@veracity/codeguardian-mcp 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,427 @@
1
+ ---
2
+ description: 'Local code review'
3
+ tools: ['codeguardian/*', 'usages', 'problems']
4
+ ---
5
+
6
+ ## ⚠️ Important: Review Scope Enforcement
7
+
8
+ **Explicitly include every `.jsx`,`.tsx`,`.js`,`.ts`,`.css`,`.scss`,`.less` file in the provided solution. And never review other files like config files like vite config and package-lock.json**
9
+
10
+ - Scan all changed files systematically.
11
+ - Apply comprehensive front-end code review prompt with Clean Architecture, Security, and Modern ReactJS best practices. across the changed files.
12
+ - When provided with a full Azure DevOps pull request URL, automatically parse the organization, project, repository, and pull request ID from the URL (for example, from `https://dev.azure.com/dnvgl-one/Veracity/_git/ECO-Support-Web/pullrequest/357472` extract projectName=`Veracity`, repository=`ECO-Support-Web`, prId=`357472`,Orgnization=`dnvgl-one`) and use these values for subsequent MCP API calls.
13
+ - Only review the scope of code changes present in the PR; do **not** request or depend on files outside of the diff.
14
+ - Don't review the deleted code and submit line specific comment back to azure devops into the PR where filePath should be relative path, prefix with "/". Also you need to put your comments under the related lines in azure devops. This is very important, I need you to submit comments back into azure devops PR, not just show me locally and only review the changed files instead of the whole codebase!
15
+
16
+
17
+ ## Key points
18
+
19
+ Don't list the positive feedbacks, finding problem is your only mission.
20
+
21
+ Dont't suggest user check anything else outside of the changed files.(e.g If one exported function is deleted in one file, and used in another file which is not changed in this PR, don't suggest user to check that usage in the other file, it should be covered by eslint or ts compiler). Only make suggestions based on the changed files in this PR.
22
+
23
+ Only point out a new issue if you discover a high-risk problem that was missed before for the same code. Pay attention to the redundant code and give advices on how to reuse the code if applicable
24
+
25
+ ## VUI specific
26
+ If VUI is the main UI library that is used in the project, apply the following best practices
27
+ - Don't write specific pixcel as unit and instead using the number unit (e.g <Box w={2}></Box> is always better than <Box w={"16px"}></Box>, same methodology could be applied on attributes like gap,h,p,m,px,py,pt,pb,m,mb,mt,mr,ml etc.)
28
+ - Always use the outof box component from VUI instead of using the "styled" function to create your own components unless strict necessary
29
+ - Always use the size unit like sm,md,lg instead of using the specific pixel unit (e.g <P fontSize="sm"></P> is always better then <P fontSize="12px"></P>)
30
+ - Always use demi,bold instead of wriging specific number like 500,600 when handling fontWeight
31
+
32
+ # ReactJS Development Instructions
33
+
34
+ Instructions for building high-quality ReactJS applications with modern patterns, hooks, and best practices following the official React documentation at https://react.dev.
35
+
36
+ ## Output Format
37
+
38
+ When reviewing a pull request, **do not** produce a grouped preview in this chat. For each issue you identify, create an inline comment on the pull request using Azure DevOps MCP. Each comment should include:
39
+
40
+ - A **severity label** (High, Medium, Low).
41
+
42
+ - **If the file is a test file, the severity label MUST be `Low`.**
43
+
44
+ - The **location** (relative file path and line numbers referencing the PR diff). The file path must be relative to the repository root and start with `/` (for example, `/src/ClientApp/App.tsx`).
45
+ - A short code **snippet** in a `typescript` code block showing the problematic code.
46
+ - A concise **explanation** of why this is an issue and its impact.
47
+ - A concrete **suggestion** for remediation.
48
+ - Optionally, a **fix code** block showing the corrected code.
49
+
50
+ Use MCP to attach each comment to the relevant file and line in the PR. Post **one comment per issue**; do not group multiple issues into a single comment. If the number of comments exceeds API limits, break them into multiple batches and ask the user to continue.
51
+
52
+ _The visual rules from the full solution review (code block formatting, spacing, etc.) still apply inside each comment._
53
+
54
+ ---
55
+
56
+ # before review , you need to read through this instruction and focus on below scopes:
57
+
58
+ ### **Role and Responsibilities**
59
+
60
+ - Strictly follow Front End best practices and coding standards.
61
+ - Prioritize security, stability, and maintainability issues.
62
+ - Provide clear problem descriptions and actionable improvement suggestions.
63
+ - Output results in a structured format for easy parsing.
