@rigstate/mcp 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.js +19 -9
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
  4. package/src/tools/get-latest-decisions.ts +8 -9
  5. package/src/tools/get-next-roadmap-step.ts +1 -1
  6. package/src/tools/get-project-context.ts +2 -2
  7. package/src/tools/list-roadmap-tasks.ts +7 -8
  8. package/src/tools/planning-tools.ts +16 -2
package/dist/index.js CHANGED
@@ -1938,8 +1938,8 @@ async function getProjectContext(supabase, userId, projectId) {
1938
1938
  };
1939
1939
  const stackDef = projectRow.architectural_dna?.stack_definition;
1940
1940
  const [activeTaskResult, nextTaskResult] = await Promise.all([
1941
- supabase.from("roadmap_chunks").select("id, title, step_number, role, instruction_set").eq("project_id", projectId).eq("status", "IN_PROGRESS").limit(1).maybeSingle(),
1942
- supabase.from("roadmap_chunks").select("id, title, step_number, role").eq("project_id", projectId).eq("status", "PENDING").order("step_number", { ascending: true }).limit(1).maybeSingle()
1941
+ supabase.from("roadmap_chunks").select("id, title, step_number, role, instruction_set").eq("project_id", projectId).in("status", ["IN_PROGRESS", "ACTIVE"]).limit(1).maybeSingle(),
1942
+ supabase.from("roadmap_chunks").select("id, title, step_number, role").eq("project_id", projectId).in("status", ["PENDING", "LOCKED"]).order("step_number", { ascending: true }).limit(1).maybeSingle()
1943
1943
  ]);
1944
1944
  const activeTask = activeTaskResult.data;
1945
1945
  const nextTask = nextTaskResult.data;
@@ -2211,8 +2211,11 @@ including active roadmap steps and council session feedback.`,
2211
2211
  }
2212
2212
  });
2213
2213
  async function getLatestDecisions(supabase, userId, projectId, limit = 5) {
2214
- const { data: project, error: projectError } = await supabase.from("projects").select("id").eq("id", projectId).eq("owner_id", userId).single();
2215
- if (projectError || !project) {
2214
+ const { data: hasAccess, error: accessError } = await supabase.rpc("check_project_access_secure", {
2215
+ p_project_id: projectId,
2216
+ p_user_id: userId
2217
+ });
2218
+ if (accessError || !hasAccess) {
2216
2219
  throw new Error("Project not found or access denied");
2217
2220
  }
2218
2221
  const { data: sessionData, error: sessionError } = await supabase.from("council_sessions").select("id, project_id, recruited_agents, feedback_summary, duration_ms, sprints_count, tasks_count, created_at").eq("project_id", projectId).order("created_at", { ascending: false }).limit(limit);
@@ -2767,8 +2770,11 @@ Shows active and locked steps with their step numbers.`,
2767
2770
  }
2768
2771
  });
2769
2772
  async function listRoadmapTasks(supabase, userId, projectId) {
2770
- const { data: project, error: projectError } = await supabase.from("projects").select("id").eq("id", projectId).eq("owner_id", userId).single();
2771
- if (projectError || !project) {
2773
+ const { data: hasAccess, error: accessError } = await supabase.rpc("check_project_access_secure", {
2774
+ p_project_id: projectId,
2775
+ p_user_id: userId
2776
+ });
2777
+ if (accessError || !hasAccess) {
2772
2778
  throw new Error("Project not found or access denied");
2773
2779
  }
2774
2780
  const { data: tasks, error } = await supabase.from("roadmap_chunks").select("id, title, priority, status, step_number, prompt_content").eq("project_id", projectId).neq("status", "COMPLETED").order("priority", { ascending: false }).order("step_number", { ascending: true });
@@ -2818,7 +2824,7 @@ async function getNextRoadmapStep(supabase, projectId, currentStepId) {
2818
2824
  currentStepNumber = current.step_number;
2819
2825
  }
2820
2826
  } else {
2821
- const { data: active } = await supabase.from("roadmap_chunks").select("step_number").eq("project_id", projectId).eq("status", "ACTIVE").order("step_number", { ascending: true }).limit(1).single();
2827
+ const { data: active } = await supabase.from("roadmap_chunks").select("step_number").eq("project_id", projectId).in("status", ["ACTIVE", "IN_PROGRESS"]).order("step_number", { ascending: true }).limit(1).single();
2822
2828
  if (active) {
2823
2829
  currentStepNumber = active.step_number;
2824
2830
  }
@@ -3617,8 +3623,8 @@ registry.register({
3617
3623
  });
3618
3624
  async function saveToProjectBrain(supabase, userId, input) {
3619
3625
  const { projectId, title, content, category, tags } = input;
3620
- const { data: p, error: pErr } = await supabase.from("projects").select("id").eq("id", projectId).eq("owner_id", userId).single();
3621
- if (pErr || !p) throw new Error("Access denied");
3626
+ const { data: hasAccess, error: accessError } = await supabase.rpc("check_project_access_secure", { p_project_id: projectId, p_user_id: userId });
3627
+ if (accessError || !hasAccess) throw new Error("Access denied");
3622
3628
  const fullContent = `# ${title}
3623
3629
 
3624
3630
  ${content}`;
@@ -3640,6 +3646,8 @@ ${content}`;
3640
3646
  }
3641
3647
  async function updateRoadmapStatus(supabase, userId, input) {
3642
3648
  const { projectId, chunkId, status } = input;
3649
+ const { data: hasAccess, error: accessError } = await supabase.rpc("check_project_access_secure", { p_project_id: projectId, p_user_id: userId });
3650
+ if (accessError || !hasAccess) throw new Error("Access denied");
3643
3651
  const dbStatus = status === "TODO" ? "LOCKED" : status === "IN_PROGRESS" ? "ACTIVE" : "COMPLETED";
3644
3652
  const { error } = await supabase.from("roadmap_chunks").update({ status: dbStatus }).eq("id", chunkId).eq("project_id", projectId);
3645
3653
  if (error) throw new Error(`Update failed: ${error.message}`);
@@ -3653,6 +3661,8 @@ async function updateRoadmapStatus(supabase, userId, input) {
3653
3661
  }
3654
3662
  async function addRoadmapChunk(supabase, userId, input) {
3655
3663
  const { projectId, title, description, priority } = input;
3664
+ const { data: hasAccess, error: accessError } = await supabase.rpc("check_project_access_secure", { p_project_id: projectId, p_user_id: userId });
3665
+ if (accessError || !hasAccess) throw new Error("Access denied");
3656
3666
  const { data: maxStep } = await supabase.from("roadmap_chunks").select("step_number").eq("project_id", projectId).order("step_number", { ascending: false }).limit(1).single();
3657
3667
  const nextStepNum = (maxStep?.step_number || 0) + 1;
3658
3668
  const { data, error } = await supabase.from("roadmap_chunks").insert({