@vibecheck-ai/mcp 24.5.6 → 24.5.8

package/dist/index.js

@@ -278752,6 +278752,8 @@ import {
   gateCanonicalScanReportFindings,
   normalizeCanonicalScanReport
 } from "@repo/shared-types";
+import { formatTrustScoreMcp, getTrustScoreStatus } from "@repo/shared-types";
+import { dashboardFindingUrl } from "@repo/shared-types";
 
 // ../codegraph/dist/index.js
 var import_fast_glob = __toESM(require_out4(), 1);
@@ -293109,6 +293111,8 @@ var FEATURE_NAMES = {
   REVIEW_WORKFLOWS: "Review Workflows",
   FLOW_WORKFLOWS: "Flow Workflows",
   WIKICODE_ATLAS: "WikiCode Atlas",
+  /** Truthpack generate/validate — local CLI + IDE; registry key matches {@link FEATURE_REGISTRY} */
+  TRUTHPACK: "Truthpack",
   /** LLM guided routes — use getAccessMode for free taste vs Pro unlimited */
   GUIDED_ROUTE: "Guided Route",
   SHIP_SCORE: "Ship Score",
@@ -293955,7 +293959,7 @@ var TOOL_FEATURE_MAP = {
   vibecheck_docguard: FEATURE_NAMES.DOCGUARD,
   vibecheck_commitshield: FEATURE_NAMES.COMMIT_SHIELD,
   vibecheck_polish: FEATURE_NAMES.POLISH,
-  vibecheck_truthpack: "Truthpack",
+  vibecheck_truthpack: FEATURE_NAMES.TRUTHPACK,
   vibecheck_review: FEATURE_NAMES.COMMIT_SHIELD
 };
 function getToolApiSurface(toolName) {
@@ -294231,6 +294235,84 @@ var MCP_TOOLS = [
       },
       required: ["file"]
     }
+  },
+  // ── Platform Unification Tools ─────────────────────────────────────
+  {
+    name: "vibecheck_trust_score",
+    description: "Get the current/latest trust score for a project. Returns score (0-100), grade, and status (PASSING/WARNING/FAILING). Alias for vibecheck_score with markdown formatting.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_findings",
+    description: 'List findings for the current project, filterable by severity, engine, or file path. Supports natural queries like "show me all critical findings in src/api/".',
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." },
+        severity: { type: "string", enum: ["critical", "high", "medium", "low", "info"], description: "Filter by severity." },
+        engine: { type: "string", description: 'Filter by engine ID (e.g. "phantom_dep", "ghost_route").' },
+        file: { type: "string", description: "Filter findings to a specific file or directory path." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_finding",
+    description: "Get full detail on a specific finding by ID, including evidence, fix suggestion, and dashboard URL.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "Finding ID." },
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      },
+      required: ["id"]
+    }
+  },
+  {
+    name: "vibecheck_dismiss",
+    description: "Dismiss a finding (mark as false positive or acknowledged). Syncs across all surfaces when authenticated.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "Finding ID to dismiss." },
+        reason: { type: "string", description: "Reason for dismissal." },
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      },
+      required: ["id"]
+    }
+  },
+  {
+    name: "vibecheck_history",
+    description: "Get scan history for a project. Returns recent scans with trust scores and finding counts.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." },
+        limit: { type: "number", description: "Max scans to return. Default 10." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_engines",
+    description: "List available scan engines and their descriptions. Shows which engines are active.",
+    inputSchema: {
+      type: "object",
+      properties: {}
+    }
+  },
+  {
+    name: "vibecheck_status",
+    description: "Check auth status, tier, and entitlements. Returns whether the user is authenticated and their current plan.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Workspace root path. Defaults to current directory." }
+      }
+    }
   }
 ];
 function isKnownToolName(toolName) {
@@ -294379,7 +294461,7 @@ function createScanIdempotencyKey(prefix) {
 // src/mcp-scan-meter-client.ts
 var MCP_SCAN_METER_CLIENT = {
   type: "mcp",
-  version: "24.5.6"
+  version: "24.5.8"
 };
 
