@saiteja1123/mcp-server 1.1.2 → 1.1.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@saiteja1123/mcp-server",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "private": false,
   "description": "Vibesecur MCP security scanner - one-folder locking, cross-IDE, Cursor/VSCode/Windsurf",
   "type": "module",
@@ -16,6 +16,8 @@
     "start": "node ./src/server.js",
     "dev": "node --watch ./src/server.js",
     "bind": "node ./src/cli.js bind",
+    "init": "node ./src/cli.js init",
+    "doctor": "node ./src/cli.js doctor",
     "test": "node --input-type=module --eval \"import('./src/server.js')\""
   },
   "exports": {

package/src/api-scan.mjs

@@ -19,12 +19,47 @@ export function getProjectHashForPath(rootPath) {
   return sha256Hex(`vibesecur:mcp:${resolved}`);
 }
 
-function normalizeApiBase(raw) {
+export function normalizeApiBase(raw) {
   if (!raw || typeof raw !== 'string') return '';
   const u = raw.trim().replace(/\/$/, '');
   return u.endsWith('/api/v1') ? u : `${u}/api/v1`;
 }
 
+/** GET origin (no /api/v1) for lightweight health checks. */
+export function getApiOriginFromBase(raw) {
+  const normalized = normalizeApiBase(raw);
+  if (!normalized) return '';
+  return normalized.replace(/\/api\/v1\/?$/, '') || normalized;
+}
+
+/**
+ * Quick reachability check (GET app root). Does not run a scan.
+ * @param {string} [baseUrl] - e.g. https://vibesecur.onrender.com (optional /api/v1 ok)
+ */
+export async function pingBackend(baseUrl) {
+  const raw = (
+    baseUrl
+    || process.env.VIBESECUR_API_BASE
+    || process.env.VIBESECUR_API_URL
+    || 'https://vibesecur.onrender.com'
+  ).trim();
+  const origin = getApiOriginFromBase(raw);
+  if (!origin) {
+    return { ok: false, skipped: true, message: 'No API base URL' };
+  }
+  const url = origin.endsWith('/') ? origin.slice(0, -1) : origin;
+  try {
+    const ctrl = typeof AbortSignal !== 'undefined' && AbortSignal.timeout
+      ? AbortSignal.timeout(12000)
+      : undefined;
+    const res = await fetch(`${url}/`, { method: 'GET', signal: ctrl });
+    const ok = true;
+    return { ok, status: res.status, url: `${url}/` };
+  } catch (e) {
+    return { ok: false, error: e.message };
+  }
+}
+
 export async function postRemoteLocalScan({
   code,
   lang = 'auto',

package/src/cli.js

@@ -1,19 +1,35 @@
 #!/usr/bin/env node
 /**
  * vibesecur-mcp CLI
- * Usage:
- *   vibesecur-mcp bind <folder>
- *   vibesecur-mcp rebind <folder>
- *   vibesecur-mcp status [folder]
- *   vibesecur-mcp config <folder>
- *   vibesecur-mcp start
+ *
+ * Quick start:  npx -y @saiteja1123/mcp-server init
+ *
+ * Commands:
+ *   init [folder]     bind folder + print IDE configs (optional --write=...)
+ *   doctor [folder]   check lock, env hints, backend reachability
+ *   bind <folder>
+ *   rebind <folder>
+ *   status [folder]
+ *   config [folder]
+ *   start             MCP stdio server
+ *
+ * Flags (init):  --api-base=URL  --skip-bind  --write=cursor|vscode|windsurf|all
  */
 
+import fs from 'fs/promises';
 import path from 'path';
+import os from 'os';
+import { createRequire } from 'module';
 import { fileURLToPath } from 'url';
 import { createLock, rebindLock, diagnosticLock, readLock } from './lock.mjs';
+import { pingBackend } from './api-scan.mjs';
 
