@vibecodetown/mcp-server 2.1.0

package/build/tools/react_perf/rules/rerender.js

@@ -0,0 +1,161 @@
+// adapters/mcp-ts/src/tools/react_perf/rules/rerender.ts
+// Re-render Anti-patterns (Inline Props, Missing Memo, Context)
+/**
+ * Rerender rules detect patterns that cause unnecessary re-renders
+ * including inline objects/functions and missing memoization.
+ */
+export const RERENDER_RULES = [
+    {
+        id: "rerender-inline-object",
+        category: "rerender",
+        impact: "MEDIUM-HIGH",
+        // Detects: inline object literal as prop (style={{}} excluded by antiPattern)
+        pattern: /<[A-Z]\w+[^>]*\s(?:options|config|data|params|settings|initialValue)=\{\{/,
+        message: "Inline object prop creates new reference on every render",
+        suggestion: "Extract object to useMemo or move outside component",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `function Parent() {
+  return <Chart options={{ responsive: true, scales: {...} }} />;
+}`,
+            good: `function Parent() {
+  const chartOptions = useMemo(() => ({
+    responsive: true,
+    scales: {...}
+  }), []);
+
+  return <Chart options={chartOptions} />;
+}`
+        }
+    },
+    {
+        id: "rerender-inline-function",
+        category: "rerender",
+        impact: "MEDIUM-HIGH",
+        // Detects: inline arrow function as prop (excluding common safe patterns)
+        pattern: /<[A-Z]\w+[^>]*\s(?:on[A-Z]\w+|handler|callback|render\w*)=\{\s*\([^)]*\)\s*=>/,
+        antiPattern: /useCallback|memo\(/,
+        message: "Inline function prop creates new reference on every render",
+        suggestion: "Wrap with useCallback if passed to memoized child",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `function Parent() {
+  return <MemoizedList onItemClick={(id) => handleClick(id)} />;
+}`,
+            good: `function Parent() {
+  const handleItemClick = useCallback((id) => {
+    handleClick(id);
+  }, [handleClick]);
+
+  return <MemoizedList onItemClick={handleItemClick} />;
+}`
+        }
+    },
+    {
+        id: "rerender-context-value",
+        category: "rerender",
+        impact: "CRITICAL",
+        // Detects: Context Provider with inline value object
+        pattern: /<\w+Context\.Provider\s+value=\{\{/,
+        message: "Inline context value causes all consumers to re-render",
+        suggestion: "Memoize context value or split into separate contexts",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `function AppProvider({ children }) {
+  const [user, setUser] = useState(null);
+
+  return (
+    <AppContext.Provider value={{ user, setUser }}>
+      {children}
+    </AppContext.Provider>
+  );
+}`,
+            good: `function AppProvider({ children }) {
+  const [user, setUser] = useState(null);
+
+  const value = useMemo(() => ({ user, setUser }), [user]);
+
+  return (
+    <AppContext.Provider value={value}>
+      {children}
+    </AppContext.Provider>
+  );
+}
+
+// Or split contexts
+<UserContext.Provider value={user}>
+  <UserActionsContext.Provider value={setUser}>
+    {children}
+  </UserActionsContext.Provider>
+</UserContext.Provider>`
+        }
+    },
+    {
+        id: "rerender-missing-memo",
+        category: "rerender",
+        impact: "LOW-MEDIUM",
+        // Detects: Component receiving many props without memo
+        pattern: /(?:export\s+)?(?:function|const)\s+([A-Z]\w+)\s*[=:]\s*(?:function\s*)?\(\s*\{[^}]{50,}\}/,
+        antiPattern: /memo\(|React\.memo/,
+        message: "Component with many props may benefit from React.memo",
+        suggestion: "Wrap with React.memo if parent re-renders frequently with same props",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `function UserCard({ id, name, email, avatar, role, lastActive, status }) {
+  return (
+    <div>
+      <img src={avatar} />
+      <h3>{name}</h3>
+      <p>{email}</p>
+      {/* More rendering... */}
+    </div>
+  );
+}`,
+            good: `const UserCard = memo(function UserCard({
+  id, name, email, avatar, role, lastActive, status
+}) {
+  return (
+    <div>
+      <img src={avatar} />
+      <h3>{name}</h3>
+      <p>{email}</p>
+    </div>
+  );
+});`
+        }
+    },
+    {
+        id: "rerender-usestate-object",
+        category: "rerender",
+        impact: "LOW-MEDIUM",
+        // Detects: useState with complex object that could be split
+        pattern: /useState\s*<?\s*\{[^}]*\w+\s*:\s*[^}]*\w+\s*:\s*[^}]*\}>?\s*\(\s*\{/,
+        message: "useState with object may cause unnecessary re-renders",
+        suggestion: "Consider splitting into multiple useState or using useReducer",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `function Form() {
+  const [state, setState] = useState({
+    name: '',
+    email: '',
+    phone: '',
+    address: ''
+  });
+
+  // Updating one field re-renders everything
+  setState({ ...state, name: newName });
+}`,
+            good: `function Form() {
+  const [name, setName] = useState('');
+  const [email, setEmail] = useState('');
+  const [phone, setPhone] = useState('');
+  const [address, setAddress] = useState('');
+
+  // Or use useReducer for complex state
+}
+
+// Or with useReducer
+const [state, dispatch] = useReducer(formReducer, initialState);`
+        }
+    }
+];

