@rigstate/mcp 0.5.5 → 0.5.7

package/dist/index.js

@@ -1,10 +1,4 @@
 #!/usr/bin/env node
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
 
 // src/index.ts
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
@@ -67,7 +61,7 @@ var ToolRegistry = class {
    */
   register(tool) {
     if (this.tools.has(tool.name)) {
-      console.warn(`Tool '${tool.name}' is already registered. Overwriting.`);
+      console.error(`Tool '${tool.name}' is already registered. Overwriting.`);
     }
     this.tools.set(tool.name, tool);
   }
@@ -974,30 +968,29 @@ architecture rules, decisions, and constraints.`,
   }
 });
 async function generateQueryEmbedding(query) {
-  const openRouterKey = process.env.OPENROUTER_API_KEY;
-  const googleKey = process.env.GOOGLE_GENERATIVE_AI_API_KEY;
-  if (!openRouterKey && !googleKey) {
+  const apiKey = process.env.RIGSTATE_API_KEY;
+  const apiUrl = process.env.RIGSTATE_API_URL || "http://localhost:3000/api/v1";
+  if (!apiKey) {
     return null;
   }
   try {
-    const { embed } = await import("ai");
-    if (openRouterKey) {
-      const { createOpenRouter } = await import("@openrouter/ai-sdk-provider");
-      const openrouter = createOpenRouter({ apiKey: openRouterKey });
-      const { embedding } = await embed({
-        model: openrouter.embedding("google/text-embedding-004"),
-        value: query.replace(/\n/g, " ")
-      });
-      return embedding;
-    } else {
-      const { google } = await import("@ai-sdk/google");
-      const { embedding } = await embed({
-        model: google.embedding("text-embedding-004"),
-        value: query.replace(/\n/g, " ")
-      });
-      return embedding;
+    const response = await fetch(`${apiUrl}/intelligence/embed`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${apiKey}`
+      },
+      body: JSON.stringify({ text: query })
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      console.error(`Embedding API error (${response.status}):`, errorText);
+      return null;
     }
+    const result = await response.json();
+    return result.data?.embedding || null;
   } catch (error) {
+    console.error("Failed to generate embedding via Proxy:", error);
     return null;
   }
 }
@@ -1037,6 +1030,13 @@ async function queryBrain(supabase, userId, projectId, query, limit = 8, thresho
       createdAt: m.created_at
     }));
   }
+  let relevantFeatures = [];
+  try {
+    const { data: features } = await supabase.from("project_features").select("name, status, description").eq("project_id", projectId).or(`name.ilike.%${query}%,description.ilike.%${query}%`).limit(3);
+    if (features) relevantFeatures = features;
+  } catch (e) {
+    console.warn("Feature fetch failed in brain query", e);
+  }
   const contextLines = memories.map((m) => {
     const voteIndicator = m.netVotes && m.netVotes < 0 ? ` [\u26A0\uFE0F POORLY RATED: ${m.netVotes}]` : "";
     const tagStr = m.tags && m.tags.length > 0 ? ` [${m.tags.join(", ")}]` : "";
@@ -1044,17 +1044,28 @@ async function queryBrain(supabase, userId, projectId, query, limit = 8, thresho
     return `- [${category}]${tagStr}${voteIndicator}: ${m.content}`;
   });
   const searchType = embedding ? "TRIPLE-HYBRID (Vector + FTS + Fuzzy)" : "HYBRID (FTS + Fuzzy)";
-  const formatted = memories.length > 0 ? `=== PROJECT BRAIN: RELEVANT MEMORIES ===
+  let formatted = `=== PROJECT BRAIN: RELEVANT MEMORIES ===
 Search Mode: ${searchType}
-Query: "${query}"
+Query: "${query}"`;
+  if (relevantFeatures.length > 0) {
+    formatted += `
+
+=== RELATED FEATURES ===
+` + relevantFeatures.map((f) => `- ${f.name} [${f.status}]`).join("\n");
+  }
+  formatted += `
+
 Found ${memories.length} relevant memories:
 
