@triedotdev/mcp 1.0.32 → 1.0.34

package/README.md

@@ -2,7 +2,12 @@
 
 **Customizable Parallel Agents for AI Code Review**
 
-20+ specialized agents scan your code for security, privacy, compliance, and bugs—all running in parallel with intelligent caching and real-time streaming.
+20 specialized agents scan your code for security, privacy, compliance, and bugs—all running in parallel with intelligent caching and real-time streaming.
+
+## What's New (latest updates)
+- Slash-friendly commands: `/trie` and `/trie_<tool>` work the same as `trie`.
+- Command palette: call `trie` with `action` to dispatch (scan, any agent, agent_smith, pr_review, watch, test, fix, explain, list_agents).
+- Clear MCP naming: all tools are discoverable with `trie_*` prefixes while short aliases still work.
 
 ---
 
@@ -11,14 +16,15 @@
 - [Features](#features)
 - [Quick Start](#quick-start)
 - [Usage](#usage)
+- [MCP Tools](#mcp-tools)
 - [CLI](#cli)
-- [CI/CD Integration](#cicd-integration)
-- [VS Code Extension](#vs-code-extension)
 - [Built-in Agents](#built-in-agents)
 - [Special Agents](#special-agents)
 - [Custom Agents](#custom-agents)
+- [AI-Enhanced Mode](#ai-enhanced-mode)
+- [CI/CD Integration](#cicd-integration)
+- [VS Code Extension](#vs-code-extension)
 - [Configuration](#configuration)
-- [Team Collaboration](#team-collaboration)
 - [License](#license)
 
 ---
@@ -29,12 +35,11 @@
 
 | Feature | Description |
 |---------|-------------|
-| **20+ Built-in Agents** | Security, Privacy, SOC 2, Legal, Architecture, Performance, E2E, Visual QA, Data Flow, Agent Smith, and more |
+| **20 Built-in Agents** | Security, Privacy, SOC 2, Legal, Architecture, Performance, E2E, Visual QA, Data Flow, and more |
 | **Parallel Execution** | True parallel execution with worker threads—3-5x faster scans |
 | **Result Caching** | File-based caching with SHA256 hashing—70% faster repeated scans |
-| **Streaming Progress** | Real-time progress updates as agents complete |
 | **Smart Triaging** | Only activates relevant agents based on code context |
-| **Interactive Dashboard** | Terminal UI with progress bars, filters, and issue browser |
+| **Streaming Progress** | Real-time progress updates as agents complete |
 
 ### Developer Experience
 
@@ -50,7 +55,6 @@
 | Feature | Description |
 |---------|-------------|
 | **CI/CD Integration** | GitHub Actions, pre-commit hooks, SARIF output |
-| **Team Collaboration** | Issue assignment, Slack notifications, expertise-based routing |
 | **VS Code Extension** | Inline diagnostics, quick-fix code actions, scan on save |
 
 ---
@@ -96,14 +100,10 @@ Trie works with any MCP-compatible AI tool (OpenCode, Windsurf, etc.). Configure
 npx @triedotdev/mcp
 ```
 
-Trie auto-detects which tool is running and adapts its output format accordingly.
-
 ---
 
 ## Usage
 
-### Basic Scanning
-
 Once configured, ask your AI assistant:
 
