@vibe-assurance/cli 1.3.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +2 -1
  2. package/src/mcp/tools.js +552 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vibe-assurance/cli",
3
- "version": "1.3.0",
3
+ "version": "1.6.0",
4
4
  "description": "Vibe Assurance CLI - Connect AI coding agents to your governance platform via MCP",
5
5
  "main": "src/index.js",
6
6
  "bin": {
@@ -27,6 +27,7 @@
27
27
  },
28
28
  "dependencies": {
29
29
  "@modelcontextprotocol/sdk": "^1.0.0",
30
+ "@vibe-assurance/cli": "^1.3.0",
30
31
  "axios": "^1.6.0",
31
32
  "chalk": "^4.1.2",
32
33
  "commander": "^12.0.0",
package/src/mcp/tools.js CHANGED
@@ -179,7 +179,7 @@ const tools = [
179
179
  properties: {
180
180
  type: {
181
181
  type: 'string',
182
- enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG'],
182
+ enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG', 'SOP'],
183
183
  description: 'Type of artifact'
184
184
  },
185
185
  artifactId: {
@@ -298,14 +298,14 @@ const tools = [
298
298
 
299
299
  {
300
300
  name: 'vibe_list_artifacts',
301
- description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored.',
301
+ description: 'List your stored artifacts with optional filters. Use this to see what governance documents you have stored. TIP: Use type="PLAN" with status="Active" to find strategic plans before implementing features.',
302
302
  inputSchema: {
303
303
  type: 'object',
304
304
  properties: {
305
305
  type: {
306
306
  type: 'string',
307
- enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG'],
308
- description: 'Filter by artifact type'
307
+ enum: ['CR', 'RISK', 'VULNERABILITY', 'REPORT', 'POLICY', 'PLAN', 'ARCHITECTURE', 'CONFIG', 'SOP'],
308
+ description: 'Filter by artifact type. Use "PLAN" to find strategic plans.'
309
309
  },
310
310
  status: {
311
311
  type: 'string',
@@ -364,6 +364,554 @@ const tools = [
364
364
  handler: async ({ artifactId }) => {
365
365
  return await api.delete(`/api/mcp/artifacts/${artifactId}`);
366
366
  }
367
+ },
368
+
369
+ // ============================================================================
370
+ // STRATEGIC PLAN TOOLS - Use these FIRST when implementing features
371
+ // ============================================================================
372
+
373
+ {
374
+ name: 'vibe_get_strategic_plans',
375
+ description: 'START HERE when user asks to implement features or "the latest plan". Lists strategic PLAN artifacts containing CR roadmaps. Filter by status="Active" to find plans ready for implementation.',
376
+ inputSchema: {
377
+ type: 'object',
378
+ properties: {
379
+ status: {
380
+ type: 'string',
381
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
382
+ description: 'Filter by plan status. Use "Active" to find plans ready for implementation.'
383
+ }
384
+ }
385
+ },
386
+ handler: async (params = {}) => {
387
+ const query = new URLSearchParams();
388
+ query.set('type', 'PLAN');
389
+ if (params.status) query.set('status', params.status);
390
+ return await api.get(`/api/mcp/artifacts?${query.toString()}`);
391
+ }
392
+ },
393
+
394
+ {
395
+ name: 'vibe_update_plan_status',
396
+ description: 'Update a strategic plan\'s status. Use when all CRs from a plan are complete to mark it as Completed.',
397
+ inputSchema: {
398
+ type: 'object',
399
+ properties: {
400
+ planId: {
401
+ type: 'string',
402
+ description: 'The plan artifact ID (e.g., "PLAN-2026-001")'
403
+ },
404
+ status: {
405
+ type: 'string',
406
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
407
+ description: 'New status for the plan'
408
+ }
409
+ },
410
+ required: ['planId', 'status']
411
+ },
412
+ handler: async ({ planId, status }) => {
413
+ return await api.put(`/api/mcp/artifacts/${planId}`, { status });