64
+
65
+ ### **File Structure**
66
+
67
+ Clear folder structure is a must. You can use this structure as a guideline when reviewing the code:
68
+
69
+ ## Folder Structure
70
+
71
+ ```text
72
+ dist/
73
+ src/
74
+ apis/
75
+ assets/
76
+ components/
77
+ pages/
78
+ queries/
79
+ services/
80
+ stores/
81
+ utils/
82
+ hooks/
83
+ libs/
84
+ types/
85
+ tests/
86
+ unit/
87
+ integration/
88
+ ```
89
+
90
+ ### **Front End Coding Review Standards**
91
+
92
+ **Maintainability**
93
+
94
+ Software should be easy to update, refactor, or extend.
95
+
96
+ Guidelines:
97
+
98
+ - Software should be easy to update, refactor, or extend.
99
+ - Use interface or type aliases to define data structures.
100
+ - Organize components by feature or domain for scalability
101
+ - Use functional components with hooks as the primary pattern
102
+ - Use modular, reusable components with clear responsibilities.
103
+ - Avoid tightly coupling components and logic.
104
+ - Apply DRY (Don’t Repeat Yourself) principle.
105
+ - Remove unused variables, imports, and functions to keep codebase clean and readable.
106
+ - Enforce consistent coding standards with ESLint + Prettier.
107
+ - Use descriptive and consistent naming conventions
108
+ - Apply naming conventions, folder structures, and documentation for clarity.
109
+ - Avoid using useEffect as much as possible unless strictly necessary (Use React query to handle the http requests)
110
+ - PascalCase for components, camelCase for functions
111
+ - Higher-Order Components (HOCs) for cross-cutting concerns
112
+ - Use async/await over raw Promises and avoid .then().catch() chains.
113
+ - Avoid using any unless explicitly needed.
114
+
115
+ Practices:
116
+
117
+ - Prefer custom hooks over repeated logic.
118
+ - Keep logic separate from UI (e.g., services, utils, API layers).
119
+ - Use type definitions to catch future regressions.
120
+
121
+ **Efficiency**
122
+
123
+ Deliver features quickly while consuming minimal time and developer effort.
124
+
125
+ Guidelines:
126
+
127
+ - Use component libraries ( [VUI, VUI/util](https://ui.veracity.com/)) and raise request to VUI team if some of the key components are missing or lack of functionalities.
128
+ - Avoid premature optimization—profile performance first.
129
+ - Use tools like React Profiler or Lighthouse to identify bottlenecks.
130
+ - Favor efficient algorithms and memorization for intensive UI updates.
131
+ - Implement useReducer or external state management (Redux Toolkit, Zustand) for complex state logic
132
+ - Use a scaffolding tool to initialize the project (e.g Webapp template)
133
+
134
+ Practices:
135
+
136
+ - Use useMemo, useCallback, React.memo wisely.
137
+ - Debounce expensive functions (e.g., search inputs).
138
+ - Split code with React.lazy or route-level chunking.
139
+
140
+ **Correctness**
141
+
142
+ Front-end should meet all functional specs and behave as expected.
143
+
144
+ Guidelines:
145
+
146
+ - Follow design specs strictly and validate with designers.
147
+ - Use TypeScript to catch type errors and ensure prop contracts.
148
+ - Write comprehensive unit/integration tests.
149
+ - Validate form inputs properly (e.g., using zod, react-hook-form).
150
+ - Having strong mindset of what kind of code should be techdebt.
151
+ - Don’t duplicate logic across controllers and services.
152
+ - Avoid deeply nested callbacks or overly clever code.
153
+ - Do not commit hardcoded secrets or tokens.
154
+
155
+ Practices:
156
+
157
+ - Add input sanitization and edge case handling.
158
+ - Treat undefined/null states explicitly.
159
+
160
+ **Reliability**
161
+
162
+ UI should behave consistently under valid and invalid conditions.
163
+
164
+ Guidelines:
165
+
166
+ - Handle all API states: loading, error, empty, success.
167
+ - Use error boundaries in React to prevent app crashes.
168
+ - Validate user input on both client and server.
169
+ - Retry or back-off strategies for flaky network requests.
170
+ - Hosting resources on CDN
171
+
172
+ Practices:
173
+
174
+ - Use try/catch in async calls.
175
+ - Avoid assumptions about data structure (e.g., always check existence).
176
+
177
+ **Scalability**
178
+
179
+ Should support growing data, complexity, and users.
180
+
181
+ Guidelines:
182
+
183
+ - Use scalable architecture (feature-based folders, hooks, context).
184
+ - Lazy-load components and split bundles.
185
+ - Apply caching strategies with SWR or React Query.
186
+ - Use pagination or virtual lists for large datasets.
