@rigstate/mcp 0.7.4 → 0.7.6

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@rigstate/mcp",
-    "version": "0.7.4",
+    "version": "0.7.6",
     "description": "Rigstate MCP Server - Model Context Protocol for AI Editors",
     "type": "module",
     "main": "./dist/index.js",

package/src/lib/arch-analysis.ts

@@ -0,0 +1,171 @@
+import { GitCommit, DiscoveredFeature } from './types.js';
+
+/**
+ * Parse git log output into structured commits
+ */
+export function parseGitLog(logOutput: string): GitCommit[] {
+    const commits: GitCommit[] = [];
+    const entries = logOutput.split('\n---COMMIT---\n').filter(Boolean);
+
+    for (const entry of entries) {
+        const lines = entry.trim().split('\n');
+        if (lines.length >= 3) {
+            commits.push({
+                hash: lines[0]?.replace('hash:', '').trim() || '',
+                date: lines[1]?.replace('date:', '').trim() || '',
+                author: lines[2]?.replace('author:', '').trim() || '',
+                message: lines.slice(3).join('\n').trim()
+            });
+        }
+    }
+
+    return commits;
+}
+
+/**
+ * Analyze commits to identify major milestones
+ */
+export function identifyMilestones(commits: GitCommit[]): { date: string; summary: string; commits: string[] }[] {
+    const milestones: { date: string; summary: string; commits: string[] }[] = [];
+
+    // Keywords that indicate significant features
+    const featurePatterns = [
+        { pattern: /\b(auth|authentication|login|signup|oauth)\b/i, category: 'Authentication System' },
+        { pattern: /\b(database|schema|migration|supabase|postgres)\b/i, category: 'Database Setup' },
+        { pattern: /\b(api|endpoint|route)\b/i, category: 'API Development' },
+        { pattern: /\b(ui|component|layout|design|tailwind)\b/i, category: 'UI/Component Development' },
+        { pattern: /\b(test|spec|jest|vitest)\b/i, category: 'Testing Infrastructure' },
+        { pattern: /\b(deploy|ci|cd|github|vercel|docker)\b/i, category: 'DevOps & Deployment' },
+        { pattern: /\b(feature|implement|add|create|build)\b/i, category: 'Feature Implementation' },
+        { pattern: /\b(fix|bug|patch|resolve)\b/i, category: 'Bug Fixes & Patches' },
+        { pattern: /\b(refactor|clean|optimize|improve)\b/i, category: 'Code Quality Improvements' },
+        { pattern: /\b(docs|readme|documentation)\b/i, category: 'Documentation' },
+        { pattern: /\b(config|setup|init|scaffold)\b/i, category: 'Project Configuration' },
+        { pattern: /\b(agent|mcp|ai|llm|openai)\b/i, category: 'AI/Agent Integration' },
+        { pattern: /\b(roadmap|milestone|chunk)\b/i, category: 'Roadmap System' },
+        { pattern: /\b(report|pdf|manifest|governance)\b/i, category: 'Reporting & Governance' },
+    ];
+
+    // Group commits by category
+    const categoryMap = new Map<string, { commits: GitCommit[]; latestDate: string }>();
+
+    for (const commit of commits) {
+        for (const { pattern, category } of featurePatterns) {
+            if (pattern.test(commit.message)) {
+                if (!categoryMap.has(category)) {
+                    categoryMap.set(category, { commits: [], latestDate: commit.date });
+                }
+                const entry = categoryMap.get(category)!;
+                entry.commits.push(commit);
+                if (new Date(commit.date) > new Date(entry.latestDate)) {
+                    entry.latestDate = commit.date;
+                }
+                break; // Only categorize each commit once
+            }
+        }
+    }
+
+    // Convert to milestones (only include categories with 2+ commits)
+    for (const [category, data] of categoryMap.entries()) {
+        if (data.commits.length >= 2) {
+            milestones.push({
+                date: data.latestDate,
+                summary: `${category} (${data.commits.length} commits)`,
+                commits: data.commits.slice(0, 5).map(c => c.message.split('\n')[0].substring(0, 80))
+            });
+        }
+    }
+
+    // Sort by date descending
+    milestones.sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime());
+
+    return milestones;
+}
+
+/**
+ * Map directory structure to potential features
+ */
+export function analyzeFilesystem(tree: string[]): { featureDirectories: string[]; configFiles: string[] } {
+    const featurePatterns = [
+        /^(apps|packages)\/[^/]+\/src\/(components|features|modules)\/[^/]+$/,
+        /^(apps|packages)\/[^/]+\/src\/app\/[^/]+$/,
+        /^src\/(components|features|modules|pages)\/[^/]+$/,
+        /^(apps|packages)\/[^/]+$/,
+    ];
+
+    const configPatterns = [
+        /package\.json$/,
+        /tsconfig.*\.json$/,
+        /\.env.*$/,
+        /next\.config\./,
+        /tailwind\.config\./,
+        /supabase.*\.toml$/,
+    ];
+
+    const featureDirectories = tree.filter(path =>
+        featurePatterns.some(pattern => pattern.test(path))
+    );
+
+    const configFiles = tree.filter(path =>
+        configPatterns.some(pattern => pattern.test(path))
+    );
+
+    return {
+        featureDirectories: [...new Set(featureDirectories)].slice(0, 20),
+        configFiles: [...new Set(configFiles)].slice(0, 10)
+    };
+}
+
+/**
+ * Generate discovered features from milestones and filesystem
+ */
+export function generateDiscoveredFeatures(
+    milestones: { date: string; summary: string; commits: string[] }[],
+    filesystemAnalysis: { featureDirectories: string[]; configFiles: string[] }
+): DiscoveredFeature[] {
+    const features: DiscoveredFeature[] = [];
+    let priority = 1;
+
+    // From Git milestones
+    for (const milestone of milestones.slice(0, 10)) {
+        const id = `ghost-${Date.now()}-${priority}`;
+        features.push({
+            id,
+            title: milestone.summary.split('(')[0].trim(),
+            description: `Reconstructed from ${milestone.commits.length} commits. Last activity: ${new Date(milestone.date).toLocaleDateString()}`,
+            status: 'COMPLETED',
+            source: 'git',
+            evidence: milestone.commits,
+            estimatedCompletionDate: milestone.date,
+            priority: priority++
+        });
+    }
+
+    // From filesystem (major directories as features)
+    const directoryFeatures = filesystemAnalysis.featureDirectories
+        .filter(dir => dir.includes('src/') || dir.startsWith('apps/') || dir.startsWith('packages/'))
+        .slice(0, 5);
+
+    for (const dir of directoryFeatures) {
+        const name = dir.split('/').pop() || dir;
+        const id = `ghost-fs-${Date.now()}-${priority}`;
+
+        // Skip if we already have a similar feature from git
+        if (features.some(f => f.title.toLowerCase().includes(name.toLowerCase()))) {
+            continue;
+        }
+
+        features.push({
+            id,
+            title: `${name.charAt(0).toUpperCase() + name.slice(1)} Module`,
+            description: `Detected from directory structure: ${dir}`,
+            status: 'COMPLETED',
+            source: 'filesystem',
+            evidence: [dir],
+            estimatedCompletionDate: new Date().toISOString(),
+            priority: priority++
+        });
+    }
+
+    return features;
+}