414
+ }
415
+ },
416
+
417
+ // ============================================================================
418
+ // RISK MANAGEMENT TOOLS
419
+ // ============================================================================
420
+
421
+ {
422
+ name: 'vibe_get_risk_register',
423
+ description: 'Get the project\'s risk register. Returns all tracked risks with severity, status, and treatment plans.',
424
+ inputSchema: {
425
+ type: 'object',
426
+ properties: {
427
+ status: {
428
+ type: 'string',
429
+ enum: ['Active', 'Mitigated', 'Closed'],
430
+ description: 'Filter by risk status'
431
+ },
432
+ severity: {
433
+ type: 'string',
434
+ enum: ['Low', 'Medium', 'High', 'Critical'],
435
+ description: 'Filter by severity'
436
+ },
437
+ category: {
438
+ type: 'string',
439
+ enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
440
+ description: 'Filter by category (SEC=Security, VEN=Vendor, INF=Infrastructure, OPS=Operational, CMP=Compliance)'
441
+ }
442
+ }
443
+ },
444
+ handler: async (params = {}) => {
445
+ const query = new URLSearchParams();
446
+ if (params.status) query.set('status', params.status);
447
+ if (params.severity) query.set('severity', params.severity);
448
+ if (params.category) query.set('category', params.category);
449
+ const queryString = query.toString();
450
+ const path = queryString ? `/api/mcp/risks?${queryString}` : '/api/mcp/risks';
451
+ return await api.get(path);
452
+ }
453
+ },
454
+
455
+ {
456
+ name: 'vibe_add_risk',
457
+ description: 'Add a new risk to the project risk register. Severity is auto-calculated from likelihood × impact.',
458
+ inputSchema: {
459
+ type: 'object',
460
+ properties: {
461
+ riskId: {
462
+ type: 'string',
463
+ description: 'Unique risk ID (e.g., "RISK-001", "R-042")'
464
+ },
465
+ title: {
466
+ type: 'string',
467
+ description: 'Short title for the risk'
468
+ },
469
+ description: {
470
+ type: 'string',
471
+ description: 'Detailed description of the risk'
472
+ },
473
+ category: {
474
+ type: 'string',
475
+ enum: ['SEC', 'VEN', 'INF', 'OPS', 'CMP'],
476
+ description: 'Risk category'
477
+ },
478
+ likelihood: {
479
+ type: 'number',
480
+ description: 'Likelihood score (1-5)'
481
+ },
482
+ impact: {
483
+ type: 'number',
484
+ description: 'Impact score (1-5)'
485
+ },
486
+ treatmentPlan: {
487
+ type: 'string',
488
+ description: 'Optional: Treatment plan or mitigation strategy'
489
+ }
490
+ },
491
+ required: ['riskId', 'title', 'description', 'category', 'likelihood', 'impact']
492
+ },
493
+ handler: async (params) => {
494
+ return await api.post('/api/mcp/risks', params);
495
+ }
496
+ },
497
+
498
+ {
499
+ name: 'vibe_get_risk',
500
+ description: 'Get a specific risk by ID with full details.',
501
+ inputSchema: {
502
+ type: 'object',
503
+ properties: {
504
+ riskId: {
505
+ type: 'string',
506
+ description: 'The risk ID to retrieve (e.g., "RISK-001")'
507
+ }
508
+ },
509
+ required: ['riskId']
510
+ },
511
+ handler: async ({ riskId }) => {
512
+ return await api.get(`/api/mcp/risks/${riskId}`);
513
+ }
514
+ },
515
+
516
+ {
517
+ name: 'vibe_update_risk',
518
+ description: 'Update a risk\'s status, treatment plan, or reassess likelihood/impact.',
519
+ inputSchema: {
520
+ type: 'object',
521
+ properties: {
522
+ riskId: {
523
+ type: 'string',
524
+ description: 'The risk ID to update'
525
+ },
526
+ status: {
527
+ type: 'string',
528
+ enum: ['Active', 'Mitigated', 'Closed'],
529
+ description: 'New status'
530
+ },
531
+ likelihood: {
532
+ type: 'number',
533
+ description: 'Updated likelihood (1-5)'
534
+ },
535
+ impact: {
536
+ type: 'number',
537
+ description: 'Updated impact (1-5)'
538
+ },
539
+ treatmentPlan: {
540
+ type: 'string',
541