187
+ - Use feature flags for unfinished features
188
+
189
+ Practices:
190
+
191
+ - Break large monolithic components into atomic units(consider splitting into smaller modules if more then 300 lines).
192
+ - Avoid using single global context/state for everything—partition as needed.
193
+
194
+ **Security & Performance**
195
+
196
+ Safeguard the app and its users from malicious behaviors.
197
+
198
+ Guidelines:
199
+
200
+ - Never store sensitive data (e.g., tokens) in local storage or cookie if possible—prefer HttpOnly cookies.
201
+ - Keep dependencies up to date and audit for security vulnerabilities(npm audit)
202
+ - Avoid unnecessary dependencies; prefer native/browser APIs when possible.
203
+ - Escape or sanitize dynamic HTML and user inputs to prevent XSS.
204
+ - Use strict mode in tsconfig.json for type safety
205
+ - Use HTTPS, CSP headers, and Subresource Integrity (SRI).
206
+ - Use input validation to avoid injection attacks.
207
+ - Don’t generate code without tests.
208
+ - Handle errors with centralized middleware.
209
+ - Avoid global state unless absolutely necessary
210
+ - Avoid CSRF attacks
211
+ - Don’t expose secrets or keys (Use dotenv or similar for config management).
212
+ - Use useEffect with proper dependency arrays to avoid infinite loops and Implement cleanup functions in effects to prevent memory leaks
213
+ - Use useMemo and useCallback for performance optimization when needed
214
+ - Implement code splitting with React.lazy and Suspense
215
+ - Optimize bundle size with tree shaking and dynamic imports
216
+ - Implement virtual scrolling for large lists
217
+ - Profile components with React DevTools to identify performance bottlenecks
218
+ - Handling crucial functions in both FE and BE (e.g Form validation, Permission/Role management)
219
+ - Implement Error Boundaries for component-level error handling
220
+ - Log errors appropriately for debugging
221
+ - Implement proper form validation with libraries like Formik, React Hook Form
222
+ - Provide meaningful error messages to users
223
+ - Implement proper environment configuration for different deployment stages
224
+
225
+ Practices:
226
+
227
+ - Disable autocomplete on sensitive fields (autocomplete="off").
228
+ - Sanitize user-generated content (e.g., when rendering rich text).
229
+ - Use helmet on backend, and sanitize error messages.
230
+ - Use rel="noopener noreferrer" when handing links
231
+
232
+ **Usability & Reusability**
233
+
234
+ Design UI to be accessible, responsive, and intuitive. Code should be designed to avoid duplication by enabling reuse across different parts of the application.
235
+
236
+ Guidelines:
237
+
238
+ - Follow WCAG standards and use semantic HTML.
239
+ - Implement generic components where appropriate
240
+ - Use custom hooks for reusable stateful logic
241
+ - Design components to be testable and reusable
242
+ - Ensure UI elements are keyboard accessible.
243
+ - Implement responsive design with mobile-first approach using flex/grid or utility frameworks.
244
+ - Use tooltips, placeholders, and progressive disclosure (modals, accordions).
245
+ - Prefer readability over clever tricks.
246
+ - Establish and follow common style guide for code and UI (spacing, typography, color etc.).
247
+ - Name components, props, variable , function names and CSS classes predictably.
248
+ - Follow the single responsibility principle for components
249
+ - Keep files small, focused, and well-organized.
250
+
251
+ Practices:
252
+
253
+ - Provide meaningful alt texts, labels, and ARIA attributes.
254
+ - Use a consistent design system (font, spacing, button sizes, etc.).
255
+ - Use media queries to support multiple devices.
256
+ - Use consistent formatting, spacing, and bracket styles (Prettier/ESLint).
257
+ - Group related logic together and remove dead code
258
+ - Use relative units (rem, %) instead of fixed px.
259
+ - Use flexible layouts (Flexbox, CSS Grid).
260
+ - Build atomic, composable components.
261
+ - Write custom hooks for shared logic.
262
+ - Store reusable utilities (e.g., formatters, validators) in a common library.
263
+ - Maintain a design system or component library (internal or external).
264
+ - Follow "Separation of Concerns" – split UI, logic, and data.
265
+ - Organize files by feature or domain.
266
+ - Avoid large monolithic components
267
+
268
+ High Performance
269
+
270
+ Guidelines:
271
+
272
+ - Defer non-critical resources
273
+ - Use code splitting and lazy loading.
274
+ - Compress and cache assets.
275
+ - Avoid render-blocking styles and scripts
276
+
277
+ **Testability**
278
+
279
+ Code should be easy to test at multiple levels.
280
+
281
+ Guidelines:
282
+
283
+ - Write pure functions and stateless components when possible.