package/src/lib/curator/actions/submit.ts

@@ -11,15 +11,14 @@ export async function submitSignal(
     userId: string,
     input: z.infer<typeof SubmitSignalSchema>
 ) {
-    // 1. Verify project ownership
-    const { data: project, error: projectError } = await supabase
-        .from('projects')
-        .select('id')
-        .eq('id', input.projectId)
-        .eq('owner_id', userId)
-        .single();
-
-    if (projectError || !project) {
+    // 1. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: input.projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
         throw new Error('Project not found or access denied');
     }
 

package/src/lib/curator/schemas.ts

@@ -7,10 +7,13 @@ import { z } from 'zod';
 export const QueryGlobalAntidotesSchema = z.object({
     categories: z.array(z.string()).optional().describe('Filter by categories (SECURITY, ARCHITECTURE, UX, PERFORMANCE, ACCESSIBILITY, MAINTAINABILITY)'),
     severities: z.array(z.string()).optional().describe('Filter by severity (CRITICAL, HIGH, MEDIUM, LOW)'),
-    framework_tags: z.array(z.string()).optional().describe('Filter by framework tags (e.g., ["nextjs", "react", "supabase"])'),
-    min_trust_score: z.number().optional().describe('Minimum trust score (0-100)'),
+    framework_tags: z.preprocess(
+        (val) => (typeof val === 'string' ? JSON.parse(val) : val),
+        z.array(z.string())
+    ).optional().describe('Filter by framework tags (e.g., ["nextjs", "react", "supabase"])'),
+    min_trust_score: z.coerce.number().optional().describe('Minimum trust score (0-100)'),
     search_text: z.string().optional().describe('Search in title and instruction'),
-    limit: z.number().optional().describe('Max results (default: 20)')
+    limit: z.coerce.number().optional().describe('Max results (default: 20)')
 });
 
 export const SubmitSignalSchema = z.object({
@@ -21,7 +24,10 @@ export const SubmitSignalSchema = z.object({
     severity: z.enum(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW']).describe('Severity level'),
     example: z.string().optional().describe('Good example demonstrating the instruction'),
     anti_example: z.string().optional().describe('Bad example showing what NOT to do'),
-    framework_tags: z.array(z.string()).optional().describe('Relevant framework tags'),
+    framework_tags: z.preprocess(
+        (val) => (typeof val === 'string' ? [val] : val),
+        z.array(z.string())
+    ).optional().describe('Relevant framework tags'),
     reasoning: z.string().optional().describe('Why this signal should be added'),
     source_type: z.string().optional().describe('Internal source type override (e.g. TEACHER_MODE)')
 });

