@rigstate/mcp 0.7.3 → 0.7.5

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@rigstate/mcp",
-    "version": "0.7.3",
+    "version": "0.7.5",
     "description": "Rigstate MCP Server - Model Context Protocol for AI Editors",
     "type": "module",
     "main": "./dist/index.js",

package/src/lib/curator/schemas.ts

@@ -7,10 +7,13 @@ import { z } from 'zod';
 export const QueryGlobalAntidotesSchema = z.object({
     categories: z.array(z.string()).optional().describe('Filter by categories (SECURITY, ARCHITECTURE, UX, PERFORMANCE, ACCESSIBILITY, MAINTAINABILITY)'),
     severities: z.array(z.string()).optional().describe('Filter by severity (CRITICAL, HIGH, MEDIUM, LOW)'),
-    framework_tags: z.array(z.string()).optional().describe('Filter by framework tags (e.g., ["nextjs", "react", "supabase"])'),
-    min_trust_score: z.number().optional().describe('Minimum trust score (0-100)'),
+    framework_tags: z.preprocess(
+        (val) => (typeof val === 'string' ? JSON.parse(val) : val),
+        z.array(z.string())
+    ).optional().describe('Filter by framework tags (e.g., ["nextjs", "react", "supabase"])'),
+    min_trust_score: z.coerce.number().optional().describe('Minimum trust score (0-100)'),
     search_text: z.string().optional().describe('Search in title and instruction'),
-    limit: z.number().optional().describe('Max results (default: 20)')
+    limit: z.coerce.number().optional().describe('Max results (default: 20)')
 });
 
 export const SubmitSignalSchema = z.object({
@@ -21,7 +24,10 @@ export const SubmitSignalSchema = z.object({
     severity: z.enum(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW']).describe('Severity level'),
     example: z.string().optional().describe('Good example demonstrating the instruction'),
     anti_example: z.string().optional().describe('Bad example showing what NOT to do'),
-    framework_tags: z.array(z.string()).optional().describe('Relevant framework tags'),
+    framework_tags: z.preprocess(
+        (val) => (typeof val === 'string' ? [val] : val),
+        z.array(z.string())
+    ).optional().describe('Relevant framework tags'),
     reasoning: z.string().optional().describe('Why this signal should be added'),
     source_type: z.string().optional().describe('Internal source type override (e.g. TEACHER_MODE)')
 });

package/src/lib/schemas.ts

@@ -7,8 +7,8 @@ import { z } from 'zod';
 export const QueryBrainInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
     query: z.string().min(1, 'Query is required'),
-    limit: z.number().min(1).max(20).optional().default(8),
-    threshold: z.number().min(0).max(1).optional().default(0.1)
+    limit: z.coerce.number().min(1).max(20).optional().default(8),
+    threshold: z.coerce.number().min(0).max(1).optional().default(0.1)
 });
 
 export const GetProjectContextInputSchema = z.object({
@@ -17,7 +17,7 @@ export const GetProjectContextInputSchema = z.object({
 
 export const GetLatestDecisionsInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
-    limit: z.number().min(1).max(10).optional().default(5)
+    limit: z.coerce.number().min(1).max(10).optional().default(5)
 });
 
 export const SaveDecisionInputSchema = z.object({
@@ -26,7 +26,7 @@ export const SaveDecisionInputSchema = z.object({
     decision: z.string().min(1, 'Decision content is required'),
     rationale: z.string().optional(),
     category: z.enum(['decision', 'architecture', 'constraint', 'tech_stack', 'design_rule']).optional().default('decision'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const SubmitIdeaInputSchema = z.object({
@@ -34,7 +34,7 @@ export const SubmitIdeaInputSchema = z.object({
     title: z.string().min(1, 'Title is required').max(200, 'Title too long'),
     description: z.string().min(1, 'Description is required'),
     category: z.enum(['feature', 'improvement', 'experiment', 'pivot']).optional().default('feature'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const UpdateRoadmapInputSchema = z.object({
@@ -104,7 +104,7 @@ export const GenerateProfessionalPDFInputSchema = z.object({
 export const ArchaeologicalScanInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
     gitLog: z.string().describe('Git log output'),
-    fileTree: z.array(z.string()).describe('File paths')
+    fileTree: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).describe('File paths')
 });
 
 export const ImportGhostFeaturesInputSchema = z.object({
@@ -124,7 +124,7 @@ export const AuditSecurityIntegrityInputSchema = z.object({
     projectId: z.string().uuid(),
     filePath: z.string().min(1),
     content: z.string().min(1),
-    rules: z.array(z.string()).optional()
+    rules: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional()
 });
 
 export const QueryProjectBrainInputSchema = QueryBrainInputSchema;
@@ -138,7 +138,7 @@ export const SaveToProjectBrainInputSchema = z.object({
     title: z.string().min(1),
     content: z.string().min(1),
     category: z.enum(['DECISION', 'ARCHITECTURE', 'NOTE', 'LESSON_LEARNED']).default('NOTE'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const UpdateRoadmapStatusInputSchema = z.object({
@@ -174,12 +174,12 @@ export const GenerateCursorRulesInputSchema = z.object({
 
