@triedotdev/mcp 1.0.36 → 1.0.37

package/README.md

@@ -9,10 +9,9 @@
 I like Claude Code Skills, but I found myself wanting more control. Trie keeps one code-first harness (registry + triager) across MCP, CLI, and CI, so the same agents and policies run everywhere—no shuffling separate .md skills per tool. It can turn my docs (PDF/TXT/MD/RTF) into agents (ingests, compresses, builds prompts, saves to `.trie/agents/`), lets me version and test them in TypeScript/JSON with identical behavior locally and in CI, and triager logs show which agents ran and why—no implicit routing. Trie is for people who want to build and govern their own agents with source-controlled prompts and transparent routing.
 
 ## What's New (latest updates)
-- Slash-friendly commands: `/trie` and `/trie_<tool>` work the same as `trie`.
-- Command palette: call `trie` with `action` to dispatch (scan, any agent, agent_smith, pr_review, watch, test, fix, explain, list_agents).
-- Clear MCP naming: all tools are discoverable with `trie_*` prefixes while short aliases still work.
-- Agent Smith speedups: single-pass file loading (skips binaries/giants), shared content across hunters, and stable memory hashes for better resurrected-issue tracking.
+- **Legal Agent v2.0**: Complete rewrite, now the most comprehensive legal compliance agent for app development. Covers 21 categories: open source licensing (GPL/AGPL/MIT), Terms of Service, API terms compliance, intellectual property, ADA/WCAG accessibility, GDPR/CCPA data protection, e-commerce/PCI, CAN-SPAM/TCPA marketing, COPPA child safety, export controls, DMCA, and more.
+
+- **Design Engineer v2.0**: Complete rewrite with 5-layer design intelligence architecture, AI slop detection (surface hierarchy, neon colors, purple overuse), verified token systems from Radix/Tailwind, WCAG contrast validation and domain-specific recommendations for fitness, fintech, ecommerce, and more.
 
 ---
 
@@ -24,6 +23,8 @@ I like Claude Code Skills, but I found myself wanting more control. Trie keeps o
 - [MCP Tools](#mcp-tools)
 - [CLI](#cli)
 - [Built-in Agents](#built-in-agents)
+- [Legal Agent (v2.0)](#legal-agent-v20)
+- [Design Engineer (v2.0)](#design-engineer-v20)
 - [Special Agents](#special-agents)
 - [Custom Agents](#custom-agents)
 - [AI-Enhanced Mode](#ai-enhanced-mode)
@@ -168,14 +169,14 @@ Run a specific agent directly:
 | `trie_security` | SQL injection, XSS, hardcoded secrets, auth bypasses, OWASP Top 10 |
 | `trie_privacy` | GDPR/CCPA/PCI-DSS compliance, PII exposure, logging sensitive data |
 | `trie_soc2` | Access control gaps, missing audit logs, encryption issues |
-| `trie_legal` | HIPAA/COPPA compliance, consent patterns, data retention |
+| `trie_legal` | Licensing, ToS, accessibility, IP, GDPR/CCPA, e-commerce, marketing, COPPA |
 | `trie_accessibility` | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
 | `trie_architecture` | Code organization, SOLID principles, N+1 queries, scalability |
 | `trie_bugs` | Null safety, edge cases, async issues, common bugs |
 | `trie_types` | Type errors, missing annotations, null checks |
 | `trie_devops` | Config issues, logging, environment variables, deployment patterns |
 | `trie_clean` | Clean up AI-generated code: find vibe-coded patterns and quick fixes |
-| `trie_design` | Awwwards-level polish, design systems, motion design |
+| `trie_design` | Design intelligence with AI slop detection, verified token systems, contrast validation |
 | `trie_ux` | Simulate happy path, security tester, confused user, impatient user |
 
 ---
@@ -233,7 +234,7 @@ trie-agent agents
 | **Security** | SQL injection, XSS, hardcoded secrets, auth bypasses, OWASP Top 10 |
 | **Privacy** | GDPR/CCPA/PCI-DSS compliance, PII exposure, data encryption |
 | **SOC 2** | Access control gaps, missing audit logs, encryption, secrets management |
-| **Legal** | HIPAA/COPPA compliance, consent patterns, data retention |
+| **Legal** | Comprehensive app legal: licensing, ToS, accessibility, IP, GDPR/CCPA, e-commerce, COPPA, marketing compliance |
 
