@vibecodetown/mcp-server 2.1.4 → 2.2.0

package/build/runtime/cli_invoker.js

@@ -0,0 +1,416 @@
+/**
+ * cli_invoker.ts - Single CLI Invocation Point (SSOT)
+ *
+ * All MCP tools MUST use this module for CLI invocations.
+ * Direct usage of child_process outside this file is forbidden.
+ *
+ * This module provides:
+ * - Centralized CLI invocation
+ * - Invocation logging for test verification
+ * - Environment sanitization
+ * - Timeout handling
+ *
+ * @module runtime/cli_invoker
+ */
+import { spawn, spawnSync } from "node:child_process";
+import { sanitizeEnv } from "../cli.js";
+import { getEngineCtx } from "../engine.js";
+// ============================================================================
+// Invocation Log (for test verification)
+// ============================================================================
+const invocationLog = [];
+/**
+ * Get a copy of the invocation log
+ * Used by tests to verify CLI calls
+ */
+export function getInvocationLog() {
+    return [...invocationLog];
+}
+/**
+ * Clear the invocation log
+ * Should be called in test beforeEach()
+ */
+export function clearInvocationLog() {
+    invocationLog.length = 0;
+}
+/**
+ * Check if a specific CLI prefix was invoked
+ * Used by enforcement tests
+ */
+export function wasInvoked(bin, argsPrefix) {
+    return invocationLog.some((record) => record.bin === bin &&
+        argsPrefix.every((prefix, i) => record.args[i] === prefix));
+}
+// ============================================================================
+// Binary Resolution
+// ============================================================================
+let vibeBinPath = null;
+/**
+ * Get the vibe CLI binary path
+ * This is the path to the vibe-cli.ts entry point
+ */
+async function getVibeBinPath() {
+    if (vibeBinPath)
+        return vibeBinPath;
+    // In production, vibe is invoked via npx or global install
+    // For now, we use the current process argv
+    // TODO: Resolve proper vibe binary path from package
+    vibeBinPath = process.argv[1] ?? "vibe";
+    return vibeBinPath;
+}
+/** Known system binaries that should be resolved via PATH */
+const SYSTEM_BINS = new Set([
+    "git", "semgrep", "python", "python3", "opa", "node", "npm", "npx",
+    // Common utilities that might be needed
+    "tar", "curl", "wget", "which", "bash", "sh",
+]);
+/** Engine binary names (for type checking) */
+const ENGINE_BINS = new Set([
+    "spec-high", "vibecoding-helper", "clinic", "execution-engine",
+]);
+/**
+ * Resolve binary path for a given CLI bin
+ */
+async function resolveBinPath(bin) {
+    if (bin === "vibe") {
+        return getVibeBinPath();
+    }
+    // System binary - use the name directly (resolved via PATH)
+    if (SYSTEM_BINS.has(bin)) {
+        return bin;
+    }
+    // Engine binary - use cached path from bootstrap
+    if (ENGINE_BINS.has(bin)) {
+        const ctx = await getEngineCtx();
+        const enginePath = ctx.bins[bin];
+        if (!enginePath) {
+            throw new Error(`Engine binary not installed: ${bin}`);
+        }
+        return enginePath;
+    }
+    // Unknown binary - assume it's a system command (PATH resolution)
+    // This allows flexibility for arbitrary commands while logging them
+    return bin;
+}
+// ============================================================================
+// CLI Invocation
+// ============================================================================
+/**
+ * Invoke a CLI command
+ *
+ * This is the ONLY function that should spawn CLI processes.
+ * All other code should use this function.