package/build/tools/react_perf/rules/server.js

@@ -0,0 +1,141 @@
+// adapters/mcp-ts/src/tools/react_perf/rules/server.ts
+// Server Action Anti-patterns (Auth, Validation, Security)
+/**
+ * Server rules detect common mistakes in Next.js Server Actions
+ * and Server Components that can cause security or performance issues.
+ *
+ * Based on Vercel agent-skills react-best-practices
+ */
+export const SERVER_RULES = [
+    {
+        id: "server-action-no-auth",
+        category: "server",
+        impact: "CRITICAL",
+        // Detects: 'use server' without auth check nearby
+        pattern: /['"]use server['"]\s*;?\s*\n\s*(?:export\s+)?(?:async\s+)?function\s+\w+/,
+        antiPattern: /(?:auth|session|getUser|currentUser|requireAuth|withAuth)/i,
+        message: "Server Action may lack authentication check",
+        suggestion: "Always verify user authentication at the start of Server Actions",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `'use server'
+export async function deletePost(id: string) {
+  await db.posts.delete(id);
+}`,
+            good: `'use server'
+export async function deletePost(id: string) {
+  const user = await auth();
+  if (!user) throw new Error('Unauthorized');
+  await db.posts.delete(id);
+}`
+        }
+    },
+    {
+        id: "server-action-no-validation",
+        category: "server",
+        impact: "HIGH",
+        // Detects: Server Action with direct db/API call without validation
+        pattern: /['"]use server['"][\s\S]{0,200}(?:db\.|prisma\.|fetch\()/,
+        antiPattern: /(?:z\.|zod|yup|validate|parse|schema)/i,
+        message: "Server Action may lack input validation",
+        suggestion: "Validate all inputs with Zod or similar before processing",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `'use server'
+export async function updateUser(data: FormData) {
+  await db.users.update(data);
+}`,
+            good: `'use server'
+export async function updateUser(data: FormData) {
+  const validated = updateUserSchema.parse(Object.fromEntries(data));
+  await db.users.update(validated);
+}`
+        }
+    },
+    {
+        id: "server-sensitive-in-client",
+        category: "server",
+        impact: "CRITICAL",
+        // Detects: 'use client' with sensitive env vars or secrets
+        pattern: /['"]use client['"][\s\S]{0,500}(?:process\.env\.(?!NEXT_PUBLIC)|API_KEY|SECRET|PASSWORD)/,
+        message: "Sensitive data may be exposed to client bundle",
+        suggestion: "Move sensitive logic to Server Component or Server Action",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `'use client'
+const apiKey = process.env.API_KEY;`,
+            good: `// In Server Component or Server Action
+const apiKey = process.env.API_KEY;`
+        }
+    },
+    {
+        id: "server-component-hooks",
+        category: "server",
+        impact: "HIGH",
+        // Detects: React hooks without 'use client'
+        pattern: /(?<!['"]use client['"][\s\S]{0,2000})(?:useState|useEffect|useContext|useReducer|useCallback|useMemo|useRef)\s*\(/,
+        antiPattern: /['"]use client['"]/,
+        message: "React hooks used in potential Server Component",
+        suggestion: "Add 'use client' directive if using React hooks, or move hooks to Client Component",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `// No 'use client' directive
+export default function Page() {
+  const [state, setState] = useState(0);
+}`,
+            good: `'use client'
+export default function Page() {
+  const [state, setState] = useState(0);
+}`
+        }
+    },
+    {
+        id: "server-action-try-catch",
+        category: "server",
+        impact: "MEDIUM-HIGH",
+        // Detects: Server Action without try-catch
+        pattern: /['"]use server['"]\s*;?\s*\n\s*(?:export\s+)?(?:async\s+)?function\s+\w+[^}]+\{(?![^}]*try\s*\{)/,
+        message: "Server Action may lack error handling",
+        suggestion: "Wrap Server Action logic in try-catch to handle errors gracefully",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `'use server'
+export async function submitForm(data: FormData) {
+  await db.save(data);
+}`,
+            good: `'use server'
+export async function submitForm(data: FormData) {
+  try {
+    await db.save(data);
+    return { success: true };
+  } catch (error) {
+    return { success: false, error: 'Failed to save' };
+  }
+}`
+        }
+    },
+    {
+        id: "server-redirect-after-action",
+        category: "server",
+        impact: "MEDIUM",
+        // Detects: Server Action without redirect for mutations
+        pattern: /['"]use server['"][\s\S]{0,300}(?:create|update|delete|insert)[\s\S]{0,200}(?:return|$)/,
+        antiPattern: /redirect\s*\(/,
+        message: "Server Action mutation may need redirect for proper revalidation",
+        suggestion: "Consider using redirect() after mutations to trigger revalidation",
+        fileFilter: /\.(tsx?|jsx?)$/,
+        examples: {
+            bad: `'use server'
+export async function createPost(data: FormData) {
+  await db.posts.create(data);
+  return { success: true };
+}`,
+            good: `'use server'
+export async function createPost(data: FormData) {
+  await db.posts.create(data);
+  revalidatePath('/posts');
+  redirect('/posts');
+}`
+        }
+    }
+];