 ### Code Quality (6 agents)
 
@@ -251,7 +252,7 @@ trie-agent agents
 | Agent | Description |
 |-------|-------------|
 | **Accessibility** | WCAG 2.1 compliance, keyboard nav, screen readers, color contrast |
-| **Design Engineer** | Awwwards-level polish, design systems, motion design, creative CSS |
+| **Design Engineer** | AI slop detection, verified token systems, contrast validation, design health scoring, domain-aware recommendations |
 | **User Testing** | Simulate happy path, security tester, confused user, impatient user |
 | **Visual QA** | Visual regression, responsive design, cross-browser issues |
 | **E2E** | End-to-end test coverage, user flow validation |
@@ -266,6 +267,184 @@ trie-agent agents
 
 ---
 
+## Legal Agent (v2.0)
+
+The Legal Agent has been completely rebuilt to be the most comprehensive legal compliance scanner for app development—covering everything from open source licensing to international data protection.
+
+### What It Covers (21 Categories)
+
+#### License & Open Source
+
+| Issue | Description |
+|-------|-------------|
+| **GPL/Copyleft Detection** | Flags GPL/AGPL code that may require your project to be open-sourced |
+| **AGPL Network Use** | Critical warning for AGPL's SaaS/network copyleft provisions |
+| **License Headers** | Missing SPDX identifiers in source files |
+| **Dependency Audit** | Recommends license-checker tools for third-party packages |
+| **Attribution Requirements** | MIT/BSD/Apache attribution obligations |
+
+#### Terms & Legal Documents
+
+| Issue | Description |
+|-------|-------------|
+| **Missing ToS** | User registration without Terms of Service reference |
+| **Pre-checked Consent** | ToS acceptance boxes that are pre-checked (unenforceable) |
+| **Privacy Policy** | Data collection without privacy policy disclosure |
+| **CalOPPA** | California Online Privacy Protection Act requirements |
+
+#### Third-Party & API Compliance
+
+| Issue | Description |
+|-------|-------------|
+| **API Terms** | Detects OpenAI, Stripe, Meta, Google, Twilio, AWS, YouTube usage |
+| **Font Licensing** | Flags font files that may require commercial licenses |
+| **Stock Assets** | Attribution requirements for Unsplash, Pexels, etc. |
+
+#### Intellectual Property
+
+| Issue | Description |
+|-------|-------------|
+| **Code Attribution** | Stack Overflow code (CC BY-SA), copied code comments |
+| **Trademark Usage** | Apple, Google, Microsoft, Amazon brand guideline compliance |
+
+#### Accessibility (Legal)
+
+| Issue | Description |
+|-------|-------------|
+| **ADA/Section 508** | Images without alt text, keyboard accessibility |
+| **WCAG Violations** | Color-only indicators, missing video captions |
+
+#### Data Protection
+
+| Issue | Description |
+|-------|-------------|
+| **GDPR/CCPA** | Consent management, data portability, right to erasure |
+| **Analytics Consent** | Tracking scripts without cookie consent |
+| **Data Retention** | Missing retention policies and deletion procedures |
+
+#### E-Commerce & Payments
+
+| Issue | Description |
+|-------|-------------|
+| **PCI DSS** | Direct card handling instead of tokenization (Stripe, etc.) |
+| **Price Transparency** | Hidden taxes/fees before checkout |
+| **Subscription Cancellation** | FTC Click-to-Cancel Rule compliance |
+| **Refund Policy** | Missing return/refund policy disclosure |
+
+#### Marketing & Advertising
+
+| Issue | Description |
+|-------|-------------|
+| **CAN-SPAM** | Marketing emails without unsubscribe mechanism |
+| **TCPA** | SMS marketing without express written consent |
+| **FTC Disclosure** | Affiliate links, sponsored content without disclosure |
+| **Fake Reviews** | Synthetic/AI-generated testimonials |
+
+#### Age & Child Safety
+
+| Issue | Description |
+|-------|-------------|
+| **COPPA** | Child-directed content without parental consent |
