@vibecheck-ai/mcp 24.5.6 → 24.5.9

package/dist/index.js

@@ -219066,27 +219066,29 @@ var require_has_flag = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/supports-color@7.2.0/node_modules/supports-color/index.js
+// ../../node_modules/.pnpm/supports-color@8.1.1/node_modules/supports-color/index.js
 var require_supports_color = __commonJS({
-  "../../node_modules/.pnpm/supports-color@7.2.0/node_modules/supports-color/index.js"(exports2, module2) {
+  "../../node_modules/.pnpm/supports-color@8.1.1/node_modules/supports-color/index.js"(exports2, module2) {
     "use strict";
     var os2 = __require("os");
     var tty = __require("tty");
     var hasFlag = require_has_flag();
     var { env: env3 } = process;
-    var forceColor;
+    var flagForceColor;
     if (hasFlag("no-color") || hasFlag("no-colors") || hasFlag("color=false") || hasFlag("color=never")) {
-      forceColor = 0;
+      flagForceColor = 0;
     } else if (hasFlag("color") || hasFlag("colors") || hasFlag("color=true") || hasFlag("color=always")) {
-      forceColor = 1;
+      flagForceColor = 1;
     }
-    if ("FORCE_COLOR" in env3) {
-      if (env3.FORCE_COLOR === "true") {
-        forceColor = 1;
-      } else if (env3.FORCE_COLOR === "false") {
-        forceColor = 0;
-      } else {
-        forceColor = env3.FORCE_COLOR.length === 0 ? 1 : Math.min(parseInt(env3.FORCE_COLOR, 10), 3);
+    function envForceColor() {
+      if ("FORCE_COLOR" in env3) {
+        if (env3.FORCE_COLOR === "true") {
+          return 1;
+        }
+        if (env3.FORCE_COLOR === "false") {
+          return 0;
+        }
+        return env3.FORCE_COLOR.length === 0 ? 1 : Math.min(Number.parseInt(env3.FORCE_COLOR, 10), 3);
       }
     }
     function translateLevel(level) {
@@ -219100,15 +219102,22 @@ var require_supports_color = __commonJS({
         has16m: level >= 3
       };
     }
-    function supportsColor(haveStream, streamIsTTY) {
+    function supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
+      const noFlagForceColor = envForceColor();
+      if (noFlagForceColor !== void 0) {
+        flagForceColor = noFlagForceColor;
+      }
+      const forceColor = sniffFlags ? flagForceColor : noFlagForceColor;
       if (forceColor === 0) {
         return 0;
       }
-      if (hasFlag("color=16m") || hasFlag("color=full") || hasFlag("color=truecolor")) {
-        return 3;
-      }
-      if (hasFlag("color=256")) {
-        return 2;
+      if (sniffFlags) {
+        if (hasFlag("color=16m") || hasFlag("color=full") || hasFlag("color=truecolor")) {
+          return 3;
+        }
+        if (hasFlag("color=256")) {
+          return 2;
+        }
       }
       if (haveStream && !streamIsTTY && forceColor === void 0) {
         return 0;
@@ -219125,7 +219134,7 @@ var require_supports_color = __commonJS({
         return 1;
       }
       if ("CI" in env3) {
-        if (["TRAVIS", "CIRCLECI", "APPVEYOR", "GITLAB_CI", "GITHUB_ACTIONS", "BUILDKITE"].some((sign) => sign in env3) || env3.CI_NAME === "codeship") {
+        if (["TRAVIS", "CIRCLECI", "APPVEYOR", "GITLAB_CI", "GITHUB_ACTIONS", "BUILDKITE", "DRONE"].some((sign) => sign in env3) || env3.CI_NAME === "codeship") {
           return 1;
         }
         return min2;
@@ -219137,7 +219146,7 @@ var require_supports_color = __commonJS({
         return 3;
       }
       if ("TERM_PROGRAM" in env3) {
-        const version3 = parseInt((env3.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
+        const version3 = Number.parseInt((env3.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
         switch (env3.TERM_PROGRAM) {
           case "iTerm.app":
             return version3 >= 3 ? 3 : 2;
@@ -219156,14 +219165,17 @@ var require_supports_color = __commonJS({
       }
       return min2;
     }
-    function getSupportLevel(stream) {
-      const level = supportsColor(stream, stream && stream.isTTY);
+    function getSupportLevel(stream, options = {}) {
+      const level = supportsColor(stream, {
+        streamIsTTY: stream && stream.isTTY,
+        ...options
+      });