 ```
@@ -117,76 +117,76 @@ Run trie_security on this file
 Run trie_soc2 to check compliance
 ```
 
-### AI-Enhanced Mode (Recommended)
+Slash-friendly command palette:
 
-Trie works in two modes:
+- `trie` or `/trie` shows the quick menu.
+- `trie` / `/trie` with `{ action: "scan", files?: [], directory?: "" }` runs a full triaged scan.
+- `trie` / `/trie` with `{ action: "<agent>", files?: [] }` runs one agent (e.g., `security`, `ux`, `soc2`, `agent_smith`).
 
-| Mode | Description |
-|------|-------------|
-| **Pattern-Only** (default) | Fast regex matching for specific patterns (exposed secrets, async forEach, etc.). Limited coverage without AI. |
-| **AI-Enhanced** | Full analysis: pattern detection + AI validation + deeper issue discovery. **Recommended for comprehensive scanning.** |
-
-> **Note:** Pattern-only mode catches specific high-confidence issues (AWS keys, GitHub tokens, common anti-patterns) but won't find logic bugs, architectural issues, or context-dependent problems. For thorough analysis, enable AI mode.
-
-**Enable AI mode:**
-
-**For MCP usage (Cursor/Claude Code):**
+### How It Works
 
-Add the API key to your MCP configuration:
+Trie generates **actionable reports** with high-confidence issues. It does not auto-fix code. Instead:
 
-```json
-{
-  "mcpServers": {
-    "Trie": {
-      "command": "npx",
-      "args": ["@triedotdev/mcp"],
-      "env": {
-        "ANTHROPIC_API_KEY": "sk-ant-..."
-      }
-    }
-  }
-}
-```
+1. **Trie scans** your code and generates a report with prioritized issues
+2. **You review** the issues in the report
+3. **You (or Cursor/Claude Code)** apply fixes based on Trie's recommendations
 
-**For CLI usage (terminal/CI):**
+---
 
-Add the API key to your project's `.env.local` file (in your project root):
+## MCP Tools
 
-```bash
-echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env.local
-```
+These tools are available when using Trie via MCP (Cursor, Claude Code, etc.).
 
-Then load it before running CLI commands:
+### Core Tools
 
-```bash
-# Load environment variables
-set -a; source .env.local; set +a
-
-# Now run CLI commands
-trie-agent scan
-```
+| Tool | Description |
+|------|-------------|
+| `trie_scan` | Scan code with intelligent agent selection |
+| `trie_watch` | Watch mode—automatically scan files as you code |
+| `trie_fix` | Generate fix recommendations for detected issues |
+| `trie_explain` | Explain code, issues, or changes in plain language |
 
-> **Important:** 
-> - **MCP config** (`env` in mcp.json) only applies to the MCP server process launched by Cursor/Claude Code
-> - **CLI commands** (`trie-agent scan`, `trie-agent watch`) need the key in your shell environment (via `.env.local` or `export`)
-> - The MCP server and CLI are separate processes with separate environments
+### Custom Agent Tools
 
-When AI is enabled, you'll see:
-- `AI-powered analysis enabled` in output
-- `[AI VALIDATED]` and `[AI FOUND]` tags on issues
-- Richer fix recommendations
+| Tool | Description |
+|------|-------------|
+| `trie_create_agent` | Create a custom agent from a PDF, TXT, or MD document |
+| `trie_save_agent` | Save a custom agent configuration |
+| `trie_list_agents` | List all registered agents (built-in and custom) |
+
+### Individual Agent Tools
+
+Run a specific agent directly:
+
+| Tool | What It Catches |
+|------|-----------------|
+| `trie_security` | SQL injection, XSS, hardcoded secrets, auth bypasses, OWASP Top 10 |
+| `trie_privacy` | GDPR/CCPA/PCI-DSS compliance, PII exposure, logging sensitive data |
+| `trie_soc2` | Access control gaps, missing audit logs, encryption issues |
+| `trie_legal` | HIPAA/COPPA compliance, consent patterns, data retention |
+| `trie_accessibility` | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
+| `trie_architecture` | Code organization, SOLID principles, N+1 queries, scalability |
+| `trie_bugs` | Null safety, edge cases, async issues, common bugs |
+| `trie_types` | Type errors, missing annotations, null checks |
+| `trie_devops` | Config issues, logging, environment variables, deployment patterns |
+| `trie_clean` | Clean up AI-generated code: find vibe-coded patterns and quick fixes |
+| `trie_design` | Awwwards-level polish, design systems, motion design |
+| `trie_ux` | Simulate happy path, security tester, confused user, impatient user |
 
 ---
 
 ## CLI
 
-Trie includes a CLI for terminal-based scanning and CI/CD integration. The CLI generates reports with actionable issues—it does not auto-fix code. Use Cursor or Claude Code to apply fixes based on the reports.
+Trie includes a CLI for terminal-based scanning and CI/CD integration.
 
-> **Note:** The CLI is separate from MCP tools. Use MCP tools (`trie_scan`, `trie_watch`) when working inside Cursor/Claude Code. Use the CLI (`trie-agent scan`, `trie-agent watch`) for terminal/CI usage.
+> **Note:** The CLI is separate from MCP tools. Use MCP tools (`trie_scan`, `trie_watch`) when working inside Cursor/Claude Code. Use the CLI for terminal/CI usage.
 
 ### Commands
 
 ```bash
+# List available commands
+trie-agent help
+
 # Basic scan (generates report and exits)
 trie-agent scan
 
