npm - @shiftleftpt/sbd-toe-mcp - Versions diffs - 0.10.0 → 0.10.1 - Mend

@shiftleftpt/sbd-toe-mcp 0.10.0 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +1 -1
package/dist/version-info.d.ts +31 -0
package/dist/version-info.js +51 -0
package/dist/version-info.js.map +1 -0
package/examples/codex-config.toml +19 -0
package/package.json +7 -4

package/README.md CHANGED Viewed

@@ -180,7 +180,7 @@ npx -y @shiftleftpt/sbd-toe-mcp
 For environments without npm/npx:
-1. Download `sbd-toe-mcp-vX.Y.Z-bundle.zip` from [GitHub Releases](https://github.com/Shiftleftpt/sbd-toe-mcp-poc/releases).
+1. Download `sbd-toe-mcp-vX.Y.Z-bundle.zip` from [GitHub Releases](https://github.com/SbD-ToE/sbd-toe-mcp/releases).
 2. Extract the archive.
 3. Point your MCP client to the extracted `dist/index.js`:
    ```json

package/dist/version-info.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * version-info — provenance of the served knowledge for the sbd://toe/version
+ * resource. Reads the consumed-bundle.json pin (the declaration of which Codex KG
+ * build artefact this MCP serves) and exposes the Manual + KG + ontology versions.
+ *
+ * Best-effort: returns undefined if the pin is absent or malformed so the version
+ * resource degrades to package metadata only. Never invents versions/tags — only
+ * echoes the verified pin.
+ */
+export interface BundleProvenance {
+    manual: {
+        tag?: string | undefined;
+        version?: string | undefined;
+        commit?: string | undefined;
+        generated_at?: string | undefined;
+    };
+    kg: {
+        release_tag?: string | undefined;
+        sha256?: string | undefined;
+        source?: string | undefined;
+        substrate_version?: string | undefined;
+        consumer_contract_version?: string | undefined;
+    };
+    ontology: {
+        tag?: string | undefined;
+        commit?: string | undefined;
+    };
+}
+export declare function loadBundleProvenance(): BundleProvenance | undefined;
+/** Test-only: clears the module cache so a test can re-exercise the loader. */
+export declare function _resetBundleProvenanceCache(): void;

package/dist/version-info.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * version-info — provenance of the served knowledge for the sbd://toe/version
+ * resource. Reads the consumed-bundle.json pin (the declaration of which Codex KG
+ * build artefact this MCP serves) and exposes the Manual + KG + ontology versions.
+ *
+ * Best-effort: returns undefined if the pin is absent or malformed so the version
+ * resource degrades to package metadata only. Never invents versions/tags — only
+ * echoes the verified pin.
+ */
+import { readFileSync } from "node:fs";
+import { resolveAppPath } from "./config.js";
+let cached;
+export function loadBundleProvenance() {
+    if (cached !== undefined) {
+        return cached.value;
+    }
+    let pin;
+    try {
+        pin = JSON.parse(readFileSync(resolveAppPath("consumed-bundle.json"), "utf-8"));
+    }
+    catch {
+        cached = { value: undefined };
+        return undefined;
+    }
+    const value = {
+        manual: {
+            tag: pin.inputs?.manual?.tag,
+            version: pin.inputs?.manual?.version,
+            commit: pin.inputs?.manual?.commit,
+            generated_at: pin.inputs?.manual?.generated_at
+        },
+        kg: {
+            release_tag: pin.kg_bundle?.release_tag,
+            sha256: pin.kg_bundle?.release_sha256,
+            source: pin.kg_bundle?.source,
+            substrate_version: pin.substrate_version,
+            consumer_contract_version: pin.consumer_contract_version
+        },
+        ontology: {
+            tag: pin.inputs?.ontology?.tag,
+            commit: pin.inputs?.ontology?.commit
+        }
+    };
+    cached = { value };
+    return value;
+}
+/** Test-only: clears the module cache so a test can re-exercise the loader. */
+export function _resetBundleProvenanceCache() {
+    cached = undefined;
+}
+//# sourceMappingURL=version-info.js.map