       return translateLevel(level);
     }
     module2.exports = {
       supportsColor: getSupportLevel,
-      stdout: translateLevel(supportsColor(true, tty.isatty(1))),
-      stderr: translateLevel(supportsColor(true, tty.isatty(2)))
+      stdout: getSupportLevel({ isTTY: tty.isatty(1) }),
+      stderr: getSupportLevel({ isTTY: tty.isatty(2) })
     };
   }
 });
@@ -219676,7 +219688,7 @@ var require_wrappers = __commonJS({
     exports2.prepare = function prepare(sql) {
       return this[cppdb].prepare(sql, this, false);
     };
-    exports2.exec = function exec2(sql) {
+    exports2.exec = function exec(sql) {
       this[cppdb].exec(sql);
       return this;
     };
@@ -278734,7 +278746,7 @@ import { pathToFileURL } from "url";
 // src/server.ts
 import * as path9 from "path";
 import * as fs6 from "fs";
-import { exec } from "child_process";
+import { execFile } from "child_process";
 import { promisify } from "util";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
@@ -278752,6 +278764,8 @@ import {
   gateCanonicalScanReportFindings,
   normalizeCanonicalScanReport
 } from "@repo/shared-types";
+import { formatTrustScoreMcp, getTrustScoreStatus } from "@repo/shared-types";
+import { dashboardFindingUrl } from "@repo/shared-types";
 
 // ../codegraph/dist/index.js
 var import_fast_glob = __toESM(require_out4(), 1);
@@ -291811,7 +291825,7 @@ var ContextEngine = class {
 // src/server.ts
 init_dist();
 
-// ../subscriptions/dist/chunk-EQ52N5FM.js
+// ../subscriptions/dist/chunk-IRYOMNQT.js
 var PLAN_IDS = ["free", "pro", "team", "enterprise"];
 var PLAN_RANK = Object.fromEntries(
   PLAN_IDS.map((id, index2) => [id, index2])
@@ -291896,9 +291910,9 @@ var PLAN_DEFINITIONS = {
   },
   pro: {
     displayName: "Pro",
-    tagline: "$9.99/mo or $99.99/yr (save 17%).",
-    monthlyPriceUsd: 9.99,
-    priceLabel: "$9.99/mo",
+    tagline: "$19.00/mo or $189.99/yr (save 17%).",
+    monthlyPriceUsd: 19,
+    priceLabel: "$19.00/mo",
     billingInterval: "month",
     badgeToken: "tier-pro",
     highlights: [
@@ -293109,6 +293123,8 @@ var FEATURE_NAMES = {
   REVIEW_WORKFLOWS: "Review Workflows",
   FLOW_WORKFLOWS: "Flow Workflows",
   WIKICODE_ATLAS: "WikiCode Atlas",
+  /** Truthpack generate/validate — local CLI + IDE; registry key matches {@link FEATURE_REGISTRY} */
+  TRUTHPACK: "Truthpack",
   /** LLM guided routes — use getAccessMode for free taste vs Pro unlimited */
   GUIDED_ROUTE: "Guided Route",
   SHIP_SCORE: "Ship Score",
@@ -293657,9 +293673,6 @@ var InputValidator = class {
       errors.push("Path traversal detected");
       logger.warn("Path traversal attempt blocked", { input, normalized });
     }
-    if (path7.isAbsolute(input)) {
-      errors.push("Absolute paths not allowed");
-    }
     if (input.includes("\0")) {
       errors.push("Null byte detected in path");
       logger.warn("Null byte injection attempt blocked", { input });
@@ -293955,7 +293968,7 @@ var TOOL_FEATURE_MAP = {
   vibecheck_docguard: FEATURE_NAMES.DOCGUARD,
   vibecheck_commitshield: FEATURE_NAMES.COMMIT_SHIELD,
   vibecheck_polish: FEATURE_NAMES.POLISH,
-  vibecheck_truthpack: "Truthpack",
+  vibecheck_truthpack: FEATURE_NAMES.TRUTHPACK,
   vibecheck_review: FEATURE_NAMES.COMMIT_SHIELD
 };
 function getToolApiSurface(toolName) {
@@ -294231,6 +294244,84 @@ var MCP_TOOLS = [
       },
       required: ["file"]
     }
+  },
+  // ── Platform Unification Tools ─────────────────────────────────────
+  {
+    name: "vibecheck_trust_score",
+    description: "Get the current/latest trust score for a project. Returns score (0-100), grade, and status (PASSING/WARNING/FAILING). Alias for vibecheck_score with markdown formatting.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_findings",
+    description: 'List findings for the current project, filterable by severity, engine, or file path. Supports natural queries like "show me all critical findings in src/api/".',
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." },
+        severity: { type: "string", enum: ["critical", "high", "medium", "low", "info"], description: "Filter by severity." },
