npm - @vibekiln/cutline-mcp-cli - Versions diffs - 0.1.2 → 0.3.0 - Mend

@vibekiln/cutline-mcp-cli 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/commands/setup.d.ts +2 -0
package/dist/commands/setup.js +70 -0
package/dist/index.js +9 -1
package/dist/servers/{chunk-WWTNBUIX.js → chunk-6Y3AEXE3.js} +29 -24
package/dist/servers/{chunk-UBBAYTW3.js → chunk-IDSVMCGM.js} +4 -2
package/dist/servers/cutline-server.js +193 -24
package/dist/servers/{data-client-2YBU5KRO.js → data-client-PPEF2XUI.js} +1 -1
package/dist/servers/exploration-server.js +1 -1
package/dist/servers/{graph-metrics-DCNR7JZN.js → graph-metrics-KLHCMDFT.js} +1 -1
package/dist/servers/integrations-server.js +1 -1
package/dist/servers/output-server.js +1 -1
package/dist/servers/premortem-server.js +1 -1
package/dist/servers/tools-server.js +1 -1
package/package.json +1 -1

package/dist/commands/setup.d.ts CHANGED Viewed

@@ -2,4 +2,6 @@ export declare function setupCommand(options: {
     staging?: boolean;
     skipLogin?: boolean;
     projectRoot?: string;
+    hideAuditDimension?: string[];
+    hideAuditDimensions?: string;
 }): Promise<void>;

package/dist/commands/setup.js CHANGED Viewed

@@ -27,6 +27,7 @@ const SERVER_NAMES = [
     'output',
     'integrations',
 ];
+const AUDIT_DIMENSIONS = ['engineering', 'security', 'reliability', 'scalability', 'compliance'];
 async function detectTier(options) {
     const refreshToken = await getRefreshToken();
     if (!refreshToken)
@@ -83,6 +84,67 @@ function prompt(question) {
         });
     });
 }
+function parseDimensionCsv(csv) {
+    if (!csv)
+        return [];
+    return csv
+        .split(',')
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+function normalizeAuditDimensions(values) {
+    const allowed = new Set(AUDIT_DIMENSIONS);
+    const deduped = [...new Set(values.map((v) => v.trim().toLowerCase()).filter(Boolean))];
+    const valid = deduped.filter((v) => allowed.has(v));
+    const invalid = deduped.filter((v) => !allowed.has(v));
+    return { valid, invalid };
+}
+async function resolveHiddenAuditDimensions(options) {
+    const explicit = [
+        ...(options.hideAuditDimension ?? []),
+        ...parseDimensionCsv(options.hideAuditDimensions),
+    ];
+    if (explicit.length > 0) {
+        const { valid, invalid } = normalizeAuditDimensions(explicit);
+        if (invalid.length > 0) {
+            console.log(chalk.yellow(`  Ignoring invalid audit dimensions: ${invalid.join(', ')} ` +
+                `(allowed: ${AUDIT_DIMENSIONS.join(', ')})`));
+        }
+        return valid;
+    }
+    const answer = await prompt(chalk.cyan(`  Hide any code audit dimensions? ` +
+        `(comma-separated: ${AUDIT_DIMENSIONS.join(', ')}; Enter for none): `));
+    if (!answer)
+        return [];
+    const { valid, invalid } = normalizeAuditDimensions(parseDimensionCsv(answer));
+    if (invalid.length > 0) {
+        console.log(chalk.yellow(`  Ignoring invalid audit dimensions: ${invalid.join(', ')} ` +
+            `(allowed: ${AUDIT_DIMENSIONS.join(', ')})`));
+    }
+    return valid;
+}
+function writeAuditVisibilityConfig(hiddenDimensions) {
+    const configDir = join(homedir(), '.cutline-mcp');
+    const configPath = join(configDir, 'config.json');
+    let existing = {};
+    try {
+        if (existsSync(configPath)) {
+            existing = JSON.parse(readFileSync(configPath, 'utf-8'));
+        }
+    }
+    catch {
+        existing = {};
+    }
+    const next = {
+        ...existing,
+        audit_visibility: {
+            ...(existing.audit_visibility ?? {}),
+            hidden_dimensions: hiddenDimensions,
+        },
+    };
+    mkdirSync(configDir, { recursive: true });
+    writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
+}
 function resolveServeRuntime() {
     // Optional explicit override for advanced environments.
     if (process.env.CUTLINE_MCP_BIN?.trim()) {
@@ -222,6 +284,14 @@ export async function setupCommand(options) {
         }
         catch { /* ignore parse errors */ }
     }
+    const hiddenAuditDimensions = await resolveHiddenAuditDimensions(options);
+    writeAuditVisibilityConfig(hiddenAuditDimensions);
+    if (hiddenAuditDimensions.length > 0) {
+        console.log(chalk.dim(`  Hidden audit dimensions: ${hiddenAuditDimensions.join(', ')}\n`));
+    }
+    else {
+        console.log(chalk.dim('  Hidden audit dimensions: none\n'));
+    }
     // ── 3. Write MCP server config to IDEs ───────────────────────────────────
     const runtime = resolveServeRuntime();
     const serverConfig = buildServerConfig(runtime);