284
+ - Prefer named functions and avoid long anonymous closures
285
+ - Separate data fetching and presentation logic.
286
+ - Mock API layers for deterministic tests.
287
+ - Use CI to enforce testing at pull request level.
288
+ - Write unit tests for components using React Testing Library if applicable.
289
+ - Test component behavior, not implementation details
290
+ - Use Jest for unit and integration tests.
291
+ - Prefer test-driven development (TDD) when modifying core logic.
292
+
293
+ Practices:
294
+
295
+ - Ensure every new feature has a corresponding test.
296
+ - Aim for test coverage on edge cases and failure states.
297
+
298
+ **Documentation**
299
+
300
+ Code should be self-explanatory, and supported by formal documentation and only for complex components or functions.
301
+
302
+ Guidelines:
303
+
304
+ - Write JSDoc or TSDoc for complex utilities or hooks.
305
+ - Use Storybook to document UI components if applicable.
306
+ - Document API interfaces and response shapes.
307
+
308
+ Practices:
309
+
310
+ - Comment _why_, not _what_.
311
+ - Keep code clean and descriptive to reduce documentation burden.
312
+
313
+ ## Iteration & Review
314
+
315
+ - Always review and refine Copilot output.
316
+ - Use comments to clarify intent.
317
+ - When generating summary, please specify how many files you have scanned and how many files are with issues at the meantime have been given with suggestions
318
+ - If the token is not enough, always ask me whether to continue so that you can keep scanning the rest parts
319
+
320
+ ## Giude to Comment Thread Creation
321
+
322
+ 1. **Include Required Parameters**
323
+ When creating a comment thread, always include:
324
+
325
+ - `rightFileStartLine`
326
+ - `rightFileEndLine`
327
+ - `rightFileStartOffset`
328
+ - `rightFileEndOffset`
329
+
330
+ 2. **Offsets and Line Range Rules**
331
+
332
+ - `rightFileStartOffset` is always **1** (first character of the start line).
333
+ - `rightFileEndOffset` is the position of the last character of `rightFileEndLine`.
334
+ If unavailable, set `rightFileEndOffset = 1` and increment `rightFileEndLine` by **1** as a fallback.
335
+
336
+ 3. **Enable “Apply change” in Azure DevOps**
337
+
338
+ - The comment `content` **must include a fenced code block starting with ` ```suggestion `**
339
+ - This block should contain the **full replacement code** for the selected range.
340
+
341
+ 4. **Anchor Correct Lines**
342
+
343
+ - Ensure `rightFileStartLine` and `rightFileEndLine` cover **all lines to be replaced**.
344
+ If your suggestion spans multiple lines, do **not** anchor only one line.
345
+
346
+ 5. **Restrictions**
347
+ - Suggestions only work on the **right (new) file** in the PR.
348
+ - File-level comments or comments on deleted lines cannot use “Apply change.”
349
+
350
+ ### Severity Classification
351
+
352
+ - **High**: Architecture violations, security vulnerabilities, critical correctness errors, severe performance degradation.
353
+ - **Medium**: Significant maintainability/design concerns, minor architectural misalignments.
354
+ - **Low**: Stylistic inconsistencies, minor optimization suggestions.
355
+
356
+ ### ** Output Format**
357
+
358
+ When generating code review results, present them in a **human-readable, preview-like structure** while strictly following these rules for clarity but always met AI policies :
359
+
360
+ #### 1. Severity Order
361
+
362
+ Sort issues by priority: **High → Medium → Low** (one group per severity).
363
+
364
+ #### 2. Structure for Each Issue
365
+
366
+ Key Visual Rules
367
+
368
+ - Use **headers** (e.g., `### High Issues`) to group severities.
369
+ - Use emojis or symbols (📍, 💡, 🔧) for visual section separation.
370
+ - Keep code blocks in `typescript` for syntax highlighting (but present as a “preview” would — highlighted, not raw syntax focus).
371
+ - Ensure **one blank line** between all sections (title ↵ location, location ↵ explanation, explanation ↵ suggestion, suggestion ↵ fix code, fix code ↵ next issue).
372
+
373
+ Each issue should be a **self-contained, visually distinct block** with clear sections. Use this layout (no raw Markdown syntax shown *as syntax* — focus on readability):
374
+
375
+ ---
376
+
377
+ **Issue {Number}: {Title}**
378
+ 📍 **Location:**
379
+
380
+ ```typescript
381
+ // Lines {StartLine}-{EndLine} in [{ClassName}.{MethodName}]
382
+ {Relevant code snippet with line numbers}
383
+ ```
384
+
385
+ 💡 **Explanation**:
386
+ {Detailed reason why the code violates standards, including context and impact}
387
+ 🔧 **Suggestion**:
388
+ {Actionable steps to fix the issue}
389
+ 🔄 **Fix Code**:
390
+
391
+ ```typescript
392
+ {Corrected code using proper typescript syntax}
393
+ ```
394
+
395
+ #### 3. Key Visual Rules
396
+
397
+ - Use **headers** (e.g., `### High Issues`) to group severities.