 ${contextLines.join("\n")}
 
-==========================================` : `=== PROJECT BRAIN ===
+==========================================`;
+  if (memories.length === 0 && relevantFeatures.length === 0) {
+    formatted = `=== PROJECT BRAIN ===
 Query: "${query}"
-No relevant memories found for this query.
+No relevant memories or features found.
 =======================`;
+  }
   return {
     query,
     memories,
@@ -1579,25 +1590,41 @@ var listFeaturesTool = {
 Useful for understanding the strategic context and major milestones.`,
   schema: InputSchema,
   handler: async ({ projectId }, { supabase, userId }) => {
-    const { data: project, error: projectError } = await supabase.from("projects").select("id").eq("id", projectId).eq("owner_id", userId).single();
+    const { data: project, error: projectError } = await supabase.from("projects").select("id, functional_spec").eq("id", projectId).eq("owner_id", userId).single();
     if (projectError || !project) {
       throw new Error("Project not found or access denied");
     }
-    const { data: features, error } = await supabase.from("features").select("id, name, description, priority, status").eq("project_id", projectId).neq("status", "ARCHIVED").order("created_at", { ascending: false });
-    if (error) {
-      throw new Error(`Failed to fetch features: ${error.message}`);
+    const { data: dbFeatures, error: dbError } = await supabase.from("project_features").select("id, name, description, status").eq("project_id", projectId).neq("status", "shadow").order("created_at", { ascending: false });
+    let featuresList = [];
+    let source = "DB";
+    if (!dbError && dbFeatures && dbFeatures.length > 0) {
+      featuresList = dbFeatures.map((f) => ({
+        ...f,
+        title: f.name
+        // Map back to title specifically for uniform handling below
+      }));
+    } else {
+      source = "FALLBACK_SPEC";
+      console.error(`[WARN] Project ${projectId}: 'project_features' empty or missing. Falling back to 'functional_spec'.`);
+      const spec = project.functional_spec;
+      if (spec && typeof spec === "object" && Array.isArray(spec.features)) {
+        featuresList = spec.features.map((f) => ({
+          id: "legacy",
+          title: f.name || f.title,
+          description: f.description,
+          status: f.status || "proposed"
+        }));
+      }
     }
-    const formatted = (features || []).length > 0 ? (features || []).map((f) => {
-      const priorityStr = f.priority === "MVP" ? "[MVP] " : "";
-      return `- ${priorityStr}${f.name} (${f.status})`;
-    }).join("\n") : "No active features found.";
+    if (featuresList.length === 0) {
+      return { content: [{ type: "text", text: "No active features found (checked DB and Spec)." }] };
+    }
+    const formatted = `=== PROJECT FEATURES (Source: ${source}) ===
+` + featuresList.map((f) => {
+      return `- ${f.title} [${f.status}]`;
+    }).join("\n");
     return {
-      content: [
-        {
-          type: "text",
-          text: formatted
-        }
-      ]
+      content: [{ type: "text", text: formatted }]
     };
   }
 };
@@ -1831,7 +1858,7 @@ async function analyzeDatabasePerformance(supabase, input) {
         }
       }
     } catch (e) {
-      console.warn(`Skipping file ${filePath}: ${e}`);
+      console.error(`Skipping file ${filePath}: ${e}`);
     }
   }
   const highSev = issues.filter((i) => i.severity === "HIGH").length;
@@ -2054,6 +2081,58 @@ function checkAntiLazy(filePath, content) {
   return violations;
 }
 
