npm - @triedotdev/mcp - Versions diffs - 1.0.28 → 1.0.30 - Mend

@triedotdev/mcp 1.0.28 → 1.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/QUICK_START.md +10 -12
package/README.md +50 -456
package/dist/{chunk-BICD36UW.js → chunk-B6MTR6IG.js} +7 -1277
package/dist/chunk-B6MTR6IG.js.map +1 -0
package/dist/cli/main.js +5 -24
package/dist/cli/main.js.map +1 -1
package/dist/cli/yolo-daemon.js +9 -62
package/dist/cli/yolo-daemon.js.map +1 -1
package/dist/index.js +1359 -215
package/dist/index.js.map +1 -1
package/package.json +2 -2
package/dist/chunk-BICD36UW.js.map +0 -1

package/QUICK_START.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Quick Start Guide
-Get Trie Agent up and running in minutes to start scanning and fixing AI-generated code.
+Get Trie Agent up and running in minutes to start scanning and reviewing AI-generated code.
 ## Prerequisites
@@ -104,11 +104,11 @@ Use trie_scan to analyze the current file
 3. **Review results** - Trie will show:
    - Risk level and activated agents
    - Critical issues requiring review
-   - Auto-fixable issues
+   - Suggested fix prompts for AI
    - Plain-language explanations
-4. **Apply fixes:**
+4. **Fix issues:**
    ```
-   Auto-fix the high-confidence issues
+   Apply the suggested fixes for the critical issues
    ```
 5. **Generate tests:**
    ```
@@ -118,10 +118,10 @@ Use trie_scan to analyze the current file
 ## Available Tools
 - **`trie_scan`** - Scan code with intelligent agent selection
-- **`trie_fix`** - Apply high-confidence fixes automatically
+- **`trie_fix`** - Generate high-confidence fix prompts
 - **`trie_explain`** - Get plain-language explanations of code/issues
 - **`trie_test`** - Generate tests or check coverage
-- **`trie_commit`** - Create smart commit messages
+- **`trie_watch`** - Monitor files for changes and report issues
 - **`trie_register_agent`** - Add custom agents
 ## Example Output
@@ -140,8 +140,8 @@ Results:
 Score: 72/100 (needs work)
 🔴 2 Critical Issues (require your review)
-🟡 3 Serious Issues (can auto-fix)
-🔵 2 Moderate Issues (can auto-fix)
+🟡 3 Serious Issues
+🔵 2 Moderate Issues
 Critical Issues Preview:
 1. Password stored without hashing (auth/signup.ts:23)
@@ -163,8 +163,7 @@ Create `.trie/config.json` in your project root to customize behavior:
       "critical": 70,
       "high": 40,
       "medium": 20
-    },
-    "autoFixConfidence": 0.95
+    }
   },
   "agents": {
     "builtin": {
@@ -215,14 +214,13 @@ Update your MCP config with the correct path.
 - **Try different code patterns** - Test with auth, payments, UI components
 - **Explore agents** - See which agents activate for different code types
-- **Use auto-fix** - Let Trie fix high-confidence issues automatically
 - **Generate tests** - Create comprehensive test suites
 - **Add custom agents** - Extend Trie with your own review logic
 ## Support
 - 📚 **Documentation**: [trie.dev/docs](https://trie.dev/docs)
-- 🐛 **Issues**: [GitHub Issues](https://github.com/Trie-OS/mcp-agent/issues)
+- 🐛 **Issues**: [GitHub Issues](https://github.com/Trie-OS/Trie-Agent/issues)
 - 💬 **Community**: [Discord](https://discord.gg/trie-ai)
 ---

package/README.md CHANGED Viewed

@@ -18,7 +18,6 @@
 - [Special Agents](#special-agents)
 - [Custom Agents](#custom-agents)
 - [Configuration](#configuration)
-- [Docker](#docker)
 - [Team Collaboration](#team-collaboration)
 - [License](#license)
@@ -41,7 +40,7 @@
 | Feature | Description |
 |---------|-------------|
-| **YOLO Mode** | Autonomous auto-fixing as you code |
+| **Watch Mode** | Automatically scan files as you code |
 | **Custom Agents** | Create agents from PDFs, docs, or style guides |
 | **Works Everywhere** | Auto-detects Cursor, Claude Code, OpenCode, VS Code—adapts output automatically |
 | **AI-Enhanced Mode** | Optional deeper analysis with `ANTHROPIC_API_KEY` |
@@ -53,7 +52,6 @@
 | **CI/CD Integration** | GitHub Actions, pre-commit hooks, SARIF output |
 | **Team Collaboration** | Issue assignment, Slack notifications, expertise-based routing |
 | **VS Code Extension** | Inline diagnostics, quick-fix code actions, scan on save |
-| **Docker Support** | Optimized multi-stage builds for containers |
 ---
@@ -132,14 +130,11 @@ Trie works in two modes:
 **Enable AI mode:**
-```bash
-# Environment variable
-export ANTHROPIC_API_KEY=sk-ant-...