+        engine: { type: "string", description: 'Filter by engine ID (e.g. "phantom_dep", "ghost_route").' },
+        file: { type: "string", description: "Filter findings to a specific file or directory path." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_finding",
+    description: "Get full detail on a specific finding by ID, including evidence, fix suggestion, and dashboard URL.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "Finding ID." },
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      },
+      required: ["id"]
+    }
+  },
+  {
+    name: "vibecheck_dismiss",
+    description: "Dismiss a finding (mark as false positive or acknowledged). Syncs across all surfaces when authenticated.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        id: { type: "string", description: "Finding ID to dismiss." },
+        reason: { type: "string", description: "Reason for dismissal." },
+        path: { type: "string", description: "Project path. Defaults to current directory." }
+      },
+      required: ["id"]
+    }
+  },
+  {
+    name: "vibecheck_history",
+    description: "Get scan history for a project. Returns recent scans with trust scores and finding counts.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Project path. Defaults to current directory." },
+        limit: { type: "number", description: "Max scans to return. Default 10." }
+      }
+    }
+  },
+  {
+    name: "vibecheck_engines",
+    description: "List available scan engines and their descriptions. Shows which engines are active.",
+    inputSchema: {
+      type: "object",
+      properties: {}
+    }
+  },
+  {
+    name: "vibecheck_status",
+    description: "Check auth status, tier, and entitlements. Returns whether the user is authenticated and their current plan.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "Workspace root path. Defaults to current directory." }
+      }
+    }
   }
 ];
 function isKnownToolName(toolName) {
@@ -294379,12 +294470,12 @@ function createScanIdempotencyKey(prefix) {
 // src/mcp-scan-meter-client.ts
 var MCP_SCAN_METER_CLIENT = {
   type: "mcp",
-  version: "24.5.6"
+  version: "24.5.9"
 };
 
 // src/server.ts
 import { uploadScanToApi } from "@repo/shared/sync/upload-scan";
-var execAsync = promisify(exec);
+var execFileAsync = promisify(execFile);
 async function executeScan(targetPath, engineToggles = null) {
   const resolved = path9.resolve(targetPath);
   const stat4 = fs6.statSync(resolved);
@@ -294911,6 +295002,216 @@ ${validation.errors.join("\n")}`
           ]
         };
       }
+      // ── Platform Unification Tool Handlers ──────────────────────────────
+      case "vibecheck_trust_score": {
+        const result = await withTimeout(
+          runtime.runScore(targetPath),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_trust_score"
+        );
+        const status = getTrustScoreStatus(result.score);
+        const emoji = status === "passing" ? "\u2705" : status === "warning" ? "\u26A0\uFE0F" : "\u{1F6A8}";
+        const text = [
+          `## Trust Score`,
+          "",
+          `**${result.score}/100** (${status.toUpperCase()}) ${emoji}`,
+          `**Grade:** ${result.grade}`,
+          `**Decision:** ${result.decision}`,
+          "",
+          `> ${formatTrustScoreMcp(result.score)}`
+        ].join("\n");
+        return { content: [{ type: "text", text }] };
+      }
+      case "vibecheck_findings": {
+        const report = await withTimeout(
+          runtime.runScan(targetPath, { enginePreset: "full" }),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_findings"
+        );
+        const gatedReport = gateCanonicalScanReportFindings(report, userPlan);
+        let filtered = gatedReport.findings;
+        if (args2.severity) {
+          filtered = filtered.filter((f) => f.severity === args2.severity);
+        }
+        if (args2.engine) {
+          filtered = filtered.filter((f) => f.engine === args2.engine);
+        }
+        if (args2.file) {
+          const fileFilter = args2.file;