+// src/tools/security-checks-arch.ts
+function checkArchitectureIntegrity(filePath, content) {
+  const violations = [];
+  const isUI = filePath.includes("/components/") || filePath.includes("/hooks/") || filePath.includes("/app/") && !filePath.includes("/api/") && !filePath.includes("actions.ts") && !filePath.includes("route.ts");
+  if (isUI) {
+    const illegalImportRegex = /(import.*from\s+['"]@supabase\/supabase-js['"])/g;
+    if (illegalImportRegex.test(content)) {
+      violations.push({
+        id: "SEC-ARCH-01",
+        type: "ARCHITECTURE_VIOLATION",
+        severity: "FATAL",
+        title: "Illegal Supabase Client in UI",
+        description: "Direct import of @supabase/supabase-js in a UI component/hook is strictly forbidden. It bypasses the server boundary.",
+        recommendation: "Use the `createClient` helper from our utils or Server Actions for data access."
+      });
+    }
+  }
+  if (isUI) {
+    const dbActionRegex = /\.(from|select|insert|update|delete|rpc)\s*\(/g;
+    const matches = content.match(dbActionRegex);
+    if (matches) {
+      const suspicious = matches.some((m) => !m.includes(".from") || m.includes(".from") && content.includes("supabase.from"));
+      if (suspicious || matches.length > 0 && content.includes("supabase")) {
+        violations.push({
+          id: "SEC-ARCH-02",
+          type: "ARCHITECTURE_VIOLATION",
+          severity: "FATAL",
+          title: "Direct Database Query in UI",
+          description: "Detected direct database query pattern (select/insert/update/delete) in a UI component. This exposes logic to the client.",
+          recommendation: "Move all data fetching logic to Server Components or Server Actions."
+        });
+      }
+    }
+  }
+  const isActionFile = filePath.includes("/actions/") || filePath.includes("actions.ts");
+  if (isActionFile) {
+    const header = content.slice(0, 200);
+    const hasUseServer = /['"]use server['"]/.test(header);
+    if (!hasUseServer) {
+      violations.push({
+        id: "SEC-ARCH-03",
+        type: "ARCHITECTURE_VIOLATION",
+        severity: "FATAL",
+        title: 'Missing "use server" Directive',
+        description: 'File appears to be a Server Action module but lacks the "use server" directive.',
+        recommendation: 'Add "use server" at the very top of the file.'
+      });
+    }
+  }
+  return violations;
+}
+
 // src/tools/security-tools.ts
 registry.register({
   name: "audit_rls_status",
@@ -2141,6 +2220,8 @@ async function auditSecurityIntegrity(supabase, input) {
   if (depViolation) violations.push(depViolation);
   const lazyViolations = checkAntiLazy(filePath, content);
   violations.push(...lazyViolations);
+  const archViolations = checkArchitectureIntegrity(filePath, content);
+  violations.push(...archViolations);
   const score = Math.max(0, 100 - violations.length * 10);
   const passed = !violations.some((v) => v.severity === "HIGH" || v.severity === "FATAL");
   return {
@@ -2341,7 +2422,7 @@ async function completeRoadmapTask(supabase, projectId, summary, taskId, gitDiff
     metadata
   });
   if (reportError) {
-    console.warn("Failed to save mission report:", reportError.message);
+    console.error("Failed to save mission report:", reportError.message);
   }
   try {
     const apiKey = process.env.RIGSTATE_API_KEY;
@@ -2460,7 +2541,7 @@ async function addRoadmapChunk(supabase, userId, input) {
 }
 
