@vibe-assurance/cli 1.2.0 → 1.5.0

package/README.md

@@ -34,6 +34,9 @@ npm install -g @vibe-assurance/cli
 | `vibe logout` | Clear stored credentials |
 | `vibe mcp-server` | Start the MCP server (used by AI coding agents) |
 | `vibe setup-claude` | Configure MCP client to use Vibe Assurance |
+| `vibe projects` | List your accessible projects |
+| `vibe project current` | Show current project |
+| `vibe project select` | Switch to a different project |
 | `vibe --version` | Show CLI version |
 
 ### MCP Tools
@@ -61,12 +64,28 @@ Once configured, your AI coding agent has access to these tools:
 
 | Tool | Description |
 |------|-------------|
-| `vibe_store_artifact` | Store a created document (CR, risk, vulnerability, etc.) |
+| `vibe_store_artifact` | Store a created document (CR, risk, vulnerability, plan, etc.) |
 | `vibe_update_artifact` | Update an existing artifact |
+| `vibe_append_file` | Safely add a file to an artifact without replacing others |
 | `vibe_list_artifacts` | List your stored artifacts |
 | `vibe_get_artifact` | Get a specific artifact by ID |
 | `vibe_delete_artifact` | Delete an artifact |
 
+#### Artifact Types
+
+The following artifact types are supported:
+
+| Type | Description | Example ID |
+|------|-------------|------------|
+| `CR` | Change Requests | CR-2026-051 |
+| `RISK` | Risk Register Entries | RISK-001 |
+| `VULNERABILITY` | Security Vulnerabilities | VUL-059 |
+| `REPORT` | Security/Audit Reports | RPT-2026-001 |
+| `POLICY` | Governance Policies | POL-001 |
+| `PLAN` | Strategic & Technical Plans | PLAN-2026-002 |
+| `ARCHITECTURE` | Architecture Decision Records | ADR-001 |
+| `CONFIG` | Configuration Documentation | CFG-001 |
+
 ### Example Session
 
 ```
@@ -174,6 +193,19 @@ Then remove the MCP configuration from your AI agent's config file.
 - All API communication uses HTTPS
 - Tokens auto-refresh when expired
 
+## Changelog
+
+### v1.3.0 (2026-01-06)
+- Added `PLAN`, `ARCHITECTURE`, `CONFIG` artifact types
+- Enables Technical Strategist to store plans as PLAN artifacts
+- Supports architecture decision records (ADRs)
+- Supports configuration documentation
+
+### v1.2.0
+- Added `vibe_append_file` for safe file additions to artifacts
+- Added project management commands (`vibe projects`, `vibe project select`)
+- Improved token refresh handling
+
 ## License
 
 MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe-assurance/cli",
-  "version": "1.2.0",
+  "version": "1.5.0",
   "description": "Vibe Assurance CLI - Connect AI coding agents to your governance platform via MCP",
   "main": "src/index.js",
   "bin": {
@@ -27,6 +27,7 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.0.0",
+    "@vibe-assurance/cli": "^1.3.0",
     "axios": "^1.6.0",
     "chalk": "^4.1.2",
     "commander": "^12.0.0",

package/src/mcp/tools.js

@@ -173,13 +173,13 @@ const tools = [
 
   {
     name: 'vibe_store_artifact',
-    description: 'Store a created document (CR, report, risk, vulnerability, etc.) in Vibe Assurance. The artifact will be saved to your account and visible in the web portal.',
+    description: 'Store a created document (CR, report, risk, vulnerability, plan, architecture, config, etc.) in Vibe Assurance. The artifact will be saved to your account and visible in the web portal.',
     inputSchema: {
       type: 'object',
       properties: {
         type: {
           type: 'string',
-          enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY'],
+          enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG'],
           description: 'Type of artifact'
         },
         artifactId: {
@@ -298,14 +298,14 @@ const tools = [
 
   {
     name: 'vibe_list_artifacts',
-    description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored.',
+    description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored. TIP: Use type="PLAN" with status="Active" to find strategic plans before implementing features.',
     inputSchema: {
       type: 'object',
       properties: {
         type: {
           type: 'string',
-          enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY'],
-          description: 'Filter by artifact type'
+          enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG'],
+          description: 'Filter by artifact type. Use "PLAN" to find strategic plans.'
         },
         status: {
           type: 'string',
@@ -364,6 +364,314 @@ const tools = [
     handler: async ({ artifactId }) => {
       return await api.delete(`/api/mcp/artifacts/${artifactId}`);
     }
+  },
+
+  // ============================================================================
+  // STRATEGIC PLAN TOOLS - Use these FIRST when implementing features
+  // ============================================================================
+
+  {
+    name: 'vibe_get_strategic_plans',
