@vibe-assurance/cli 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +2 -1
  2. package/src/mcp/tools.js +310 -2
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vibe-assurance/cli",
3
- "version": "1.3.0",
3
+ "version": "1.5.0",
4
4
  "description": "Vibe Assurance CLI - Connect AI coding agents to your governance platform via MCP",
5
5
  "main": "src/index.js",
6
6
  "bin": {
@@ -27,6 +27,7 @@
27
27
  },
28
28
  "dependencies": {
29
29
  "@modelcontextprotocol/sdk": "^1.0.0",
30
+ "@vibe-assurance/cli": "^1.3.0",
30
31
  "axios": "^1.6.0",
31
32
  "chalk": "^4.1.2",
32
33
  "commander": "^12.0.0",
package/src/mcp/tools.js CHANGED
@@ -298,14 +298,14 @@ const tools = [
298
298
 
299
299
  {
300
300
  name: 'vibe_list_artifacts',
301
- description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored.',
301
+ description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored. TIP: Use type="PLAN" with status="Active" to find strategic plans before implementing features.',
302
302
  inputSchema: {
303
303
  type: 'object',
304
304
  properties: {
305
305
  type: {
306
306
  type: 'string',
307
307
  enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG'],
308
- description: 'Filter by artifact type'
308
+ description: 'Filter by artifact type. Use "PLAN" to find strategic plans.'
309
309
  },
310
310
  status: {
311
311
  type: 'string',
@@ -364,6 +364,314 @@ const tools = [
364
364
  handler: async ({ artifactId }) => {
365
365
  return await api.delete(`/api/mcp/artifacts/${artifactId}`);
366
366
  }
367
+ },
368
+
369
+ // ============================================================================
370
+ // STRATEGIC PLAN TOOLS - Use these FIRST when implementing features
371
+ // ============================================================================
372
+
373
+ {
374
+ name: 'vibe_get_strategic_plans',
375
+ description: 'START HERE when user asks to implement features or "the latest plan". Lists strategic PLAN artifacts containing CR roadmaps. Filter by status="Active" to find plans ready for implementation.',
376
+ inputSchema: {
377
+ type: 'object',
378
+ properties: {
379
+ status: {
380
+ type: 'string',
381
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
382
+ description: 'Filter by plan status. Use "Active" to find plans ready for implementation.'
383
+ }
384
+ }
385
+ },
386
+ handler: async (params = {}) => {
387
+ const query = new URLSearchParams();
388
+ query.set('type', 'PLAN');
389
+ if (params.status) query.set('status', params.status);
390
+ return await api.get(`/api/mcp/artifacts?${query.toString()}`);
391
+ }
392
+ },
393
+
394
+ {
395
+ name: 'vibe_update_plan_status',
396
+ description: 'Update a strategic plan\'s status. Use when all CRs from a plan are complete to mark it as Completed.',
397
+ inputSchema: {
398
+ type: 'object',
399
+ properties: {
400
+ planId: {
401
+ type: 'string',
402
+ description: 'The plan artifact ID (e.g., "PLAN-2026-001")'
403
+ },
404
+ status: {
405
+ type: 'string',
406
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
407
+ description: 'New status for the plan'
408
+ }
409
+ },
410
+ required: ['planId', 'status']
411
+ },
412
+ handler: async ({ planId, status }) => {
413
+ return await api.put(`/api/mcp/artifacts/${planId}`, { status });
414
+ }
415
+ },
416
+
417
+ // ============================================================================
418
+ // RISK MANAGEMENT TOOLS
419
+ // ============================================================================
420
+
421
+ {
422
+ name: 'vibe_get_risk_register',
423
+ description: 'Get the project\'s risk register. Returns all tracked risks with severity, status, and treatment plans.',
424
+ inputSchema: {
425
+ type: 'object',
