@saiteja1123/mcp-server 1.1.2 → 1.1.4

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "@saiteja1123/mcp-server",
-  "version": "1.1.2",
+  "version": "1.1.4",
   "private": false,
+  "license": "MIT",
   "description": "Vibesecur MCP security scanner - one-folder locking, cross-IDE, Cursor/VSCode/Windsurf",
   "type": "module",
   "main": "./src/index.js",
@@ -16,6 +17,8 @@
     "start": "node ./src/server.js",
     "dev": "node --watch ./src/server.js",
     "bind": "node ./src/cli.js bind",
+    "init": "node ./src/cli.js init",
+    "doctor": "node ./src/cli.js doctor",
     "test": "node --input-type=module --eval \"import('./src/server.js')\""
   },
   "exports": {

package/src/api-scan.mjs

@@ -19,12 +19,47 @@ export function getProjectHashForPath(rootPath) {
   return sha256Hex(`vibesecur:mcp:${resolved}`);
 }
 
-function normalizeApiBase(raw) {
+export function normalizeApiBase(raw) {
   if (!raw || typeof raw !== 'string') return '';
   const u = raw.trim().replace(/\/$/, '');
   return u.endsWith('/api/v1') ? u : `${u}/api/v1`;
 }
 
+/** GET origin (no /api/v1) for lightweight health checks. */
+export function getApiOriginFromBase(raw) {
+  const normalized = normalizeApiBase(raw);
+  if (!normalized) return '';
+  return normalized.replace(/\/api\/v1\/?$/, '') || normalized;
+}
+
+/**
+ * Quick reachability check (GET app root). Does not run a scan.
+ * @param {string} [baseUrl] - e.g. https://vibesecur.onrender.com (optional /api/v1 ok)
+ */
+export async function pingBackend(baseUrl) {
+  const raw = (
+    baseUrl
+    || process.env.VIBESECUR_API_BASE
+    || process.env.VIBESECUR_API_URL
+    || 'https://vibesecur.onrender.com'
+  ).trim();
+  const origin = getApiOriginFromBase(raw);
+  if (!origin) {
+    return { ok: false, skipped: true, message: 'No API base URL' };
+  }
+  const url = origin.endsWith('/') ? origin.slice(0, -1) : origin;
+  try {
+    const ctrl = typeof AbortSignal !== 'undefined' && AbortSignal.timeout
+      ? AbortSignal.timeout(12000)
+      : undefined;
+    const res = await fetch(`${url}/`, { method: 'GET', signal: ctrl });
+    const ok = true;
+    return { ok, status: res.status, url: `${url}/` };
+  } catch (e) {
+    return { ok: false, error: e.message };
+  }
+}
+
 export async function postRemoteLocalScan({
   code,
   lang = 'auto',

package/src/cli.js

@@ -1,19 +1,35 @@
 #!/usr/bin/env node
 /**
  * vibesecur-mcp CLI
- * Usage:
- *   vibesecur-mcp bind <folder>
- *   vibesecur-mcp rebind <folder>
- *   vibesecur-mcp status [folder]
- *   vibesecur-mcp config <folder>
- *   vibesecur-mcp start
+ *
+ * Quick start:  npx -y @saiteja1123/mcp-server init
+ *
+ * Commands:
+ *   init [folder]     bind folder + print IDE configs (optional --write=...)
+ *   doctor [folder]   check lock, env hints, backend reachability
+ *   bind <folder>
+ *   rebind <folder>
+ *   status [folder]
+ *   config [folder]
+ *   start             MCP stdio server
+ *
+ * Flags (init):  --api-base=URL  --skip-bind  --write=cursor|vscode|windsurf|all
  */
 
+import fs from 'fs/promises';
 import path from 'path';
+import os from 'os';
+import { createRequire } from 'module';
 import { fileURLToPath } from 'url';
 import { createLock, rebindLock, diagnosticLock, readLock } from './lock.mjs';
+import { pingBackend } from './api-scan.mjs';
 