package/dist/index.js CHANGED Viewed

@@ -54,7 +54,15 @@ program
     .option('--staging', 'Use staging environment')
     .option('--skip-login', 'Skip authentication (use existing credentials)')
     .option('--project-root <path>', 'Project root directory for IDE rules (default: cwd)')
-    .action((opts) => setupCommand({ staging: opts.staging, skipLogin: opts.skipLogin, projectRoot: opts.projectRoot }));
+    .option('--hide-audit-dimension <name>', 'Hide one audit dimension in surfaced code audit output (repeatable)', (value, prev) => [...prev, value], [])
+    .option('--hide-audit-dimensions <csv>', 'Hide multiple audit dimensions (comma-separated: engineering,security,reliability,scalability,compliance)')
+    .action((opts) => setupCommand({
+    staging: opts.staging,
+    skipLogin: opts.skipLogin,
+    projectRoot: opts.projectRoot,
+    hideAuditDimension: opts.hideAuditDimension,
+    hideAuditDimensions: opts.hideAuditDimensions,
+}));
 program
     .command('init')
     .description('Generate IDE rules only (setup runs this automatically)')

package/dist/servers/{chunk-WWTNBUIX.js → chunk-6Y3AEXE3.js} RENAMED Viewed

@@ -287,6 +287,24 @@ async function exchangeRefreshToken(refreshToken, firebaseApiKey, maxRetries = 3
   }
   throw lastError || new Error("Token exchange failed after retries");
 }
+var AUDIT_DIMENSIONS = ["engineering", "security", "reliability", "scalability", "compliance"];
+function readLocalCutlineConfig() {
+  try {
+    const configPath = path.join(os.homedir(), ".cutline-mcp", "config.json");
+    if (!fs.existsSync(configPath))
+      return null;
+    return JSON.parse(fs.readFileSync(configPath, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function getHiddenAuditDimensions() {
+  const config = readLocalCutlineConfig();
+  const hidden = config?.audit_visibility?.hidden_dimensions ?? [];
+  const allowed = new Set(AUDIT_DIMENSIONS);
+  const normalized = [...new Set(hidden.map((d) => String(d).trim().toLowerCase()).filter((d) => allowed.has(d)))];
+  return normalized;
+}
 function getStoredApiKey() {
   if (process.env.CUTLINE_API_KEY) {
     return {
@@ -294,15 +312,9 @@ function getStoredApiKey() {
       environment: process.env.CUTLINE_ENV === "staging" ? "staging" : "production"
     };
   }
-  try {
-    const configPath = path.join(os.homedir(), ".cutline-mcp", "config.json");
-    if (fs.existsSync(configPath)) {
-      const config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
-      if (config.apiKey) {
-        return { apiKey: config.apiKey, environment: config.environment };
-      }
-    }
-  } catch {
+  const config = readLocalCutlineConfig();
+  if (config?.apiKey) {
+    return { apiKey: config.apiKey, environment: config.environment };
   }
   return null;
 }
@@ -314,21 +326,13 @@ async function getStoredToken() {
       environment: process.env.CUTLINE_ENV === "staging" ? "staging" : "production"
     };
   }
-  try {
-    const configPath = path.join(os.homedir(), ".cutline-mcp", "config.json");
-    if (fs.existsSync(configPath)) {
-      const content = fs.readFileSync(configPath, "utf-8");
-      const config = JSON.parse(content);
-      if (config.refreshToken) {
-        console.error("[MCP Auth] Using token from ~/.cutline-mcp/config.json", config.environment ? `(environment: ${config.environment})` : "");
-        return {
-          refreshToken: config.refreshToken,
-          environment: config.environment
-        };
-      }
-    }
-  } catch (e) {
-    console.error("[MCP Auth] Failed to read config file:", e);
+  const config = readLocalCutlineConfig();
+  if (config?.refreshToken) {
+    console.error("[MCP Auth] Using token from ~/.cutline-mcp/config.json", config.environment ? `(environment: ${config.environment})` : "");
+    return {
+      refreshToken: config.refreshToken,
+      environment: config.environment
+    };
   }
   return null;
 }
@@ -991,6 +995,7 @@ export {
   mapErrorToMcp,
   validateAuth,
   resolveAuthContext,
+  getHiddenAuditDimensions,
   requirePremiumWithAutoAuth,
   resolveAuthContextFree,
   getPublicSiteUrlForCurrentAuth,