426
+ properties: {
427
+ status: {
428
+ type: 'string',
429
+ enum: ['Active', 'Mitigated', 'Closed'],
430
+ description: 'Filter by risk status'
431
+ },
432
+ severity: {
433
+ type: 'string',
434
+ enum: ['Low', 'Medium', 'High', 'Critical'],
435
+ description: 'Filter by severity'
436
+ },
437
+ category: {
438
+ type: 'string',
439
+ enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
440
+ description: 'Filter by category (SEC=Security, VEN=Vendor, INF=Infrastructure, OPS=Operational, CMP=Compliance)'
441
+ }
442
+ }
443
+ },
444
+ handler: async (params = {}) => {
445
+ const query = new URLSearchParams();
446
+ if (params.status) query.set('status', params.status);
447
+ if (params.severity) query.set('severity', params.severity);
448
+ if (params.category) query.set('category', params.category);
449
+ const queryString = query.toString();
450
+ const path = queryString ? `/api/mcp/risks?${queryString}` : '/api/mcp/risks';
451
+ return await api.get(path);
452
+ }
453
+ },
454
+
455
+ {
456
+ name: 'vibe_add_risk',
457
+ description: 'Add a new risk to the project risk register. Severity is auto-calculated from likelihood × impact.',
458
+ inputSchema: {
459
+ type: 'object',
460
+ properties: {
461
+ riskId: {
462
+ type: 'string',
463
+ description: 'Unique risk ID (e.g., "RISK-001", "R-042")'
464
+ },
465
+ title: {
466
+ type: 'string',
467
+ description: 'Short title for the risk'
468
+ },
469
+ description: {
470
+ type: 'string',
471
+ description: 'Detailed description of the risk'
472
+ },
473
+ category: {
474
+ type: 'string',
475
+ enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
476
+ description: 'Risk category'
477
+ },
478
+ likelihood: {
479
+ type: 'number',
480
+ description: 'Likelihood score (1-5)'
481
+ },
482
+ impact: {
483
+ type: 'number',
484
+ description: 'Impact score (1-5)'
485
+ },
486
+ treatmentPlan: {
487
+ type: 'string',
488
+ description: 'Optional: Treatment plan or mitigation strategy'
489
+ }
490
+ },
491
+ required: ['riskId', 'title', 'description', 'category', 'likelihood', 'impact']
492
+ },
493
+ handler: async (params) => {
494
+ return await api.post('/api/mcp/risks', params);
495
+ }
496
+ },
497
+
498
+ {
499
+ name: 'vibe_get_risk',
500
+ description: 'Get a specific risk by ID with full details.',
501
+ inputSchema: {
502
+ type: 'object',
503
+ properties: {
504
+ riskId: {
505
+ type: 'string',
506
+ description: 'The risk ID to retrieve (e.g., "RISK-001")'
507
+ }
508
+ },
509
+ required: ['riskId']
510
+ },
511
+ handler: async ({ riskId }) => {
512
+ return await api.get(`/api/mcp/risks/${riskId}`);
513
+ }
514
+ },
515
+
516
+ {
517
+ name: 'vibe_update_risk',
518
+ description: 'Update a risk\'s status, treatment plan, or reassess likelihood/impact.',
519
+ inputSchema: {
520
+ type: 'object',
521
+ properties: {
522
+ riskId: {
523
+ type: 'string',
524
+ description: 'The risk ID to update'
525
+ },
526
+ status: {
527
+ type: 'string',
528
+ enum: ['Active', 'Mitigated', 'Closed'],
529
+ description: 'New status'
530
+ },
531
+ likelihood: {
532
+ type: 'number',
533
+ description: 'Updated likelihood (1-5)'
534
+ },
535
+ impact: {
536
+ type: 'number',
537
+ description: 'Updated impact (1-5)'
538
+ },
539
+ treatmentPlan: {
540
+ type: 'string',
541
+ description: 'Updated treatment plan'
542
+ }
543
+ },
544
+ required: ['riskId']
545
+ },
546
+ handler: async ({ riskId, ...updates }) => {
547
+ return await api.put(`/api/mcp/risks/${riskId}`, updates);
548
+ }
549
+ },
550
+
551
+ // ============================================================================
552
+ // VULNERABILITY MANAGEMENT TOOLS
553
+ // ============================================================================
