@papyruslabsai/seshat-mcp 0.13.3 → 0.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +9 -6
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -25,6 +25,7 @@ Use Seshat tools instead of grep/Read when you need to understand code structure
25
25
  - "What breaks if I change this?" → get_blast_radius
26
26
  - "What data does this read/write/mutate?" → get_data_flow
27
27
  - "Which functions touch the DB / require auth / throw?" → find_by_constraint
28
+ - "What reads or writes the 'users' table?" → find_by_constraint(table="users")
28
29
  - "Which endpoints require auth and which don't?" → get_auth_matrix
29
30
  - "Where is sensitive data exposed without protection?" → find_exposure_leaks
30
31
  - "What should I read before modifying X?" → get_optimal_context
@@ -33,7 +34,7 @@ Use Seshat tools instead of grep/Read when you need to understand code structure
33
34
  All tools are read-only and safe to call speculatively — there is no cost to trying them.
34
35
 
35
36
  get_blast_radius and get_optimal_context are designed to be called iteratively. Start with any entity, then feed discovered entities back in to expand your understanding. Each round reveals new structure that informs where to look next. When answering "what does this system do?" questions, a few rounds of blast_radius → get_entity → blast_radius on the newly discovered symbols will build a complete picture faster than reading files.`;
36
- const TIER_ORDER = ['cartographer', 'analyst', 'architect', 'founder'];
37
+ const TIER_ORDER = ['cartographer', 'pro', 'analyst', 'architect', 'founder'];
37
38
  const TOOL_TIERS = {
38
39
  // Cartographer (free) — explore, navigate, and assess security surface
39
40
  list_projects: 'cartographer',
@@ -68,8 +69,9 @@ const TOOL_TIERS = {
68
69
  };
69
70
  const TIER_LABELS = {
70
71
  cartographer: 'Cartographer (Free)',
71
- analyst: 'Analyst (Tier 2)',
72
- architect: 'Architect (Tier 3)',
72
+ pro: 'Seshat Pro',
73
+ analyst: 'Seshat Shield',
74
+ architect: 'Architect',
73
75
  founder: 'Founder (All Access)',
74
76
  };
75
77
  function tierAtLeast(userTier, requiredTier) {
@@ -119,7 +121,7 @@ const TOOLS = [
119
121
  },
120
122
  {
121
123
  name: 'get_entity',
122
- description: 'Get everything about one function or class — its signature, callers, callees, data flow, constraints, and source location. Use this when you need to deeply understand a single symbol before modifying it. Returns more than reading the source file because it includes the dependency context.',
124
+ description: 'Get everything about one function or class — its signature, callers, callees, data flow, constraints, source location, and database operations (which tables it reads/writes). Use this when you need to deeply understand a single symbol before modifying it. Returns more than reading the source file because it includes the dependency context.',
123
125
  inputSchema: {
124
126
  type: 'object',
125
127
  properties: {
@@ -160,12 +162,13 @@ const TOOLS = [
160
162
  },
161
163
  {
162
164
  name: 'find_by_constraint',
163
- description: 'Find every function with a specific syntactic constraint tag — AUTH (requires authentication), DB_ACCESS (touches database), THROWS (explicit throw statement), PURE (no side effects), NETWORK_IO (makes HTTP calls), VALIDATED (has input validation). Constraints are extracted from source syntax, not inferred. Use this when you need to answer "which functions write to the database?" or "what endpoints lack auth?" For semantic/behavioral properties (e.g., "can fail transitively"), use query_traits instead.',
165
+ description: 'Find every function with a specific syntactic constraint tag — AUTH (requires authentication), DB_ACCESS (touches database), THROWS (explicit throw statement), PURE (no side effects), NETWORK_IO (makes HTTP calls), VALIDATED (has input validation). Also supports table-level queries: pass table="walks" to find every function that reads or writes the walks table (answers "what touches this table?" for schema migrations). Constraints are extracted from source syntax, not inferred. For semantic/behavioral properties (e.g., "can fail transitively"), use query_traits instead.',
164
166
  inputSchema: {
165
167
  type: 'object',
166
168
  properties: {
167
169
  project: projectParam,
168
170
  constraint: { type: 'string', description: 'Constraint tag to search for: AUTH, VALIDATED, PURE, THROWS, DB_ACCESS, NETWORK_IO, IMP, etc.' },
171
+ table: { type: 'string', description: 'Optional: filter to functions that touch a specific database table (e.g., "walks", "users"). Returns structured db_operations showing read/write/mutate per function.' },
169
172
  },
170
173
  required: ['constraint'],
171
174
  },
@@ -470,7 +473,7 @@ function getCloudUrl(path) {
470
473
  async function main() {
471
474
  const server = new Server({
472
475
  name: 'seshat',
473
- version: '0.13.3',
476
+ version: '0.13.4',
474
477
  }, {
475
478
  capabilities: { tools: {} },
476
479
  instructions: SERVER_INSTRUCTIONS,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@papyruslabsai/seshat-mcp",
3
- "version": "0.13.3",
3
+ "version": "0.13.4",
4
4
  "description": "Semantic MCP server — exposes a codebase's structure, dependencies, and constraints as queryable tools",
5
5
  "type": "module",
6
6
  "bin": {