 export const AnalyzeDatabasePerformanceInputSchema = z.object({
     projectId: z.string().uuid(),
-    filePaths: z.array(z.string())
+    filePaths: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string()))
 });
 
 export const AuditIntegrityGateInputSchema = z.object({
     projectId: z.string().uuid(),
-    filePaths: z.array(z.string()).optional().default([])
+    filePaths: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const CompleteRoadmapTaskInputSchema = z.object({

package/src/tools/get-next-roadmap-step.ts

@@ -16,6 +16,7 @@ Useful for transitioning between tasks.`,
     handler: async (args, context) => {
         const result = await getNextRoadmapStep(
             context.supabase,
+            context.userId,
             args.projectId,
             args.currentStepId
         );
@@ -30,58 +31,62 @@ export interface GetNextRoadmapStepResponse {
 
 export async function getNextRoadmapStep(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     currentStepId?: string
 ): Promise<GetNextRoadmapStepResponse> {
 
+    // 1. Fetch all tasks via secure RPC
+    const { data: allTasks, error: fetchError } = await supabase
+        .rpc('get_roadmap_chunks_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (fetchError) {
+        throw new Error(`Failed to fetch roadmap data: ${fetchError.message}`);
+    }
+
+    const tasks = (allTasks || []) as any[];
+
     // Strategy:
     // 1. If currentStepId is provided, look for the step with the next higher step_number.
-    // 2. If not, look for the first 'ACTIVE' step.
-    // 3. If no ACTIVE, look for the first 'LOCKED' step.
+    // 2. If not, look for the first 'ACTIVE' or 'IN_PROGRESS' step. Baseline.
+    // 3. If no ACTIVE, current baseline is 0.
 
     let currentStepNumber = 0;
 
     if (currentStepId) {
-        const { data: current } = await supabase
-            .from('roadmap_chunks')
-            .select('step_number')
-            .eq('id', currentStepId)
-            .single();
-
+        const current = tasks.find(t => t.id === currentStepId);
         if (current) {
             currentStepNumber = current.step_number;
         }
     } else {
-        // Try to find currently active step to establish baseline
-        const { data: active } = await supabase
-            .from('roadmap_chunks')
-            .select('step_number')
-            .eq('project_id', projectId)
-            .in('status', ['ACTIVE', 'IN_PROGRESS'])
-            .order('step_number', { ascending: true })
-            .limit(1)
-            .single();
+        // Find baseline: first ACTIVE/IN_PROGRESS
+        const active = tasks
+            .filter(t => ['ACTIVE', 'IN_PROGRESS'].includes(t.status))
+            .sort((a, b) => a.step_number - b.step_number)[0];
 
         if (active) {
-            currentStepNumber = active.step_number;
+            // If we are looking for the "next" step and we have an active one,
+            // we usually want to start *from* that active one or its successor.
+            // For now, let's keep the baseline logic: if we have an active one, we are *on* it.
+            // But get_next is often called to FIND what to do. 
+            // If we have an active one, THAT is the next thing to work on.
+
+            // Logic change: if no currentStepId provided, and we have an ACTIVE one, 
+            // that ACTIVE one IS the next step.
+            return {
+                nextStep: active as RoadmapChunk,
+                message: `Current active step: [Step ${active.step_number}] ${active.title}`
+            };
         }
     }
 
-    // Find the next step > currentStepNumber
-    // We prioritize LOCKED or PENDING steps that come *after* the current one.
-    const { data: nextStep, error } = await supabase
-        .from('roadmap_chunks')
-        .select('*')
-        .eq('project_id', projectId)
-        .gt('step_number', currentStepNumber)
-        .neq('status', 'COMPLETED') // We want the next *workable* step
-        .order('step_number', { ascending: true })
-        .limit(1)
-        .single();
-
-    if (error && error.code !== 'PGRST116') { // PGRST116 is "Row not found" which is fine
-        throw new Error(`Failed to fetch next roadmap step: ${error.message}`);
-    }
+    // Find the next step > currentStepNumber that is not COMPLETED
+    const nextStep = tasks
+        .filter(t => t.step_number > currentStepNumber && t.status !== 'COMPLETED')
+        .sort((a, b) => a.step_number - b.step_number)[0];
 
     if (!nextStep) {
         return {

package/src/tools/get-project-context.ts

@@ -94,43 +94,32 @@ export async function getProjectContext(
 
 
 