-const [, , command, arg] = process.argv;
+const require = createRequire(import.meta.url);
+const mcpPkg = require('../package.json');
+const NPM_PACKAGE_NAME = mcpPkg.name || '@saiteja1123/mcp-server';
+const DEFAULT_API_BASE = 'https://vibesecur.onrender.com';
+
+const serverPath = fileURLToPath(new URL('./server.js', import.meta.url));
 
 const BOLD = '\x1b[1m';
 const GREEN = '\x1b[32m';
@@ -27,15 +43,106 @@ function ok(t) { return `${GREEN}✓ ${t}${RESET}`; }
 function err(t) { return `${RED}✗ ${t}${RESET}`; }
 function dim(t) { return `${DIM}${t}${RESET}`; }
 
-const serverPath = fileURLToPath(new URL('./server.js', import.meta.url));
+function parseArgv(argv) {
+  const flags = {};
+  const positional = [];
+  for (const a of argv) {
+    if (a.startsWith('--')) {
+      const eq = a.indexOf('=');
+      if (eq === -1) flags[a.slice(2)] = true;
+      else flags[a.slice(2, eq)] = a.slice(eq + 1);
+    } else {
+      positional.push(a);
+    }
+  }
+  return { flags, positional };
+}
+
+const { flags, positional } = parseArgv(process.argv.slice(2));
+const command = positional[0];
+const arg = positional[1];
 
 function serverCmd() {
-  if (serverPath.includes('node_modules')) {
-    return { command: 'npx', args: ['-y', '@vibesecur/mcp-server', 'start'] };
+  const normalizedPath = serverPath.replace(/\\/g, '/');
+  if (normalizedPath.includes('/node_modules/')) {
+    return { command: 'npx', args: ['-y', NPM_PACKAGE_NAME, 'start'] };
   }
   return { command: 'node', args: [serverPath] };
 }
 
+function buildEnv(folder, token, apiBase) {
+  return {
+    VIBESECUR_INSTALL_TOKEN: token,
+    VIBESECUR_BOUND_ROOT: folder,
+    VIBESECUR_API_BASE: apiBase || DEFAULT_API_BASE,
+  };
+}
+
+function printIdeBlocks(sc, env) {
+  console.log(`${BOLD}-- Cursor (~/.cursor/mcp.json) --${RESET}`);
+  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- VS Code (project .vscode/mcp.json) --${RESET}`);
+  console.log(JSON.stringify({ servers: { vibesecur: { type: 'stdio', command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- Windsurf (~/.codeium/windsurf/mcp_config.json) --${RESET}`);
+  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+
+  console.log(`\n${BOLD}-- Generic env (paste into your MCP client) --${RESET}`);
+  console.log(`command: ${sc.command} ${sc.args.join(' ')}`);
+  Object.entries(env).forEach(([k, v]) => console.log(`  ${k}=${v}`));
+  console.log();
+}
+
+async function mergeJsonFile(filePath, merger) {
+  await fs.mkdir(path.dirname(filePath), { recursive: true });
+  let data = {};
+  try {
+    const raw = await fs.readFile(filePath, 'utf8');
+    data = JSON.parse(raw);
+  } catch {
+    data = {};
+  }
+  const next = merger(data);
+  await fs.writeFile(filePath, JSON.stringify(next, null, 2), 'utf8');
+}
+
+async function writeIdeConfig(which, sc, env) {
+  const entry = { command: sc.command, args: sc.args, env };
+  const vscodeEntry = { type: 'stdio', command: sc.command, args: sc.args, env };
+
+  if (which === 'cursor' || which === 'all') {
+    const file = path.join(os.homedir(), '.cursor', 'mcp.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.mcpServers = { ...(out.mcpServers || {}), vibesecur: entry };
+      return out;
+    });
+    console.log(ok(`Wrote Cursor MCP config: ${file}`));
+  }
+
+  if (which === 'vscode' || which === 'all') {
+    const folder = env.VIBESECUR_BOUND_ROOT;
+    const file = path.join(folder, '.vscode', 'mcp.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.servers = { ...(out.servers || {}), vibesecur: vscodeEntry };
+      return out;
+    });
+    console.log(ok(`Wrote VS Code MCP config: ${file}`));
+  }
+
+  if (which === 'windsurf' || which === 'all') {
+    const file = path.join(os.homedir(), '.codeium', 'windsurf', 'mcp_config.json');
+    await mergeJsonFile(file, (data) => {
+      const out = { ...data };
+      out.mcpServers = { ...(out.mcpServers || {}), vibesecur: entry };
+      return out;
+    });
+    console.log(ok(`Wrote Windsurf MCP config: ${file}`));
+  }
+}
+
 async function cmdBind() {
   const folder = path.resolve(arg || process.cwd());
   const account = process.env.VIBESECUR_ACCOUNT || 'anonymous';
@@ -89,46 +196,118 @@ async function cmdConfig() {
   const folder = path.resolve(arg || process.cwd());
   const lock = await readLock(folder);
   const token = lock?.installToken || 'YOUR_INSTALL_TOKEN';
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
 