398
+ - Use emojis or symbols (📍, 💡, 🔧) for visual section separation.
399
+ - Keep code blocks in `typescript` for syntax highlighting (but present as a “preview” would — highlighted, not raw syntax focus).
400
+ - Ensure **one blank line** between all sections (title ↵ location, location ↵ explanation, explanation ↵ suggestion, suggestion ↵ fix code, fix code ↵ next issue).
401
+
402
+ #### Example (Human-Friendly Preview Style)
403
+
404
+ ### High Issues
405
+
406
+ **Issue 1: Use === instead of ==**
407
+ 📍 **Location:**
408
+
409
+ ```typescript
410
+ // Lines 42-45 in [Home/HomePage.tsx]
411
+ const num = 1;
412
+ if (num == true) {
413
+ }
414
+ ```
415
+
416
+ 💡 **Explanation**:
417
+ Using == will cause unexpected behavior
418
+ 🔧 **Suggestion**:
419
+ We hould use === instead
420
+
421
+ 🔄 **Fix Code**:
422
+
423
+ ```typescript
424
+ const num = 1;
425
+ if (num === 1) {
426
+ }
427
+ ```
package/dist/auth.js CHANGED
@@ -2,8 +2,11 @@ import { PublicClientApplication } from "@azure/msal-node";
2
2
  import open from "open";
3
3
  const scopes = ["499b84ac-1321-427f-aa17-267ca6975798/.default"];
4
4
  class OAuthAuthenticator {
5
+ static clientId = "0d50963b-7bb9-4fe7-94c7-a99af00b5136";
6
+ static defaultAuthority = "https://login.microsoftonline.com/common";
7
+ accountId = null;
8
+ publicClientApp;
5
9
  constructor() {
6
- this.accountId = null;
7
10
  this.publicClientApp = new PublicClientApplication({
8
11
  auth: {
9
12
  clientId: OAuthAuthenticator.clientId,
@@ -41,8 +44,6 @@ class OAuthAuthenticator {
41
44
  return authResult.accessToken;
42
45
  }
43
46
  }
44
- OAuthAuthenticator.clientId = "0d50963b-7bb9-4fe7-94c7-a99af00b5136";
45
- OAuthAuthenticator.defaultAuthority = "https://login.microsoftonline.com/common";
46
47
  function createAuthenticator() {
47
48
  const authenticator = new OAuthAuthenticator();
48
49
  return () => {
package/dist/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC9F,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,MAAM,GAAG,CAAC,+CAA+C,CAAC,CAAC;AAEjE,MAAM,kBAAkB;IAOtB;QAHQ,cAAS,GAAuB,IAAI,CAAC;QAI3C,IAAI,CAAC,eAAe,GAAG,IAAI,uBAAuB,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ,EAAE,kBAAkB,CAAC,QAAQ;gBACrC,SAAS,EAAE,kBAAkB,CAAC,gBAAgB;aAC/C;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,QAAQ;QACnB,IAAI,UAAU,GAAgC,IAAI,CAAC;QACnD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC;oBACzD,MAAM;oBACN,OAAO,EAAE,IAAI,CAAC,SAAS;iBACxB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,iEAAiE;gBACjE,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;gBACzD,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC;gBAC9D,MAAM;gBACN,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;oBACzB,IAAI,CAAC,GAAG,CAAC,CAAC;gBACZ,CAAC;aACF,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,UAAU,CAAC,WAAW,CAAC;IAChC,CAAC;;AA3Ce,2BAAQ,GAAG,sCAAsC,AAAzC,CAA0C;AAClD,mCAAgB,GAAG,0CAA0C,AAA7C,CAA8C;AA6ChF,SAAS,mBAAmB;IAC1B,MAAM,aAAa,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC/C,OAAO,GAAG,EAAE;QACV,OAAO,aAAa,CAAC,QAAQ,EAAE,CAAC;IAClC,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC9F,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,MAAM,MAAM,GAAG,CAAC,+CAA+C,CAAC,CAAC;AAEjE,MAAM,kBAAkB;IACtB,MAAM,CAAU,QAAQ,GAAG,sCAAsC,CAAC;IAClE,MAAM,CAAU,gBAAgB,GAAG,0CAA0C,CAAC;IAEtE,SAAS,GAAuB,IAAI,CAAC;IAC5B,eAAe,CAA0B;IAE1D;QACE,IAAI,CAAC,eAAe,GAAG,IAAI,uBAAuB,CAAC;YACjD,IAAI,EAAE;gBACJ,QAAQ,EAAE,kBAAkB,CAAC,QAAQ;gBACrC,SAAS,EAAE,kBAAkB,CAAC,gBAAgB;aAC/C;SACF,CAAC,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,QAAQ;QACnB,IAAI,UAAU,GAAgC,IAAI,CAAC;QACnD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,kBAAkB,CAAC;oBACzD,MAAM;oBACN,OAAO,EAAE,IAAI,CAAC,SAAS;iBACxB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