package/src/lib/project-context-utils.ts

@@ -0,0 +1,139 @@
+import { ProjectContextResponse, TechStackInfo } from '../lib/types.js';
+
+export async function buildProjectSummary(
+    project: any,
+    techStack: TechStackInfo,
+    activeTask: any,
+    nextTask: any,
+    agentTasks: any[],
+    roadmapItems: any[],
+    stackDef: any,
+    supabase: any
+): Promise<string> {
+    const summaryParts: string[] = [];
+
+    summaryParts.push(`Project Type: ${project.project_type?.toUpperCase() || 'UNKNOWN'}`);
+
+    // Active Mission Parameters
+    if (stackDef) {
+        summaryParts.push('\n=== ACTIVE MISSION PARAMETERS ===');
+        if (activeTask) {
+            summaryParts.push(`⚠️  CURRENT OBJECTIVE: T-${activeTask.step_number}: ${activeTask.title}`);
+            summaryParts.push(`   Role: ${activeTask.role || 'Developer'}`);
+
+            const detailedInstructions = activeTask.prompt_content || activeTask.instruction_set;
+            if (detailedInstructions) {
+                summaryParts.push(`   Instructions: ${detailedInstructions.substring(0, 1000)}...`);
+            }
+            if (activeTask.architectural_brief) {
+                summaryParts.push(`\n   Architectural Brief: ${activeTask.architectural_brief}`);
+            }
+            if (activeTask.context_summary) {
+                summaryParts.push(`\n   Context: ${activeTask.context_summary}`);
+            }
+            if (activeTask.checklist && activeTask.checklist.length > 0) {
+                summaryParts.push('\n   Checklist (DoD):');
+                activeTask.checklist.forEach((item: any) => {
+                    summaryParts.push(`     [ ] ${typeof item === 'string' ? item : item.task}`);
+                });
+            }
+            if (activeTask.metadata && Object.keys(activeTask.metadata).length > 0) {
+                summaryParts.push(`\n   Technical Metadata: ${JSON.stringify(activeTask.metadata)}`);
+            }
+            if (activeTask.tags && activeTask.tags.length > 0) {
+                summaryParts.push(`   Tags: ${activeTask.tags.join(', ')}`);
+            }
+
+            // Enhanced Feature Context
+            if (activeTask.feature_id) {
+                const { data: feature } = await supabase
+                    .from('project_features')
+                    .select('name, description')
+                    .eq('id', activeTask.feature_id)
+                    .single();
+
+                if (feature) {
+                    summaryParts.push(`\n   Parent Feature: ${feature.name}`);
+                    summaryParts.push(`   Feature Vision: ${feature.description}`);
+                }
+            }
+
+            summaryParts.push('\n   ACTION: Focus ALL coding efforts on completing this task.');
+        } else if (nextTask) {
+            summaryParts.push(`⏸  SYSTEM IDLE (Waiting for command)`);
+            summaryParts.push(`   Suggested Next Mission: T-${nextTask.step_number}: ${nextTask.title}`);
+            if (nextTask.tags && nextTask.tags.length > 0) {
+                summaryParts.push(`   Scope: ${nextTask.tags.join(', ')}`);
+            }
+            summaryParts.push(`   ACTION: Ask the user "Shall we start T-${nextTask.step_number}?"`);
+        } else {
+            summaryParts.push('✅  ALL MISSIONS COMPLETE. Awaiting new roadmap items.');
+        }
+
+        summaryParts.push('\n=== AI BEHAVIORAL INSTRUCTIONS ===');
+        if (activeTask) {
+            summaryParts.push(`1. FOCUS: The user is working on T-${activeTask.step_number}. Help them complete it.`);