   console.log(`\n${h('Vibesecur MCP - IDE Config Snippets')}`);
   console.log(`Folder: ${folder}`);
   if (!lock) console.log(err(`No lock found. Run: vibesecur-mcp bind ${folder}`));
   console.log();
 
-  const env = {
-    VIBESECUR_INSTALL_TOKEN: token,
-    VIBESECUR_BOUND_ROOT: folder,
-    VIBESECUR_API_BASE: 'https://api.vibesecur.com',
-  };
+  const env = buildEnv(folder, token, apiBase);
   const sc = serverCmd();
+  printIdeBlocks(sc, env);
+}
 
-  console.log(`${BOLD}-- Cursor (.cursor/mcp.json) --${RESET}`);
-  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+async function cmdInit() {
+  const folder = path.resolve(arg || process.cwd());
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
+  const account = process.env.VIBESECUR_ACCOUNT || 'anonymous';
+  const skipBind = flags['skip-bind'] === true || flags['skip-bind'] === 'true';
 
-  console.log(`\n${BOLD}-- VS Code (.vscode/mcp.json) --${RESET}`);
-  console.log(JSON.stringify({ servers: { vibesecur: { type: 'stdio', command: sc.command, args: sc.args, env } } }, null, 2));
+  console.log(`\n${h('Vibesecur MCP - Init')}`);
+  console.log(`Project folder: ${folder}`);
+  console.log(`API base:       ${apiBase}`);
+  console.log(`Package:        ${NPM_PACKAGE_NAME}\n`);
 
-  console.log(`\n${BOLD}-- Windsurf (~/.codeium/windsurf/mcp_config.json) --${RESET}`);
-  console.log(JSON.stringify({ mcpServers: { vibesecur: { command: sc.command, args: sc.args, env } } }, null, 2));
+  let lock = await readLock(folder);
+  if (!lock) {
+    if (skipBind) {
+      console.log(err('No lock in this folder. Run without --skip-bind, or: vibesecur-mcp bind <folder>'));
+      process.exit(1);
+    }
+    lock = await createLock({ rootPath: folder, account });
+    console.log(ok(`Created lock: ${path.join(folder, '.vibesecur', 'lock.json')}`));
+  } else {
+    console.log(ok('Existing lock found (reusing token). Use rebind to rotate.'));
+  }
 
