@rigstate/mcp 0.7.5 → 0.7.7

package/src/tools/archaeological-scan.ts

@@ -1,52 +1,19 @@
-
 import { SupabaseClient } from '@supabase/supabase-js';
+import {
+    GitCommit,
+    DiscoveredFeature,
+    ArchaeologicalReport
+} from '../lib/types.js';
+import {
+    parseGitLog,
+    identifyMilestones,
+    analyzeFilesystem,
+    generateDiscoveredFeatures
+} from '../lib/arch-analysis.js';
 
 /**
  * Brynjar's Archaeological Scan Tool
- * 
- * Analyzes Git history and file structure to reconstruct
- * a project's historical context and generate "Ghost Features"
- * that represent completed work.
- */
-
-export interface GitCommit {
-    hash: string;
-    message: string;
-    date: string;
-    author: string;
-}
-
-export interface DiscoveredFeature {
-    id: string;
-    title: string;
-    description: string;
-    status: 'COMPLETED';
-    source: 'git' | 'filesystem' | 'combined';
-    evidence: string[];
-    estimatedCompletionDate: string;
-    priority: number;
-}
-
-export interface ArchaeologicalReport {
-    projectId: string;
-    scanDate: string;
-    gitAnalysis: {
-        totalCommits: number;
-        analyzedCommits: number;
-        milestones: { date: string; summary: string; commits: string[] }[];
-    };
-    filesystemAnalysis: {
-        totalDirectories: number;
-        featureDirectories: string[];
-        configFiles: string[];
-    };
-    discoveredFeatures: DiscoveredFeature[];
-    recommendations: string[];
-}
-
-/**
- * Fetch Brynjar's persona from the system_prompts table
- */
+...
 export async function getBrynjarPersona(supabase: SupabaseClient) {
     const { data: persona, error } = await supabase
         .from('system_prompts')
@@ -66,185 +33,30 @@ export async function getBrynjarPersona(supabase: SupabaseClient) {
 }
 
