@vibekiln/cutline-mcp-cli 0.1.0

package/Dockerfile

@@ -0,0 +1,11 @@
+FROM node:20-slim AS base
+
+WORKDIR /app
+
+# Install the CLI globally from npm (includes bundled servers)
+RUN npm install -g @vibekiln/cutline-mcp-cli@latest
+
+# Default to the main constraints server (cutline-server.js)
+# Override with: docker run ... cutline-mcp serve premortem
+ENTRYPOINT ["cutline-mcp"]
+CMD ["serve", "constraints"]

package/README.md

@@ -0,0 +1,248 @@
+# Cutline MCP — Engineering Guardrails for Vibecoding
+
+**Security, reliability, and scalability constraints for your coding agent.** Free code audits, 9 compliance frameworks, pre-mortem analysis, and a Red-Green-Refactor workflow — all injected directly into Cursor, Claude, Windsurf, or any MCP client.
+
+[![npm](https://img.shields.io/npm/v/@vibekiln/cutline-mcp-cli)](https://www.npmjs.com/package/@vibekiln/cutline-mcp-cli)
+[![MCP Registry](https://img.shields.io/badge/MCP_Registry-ai.thecutline-blue)](https://registry.modelcontextprotocol.io)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](https://opensource.org/licenses/MIT)
+
+## Install
+
+### npm (Recommended)
+
+```bash
+npm install -g @vibekiln/cutline-mcp-cli@latest
+```
+
+### Docker
+
+```bash
+docker run -i ghcr.io/kylewadegrove/cutline-mcp serve constraints
+```
+
+### Claude Desktop (.mcpb)
+
+Download `cutline-mcp.mcpb` from the [latest release](https://github.com/kylewadegrove/cutline/releases) and double-click to install.
+
+## Quick Start
+
+```bash
+# 1. Authenticate (email only, no password)
+cutline-mcp login
+
+# 2. Initialize your project (writes IDE rules)
+cd /path/to/your/project
+cutline-mcp init
+
+# 3. Connect MCP servers to your IDE
+cutline-mcp setup
+```
+
+Then ask your AI agent: **"use cutline"**
+
+Cutline interprets intent and tier:
+- Natural variants also work: `use cutline to ...`, `using cutline, ...`, `with cutline ...`
+- Free/default: runs `code_audit` (generic codebase scan)
+- Premium product-linked: runs `engineering_audit` (deep analysis + RGR)
+
+## What It Does
+
+| Capability | Free | Premium |
+|---|---|---|
+| **Code Audit** — security, reliability, scalability scan | 3/month | Unlimited |
+| **9 Compliance Frameworks** — SOC 2, PCI-DSS, HIPAA, GDPR, OWASP LLM, FedRAMP, GLBA, FERPA/COPPA | Auto-loaded | Auto-loaded |
+| **Engineering Audit** — deep product-linked scan + RGR remediation plan | — | Unlimited |
+| **Pre-Mortem Analysis** — risks, assumptions, competitive threats | — | Unlimited |
+| **Constraint Graph** — product-specific NFR routing | — | Full access |
+| **AI Personas** — stakeholder feedback on features | — | Full access |
+| **Idea Validation** — fast-track from free web validation | — | Included |
+
+## 54 MCP Tools
+
+### Free Tier
+
+| Tool | Description |
+|---|---|
+| `code_audit` | Security, reliability, and scalability scan (3/month) |
+| `exploration_start` | Start a guided product idea exploration |
+| `exploration_chat` | Continue an exploration conversation |
+| `exploration_graduate` | Graduate top idea (teaser for free, full for premium) |
+| `llm_status` | Check AI/LLM provider health |
+| `perf_status` | Check MCP server performance metrics |
+
+### Premium Tier (50+ tools)
+
+**Pre-Mortem & Deep Dive:** `premortem_run`, `premortem_from_idea`, `premortem_queue`, `premortem_status`, `premortem_kick`, `premortem_list`, `premortem_render_pdf`, `premortem_qa`, `premortem_regen_assumptions`, `premortem_regen_experiments`
+
+**Personas:** `personas_list`, `personas_get`, `personas_chat`
+
+**Constraint Graph:** `constraints_query`, `constraints_auto`, `constraints_ingest`, `constraints_list`, `constraints_learn`, `constraints_embed`, `constraints_semantic_query`, `constraints_ingest_persona`, `constraints_ingest_wiki`, `constraints_ingest_doc`, `constraints_heal`
+
+**Graph Operations:** `graph_ingest_requirements`, `graph_get_boundaries`, `graph_bind_codebase`, `graph_bind_confirm`, `graph_view`, `graph_conflicts`, `graph_metrics`
+
+**Code & RGR:** `engineering_audit`, `rgr_plan`, `rgr_complete_phase`, `export_readiness_badge`
+
+**Wiki & Integrations:** `wiki_load`, `wiki_save`, `wiki_apply_edits`, `agent_chat`, `integrations_create_issues`
+