+ *
+ * @param inv - Invocation request
+ * @returns CLI result with exit code, stdout, stderr, and duration
+ *
+ * @example
+ * ```typescript
+ * const result = await invokeCli({
+ *   bin: "vibe",
+ *   args: ["inspect", "--run-id", "abc123"],
+ *   cwd: "/path/to/project",
+ *   timeoutMs: 60000
+ * });
+ * ```
+ */
+export async function invokeCli(inv) {
+    const startTime = Date.now();
+    const timeoutMs = inv.timeoutMs ?? 120_000;
+    // Create log record
+    const record = {
+        ...inv,
+        timestamp: new Date().toISOString(),
+    };
+    invocationLog.push(record);
+    // Resolve binary path
+    const binPath = await resolveBinPath(inv.bin);
+    return new Promise((resolve) => {
+        let resolved = false;
+        const p = spawn(binPath, inv.args, {
+            cwd: inv.cwd,
+            env: sanitizeEnv(inv.env),
+            shell: false,
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        const finish = (exitCode) => {
+            if (resolved)
+                return;
+            resolved = true;
+            const result = {
+                exitCode,
+                stdout,
+                stderr,
+                durationMs: Date.now() - startTime,
+            };
+            // Update log record with result
+            record.result = result;
+            resolve(result);
+        };
+        const killTimer = setTimeout(() => {
+            try {
+                p.kill("SIGKILL");
+            }
+            catch {
+                // Ignore kill errors
+            }
+            stderr += "\n[TIMEOUT]";
+            finish(124);
+        }, timeoutMs);
+        p.stdout.on("data", (d) => (stdout += d.toString("utf-8")));
+        p.stderr.on("data", (d) => (stderr += d.toString("utf-8")));
+        p.on("error", (e) => {
+            clearTimeout(killTimer);
+            const msg = e instanceof Error ? e.message : String(e);
+            stderr += `\n[SPAWN_ERROR] ${msg}`;
+            finish(127);
+        });
+        p.on("close", (code) => {
+            clearTimeout(killTimer);
+            finish(code ?? 1);
+        });
+    });
+}
+// ============================================================================
+// Convenience Functions
+// ============================================================================
+/**
+ * Invoke vibe CLI command (convenience wrapper)
+ *
+ * @example
+ * ```typescript
+ * const result = await invokeVibe(["inspect", "--run-id", "abc123"], "/project");
+ * ```
+ */
+export async function invokeVibe(args, cwd, opts) {
+    return invokeCli({
+        bin: "vibe",
+        args,
+        cwd,
+        env: opts?.env,
+        timeoutMs: opts?.timeoutMs,
+    });
+}
+/**
+ * Invoke engine binary directly (legacy, will be deprecated)
+ *
+ * Prefer using invokeVibe() with appropriate vibe subcommand instead.
+ *
+ * @deprecated Use invokeVibe() instead
+ */
+export async function invokeEngine(engine, args, cwd, opts) {
+    return invokeCli({
+        bin: engine,
+        args,
+        cwd,
+        env: opts?.env,
+        timeoutMs: opts?.timeoutMs,
+    });
+}
+/**
+ * Invoke a system binary (git, semgrep, python, etc.)
+ *
+ * These commands are resolved via PATH.
+ *
+ * @example
+ * ```typescript
+ * // Run git status
+ * const result = await invokeSystem("git", ["status"], "/project");
+ *
+ * // Run semgrep scan
+ * const result = await invokeSystem("semgrep", ["scan", "--config", "auto"], "/project");
+ * ```
+ */
+export async function invokeSystem(bin, args, cwd, opts) {
+    return invokeCli({
+        bin,
+        args,
+        cwd,
+        env: opts?.env,
+        timeoutMs: opts?.timeoutMs,
+    });
+}
+/**
+ * Invoke git command (convenience wrapper)
+ *
+ * @example
+ * ```typescript
+ * const result = await invokeGit(["status"], "/project");
+ * const result = await invokeGit(["add", "."], "/project");
+ * ```
+ */
+export async function invokeGit(args, cwd, opts) {
+    return invokeSystem("git", args, cwd, opts);
+}
+/**
+ * Invoke a system binary synchronously
+ *
+ * Use sparingly - prefer async versions. Only use for:
+ * - Startup/bootstrap code
+ * - Simple checks that must block
+ *
