@papyruslabsai/seshat-mcp 0.13.6 → 0.14.0

package/dist/index.js

@@ -35,6 +35,74 @@ All tools are read-only and safe to call speculatively — there is no cost to t
 
 get_blast_radius and get_optimal_context are designed to be called iteratively. Start with any entity, then feed discovered entities back in to expand your understanding. Each round reveals new structure that informs where to look next. When answering "what does this system do?" questions, a few rounds of blast_radius → get_entity → blast_radius on the newly discovered symbols will build a complete picture faster than reading files.`;
 const TIER_ORDER = ['cartographer', 'pro', 'analyst', 'architect', 'founder'];
+const REVELATION_ORDER = ['core', 'navigate', 'security', 'quality', 'full'];
+// Which tools appear at each stage (cumulative — each stage includes all previous)
+const TOOL_REVELATION = {
+    // Always visible
+    get_account_status: 'core',
+    list_projects: 'core',
+    // Core loop — the curiosity engine (available immediately)
+    get_entity: 'core',
+    get_blast_radius: 'core',
+    get_dependencies: 'core',
+    get_optimal_context: 'core',
+    // Navigation — after agent starts exploring (revealed after ~3 queries)
+    query_entities: 'navigate',
+    list_modules: 'navigate',
+    get_topology: 'navigate',
+    get_data_flow: 'navigate',
+    find_by_constraint: 'navigate',
+    // Security surface — after architecture is understood (~8 queries)
+    get_auth_matrix: 'security',
+    find_exposure_leaks: 'security',
+    // Quality & audit — after deep exploration (~15 queries)
+    find_dead_code: 'quality',
+    find_layer_violations: 'quality',
+    get_coupling_metrics: 'quality',
+    find_error_gaps: 'quality',
+    get_test_coverage: 'quality',
+    find_runtime_violations: 'quality',
+    find_ownership_violations: 'quality',
+    query_traits: 'quality',
+    find_semantic_clones: 'quality',
+    // Architect — always gated by tier, shown when quality is visible
+    estimate_task_cost: 'full',
+    simulate_mutation: 'full',
+    create_symbol: 'full',
+    diff_bundle: 'full',
+    conflict_matrix: 'full',
+    query_data_targets: 'full',
+};
+// Query thresholds for each stage transition
+const REVELATION_THRESHOLDS = {
+    core: 0, // Immediate
+    navigate: 3, // After a few core loop calls
+    security: 8, // After architecture is understood
+    quality: 15, // After deep exploration
+    full: 25, // Power user territory
+};
+// Session state for progressive revelation
+let _sessionQueryCount = 0;
+let _currentStage = 'core';
+let _serverRef = null; // Stored so we can send notifications
+function stageAtLeast(current, required) {
+    return REVELATION_ORDER.indexOf(current) >= REVELATION_ORDER.indexOf(required);
+}
+function checkRevelation() {
+    for (const stage of REVELATION_ORDER) {
+        if (_sessionQueryCount >= REVELATION_THRESHOLDS[stage]) {
+            if (REVELATION_ORDER.indexOf(stage) > REVELATION_ORDER.indexOf(_currentStage)) {
+                const previousStage = _currentStage;
+                _currentStage = stage;
+                // Notify client that tool list has changed
+                if (_serverRef) {
+                    _serverRef.notification({ method: 'notifications/tools/list_changed' });
+                    process.stderr.write(`[Seshat] Revelation: ${previousStage} → ${stage} (${_sessionQueryCount} queries). Notified client.\n`);
+                }
+            }
+        }
+    }
+}
 const TOOL_TIERS = {
     // Cartographer (free) — explore, navigate, and assess security surface
     list_projects: 'cartographer',
@@ -444,6 +512,8 @@ const TOOLS = [
     },
 ];
 // ─── Project Resolution (Fallback) ────────────────────────────────
+// Cache for the last project used — so tools auto-scope after list_projects
+let _lastKnownProject;
 function resolveProjectName() {
     // If SESHAT_PROJECTS is set to a single name, use it
     if (process.env.SESHAT_PROJECTS && !process.env.SESHAT_PROJECTS.includes(',') && !process.env.SESHAT_PROJECTS.includes('*')) {
@@ -459,8 +529,16 @@ function resolveProjectName() {
         }
         catch { }
     }
-    // Ultimate fallback to directory name
-    return path.basename(process.cwd());
+    // If we've seen a project from list_projects, use that
+    if (_lastKnownProject)
+        return _lastKnownProject;
+    // Only fall back to CWD basename if there's a .seshat/ dir (i.e., it's actually a Seshat project)
+    // This prevents agents running from unrelated directories from sending bogus project names
+    if (fs.existsSync(path.join(process.cwd(), '.seshat'))) {
+        return path.basename(process.cwd());
+    }
+    // No project could be resolved — let the API return a helpful error
+    return undefined;
 }
 // ─── Cloud API helper ─────────────────────────────────────────────