+            summaryParts.push(`2. COMPLIANCE: Ensure all code follows project standards.`);
+        } else if (nextTask) {
+            summaryParts.push(`1. NUDGE: No active task found. Suggest starting T-${nextTask.step_number} (${nextTask.title}).`);
+            summaryParts.push(`2. PROACTIVE: Instead of asking "How can I help?", ask "Shall we start on T-${nextTask.step_number}?"`);
+        }
+
+        summaryParts.push('\n=== CURRENT STACK ===');
+        if (stackDef.frontend) summaryParts.push(`Frontend: ${stackDef.frontend.framework} (${stackDef.frontend.language})`);
+        if (stackDef.backend) summaryParts.push(`Backend: ${stackDef.backend.service} (${stackDef.backend.database})`);
+        if (stackDef.styling) summaryParts.push(`Styling: ${stackDef.styling.framework} ${stackDef.styling.library || ''}`);
+        if (stackDef.hosting) summaryParts.push(`Infrastructure: ${stackDef.hosting.provider}`);
+    } else {
+        if (techStack.framework) summaryParts.push(`Framework: ${techStack.framework}`);
+        if (techStack.orm) summaryParts.push(`ORM: ${techStack.orm}`);
+    }
+
+    if (project.description) {
+        summaryParts.push(`\nDescription: ${project.description}`);
+    }
+
+    if (project.functional_spec) {
+        summaryParts.push('\n=== STRATEGIC PROJECT SPECIFICATION (NUANCES) ===');
+        const spec = typeof project.functional_spec === 'string' ? JSON.parse(project.functional_spec) : project.functional_spec;
+
+        if (spec.projectDescription) summaryParts.push(`Vision: ${spec.projectDescription}`);
+        if (spec.targetAudience) summaryParts.push(`Audience: ${spec.targetAudience}`);
+        if (spec.coreProblem) summaryParts.push(`Core Problem: ${spec.coreProblem}`);
+
+        if (spec.featureList && Array.isArray(spec.featureList)) {
+            summaryParts.push('\nKey Features & Nuances:');
+            spec.featureList.filter((f: any) => f.priority === 'MVP').forEach((f: any) => {
+                summaryParts.push(`- ${f.name}: ${f.description}`);
+            });
+        }
+    }
+
+    summaryParts.push('\n=== RIGSTATE TOOLING GUIDELINES ===');
+    summaryParts.push('You have access to specialized MCP tools. USE THEM TO SUCCEED:');
+    summaryParts.push('1. NEVER guess about architecture. Use `query_brain` to search project documentation.');
+    summaryParts.push('2. BEFORE coding, check `get_learned_instructions` to see if you have been corrected before.');
+    summaryParts.push('3. When finishing a task, ALWAYS update the roadmap using `update_roadmap`.');
+    summaryParts.push('4. If you discover a reusable pattern, submit it with `submit_curator_signal`.');
+    summaryParts.push('5. For large refactors, use `run_architecture_audit` to check against rules.');
+    summaryParts.push('6. Store major decisions using `save_decision` (ADR).');
+
+    summaryParts.push('\n=== RECENT ACTIVITY DIGEST ===');
+
+    if (agentTasks && agentTasks.length > 0) {
+        summaryParts.push('\nLatest AI Executions:');
+        agentTasks.forEach((t: any) => {
+            const time = t.completed_at ? new Date(t.completed_at).toLocaleString() : 'Recently';
+            summaryParts.push(`- [${time}] ${t.roadmap_title || 'Task'}: ${t.execution_summary || 'Completed'}`);
+        });
+    }
+
+    if (roadmapItems && roadmapItems.length > 0) {
+        summaryParts.push('\nRoadmap Updates:');
+        roadmapItems.forEach((i: any) => {
+            summaryParts.push(`- ${i.title} is now ${i.status}`);
+        });
+    }
+
+    return summaryParts.join('\n') || 'No project context available.';
+}