+ description: 'Updated treatment plan'
542
+ }
543
+ },
544
+ required: ['riskId']
545
+ },
546
+ handler: async ({ riskId, ...updates }) => {
547
+ return await api.put(`/api/mcp/risks/${riskId}`, updates);
548
+ }
549
+ },
550
+
551
+ // ============================================================================
552
+ // VULNERABILITY MANAGEMENT TOOLS
553
+ // ============================================================================
554
+
555
+ {
556
+ name: 'vibe_get_vulnerability_register',
557
+ description: 'Get the project\'s vulnerability register. Returns all tracked security vulnerabilities.',
558
+ inputSchema: {
559
+ type: 'object',
560
+ properties: {
561
+ status: {
562
+ type: 'string',
563
+ enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
564
+ description: 'Filter by vulnerability status'
565
+ },
566
+ severity: {
567
+ type: 'string',
568
+ enum: ['Low', 'Medium', 'High', 'Critical'],
569
+ description: 'Filter by severity'
570
+ },
571
+ owaspCategory: {
572
+ type: 'string',
573
+ description: 'Filter by OWASP category (e.g., "A01:2021-Broken Access Control")'
574
+ }
575
+ }
576
+ },
577
+ handler: async (params = {}) => {
578
+ const query = new URLSearchParams();
579
+ if (params.status) query.set('status', params.status);
580
+ if (params.severity) query.set('severity', params.severity);
581
+ if (params.owaspCategory) query.set('owaspCategory', params.owaspCategory);
582
+ const queryString = query.toString();
583
+ const path = queryString ? `/api/mcp/vulnerabilities?${queryString}` : '/api/mcp/vulnerabilities';
584
+ return await api.get(path);
585
+ }
586
+ },
587
+
588
+ {
589
+ name: 'vibe_add_vulnerability',
590
+ description: 'Add a new vulnerability to the project vulnerability register with OWASP category validation.',
591
+ inputSchema: {
592
+ type: 'object',
593
+ properties: {
594
+ vulId: {
595
+ type: 'string',
596
+ description: 'Unique vulnerability ID (e.g., "VUL-001")'
597
+ },
598
+ title: {
599
+ type: 'string',
600
+ description: 'Short title for the vulnerability'
601
+ },
602
+ description: {
603
+ type: 'string',
604
+ description: 'Detailed description of the vulnerability'
605
+ },
606
+ severity: {
607
+ type: 'string',
608
+ enum: ['Low', 'Medium', 'High', 'Critical'],
609
+ description: 'Severity level'
610
+ },
611
+ owaspCategory: {
612
+ type: 'string',
613
+ description: 'OWASP Top 10 category (e.g., "A01:2021-Broken Access Control")'
614
+ },
615
+ location: {
616
+ type: 'string',
617
+ description: 'File path or component where vulnerability exists'
618
+ }
619
+ },
620
+ required: ['vulId', 'title', 'description', 'severity']
621
+ },
622
+ handler: async (params) => {
623
+ return await api.post('/api/mcp/vulnerabilities', params);
624
+ }
625
+ },
626
+
627
+ {
628
+ name: 'vibe_get_vulnerability',
629
+ description: 'Get a specific vulnerability by ID with full details.',
630
+ inputSchema: {
631
+ type: 'object',
632
+ properties: {
633
+ vulId: {
634
+ type: 'string',
635
+ description: 'The vulnerability ID to retrieve (e.g., "VUL-001")'
636
+ }
637
+ },
638
+ required: ['vulId']
639
+ },
640
+ handler: async ({ vulId }) => {
641
+ return await api.get(`/api/mcp/vulnerabilities/${vulId}`);
642
+ }
643
+ },
644
+
645
+ {
646
+ name: 'vibe_update_vulnerability',
647
+ description: 'Update a vulnerability\'s status, severity, or link it to a remediation CR.',
648
+ inputSchema: {
649
+ type: 'object',
650
+ properties: {
651
+ vulId: {
652
+ type: 'string',
653
+ description: 'The vulnerability ID to update'
654
+ },
655
+ status: {
656
+ type: 'string',
657
+ enum: ['Active', 'Pending Verification', 'Verified', 'Closed'],
658
+ description: 'New status'
659
+ },
660
+ severity: {
661
+ type: 'string',
662