package/build/tools/react_perf/types.js

@@ -0,0 +1,127 @@
+// adapters/mcp-ts/src/tools/react_perf/types.ts
+// React Performance Analysis Tool Types
+import { z } from "zod";
+// Output schemas are generated from JSON Schema SSOT.
+import { ReactPerfCheckPatternsInputSchema } from "../../generated/react_perf_check_patterns_input.js";
+import { ReactPerfCheckPatternsOutputSchema } from "../../generated/react_perf_check_patterns_output.js";
+import { ReactPerfGenerateReportInputSchema } from "../../generated/react_perf_generate_report_input.js";
+import { ReactPerfGenerateReportOutputSchema } from "../../generated/react_perf_generate_report_output.js";
+// ============================================================
+// Impact Levels (from Vercel agent-skills)
+// ============================================================
+export const impactLevelSchema = z.enum([
+    "CRITICAL", // Must fix: causes major performance issues
+    "HIGH", // Should fix: significant performance impact
+    "MEDIUM-HIGH", // Recommended: noticeable impact
+    "MEDIUM", // Consider: moderate impact
+    "LOW-MEDIUM", // Nice to have: minor impact
+    "LOW" // Optional: minimal impact
+]);
+// Impact level priority for sorting
+export const IMPACT_PRIORITY = {
+    "CRITICAL": 6,
+    "HIGH": 5,
+    "MEDIUM-HIGH": 4,
+    "MEDIUM": 3,
+    "LOW-MEDIUM": 2,
+    "LOW": 1
+};
+// ============================================================
+// Rule Categories
+// ============================================================
+export const ruleCategorySchema = z.enum([
+    "async", // Async/await patterns (waterfalls, parallel)
+    "bundle", // Bundle size (barrel imports, dynamic imports)
+    "server", // Server Actions (auth, validation)
+    "client", // Client components (use client, hydration)
+    "rerender", // Re-render patterns (memo, callbacks)
+    "rendering", // Rendering patterns (suspense, loading)
+    "js", // General JS patterns
+    "advanced" // Advanced patterns
+]);
+// ============================================================
+// Input Schema
+// ============================================================
+// Input schema is generated from JSON Schema SSOT.
+export const checkPatternsInputSchema = ReactPerfCheckPatternsInputSchema;
+export const checkPatternsOutputSchema = ReactPerfCheckPatternsOutputSchema;
+// ============================================================
+// Helper Functions
+// ============================================================
+export function countViolationsByImpact(violations) {
+    const summary = {
+        critical: 0,
+        high: 0,
+        medium: 0,
+        low: 0
+    };
+    for (const v of violations) {
+        switch (v.impact) {
+            case "CRITICAL":
+                summary.critical++;
+                break;
+            case "HIGH":
+                summary.high++;
+                break;
+            case "MEDIUM-HIGH":
+            case "MEDIUM":
+                summary.medium++;
+                break;
+            case "LOW-MEDIUM":
+            case "LOW":
+                summary.low++;
+                break;
+        }
+    }
+    return summary;
+}
+export function filterByMinImpact(violations, minImpact) {
+    const minPriority = IMPACT_PRIORITY[minImpact];
+    return violations.filter(v => IMPACT_PRIORITY[v.impact] >= minPriority);
+}
+export function sortByImpact(violations) {
+    return [...violations].sort((a, b) => IMPACT_PRIORITY[b.impact] - IMPACT_PRIORITY[a.impact]);
+}
+export function getTopSuggestions(violations, limit = 3) {
+    const sorted = sortByImpact(violations);
+    const seen = new Set();
+    const suggestions = [];
+    for (const v of sorted) {
+        if (!seen.has(v.rule_id) && suggestions.length < limit) {
+            seen.add(v.rule_id);
+            suggestions.push(`[${v.impact}] ${v.suggestion}`);
+        }
+    }
+    return suggestions;
+}
+// ============================================================
+// Generate Report Types
+// ============================================================
+export const reportFormatSchema = z.enum(["markdown", "html", "json"]);
+// Input schema is generated from JSON Schema SSOT.
+export const generateReportInputSchema = ReactPerfGenerateReportInputSchema;
+export const generateReportOutputSchema = ReactPerfGenerateReportOutputSchema;
+/**
+ * Map impact levels to severity for scoring
+ */
+export function impactToSeverity(impact) {
+    switch (impact) {
+        case "CRITICAL":
+        case "HIGH":
+            return "error";
+        case "MEDIUM-HIGH":
+        case "MEDIUM":
+            return "warning";
+        case "LOW-MEDIUM":
+        case "LOW":
+            return "info";
+    }
+}
+/**
+ * Calculate performance score from violations
+ * score = 100 - (error × 10) - (warning × 3) - (info × 1)
+ */
+export function calculateScore(bySeverity) {
+    const raw = 100 - (bySeverity.error * 10) - (bySeverity.warning * 3) - (bySeverity.info * 1);
+    return Math.max(0, Math.min(100, raw));
+}