-    // Continuity Loop: Fetch Active & Next Tasks
-    const [activeTaskResult, nextTaskResult] = await Promise.all([
-        supabase
-            .from('roadmap_chunks')
-            .select('id, title, step_number, role, instruction_set')
-            .eq('project_id', projectId)
-            .in('status', ['IN_PROGRESS', 'ACTIVE'])
-            .limit(1)
-            .maybeSingle(),
-        supabase
-            .from('roadmap_chunks')
-            .select('id, title, step_number, role')
-            .eq('project_id', projectId)
-            .in('status', ['PENDING', 'LOCKED'])
-            .order('step_number', { ascending: true })
-            .limit(1)
-            .maybeSingle()
-    ]);
-
-    const activeTask = activeTaskResult.data;
-    const nextTask = nextTaskResult.data;
-
-    // Fetch Digest Data (Reduced to 2 to save tokens)
+    // Continuity Loop: Fetch Active & Next Tasks via secure RPC
+    const { data: allChunks, error: chunksError } = await supabase
+        .rpc('get_roadmap_chunks_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    const tasks = (allChunks || []) as any[];
+
+    // In-memory filtering to match original logic
+    const activeTask = tasks.find(t => ['IN_PROGRESS', 'ACTIVE'].includes(t.status));
+    const nextTask = tasks
+        .filter(t => ['PENDING', 'LOCKED'].includes(t.status))
+        .sort((a, b) => a.step_number - b.step_number)[0];
+
+    // Fetch Digest Data via secure RPC
     const { data: agentTasks } = await supabase
-        .from('agent_bridge')
-        .select('id, roadmap_chunks(title), execution_summary, completed_at')
-        .eq('project_id', projectId)
-        .eq('status', 'COMPLETED')
-        .order('completed_at', { ascending: false })
-        .limit(2);
-
-    const { data: roadmapItems } = await supabase
-        .from('roadmap_chunks')
-        .select('title, status, updated_at')
-        .eq('project_id', projectId)
-        .order('updated_at', { ascending: false })
-        .limit(2);
+        .rpc('get_agent_bridge_secure', {
+            p_project_id: projectId,
+            p_user_id: userId,
+            p_limit: 2
+        });
+
+    const roadmapItems = tasks
+        .sort((a, b) => new Date(b.updated_at || b.created_at).getTime() - new Date(a.updated_at || a.created_at).getTime())
+        .slice(0, 2);
 
     // Parse tech stack from detected_stack
     const techStack: TechStackInfo = {
@@ -239,7 +228,7 @@ export async function getProjectContext(
         summaryParts.push('\nLatest AI Executions:');
         agentTasks.forEach((t: any) => {
             const time = t.completed_at ? new Date(t.completed_at).toLocaleString() : 'Recently';
-            summaryParts.push(`- [${time}] ${t.roadmap_chunks?.title || 'Task'}: ${t.execution_summary || 'Completed'}`);
+            summaryParts.push(`- [${time}] ${t.roadmap_title || 'Task'}: ${t.execution_summary || 'Completed'}`);
         });
     }
 

package/src/tools/list-roadmap-tasks.ts

@@ -33,42 +33,42 @@ export async function listRoadmapTasks(
     userId: string,
     projectId: string
 ): Promise<ListRoadmapTasksResponse> {
-    // 1. Verify project access
-    const { data: hasAccess, error: accessError } = await supabase
-        .rpc('check_project_access_secure', {
+    // 1. Fetch tasks via secure RPC (bypasses RLS)
+    const { data: tasks, error } = await supabase
+        .rpc('get_roadmap_chunks_secure', {
             p_project_id: projectId,
             p_user_id: userId
         });
 
-    if (accessError || !hasAccess) {
-        throw new Error('Project not found or access denied');
-    }
-
-    // 2. Fetch non-completed tasks
-    const { data: tasks, error } = await supabase
-        .from('roadmap_chunks')
-        .select('id, title, priority, status, step_number, prompt_content')
-        .eq('project_id', projectId)
-        .neq('status', 'COMPLETED')
-        .order('priority', { ascending: false })
-        .order('step_number', { ascending: true });
-
     if (error) {
+        if (error.message.includes('Access Denied')) {
+            throw new Error('Project not found or access denied');
+        }
         console.error('Failed to fetch roadmap tasks:', error);
         throw new Error('Failed to fetch roadmap tasks');
     }
 
+    // 2. Filter non-completed in JS (to preserve original logic)
+    const activeTasks = (tasks || [])
+        .filter((t: any) => t.status !== 'COMPLETED')
+        .sort((a: any, b: any) => {
+            if (a.priority !== b.priority) {
+                const priorityOrder: any = { 'CRITICAL': 3, 'HIGH': 2, 'MEDIUM': 1, 'LOW': 0 };
+                return (priorityOrder[b.priority] || 0) - (priorityOrder[a.priority] || 0);
+            }
+            return a.step_number - b.step_number;
+        });
+
     // 3. Format response
-    const formatted = (tasks || []).length > 0
-        ? (tasks || []).map(t => {
+    const formatted = activeTasks.length > 0
+        ? activeTasks.map((t: any) => {
             const statusEmoji = t.status === 'ACTIVE' ? '🔵' : '🔒';
-            const priorityStr = t.priority ? `[${t.priority}]` : '';
             return `${statusEmoji} Step ${t.step_number}: ${t.title} (ID: ${t.id})`;
         }).join('\n')
         : 'No active or locked tasks found in the roadmap.';
 
     return {
-        tasks: (tasks || []).map(t => ({
+        tasks: activeTasks.map((t: any) => ({
             id: t.id,
             title: t.title,
             priority: t.priority,