@@ -204,6 +204,9 @@ trie-agent scan --agents security,privacy,bugs
 
 # Output JSON report
 trie-agent scan --format json --output report.json
+
+# List all available agents
+trie-agent agents
 ```
 
 ### CLI vs MCP Tools
@@ -214,27 +217,160 @@ trie-agent scan --format json --output report.json
 | **Terminal/CI** | CLI (`trie-agent scan`, `trie-agent watch`) | Running from terminal, CI pipelines, scripts |
 | **VS Code** | VS Code extension | Using VS Code (not Cursor/Claude Code) |
 
-Both generate the same reports—they're just different interfaces to the same scanning engine.
+---
+
+## Built-in Agents
+
+### Security & Compliance (4 agents)
+
+| Agent | Description |
+|-------|-------------|
+| **Security** | SQL injection, XSS, hardcoded secrets, auth bypasses, OWASP Top 10 |
+| **Privacy** | GDPR/CCPA/PCI-DSS compliance, PII exposure, data encryption |
+| **SOC 2** | Access control gaps, missing audit logs, encryption, secrets management |
+| **Legal** | HIPAA/COPPA compliance, consent patterns, data retention |
+
+### Code Quality (6 agents)
+
+| Agent | Description |
+|-------|-------------|
+| **TypeCheck** | Type errors, missing annotations, null checks |
+| **Bug Finding** | Null safety, edge cases, async issues, race conditions |
+| **Software Architect** | Code organization, SOLID principles, N+1 queries, scalability |
+| **Test** | Missing test coverage, test quality, edge case coverage |
+| **Performance** | Memory leaks, inefficient algorithms, bundle size |
+| **Trie Clean** | Clean up AI-generated "vibe code": find common mistakes and quick fixes |
+
+### UI/UX (5 agents)
+
+| Agent | Description |
+|-------|-------------|
+| **Accessibility** | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
+| **Design Engineer** | Awwwards-level polish, design systems, motion design, creative CSS |
+| **User Testing** | Simulate happy path, security tester, confused user, impatient user |
+| **Visual QA** | Visual regression, responsive design, cross-browser issues |
+| **E2E** | End-to-end test coverage, user flow validation |
+
+### Operations (3 agents)
+
+| Agent | Description |
+|-------|-------------|
+| **DevOps** | Config issues, logging, environment variables, deployment patterns |
+| **Data Flow** | Data flow analysis, state management, API contracts |
+| **Comprehension** | Plain language explanations for non-technical stakeholders |
 
 ---
 
-## How It Works
+## Special Agents
 
-Trie generates **actionable reports** with high-confidence issues. It does not auto-fix code. Instead:
+These agents are **manually invoked**—they don't run during `trie_scan`.
 
-1. **Trie scans** your code and generates a report with prioritized issues
-2. **You review** the issues in the report (or share with Cursor/Claude Code)
-3. **You (or Cursor/Claude Code)** apply fixes based on Trie's recommendations
+### Super Reviewer
+
+Interactive PR reviews: walks through changes file-by-file with AI guidance.
 
-This keeps you in control while providing comprehensive issue detection. Trie focuses on **finding and reporting** issues—you decide how to fix them.
+```
+Run trie_super_reviewer on this PR
+```
+
+### Agent Smith
+
+The ultimate AI code enforcer—43 specialized hunters targeting AI-generated anti-patterns. Runs a swarm of sub-agents to find "vibe-coded" patterns.
+
+```
+Run trie_agent_smith on this codebase
+```
 
 ---
 
-## CI/CD Integration
+## Custom Agents
+
+Create your own agents from PDFs, style guides, or documentation.
 
-Trie integrates seamlessly with GitHub Actions for automated security scanning.
+### Create a Custom Agent
 
-### Quick Setup
+```
+Create a custom agent from my-style-guide.pdf called "brand_guidelines"
+```
+
+Or use the MCP tool directly:
+
+```
+trie_create_agent with filePath: "./docs/style-guide.pdf", agentName: "brand_guidelines"
+```
+
+### How It Works
+
+1. **Parse** — Trie extracts text from your document (PDF, TXT, MD)