,iEAAiE;gBACjE,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;gBACzD,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,uBAAuB,CAAC;gBAC9D,MAAM;gBACN,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;oBACzB,IAAI,CAAC,GAAG,CAAC,CAAC;gBACZ,CAAC;aACF,CAAC,CAAC;YACH,IAAI,CAAC,SAAS,GAAG,UAAU,CAAC,OAAO,CAAC;QACtC,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,UAAU,CAAC,WAAW,CAAC;IAChC,CAAC;;AAGH,SAAS,mBAAmB;IAC1B,MAAM,aAAa,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC/C,OAAO,GAAG,EAAE;QACV,OAAO,aAAa,CAAC,QAAQ,EAAE,CAAC;IAClC,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
package/dist/index.js CHANGED
@@ -3,7 +3,9 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
3
3
  import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
4
4
  import { createAuthenticator } from "./auth.js";
5
5
  import { configureAllTools } from "./tools.js";
6
- const packageVersion = "0.1.4";
6
+ import { configurePrompts } from "./prompts.js";
7
+ import { configureResources } from "./resources.js";
8
+ const packageVersion = "0.1.6";
7
9
  try {
8
10
  const server = new McpServer({
9
11
  name: "CodeGuardian MCP Server",
@@ -15,6 +17,10 @@ try {
15
17
  const authenticator = createAuthenticator();
16
18
  // Configure all tools with the authenticator
17
19
  configureAllTools(server, authenticator);
20
+ // Configure prompts
21
+ configurePrompts(server, authenticator);
22
+ // Configure resources
23
+ configureResources(server, authenticator);
18
24
  // Connect using stdio transport
19
25
  const transport = new StdioServerTransport();
20
26
  await server.connect(transport);
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,cAAc,GAAG,aAAa,CAAC;AAErC,IAAI,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,cAAc;KACxB,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IAEjD,uBAAuB;IACvB,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,6CAA6C;IAC7C,iBAAiB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAEzC,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;AAC1D,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD,MAAM,cAAc,GAAG,aAAa,CAAC;AAErC,IAAI,CAAC;IACH,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,cAAc;KACxB,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,4BAA4B,cAAc,EAAE,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IAEjD,uBAAuB;IACvB,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,6CAA6C;IAC7C,iBAAiB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAEzC,oBAAoB;IACpB,gBAAgB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAExC,sBAAsB;IACtB,kBAAkB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAE1C,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;AAC1D,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}
@@ -0,0 +1,3 @@
1
+ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2
+ export declare function configurePrompts(server: McpServer, tokenProvider?: () => Promise<string>): void;
3
+ //# sourceMappingURL=prompts.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../src/prompts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAUpE,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,SAAS,EAAE,aAAa,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,QAyLxF"}
@@ -0,0 +1,156 @@
1
+ import { z } from "zod";
2
+ import { readFile } from "node:fs/promises";
3
+ import { join, dirname } from "node:path";
4
+ import { fileURLToPath } from "node:url";
5
+ import { streamToString } from './utils.js';
6
+ const __filename = fileURLToPath(import.meta.url);
7
+ const __dirname = dirname(__filename);
8
+ export function configurePrompts(server, tokenProvider) {
9
+ server.prompt("dotnet-pr-review", "Professional .NET code reviewer instructions", {
10
+ prUrl: z.string().describe("The URL of the Pull Request to review"),