+| **Age Verification** | Alcohol, gambling, adult content without age gates |
+
+#### Export & International
+
+| Issue | Description |
+|-------|-------------|
+| **Export Controls (EAR)** | Strong encryption with international distribution |
+| **OFAC Sanctions** | Missing sanctions screening for international users |
+| **GDPR (EU)** | EU market without GDPR compliance |
+| **LGPD (Brazil)** | Brazil market without LGPD compliance |
+| **Cross-Border Transfers** | International data transfers without SCCs |
+
+#### User Content & Moderation
+
+| Issue | Description |
+|-------|-------------|
+| **Content Moderation** | User-generated content without moderation system |
+| **DMCA Safe Harbor** | File uploads without takedown procedures |
+
+#### Contracts & Liability
+
+| Issue | Description |
+|-------|-------------|
+| **Clickwrap Enforceability** | Agreement acceptance without scroll/read verification |
+| **Consent Recording** | Terms acceptance without timestamp/version logging |
+| **Warranty Disclaimers** | Missing "AS IS" and limitation of liability |
+| **Security Disclosure** | Missing security.txt or vulnerability disclosure process |
+
+### Severity Levels
+
+| Level | Examples |
+|-------|----------|
+| **Critical** | AGPL in SaaS, PCI violations, TCPA SMS marketing, fake reviews |
+| **Serious** | Missing ToS, no consent management, CAN-SPAM violations, COPPA |
+| **Moderate** | Missing data portability, license attribution, content moderation |
+| **Low** | License headers, security.txt, warranty disclaimers |
+
+---
+
+## Design Engineer (v2.0)
+
+The Design Engineer agent has been rebuilt with a comprehensive 5-layer design intelligence architecture to detect "AI slop" and enforce professional design standards.
+
+### What It Detects
+
+| Issue | Description |
+|-------|-------------|
+| **Surface Hierarchy** | Dark-on-dark surfaces with <8% lightness delta |
+| **Neon Colors** | Oversaturated colors (>80% saturation) that look amateur |
+| **Purple Overuse** | >40% violet/purple palette (common AI tell) |
+| **Accent Rainbow** | Multiple accent hue families (>1) in same view |
+| **Typography Uniformity** | Single font-weight usage lacking hierarchy |
+| **Missing Modern Fonts** | System-only font stacks without Inter/Geist |
+| **Magic Numbers** | Spacing values not on 4px grid |
+| **Low Contrast** | Text failing WCAG AA (4.5:1 ratio) |
+
+### Design Health Score
+
+Each scan produces a **Design Health Score** (0-100) with breakdown:
+- Token adoption %
+- Contrast compliance %
+- Spacing consistency %
+- Typography system %
+- Surface hierarchy %
+
+### Domain-Aware Recommendations
+
+The agent detects your product type and provides tailored guidance:
+
+| Domain | Default Mode | Accent Suggestions | Reference |
+|--------|--------------|-------------------|-----------|
+| **Fitness** | Dark | Orange, Tomato, Amber | Strava, Peloton |
+| **Fintech** | Light | Sky, Teal, Grass | Mercury, Stripe |
+| **Creative Tools** | Dark | Violet, Pink, Sky | Figma, Linear |
+| **E-commerce** | Light | Tomato, Pink, Amber | Shopify, Glossier |
+| **Dashboard** | Light | Blue, Indigo, Cyan | Vercel, Linear |
+
+### Verified Token Sources
+
+Instead of hardcoding colors, the agent references external sources:
+- **Radix Colors** — radix-ui.com/colors (contrast-guaranteed)
+- **Tailwind CSS** — tailwindcss.com/docs (zinc/slate scales)
+- **shadcn/ui** — ui.shadcn.com (production themes)
+
+### Exported Constants
+
+Design tokens are exported for use in other tools:
+
+```typescript
+import {
+  DESIGN_TOKEN_SOURCES,
+  TYPOGRAPHY_TOKENS,
+  SPACING_TOKENS,
+  MOTION_DESIGN_TOKENS,
+  DOMAIN_DESIGN_RULES,
+} from '@triedotdev/mcp/agents/design-engineer';
+```
+
+---
+
 ## Special Agents
 
 These agents are **manually invoked**—they don't run during `trie_scan`.