+2. **Compress** — AI distills the document into actionable rules
+3. **Register** — The agent is saved to `.trie/agents/` and loaded automatically
+
+### List Custom Agents
+
+```
+trie_list_agents
+```
+
+Custom agents are stored in `.trie/agents/` in your project directory.
+
+---
+
+## AI-Enhanced Mode
+
+Trie works in two modes:
+
+| Mode | Description |
+|------|-------------|
+| **Pattern-Only** (default) | Fast regex matching for specific patterns (exposed secrets, async forEach, etc.). Limited coverage. |
+| **AI-Enhanced** | Full analysis: pattern detection + AI validation + deeper issue discovery. **Recommended.** |
+
+### Enable AI Mode
+
+**For MCP usage (Cursor/Claude Code):**
+
+Add the API key to your MCP configuration:
+
+```json
+{
+  "mcpServers": {
+    "Trie": {
+      "command": "npx",
+      "args": ["@triedotdev/mcp"],
+      "env": {
+        "ANTHROPIC_API_KEY": "sk-ant-..."
+      }
+    }
+  }
+}
+```
+
+**For CLI usage (terminal/CI):**
+
+Add the API key to your project's `.env.local` file:
+
+```bash
+echo 'ANTHROPIC_API_KEY=sk-ant-...' >> .env.local
+```
+
+Then load it before running CLI commands:
+
+```bash
+set -a; source .env.local; set +a
+trie-agent scan
+```
+
+> **Important:** MCP config only applies to the MCP server. CLI commands need the key in your shell environment.
+
+When AI is enabled, you'll see:
+- `AI-powered analysis enabled` in output
+- `[AI VALIDATED]` and `[AI FOUND]` tags on issues
+- Richer fix recommendations
+
+---
+
+## CI/CD Integration
+
+### GitHub Actions
 
 Copy the workflow files to your repo:
 
@@ -245,19 +381,15 @@ cp node_modules/@triedotdev/mcp/.github/workflows/trie-*.yml .github/workflows/
 
 ### Available Workflows
 
-#### Full Security Scan (`trie-security-scan.yml`)
-
-Runs on push to `main`/`develop`, PRs, and daily schedule (2 AM UTC).
-
-**Features:**
+**Full Security Scan** (`trie-security-scan.yml`)
+- Runs on push to `main`/`develop`, PRs, and daily schedule
 - Runs security agents: `security`, `privacy`, `soc2`, `legal`
 - Uploads SARIF to GitHub Security tab
 - Comments on PRs with summary
 - Fails build on critical issues
 
-#### Pre-commit Checks (`trie-pre-commit.yml`)
-
-Runs on every PR—fast, incremental scanning.
+**Pre-commit Checks** (`trie-pre-commit.yml`)
+- Runs on every PR—fast, incremental scanning
 
 ---
 
@@ -265,32 +397,32 @@ Runs on every PR—fast, incremental scanning.
 
 Native VS Code extension with inline diagnostics and quick fixes.
 
----
-
-## Built-in Agents
-
-### Security & Compliance
-
-| Agent | Command | What It Catches |
-|-------|---------|-----------------|
-| **Security** | `trie_security` | SQL injection, XSS, hardcoded secrets, auth bypasses, OWASP Top 10 |
-| **Privacy** | `trie_privacy` | GDPR/CCPA/PCI-DSS compliance, data exposure, logging sensitive data |
-| **SOC 2** | `trie_soc2` | Access control gaps, missing audit logs, encryption issues |
-| **Legal** | `trie_legal` | HIPAA/COPPA compliance, consent patterns, data retention |
+### Features
+- Inline diagnostics from Trie scans
+- Quick-fix code actions
+- Scan on save
+- Status bar integration
 
 ---
 
-## Special Agents
-
-These agents are **manually invoked**—they don't run during `trie_scan`.
+## Configuration
 
-### Super Reviewer
+### Scan Options
 
-Interactive PR reviews: walks through changes file-by-file with AI guidance.
+| Option | Description | Default |
+|--------|-------------|---------|
+| `parallel` | Run agents in parallel | `true` |
+| `cache` | Enable result caching | `true` |
+| `maxConcurrency` | Max parallel agents | `4` |
+| `timeoutMs` | Agent timeout in milliseconds | `120000` |
+| `streaming` | Stream progress updates | `true` |
+| `workers` | Use worker threads | `true` |
 
-### Agent Smith
+### Example
 
-The ultimate AI code enforcer—43 specialized hunters targeting AI-generated anti-patterns.
+```
+trie_scan with parallel: true, cache: true, maxConcurrency: 8
+```
 
 ---