 /**
- * Parse git log output into structured commits
- */
-function parseGitLog(logOutput: string): GitCommit[] {
-    const commits: GitCommit[] = [];
-    const entries = logOutput.split('\n---COMMIT---\n').filter(Boolean);
-
-    for (const entry of entries) {
-        const lines = entry.trim().split('\n');
-        if (lines.length >= 3) {
-            commits.push({
-                hash: lines[0]?.replace('hash:', '').trim() || '',
-                date: lines[1]?.replace('date:', '').trim() || '',
-                author: lines[2]?.replace('author:', '').trim() || '',
-                message: lines.slice(3).join('\n').trim()
-            });
-        }
-    }
-
-    return commits;
-}
-
-/**
- * Analyze commits to identify major milestones
- */
-function identifyMilestones(commits: GitCommit[]): { date: string; summary: string; commits: string[] }[] {
-    const milestones: { date: string; summary: string; commits: string[] }[] = [];
-
-    // Keywords that indicate significant features
-    const featurePatterns = [
-        { pattern: /\b(auth|authentication|login|signup|oauth)\b/i, category: 'Authentication System' },
-        { pattern: /\b(database|schema|migration|supabase|postgres)\b/i, category: 'Database Setup' },
-        { pattern: /\b(api|endpoint|route)\b/i, category: 'API Development' },
-        { pattern: /\b(ui|component|layout|design|tailwind)\b/i, category: 'UI/Component Development' },
-        { pattern: /\b(test|spec|jest|vitest)\b/i, category: 'Testing Infrastructure' },
-        { pattern: /\b(deploy|ci|cd|github|vercel|docker)\b/i, category: 'DevOps & Deployment' },
-        { pattern: /\b(feature|implement|add|create|build)\b/i, category: 'Feature Implementation' },
-        { pattern: /\b(fix|bug|patch|resolve)\b/i, category: 'Bug Fixes & Patches' },
-        { pattern: /\b(refactor|clean|optimize|improve)\b/i, category: 'Code Quality Improvements' },
-        { pattern: /\b(docs|readme|documentation)\b/i, category: 'Documentation' },
-        { pattern: /\b(config|setup|init|scaffold)\b/i, category: 'Project Configuration' },
-        { pattern: /\b(agent|mcp|ai|llm|openai)\b/i, category: 'AI/Agent Integration' },
-        { pattern: /\b(roadmap|milestone|chunk)\b/i, category: 'Roadmap System' },
-        { pattern: /\b(report|pdf|manifest|governance)\b/i, category: 'Reporting & Governance' },
-    ];
-
-    // Group commits by category
-    const categoryMap = new Map<string, { commits: GitCommit[]; latestDate: string }>();
-
-    for (const commit of commits) {
-        for (const { pattern, category } of featurePatterns) {
-            if (pattern.test(commit.message)) {
-                if (!categoryMap.has(category)) {
-                    categoryMap.set(category, { commits: [], latestDate: commit.date });
-                }
-                const entry = categoryMap.get(category)!;
-                entry.commits.push(commit);
-                if (new Date(commit.date) > new Date(entry.latestDate)) {
-                    entry.latestDate = commit.date;
-                }
-                break; // Only categorize each commit once
-            }
-        }
-    }
-
-    // Convert to milestones (only include categories with 2+ commits)
-    for (const [category, data] of categoryMap.entries()) {
-        if (data.commits.length >= 2) {
-            milestones.push({
-                date: data.latestDate,
-                summary: `${category} (${data.commits.length} commits)`,
-                commits: data.commits.slice(0, 5).map(c => c.message.split('\n')[0].substring(0, 80))
-            });
-        }
-    }
-
-    // Sort by date descending
-    milestones.sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime());
-
-    return milestones;
-}
-
-/**
- * Map directory structure to potential features
- */
-function analyzeFilesystem(tree: string[]): { featureDirectories: string[]; configFiles: string[] } {
-    const featurePatterns = [
-        /^(apps|packages)\/[^/]+\/src\/(components|features|modules)\/[^/]+$/,
-        /^(apps|packages)\/[^/]+\/src\/app\/[^/]+$/,
-        /^src\/(components|features|modules|pages)\/[^/]+$/,
-        /^(apps|packages)\/[^/]+$/,
-    ];
-
-    const configPatterns = [
-        /package\.json$/,
-        /tsconfig.*\.json$/,
-        /\.env.*$/,
-        /next\.config\./,
-        /tailwind\.config\./,
-        /supabase.*\.toml$/,
-    ];
-
-    const featureDirectories = tree.filter(path =>
-        featurePatterns.some(pattern => pattern.test(path))
-    );
-
-    const configFiles = tree.filter(path =>
-        configPatterns.some(pattern => pattern.test(path))
-    );
-
-    return {
-        featureDirectories: [...new Set(featureDirectories)].slice(0, 20),
-        configFiles: [...new Set(configFiles)].slice(0, 10)
-    };
-}
-
-/**
- * Generate discovered features from milestones and filesystem
- */
-function generateDiscoveredFeatures(
-    milestones: { date: string; summary: string; commits: string[] }[],
-    filesystemAnalysis: { featureDirectories: string[]; configFiles: string[] }
-): DiscoveredFeature[] {
-    const features: DiscoveredFeature[] = [];
-    let priority = 1;
-
-    // From Git milestones
-    for (const milestone of milestones.slice(0, 10)) {
-        const id = `ghost-${Date.now()}-${priority}`;
-        features.push({
-            id,
-            title: milestone.summary.split('(')[0].trim(),
-            description: `Reconstructed from ${milestone.commits.length} commits. Last activity: ${new Date(milestone.date).toLocaleDateString()}`,
-            status: 'COMPLETED',
-            source: 'git',
-            evidence: milestone.commits,
-            estimatedCompletionDate: milestone.date,
-            priority: priority++
-        });
-    }
-
-    // From filesystem (major directories as features)
-    const directoryFeatures = filesystemAnalysis.featureDirectories
-        .filter(dir => dir.includes('src/') || dir.startsWith('apps/') || dir.startsWith('packages/'))
-        .slice(0, 5);
-
-    for (const dir of directoryFeatures) {
-        const name = dir.split('/').pop() || dir;
-        const id = `ghost-fs-${Date.now()}-${priority}`;
-
-        // Skip if we already have a similar feature from git
-        if (features.some(f => f.title.toLowerCase().includes(name.toLowerCase()))) {
-            continue;
-        }
-
-        features.push({
-            id,
-            title: `${name.charAt(0).toUpperCase() + name.slice(1)} Module`,
-            description: `Detected from directory structure: ${dir}`,
-            status: 'COMPLETED',
-            source: 'filesystem',
-            evidence: [dir],
-            estimatedCompletionDate: new Date().toISOString(),
-            priority: priority++
-        });
-    }
-
-    return features;
-}
-
+ * Main archaeological scan function
+...
 /**
  * Main archaeological scan function
  * Called by the MCP server when Brynjar is invoked
  */
 export async function performArchaeologicalScan(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     gitLog: string,
     fileTree: string[]
 ): Promise<ArchaeologicalReport> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
+
     console.error(`🏛️ Brynjar is performing an archaeological scan for project ${projectId}...`);
 