-const [, , command, arg] = process.argv;
+const require = createRequire(import.meta.url);
+const mcpPkg = require('../package.json');
+const NPM_PACKAGE_NAME = mcpPkg.name || '@saiteja1123/mcp-server';
+const DEFAULT_API_BASE = 'https://vibesecur.onrender.com';
+
+const serverPath = fileURLToPath(new URL('./server.js', import.meta.url));
 
 const BOLD = '\x1b[1m';
 const GREEN = '\x1b[32m';
@@ -27,15 +43,106 @@ function ok(t) { return `${GREEN}✓ ${t}${RESET}`; }
 function err(t) { return `${RED}✗ ${t}${RESET}`; }
 function dim(t) { return `${DIM}${t}${RESET}`; }
 
-const serverPath = fileURLToPath(new URL('./server.js', import.meta.url));
+function parseArgv(argv) {
+  const flags = {};
+  const positional = [];
+  for (const a of argv) {
+    if (a.startsWith('--')) {
+      const eq = a.indexOf('=');
+      if (eq === -1) flags[a.slice(2)] = true;
+      else flags[a.slice(2, eq)] = a.slice(eq + 1);
+    } else {
+      positional.push(a);
+    }
+  }
+  return { flags, positional };
+}
+
+const { flags, positional } = parseArgv(process.argv.slice(2));
+const command = positional[0];
+const arg = positional[1];
 
 function serverCmd() {
-  if (serverPath.includes('node_modules')) {
-    return { command: 'npx', args: ['-y', '@vibesecur/mcp-server', 'start'] };
+  const normalizedPath = serverPath.replace(/\\/g, '/');
+  if (normalizedPath.includes('/node_modules/')) {
+    return { command: 'npx', args: ['-y', NPM_PACKAGE_NAME, 'start'] };
   }
   return { command: 'node', args: [serverPath] };
 }
 
+function buildEnv(folder, token, apiBase) {
+  return {
+    VIBESECUR_INSTALL_TOKEN: token,
+    VIBESECUR_BOUND_ROOT: folder,
+    VIBESECUR_API_BASE: apiBase || DEFAULT_API_BASE,
+  };
+}
+
+function printIdeBlocks(sc, env) {
+  console.log(`${BOLD}-- Cursor (~/.cursor/mcp.json) --${RESET}`);
+  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- VS Code (project .vscode/mcp.json) --${RESET}`);
+  console.log(JSON.stringify({ servers: { vibesecur: { type: 'stdio', command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- Windsurf (~/.codeium/windsurf/mcp_config.json) --${RESET}`);
+  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- Generic env (paste into your MCP client) --${RESET}`);
+  console.log(`command: ${sc.command} ${sc.args.join(' ')}`);
+  Object.entries(env).forEach(([k, v]) => console.log(`  ${k}=${v}`));
+  console.log();
+}
+
+async function mergeJsonFile(filePath, merger) {
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  let data = {};
+  try {
+    const raw = await fs.readFile(filePath, 'utf8');
+    data = JSON.parse(raw);
+  } catch {
+    data = {};
+  }
+  const next = merger(data);
+  await fs.writeFile(filePath, JSON.stringify(next, null, 2), 'utf8');
+}
+
+async function writeIdeConfig(which, sc, env) {
+  const entry = { command: sc.command, args: sc.args, env };
+  const vscodeEntry = { type: 'stdio', command: sc.command, args: sc.args, env };
+
+  if (which === 'cursor' || which === 'all') {
+    const file = path.join(os.homedir(), '.cursor', 'mcp.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.mcpServers = { ...(out.mcpServers || {}), vibesecur: entry };
+      return out;
+    });
+    console.log(ok(`Wrote Cursor MCP config: ${file}`));
+  }
+
+  if (which === 'vscode' || which === 'all') {
+    const folder = env.VIBESECUR_BOUND_ROOT;
+    const file = path.join(folder, '.vscode', 'mcp.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.servers = { ...(out.servers || {}), vibesecur: vscodeEntry };
+      return out;
+    });
+    console.log(ok(`Wrote VS Code MCP config: ${file}`));
+  }
+
+  if (which === 'windsurf' || which === 'all') {
+    const file = path.join(os.homedir(), '.codeium', 'windsurf', 'mcp_config.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.mcpServers = { ...(out.mcpServers || {}), vibesecur: entry };
+      return out;
+    });
+    console.log(ok(`Wrote Windsurf MCP config: ${file}`));
+  }
+}
+
 async function cmdBind() {
   const folder = path.resolve(arg || process.cwd());
   const account = process.env.VIBESECUR_ACCOUNT || 'anonymous';
@@ -89,46 +196,118 @@ async function cmdConfig() {
   const folder = path.resolve(arg || process.cwd());
   const lock = await readLock(folder);
   const token = lock?.installToken || 'YOUR_INSTALL_TOKEN';
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
 
