@vibecheckai/cli 3.5.0 → 3.5.1

package/mcp-server/lib/validator.ts

@@ -0,0 +1,229 @@
+/**
+ * Schema Validator for MCP Server
+ * 
+ * Validates inputs/outputs against JSON schemas.
+ * Uses Ajv for fast, strict validation.
+ */
+
+import Ajv, { ValidateFunction, ErrorObject } from 'ajv';
+import addFormats from 'ajv-formats';
+import { readFileSync, existsSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+// Create Ajv instance - handle ESM/CJS interop
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const AjvClass = (Ajv as any).default || Ajv;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const addFormatsFunc = (addFormats as any).default || addFormats;
+
+// Singleton Ajv instance with strict settings
+const ajv = new AjvClass({
+  strict: true,
+  allErrors: true,
+  verbose: true,
+  coerceTypes: false,
+  removeAdditional: false,
+  useDefaults: true,
+});
+
+addFormatsFunc(ajv);
+
+// Schema cache
+const schemaCache = new Map<string, ValidateFunction>();
+
+/**
+ * Load and compile a JSON schema
+ */
+function loadSchema(schemaName: string): ValidateFunction {
+  if (schemaCache.has(schemaName)) {
+    return schemaCache.get(schemaName)!;
+  }
+
+  const schemaPath = join(__dirname, '..', 'schemas', `${schemaName}.schema.json`);
+  
+  if (!existsSync(schemaPath)) {
+    throw new Error(`Schema not found: ${schemaName}`);
+  }
+
+  const schema = JSON.parse(readFileSync(schemaPath, 'utf-8'));
+  const validate = ajv.compile(schema);
+  
+  schemaCache.set(schemaName, validate);
+  return validate;
+}
+
+/**
+ * Validation result
+ */
+export interface ValidationResult {
+  valid: boolean;
+  errors?: ValidationError[];
+  coerced?: Record<string, unknown>;
+}
+
+export interface ValidationError {
+  path: string;
+  message: string;
+  keyword: string;
+  params: Record<string, unknown>;
+}
+
+/**
+ * Convert Ajv errors to our format
+ */
+function formatErrors(errors: ErrorObject[] | null | undefined): ValidationError[] {
+  if (!errors) return [];
+  
+  return errors.map(err => ({
+    path: err.instancePath || '/',
+    message: err.message || 'Unknown error',
+    keyword: err.keyword,
+    params: err.params as Record<string, unknown>,
+  }));
+}
+
+/**
+ * Validate input against RunRequest schema
+ */
+export function validateRunRequest(data: unknown): ValidationResult {
+  const validate = loadSchema('run-request');
+  const valid = validate(data);
+  
+  return {
+    valid,
+    errors: valid ? undefined : formatErrors(validate.errors),
+  };
+}
+
+/**
+ * Validate a finding object
+ */
+export function validateFinding(data: unknown): ValidationResult {
+  const validate = loadSchema('finding');
+  const valid = validate(data);
+  
+  return {
+    valid,
+    errors: valid ? undefined : formatErrors(validate.errors),
+  };
+}
+
+/**
+ * Validate a verdict object
+ */
+export function validateVerdict(data: unknown): ValidationResult {
+  const validate = loadSchema('verdict');
+  const valid = validate(data);
+  
+  return {
+    valid,
+    errors: valid ? undefined : formatErrors(validate.errors),
+  };
+}
+
+/**
+ * Validate an error envelope
+ */
+export function validateErrorEnvelope(data: unknown): ValidationResult {
+  const validate = loadSchema('error-envelope');
+  const valid = validate(data);
+  
+  return {
+    valid,
+    errors: valid ? undefined : formatErrors(validate.errors),
+  };
+}
+
+/**
+ * Validate tool-specific input schema
+ */
+export function validateToolInput(toolName: string, data: unknown): ValidationResult {
+  // Load tool registry to get input schema
+  const registryPath = join(__dirname, '..', 'registry', 'tools.json');
+  const registry = JSON.parse(readFileSync(registryPath, 'utf-8'));
+  
+  const tool = registry.tools.find((t: { name: string }) => t.name === toolName);
+  if (!tool) {
+    return {
+      valid: false,
+      errors: [{ path: '/', message: `Unknown tool: ${toolName}`, keyword: 'tool', params: {} }],
+    };
+  }
+
+  // Compile and validate against tool's input schema
+  const cacheKey = `tool:${toolName}:input`;
+  let validate = schemaCache.get(cacheKey);
+  
+  if (!validate) {
+    validate = ajv.compile(tool.inputSchema) as ValidateFunction;
+    schemaCache.set(cacheKey, validate);
+  }
+
+  const valid = validate(data);
+  
+  return {
+    valid,
+    errors: valid ? undefined : formatErrors(validate.errors),
+  };
+}
+
+/**
+ * Normalize and validate finding ID
+ * Ensures deterministic, stable IDs
+ */
+export function normalizeFindingId(category: string, evidence: { file?: string; line?: number }): string {
+  const hash = createStableHash(`${category}:${evidence.file || ''}:${evidence.line || 0}`);
+  return `${category}-${hash.substring(0, 8)}`;
+}
+
+/**
+ * Create stable hash for deterministic IDs
+ */
+function createStableHash(input: string): string {
+  let hash = 0;
+  for (let i = 0; i < input.length; i++) {
+    const char = input.charCodeAt(i);
+    hash = ((hash << 5) - hash) + char;
+    hash = hash & hash; // Convert to 32-bit integer
+  }
+  return Math.abs(hash).toString(16).padStart(8, '0');
+}
+
+/**
+ * Validate and sanitize project path
+ */
+export function validateProjectPath(
+  path: string,
+  allowedWorkspace?: string
+): { valid: boolean; normalized?: string; error?: string } {
+  // Normalize path
+  const normalized = path.replace(/\\/g, '/').replace(/\/+/g, '/');
+  
+  // Check for path traversal
+  if (normalized.includes('..')) {
+    return { valid: false, error: 'Path traversal not allowed' };
+  }
+
+  // Check sandbox if workspace provided
+  if (allowedWorkspace) {
+    const normalizedWorkspace = allowedWorkspace.replace(/\\/g, '/');
+    if (!normalized.startsWith(normalizedWorkspace)) {
+      return { valid: false, error: 'Path outside allowed workspace' };
+    }
+  }
+
+  return { valid: true, normalized };
+}
+
+export default {
+  validateRunRequest,
+  validateFinding,
+  validateVerdict,
+  validateErrorEnvelope,
+  validateToolInput,
+  normalizeFindingId,
+  validateProjectPath,
+};