-  console.log(`\n${BOLD}-- Generic / Claude Desktop / Continue.dev --${RESET}`);
-  console.log(`command: ${sc.command} ${sc.args.join(' ')}`);
-  Object.entries(env).forEach(([k, v]) => console.log(`  ${k}=${v}`));
-  console.log();
+  const env = buildEnv(folder, lock.installToken, apiBase);
+  const sc = serverCmd();
+
+  console.log(`\n${BOLD}Next:${RESET} paste ONE block below into your IDE MCP settings, then reload the IDE.\n`);
+  printIdeBlocks(sc, env);
+
+  const write = flags.write;
+  if (write) {
+    const w = String(write).toLowerCase();
+    if (!['cursor', 'vscode', 'windsurf', 'all'].includes(w)) {
+      console.log(err(`Invalid --write=${write}. Use: cursor | vscode | windsurf | all`));
+      process.exit(1);
+    }
+    await writeIdeConfig(w, sc, env);
+    console.log(dim('Reload your IDE so it picks up the new MCP config.'));
+  }
+}
+
+async function cmdDoctor() {
+  const folder = path.resolve(arg || process.cwd());
+  const apiBase = (flags['api-base'] || process.env.VIBESECUR_API_BASE || DEFAULT_API_BASE).trim();
+
+  console.log(`\n${h('Vibesecur MCP - Doctor')}`);
+  console.log(`Folder:   ${folder}`);
+  console.log(`API base: ${apiBase}\n`);
+
+  const lock = await readLock(folder);
+  if (!lock) {
+    console.log(err('No lock file. Run: vibesecur-mcp init'));
+  } else {
+    console.log(ok('Lock file present'));
+    const diag = await diagnosticLock(folder);
+    console.log(diag.healthy ? ok('Lock diagnostic: healthy') : err('Lock diagnostic: issues'));
+    if (diag.issues?.length) diag.issues.forEach((i) => console.log(`  - ${i}`));
+  }
+
+  const tokenEnv = process.env.VIBESECUR_INSTALL_TOKEN;
+  const rootEnv = process.env.VIBESECUR_BOUND_ROOT;
+  console.log(`\n${BOLD}Shell env (optional; IDE sets these when MCP runs):${RESET}`);
+  console.log(`  VIBESECUR_INSTALL_TOKEN: ${tokenEnv ? dim('set') : dim('not set in this shell (normal)')}`);
+  console.log(`  VIBESECUR_BOUND_ROOT:    ${rootEnv ? dim('set') : dim('not set in this shell (normal)')}`);
+  console.log(`  VIBESECUR_API_BASE:      ${process.env.VIBESECUR_API_BASE ? dim(process.env.VIBESECUR_API_BASE) : dim(`${DEFAULT_API_BASE} (default)`)}`);
+
+  const ping = await pingBackend(apiBase);
+  if (ping.skipped) {
+    console.log(`\n${err('Backend ping skipped')}`);
+  } else if (ping.ok) {
+    const note = ping.status >= 400 ? ' (server responded; check path if unexpected)' : '';
+    console.log(`\n${ok(`Backend responded HTTP ${ping.status}${note}`)}`);
+    console.log(dim(`  ${ping.url || ''}`));
+  } else {
+    console.log(`\n${err('Backend not reachable')}`);
+    if (ping.status !== undefined) console.log(`  HTTP ${ping.status}`);
+    if (ping.error) console.log(`  ${ping.error}`);
+  }
+
+  console.log(`\n${BOLD}CLI:${RESET} ${NPM_PACKAGE_NAME}@${mcpPkg.version}`);
+  console.log(dim('If IDE still fails: run init again, paste fresh config, reload IDE.\n'));
 }
 
 function usage() {
   console.log(`\n${h('Vibesecur MCP')}`);
-  console.log('  bind <folder>    bind install to a project folder');
-  console.log('  rebind <folder>  revoke old token, issue new lock');
-  console.log('  status [folder]  check lock health');
-  console.log('  config <folder>  print IDE config snippets');
-  console.log('  start            start MCP server (stdio)\n');
+  console.log(`  ${dim('Quick start:')} vibesecur-mcp init`);
+  console.log('  init [folder]       bind + print IDE configs [--api-base=URL] [--write=cursor|vscode|windsurf|all] [--skip-bind]');
+  console.log('  doctor [folder]   check lock + backend [--api-base=URL]');
+  console.log('  bind <folder>     create lock only');
+  console.log('  rebind <folder>   rotate token');
+  console.log('  status [folder]   lock health');
+  console.log('  config [folder]   print snippets only');
+  console.log('  start             MCP server (stdio)\n');
   process.exit(1);
 }
 
 try {
   switch (command) {
+    case 'init': await cmdInit(); break;
+    case 'doctor': await cmdDoctor(); break;
     case 'bind': await cmdBind(); break;
     case 'rebind': await cmdRebind(); break;
     case 'status': await cmdStatus(); break;

