PlanetScale.',
+    adoption: 'Requires: PLANETSCALE_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['PLANETSCALE_TOKEN'],
+    serverName: 'planetscale',
+    jsonProjection: { command: 'npx', args: ['-y', 'planetscale-mcp-server@latest'], env: { PLANETSCALE_TOKEN: '${env:PLANETSCALE_TOKEN}' } },
+    excludeTools: ['delete_database'],
+  },
+  {
+    key: 'neon-mcp', label: 'Neon Serverless Postgres',
+    description: 'Serverless Postgres via Neon.',
+    useWhen: 'Repos using Neon.',
+    adoption: 'Requires: NEON_API_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['NEON_API_KEY'],
+    serverName: 'neon',
+    jsonProjection: { command: 'npx', args: ['-y', '@neondatabase/mcp-server-neon@latest'], env: { NEON_API_KEY: '${env:NEON_API_KEY}' } },
+    excludeTools: ['delete_project'],
+  },
+  {
+    key: 'turso-mcp', label: 'Turso Edge SQLite',
+    description: 'Edge SQLite via Turso.',
+    useWhen: 'Repos using Turso.',
+    adoption: 'Requires: TURSO_DATABASE_URL, TURSO_AUTH_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['TURSO_DATABASE_URL', 'TURSO_AUTH_TOKEN'],
+    serverName: 'turso',
+    jsonProjection: { command: 'npx', args: ['-y', 'turso-mcp-server@latest'], env: { TURSO_DATABASE_URL: '${env:TURSO_DATABASE_URL}', TURSO_AUTH_TOKEN: '${env:TURSO_AUTH_TOKEN}' } },
+    excludeTools: ['destroy_database'],
+  },
+  {
+    key: 'upstash-mcp', label: 'Upstash Redis+Kafka',
+    description: 'Serverless Redis and Kafka.',
+    useWhen: 'Repos using Upstash.',
+    adoption: 'Requires: UPSTASH_REDIS_REST_URL, UPSTASH_REDIS_REST_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['UPSTASH_REDIS_REST_URL', 'UPSTASH_REDIS_REST_TOKEN'],
+    serverName: 'upstash',
+    jsonProjection: { command: 'npx', args: ['-y', '@upstash/mcp-server@latest'], env: { UPSTASH_REDIS_REST_URL: '${env:UPSTASH_REDIS_REST_URL}', UPSTASH_REDIS_REST_TOKEN: '${env:UPSTASH_REDIS_REST_TOKEN}' } },
+    excludeTools: [],
+  },
+  {
+    key: 'convex-mcp', label: 'Convex',
+    description: 'Reactive backend via Convex.',
+    useWhen: 'Repos using Convex.',
+    adoption: 'Requires: CONVEX_DEPLOYMENT.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['CONVEX_DEPLOYMENT'],
+    serverName: 'convex',
+    jsonProjection: { command: 'npx', args: ['-y', '@convex-dev/mcp-server@latest'], env: { CONVEX_DEPLOYMENT: '${env:CONVEX_DEPLOYMENT}' } },
+    excludeTools: ['delete_deployment'],
+  },
+  {
+    key: 'clerk-mcp', label: 'Clerk Authentication',
+    description: 'User auth via Clerk.',
+    useWhen: 'Repos using Clerk.',
+    adoption: 'Requires: CLERK_SECRET_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['CLERK_SECRET_KEY'],
+    serverName: 'clerk',
+    jsonProjection: { command: 'npx', args: ['-y', '@clerk/mcp-server@latest'], env: { CLERK_SECRET_KEY: '${env:CLERK_SECRET_KEY}' } },
+    excludeTools: ['delete_user'],
+  },
+  {
+    key: 'resend-mcp', label: 'Resend Email',
+    description: 'Transactional email via Resend.',
+    useWhen: 'Repos using Resend.',
+    adoption: 'Requires: RESEND_API_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['RESEND_API_KEY'],
+    serverName: 'resend',
+    jsonProjection: { command: 'npx', args: ['-y', 'resend-mcp-server@latest'], env: { RESEND_API_KEY: '${env:RESEND_API_KEY}' } },
+    excludeTools: [],
+  },
+  {
+    key: 'temporal-mcp', label: 'Temporal Workflow',
+    description: 'Workflow orchestration via Temporal.',
+    useWhen: 'Repos using Temporal.',