package/build/tools/vibe_pm/activate.js

@@ -0,0 +1,102 @@
+// adapters/mcp-ts/src/tools/vibe_pm/activate.ts
+// vibe_pm.activate - Exchange a Gumroad license key for an offline-verifiable JWT token
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { fileURLToPath } from "node:url";
+import { getAuthGate, getTokenCache } from "../../auth/index.js";
+import { ActivateOutputSchema } from "../../generated/activate_output.js";
+function isOfflineMode() {
+    const v = (process.env.VIBECODE_OFFLINE ?? "").trim().toLowerCase();
+    return v === "1" || v === "true" || v === "yes" || v === "on";
+}
+function readPackageVersion() {
+    try {
+        const __dirname = path.dirname(fileURLToPath(import.meta.url));
+        const pkgPath = path.join(__dirname, "..", "..", "..", "..", "package.json");
+        const raw = fs.readFileSync(pkgPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        const v = (parsed.version ?? "").trim();
+        return v || "0.0.0";
+    }
+    catch {
+        return "0.0.0";
+    }
+}
+/**
+ * vibe_pm.activate
+ *
+ * Internal mapping:
+ *   → Auth Proxy: POST /v1/auth/exchange (license_key)
+ *   → Cache token locally for offline verification
+ */
+export async function activate(input) {
+    const tokenCache = getTokenCache();
+    const tokenFile = tokenCache.getTokenFilePath();
+    if (isOfflineMode()) {
+        return ActivateOutputSchema.parse({
+            status: "OFFLINE",
+            summary: "오프라인 모드에서는 라이선스 활성화를 진행할 수 없습니다.",
+            token_file: tokenFile,
+            offline_mode: true,
+            entitlements: null,
+            policy: null,
+            subject_id: null,
+            expires_at: null,
+            issues: ["offline_mode: activation_blocked"],
+            next_action: { tool: "vibe_pm.doctor", reason: "네트워크/설정 상태를 점검하겠습니다." }
+        });
+    }
+    const licenseKey = (input.license_key ?? "").trim();
+    const appVersion = (input.app_version ?? "").trim() || readPackageVersion();
+    try {
+        if (input.force) {
+            await tokenCache.clear();
+        }
+        const gate = getAuthGate();
+        const exchanged = await gate.exchangeToken(licenseKey, appVersion);
+        if (!exchanged.success) {
+            return ActivateOutputSchema.parse({
+                status: "ERROR",
+                summary: "라이선스 활성화에 실패했습니다.",
+                token_file: tokenFile,
+                offline_mode: false,
+                entitlements: null,
+                policy: null,
+                subject_id: null,
+                expires_at: null,
+                issues: [exchanged.error ?? "unknown_error"],
+                next_action: { tool: "vibe_pm.activate", reason: "키를 확인한 뒤 다시 시도하세요." }
+            });
+        }
+        const cached = await tokenCache.get();
+        const expiresAt = cached?.expiresAt ?? null;
+        const subjectId = cached?.subjectId ?? null;
+        return ActivateOutputSchema.parse({
+            status: "OK",
+            summary: "라이선스 활성화가 완료되었습니다.",
+            token_file: tokenFile,
+            offline_mode: false,
+            entitlements: exchanged.entitlements ?? null,
+            policy: exchanged.policy ?? null,
+            subject_id: subjectId,
+            expires_at: expiresAt,
+            issues: [],
+            next_action: { tool: "vibe_pm.status", reason: "현재 상태를 확인하겠습니다." }
+        });
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return ActivateOutputSchema.parse({
+            status: "ERROR",
+            summary: "라이선스 활성화 중 오류가 발생했습니다.",
+            token_file: tokenFile,
+            offline_mode: false,
+            entitlements: null,
+            policy: null,
+            subject_id: null,
+            expires_at: null,
+            issues: [msg],
+            next_action: { tool: "vibe_pm.doctor", reason: "설치/네트워크 상태를 점검하겠습니다." }
+        });
+    }
+}