package/src/index.js

@@ -1,6 +1,5 @@
 /**
- * Re-exports the Vibesecur rule engine for MCP servers, Cursor hooks, or other tooling.
- * Implement MCP protocol handlers in a separate file that imports from here or from
- * `@vibesecur/rule-engine` directly.
+ * Re-export bundled local rule engine for MCP tooling.
+ * This keeps the MCP package self-contained at runtime.
  */
-export * from '@vibesecur/rule-engine';
+export * from './rule-engine/index.js';

package/src/rule-engine/index.js

@@ -1,7 +1,7 @@
 /**
  * rule-engine/index.js
  * Bundled inline - no external @vibesecur/rule-engine dep needed.
- * This allows `npx @vibesecur/mcp-server` to work standalone.
+ * This allows `npx @saiteja1123/mcp-server` to work standalone.
  */
 export { JS_RULES, PY_RULES, CHECKLIST } from './rules.js';
 export { localScan } from './localScan.js';

package/src/rule-engine/localScan.js

@@ -24,7 +24,9 @@ export function localScan(code, lang = 'js') {
         severity: rule.sev,
         category: rule.cat,
         lineNumber,
+        endLineNumber: lineNumber,
         snippet,
+        snippetPreview: snippet,
         fix: rule.fix,
       });
     }

package/src/server.js

@@ -110,7 +110,11 @@ function humanRepoSummary(meta, agg) {
 
 function flattenFindings(fileResults) {
   return fileResults.flatMap((fr) =>
-    (fr.result.findings || []).map((f) => ({ ...f, filePath: fr.filePath })),
+    (fr.result.findings || []).map((f) => ({
+      ...f,
+      filePath: fr.filePath,
+      snippetPreview: f.snippetPreview || f.snippet || '',
+    })),
   );
 }
 
@@ -124,10 +128,11 @@ function pickTopFindings(fileResults, n) {
   return flat.slice(0, n).map((f) => ({
     filePath: f.filePath,
     lineNumber: f.lineNumber,
+    endLineNumber: f.endLineNumber || f.lineNumber,
     ruleId: f.ruleId,
     ruleName: f.ruleName,
     severity: f.severity,
-    snippetPreview: (f.snippet || '').slice(0, 120),
+    snippetPreview: (f.snippetPreview || '').slice(0, 120),
   }));
 }
 