package/src/lib/schemas.ts

@@ -7,8 +7,8 @@ import { z } from 'zod';
 export const QueryBrainInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
     query: z.string().min(1, 'Query is required'),
-    limit: z.number().min(1).max(20).optional().default(8),
-    threshold: z.number().min(0).max(1).optional().default(0.1)
+    limit: z.coerce.number().min(1).max(20).optional().default(8),
+    threshold: z.coerce.number().min(0).max(1).optional().default(0.1)
 });
 
 export const GetProjectContextInputSchema = z.object({
@@ -17,7 +17,7 @@ export const GetProjectContextInputSchema = z.object({
 
 export const GetLatestDecisionsInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
-    limit: z.number().min(1).max(10).optional().default(5)
+    limit: z.coerce.number().min(1).max(10).optional().default(5)
 });
 
 export const SaveDecisionInputSchema = z.object({
@@ -26,7 +26,7 @@ export const SaveDecisionInputSchema = z.object({
     decision: z.string().min(1, 'Decision content is required'),
     rationale: z.string().optional(),
     category: z.enum(['decision', 'architecture', 'constraint', 'tech_stack', 'design_rule']).optional().default('decision'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const SubmitIdeaInputSchema = z.object({
@@ -34,7 +34,7 @@ export const SubmitIdeaInputSchema = z.object({
     title: z.string().min(1, 'Title is required').max(200, 'Title too long'),
     description: z.string().min(1, 'Description is required'),
     category: z.enum(['feature', 'improvement', 'experiment', 'pivot']).optional().default('feature'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const UpdateRoadmapInputSchema = z.object({
@@ -104,7 +104,7 @@ export const GenerateProfessionalPDFInputSchema = z.object({
 export const ArchaeologicalScanInputSchema = z.object({
     projectId: z.string().uuid('Invalid project ID'),
     gitLog: z.string().describe('Git log output'),
-    fileTree: z.array(z.string()).describe('File paths')
+    fileTree: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).describe('File paths')
 });
 
 export const ImportGhostFeaturesInputSchema = z.object({
@@ -124,7 +124,7 @@ export const AuditSecurityIntegrityInputSchema = z.object({
     projectId: z.string().uuid(),
     filePath: z.string().min(1),
     content: z.string().min(1),
-    rules: z.array(z.string()).optional()
+    rules: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional()
 });
 
 export const QueryProjectBrainInputSchema = QueryBrainInputSchema;
@@ -138,7 +138,7 @@ export const SaveToProjectBrainInputSchema = z.object({
     title: z.string().min(1),
     content: z.string().min(1),
     category: z.enum(['DECISION', 'ARCHITECTURE', 'NOTE', 'LESSON_LEARNED']).default('NOTE'),
-    tags: z.array(z.string()).optional().default([])
+    tags: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const UpdateRoadmapStatusInputSchema = z.object({
@@ -174,12 +174,12 @@ export const GenerateCursorRulesInputSchema = z.object({
 
 export const AnalyzeDatabasePerformanceInputSchema = z.object({
     projectId: z.string().uuid(),
-    filePaths: z.array(z.string())
+    filePaths: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string()))
 });
 