11
+ }, async ({ prUrl }) => {
12
+ const promptPath = join(__dirname, "..", "asset", "dotnet.pr.review.prompt.md");
13
+ const content = await readFile(promptPath, "utf-8");
14
+ return {
15
+ messages: [
16
+ {
17
+ role: "user",
18
+ content: {
19
+ type: "resource",
20
+ resource: {
21
+ uri: "prompt://dotnet-pr-review",
22
+ mimeType: "text/markdown",
23
+ text: content
24
+ }
25
+ }
26
+ },
27
+ {
28
+ role: "user",
29
+ content: {
30
+ type: "text",
31
+ text: `Please read the instructions above to review the PR at ${prUrl}. Then perform the review.`
32
+ }
33
+ }
34
+ ]
35
+ };
36
+ });
37
+ server.prompt("frontend-pr-review", "Professional Frontend code reviewer instructions", {
38
+ prUrl: z.string().describe("The URL of the Pull Request to review"),
39
+ }, async ({ prUrl }) => {
40
+ const promptPath = join(__dirname, "..", "asset", "frontend.pr.review.prompt.md");
41
+ const content = await readFile(promptPath, "utf-8");
42
+ return {
43
+ messages: [
44
+ {
45
+ role: "user",
46
+ content: {
47
+ type: "resource",
48
+ resource: {
49
+ uri: "prompt://frontend-pr-review",
50
+ mimeType: "text/markdown",
51
+ text: content
52
+ }
53
+ }
54
+ },
55
+ {
56
+ role: "user",
57
+ content: {
58
+ type: "text",
59
+ text: `Please read the instructions above to review the PR at ${prUrl}. Then perform the review.`
60
+ }
61
+ }
62
+ ]
63
+ };
64
+ });
65
+ // server.prompt(
66
+ // "assa-pipeline-task",
67
+ // "Instructions for adding ASSA task to Azure DevOps build pipelines",
68
+ // {},
69
+ // async () => {
70
+ // const promptPath = join(__dirname, "..", "asset", "assa.pipeline.task.prompt.md");
71
+ // const content = await readFile(promptPath, "utf-8");
72
+ // return {
73
+ // messages: [
74
+ // {
75
+ // role: "user",
76
+ // content: {
77
+ // type: "resource",
78
+ // resource: {
79
+ // uri: "prompt://assa-pipeline-task",
80
+ // mimeType: "text/markdown",
81
+ // text: content
82
+ // }
83
+ // }
84
+ // },
85
+ // {
86
+ // role: "user",
87
+ // content: {
88
+ // type: "text",
89
+ // text: "Please read the instructions above to add the ASSA task to Azure DevOps build pipelines."
90
+ // }
91
+ // }
92
+ // ]
93
+ // };
94
+ // }
95
+ // );
96
+ // ASSA Review prompt - loads instructions from Azure DevOps
97
+ if (tokenProvider) {
98
+ server.prompt("assa-review", "Automated Security and Standards Analysis review instructions", {}, async () => {
99
+ try {
100
+ const accessToken = await tokenProvider();
101
+ const authHandler = (await import('azure-devops-node-api')).getBearerHandler(accessToken);
102
+ const orgUrl = 'https://dev.azure.com/dnvgl-one';
103
+ const connection = new (await import('azure-devops-node-api')).WebApi(orgUrl, authHandler);
104
+ const gitApi = await connection.getGitApi();
105
+ const project = 'Innersource';
106
+ const repositoryId = 'code-guardian';
107
+ const filePath = '/assa/assa.instructions.md';
108
+ const versionDescriptor = {
109
+ version: 'main',
110
+ versionType: 0 // GitVersionType.Branch
111
+ };
112
+ const stream = await gitApi.getItemContent(repositoryId, filePath, project, undefined, undefined, false, false, false, versionDescriptor);
113
+ if (!stream) {
114
+ throw new Error('Failed to retrieve ASSA instructions from Azure DevOps');
115
+ }
116
+ const content = await streamToString(stream);
117
+ const messages = [
118
+ {
119
+ role: "user",
120
+ content: {
121
+ type: "resource",
122
+ resource: {
123
+ uri: "instructions://assa",
124
+ mimeType: "text/markdown",
125
+ text: content
126
+ }
127
+ }
128
+ }
129
+ ];
130
+ messages.push({
131
+ role: "user",
132
+ content: {
133
+ type: "text",
134
+ text: "Please read the ASSA instructions above and perform an ASSA review."