@@ -284,6 +289,11 @@ server.registerTool('scanFile', {
       result = localScan(code, useLang);
     }
     const findings = result.findings || [];
+    const findingsWithLocation = findings.map((f) => ({
+      ...f,
+      filePath: resolvedPath,
+      snippetPreview: f.snippetPreview || f.snippet || '',
+    }));
     const bySev = findings.reduce((a, f) => {
       a[f.severity] = (a[f.severity] || 0) + 1;
       return a;
@@ -295,10 +305,13 @@ server.registerTool('scanFile', {
       lang: useLang,
       score: result.score,
       grade: result.grade,
-      findings: findings.length,
+      findings: findingsWithLocation.length,
       bySeverity: bySev,
       checklist: result.checklist,
-      result,
+      result: {
+        ...result,
+        findings: findingsWithLocation,
+      },
     };
     return { content: [{ type: 'text', text: JSON.stringify(body, null, 2) }], structuredContent: body };
   } catch (e) {
@@ -323,6 +336,17 @@ server.registerTool('scanRepo', {
     await ensureDirectory(resolvedRoot);
     const { matchedFiles, limitedFiles, fileResults, aggregate, topRiskFiles } =
       await gatherRepoScan(resolvedRoot, includeGlobs, excludeGlobs, maxFiles);
+    const allFindings = flattenFindings(fileResults).map((f) => ({
+      filePath: f.filePath,
+      lineNumber: f.lineNumber,
+      endLineNumber: f.endLineNumber || f.lineNumber,
+      ruleId: f.ruleId,
+      ruleName: f.ruleName,
+      severity: f.severity,
+      category: f.category,
+      snippetPreview: (f.snippetPreview || '').slice(0, 120),
+      fix: f.fix,
+    }));
     const meta = buildScanMeta(resolvedRoot, includeGlobs, excludeGlobs, maxFiles, matchedFiles.length, limitedFiles.length);
     const body = {
       meta,
@@ -334,6 +358,7 @@ server.registerTool('scanRepo', {
       summary: aggregate.summary,
       checklist: aggregate.checklist,
       topRiskFiles,
+      allFindings,
     };
     return { content: [{ type: 'text', text: JSON.stringify(body, null, 2) }], structuredContent: { ...body, fileResults } };
   } catch (e) {
@@ -350,8 +375,16 @@ server.registerTool('scanSummary', {
     excludeGlobs: z.array(z.string()).default(DEFAULT_EXCLUDE),
     maxFiles: z.number().int().min(1).max(5000).default(200),
     topFindings: z.number().int().min(1).max(50).default(20),
+    maxFindings: z.number().int().min(20).max(500).default(200),
   },
-}, async ({ rootPath, includeGlobs = DEFAULT_INCLUDE, excludeGlobs = DEFAULT_EXCLUDE, maxFiles = 200, topFindings = 20 }) => {
+}, async ({
+  rootPath,
+  includeGlobs = DEFAULT_INCLUDE,
+  excludeGlobs = DEFAULT_EXCLUDE,
+  maxFiles = 200,
+  topFindings = 20,
+  maxFindings = 200,
+}) => {
   try {
     const guard = await guardPath(rootPath);
     if (!guard.ok) return guardError(guard);
@@ -361,12 +394,24 @@ server.registerTool('scanSummary', {
       await gatherRepoScan(resolvedRoot, includeGlobs, excludeGlobs, maxFiles);
     const meta = buildScanMeta(resolvedRoot, includeGlobs, excludeGlobs, maxFiles, matchedFiles.length, limitedFiles.length);
     const top = pickTopFindings(fileResults, topFindings);
+    const allFindings = flattenFindings(fileResults).slice(0, maxFindings).map((f) => ({
+      filePath: f.filePath,
+      lineNumber: f.lineNumber,
+      endLineNumber: f.endLineNumber || f.lineNumber,
+      ruleId: f.ruleId,
+      ruleName: f.ruleName,
+      severity: f.severity,
+      category: f.category,
+      snippetPreview: (f.snippetPreview || '').slice(0, 120),
+      fix: f.fix,
+    }));
     const payload = {
       meta,
       humanSummary: humanRepoSummary(meta, aggregate),
       summary: aggregate.summary,
       checklist: { passed: aggregate.checklist.filter((c) => c.pass).length, total: aggregate.checklist.length },
       topFindings: top,
+      allFindings,
     };
     return { content: [{ type: 'text', text: JSON.stringify(payload, null, 2) }], structuredContent: payload };
   } catch (e) {
@@ -396,6 +441,17 @@ server.registerTool('scanCurrentWorkspace', {
     await ensureDirectory(guard.resolvedRoot);
     const { matchedFiles, limitedFiles, fileResults, aggregate, topRiskFiles } =
       await gatherRepoScan(guard.resolvedRoot, includeGlobs, excludeGlobs, maxFiles);
+    const allFindings = flattenFindings(fileResults).map((f) => ({
+      filePath: f.filePath,
+      lineNumber: f.lineNumber,
+      endLineNumber: f.endLineNumber || f.lineNumber,
+      ruleId: f.ruleId,
+      ruleName: f.ruleName,
+      severity: f.severity,
+      category: f.category,
+      snippetPreview: (f.snippetPreview || '').slice(0, 120),
+      fix: f.fix,
+    }));
     const meta = buildScanMeta(guard.resolvedRoot, includeGlobs, excludeGlobs, maxFiles, matchedFiles.length, limitedFiles.length);
     const body = {
       meta,
@@ -407,6 +463,7 @@ server.registerTool('scanCurrentWorkspace', {
       summary: aggregate.summary,
       checklist: aggregate.checklist,
       topRiskFiles,
+      allFindings,
     };
     return { content: [{ type: 'text', text: JSON.stringify(body, null, 2) }], structuredContent: { ...body, fileResults } };
   } catch (e) {