   console.log(`\n${h('Vibesecur MCP - IDE Config Snippets')}`);
   console.log(`Folder: ${folder}`);
   if (!lock) console.log(err(`No lock found. Run: vibesecur-mcp bind ${folder}`));
   console.log();
 
-  const env = {
-    VIBESECUR_INSTALL_TOKEN: token,
-    VIBESECUR_BOUND_ROOT: folder,
-    VIBESECUR_API_BASE: 'https://api.vibesecur.com',
-  };
+  const env = buildEnv(folder, token, apiBase);
   const sc = serverCmd();
+  printIdeBlocks(sc, env);
+}
 
-  console.log(`${BOLD}-- Cursor (.cursor/mcp.json) --${RESET}`);
-  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+async function cmdInit() {
+  const folder = path.resolve(arg || process.cwd());
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
+  const account = process.env.VIBESECUR_ACCOUNT || 'anonymous';
+  const skipBind = flags['skip-bind'] === true || flags['skip-bind'] === 'true';
 
-  console.log(`\n${BOLD}-- VS Code (.vscode/mcp.json) --${RESET}`);
-  console.log(JSON.stringify({ servers: { vibesecur: { type: 'stdio', command: sc.command, args: sc.args, env } } }, null, 2));
+  console.log(`\n${h('Vibesecur MCP - Init')}`);
+  console.log(`Project folder: ${folder}`);
+  console.log(`API base:       ${apiBase}`);
+  console.log(`Package:        ${NPM_PACKAGE_NAME}\n`);
 
-  console.log(`\n${BOLD}-- Windsurf (~/.codeium/windsurf/mcp_config.json) --${RESET}`);
-  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+  let lock = await readLock(folder);
+  if (!lock) {
+    if (skipBind) {
+      console.log(err('No lock in this folder. Run without --skip-bind, or: vibesecur-mcp bind <folder>'));
+      process.exit(1);
+    }
+    lock = await createLock({ rootPath: folder, account });
+    console.log(ok(`Created lock: ${path.join(folder, '.vibesecur', 'lock.json')}`));
+  } else {
+    console.log(ok('Existing lock found (reusing token). Use rebind to rotate.'));
+  }
 
