@rigstate/mcp 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.js +19 -9
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
  4. package/src/tools/get-latest-decisions.ts +8 -9
  5. package/src/tools/get-next-roadmap-step.ts +1 -1
  6. package/src/tools/get-project-context.ts +2 -2
  7. package/src/tools/list-roadmap-tasks.ts +7 -8
  8. package/src/tools/planning-tools.ts +16 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rigstate/mcp",
3
- "version": "0.7.1",
3
+ "version": "0.7.3",
4
4
  "description": "Rigstate MCP Server - Model Context Protocol for AI Editors",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",
@@ -26,7 +26,7 @@
26
26
  "zod": "^3.22.4"
27
27
  },
28
28
  "devDependencies": {
29
- "@rigstate/rules-engine": "0.1.0",
29
+ "@rigstate/rules-engine": "*",
30
30
  "@types/node": "^20.11.5",
31
31
  "tsup": "^8.0.1",
32
32
  "typescript": "^5.3.3"
package/src/tools/get-latest-decisions.ts CHANGED
@@ -36,15 +36,14 @@ export async function getLatestDecisions(
36
36
  projectId: string,
37
37
  limit: number = 5
38
38
  ): Promise<DecisionsResponse> {
39
- // First, verify project ownership
40
- const { data: project, error: projectError } = await supabase
41
- .from('projects')
42
- .select('id')
43
- .eq('id', projectId)
44
- .eq('owner_id', userId)
45
- .single();
46
-
47
- if (projectError || !project) {
39
+ // First, verify project access
40
+ const { data: hasAccess, error: accessError } = await supabase
41
+ .rpc('check_project_access_secure', {
42
+ p_project_id: projectId,
43
+ p_user_id: userId
44
+ });
45
+
46
+ if (accessError || !hasAccess) {
48
47
  throw new Error('Project not found or access denied');
49
48
  }
50
49
 
package/src/tools/get-next-roadmap-step.ts CHANGED
@@ -57,7 +57,7 @@ export async function getNextRoadmapStep(
57
57
  .from('roadmap_chunks')
58
58
  .select('step_number')
59
59
  .eq('project_id', projectId)
60
- .eq('status', 'ACTIVE')
60
+ .in('status', ['ACTIVE', 'IN_PROGRESS'])
61
61
  .order('step_number', { ascending: true })
62
62
  .limit(1)
63
63
  .single();
package/src/tools/get-project-context.ts CHANGED
@@ -100,14 +100,14 @@ export async function getProjectContext(
100
100
  .from('roadmap_chunks')
101
101
  .select('id, title, step_number, role, instruction_set')
102
102
  .eq('project_id', projectId)
103
- .eq('status', 'IN_PROGRESS')
103
+ .in('status', ['IN_PROGRESS', 'ACTIVE'])
104
104
  .limit(1)
105
105
  .maybeSingle(),
106
106
  supabase
107
107
  .from('roadmap_chunks')
108
108
  .select('id, title, step_number, role')
109
109
  .eq('project_id', projectId)
110
- .eq('status', 'PENDING')
110
+ .in('status', ['PENDING', 'LOCKED'])
111
111
  .order('step_number', { ascending: true })
112
112
  .limit(1)
113
113
  .maybeSingle()
package/src/tools/list-roadmap-tasks.ts CHANGED
@@ -33,15 +33,14 @@ export async function listRoadmapTasks(
33
33
  userId: string,
34
34
  projectId: string
35
35
  ): Promise<ListRoadmapTasksResponse> {
36
- // 1. Verify project ownership
37
- const { data: project, error: projectError } = await supabase
38
- .from('projects')
39
- .select('id')
40
- .eq('id', projectId)
41
- .eq('owner_id', userId)
42
- .single();
36
+ // 1. Verify project access
37
+ const { data: hasAccess, error: accessError } = await supabase
38
+ .rpc('check_project_access_secure', {
39
+ p_project_id: projectId,
40
+ p_user_id: userId
41
+ });
43
42
 
44
- if (projectError || !project) {
43
+ if (accessError || !hasAccess) {
45
44
  throw new Error('Project not found or access denied');
46
45
  }
47
46
 
package/src/tools/planning-tools.ts CHANGED
@@ -53,8 +53,10 @@ export async function saveToProjectBrain(
53
53
  const { projectId, title, content, category, tags } = input;
54
54
 
55
55
  // Confirm project access
56
- const { data: p, error: pErr } = await supabase.from('projects').select('id').eq('id', projectId).eq('owner_id', userId).single();
57
- if (pErr || !p) throw new Error('Access denied');
56
+ const { data: hasAccess, error: accessError } = await supabase
57
+ .rpc('check_project_access_secure', { p_project_id: projectId, p_user_id: userId });
58
+
59
+ if (accessError || !hasAccess) throw new Error('Access denied');
58
60
 
59
61
  const fullContent = `# ${title}\n\n${content}`;
60
62
 
@@ -92,6 +94,12 @@ export async function updateRoadmapStatus(
92
94
  ) {
93
95
  const { projectId, chunkId, status } = input;
94
96
 
97
+ // Confirm project access
98
+ const { data: hasAccess, error: accessError } = await supabase
99
+ .rpc('check_project_access_secure', { p_project_id: projectId, p_user_id: userId });
100
+
101
+ if (accessError || !hasAccess) throw new Error('Access denied');
102
+
95
103
  // Map status to DB enum: 'TODO' -> 'LOCKED' (Standard convention in Rigstate seems to be LOCKED/ACTIVE/COMPLETED)
96
104
  // If 'TODO' is meant to be 'PENDING', we check schema. Assuming 'LOCKED' is the backlog state.
97
105
  const dbStatus = status === 'TODO' ? 'LOCKED' : status === 'IN_PROGRESS' ? 'ACTIVE' : 'COMPLETED';
@@ -127,6 +135,12 @@ export async function addRoadmapChunk(
127
135
  ) {
128
136
  const { projectId, title, description, priority } = input;
129
137
 
138
+ // Confirm project access
139
+ const { data: hasAccess, error: accessError } = await supabase
140
+ .rpc('check_project_access_secure', { p_project_id: projectId, p_user_id: userId });
141
+
142
+ if (accessError || !hasAccess) throw new Error('Access denied');
143
+
130
144
  // Get max step number
131
145
  const { data: maxStep } = await supabase
132
146
  .from('roadmap_chunks')