     // Parse git history
@@ -299,9 +111,20 @@ export async function performArchaeologicalScan(
  */
 export async function importGhostFeatures(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     features: DiscoveredFeature[]
 ): Promise<{ success: boolean; imported: number; errors: string[] }> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
     console.error(`🏛️ Brynjar is importing ${features.length} ghost features into the roadmap...`);
 
     const errors: string[] = [];

package/src/tools/audit-integrity-gate.ts

@@ -16,21 +16,33 @@ registry.register({
 Can trigger a SOFT LOCK if critical issues are found.`,
     schema: AuditIntegrityGateInputSchema,
     handler: async (args, context) => {
-        const result = await runAuditIntegrityGate(context.supabase, args);
+        const result = await runAuditIntegrityGate(context.supabase, context.userId, args);
         return { content: [{ type: 'text', text: result.summary }] };
     }
 });
 
 export async function runAuditIntegrityGate(
     supabase: SupabaseClient,
+    userId: string,
     input: AuditIntegrityGateInput
 ): Promise<IntegrityGateResponse> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: input.projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
+
     const checks: IntegrityCheckResult[] = [];
     let isSoftLocked = false;
 
     // 1. Run Guardian Security Audit (RLS)
     try {
-        const rlsResult = await auditRlsStatus(supabase, { projectId: input.projectId });
+        const rlsResult = await auditRlsStatus(supabase, userId, { projectId: input.projectId });
         const unsecuredTables = rlsResult.unsecuredTables || [];
 
         if (unsecuredTables.length > 0) {
@@ -73,7 +85,7 @@ export async function runAuditIntegrityGate(
                 const fs = await import('fs/promises');
                 const content = await fs.readFile(path, 'utf-8');
 
-                const securityResult = await auditSecurityIntegrity(supabase, {
+                const securityResult = await auditSecurityIntegrity(supabase, userId, {
                     projectId: input.projectId,
                     filePath: path,
                     content: content
@@ -108,7 +120,7 @@ export async function runAuditIntegrityGate(
     // 3. Run Sindre Performance Audit (Indexes & N+1)
     if (input.filePaths && input.filePaths.length > 0) {
         try {
-            const perfResult = await analyzeDatabasePerformance(supabase, {
+            const perfResult = await analyzeDatabasePerformance(supabase, userId, {
                 projectId: input.projectId,
                 filePaths: input.filePaths
             });

package/src/tools/check-agent-bridge.ts

@@ -5,6 +5,7 @@ import { getProjectMorals } from '../resources/project-morals.js';
 
 export async function checkAgentBridge(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     action: 'check' | 'update' | 'submit_for_review' = 'check',
     bridgeId?: string,
@@ -13,6 +14,16 @@ export async function checkAgentBridge(
     execution_summary?: string, // NEW: required for completion
     proposal?: string
 ): Promise<CheckAgentBridgeResponse> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
 
     // 4. SUBMIT FOR REVIEW MODE
     if (action === 'submit_for_review') {

package/src/tools/check-rules-sync.ts

@@ -15,6 +15,7 @@ registry.register({
     handler: async (args, context) => {
         const result = await checkRulesSync(
             context.supabase,
+            context.userId,
             args.projectId,
             args.currentRulesContent
         );
@@ -37,6 +38,7 @@ const SAFETY_CACHE_RULES = `
 
 export async function checkRulesSync(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     currentRulesContent?: string
 ): Promise<CheckRulesSyncResponse> {
@@ -68,6 +70,17 @@ export async function checkRulesSync(
 
     // Resilience: Wrap DB check in try/catch to handle network failures
     try {
+        // 1. Verify project access
+        const { data: hasAccess, error: accessError } = await supabase
+            .rpc('check_project_access_secure', {
+                p_project_id: projectId,
+                p_user_id: userId
+            });
+
+        if (accessError || !hasAccess) {
+            throw new Error('Project not found or access denied');
+        }
+
         const { data: project, error } = await supabase
             .from('projects')
             .select('name')

package/src/tools/complete-roadmap-task.ts

@@ -15,6 +15,7 @@ registry.register({
     handler: async (args, context) => {
         const result = await completeRoadmapTask(
             context.supabase,
+            context.userId,
             args.projectId,
             args.summary,
             args.taskId,
@@ -33,12 +34,23 @@ export interface CompleteRoadmapTaskResponse {
 
 export async function completeRoadmapTask(
     supabase: SupabaseClient,
+    userId: string,
     projectId: string,
     summary: string,
     taskId?: string,
     gitDiff?: string,
     integrityGate?: IntegrityGateResponse
 ): Promise<CompleteRoadmapTaskResponse> {
+    // 0. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
 
