@securityreviewai/securityreview-kit 0.1.15 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -2
  2. package/src/generators/rules/ctm_sync.md +3 -3
  3. package/src/utils/constants.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@securityreviewai/securityreview-kit",
3
- "version": "0.1.15",
3
+ "version": "0.1.17",
4
4
  "description": "Bootstrap security-review-mcp for AI IDEs and CLI tools",
5
5
  "author": "Debarshi Das <debarshi.das@we45.com>",
6
6
  "license": "UNLICENSED",
@@ -34,7 +34,6 @@
34
34
  "vscode"
35
35
  ],
36
36
  "dependencies": {
37
- "@securityreviewai/securityreview-kit": "^0.1.11",
38
37
  "chalk": "^5.4.0",
39
38
  "commander": "^13.0.0",
40
39
  "inquirer": "^12.0.0"
package/src/generators/rules/ctm_sync.md CHANGED
@@ -20,8 +20,8 @@ When invoked:
20
20
  - **If a matching workflow exists:** use its `workflow_id` for the event.
21
21
  - **If none exists:** call `create_ai_ide_workflow` with:
22
22
  - `project_id`
23
- - `name`: a short sequential label `session1`, `session2`, `session3`, choose the next unused index (e.g. count existing AI IDE workflows for the project and use `session` + (count + 1), or first gap if your listing allows).
24
- - `description`: must include `chat_session_id:<chat_session_id>` so future syncs can attach to this workflow. Add a brief human-readable note if helpful.
23
+ - `name`: a short, meaningful heading derived from the **high-level feature or topic** being worked on in this session (e.g. `"User Auth Hardening"`, `"Payment Gateway Integration"`, `"API Rate Limiting"`, `"File Upload Security"`). Use 2–5 words, title-case. Do **not** use sequential labels like `session1/session2`. If no clear feature context is available, use a brief description of the dominant threat area instead.
24
+ - `description`: must include `chat_session_id:<chat_session_id>` so future syncs can attach to this workflow. Add a brief human-readable note if helpful.do not add the word ctm anywhere
25
25
  - Store the returned `workflow_id` for the upload step.
26
26
  4. Build a JSON payload for `create_ai_ide_event` with these exact keys:
27
27
  - `workflow_id`
@@ -50,4 +50,4 @@ When invoked:
50
50
  - Never invent missing values; use empty strings/arrays if data is unavailable.
51
51
  - Never omit `chat_session_id` from the payload.
52
52
  - Never skip the `update_vibe_project_profile` call when profile-relevant data (architecture, tech, users, compliance, languages, or description) can be derived from context.
53
- - Return a compact confirmation after upload (including whether an existing workflow was reused or a new `sessionN` workflow was created, and confirmation that the project profile was updated).
53
+ - Return a compact confirmation after upload (including whether an existing workflow was reused or a new named workflow was created, and confirmation that the project profile was updated).
package/src/utils/constants.js CHANGED
@@ -1,6 +1,6 @@
1
1
  // Shared constants for securityreview-kit
2
2
 
3
- export const MCP_SERVER_PACKAGE = 'security-review-mcp';
3
+ export const MCP_SERVER_PACKAGE = '@securityreviewai/security-review-mcp';
4
4
  export const MCP_SERVER_NAME = 'security-review-mcp';
5
5
 
6
6
  export const ENV_VARS = {