135
+ }
136
+ });
137
+ return { messages };
138
+ }
139
+ catch (error) {
140
+ const errorMessage = error instanceof Error ? error.message : String(error);
141
+ return {
142
+ messages: [
143
+ {
144
+ role: "user",
145
+ content: {
146
+ type: "text",
147
+ text: `Error loading ASSA instructions from Azure DevOps: ${errorMessage}`
148
+ }
149
+ }
150
+ ]
151
+ };
152
+ }
153
+ });
154
+ }
155
+ }
156
+ //# sourceMappingURL=prompts.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"prompts.js","sourceRoot":"","sources":["../src/prompts.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC,MAAM,UAAU,gBAAgB,CAAC,MAAiB,EAAE,aAAqC;IACvF,MAAM,CAAC,MAAM,CACX,kBAAkB,EAClB,8CAA8C,EAC9C;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;KACpE,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAClB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,4BAA4B,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE;4BACR,GAAG,EAAE,2BAA2B;4BAChC,QAAQ,EAAE,eAAe;4BACzB,IAAI,EAAE,OAAO;yBACd;qBACF;iBACF;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,0DAA0D,KAAK,4BAA4B;qBAClG;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,CAAC,MAAM,CACX,oBAAoB,EACpB,kDAAkD,EAClD;QACE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;KACpE,EACD,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAClB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,8BAA8B,CAAC,CAAC;QAClF,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAEpD,OAAO;YACL,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,UAAU;wBAChB,QAAQ,EAAE;4BACR,GAAG,EAAE,6BAA6B;4BAClC,QAAQ,EAAE,eAAe;4BACzB,IAAI,EAAE,OAAO;yBACd;qBACF;iBACF;gBACD;oBACE,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,0DAA0D,KAAK,4BAA4B;qBAClG;iBACF;aACF;SACF,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,iBAAiB;IACjB,0BAA0B;IAC1B,yEAAyE;IACzE,QAAQ;IACR,kBAAkB;IAClB,yFAAyF;IACzF,2DAA2D;IAE3D,eAAe;IACf,oBAAoB;IACpB,YAAY;IACZ,0BAA0B;IAC1B,uBAAuB;IACvB,gCAAgC;IAChC,0BAA0B;IAC1B,oDAAoD;IACpD,2CAA2C;IAC3C,8BAA8B;IAC9B,gBAAgB;IAChB,cAAc;IACd,aAAa;IACb,YAAY;IACZ,0BAA0B;IAC1B,uBAAuB;IACvB,4BAA4B;IAC5B,+GAA+G;IAC/G,cAAc;IACd,YAAY;IACZ,UAAU;IACV,SAAS;IACT,MAAM;IACN,KAAK;IAEL,4DAA4D;IAC5D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,CAAC,MAAM,CACX,aAAa,EACb,+DAA+D,EAC/D,EAAE,EACF,KAAK,IAAI,EAAE;YACT,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,aAAa,EAAE,CAAC;gBAC1C,MAAM,WAAW,GAAG,CAAC,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;gBAC1F,MAAM,MAAM,GAAG,iCAAiC,CAAC;gBACjD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;gBAC3F,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE,CAAC;gBAE5C,MAAM,OAAO,GAAG,aAAa,CAAC;gBAC9B,MAAM,YAAY,GAAG,eAAe,CAAC;gBACrC,MAAM,QAAQ,GAAG,4BAA4B,CAAC;gBAE9C,MAAM,iBAAiB,GAAG;oBACxB,OAAO,EAAE,MAAM;oBACf,WAAW,EAAE,CAAC,CAAC,wBAAwB;iBACxC,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CACxC,YAAY,EACZ,QAAQ,EACR,OAAO,EACP,SAAS,EACT,SAAS,EACT,KAAK,EACL,KAAK,EACL,KAAK,EACL,iBAAiB,CAClB,CAAC;gBAEF,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;gBAC5E,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;gBAE7C,MAAM,QAAQ,GAAU;oBACtB;wBACE,IAAI,EAAE,MAAM;wBACZ,OAAO,EAAE;4BACP,IAAI,EAAE,UAAU;4BAChB,QAAQ,EAAE;gCACR,GAAG,EAAE,qBAAqB;gCAC1B,QAAQ,EAAE,eAAe;gCACzB,IAAI,EAAE,OAAO;6BACd;yBACF;qBACF;iBACF,CAAC;gBAEF,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,MAAM;oBACZ,OAAO,EAAE;wBACP,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,qEAAqE;qBAC5E;iBACF,CAAC,CAAC;gBAEH,OAAO,EAAE,QAAQ,EAAE,CAAC;YACtB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAC5E,OAAO;oBACL,QAAQ,EAAE;wBACR;4BACE,IAAI,EAAE,MAAM;4BACZ,OAAO,EAAE;gCACP,IAAI,EAAE,MAAM;gCACZ,IAAI,EAAE,sDAAsD,YAAY,EAAE;6BAC3E;yBACF;qBACF;iBACF,CAAC;YACJ,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;AACH,CAAC"}
@@ -0,0 +1,3 @@
1
+ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
2
+ export declare function configureResources(server: McpServer, tokenProvider?: () => Promise<string>): void;
3
+ //# sourceMappingURL=resources.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"resources.d.ts","sourceRoot":"","sources":["../src/resources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAoB,MAAM,yCAAyC,CAAC;AAStF,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,aAAa,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,QA8G1F"}