+ * @example
+ * ```typescript
+ * const result = invokeSystemSync("git", ["rev-parse", "--show-toplevel"], "/project");
+ *
+ * // With stdin input
+ * const result = invokeSystemSync("opa", ["eval", "-I", ...], "/project", {
+ *   input: JSON.stringify(data)
+ * });
+ * ```
+ */
+export function invokeSystemSync(bin, args, cwd, opts) {
+    const timeoutMs = opts?.timeoutMs ?? 30_000;
+    // Log the invocation (sync version also logs for consistency)
+    const record = {
+        bin,
+        args,
+        cwd,
+        env: opts?.env,
+        timeoutMs,
+        timestamp: new Date().toISOString(),
+    };
+    invocationLog.push(record);
+    const result = spawnSync(bin, args, {
+        cwd,
+        encoding: "utf-8",
+        env: sanitizeEnv(opts?.env),
+        input: opts?.input,
+        stdio: opts?.input ? ["pipe", "pipe", "pipe"] : ["ignore", "pipe", "pipe"],
+        timeout: timeoutMs,
+    });
+    const cliResult = {
+        exitCode: result.status ?? (result.signal ? 124 : 1),
+        stdout: result.stdout ?? "",
+        stderr: result.stderr ?? "",
+    };
+    // Check for spawn errors (e.g., binary not found)
+    if (result.error) {
+        const err = result.error;
+        cliResult.exitCode = err.code === "ENOENT" ? 127 : 1;
+        cliResult.stderr = `[SPAWN_ERROR] ${err.message}`;
+    }
+    // Update log record
+    record.result = { ...cliResult, durationMs: 0 };
+    return cliResult;
+}
+/**
+ * Invoke git command synchronously
+ *
+ * @example
+ * ```typescript
+ * const result = invokeGitSync(["rev-parse", "--show-toplevel"], "/project");
+ * ```
+ */
+export function invokeGitSync(args, cwd, opts) {
+    return invokeSystemSync("git", args, cwd, opts);
+}
+// ============================================================================
+// Detached Process (for background services)
+// ============================================================================
+/**
+ * Spawn a detached process that continues running after parent exits
+ *
+ * Use for background services like web servers.
+ * The process is spawned with `detached: true` and `unref()`.
+ *
+ * @returns PID of the spawned process, or null if spawn failed
+ *
+ * @example
+ * ```typescript
+ * const pid = spawnDetached("npm", ["run", "dev"], "/project", {
+ *   PORT: "3000"
+ * });
+ * ```
+ */
+export function spawnDetached(bin, args, cwd, env) {
+    // Log the invocation
+    const record = {
+        bin,
+        args,
+        cwd,
+        env,
+        timestamp: new Date().toISOString(),
+    };
+    invocationLog.push(record);
+    try {
+        const child = spawn(bin, args, {
+            cwd,
+            detached: true,
+            stdio: "ignore",
+            env: sanitizeEnv(env),
+        });
+        // Unref to allow parent to exit independently
+        child.unref();
+        const pid = child.pid ?? null;
+        // Update log record
+        record.result = {
+            exitCode: 0,
+            stdout: "",
+            stderr: "",
+            durationMs: 0,
+        };
+        return pid;
+    }
+    catch {
+        record.result = {
+            exitCode: 127,
+            stdout: "",
+            stderr: "[SPAWN_ERROR]",
+            durationMs: 0,
+        };
+        return null;
+    }
+}
+/**
+ * Parse VRIP control response from CLI result
+ *
+ * @param result - CLI invocation result
+ * @returns Parsed control response or error
+ */
+export function parseVripResponse(result) {
+    if (result.exitCode > 1) {
+        // System crash - no JSON expected
+        return { ok: false, error: `CLI crashed (code ${result.exitCode}): ${result.stderr}` };
+    }
+    try {
+        const ctrl = JSON.parse(result.stdout.trim());
+        if (typeof ctrl.ok !== "boolean" || typeof ctrl.run_id !== "string") {
+            return { ok: false, error: "Invalid VRIP response: missing ok or run_id" };
+        }
+        return { ok: true, ctrl };
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { ok: false, error: `JSON parse failed: ${msg}\nRaw: ${result.stdout}` };
+    }
+}
+/**
+ * Invoke vibe CLI with VRIP protocol
+ *
+ * Automatically adds --json flag and parses VRIP response.