package/mcp-server/package-lock.json

@@ -0,0 +1,165 @@
+{
+  "name": "vibecheck-mcp-server",
+  "version": "2.1.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "vibecheck-mcp-server",
+      "version": "2.1.0",
+      "license": "MIT",
+      "dependencies": {
+        "@modelcontextprotocol/sdk": "^0.5.0"
+      },
+      "bin": {
+        "vibecheck-mcp": "index.js"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@modelcontextprotocol/sdk": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-0.5.0.tgz",
+      "integrity": "sha512-RXgulUX6ewvxjAG0kOpLMEdXXWkzWgaoCGaA2CwNW7cQCIphjpJhjpHSiaPdVCnisjRF/0Cm9KWHUuIoeiAblQ==",
+      "license": "MIT",
+      "dependencies": {
+        "content-type": "^1.0.5",
+        "raw-body": "^3.0.0",
+        "zod": "^3.23.8"
+      }
+    },
+    "node_modules/bytes": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/content-type": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+      "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
+    "node_modules/depd": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+      "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/http-errors": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
+      "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
+      "license": "MIT",
+      "dependencies": {
+        "depd": "~2.0.0",
+        "inherits": "~2.0.4",
+        "setprototypeof": "~1.2.0",
+        "statuses": "~2.0.2",
+        "toidentifier": "~1.0.1"
+      },
+      "engines": {
+        "node": ">= 0.8"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/iconv-lite": {
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.1.tgz",
+      "integrity": "sha512-2Tth85cXwGFHfvRgZWszZSvdo+0Xsqmw8k8ZwxScfcBneNUraK+dxRxRm24nszx80Y0TVio8kKLt5sLE7ZCLlw==",
+      "license": "MIT",
+      "dependencies": {
+        "safer-buffer": ">= 2.1.2 < 3.0.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "license": "ISC"
+    },
+    "node_modules/raw-body": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz",
+      "integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==",
+      "license": "MIT",
+      "dependencies": {
+        "bytes": "~3.1.2",
+        "http-errors": "~2.0.1",
+        "iconv-lite": "~0.7.0",
+        "unpipe": "~1.0.0"
+      },
+      "engines": {
+        "node": ">= 0.10"
+      }
+    },
+    "node_modules/safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "license": "MIT"
+    },
+    "node_modules/setprototypeof": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
+      "license": "ISC"
+    },
+    "node_modules/statuses": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
+      "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/toidentifier": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.6"
+      }
+    },
+    "node_modules/unpipe": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.8"
+      }
+    },
+    "node_modules/zod": {
+      "version": "3.25.76",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz",
+      "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/colinhacks"
+      }
+    }
+  }
+}