+**For MCP usage (Cursor/Claude Code):**
-# Or add it to your project (recommended for CLI usage like `trie-yolo`)
-echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env.local
+Add the API key to your MCP configuration:
-# Or in MCP config (Cursor / MCP tools)
+```json
 {
   "mcpServers": {
     "Trie": {
@@ -153,8 +148,28 @@ echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env.local
 }
 ```
-> **Important:** The `env` you set in Cursor’s MCP config is only inherited by the **MCP server process** that Cursor launches.
-> It does **not** automatically apply to standalone terminal commands like `trie-yolo` unless your shell/project environment also has `ANTHROPIC_API_KEY`.
+**For CLI usage (terminal/CI):**
+Add the API key to your project's `.env.local` file (in your project root):
+```bash
+echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env.local
+```
+Then load it before running CLI commands:
+```bash
+# Load environment variables
+set -a; source .env.local; set +a
+# Now run CLI commands
+trie-agent scan
+```
+> **Important:**
+> - **MCP config** (`env` in mcp.json) only applies to the MCP server process launched by Cursor/Claude Code
+> - **CLI commands** (`trie-agent scan`, `trie-agent watch`) need the key in your shell environment (via `.env.local` or `export`)
+> - The MCP server and CLI are separate processes with separate environments
 When AI is enabled, you'll see:
 - `AI-powered analysis enabled` in output
@@ -165,16 +180,21 @@ When AI is enabled, you'll see:
 ## CLI
-Trie includes a powerful CLI for terminal-based scanning.
+Trie includes a CLI for terminal-based scanning and CI/CD integration. The CLI generates reports with actionable issues—it does not auto-fix code. Use Cursor or Claude Code to apply fixes based on the reports.
+> **Note:** The CLI is separate from MCP tools. Use MCP tools (`trie_scan`, `trie_watch`) when working inside Cursor/Claude Code. Use the CLI (`trie-agent scan`, `trie-agent watch`) for terminal/CI usage.
 ### Commands
 ```bash
-# Basic scan
+# Basic scan (generates report and exits)
 trie-agent scan
+# Watch for changes (continuously scans and reports)
+trie-agent watch
 # Scan specific directory
-trie-agent scan --directory ./src
+trie-agent scan --dir ./src
 # Scan specific files
 trie-agent scan --files "src/api.ts,src/auth.ts"
@@ -182,66 +202,31 @@ trie-agent scan --files "src/api.ts,src/auth.ts"
 # Run specific agents
 trie-agent scan --agents security,privacy,bugs
-# Output formats
-trie-agent scan --format json --output results.json
-trie-agent scan --format sarif --output results.sarif
+# Output JSON report
+trie-agent scan --format json --output report.json
 ```
-### Performance Options
-```bash
-# Parallel execution (default: on)
-trie-agent scan --parallel
-# Enable caching (default: on)
-trie-agent scan --cache
+### CLI vs MCP Tools
-# Set concurrency
-trie-agent scan --max-concurrency 8
+| Use Case | Tool | When to Use |
+|----------|------|-------------|
+| **Interactive coding** | MCP tools (`trie_scan`, `trie_watch`) | Working inside Cursor/Claude Code |
+| **Terminal/CI** | CLI (`trie-agent scan`, `trie-agent watch`) | Running from terminal, CI pipelines, scripts |
+| **VS Code** | VS Code extension | Using VS Code (not Cursor/Claude Code) |
-# Use worker threads
-trie-agent scan --workers
+Both generate the same reports—they're just different interfaces to the same scanning engine.