package/build/tools/vibe_pm/advisory_review.js

@@ -0,0 +1,77 @@
+// adapters/mcp-ts/src/tools/vibe_pm/advisory_review.ts
+// vibe_pm.advisory_review - Advisory review (triage/quick/thorough) with routing + cache
+import { runEngine } from "../../engine.js";
+import { safeJsonParse } from "../../cli.js";
+import { validateToolInput } from "../../security/input-validator.js";
+import { resolveProjectId } from "./context.js";
+import { AdvisoryReviewOutputSchema } from "../../generated/advisory_review_output.js";
+function clipArg(value, maxChars) {
+    const v = value.trim();
+    if (v.length <= maxChars)
+        return v;
+    return v.slice(0, maxChars).trimEnd() + "…";
+}
+/**
+ * vibe_pm.advisory_review - Produce high-level advisory review output
+ *
+ * Internal mapping:
+ *   → vibecoding-helper advisory-review --mode triage|quick|thorough ...
+ */
+export async function advisoryReview(input) {
+    const basePath = process.cwd();
+    validateToolInput({
+        project_id: input.project_id,
+        custom_input: input.diff_context
+    });
+    const project_id = input.project_id ?? resolveProjectId(undefined, basePath);
+    const mode = input.mode ?? "triage";
+    const trigger = input.trigger ?? "on_demand";
+    const budget = input.budget ?? "low";
+    const changed = Array.isArray(input.changed_paths) ? input.changed_paths : [];
+    const targets = Array.isArray(input.target_paths) ? input.target_paths : [];
+    const changedCsv = changed.map((p) => p.trim()).filter(Boolean).join(",");
+    const targetCsv = targets.map((p) => p.trim()).filter(Boolean).join(",");
+    const args = [
+        "advisory-review",
+        "--project-id",
+        project_id,
+        "--mode",
+        mode,
+        "--trigger",
+        trigger,
+        "--budget",
+        budget
+    ];
+    if (input.run_id) {
+        args.push("--run-id", input.run_id);
+    }
+    if (changedCsv) {
+        args.push("--changed-paths", changedCsv);
+    }
+    else if (targetCsv) {
+        args.push("--target-paths", targetCsv);
+    }
+    if (input.diff_context && input.diff_context.trim()) {
+        args.push("--diff-context", clipArg(input.diff_context, 2000));
+    }
+    if (input.base_sha)
+        args.push("--base-sha", input.base_sha);
+    if (input.head_sha)
+        args.push("--head-sha", input.head_sha);
+    if (Array.isArray(input.focus) && input.focus.length > 0) {
+        args.push("--focus", input.focus.join(","));
+    }
+    if (Array.isArray(input.product_intent_refs) && input.product_intent_refs.length > 0) {
+        args.push("--product-intent-refs", input.product_intent_refs.join(","));
+    }
+    const timeoutMs = mode === "triage" ? 30_000 : 180_000;
+    const { code, stdout, stderr } = await runEngine("vibecoding-helper", args, { timeoutMs });
+    if (code !== 0) {
+        throw new Error(stderr?.trim() ? `advisory_review_engine_error: ${stderr.trim()}` : `advisory_review_exit_code: ${code}`);
+    }
+    const parsed = safeJsonParse(stdout);
+    if (!parsed.ok) {
+        throw new Error(`advisory_review_invalid_json: ${parsed.error}`);
+    }
+    return AdvisoryReviewOutputSchema.parse(parsed.value);
+}