package/mcp-server/package.json

@@ -1,15 +1,28 @@
 {
   "name": "vibecheck-mcp-server",
-  "version": "3.5.0",
-  "description": "Professional MCP server for vibecheck - Intelligent development environment vibechecks",
+  "version": "3.5.1",
+  "description": "World-class MCP server for vibecheck - CLI-tight, deterministic, fast, secure",
   "type": "module",
   "main": "index.js",
   "bin": {
-    "vibecheck-mcp": "./index.js"
+    "vibecheck-mcp": "./index.js",
+    "vibecheck-mcp-v3": "./dist/index-v3.js"
   },
   "scripts": {
     "start": "node index.js",
-    "dev": "VIBECHECK_DEBUG=true node index.js"
+    "start:v3": "node dist/index-v3.js",
+    "dev": "node --env-file=.env index.js",
+    "dev:v3": "tsx index-v3.ts",
+    "build": "tsc -p tsconfig.json",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:ci": "vitest run --reporter=verbose",
+    "benchmark": "tsx benchmarks/run-benchmarks.ts",
+    "lint": "eslint lib handlers --ext .ts",
+    "typecheck": "tsc --noEmit",
+    "verify": "npm run typecheck && npm run test && npm run lint",
+    "prepublishOnly": "npm run build"
   },
   "keywords": [
     "mcp",
@@ -18,13 +31,22 @@
     "vibecheck",
     "development",
     "validation",
-    "architecture"
+    "architecture",
+    "cli"
   ],
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.0"
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "ajv": "^8.17.1",
+    "ajv-formats": "^3.0.1"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "tsx": "^4.0.0",
+    "typescript": "^5.0.0",
+    "vitest": "^2.0.0"
   },
   "engines": {
-    "node": ">=20.11"
+    "node": ">=18.0.0"
   },
   "author": "vibecheck",
   "license": "MIT",
@@ -33,6 +55,9 @@
   },
   "files": [
     "*.js",
+    "dist/",
+    "schemas/",
+    "registry/",
     "README.md"
   ],
   "repository": {

package/mcp-server/premium-tools.js

@@ -16,7 +16,7 @@
 import fs from 'fs/promises';
 import path from 'path';
 import { execSync, spawn } from 'child_process';
-import { getFeatureAccessStatus } from "./tier-auth.js";
+import { checkFeatureAccess } from "./tier-auth.js";
 
 // State management (in-memory for MCP session, persisted to disk)
 class MCPState {
@@ -434,7 +434,7 @@ export async function handlePremiumTool(name, args, logger) {
 
   const requiredFeature = featureMap[name];
   if (requiredFeature) {
-    const access = await getFeatureAccessStatus(requiredFeature, args?.apiKey);
+    const access = await checkFeatureAccess(requiredFeature, args?.apiKey);
     if (!access.hasAccess) {
       return {
         content: [{