+    description: 'START HERE when user asks to implement features or "the latest plan". Lists strategic PLAN artifacts containing CR roadmaps. Filter by status="Active" to find plans ready for implementation.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        status: {
+          type: 'string',
+          enum: ['Draft', 'Active', 'Completed', 'Closed'],
+          description: 'Filter by plan status. Use "Active" to find plans ready for implementation.'
+        }
+      }
+    },
+    handler: async (params = {}) => {
+      const query = new URLSearchParams();
+      query.set('type', 'PLAN');
+      if (params.status) query.set('status', params.status);
+      return await api.get(`/api/mcp/artifacts?${query.toString()}`);
+    }
+  },
+
+  {
+    name: 'vibe_update_plan_status',
+    description: 'Update a strategic plan\'s status. Use when all CRs from a plan are complete to mark it as Completed.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        planId: {
+          type: 'string',
+          description: 'The plan artifact ID (e.g., "PLAN-2026-001")'
+        },
+        status: {
+          type: 'string',
+          enum: ['Draft', 'Active', 'Completed', 'Closed'],
+          description: 'New status for the plan'
+        }
+      },
+      required: ['planId', 'status']
+    },
+    handler: async ({ planId, status }) => {
+      return await api.put(`/api/mcp/artifacts/${planId}`, { status });
+    }
+  },
+
+  // ============================================================================
+  // RISK MANAGEMENT TOOLS
+  // ============================================================================
+
+  {
+    name: 'vibe_get_risk_register',
+    description: 'Get the project\'s risk register. Returns all tracked risks with severity, status, and treatment plans.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        status: {
+          type: 'string',
+          enum: ['Active', 'Mitigated', 'Closed'],
+          description: 'Filter by risk status'
+        },
+        severity: {
+          type: 'string',
+          enum: ['Low', 'Medium', 'High', 'Critical'],
+          description: 'Filter by severity'
+        },
+        category: {
+          type: 'string',
+          enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
+          description: 'Filter by category (SEC=Security, VEN=Vendor, INF=Infrastructure, OPS=Operational, CMP=Compliance)'
+        }
+      }
+    },
+    handler: async (params = {}) => {
+      const query = new URLSearchParams();
+      if (params.status) query.set('status', params.status);
+      if (params.severity) query.set('severity', params.severity);
+      if (params.category) query.set('category', params.category);
+      const queryString = query.toString();
+      const path = queryString ? `/api/mcp/risks?${queryString}` : '/api/mcp/risks';
+      return await api.get(path);
+    }
+  },
+
+  {
+    name: 'vibe_add_risk',
+    description: 'Add a new risk to the project risk register. Severity is auto-calculated from likelihood × impact.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        riskId: {
+          type: 'string',
+          description: 'Unique risk ID (e.g., "RISK-001", "R-042")'
+        },
+        title: {
+          type: 'string',
+          description: 'Short title for the risk'
+        },
+        description: {
+          type: 'string',
+          description: 'Detailed description of the risk'
+        },
+        category: {
+          type: 'string',
+          enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
+          description: 'Risk category'
+        },
+        likelihood: {
+          type: 'number',
+          description: 'Likelihood score (1-5)'
+        },
+        impact: {
+          type: 'number',
+          description: 'Impact score (1-5)'
+        },
+        treatmentPlan: {
+          type: 'string',
+          description: 'Optional: Treatment plan or mitigation strategy'
+        }
+      },
+      required: ['riskId', 'title', 'description', 'category', 'likelihood', 'impact']
+    },
+    handler: async (params) => {
+      return await api.post('/api/mcp/risks', params);
+    }
+  },
+
+  {
+    name: 'vibe_get_risk',
+    description: 'Get a specific risk by ID with full details.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        riskId: {
+          type: 'string',
+          description: 'The risk ID to retrieve (e.g., "RISK-001")'
+        }
+      },
+      required: ['riskId']
+    },
+    handler: async ({ riskId }) => {
+      return await api.get(`/api/mcp/risks/${riskId}`);
+    }
+  },
+
+  {
+    name: 'vibe_update_risk',
+    description: 'Update a risk\'s status, treatment plan, or reassess likelihood/impact.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        riskId: {