+**Templates:** `template_list`, `template_get`, `template_create`, `template_discover`
+
+**Config:** `generate_cutline_md`
+
+## Commands
+
+### `login`
+
+Authenticate with Cutline. Opens your browser for a quick email-only signup (no password needed). Stores credentials in your system keychain.
+
+```bash
+cutline-mcp login
+cutline-mcp login --staging   # Use staging environment
+cutline-mcp login --signup    # Full sign-up page (email + password)
+```
+
+### `init`
+
+Generate IDE-specific config files for your project. Adapts to your tier:
+
+```bash
+cutline-mcp init
+cutline-mcp init --project-root /path/to/project
+```
+
+**Free tier writes:**
+- `.cursor/rules/rgr-workflow.mdc` — RGR cycle with `code_audit`
+- `.cursor/rules/ambient-constraints.mdc` — Constraint checking guidance
+- `CLAUDE.local.md` — Same instructions for Claude Code
+
+**Premium tier adds:**
+- `.cursor/rules/cutline.mdc` — Points agent to `.cutline.md`
+
+All files are gitignored automatically.
+
+### `setup`
+
+Print the MCP server configuration to add to your IDE.
+
+```bash
+cutline-mcp setup
+```
+
+### `serve <server>`
+
+Start an MCP server (used by IDE MCP configs).
+
+```bash
+cutline-mcp serve constraints    # Main server (engineering audit, constraints, graph)
+cutline-mcp serve premortem      # Pre-mortem and deep dive
+cutline-mcp serve exploration    # Idea exploration
+cutline-mcp serve tools          # Utility tools
+cutline-mcp serve output         # Export and rendering
+cutline-mcp serve integrations   # External integrations
+```
+
+### `upgrade`
+
+Open the upgrade page and refresh your session.
+
+```bash
+cutline-mcp upgrade
+```
+
+### `status` / `logout`
+
+```bash
+cutline-mcp status    # Check auth and subscription
+cutline-mcp logout    # Remove stored credentials
+```
+
+## How It Works
+
+### Authentication
+
+```
+1. cutline-mcp login
+2. CLI starts local callback server on localhost:8765
+3. Browser opens — enter email, receive magic link, click it
+4. CLI receives token and stores it in your OS keychain
+```
+
+Existing users who are already signed in complete automatically. Password sign-in is also available.
+
+### RGR Workflow
+
+The `init` command creates rules that make your AI coding agent follow the Red-Green-Refactor cycle automatically:
+
+1. **Plan** — Check constraints before implementing
+2. **Implement** — Write code addressing the constraints
+3. **Verify** — Run a code audit to check coverage
+4. **Complete** — Mark the phase done to update readiness scores
+
+### Compliance Frameworks
+
+Cutline auto-detects your stack and loads the appropriate compliance constraints:
+
+| Framework | Triggers |
+|---|---|
+| SOC 2 | Always loaded |
+| Security Baseline | Always loaded |
+| PCI-DSS | Stripe, payment libs |
+| HIPAA | Health/FHIR/HL7 libs |
+| GDPR / CCPA | Analytics, auth libs |
+| OWASP LLM Top 10 | OpenAI, LangChain, RAG |
+| FedRAMP | GovCloud, FIPS |
+| GLBA | Plaid, banking SDKs |
+| FERPA / COPPA | Clever, Canvas, EdTech |
+
+## Registry Listings
+
+### Official MCP Registry
+
+```bash
+# Verify namespace
+mcp-publisher login dns --domain thecutline.ai
+
+# Publish
+mcp-publisher publish
+```
+
+Config: [`server.json`](./server.json)
+
+### Smithery
+
+Config: [`smithery.yaml`](./smithery.yaml) with [`Dockerfile`](./Dockerfile)
+
+### Claude Desktop Extension
+
+```bash
+npm run build:mcpb
+# → cutline-mcp.mcpb (drag into Claude Desktop)
+```
+
+Config: [`mcpb/manifest.json`](./mcpb/manifest.json)
+
+## Troubleshooting
+
+### Port 8765 in use
+
+```bash
+lsof -i :8765
+kill -9 <PID>
+```
+
+### Authentication timeout
+
+The browser didn't complete within 10 minutes. Run `cutline-mcp login` again.
+
+### Failed to refresh token
+
+```bash
+cutline-mcp logout
+cutline-mcp login
+```
+
+### Keychain Access Denied (macOS)
+
+1. Open Keychain Access
+2. Find "cutline-mcp" entry
+3. Right-click → Get Info → Access Control
+4. Add your Terminal/IDE to allowed applications

package/dist/auth/callback.d.ts

@@ -0,0 +1,6 @@
+export interface CallbackResult {
+    token: string;
+    email?: string;
+}
+export type CallbackSource = 'login' | 'setup' | 'upgrade';
+export declare function startCallbackServer(source?: CallbackSource): Promise<CallbackResult>;

