@securityreviewai/security-review-mcp 0.2.13 → 0.2.14

package/README.md

@@ -4,7 +4,7 @@ TypeScript MCP server for [SecurityReview.ai](https://securityreview.ai), publis
 
 - Pure Node runtime (no Python bootstrap)
 - Stdio MCP server compatible with Cursor, Windsurf, Claude Desktop, ChatGPT MCP, and other MCP clients
-- 54 tools for project/document/review/workflow/integration operations
+- 55 tools for project/document/review/workflow/integration operations
 - 8 built-in security-analysis prompts
 - 4 read-only MCP resources
 
@@ -108,7 +108,7 @@ Compatibility flags (no-op, retained for older configs):
 - `--python <path>`
 - `--force-install`
 
-## Tool Catalog (54)
+## Tool Catalog (55)
 
 ### Projects
 
@@ -130,6 +130,7 @@ Compatibility flags (no-op, retained for older configs):
 | `get_project_profile_security_control` | Get one security control by ID |
 | `list_profile_compliance_requirements` | List compliance requirements in project profile |
 | `get_profile_compliance_requirement` | Get one compliance requirement by ID |
+| `get_guardrails` | Get vibe guardrails configured for a vibe review project |
 | `update_vibe_project_profile` | Push/update vibe profile data (architecture notes, tech categories, user groups, compliance requirements, language stacks, description) by project ID |
 
 ### Documents
@@ -238,6 +239,7 @@ Compatibility flags (no-op, retained for older configs):
 1. `create_project` (or resolve with `find_project_by_name`)
 2. `update_vibe_project_profile` — supply any combination of `architecture_notes`, `tech_categories`, `user_groups`, `compliance_requirements`, `language_stacks`, and `description`
 3. `get_full_project_profile` — verify the updated profile
+4. `get_guardrails` — fetch configured guardrails for vibe review projects
 
 ### 4) Bring in Jira/Confluence Context
 

package/dist/api/client.js

@@ -178,6 +178,9 @@ export class SraiApiClient {
             jsonBody: payload,
         });
     }
+    async getGuardrails(projectId) {
+        return this.request("GET", `/api/projects/${projectId}/vibe-guardrails/`);
+    }
     async listDocuments(projectId) {
         return this.request("GET", `/api/projects/${projectId}/documents`);
     }

package/dist/tools/projectTools.js

@@ -101,6 +101,12 @@ export function registerProjectTools(server) {
             requirement_id: z.number().int(),
         },
     }, async ({ project_id, requirement_id }) => runTool(async () => getApiClient().getProjectProfileComplianceRequirement(project_id, requirement_id)));
+    server.registerTool("get_guardrails", {
+        description: "Get all vibe guardrails configured for a vibe review project. Returns each guardrail's title, rule type, category, instruction, and source references.",
+        inputSchema: {
+            project_id: z.number().int(),
+        },
+    }, async ({ project_id }) => runTool(async () => getApiClient().getGuardrails(project_id)));
     server.registerTool("update_vibe_project_profile", {
         description: "Push/update a project's vibe profile data by project ID. Accepts architecture notes, technology categories, user groups, compliance requirements, and other profile metadata. All fields are optional — only provided fields are sent to the API. Use this to populate or update a project profile in bulk from vibe/AI-generated context.",
         inputSchema: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@securityreviewai/security-review-mcp",
-  "version": "0.2.13",
+  "version": "0.2.14",
   "description": "Security Review MCP server (pure Node/TypeScript, npx-ready)",
   "license": "UNLICENSED",
   "private": false,