     // 1. Identify the task
     let targetTaskId = taskId;

package/src/tools/generate-professional-pdf.ts

@@ -10,16 +10,31 @@ export async function generateProfessionalPdf(
 ) {
     console.error(`🖋️ The Scribe is preparing a ${reportType} briefing for project ${projectId}...`);
 
-    // 1. Fetch persona from Prompt CMS (via Scribe Adapter)
+    // 1. Verify project access
+    const { data: hasAccess, error: accessError } = await supabase
+        .rpc('check_project_access_secure', {
+            p_project_id: projectId,
+            p_user_id: userId
+        });
+
+    if (accessError || !hasAccess) {
+        throw new Error('Project not found or access denied');
+    }
+
+    // 1.5 Fetch persona from Prompt CMS (via Scribe Adapter)
     const persona = await getScribePersona(supabase);
 
     // 2. Fetch Project Metadata (expanded)
-    const { data: project } = await supabase
+    const { data: project, error: projectError } = await supabase
         .from('projects')
         .select('name, description, project_type, detected_stack')
         .eq('id', projectId)
         .single();
 
+    if (projectError || !project) {
+        throw new Error('Project details not found');
+    }
+
     const projectName = project?.name || 'Rigstate Project';
     const projectDescription = project?.description || 'A cutting-edge software project built with modern architecture.';
     const projectType = project?.project_type || 'Web Application';

package/src/tools/get-next-roadmap-step.ts

@@ -96,7 +96,11 @@ export async function getNextRoadmapStep(
     }
 
     return {
-        nextStep: nextStep as RoadmapChunk,
+        nextStep: {
+            ...nextStep,
+            architectural_brief: nextStep.architectural_brief,
+            context_summary: nextStep.context_summary
+        } as RoadmapChunk,
         message: `Next step found: [Step ${nextStep.step_number}] ${nextStep.title}`
     };
 }

package/src/tools/get-project-context.ts

@@ -10,6 +10,7 @@ import type { ProjectContextResponse, TechStackInfo } from '../lib/types.js';
 import { injectGlobalContext } from '../lib/context-engine.js';
 import { registry } from '../lib/tool-registry.js';
 import { GetProjectContextInputSchema } from '../lib/schemas.js';
+import { buildProjectSummary } from '../lib/project-context-utils.js';
 
 // ============================================
 // Tool Registration
@@ -60,6 +61,7 @@ export async function getProjectContext(
         detected_stack: any;
         repository_tree: any;
         architectural_dna: any;
+        functional_spec: any;
     }
 
     // Fetch project securely via RPC (bypasses RLS with strict checks)
@@ -86,16 +88,15 @@ export async function getProjectContext(
         created_at: projectRow.created_at,
         last_indexed_at: projectRow.last_indexed_at,
         detected_stack: projectRow.detected_stack,
-        repository_tree: projectRow.repository_tree
+        repository_tree: projectRow.repository_tree,
+        functional_spec: projectRow.functional_spec
     };
 
     // DNA is now directly available
     const stackDef = (projectRow.architectural_dna as any)?.stack_definition;
 
-
-
     // Continuity Loop: Fetch Active & Next Tasks via secure RPC
-    const { data: allChunks, error: chunksError } = await supabase
+    const { data: allChunks } = await supabase
         .rpc('get_roadmap_chunks_secure', {
             p_project_id: projectId,
             p_user_id: userId
@@ -164,80 +165,17 @@ export async function getProjectContext(
         )].slice(0, 10) as string[];
     }
 