+          filtered = filtered.filter((f) => f.file?.includes(fileFilter));
+        }
+        const lines = [
+          `## Findings (${filtered.length} of ${gatedReport.summary.total})`,
+          ""
+        ];
+        for (const f of filtered.slice(0, 50)) {
+          const loc = f.file ? `${f.file}${f.line ? `:${f.line}` : ""}` : "unknown";
+          lines.push(`- **[${f.severity.toUpperCase()}]** ${f.message}`);
+          lines.push(`  \`${loc}\` (${f.engine})`);
+          if (f.suggestion) lines.push(`  Fix: ${f.suggestion}`);
+        }
+        if (filtered.length > 50) {
+          lines.push("", `_...and ${filtered.length - 50} more findings_`);
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+      case "vibecheck_finding": {
+        const findingId = args2.id;
+        if (!findingId) {
+          return buildErrorResponse('vibecheck_finding requires "id"');
+        }
+        const report = await withTimeout(
+          runtime.runScan(targetPath, { enginePreset: "full" }),
+          MCP_TOOL_TIMEOUT_MS,
+          "vibecheck_finding"
+        );
+        const finding = report.findings.find((f) => f.id === findingId);
+        if (!finding) {
+          return buildErrorResponse(`Finding "${findingId}" not found in current scan results.`);
+        }
+        const loc = finding.file ? `${finding.file}${finding.line ? `:${finding.line}` : ""}` : "unknown";
+        const text = [
+          `## Finding: ${finding.message}`,
+          "",
+          `| Field | Value |`,
+          `|-------|-------|`,
+          `| ID | \`${finding.id}\` |`,
+          `| Severity | ${finding.severity.toUpperCase()} |`,
+          `| Engine | ${finding.engine} |`,
+          `| Location | \`${loc}\` |`,
+          `| Confidence | ${finding.confidence ?? "N/A"} |`,
+          finding.suggestion ? `| Suggestion | ${finding.suggestion} |` : "",
+          "",
+          report.runId ? `**Dashboard:** ${dashboardFindingUrl(report.runId, finding.id)}` : ""
+        ].filter(Boolean).join("\n");
+        return { content: [{ type: "text", text }] };
+      }
+      case "vibecheck_dismiss": {
+        const findingId = args2.id;
+        if (!findingId) {
+          return buildErrorResponse('vibecheck_dismiss requires "id"');
+        }
+        const reason = args2.reason ?? "Dismissed via MCP";
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        if (!token) {
+          return {
+            content: [{
+              type: "text",
+              text: JSON.stringify({
+                ok: false,
+                message: "Authentication required to dismiss findings across surfaces. Set VIBECHECK_TOKEN or run `vibecheck auth login`.",
+                localOnly: true,
+                findingId,
+                reason
+              }, null, 2)
+            }]
+          };
+        }
+        try {
+          const apiBase = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
+          const resp = await fetch(`${apiBase}/api/v1/findings/${findingId}`, {
+            method: "PATCH",
+            headers: {
+              "Authorization": `Bearer ${token}`,
+              "Content-Type": "application/json"
+            },
+            body: JSON.stringify({ resolved: true })
+          });
+          if (!resp.ok) {
+            return buildErrorResponse(`Failed to dismiss finding: HTTP ${resp.status}`);
+          }
+          return {
+            content: [{
+              type: "text",
+              text: `Finding \`${findingId}\` dismissed. Reason: ${reason}
+This change is synced across all surfaces.`
+            }]
+          };
+        } catch (err2) {
+          return buildErrorResponse(`Failed to dismiss finding: ${err2 instanceof Error ? err2.message : String(err2)}`);
+        }
+      }
+      case "vibecheck_history": {
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        if (!token) {
+          return {
+            content: [{
+              type: "text",
+              text: "Scan history requires authentication. Set VIBECHECK_TOKEN or run `vibecheck auth login`."