+          type: 'string',
+          description: 'The risk ID to update'
+        },
+        status: {
+          type: 'string',
+          enum: ['Active', 'Mitigated', 'Closed'],
+          description: 'New status'
+        },
+        likelihood: {
+          type: 'number',
+          description: 'Updated likelihood (1-5)'
+        },
+        impact: {
+          type: 'number',
+          description: 'Updated impact (1-5)'
+        },
+        treatmentPlan: {
+          type: 'string',
+          description: 'Updated treatment plan'
+        }
+      },
+      required: ['riskId']
+    },
+    handler: async ({ riskId, ...updates }) => {
+      return await api.put(`/api/mcp/risks/${riskId}`, updates);
+    }
+  },
+
+  // ============================================================================
+  // VULNERABILITY MANAGEMENT TOOLS
+  // ============================================================================
+
+  {
+    name: 'vibe_get_vulnerability_register',
+    description: 'Get the project\'s vulnerability register. Returns all tracked security vulnerabilities.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        status: {
+          type: 'string',
+          enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
+          description: 'Filter by vulnerability status'
+        },
+        severity: {
+          type: 'string',
+          enum: ['Low', 'Medium', 'High', 'Critical'],
+          description: 'Filter by severity'
+        },
+        owaspCategory: {
+          type: 'string',
+          description: 'Filter by OWASP category (e.g., "A01:2021-Broken Access Control")'
+        }
+      }
+    },
+    handler: async (params = {}) => {
+      const query = new URLSearchParams();
+      if (params.status) query.set('status', params.status);
+      if (params.severity) query.set('severity', params.severity);
+      if (params.owaspCategory) query.set('owaspCategory', params.owaspCategory);
+      const queryString = query.toString();
+      const path = queryString ? `/api/mcp/vulnerabilities?${queryString}` : '/api/mcp/vulnerabilities';
+      return await api.get(path);
+    }
+  },
+
+  {
+    name: 'vibe_add_vulnerability',
+    description: 'Add a new vulnerability to the project vulnerability register with OWASP category validation.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        vulId: {
+          type: 'string',
+          description: 'Unique vulnerability ID (e.g., "VUL-001")'
+        },
+        title: {
+          type: 'string',
+          description: 'Short title for the vulnerability'
+        },
+        description: {
+          type: 'string',
+          description: 'Detailed description of the vulnerability'
+        },
+        severity: {
+          type: 'string',
+          enum: ['Low', 'Medium', 'High', 'Critical'],
+          description: 'Severity level'
+        },
+        owaspCategory: {
+          type: 'string',
+          description: 'OWASP Top 10 category (e.g., "A01:2021-Broken Access Control")'
+        },
+        location: {
+          type: 'string',
+          description: 'File path or component where vulnerability exists'
+        }
+      },
+      required: ['vulId', 'title', 'description', 'severity']
+    },
+    handler: async (params) => {
+      return await api.post('/api/mcp/vulnerabilities', params);
+    }
+  },
+
+  {
+    name: 'vibe_get_vulnerability',
+    description: 'Get a specific vulnerability by ID with full details.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        vulId: {
+          type: 'string',
+          description: 'The vulnerability ID to retrieve (e.g., "VUL-001")'
+        }
+      },
+      required: ['vulId']
+    },
+    handler: async ({ vulId }) => {
+      return await api.get(`/api/mcp/vulnerabilities/${vulId}`);
+    }
+  },
+
+  {
+    name: 'vibe_update_vulnerability',
+    description: 'Update a vulnerability\'s status, severity, or link it to a remediation CR.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        vulId: {
+          type: 'string',
+          description: 'The vulnerability ID to update'
+        },
+        status: {
+          type: 'string',
+          enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
+          description: 'New status'
+        },
+        severity: {
+          type: 'string',
+          enum: ['Low', 'Medium', 'High', 'Critical'],
+          description: 'Updated severity'
+        },
+        relatedCR: {
+          type: 'string',
+          description: 'Link to remediation CR (e.g., "CR-2026-042")'
+        }
+      },
+      required: ['vulId']
+    },
+    handler: async ({ vulId, ...updates }) => {
+      return await api.put(`/api/mcp/vulnerabilities/${vulId}`, updates);
+    }
   }
 ];