+ enum: ['Low', 'Medium', 'High', 'Critical'],
663
+ description: 'Updated severity'
664
+ },
665
+ relatedCR: {
666
+ type: 'string',
667
+ description: 'Link to remediation CR (e.g., "CR-2026-042")'
668
+ }
669
+ },
670
+ required: ['vulId']
671
+ },
672
+ handler: async ({ vulId, ...updates }) => {
673
+ return await api.put(`/api/mcp/vulnerabilities/${vulId}`, updates);
674
+ }
675
+ },
676
+
677
+ // ============================================================================
678
+ // SOP MANAGEMENT TOOLS (CR-2026-054)
679
+ // ============================================================================
680
+
681
+ {
682
+ name: 'vibe_list_sops',
683
+ description: 'List all Standard Operating Procedures (SOPs) for the project. SOPs define step-by-step procedures for operational tasks.',
684
+ inputSchema: {
685
+ type: 'object',
686
+ properties: {
687
+ status: {
688
+ type: 'string',
689
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
690
+ description: 'Filter by SOP status'
691
+ },
692
+ category: {
693
+ type: 'string',
694
+ description: 'Filter by category (e.g., "Security", "HR", "SDLC", "Change Management")'
695
+ }
696
+ }
697
+ },
698
+ handler: async (params = {}) => {
699
+ const query = new URLSearchParams();
700
+ if (params.status) query.set('status', params.status);
701
+ if (params.category) query.set('category', params.category);
702
+ const queryString = query.toString();
703
+ const path = queryString ? `/api/mcp/sops?${queryString}` : '/api/mcp/sops';
704
+ return await api.get(path);
705
+ }
706
+ },
707
+
708
+ {
709
+ name: 'vibe_store_sop',
710
+ description: 'Create a new Standard Operating Procedure (SOP). SOPs define step-by-step procedures for operational tasks like onboarding, offboarding, access reviews, etc.',
711
+ inputSchema: {
712
+ type: 'object',
713
+ properties: {
714
+ sopId: {
715
+ type: 'string',
716
+ description: 'Unique SOP ID (e.g., "SOP-001", "SOP-SDLC-001")'
717
+ },
718
+ title: {
719
+ type: 'string',
720
+ description: 'Title of the SOP (e.g., "Employee Onboarding Checklist")'
721
+ },
722
+ content: {
723
+ type: 'string',
724
+ description: 'Full SOP content in markdown format'
725
+ },
726
+ status: {
727
+ type: 'string',
728
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
729
+ description: 'SOP status (default: Active)'
730
+ },
731
+ metadata: {
732
+ type: 'object',
733
+ description: 'Additional metadata (e.g., category, version, owner)',
734
+ additionalProperties: true
735
+ }
736
+ },
737
+ required: ['sopId', 'title', 'content']
738
+ },
739
+ handler: async (params) => {
740
+ return await api.post('/api/mcp/sops', params);
741
+ }
742
+ },
743
+
744
+ {
745
+ name: 'vibe_get_sop',
746
+ description: 'Get a specific SOP by ID with full content.',
747
+ inputSchema: {
748
+ type: 'object',
749
+ properties: {
750
+ sopId: {
751
+ type: 'string',
752
+ description: 'The SOP ID to retrieve (e.g., "SOP-001")'
753
+ }
754
+ },
755
+ required: ['sopId']
756
+ },
757
+ handler: async ({ sopId }) => {
758
+ return await api.get(`/api/mcp/sops/${sopId}`);
759
+ }
760
+ },
761
+
762
+ {
763
+ name: 'vibe_update_sop',
764
+ description: 'Update an existing SOP\'s content, status, or metadata.',
765
+ inputSchema: {
766
+ type: 'object',
767
+ properties: {
768
+ sopId: {
769
+ type: 'string',
770
+ description: 'The SOP ID to update'
771
+ },
772
+ title: {
773
+ type: 'string',
774
+ description: 'Updated title'
775
+ },
776
+ content: {
777
+ type: 'string',
778
+ description: 'Updated content'
779
+ },
780
+ status: {
781
+ type: 'string',
782
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
783
+ description: 'Updated status'
784
+ },
785
+ metadata: {
786
+ type: 'object',
787
+ description: 'Updated metadata'