-    // Build summary
-    const summaryParts: string[] = [];
-
-    summaryParts.push(`Project Type: ${project.project_type?.toUpperCase() || 'UNKNOWN'}`);
-
-    // Add DNA Stack Info if available (Truth)
-    if (stackDef) {
-        summaryParts.push('\n=== ACTIVE MISSION PARAMETERS ===');
-        if (activeTask) {
-            summaryParts.push(`⚠️  CURRENT OBJECTIVE: T-${activeTask.step_number}: ${activeTask.title}`);
-            summaryParts.push(`   Role: ${activeTask.role || 'Developer'}`);
-            if (activeTask.instruction_set) {
-                summaryParts.push(`   Instructions: ${activeTask.instruction_set.substring(0, 200)}...`);
-            }
-            summaryParts.push('   ACTION: Focus ALL coding efforts on completing this task.');
-        } else if (nextTask) {
-            summaryParts.push(`⏸  SYSTEM IDLE (Waiting for command)`);
-            summaryParts.push(`   Suggested Next Mission: T-${nextTask.step_number}: ${nextTask.title}`);
-            summaryParts.push(`   ACTION: Ask the user "Shall we start T-${nextTask.step_number}?"`);
-        } else {
-            summaryParts.push('✅  ALL MISSIONS COMPLETE. Awaiting new roadmap items.');
-        }
-
-        summaryParts.push('\n=== AI BEHAVIORAL INSTRUCTIONS ===');
-        if (activeTask) {
-            summaryParts.push(`1. FOCUS: The user is working on T-${activeTask.step_number}. Help them complete it.`);
-            summaryParts.push(`2. COMPLIANCE: Ensure all code follows project standards.`);
-        } else if (nextTask) {
-            summaryParts.push(`1. NUDGE: No active task found. Suggest starting T-${nextTask.step_number} (${nextTask.title}).`);
-            summaryParts.push(`2. PROACTIVE: Instead of asking "How can I help?", ask "Shall we start on T-${nextTask.step_number}?"`);
-        }
-
-        summaryParts.push('\n=== CURRENT STACK ===');
-        if (stackDef.frontend) summaryParts.push(`Frontend: ${stackDef.frontend.framework} (${stackDef.frontend.language})`);
-        if (stackDef.backend) summaryParts.push(`Backend: ${stackDef.backend.service} (${stackDef.backend.database})`);
-        if (stackDef.styling) summaryParts.push(`Styling: ${stackDef.styling.framework} ${stackDef.styling.library || ''}`);
-        if (stackDef.hosting) summaryParts.push(`Infrastructure: ${stackDef.hosting.provider}`);
-    } else {
-        // Fallback to detected stack
-        if (techStack.framework) summaryParts.push(`Framework: ${techStack.framework}`);
-        if (techStack.orm) summaryParts.push(`ORM: ${techStack.orm}`);
-    }
-
-    if (project.description) {
-        summaryParts.push(`\nDescription: ${project.description}`);
-    }
-
-    // Add Tooling Guidelines (Critical for Universal IDE Support)
-    summaryParts.push('\n=== RIGSTATE TOOLING GUIDELINES ===');
-    summaryParts.push('You have access to specialized MCP tools. USE THEM TO SUCCEED:');
-    summaryParts.push('1. NEVER guess about architecture. Use `query_brain` to search project documentation.');
-    summaryParts.push('2. BEFORE coding, check `get_learned_instructions` to see if you have been corrected before.');
-    summaryParts.push('3. When finishing a task, ALWAYS update the roadmap using `update_roadmap`.');
-    summaryParts.push('4. If you discover a reusable pattern, submit it with `submit_curator_signal`.');
-    summaryParts.push('5. For large refactors, use `run_architecture_audit` to check against rules.');
-    summaryParts.push('6. Store major decisions using `save_decision` (ADR).');
-
-    // Add Digest to Summary
-    summaryParts.push('\n=== RECENT ACTIVITY DIGEST ===');
-
-    if (agentTasks && agentTasks.length > 0) {
-        summaryParts.push('\nLatest AI Executions:');
-        agentTasks.forEach((t: any) => {
-            const time = t.completed_at ? new Date(t.completed_at).toLocaleString() : 'Recently';
-            summaryParts.push(`- [${time}] ${t.roadmap_title || 'Task'}: ${t.execution_summary || 'Completed'}`);
-        });
-    }
-
-    if (roadmapItems && roadmapItems.length > 0) {
-        summaryParts.push('\nRoadmap Updates:');
-        roadmapItems.forEach((i: any) => {
-            summaryParts.push(`- ${i.title} is now ${i.status}`);
-        });
-    }
+    const summary = await buildProjectSummary(
+        project,
+        techStack,
+        activeTask,
+        nextTask,
+        agentTasks || [],
+        roadmapItems || [],
+        stackDef,
+        supabase,
+        userId
+    );
 
     const response: ProjectContextResponse = {
         project: {
@@ -249,7 +187,7 @@ export async function getProjectContext(
             lastIndexedAt: project.last_indexed_at
         },
         techStack,
-        summary: summaryParts.join('\n') || 'No project context available.'
+        summary
     };
 
     // Phase 8.5.5: Inject Global Context (Curator)