 // src/server.ts
@@ -294911,6 +294993,216 @@ ${validation.errors.join("\n")}`
           ]
         };
       }
+      // ── Platform Unification Tool Handlers ──────────────────────────────
+      case "vibecheck_trust_score": {
+        const result = await withTimeout(
+          runtime.runScore(targetPath),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_trust_score"
+        );
+        const status = getTrustScoreStatus(result.score);
+        const emoji = status === "passing" ? "\u2705" : status === "warning" ? "\u26A0\uFE0F" : "\u{1F6A8}";
+        const text = [
+          `## Trust Score`,
+          "",
+          `**${result.score}/100** (${status.toUpperCase()}) ${emoji}`,
+          `**Grade:** ${result.grade}`,
+          `**Decision:** ${result.decision}`,
+          "",
+          `> ${formatTrustScoreMcp(result.score)}`
+        ].join("\n");
+        return { content: [{ type: "text", text }] };
+      }
+      case "vibecheck_findings": {
+        const report = await withTimeout(
+          runtime.runScan(targetPath, { enginePreset: "full" }),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_findings"
+        );
+        const gatedReport = gateCanonicalScanReportFindings(report, userPlan);
+        let filtered = gatedReport.findings;
+        if (args2.severity) {
+          filtered = filtered.filter((f) => f.severity === args2.severity);
+        }
+        if (args2.engine) {
+          filtered = filtered.filter((f) => f.engine === args2.engine);
+        }
+        if (args2.file) {
+          const fileFilter = args2.file;
+          filtered = filtered.filter((f) => f.file?.includes(fileFilter));
+        }
+        const lines = [
+          `## Findings (${filtered.length} of ${gatedReport.summary.total})`,
+          ""
+        ];
+        for (const f of filtered.slice(0, 50)) {
+          const loc = f.file ? `${f.file}${f.line ? `:${f.line}` : ""}` : "unknown";
+          lines.push(`- **[${f.severity.toUpperCase()}]** ${f.message}`);
+          lines.push(`  \`${loc}\` (${f.engine})`);
+          if (f.suggestion) lines.push(`  Fix: ${f.suggestion}`);
+        }
+        if (filtered.length > 50) {
+          lines.push("", `_...and ${filtered.length - 50} more findings_`);
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+      case "vibecheck_finding": {
+        const findingId = args2.id;
+        if (!findingId) {
+          return buildErrorResponse('vibecheck_finding requires "id"');
+        }
+        const report = await withTimeout(
+          runtime.runScan(targetPath, { enginePreset: "full" }),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_finding"
+        );
+        const finding = report.findings.find((f) => f.id === findingId);
+        if (!finding) {
+          return buildErrorResponse(`Finding "${findingId}" not found in current scan results.`);
+        }
+        const loc = finding.file ? `${finding.file}${finding.line ? `:${finding.line}` : ""}` : "unknown";
+        const text = [
+          `## Finding: ${finding.message}`,
+          "",
+          `| Field | Value |`,
+          `|-------|-------|`,
+          `| ID | \`${finding.id}\` |`,
+          `| Severity | ${finding.severity.toUpperCase()} |`,
+          `| Engine | ${finding.engine} |`,
+          `| Location | \`${loc}\` |`,
+          `| Confidence | ${finding.confidence ?? "N/A"} |`,
+          finding.suggestion ? `| Suggestion | ${finding.suggestion} |` : "",
+          "",
+          report.runId ? `**Dashboard:** ${dashboardFindingUrl(report.runId, finding.id)}` : ""
+        ].filter(Boolean).join("\n");
+        return { content: [{ type: "text", text }] };
+      }
+      case "vibecheck_dismiss": {
+        const findingId = args2.id;
+        if (!findingId) {
+          return buildErrorResponse('vibecheck_dismiss requires "id"');
+        }
+        const reason = args2.reason ?? "Dismissed via MCP";
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        if (!token) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                ok: false,
+                message: "Authentication required to dismiss findings across surfaces. Set VIBECHECK_TOKEN or run `vibecheck auth login`.",
+                localOnly: true,
+                findingId,
+                reason
+              }, null, 2)
+            }]
+          };
+        }
+        try {
+          const apiBase = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