+ *
+ * @example
+ * ```typescript
+ * const { ctrl, result } = await invokeVibeVrip(
+ *   ["inspect", "--target", "src/"],
+ *   "/project"
+ * );
+ * if (ctrl.ok) {
+ *   const runDir = `.vibe/runs/${ctrl.run_id}`;
+ *   // Read actual results from run_dir
+ * }
+ * ```
+ */
+export async function invokeVibeVrip(args, cwd, opts) {
+    // Always add --json for VRIP protocol
+    const jsonArgs = args.includes("--json") ? args : [...args, "--json"];
+    const result = await invokeVibe(jsonArgs, cwd, opts);
+    const parsed = parseVripResponse(result);
+    if (!parsed.ok) {
+        throw new Error(parsed.error);
+    }
+    return { ctrl: parsed.ctrl, result };
+}

package/build/tools/vibe_pm/briefing.js

@@ -35,7 +35,8 @@ export async function briefing(input) {
     // Mode defaults to balanced
     const mode = input.mode ?? "balanced";
     // Step 1: Initialize the run
-    const initResult = await runEngine("spec-high", ["--root", "engines/spec_high", "init", run_id, "--mode", mode], { timeoutMs: 60_000 });
+    // Note: spec-high init doesn't support --mode flag, mode is handled at MCP layer
+    const initResult = await runEngine("spec-high", ["--root", "engines/spec_high", "init", run_id], { timeoutMs: 60_000 });
     if (initResult.code !== 0) {
         throw new Error(`프로젝트 초기화 실패: ${initResult.stderr || "알 수 없는 오류"}`);
     }

package/build/tools/vibe_pm/finalize_work.js

@@ -10,6 +10,7 @@ import { runDocStatusTriage } from "./doc_status_gate.js";
 import { kickoffKceSyncBestEffort } from "./kce/on_finalize.js";
 import { updateVersionFile } from "../../version-check.js";
 import { CONTRACTS_VERSION, CONTRACTS_BUNDLE_SHA256 } from "../../generated/contracts_bundle_info.js";
+import { updateLastCommit, checkAndAddMcpBuildAction, formatReminders, } from "../../local-mode/project-state.js";
 /**
  * vibe_pm.finalize_work - Complete work with documentation and Git
  *
@@ -161,6 +162,13 @@ export async function finalizeWork(input, basePath = process.cwd()) {
                     await git.commit(commitMessage);
                     commitHash = (await git.revparse(["HEAD"])).trim() || "unknown";
                     commitCreated = true;
+                    // Update project state with commit info
+                    updateLastCommit({
+                        hash: commitHash,
+                        message: commitMessage.split("\n")[0],
+                        timestamp: new Date().toISOString(),
+                        pushed: false, // Will be updated after push
+                    }, basePath);
                 }
                 catch (err) {
                     warning = appendWarning(warning, `Git commit 실패: ${err instanceof Error ? err.message : String(err)}`);
@@ -222,6 +230,13 @@ export async function finalizeWork(input, basePath = process.cwd()) {
                     try {
                         await git.push("origin", branchName);
                         pushedToRemote = true;
+                        // Update project state - mark as pushed
+                        updateLastCommit({
+                            hash: commitHash,
+                            message: commitMessage.split("\n")[0],
+                            timestamp: new Date().toISOString(),
+                            pushed: true,
+                        }, basePath);
                     }
                     catch (err) {
                         warning = appendWarning(warning, `Git push 실패: ${err instanceof Error ? err.message : String(err)}`);
@@ -257,6 +272,22 @@ export async function finalizeWork(input, basePath = process.cwd()) {
     catch {
         // Best-effort: do not block finalize_work
     }
+    // Best-effort: Check if MCP package needs rebuild and update project state
+    let mcpBuildNeeded = false;
+    try {
+        mcpBuildNeeded = await checkAndAddMcpBuildAction(basePath);
+        if (mcpBuildNeeded) {
+            warning = appendWarning(warning, "MCP_BUILD_NEEDED: adapters/mcp-ts 소스 변경됨. vibe_pm.publish_mcp로 빌드 필요");
+        }
+        // Add reminder summary to warning if there are pending actions
+        const reminders = formatReminders(basePath);
+        if (reminders) {
+            warning = appendWarning(warning, `\n${reminders}`);
+        }
+    }
+    catch {
+        // ignore (best-effort)
+    }
     return {
         success: commitHash !== "no-commit" || updatedFiles.length > 0,