package/dist/version-info.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"version-info.js","sourceRoot":"","sources":["../src/version-info.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAwB7C,IAAI,MAA2D,CAAC;AAEhE,MAAM,UAAU,oBAAoB;IAClC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,IAAI,GAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,CAAC,sBAAsB,CAAC,EAAE,OAAO,CAAC,CAAsB,CAAC;IACvG,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QAC9B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAqB;QAC9B,MAAM,EAAE;YACN,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG;YAC5B,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO;YACpC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM;YAClC,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY;SAC/C;QACD,EAAE,EAAE;YACF,WAAW,EAAE,GAAG,CAAC,SAAS,EAAE,WAAW;YACvC,MAAM,EAAE,GAAG,CAAC,SAAS,EAAE,cAAc;YACrC,MAAM,EAAE,GAAG,CAAC,SAAS,EAAE,MAAM;YAC7B,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;YACxC,yBAAyB,EAAE,GAAG,CAAC,yBAAyB;SACzD;QACD,QAAQ,EAAE;YACR,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG;YAC9B,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM;SACrC;KACF,CAAC;IACF,MAAM,GAAG,EAAE,KAAK,EAAE,CAAC;IACnB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,2BAA2B;IACzC,MAAM,GAAG,SAAS,CAAC;AACrB,CAAC"}

package/examples/codex-config.toml ADDED Viewed

@@ -0,0 +1,19 @@
+# SbD-ToE MCP — OpenAI Codex CLI configuration
+#
+# The Claude plugin format (.claude-plugin/, /plugin install) is Claude-only.
+# The MCP server itself is standard and works with any MCP client, including
+# Codex. Codex uses TOML config, not .mcp.json.
+#
+# Option A — CLI (interactive, first-time setup):
+#   codex mcp add sbd-toe -- npx -y @shiftleftpt/sbd-toe-mcp@0.10.1
+#
+# Option B — edit config directly (scriptable / reproducible):
+#   append the block below to ~/.codex/config.toml
+#   (or a project-scoped .codex/config.toml in a trusted project)
+[mcp_servers.sbd-toe]
+command = "npx"
+args = ["-y", "@shiftleftpt/sbd-toe-mcp@0.10.1"]
+# Until 0.10.1 is published to npm, use the last known-good version 0.7.7:
+#   args = ["-y", "@shiftleftpt/sbd-toe-mcp@0.7.7"]

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@shiftleftpt/sbd-toe-mcp",
-  "version": "0.10.0",
+  "version": "0.10.1",
   "license": "Apache-2.0",
   "description": "MCP server for the SbD-ToE (Security by Design — Theory of Everything) security manual — structured tools for Claude, GitHub Copilot and other MCP clients",
   "keywords": [
@@ -13,13 +13,13 @@
     "copilot",
     "llm"
   ],
-  "homepage": "https://github.com/Shiftleftpt/sbd-toe-mcp-poc#readme",
+  "homepage": "https://github.com/SbD-ToE/sbd-toe-mcp#readme",
   "bugs": {
-    "url": "https://github.com/Shiftleftpt/sbd-toe-mcp-poc/issues"
+    "url": "https://github.com/SbD-ToE/sbd-toe-mcp/issues"
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/Shiftleftpt/sbd-toe-mcp-poc.git"
+    "url": "git+https://github.com/SbD-ToE/sbd-toe-mcp.git"
   },
   "publishConfig": {
     "access": "public"
@@ -44,6 +44,9 @@
     "dist/types.js",
     "dist/types.d.ts",
     "dist/types.js.map",
+    "dist/version-info.js",
+    "dist/version-info.d.ts",
+    "dist/version-info.js.map",
     "dist/upstream/",
     "dist/validators/",
     "data/publish/indexes/publication_manifest.json",