788
+ }
789
+ },
790
+ required: ['sopId']
791
+ },
792
+ handler: async ({ sopId, ...updates }) => {
793
+ return await api.put(`/api/mcp/sops/${sopId}`, updates);
794
+ }
795
+ },
796
+
797
+ // ============================================================================
798
+ // POLICY MANAGEMENT TOOLS (CR-2026-054)
799
+ // ============================================================================
800
+
801
+ {
802
+ name: 'vibe_list_policies',
803
+ description: 'List all policies for the project. Policies define organizational rules and guidelines.',
804
+ inputSchema: {
805
+ type: 'object',
806
+ properties: {
807
+ status: {
808
+ type: 'string',
809
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
810
+ description: 'Filter by policy status'
811
+ },
812
+ category: {
813
+ type: 'string',
814
+ description: 'Filter by category (e.g., "Security", "HR", "SDLC")'
815
+ }
816
+ }
817
+ },
818
+ handler: async (params = {}) => {
819
+ const query = new URLSearchParams();
820
+ if (params.status) query.set('status', params.status);
821
+ if (params.category) query.set('category', params.category);
822
+ const queryString = query.toString();
823
+ const path = queryString ? `/api/mcp/policies?${queryString}` : '/api/mcp/policies';
824
+ return await api.get(path);
825
+ }
826
+ },
827
+
828
+ {
829
+ name: 'vibe_store_policy',
830
+ description: 'Create a new policy document. Policies define organizational rules and guidelines for security, HR, SDLC, etc.',
831
+ inputSchema: {
832
+ type: 'object',
833
+ properties: {
834
+ policyId: {
835
+ type: 'string',
836
+ description: 'Unique policy ID (e.g., "POL-001", "POL-SEC-001")'
837
+ },
838
+ title: {
839
+ type: 'string',
840
+ description: 'Title of the policy (e.g., "Information Security Policy")'
841
+ },
842
+ content: {
843
+ type: 'string',
844
+ description: 'Full policy content in markdown format'
845
+ },
846
+ status: {
847
+ type: 'string',
848
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
849
+ description: 'Policy status (default: Active)'
850
+ },
851
+ metadata: {
852
+ type: 'object',
853
+ description: 'Additional metadata (e.g., category, version, owner)',
854
+ additionalProperties: true
855
+ }
856
+ },
857
+ required: ['policyId', 'title', 'content']
858
+ },
859
+ handler: async (params) => {
860
+ return await api.post('/api/mcp/policies', params);
861
+ }
862
+ },
863
+
864
+ {
865
+ name: 'vibe_get_policy',
866
+ description: 'Get a specific policy by ID with full content.',
867
+ inputSchema: {
868
+ type: 'object',
869
+ properties: {
870
+ policyId: {
871
+ type: 'string',
872
+ description: 'The policy ID to retrieve (e.g., "POL-001")'
873
+ }
874
+ },
875
+ required: ['policyId']
876
+ },
877
+ handler: async ({ policyId }) => {
878
+ return await api.get(`/api/mcp/policies/${policyId}`);
879
+ }
880
+ },
881
+
882
+ {
883
+ name: 'vibe_update_policy',
884
+ description: 'Update an existing policy\'s content, status, or metadata.',
885
+ inputSchema: {
886
+ type: 'object',
887
+ properties: {
888
+ policyId: {
889
+ type: 'string',
890
+ description: 'The policy ID to update'
891
+ },
892
+ title: {
893
+ type: 'string',
894
+ description: 'Updated title'
895
+ },
896
+ content: {
897
+ type: 'string',
898
+ description: 'Updated content'
899
+ },
900
+ status: {
901
+ type: 'string',
902
+ enum: ['Draft', 'Active', 'Completed', 'Closed'],
903
+ description: 'Updated status'
904
+ },
905
+ metadata: {
906
+ type: 'object',
907
+ description: 'Updated metadata'
908
+ }
909
+ },
910
+ required: ['policyId']
911
+ },
912
+ handler: async ({ policyId, ...updates }) => {
913
+ return await api.put(`/api/mcp/policies/${policyId}`, updates);
914
+ }
367
915
  }
368
916
  ];
369
917