+          const resp = await fetch(`${apiBase}/api/v1/findings/${findingId}`, {
+            method: "PATCH",
+            headers: {
+              "Authorization": `Bearer ${token}`,
+              "Content-Type": "application/json"
+            },
+            body: JSON.stringify({ resolved: true })
+          });
+          if (!resp.ok) {
+            return buildErrorResponse(`Failed to dismiss finding: HTTP ${resp.status}`);
+          }
+          return {
+            content: [{
+              type: "text",
+              text: `Finding \`${findingId}\` dismissed. Reason: ${reason}
+This change is synced across all surfaces.`
+            }]
+          };
+        } catch (err2) {
+          return buildErrorResponse(`Failed to dismiss finding: ${err2 instanceof Error ? err2.message : String(err2)}`);
+        }
+      }
+      case "vibecheck_history": {
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        if (!token) {
+          return {
+            content: [{
+              type: "text",
+              text: "Scan history requires authentication. Set VIBECHECK_TOKEN or run `vibecheck auth login`."
+            }]
+          };
+        }
+        try {
+          const apiBase = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
+          const limit = args2.limit ?? 10;
+          const resp = await fetch(`${apiBase}/api/v1/scans/recent?limit=${limit}`, {
+            headers: { "Authorization": `Bearer ${token}` }
+          });
+          if (!resp.ok) {
+            return buildErrorResponse(`Failed to fetch scan history: HTTP ${resp.status}`);
+          }
+          const body2 = await resp.json();
+          const scans = body2.data ?? [];
+          if (scans.length === 0) {
+            return { content: [{ type: "text", text: "No scan history found. Run `vibecheck scan .` to create your first scan." }] };
+          }
+          const lines = [`## Scan History (${scans.length} most recent)`, ""];
+          for (const s of scans) {
+            const status = s.status ?? "unknown";
+            const created = s.createdAt ?? "";
+            const id = s.id ?? "";
+            lines.push(`- **${status}** \u2014 ${created} (\`${id}\`)`);
+          }
+          return { content: [{ type: "text", text: lines.join("\n") }] };
+        } catch (err2) {
+          return buildErrorResponse(`Failed to fetch history: ${err2 instanceof Error ? err2.message : String(err2)}`);
+        }
+      }
+      case "vibecheck_engines": {
+        const engineIds = [
+          "type-contract",
+          "security-pattern",
+          "perf-antipattern",
+          "env_var",
+          "ghost_route",
+          "phantom_dep",
+          "api_truth",
+          "credentials",
+          "security",
+          "framework_packs",
+          "fake_features",
+          "version_hallucination",
+          "logic_gap",
+          "error_handling",
+          "outcome_verification",
+          "incomplete_impl"
+        ];
+        const lines = [
+          `## Available Engines (${engineIds.length})`,
+          "",
+          "| Engine ID | Status |",
+          "|-----------|--------|"
+        ];
+        for (const id of engineIds) {
+          lines.push(`| \`${id}\` | Active |`);
+        }
+        lines.push("", "All engines are included in the free tier.");
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+      case "vibecheck_status": {
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        const authenticated = !!token;
+        const text = [
+          `## VibeCheck Status`,
+          "",
+          `**Authenticated:** ${authenticated ? "Yes" : "No"}`,
+          `**Tier:** ${userPlan}`,
+          `**MCP Server:** Active`,
+          "",
+          authenticated ? "All scans are synced to the dashboard." : "Run `vibecheck auth login` to sync scans across devices."
+        ].join("\n");
+        return { content: [{ type: "text", text }] };
+      }
       case "vibecheck_forge":
       case "vibecheck_reality":
       case "vibecheck_ship":

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheck-ai/mcp",
-  "version": "24.5.6",
+  "version": "24.5.8",
   "description": "The trust layer for AI-generated software. Catches phantom dependencies, ghost API routes, fake SDK methods, and hardcoded secrets — before they ship.",
   "mcpName": "io.github.guardiavault-oss/vibecheck-mcp",
   "type": "module",