package/dist/servers/{chunk-UBBAYTW3.js → chunk-IDSVMCGM.js} RENAMED Viewed

@@ -565,7 +565,8 @@ function computeGraphMetrics(entities, edges, constraints, bindings, conflicts,
     gdpr: "GDPR/CCPA",
     owasp: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa: "FERPA/COPPA"
+    ferpa: "FERPA/COPPA",
+    ios: "iOS App Store"
   };
   const detectedFrameworks = /* @__PURE__ */ new Set();
   for (const c of constraints) {
@@ -879,7 +880,8 @@ function computeGenericGraphMetrics(entities, edges, constraints, bindings) {
     gdpr: "GDPR/CCPA",
     owasp: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa: "FERPA/COPPA"
+    ferpa: "FERPA/COPPA",
+    ios: "iOS App Store"
   };
   const detectedFrameworks = /* @__PURE__ */ new Set();
   for (const c of constraints) {

package/dist/servers/cutline-server.js CHANGED Viewed

@@ -43,6 +43,7 @@ import {
   getAllNodesLight,
   getEntitiesWithEmbeddings,
   getGraphMetadata,
+  getHiddenAuditDimensions,
   getIdeaReport,
   getNodesByCategories,
   getNodesMissingEmbeddings,
@@ -74,13 +75,13 @@ import {
   upsertEntities,
   upsertNodes,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 import {
   GraphTraverser,
   computeGenericGraphMetrics,
   computeMetricsFromGraph,
   detectConstraintConflicts
-} from "./chunk-UBBAYTW3.js";
+} from "./chunk-IDSVMCGM.js";
 // ../mcp/dist/mcp/src/cutline-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -415,6 +416,21 @@ var PATH_PATTERNS = [
     categories: ["compliance", "security"],
     domain: "fedramp",
     priority: "high"
+  },
+  {
+    patterns: [
+      /\/ios/i,
+      /\/swift/i,
+      /\/storekit/i,
+      /\/appstore/i,
+      /\/testflight/i,
+      /\.swift$/i,
+      /Info\.plist$/i
+    ],
+    keywords: ["ios", "app-store", "storekit", "iap", "testflight", "swift", "mobile"],
+    categories: ["compliance", "security", "risk"],
+    domain: "ios_app_store",
+    priority: "high"
   }
 ];
 var CODE_PATTERNS = [
@@ -589,6 +605,20 @@ var CODE_PATTERNS = [
     keywords: ["csa", "ccm", "cloud", "aws", "gcp", "azure", "cloud-security"],
     categories: ["compliance", "security"],
     domain: "csa_ccm"
+  },
+  {
+    patterns: [
+      /StoreKit/i,
+      /SKPaymentQueue/i,
+      /SKProductsRequest/i,
+      /ASAuthorizationAppleID/i,
+      /UIApplicationOpenSettingsURLString/i,
+      /ATTrackingManager/i,
+      /\.swift$/i
+    ],
+    keywords: ["ios", "app-store", "storekit", "iap", "apple-signin", "tracking-consent"],
+    categories: ["compliance", "security"],
+    domain: "ios_app_store"
   }
 ];
 function analyzeFilePaths(paths) {
@@ -2977,7 +3007,8 @@ var FRAMEWORK_ID_PREFIXES = {
   gdpr: "GDPR/CCPA",
   owasp: "OWASP LLM Top 10",
   glba: "GLBA",
-  ferpa: "FERPA/COPPA"
+  ferpa: "FERPA/COPPA",
+  ios: "iOS App Store"
 };
 function resolveFramework(constraintId) {
   if (!constraintId.startsWith("constraint:blueprint:"))
@@ -5405,6 +5436,53 @@ var BLUEPRINT_RULES = [
         framework: "ferpa_coppa"
       }
     ]
+  },
+  // ── iOS App Store Review Guidelines (mobile iOS apps) ──────────────────────
+  {
+    trigger: (eco, ctx) => {
+      const iosSignals = /ios|swift|swiftui|xcode|uikit|storekit|appstore|testflight|cocoapods|xcframework/i;
+      const hasLang = eco.languages.some((l) => /swift|objective-c|objc/i.test(l));
+      const hasFramework = eco.frameworks.some((f) => iosSignals.test(f));
+      const hasDep = eco.all_dependencies.some((d) => iosSignals.test(d));
+      const descMatch = ctx?.productDescription ? /\b(ios|iphone|ipad|app\s*store|testflight|storekit|in-app purchase|apple sign in)\b/i.test(ctx.productDescription) : false;