 function getCloudUrl(path) {
@@ -473,11 +551,13 @@ function getCloudUrl(path) {
 async function main() {
     const server = new Server({
         name: 'seshat',
-        version: '0.13.4',
+        version: '0.14.0',
     }, {
-        capabilities: { tools: {} },
+        capabilities: { tools: { listChanged: true } },
         instructions: SERVER_INSTRUCTIONS,
     });
+    // Store server ref for sending notifications from revelation system
+    _serverRef = server;
     // ─── Dynamic ListTools — only expose tools the user can access ──
     server.setRequestHandler(ListToolsRequestSchema, async () => {
         const apiKey = process.env.SESHAT_API_KEY;
@@ -498,13 +578,19 @@ async function main() {
                 // If unavailable, default to cartographer (free tier tools only)
             }
         }
-        // Only return tools the user's tier can actually use
+        // Filter tools by BOTH tier access AND revelation stage
         const visibleTools = TOOLS.filter((tool) => {
+            // Tier gate: user must have access
             const requiredTier = TOOL_TIERS[tool.name];
-            if (!requiredTier)
-                return true; // get_account_status — always visible
-            return tierAtLeast(userTier, requiredTier);
+            if (requiredTier && !tierAtLeast(userTier, requiredTier))
+                return false;
+            // Revelation gate: tool must be revealed at current stage
+            const requiredStage = TOOL_REVELATION[tool.name];
+            if (requiredStage && !stageAtLeast(_currentStage, requiredStage))
+                return false;
+            return true;
         });
+        process.stderr.write(`[Seshat] ListTools: stage=${_currentStage}, queries=${_sessionQueryCount}, tools=${visibleTools.length}/${TOOLS.length}\n`);
         return { tools: visibleTools };
     });
     // ─── CallTool handler ──────────────────────────────────────────
@@ -575,22 +661,34 @@ async function main() {
             }
         }
         // Determine the project hash for this workspace
-        const project_hash = (args && typeof args === 'object' && 'project' in args)
-            ? String(args.project)
-            : resolveProjectName();
+        // list_projects is unscoped — it returns ALL projects for the user
+        const project_hash = name === 'list_projects'
+            ? undefined
+            : (args && typeof args === 'object' && 'project' in args)
+                ? String(args.project)
+                : resolveProjectName();
+        // If no project could be resolved and this isn't list_projects, tell the LLM how to fix it
+        if (!project_hash && name !== 'list_projects') {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({
+                            error: 'No project specified. Call list_projects first to see available projects, then pass the project name as the "project" argument.',
+                            hint: 'If list_projects returns empty, the repo may not be synced yet. Use the Ptah demo API (POST /api/demo/create) to import a repo first.',
+                        }, null, 2) }],
+                isError: true,
+            };
+        }
         try {
             // Proxy the tool call to the cloud
+            const body = { tool: name, args };
+            if (project_hash)
+                body.project_hash = project_hash;
             const res = await fetch(getCloudUrl('/api/mcp/execute'), {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
                     'x-api-key': apiKey
                 },
-                body: JSON.stringify({
-                    tool: name,
-                    project_hash,
-                    args
-                })
+                body: JSON.stringify(body)
             });
             if (!res.ok) {
                 const errorText = await res.text();
@@ -600,6 +698,13 @@ async function main() {
                 };
             }
             const result = await res.json();
+            // Cache the first project from list_projects so subsequent tool calls auto-scope
+            if (name === 'list_projects' && result.projects && result.projects.length > 0) {
+                _lastKnownProject = result.projects[0].name;
+            }
+            // Progressive revelation: count queries and check for stage transitions
+            _sessionQueryCount++;
+            checkRevelation();
             // Separate _meta into assistant-only content so it doesn't clutter
             // the user-visible response. The LLM still sees it for context.
             if (result._meta) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@papyruslabsai/seshat-mcp",
-  "version": "0.13.6",
+  "version": "0.14.0",
   "description": "Semantic MCP server — exposes a codebase's structure, dependencies, and constraints as queryable tools",
   "type": "module",
   "bin": {