-# Set timeout (ms)
-trie-agent scan --timeout 120000
-```
-### Interactive Mode
-```bash
-# Terminal UI with real-time progress
-trie-agent scan --interactive
-```
+---
-The interactive dashboard provides:
-- **Real-time progress bars** per agent
-- **Issue browser** with keyboard navigation
-- **Filters** by severity, agent, search
-- **Multiple views**: overview, issues, agents, files
-**Keyboard shortcuts:**
-| Key | Action |
-|-----|--------|
-| `Tab` | Switch views |
-| `↑/↓` | Navigate issues |
-| `Enter` | View issue details |
-| `f` | Filter issues |
-| `s` | Toggle sort |
-| `?` | Show help |
-| `q` | Quit |
-### Watch Mode (YOLO)
+## How It Works
-```bash
-# Start daemon with auto-fixing
-trie-yolo
+Trie generates **actionable reports** with high-confidence issues. It does not auto-fix code. Instead:
-# Watch without auto-fix
-trie-yolo --no-yolo
+1. **Trie scans** your code and generates a report with prioritized issues
+2. **You review** the issues in the report (or share with Cursor/Claude Code)
+3. **You (or Cursor/Claude Code)** apply fixes based on Trie's recommendations
-# One-shot scan
-trie-yolo --once
-```
+This keeps you in control while providing comprehensive issue detection. Trie focuses on **finding and reporting** issues—you decide how to fix them.
 ---
@@ -274,114 +259,12 @@ Runs on push to `main`/`develop`, PRs, and daily schedule (2 AM UTC).
 Runs on every PR—fast, incremental scanning.
-**Features:**
-- Only scans changed files (efficient for large codebases)
-- 5-minute timeout for quick feedback
-- Agent Smith pattern detection
-- Comments on PR if issues found
-### Reusable Action
-Use the action in any workflow:
-```yaml
-name: Security Check
-on: [push, pull_request]
-jobs:
-  scan:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Trie Security Scan
-        uses: trie-dev/security-action@v1
-        with:
-          agents: security,privacy,bugs
-          fail-on: critical
-          format: sarif
-          upload-sarif: true
-          comment-pr: true
-          parallel: true
-          cache: true
-```
-**Inputs:**
-| Input | Default | Description |
-|-------|---------|-------------|
-| `agents` | `security,privacy,bugs` | Comma-separated agent list |
-| `fail-on` | `critical` | Fail threshold: `critical`, `serious`, `moderate`, `low` |
-| `format` | `sarif` | Output format: `json`, `sarif`, `console` |
-| `upload-sarif` | `true` | Upload to GitHub Security tab |
-| `comment-pr` | `true` | Comment results on PRs |
-| `parallel` | `true` | Run agents in parallel |
-| `cache` | `true` | Enable result caching |
-**Outputs:**
-| Output | Description |
-|--------|-------------|
-| `results-file` | Path to scan results |
-| `critical-count` | Number of critical issues |
-| `serious-count` | Number of serious issues |
-| `total-count` | Total issues found |
-| `passed` | Whether scan passed |
-### Required Secrets
-| Secret | Required | Description |
-|--------|----------|-------------|
-| `ANTHROPIC_API_KEY` | Optional | Enables AI-enhanced scanning |
 ---
 ## VS Code Extension
 Native VS Code extension with inline diagnostics and quick fixes.
-### Features
-- **Inline Diagnostics** — Issues appear as squiggly underlines in editor
-- **Quick-fix Code Actions** — "Copy suggested fix" for each issue
-- **Scan on Save** — Automatically scan files when saved
-- **Workspace Scanning** — Scan entire workspace with one command
-### Installation
-```bash
-cd vscode-extension
-npm install
-npm run compile
-# Then "Run Extension" from VS Code debugger
-```
-Or package for distribution:
-```bash
-npx vsce package
-```
-### Commands
-| Command | Description |
-|---------|-------------|
-| `Trie: Scan Workspace` | Scan all files in workspace |
-| `Trie: Scan Current File` | Scan active file only |
-| `Trie: Copy Fix` | Copy suggested fix to clipboard |
-### Settings
-| Setting | Default | Description |
-|---------|---------|-------------|
-| `trie.executablePath` | `trie-agent` | Path to CLI executable |
-| `trie.scanOnSave` | `true` | Scan files on save |
-| `trie.parallel` | `true` | Run agents in parallel |
-| `trie.cache` | `true` | Enable caching |
-| `trie.useWorkers` | `false` | Use worker threads |
-| `trie.maxConcurrency` | `4` | Max parallel agents |
-| `trie.timeoutMs` | `120000` | Scan timeout |
 ---
 ## Built-in Agents
@@ -395,35 +278,6 @@ npx vsce package