 // src/tools/arch-tools.ts
-import { promises as fs2 } from "fs";
+import { promises as fs2, existsSync, statSync } from "fs";
 import * as path2 from "path";
 registry.register({
   name: "analyze_dependency_graph",
@@ -2480,22 +2561,38 @@ async function analyzeDependencyGraph(input) {
       error: `Directory not found: ${searchPath}. Ensure you are running the MCP server in the project root or provide an absolute path.`
     };
   }
+  let externalDeps = {};
+  const pkgPath = path2.join(process.cwd(), "package.json");
+  if (existsSync(pkgPath)) {
+    try {
+      const pkgContent = await fs2.readFile(pkgPath, "utf-8");
+      const pkg = JSON.parse(pkgContent);
+      externalDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    } catch (e) {
+      console.error("Failed to parse package.json", e);
+    }
+  }
   const allFiles = await getAllFiles(searchPath);
-  const tsFiles = allFiles.filter((f) => /\.(ts|tsx|js|jsx)$/.test(f) && !f.includes("node_modules") && !f.includes(".next") && !f.includes("dist"));
+  const tsFiles = allFiles.filter((f) => /\.(ts|tsx|js|jsx)$/.test(f) && !f.includes("node_modules") && !f.includes("dist") && !f.includes(".next"));
   const graph = {};
-  const fileSet = new Set(tsFiles);
   for (const file of tsFiles) {
     const content = await fs2.readFile(file, "utf-8");
     const imports = extractImports(content);
     const validDeps = [];
+    const fileDir = path2.dirname(file);
     for (const imp of imports) {
-      const resolved = resolveImport(file, imp, searchPath);
-      if (resolved && fileSet.has(resolved)) {
-        validDeps.push(resolved);
+      if (Object.keys(externalDeps).some((d) => imp === d || imp.startsWith(d + "/"))) {
+        continue;
+      }
+      if (imp.startsWith(".") || imp.startsWith("@/")) {
+        const resolved = resolveImportString(file, imp, searchPath);
+        if (resolved && tsFiles.includes(resolved)) {
+          validDeps.push(path2.relative(searchPath, resolved));
+        }
       }
     }
     const relFile = path2.relative(searchPath, file);
-    graph[relFile] = validDeps.map((d) => path2.relative(searchPath, d));
+    graph[relFile] = validDeps;
   }
   const cycles = detectCycles(graph);
   return {
@@ -2503,11 +2600,12 @@ async function analyzeDependencyGraph(input) {
     analyzedPath: searchPath,
     metrics: {
       totalFiles: tsFiles.length,
-      circularDependencies: cycles.length
+      circularDependencies: cycles.length,
+      externalDependencies: Object.keys(externalDeps).length
     },
     cycles,
     status: cycles.length > 0 ? "VIOLATION" : "PASS",
-    summary: cycles.length > 0 ? `FAILED. Detected ${cycles.length} circular dependencies. These must be resolved to maintain architectural integrity.` : `PASSED. No circular dependencies detected in ${tsFiles.length} files.`
+    summary: cycles.length > 0 ? `FAILED. Detected ${cycles.length} circular dependencies. Einar demands resolution!` : `PASSED. Architecture is sound. No circular dependencies in ${tsFiles.length} files.`
   };
 }
 async function getAllFiles(dir) {
@@ -2527,24 +2625,24 @@ function extractImports(content) {
   }
   return imports;
 }
-function resolveImport(importer, importPath, root) {
-  if (!importPath.startsWith(".") && !importPath.startsWith("@/")) {
-    return null;
-  }
-  let searchDir = path2.dirname(importer);
+function resolveImportString(importer, importPath, root) {
+  let targetDir = path2.dirname(importer);
   let target = importPath;
   if (importPath.startsWith("@/")) {
     target = importPath.replace("@/", "");
-    searchDir = root;
+    targetDir = root;
   }
-  const startPath = path2.resolve(searchDir, target);
-  const extensions = [".ts", ".tsx", ".js", ".jsx", "/index.ts", "/index.tsx", "/index.js", ""];
+  const naivePath = path2.resolve(targetDir, target);
+  const extensions = [".ts", ".tsx", ".js", ".jsx", "/index.ts", "/index.tsx"];
   for (const ext of extensions) {
-    const candidate = startPath + ext;
-    if (__require("fs").existsSync(candidate) && !__require("fs").statSync(candidate).isDirectory()) {
+    const candidate = naivePath + ext;
+    if (existsSync(candidate) && !statSync(candidate).isDirectory()) {
       return candidate;
     }
   }
+  if (existsSync(naivePath) && !statSync(naivePath).isDirectory()) {
+    return naivePath;
+  }
   return null;
 }
 function detectCycles(graph) {
@@ -2876,7 +2974,6 @@ var watcherState = {
 async function startFrankWatcher(supabase, userId) {
   if (watcherState.isRunning) return;
   watcherState.isRunning = true;
-  console.error(`\u{1F916} Frank Watcher started for user ${userId}`);
   const checkTasks = async () => {
     try {
       watcherState.lastCheck = (/* @__PURE__ */ new Date()).toISOString();
@@ -2886,8 +2983,6 @@ async function startFrankWatcher(supabase, userId) {
         const task = tasks[0];
         watcherState.tasksFound++;
         if (task.proposal?.startsWith("ping") || task.task_id === null && !task.proposal?.startsWith("report")) {
-          console.error(`
-\u26A1 HEARTBEAT: Frank received REAL-TIME PING for project ${task.project_id}. Response: PONG`);
           await supabase.from("agent_bridge").update({
             status: "COMPLETED",
             summary: "Pong! Frank is active and listening.",
@@ -2899,8 +2994,6 @@ async function startFrankWatcher(supabase, userId) {
           const parts = task.proposal.split(":");
           const signalType = parts[1];
           const reportType = signalType === "MANIFEST" ? "SYSTEM_MANIFEST" : "INVESTOR_REPORT";
-          console.error(`
-\u{1F4C4} Frank is generating ${reportType} report...`);
           try {
             const result = await generateProfessionalPdf(supabase, userId, task.project_id, reportType);
             await supabase.from("agent_bridge").update({
@@ -2919,8 +3012,6 @@ async function startFrankWatcher(supabase, userId) {
           return;
         }
         if (task.status === "APPROVED") {
-          console.error(`
-\u{1F3D7}\uFE0F  Worker: EXECUTING approved task: [${task.id}]`);
           await supabase.from("agent_bridge").update({ status: "EXECUTING", updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", task.id);
           await new Promise((resolve2) => setTimeout(resolve2, 2e3));
           const taskTitle2 = task.roadmap_chunks?.title || "manual objective";
@@ -3006,7 +3097,6 @@ async function main() {
   setupToolHandlers(server, { supabase, userId });
   const transport = new StdioServerTransport();
   await server.connect(transport);
-  console.error("\u{1F6F0}\uFE0F Rigstate MCP Server (Evolutionary) running on stdio");
 }
 main().catch((error) => {
   console.error("FATAL ERROR:", error);