+    adoption: 'Requires: TEMPORAL_ADDRESS.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['TEMPORAL_ADDRESS'],
+    serverName: 'temporal',
+    jsonProjection: { command: 'npx', args: ['-y', 'temporal-mcp-server@latest'], env: { TEMPORAL_ADDRESS: '${env:TEMPORAL_ADDRESS}' } },
+    excludeTools: ['terminate_workflow'],
+  },
+  {
+    key: 'launchdarkly-mcp', label: 'LaunchDarkly',
+    description: 'Feature flags via LaunchDarkly.',
+    useWhen: 'Repos using LaunchDarkly.',
+    adoption: 'Requires: LAUNCHDARKLY_ACCESS_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['LAUNCHDARKLY_ACCESS_TOKEN'],
+    serverName: 'launchdarkly',
+    jsonProjection: { command: 'npx', args: ['-y', 'launchdarkly-mcp-server@latest'], env: { LAUNCHDARKLY_ACCESS_TOKEN: '${env:LAUNCHDARKLY_ACCESS_TOKEN}' } },
+    excludeTools: ['delete_flag'],
+  },
+  {
+    key: 'datadog-mcp', label: 'Datadog',
+    description: 'Monitoring and APM via Datadog.',
+    useWhen: 'Repos using Datadog.',
+    adoption: 'Requires: DATADOG_API_KEY, DATADOG_APP_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['DATADOG_API_KEY', 'DATADOG_APP_KEY'],
+    serverName: 'datadog',
+    jsonProjection: { command: 'npx', args: ['-y', '@datadog/mcp-server@latest'], env: { DATADOG_API_KEY: '${env:DATADOG_API_KEY}', DATADOG_APP_KEY: '${env:DATADOG_APP_KEY}' } },
+    excludeTools: ['delete_monitor'],
+  },
+  {
+    key: 'grafana-mcp', label: 'Grafana',
+    description: 'Dashboards via Grafana.',
+    useWhen: 'Repos using Grafana.',
+    adoption: 'Requires: GRAFANA_URL, GRAFANA_API_KEY.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['GRAFANA_URL', 'GRAFANA_API_KEY'],
+    serverName: 'grafana',
+    jsonProjection: { command: 'npx', args: ['-y', 'grafana-mcp-server@latest'], env: { GRAFANA_URL: '${env:GRAFANA_URL}', GRAFANA_API_KEY: '${env:GRAFANA_API_KEY}' } },
+    excludeTools: ['delete_dashboard'],
+  },
+  {
+    key: 'circleci-mcp', label: 'CircleCI',
+    description: 'CI/CD via CircleCI.',
+    useWhen: 'Repos using CircleCI.',
+    adoption: 'Requires: CIRCLECI_TOKEN.',
+    trustLevel: 'medium', transport: 'stdio', requiredAuth: ['CIRCLECI_TOKEN'],
+    serverName: 'circleci',
+    jsonProjection: { command: 'npx', args: ['-y', 'circleci-mcp-server@latest'], env: { CIRCLECI_TOKEN: '${env:CIRCLECI_TOKEN}' } },
+    excludeTools: ['cancel_pipeline'],
+  },
+  {
+    key: 'anthropic-mcp', label: 'Anthropic Claude API',
+    description: 'Claude API for AI-powered apps.',
+    useWhen: 'Repos building on Claude API.',
+    adoption: 'Requires: ANTHROPIC_API_KEY.',
+    trustLevel: 'high', transport: 'stdio', requiredAuth: ['ANTHROPIC_API_KEY'],
+    serverName: 'anthropic',
+    jsonProjection: { command: 'npx', args: ['-y', '@anthropic-ai/mcp-server@latest'], env: { ANTHROPIC_API_KEY: '${env:ANTHROPIC_API_KEY}' } },
+    excludeTools: [],
+  },
 ];
 
 // --- Helpers ---
@@ -462,6 +693,32 @@ function recommendWindsurfMcpPacks(stacks = [], domainPacks = [], options = {})
   if (domainKeys.has('ecommerce') && (hasDependency(deps, 'shopify') || hasDependency(deps, '@shopify/shopify-api'))) recommended.add('shopify-mcp');
   if (domainKeys.has('ai-ml')) recommended.add('huggingface-mcp');
   if (domainKeys.has('design-system')) recommended.add('figma-mcp');
+  // ── 23 new packs recommendation logic ────────────────────────────────────
+  if (ctx) {
+    if (hasDependency(deps, '@supabase/supabase-js') || hasDependency(deps, '@supabase/auth-helpers-nextjs') || hasFileContentMatch(ctx, '.env', /SUPABASE/i) || hasFileContentMatch(ctx, '.env.example', /SUPABASE/i)) recommended.add('supabase-mcp');