 | **SOC 2** | `trie_soc2` | Access control gaps, missing audit logs, encryption issues |
 | **Legal** | `trie_legal` | HIPAA/COPPA compliance, consent patterns, data retention |
-### Code Quality
-| Agent | Command | What It Catches |
-|-------|---------|-----------------|
-| **Architecture** | `trie_architecture` | N+1 queries, circular deps, SOLID violations, god classes |
-| **Bugs** | `trie_bugs` | Null dereference, race conditions, off-by-one, async bugs |
-| **Types** | `trie_types` | Missing annotations, unsafe casts, implicit `any` |
-| **Clean** | `trie_clean` | AI code smells: huge files, console.logs, useEffect abuse |
-| **Data Flow** | `trie_data_flow` | Schema mismatches, hardcoded IDs, type coercion bugs |
-| **Performance** | `trie_performance` | Memory leaks, N+1 queries, unnecessary re-renders |
-### Design & UX
-| Agent | Command | What It Catches |
-|-------|---------|-----------------|
-| **Design Engineer** | `trie_design` | Design systems, motion design, Awwwards-level polish |
-| **Accessibility** | `trie_accessibility` | Missing ARIA, color contrast, keyboard nav (WCAG 2.1) |
-| **UX** | `trie_ux` | Missing loading states, poor error handling, broken flows |
-| **Visual QA** | `trie_visual_qa` | Layout shifts, z-index wars, responsive gaps |
-| **Visual QA Browser** | `trie_visual_qa_browser` | Screenshots at 3 viewports for vision analysis |
-### DevOps & Testing
-| Agent | Command | What It Catches |
-|-------|---------|-----------------|
-| **DevOps** | `trie_devops` | Missing env vars, config issues, no health checks |
-| **Test** | `trie_test` | Missing coverage, untested edge cases, weak assertions |
-| **E2E** | `trie_e2e` | Flaky tests, hardcoded waits, brittle selectors |
 ---
 ## Special Agents
@@ -434,270 +288,10 @@ These agents are **manually invoked**—they don't run during `trie_scan`.
 Interactive PR reviews: walks through changes file-by-file with AI guidance.
-```
-Use trie_pr_review
-Use trie_pr_review with pr:"12345"
-```
-**What it does:**
-- Orders files for comprehension (schemas → core → implementation → tests)
-- Explains what changed and why
-- Hunts for state bugs, race conditions, missing error handling
-- Pauses after each file for your input
-**Requirements:** [GitHub CLI (`gh`)](https://cli.github.com/) installed and authenticated
 ### Agent Smith
-*"I'm going to be honest with you... I hate this AI code."*
 The ultimate AI code enforcer—43 specialized hunters targeting AI-generated anti-patterns.
-```
-Use trie_agent_smith
-Use trie_smith
-```
-**43 Hunters across 9 categories:**
-| Category | Hunters |
-|----------|---------|
-| **Security** | exposed-secret, frontend-env, hardcoded-localhost, sql-injection, dangeroushtml |
-| **AI Code Smells** | console, any, ts-ignore, eslint-disable, debugger, force-flag |
-| **Async/Promise Bugs** | async-useeffect, async-foreach, missing-await, empty-catch, floating-promise |
-| **React Anti-patterns** | useeffect-abuse, usestate-explosion, index-key, inline-object, prop-drilling |
-| **Missing UX** | missing-loading, missing-error, missing-empty, page-reload |
-| **Backend Issues** | no-validation, raw-error, n-plus-one |
-| **Incomplete Code** | todo, vibe-comment, placeholder, sleep-hack, fallback |
-| **Dead Code** | commented-code, unreachable-code, unused-import, empty-function, dead-branch |
-| **AI Slop Aesthetic** | purple-gradient, star-icon, generic-hero, emoji-overflow, inter-font |
-**Memory commands:**
-```
-trie_agent_smith show_stats:true    # Show memory statistics
-trie_agent_smith clear_memory:true  # Clear all memory
-```
-### Visual QA Browser
-Screenshot-based visual testing with AI vision analysis.
-```
-Use trie_visual_qa_browser
-Use trie_visual_qa_browser url:"http://localhost:3000"
-```
-**What it does:**
-1. Auto-detects running dev server
-2. Captures screenshots at mobile (375px), tablet (768px), desktop (1440px)
-3. Returns images for AI vision analysis
-**Requirements:** Playwright (`npx playwright install chromium`) and a vision-capable model
----
-## Custom Agents
-Create specialized agents from any document:
-```
-Use trie_create_agent with filePath:"./style-guide.pdf" agentName:"my-style"
-```
-Supported formats: PDF, Markdown, text files.
-Custom agents automatically activate during scans based on their rules.