554
+
555
+ {
556
+ name: 'vibe_get_vulnerability_register',
557
+ description: 'Get the project\'s vulnerability register. Returns all tracked security vulnerabilities.',
558
+ inputSchema: {
559
+ type: 'object',
560
+ properties: {
561
+ status: {
562
+ type: 'string',
563
+ enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
564
+ description: 'Filter by vulnerability status'
565
+ },
566
+ severity: {
567
+ type: 'string',
568
+ enum: ['Low', 'Medium', 'High', 'Critical'],
569
+ description: 'Filter by severity'
570
+ },
571
+ owaspCategory: {
572
+ type: 'string',
573
+ description: 'Filter by OWASP category (e.g., "A01:2021-Broken Access Control")'
574
+ }
575
+ }
576
+ },
577
+ handler: async (params = {}) => {
578
+ const query = new URLSearchParams();
579
+ if (params.status) query.set('status', params.status);
580
+ if (params.severity) query.set('severity', params.severity);
581
+ if (params.owaspCategory) query.set('owaspCategory', params.owaspCategory);
582
+ const queryString = query.toString();
583
+ const path = queryString ? `/api/mcp/vulnerabilities?${queryString}` : '/api/mcp/vulnerabilities';
584
+ return await api.get(path);
585
+ }
586
+ },
587
+
588
+ {
589
+ name: 'vibe_add_vulnerability',
590
+ description: 'Add a new vulnerability to the project vulnerability register with OWASP category validation.',
591
+ inputSchema: {
592
+ type: 'object',
593
+ properties: {
594
+ vulId: {
595
+ type: 'string',
596
+ description: 'Unique vulnerability ID (e.g., "VUL-001")'
597
+ },
598
+ title: {
599
+ type: 'string',
600
+ description: 'Short title for the vulnerability'
601
+ },
602
+ description: {
603
+ type: 'string',
604
+ description: 'Detailed description of the vulnerability'
605
+ },
606
+ severity: {
607
+ type: 'string',
608
+ enum: ['Low', 'Medium', 'High', 'Critical'],
609
+ description: 'Severity level'
610
+ },
611
+ owaspCategory: {
612
+ type: 'string',
613
+ description: 'OWASP Top 10 category (e.g., "A01:2021-Broken Access Control")'
614
+ },
615
+ location: {
616
+ type: 'string',
617
+ description: 'File path or component where vulnerability exists'
618
+ }
619
+ },
620
+ required: ['vulId', 'title', 'description', 'severity']
621
+ },
622
+ handler: async (params) => {
623
+ return await api.post('/api/mcp/vulnerabilities', params);
624
+ }
625
+ },
626
+
627
+ {
628
+ name: 'vibe_get_vulnerability',
629
+ description: 'Get a specific vulnerability by ID with full details.',
630
+ inputSchema: {
631
+ type: 'object',
632
+ properties: {
633
+ vulId: {
634
+ type: 'string',
635
+ description: 'The vulnerability ID to retrieve (e.g., "VUL-001")'
636
+ }
637
+ },
638
+ required: ['vulId']
639
+ },
640
+ handler: async ({ vulId }) => {
641
+ return await api.get(`/api/mcp/vulnerabilities/${vulId}`);
642
+ }
643
+ },
644
+
645
+ {
646
+ name: 'vibe_update_vulnerability',
647
+ description: 'Update a vulnerability\'s status, severity, or link it to a remediation CR.',
648
+ inputSchema: {
649
+ type: 'object',
650
+ properties: {
651
+ vulId: {
652
+ type: 'string',
653
+ description: 'The vulnerability ID to update'
654
+ },
655
+ status: {
656
+ type: 'string',
657
+ enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
658
+ description: 'New status'
659
+ },
660
+ severity: {
661
+ type: 'string',
662
+ enum: ['Low', 'Medium', 'High', 'Critical'],
663
+ description: 'Updated severity'
664
+ },
665
+ relatedCR: {
666
+ type: 'string',
667
+ description: 'Link to remediation CR (e.g., "CR-2026-042")'
668
+ }
669
+ },
670
+ required: ['vulId']
671
+ },
672
+ handler: async ({ vulId, ...updates }) => {
673
+ return await api.put(`/api/mcp/vulnerabilities/${vulId}`, updates);
674
+ }
367
675
  }
368
676
  ];
369
677