+            }]
+          };
+        }
+        try {
+          const apiBase = process.env.VIBECHECK_API_URL || "https://api.vibecheckai.dev";
+          const limit = args2.limit ?? 10;
+          const resp = await fetch(`${apiBase}/api/v1/scans/recent?limit=${limit}`, {
+            headers: { "Authorization": `Bearer ${token}` }
+          });
+          if (!resp.ok) {
+            return buildErrorResponse(`Failed to fetch scan history: HTTP ${resp.status}`);
+          }
+          const body2 = await resp.json();
+          const scans = body2.data ?? [];
+          if (scans.length === 0) {
+            return { content: [{ type: "text", text: "No scan history found. Run `vibecheck scan .` to create your first scan." }] };
+          }
+          const lines = [`## Scan History (${scans.length} most recent)`, ""];
+          for (const s of scans) {
+            const status = s.status ?? "unknown";
+            const created = s.createdAt ?? "";
+            const id = s.id ?? "";
+            lines.push(`- **${status}** \u2014 ${created} (\`${id}\`)`);
+          }
+          return { content: [{ type: "text", text: lines.join("\n") }] };
+        } catch (err2) {
+          return buildErrorResponse(`Failed to fetch history: ${err2 instanceof Error ? err2.message : String(err2)}`);
+        }
+      }
+      case "vibecheck_engines": {
+        const engineIds = [
+          "type-contract",
+          "security-pattern",
+          "perf-antipattern",
+          "env_var",
+          "ghost_route",
+          "phantom_dep",
+          "api_truth",
+          "credentials",
+          "security",
+          "framework_packs",
+          "fake_features",
+          "version_hallucination",
+          "logic_gap",
+          "error_handling",
+          "outcome_verification",
+          "incomplete_impl"
+        ];
+        const lines = [
+          `## Available Engines (${engineIds.length})`,
+          "",
+          "| Engine ID | Status |",
+          "|-----------|--------|"
+        ];
+        for (const id of engineIds) {
+          lines.push(`| \`${id}\` | Active |`);
+        }
+        lines.push("", "All engines are included in the free tier.");
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+      case "vibecheck_status": {
+        const token = process.env.VIBECHECK_TOKEN?.trim();
+        const authenticated = !!token;
+        const text = [
+          `## VibeCheck Status`,
+          "",
+          `**Authenticated:** ${authenticated ? "Yes" : "No"}`,
+          `**Tier:** ${userPlan}`,
+          `**MCP Server:** Active`,
+          "",
+          authenticated ? "All scans are synced to the dashboard." : "Run `vibecheck auth login` to sync scans across devices."
+        ].join("\n");
+        return { content: [{ type: "text", text }] };
+      }
       case "vibecheck_forge":
       case "vibecheck_reality":
       case "vibecheck_ship":
@@ -294926,10 +295227,16 @@ ${validation.errors.join("\n")}`
       case "vibecheck_explain_file":
       case "vibecheck_review": {
         const cmdName = name2.replace("vibecheck_", "");
-        const cliArgs = Object.entries(args2).filter(([k]) => k !== "path").map(([k, v]) => `--${k}="${String(v)}"`).join(" ");
+        const cliArgv = [cmdName];
+        for (const [k, v] of Object.entries(args2)) {
+          if (k === "path") continue;
+          cliArgv.push(`--${k}`, String(v));
+        }
         const workDir = targetPath || workspaceRoot;
+        const vibecheckBin = new URL("../node_modules/.bin/vibecheck", import.meta.url).pathname;
+        const binPath = fs6.existsSync(vibecheckBin) ? vibecheckBin : "vibecheck";
         try {
-          const { stdout, stderr } = await execAsync(`npx vibecheck ${cmdName} ${cliArgs}`, { cwd: workDir });
+          const { stdout, stderr } = await execFileAsync(binPath, cliArgv, { cwd: workDir });
           return {
             content: [
               {
@@ -294939,7 +295246,8 @@ ${validation.errors.join("\n")}`
             ]
           };
         } catch (error) {
-          return buildErrorResponse(`CLI Execution Error: ${error.message || error.stdout || error.stderr || String(error)}`);
+          const err2 = error;
+          return buildErrorResponse(`CLI Execution Error: ${err2.message ?? err2.stdout ?? err2.stderr ?? String(error)}`);
         }
       }
       default:
@@ -294955,7 +295263,7 @@ function createMcpServer(runtimeOverrides = {}) {
   const server2 = new Server(
     {
       name: "vibecheck-mcp",
-      version: "2.0.0-alpha"
+      version: "24.5.9"
     },
     {
       capabilities: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecheck-ai/mcp",
-  "version": "24.5.6",
+  "version": "24.5.9",
   "description": "The trust layer for AI-generated software. Catches phantom dependencies, ghost API routes, fake SDK methods, and hardcoded secrets — before they ship.",
   "mcpName": "io.github.guardiavault-oss/vibecheck-mcp",
   "type": "module",
@@ -8,6 +8,12 @@
     "access": "public"
   },
   "main": "./dist/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
   "keywords": [
     "vibecheck",
     "mcp",
@@ -29,7 +35,10 @@
     "url": "https://github.com/vibecheck-oss/vibecheck/issues"
   },
   "files": [
-    "dist/index.js"
+    "dist/index.js",
+    "dist/index.d.ts",
+    "dist/index.d.ts.map",
+    "dist/*.node"
   ],
   "bin": {
     "vibecheck-mcp": "./dist/index.js"