----
-## Configuration
-### Config File
-Create `.trie/config.json` in your project root:
-```json
-{
-  "version": "1.0.0",
-  "agents": {
-    "enabled": ["security", "privacy", "bugs", "types"],
-    "disabled": [],
-    "parallel": true,
-    "maxConcurrency": 4,
-    "timeout": 120000,
-    "cache": true
-  },
-  "compliance": {
-    "standards": ["SOC2", "GDPR"],
-    "enforceCompliance": false,
-    "reportFormat": "json"
-  },
-  "output": {
-    "format": "console",
-    "level": "all",
-    "interactive": false,
-    "streaming": true,
-    "colors": true
-  },
-  "paths": {
-    "include": [],
-    "exclude": ["node_modules", "dist", "build", ".git"],
-    "configDir": ".trie",
-    "outputDir": "trie-reports"
-  },
-  "integrations": {
-    "slack": {
-      "enabled": false,
-      "webhook": "",
-      "channel": "#security-alerts"
-    },
-    "github": {
-      "enabled": true
-    }
-  }
-}
-```
-### Configuration Validation
-Trie validates configuration on startup using Zod schemas:
-- Invalid configurations log errors and fall back to defaults
-- Missing API keys show warnings
-- File paths are verified to exist
----
-## Docker
-Optimized multi-stage Docker builds for CI/CD or isolated environments.
-### Build
-```bash
-docker build -t trie-agent .
-```
-### Run
-```bash
-# YOLO mode (auto-fix)
-docker run -v $(pwd):/app trie-agent --yolo
-# Watch mode (scan only)
-docker run -v $(pwd):/app trie-agent
-# CI mode (one-shot scan)
-docker run -v $(pwd):/app trie-agent --once
-```
-### Docker Compose
-```bash
-docker-compose up
-```
-### Modes
-| Mode | Flag | Description |
-|------|------|-------------|
-| YOLO | `--yolo` | Auto-fix high-confidence issues |
-| Watch | (default) | Scan on file changes |
-| CI | `--once` | One-shot scan, exit with code |
----
-## Team Collaboration
-Coordinate security scanning across your team with automatic issue assignment and notifications.
-### Team Configuration
-Create `.trie/team.json`:
-```json
-{
-  "members": [
-    {
-      "id": "alice",
-      "name": "Alice Smith",
-      "email": "alice@example.com",
-      "slack": "@alice",
-      "expertise": ["security", "privacy"],
-      "maxIssues": 10
-    },
-    {
-      "id": "bob",
-      "name": "Bob Jones",
-      "email": "bob@example.com",
-      "slack": "@bob",
-      "expertise": ["bugs", "performance"],
-      "maxIssues": 15
-    }
-  ]
-}
-```
-### Automatic Issue Assignment
-Trie automatically assigns issues based on:
-- **Expertise matching** — Security issues go to security experts
-- **Workload balancing** — Respects `maxIssues` limits
-- **Priority weighting** — Critical issues assigned first
-### Slack Integration
-Uses Slack's [Incoming Webhooks](https://api.slack.com/messaging/webhooks) — no OAuth or bot tokens required.
-**Setup:**
-1. Go to your Slack workspace → Apps → Incoming Webhooks
-2. Create a webhook for your channel
-3. Add to `.trie/config.json`:
-```json
-{
-  "integrations": {
-    "slack": {
-      "enabled": true,
-      "webhook": "https://hooks.slack.com/services/...",
-      "channel": "#security-alerts"
-    }
-  }
-}
-```
-**Notifications sent for:**
-- Scan completion summaries with issue counts
-- Critical issue alerts (immediate)
-- Issue assignments to team members
-- Escalations for overdue items
-- Daily/weekly team summaries
-### Smart Issue Grouping
-Issues are automatically:
-- **Grouped** by pattern (same issue across files)
-- **Prioritized** by risk score (0-100)
-- **Categorized**: security, performance, maintainability, correctness, style
-- **Bulk-fix detected** for trivial issues
----
-## Available Tools
-| Tool | Description |
-|------|-------------|
-| `trie_scan` | Intelligent scan with automatic agent selection |
-| `trie_pr_review` | Interactive PR review |
-| `trie_agent_smith` | AI code enforcer—43 hunters |
-| `trie_fix` | Apply high-confidence fixes |
-| `trie_explain` | Plain-language explanations |
-| `trie_watch` | Continuous scanning mode |
-| `trie_create_agent` | Create custom agent from document |
-| `trie_list_agents` | List all available agents |
-| `trie_visual_qa_browser` | Screenshot for vision analysis |
-Plus individual agent tools: `trie_security`, `trie_privacy`, `trie_soc2`, `trie_bugs`, etc.
 ---
 ## License