+    if (hasFileContentMatch(ctx, 'schema.prisma', /\S/) || hasDependency(deps, '@prisma/client') || hasDependency(deps, 'prisma')) recommended.add('prisma-mcp');
+    if (ctx.files.includes('vercel.json') || hasFileContentMatch(ctx, 'package.json', /"deploy":\s*"vercel/i) || hasFileContentMatch(ctx, '.env', /VERCEL_TOKEN/i)) recommended.add('vercel-mcp');
+    if (hasFileContentMatch(ctx, 'wrangler.toml', /\S/) || hasDependency(deps, 'wrangler') || hasFileContentMatch(ctx, '.env', /CLOUDFLARE/i)) recommended.add('cloudflare-mcp');
+    if (hasFileContentMatch(ctx, '.env', /AWS_ACCESS_KEY/i) || ctx.files.some(f => /serverless\.yml|template\.ya?ml|cdk\.json/.test(f))) recommended.add('aws-mcp');
+    if (hasDependency(deps, 'redis') || hasDependency(deps, 'ioredis') || hasDependency(deps, '@redis/client') || hasFileContentMatch(ctx, '.env', /REDIS_URL/i)) recommended.add('redis-mcp');
+    if (hasDependency(deps, 'mongoose') || hasDependency(deps, 'mongodb') || hasFileContentMatch(ctx, '.env', /MONGODB_URI/i)) recommended.add('mongodb-mcp');
+    if (hasDependency(deps, 'twilio') || hasFileContentMatch(ctx, '.env', /TWILIO_/i)) recommended.add('twilio-mcp');
+    if (hasDependency(deps, '@sendgrid/mail') || hasFileContentMatch(ctx, '.env', /SENDGRID_API_KEY/i)) recommended.add('sendgrid-mcp');
+    if (hasDependency(deps, 'algoliasearch') || hasDependency(deps, '@algolia/client-search') || hasFileContentMatch(ctx, '.env', /ALGOLIA_/i)) recommended.add('algolia-mcp');
+    if (hasFileContentMatch(ctx, '.env', /PLANETSCALE_TOKEN/i)) recommended.add('planetscale-mcp');
+    if (hasDependency(deps, '@neondatabase/serverless') || hasFileContentMatch(ctx, '.env', /NEON_/i)) recommended.add('neon-mcp');
+    if (hasDependency(deps, '@libsql/client') || hasFileContentMatch(ctx, '.env', /TURSO_/i)) recommended.add('turso-mcp');
+    if (hasDependency(deps, '@upstash/redis') || hasDependency(deps, '@upstash/kafka') || hasFileContentMatch(ctx, '.env', /UPSTASH_/i)) recommended.add('upstash-mcp');
+    if (hasDependency(deps, 'convex') || hasFileContentMatch(ctx, 'convex.json', /\S/) || hasFileContentMatch(ctx, '.env', /CONVEX_/i)) recommended.add('convex-mcp');
+    if (hasDependency(deps, '@clerk/nextjs') || hasDependency(deps, '@clerk/backend') || hasFileContentMatch(ctx, '.env', /CLERK_/i)) recommended.add('clerk-mcp');
+    if (hasDependency(deps, 'resend') || hasFileContentMatch(ctx, '.env', /RESEND_API_KEY/i)) recommended.add('resend-mcp');
+    if (hasDependency(deps, '@temporalio/client') || hasFileContentMatch(ctx, '.env', /TEMPORAL_/i)) recommended.add('temporal-mcp');
+    if (hasDependency(deps, '@launchdarkly/node-server-sdk') || hasFileContentMatch(ctx, '.env', /LAUNCHDARKLY_/i)) recommended.add('launchdarkly-mcp');
+    if (hasDependency(deps, 'dd-trace') || hasFileContentMatch(ctx, '.env', /DATADOG_/i)) recommended.add('datadog-mcp');
+    if (hasFileContentMatch(ctx, 'docker-compose.yml', /grafana/i) || hasFileContentMatch(ctx, '.env', /GRAFANA_/i)) recommended.add('grafana-mcp');
+    if (ctx.files.some(f => /\.circleci\/config/.test(f)) || hasFileContentMatch(ctx, '.env', /CIRCLECI_/i)) recommended.add('circleci-mcp');
+    if (hasDependency(deps, '@anthropic-ai/sdk') || hasDependency(deps, 'anthropic') || hasFileContentMatch(ctx, '.env', /ANTHROPIC_API_KEY/i)) recommended.add('anthropic-mcp');
+  }
   if (recommended.size >= 2) recommended.add('mcp-security');
   if (recommended.size === 0) recommended.add('context7-docs');