-  console.log(`\n${BOLD}-- Generic / Claude Desktop / Continue.dev --${RESET}`);
-  console.log(`command: ${sc.command} ${sc.args.join(' ')}`);
-  Object.entries(env).forEach(([k, v]) => console.log(`  ${k}=${v}`));
-  console.log();
+  const env = buildEnv(folder, lock.installToken, apiBase);
+  const sc = serverCmd();
+
+  console.log(`\n${BOLD}Next:${RESET} paste ONE block below into your IDE MCP settings, then reload the IDE.\n`);
+  printIdeBlocks(sc, env);
+
+  const write = flags.write;
+  if (write) {
+    const w = String(write).toLowerCase();
+    if (!['cursor', 'vscode', 'windsurf', 'all'].includes(w)) {
+      console.log(err(`Invalid --write=${write}. Use: cursor | vscode | windsurf | all`));
+      process.exit(1);
+    }
+    await writeIdeConfig(w, sc, env);
+    console.log(dim('Reload your IDE so it picks up the new MCP config.'));
+  }
+}
+
+async function cmdDoctor() {
+  const folder = path.resolve(arg || process.cwd());
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
+
+  console.log(`\n${h('Vibesecur MCP - Doctor')}`);
+  console.log(`Folder:   ${folder}`);
+  console.log(`API base: ${apiBase}\n`);
+
+  const lock = await readLock(folder);
+  if (!lock) {
+    console.log(err('No lock file. Run: vibesecur-mcp init'));
+  } else {
+    console.log(ok('Lock file present'));
+    const diag = await diagnosticLock(folder);
+    console.log(diag.healthy ? ok('Lock diagnostic: healthy') : err('Lock diagnostic: issues'));
+    if (diag.issues?.length) diag.issues.forEach((i) => console.log(`  - ${i}`));
+  }
+
+  const tokenEnv = process.env.VIBESECUR_INSTALL_TOKEN;
+  const rootEnv = process.env.VIBESECUR_BOUND_ROOT;
+  console.log(`\n${BOLD}Shell env (optional; IDE sets these when MCP runs):${RESET}`);
+  console.log(`  VIBESECUR_INSTALL_TOKEN: ${tokenEnv ? dim('set') : dim('not set in this shell (normal)')}`);
+  console.log(`  VIBESECUR_BOUND_ROOT:    ${rootEnv ? dim('set') : dim('not set in this shell (normal)')}`);
+  console.log(`  VIBESECUR_API_BASE:      ${process.env.VIBESECUR_API_BASE ? dim(process.env.VIBESECUR_API_BASE) : dim(`${DEFAULT_API_BASE} (default)`)}`);
+
+  const ping = await pingBackend(apiBase);
+  if (ping.skipped) {
+    console.log(`\n${err('Backend ping skipped')}`);
+  } else if (ping.ok) {
+    const note = ping.status >= 400 ? ' (server responded; check path if unexpected)' : '';
+    console.log(`\n${ok(`Backend responded HTTP ${ping.status}${note}`)}`);
+    console.log(dim(`  ${ping.url || ''}`));
+  } else {
+    console.log(`\n${err('Backend not reachable')}`);
+    if (ping.status !== undefined) console.log(`  HTTP ${ping.status}`);
+    if (ping.error) console.log(`  ${ping.error}`);
+  }
+
+  console.log(`\n${BOLD}CLI:${RESET} ${NPM_PACKAGE_NAME}@${mcpPkg.version}`);
+  console.log(dim('If IDE still fails: run init again, paste fresh config, reload IDE.\n'));
 }
 
 function usage() {
   console.log(`\n${h('Vibesecur MCP')}`);
-  console.log('  bind <folder>    bind install to a project folder');
-  console.log('  rebind <folder>  revoke old token, issue new lock');
-  console.log('  status [folder]  check lock health');
-  console.log('  config <folder>  print IDE config snippets');
-  console.log('  start            start MCP server (stdio)\n');
+  console.log(`  ${dim('Quick start:')} vibesecur-mcp init`);
+  console.log('  init [folder]       bind + print IDE configs [--api-base=URL] [--write=cursor|vscode|windsurf|all] [--skip-bind]');
+  console.log('  doctor [folder]   check lock + backend [--api-base=URL]');
+  console.log('  bind <folder>     create lock only');
+  console.log('  rebind <folder>   rotate token');
+  console.log('  status [folder]   lock health');
+  console.log('  config [folder]   print snippets only');
+  console.log('  start             MCP server (stdio)\n');
   process.exit(1);
 }
 
 try {
   switch (command) {
+    case 'init': await cmdInit(); break;
+    case 'doctor': await cmdDoctor(); break;
     case 'bind': await cmdBind(); break;
     case 'rebind': await cmdRebind(); break;
     case 'status': await cmdStatus(); break;