         updated_files: updatedFiles,
@@ -264,10 +295,15 @@ export async function finalizeWork(input, basePath = process.cwd()) {
         pushed_to_remote: pushedToRemote,
         remote_url: remoteUrl,
         warning,
-        next_action: {
-            tool: "vibe_pm.status",
-            reason: "작업 완료 상태를 확인하세요"
-        }
+        next_action: mcpBuildNeeded
+            ? {
+                tool: "vibe_pm.publish_mcp",
+                reason: "MCP 패키지 빌드 필요 (소스 변경 감지)"
+            }
+            : {
+                tool: "vibe_pm.status",
+                reason: "작업 완료 상태를 확인하세요"
+            }
     };
 }
 /**

package/build/tools/vibe_pm/force_override.js

@@ -0,0 +1,104 @@
+// adapters/mcp-ts/src/tools/vibe_pm/force_override.ts
+// vibe_pm.force_override - Emergency escape hatch for blocked operations
+// P2-1: 탈출 경로 마련
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { z } from "zod";
+// ============================================================
+// Schemas
+// ============================================================
+export const forceOverrideInputSchema = z.object({
+    action: z.string().describe("차단된 작업 설명 (예: 'npm run build')"),
+    reason: z.string().describe("강제 실행이 필요한 이유"),
+    acknowledge_risks: z.literal(true).describe("위험을 인지했음을 확인 (true 필수)"),
+});
+export const forceOverrideOutputSchema = z.object({
+    success: z.boolean(),
+    override_id: z.string().describe("강제 실행 ID (감사 로그용)"),
+    action: z.string(),
+    reason: z.string(),
+    timestamp: z.string(),
+    audit_log_path: z.string().optional(),
+    warning: z.string(),
+    next_action: z.object({
+        tool: z.string(),
+        reason: z.string(),
+    }),
+});
+function generateOverrideId() {
+    const now = new Date();
+    const ts = now.toISOString().replace(/[-:T.]/g, "").slice(0, 15);
+    const rand = Math.random().toString(36).slice(2, 8);
+    return `FORCE_${ts}_${rand}`;
+}
+function writeAuditLog(basePath, entry) {
+    try {
+        const auditDir = path.join(basePath, ".vibe", "audit");
+        fs.mkdirSync(auditDir, { recursive: true });
+        const logFile = path.join(auditDir, "force_override.jsonl");
+        const line = JSON.stringify(entry) + "\n";
+        fs.appendFileSync(logFile, line, "utf-8");
+        return logFile;
+    }
+    catch {
+        return null;
+    }
+}
+// ============================================================
+// Tool Implementation
+// ============================================================
+/**
+ * vibe_pm.force_override
+ *
+ * Emergency escape hatch for blocked operations.
+ * Requires explicit acknowledgment of risks.
+ * All uses are logged for audit purposes.
+ *
+ * This does NOT actually execute any command - it only:
+ * 1. Validates the acknowledgment
+ * 2. Creates an audit log entry
+ * 3. Returns an override ID that can be used to bypass gates
+ *
+ * The AI agent can then use this override_id when re-attempting
+ * the blocked operation.
+ */
+export async function forceOverride(input) {
+    const basePath = process.cwd();
+    // Validate input (fail-closed)
+    const parsed = forceOverrideInputSchema.parse(input);
+    // acknowledge_risks must be true (enforced by schema, but double-check)
+    if (parsed.acknowledge_risks !== true) {
+        throw new Error("acknowledge_risks must be true to use force_override");
+    }
+    // Generate override ID
+    const overrideId = generateOverrideId();
+    const timestamp = new Date().toISOString();
+    // Create audit log entry
+    const auditEntry = {
+        override_id: overrideId,
+        timestamp,
+        action: parsed.action,
+        reason: parsed.reason,
+        user_acknowledged_risks: true,
+        cwd: basePath,
+        env: {
+            user: process.env.USER ?? process.env.USERNAME,
+            hostname: process.env.HOSTNAME ?? process.env.COMPUTERNAME,
+        },
+    };
+    // Write audit log
+    const auditLogPath = writeAuditLog(basePath, auditEntry);
+    return {
+        success: true,
+        override_id: overrideId,
+        action: parsed.action,
+        reason: parsed.reason,
+        timestamp,
+        audit_log_path: auditLogPath ?? undefined,
+        warning: "⚠ 강제 실행이 기록되었습니다. 이 작업은 감사 로그에 저장됩니다.",
+        next_action: {
+            tool: "vibe_pm.run_app",
+            reason: "override_id를 사용해 차단된 작업을 다시 시도할 수 있습니다.",
+        },
+    };
+}