@securityreviewai/security-review-mcp 0.2.13 → 0.2.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +4 -2
  2. package/dist/api/client.js +12 -0
  3. package/dist/tools/projectTools.js +6 -0
  4. package/dist/tools/workflowTools.js +4 -2
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -4,7 +4,7 @@ TypeScript MCP server for [SecurityReview.ai](https://securityreview.ai), publis
4
4
 
5
5
  - Pure Node runtime (no Python bootstrap)
6
6
  - Stdio MCP server compatible with Cursor, Windsurf, Claude Desktop, ChatGPT MCP, and other MCP clients
7
- - 54 tools for project/document/review/workflow/integration operations
7
+ - 55 tools for project/document/review/workflow/integration operations
8
8
  - 8 built-in security-analysis prompts
9
9
  - 4 read-only MCP resources
10
10
 
@@ -108,7 +108,7 @@ Compatibility flags (no-op, retained for older configs):
108
108
  - `--python <path>`
109
109
  - `--force-install`
110
110
 
111
- ## Tool Catalog (54)
111
+ ## Tool Catalog (55)
112
112
 
113
113
  ### Projects
114
114
 
@@ -130,6 +130,7 @@ Compatibility flags (no-op, retained for older configs):
130
130
  | `get_project_profile_security_control` | Get one security control by ID |
131
131
  | `list_profile_compliance_requirements` | List compliance requirements in project profile |
132
132
  | `get_profile_compliance_requirement` | Get one compliance requirement by ID |
133
+ | `get_guardrails` | Get vibe guardrails configured for a vibe review project |
133
134
  | `update_vibe_project_profile` | Push/update vibe profile data (architecture notes, tech categories, user groups, compliance requirements, language stacks, description) by project ID |
134
135
 
135
136
  ### Documents
@@ -238,6 +239,7 @@ Compatibility flags (no-op, retained for older configs):
238
239
  1. `create_project` (or resolve with `find_project_by_name`)
239
240
  2. `update_vibe_project_profile` — supply any combination of `architecture_notes`, `tech_categories`, `user_groups`, `compliance_requirements`, `language_stacks`, and `description`
240
241
  3. `get_full_project_profile` — verify the updated profile
242
+ 4. `get_guardrails` — fetch configured guardrails for vibe review projects
241
243
 
242
244
  ### 4) Bring in Jira/Confluence Context
243
245
 
package/dist/api/client.js CHANGED
@@ -178,6 +178,18 @@ export class SraiApiClient {
178
178
  jsonBody: payload,
179
179
  });
180
180
  }
181
+ async getGuardrails(projectId) {
182
+ const path = `/api/projects/${projectId}/vibe-guardrails`;
183
+ try {
184
+ return await this.request("GET", path);
185
+ }
186
+ catch (error) {
187
+ if (error instanceof SraiApiError && error.statusCode === 404) {
188
+ return this.request("GET", `${path}/`);
189
+ }
190
+ throw error;
191
+ }
192
+ }
181
193
  async listDocuments(projectId) {
182
194
  return this.request("GET", `/api/projects/${projectId}/documents`);
183
195
  }
package/dist/tools/projectTools.js CHANGED
@@ -101,6 +101,12 @@ export function registerProjectTools(server) {
101
101
  requirement_id: z.number().int(),
102
102
  },
103
103
  }, async ({ project_id, requirement_id }) => runTool(async () => getApiClient().getProjectProfileComplianceRequirement(project_id, requirement_id)));
104
+ server.registerTool("get_guardrails", {
105
+ description: "Get all vibe guardrails configured for a vibe review project. Returns each guardrail's title, rule type, category, instruction, and source references.",
106
+ inputSchema: {
107
+ project_id: z.number().int(),
108
+ },
109
+ }, async ({ project_id }) => runTool(async () => getApiClient().getGuardrails(project_id)));
104
110
  server.registerTool("update_vibe_project_profile", {
105
111
  description: "Push/update a project's vibe profile data by project ID. Accepts architecture notes, technology categories, user groups, compliance requirements, and other profile metadata. All fields are optional — only provided fields are sent to the API. Use this to populate or update a project profile in bulk from vibe/AI-generated context.",
106
112
  inputSchema: {
package/dist/tools/workflowTools.js CHANGED
@@ -26,7 +26,7 @@ export function registerWorkflowTools(server) {
26
26
  },
27
27
  }, async ({ project_id, name, description }) => runTool(async () => getApiClient().createAiIdeWorkflow(project_id, name, description)));
28
28
  server.registerTool("create_ai_ide_event", {
29
- description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, and optional event metadata.",
29
+ description: "Create an AI IDE event under an existing AI IDE workflow. Include summary, developer details, mitigated threats (each threat must include severity: critical/high/medium/low), best practices, secure snippets, applied guardrails, and optional event metadata.",
30
30
  inputSchema: {
31
31
  project_id: z.number().int(),
32
32
  workflow_id: z.number().int(),
@@ -44,9 +44,10 @@ export function registerWorkflowTools(server) {
44
44
  .default([]),
45
45
  best_practices_achieved: z.array(z.object({}).catchall(z.unknown())).default([]),
46
46
  secure_code_snippets: z.array(z.object({}).catchall(z.unknown())).default([]),
47
+ guardrails_applied: z.array(z.object({}).catchall(z.unknown())).default([]),
47
48
  event_metadata: z.record(z.string(), z.unknown()).default({}),
48
49
  },
49
- }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, event_metadata, }) => runTool(async () => getApiClient().createAiIdeEvent(project_id, workflow_id, {
50
+ }, async ({ project_id, workflow_id, external_id, title, summary, developer_name, developer_email, threats_mitigated, best_practices_achieved, secure_code_snippets, guardrails_applied, event_metadata, }) => runTool(async () => getApiClient().createAiIdeEvent(project_id, workflow_id, {
50
51
  external_id,
51
52
  title,
52
53
  summary,
@@ -55,6 +56,7 @@ export function registerWorkflowTools(server) {
55
56
  threats_mitigated,
56
57
  best_practices_achieved,
57
58
  secure_code_snippets,
59
+ guardrails_applied,
58
60
  event_metadata,
59
61
  })));
60
62
  server.registerTool("start_workflow", {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@securityreviewai/security-review-mcp",
3
- "version": "0.2.13",
3
+ "version": "0.2.15",
4
4
  "description": "Security Review MCP server (pure Node/TypeScript, npx-ready)",
5
5
  "license": "UNLICENSED",
6
6
  "private": false,