package/dist/auth/callback.js

@@ -0,0 +1,97 @@
+import express from 'express';
+const CALLBACK_PORT = 8765;
+const TIMEOUT_MS = 10 * 60 * 1000; // 10 minutes (allows time for email magic link)
+export async function startCallbackServer(source = 'login') {
+    return new Promise((resolve, reject) => {
+        const app = express();
+        let server;
+        // Timeout handler
+        const timeout = setTimeout(() => {
+            server?.close();
+            reject(new Error('Authentication timeout - no callback received'));
+        }, TIMEOUT_MS);
+        // Callback endpoint
+        app.get('/', (req, res) => {
+            const token = req.query.token;
+            const email = req.query.email;
+            if (!token) {
+                res.status(400).send('Missing token parameter');
+                return;
+            }
+            res.send(`
+        <!DOCTYPE html>
+        <html>
+          <head>
+            <title>Cutline MCP - Authentication Successful</title>
+            <style>
+              body {
+                font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+                display: flex;
+                justify-content: center;
+                align-items: center;
+                height: 100vh;
+                margin: 0;
+                background: #0a0a0a;
+                color: #fff;
+              }
+              .container {
+                background: #111;
+                padding: 2.5rem;
+                border-radius: 1rem;
+                border: 1px solid rgba(0, 255, 65, 0.2);
+                text-align: center;
+                max-width: 420px;
+              }
+              .checkmark { font-size: 3rem; margin-bottom: 0.5rem; }
+              h1 { color: #00ff41; font-size: 1.4rem; margin-bottom: 0.5rem; }
+              .email { color: #888; font-size: 0.9rem; margin-bottom: 1.5rem; }
+              .steps { text-align: left; margin: 1.5rem 0; padding: 1rem 1.2rem; background: rgba(0,255,65,0.05); border: 1px solid rgba(0,255,65,0.15); border-radius: 0.5rem; }
+              .steps h3 { font-size: 0.8rem; color: #888; margin: 0 0 0.8rem; text-transform: uppercase; letter-spacing: 0.05em; }
+              .step { display: flex; align-items: flex-start; gap: 0.6rem; margin-bottom: 0.6rem; font-size: 0.85rem; color: #ccc; }
+              .step:last-child { margin-bottom: 0; }
+              .num { color: #00ff41; font-weight: 600; min-width: 1.2rem; }
+              code { background: rgba(255,255,255,0.1); padding: 0.15rem 0.4rem; border-radius: 3px; font-size: 0.8rem; }
+              .close { color: #666; font-size: 0.8rem; margin-top: 1rem; }
+            </style>
+          </head>
+          <body>
+            <div class="container">
+              <div class="checkmark">&#10003;</div>
+              <h1>You're in!</h1>
+              ${email ? `<p class="email">${email}</p>` : ''}
+              ${source === 'login' ? `
+              <div class="steps">
+                <h3>Next in your terminal</h3>
+                <div class="step"><span class="num">1</span><span>Run <code>cutline-mcp init</code> to generate IDE rules</span></div>
+                <div class="step"><span class="num">2</span><span>Run <code>cutline-mcp setup</code> to connect MCP servers</span></div>
+                <div class="step"><span class="num">3</span><span>Ask your agent: <em>"Run an engineering audit"</em></span></div>
+              </div>` : `
+              <div class="steps">
+                <h3>Go back to your terminal</h3>
+                <div class="step"><span class="num">&#10003;</span><span>Setup is finishing automatically — check your terminal for next steps.</span></div>
+              </div>`}
+              <p class="close">You can close this tab.</p>
+            </div>
+          </body>
+        </html>
+      `);
+            // Clean up and resolve
+            clearTimeout(timeout);
+            server.close();
+            resolve({ token, email });
+        });
+        // Start server
+        server = app.listen(CALLBACK_PORT, () => {
+            console.log(`Callback server listening on http://localhost:${CALLBACK_PORT}`);
+        });
+        server.on('error', (err) => {
+            clearTimeout(timeout);
+            if (err.code === 'EADDRINUSE') {
+                reject(new Error(`Port ${CALLBACK_PORT} is already in use. Please close other applications and try again.`));
+            }
+            else {
+                reject(err);
+            }
+        });
+    });
+}

package/dist/auth/keychain.d.ts

@@ -0,0 +1,3 @@
+export declare function storeRefreshToken(token: string): Promise<void>;
+export declare function getRefreshToken(): Promise<string | null>;
+export declare function deleteRefreshToken(): Promise<boolean>;

package/dist/auth/keychain.js

@@ -0,0 +1,16 @@
+import { saveConfig, loadConfig } from '../utils/config-store.js';
+export async function storeRefreshToken(token) {
+    saveConfig({ refreshToken: token });
+}
+export async function getRefreshToken() {
+    const config = loadConfig();
+    return config.refreshToken || null;
+}
+export async function deleteRefreshToken() {
+    const config = loadConfig();
+    if (!config.refreshToken)
+        return false;
+    delete config.refreshToken;
+    saveConfig(config);
+    return true;
+}

package/dist/commands/init.d.ts

@@ -0,0 +1,4 @@
+export declare function initCommand(options: {
+    projectRoot?: string;
+    staging?: boolean;
+}): Promise<void>;