 export const AuditIntegrityGateInputSchema = z.object({
     projectId: z.string().uuid(),
-    filePaths: z.array(z.string()).optional().default([])
+    filePaths: z.preprocess((val) => (typeof val === 'string' ? [val] : val), z.array(z.string())).optional().default([])
 });
 
 export const CompleteRoadmapTaskInputSchema = z.object({

package/src/lib/types-roadmap.ts

@@ -0,0 +1,43 @@
+export interface RoadmapChunk {
+    id: string;
+    project_id: string;
+    feature_id: string | null;
+    title: string;
+    description: string | null;
+    status: string;
+    priority: string | null;
+    step_number: number;
+    prompt_content: string | null;
+    architectural_brief?: string | null;
+    context_summary?: string | null;
+    checklist?: any[] | null;
+    metadata?: any | null;
+    tags?: string[] | null;
+    created_at: string;
+    completed_at: string | null;
+}
+
+export interface ListRoadmapTasksResponse {
+    tasks: Array<{
+        id: string;
+        title: string;
+        priority: string | null;
+        status: string;
+        step_number: number;
+        prompt_content: string | null;
+        architectural_brief?: string | null;
+        context_summary?: string | null;
+        metadata?: any | null;
+        checklist?: any[] | null;
+        tags?: string[] | null;
+    }>;
+    formatted: string;
+}
+
+export interface RoadmapStep {
+    id: string;
+    stepNumber: number;
+    title: string;
+    status: string;
+    sprintFocus: string | null;
+}

package/src/lib/types.ts

@@ -176,31 +176,7 @@ export interface SecurityIntegrityResponse {
 // ROADMAP & TASK TYPES
 // =============================================================================
 
-export interface RoadmapChunk {
-    id: string;
-    project_id: string;
-    feature_id: string | null;
-    title: string;
-    description: string | null;
-    status: string;
-    priority: string | null;
-    step_number: number;
-    prompt_content: string | null;
-    created_at: string;
-    completed_at: string | null;
-}
-
-export interface ListRoadmapTasksResponse {
-    tasks: Array<{
-        id: string;
-        title: string;
-        priority: string | null;
-        status: string;
-        step_number: number;
-        prompt_content: string | null;
-    }>;
-    formatted: string;
-}
+export * from './types-roadmap.js';
 
 // =============================================================================
 // AGENT BRIDGE & RULES TYPES
@@ -254,3 +230,43 @@ export interface ReleaseManifest {
     };
     timestamp: string;
 }
+
+
+// =============================================================================
+// ARCHAEOLOGICAL SCAN TYPES
+// =============================================================================
+
+export interface GitCommit {
+    hash: string;
+    message: string;
+    date: string;
+    author: string;
+}
+
+export interface DiscoveredFeature {
+    id: string;
+    title: string;
+    description: string;
+    status: 'COMPLETED';
+    source: 'git' | 'filesystem' | 'combined';
+    evidence: string[];
+    estimatedCompletionDate: string;
+    priority: number;
+}
+
+export interface ArchaeologicalReport {
+    projectId: string;
+    scanDate: string;
+    gitAnalysis: {
+        totalCommits: number;
+        analyzedCommits: number;
+        milestones: { date: string; summary: string; commits: string[] }[];
+    };
+    filesystemAnalysis: {
+        totalDirectories: number;
+        featureDirectories: string[];
+        configFiles: string[];
+    };
+    discoveredFeatures: DiscoveredFeature[];
+    recommendations: string[];
+}

package/src/server/types.ts

@@ -13,7 +13,7 @@ export interface McpServerConfig {
 }
 
 export const SERVER_NAME = 'rigstate-mcp';
-export const SERVER_VERSION = '0.5.0'; // Evolutionary Update
+export const SERVER_VERSION = '0.7.5';
 
 export interface AuthContext {
     supabase: SupabaseClient;

package/src/tools/analyze-database-performance.ts

@@ -26,8 +26,20 @@ interface TableMetadata {
 
 export async function analyzeDatabasePerformance(
     supabase: SupabaseClient,
+    userId: string,
     input: AnalyzeDatabasePerformanceInput
 ): Promise<{ issues: PerformanceIssue[], summary: string }> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: input.projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
+
     const issues: PerformanceIssue[] = [];
 
     // 1. Fetch Database Metadata