+      const entityMatch = ctx?.existingEntityNames?.some((n) => /\b(ios|mobile|iphone|ipad|app store|iap|storekit)\b/i.test(n)) ?? false;
+      return hasLang || hasFramework || hasDep || descMatch || entityMatch;
+    },
+    constraints: [
+      {
+        id_suffix: "ios_app_store_privacy_disclosure",
+        category: "compliance",
+        summary: "[iOS App Store 5.1] Apps collecting user data MUST provide accurate privacy disclosures and clear in-app data handling flows.",
+        keywords: ["ios", "app-store", "privacy", "disclosure", "tracking", "app-privacy"],
+        severity: "critical",
+        action: "Document data collection in App Privacy labels and align runtime behavior. Gate tracking behind explicit consent where required.",
+        checklist_ref: "IOS-5.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/privacy*", "**/tracking/**", "**/analytics/**"],
+        framework: "ios_app_store"
+      },
+      {
+        id_suffix: "ios_app_store_iap_policy",
+        category: "compliance",
+        summary: "[iOS App Store 3.1] Digital goods/services sold in-app MUST use Apple's In-App Purchase flows where required.",
+        keywords: ["ios", "app-store", "iap", "storekit", "payments", "digital-goods"],
+        severity: "warning",
+        action: "Use StoreKit for digital purchases in iOS app surfaces. Avoid bypass payment links that violate App Store rules.",
+        checklist_ref: "IOS-3.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/billing/**", "**/payment/**", "**/storekit/**"],
+        framework: "ios_app_store"
+      },
+      {
+        id_suffix: "ios_app_store_account_deletion",
+        category: "compliance",
+        summary: "[iOS App Store 5.1.1(v)] If account creation exists, apps MUST provide in-app account deletion with data handling consistent with policy.",
+        keywords: ["ios", "app-store", "account-deletion", "user-account", "privacy-rights"],
+        severity: "warning",
+        action: "Expose account deletion in-app for iOS users and ensure backend deletion flow is implemented and verifiable.",
+        checklist_ref: "IOS-5.1.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/api/account*", "**/api/user*", "**/settings/**"],
+        framework: "ios_app_store"
+      }
+    ]
   }
 ];
 function buildBlueprintConstraints(ecosystem, context) {
@@ -5504,6 +5582,7 @@ Flag if the codebase contains signals that would require specific compliance fra
 - **OWASP LLM**: OpenAI, Anthropic, LangChain, vector DBs (Pinecone, Weaviate), RAG pipelines, AI agents
 - **GLBA**: Plaid, banking SDKs, KYC/AML, lending/mortgage/wealth management code
 - **FERPA/COPPA**: EdTech integrations (Clever, Canvas), student/minor data, classroom/school references
+- **iOS App Store**: iOS/Swift codepaths, App Store/TestFlight distribution, StoreKit/IAP, mobile app privacy policies
 For each detected signal, note:
 - H1. Which framework(s) apply and why
@@ -5551,7 +5630,7 @@ Return a JSON object with exactly these fields:
 - referenceClasses (string[]): Security frameworks or standards that apply (e.g., "OWASP Top 10 2021", "SOC 2 Type II").
 - constraints (object?): Resource constraints \u2014 team, budget_usd, deadline_days, must_ship_scope.
 - checklist_summary (object): Keys are checklist IDs (A1-A8, B1-B6, C1-C7, D1-D8, E1-E4, F1-F3, G-*, H1-H3, I1-I8, J1-J6, K1-K8), values are "pass"|"fail"|"warn"|"not_applicable". This forces systematic coverage.
-- compliance_signals (array of {framework: "pci_dss"|"hipaa"|"fedramp"|"gdpr_ccpa"|"owasp_llm"|"glba"|"ferpa_coppa"|"csa_ccm", signal: string, confidence: number}?): Detected compliance framework signals. Return [] if none.
+- compliance_signals (array of {framework: "pci_dss"|"hipaa"|"fedramp"|"gdpr_ccpa"|"owasp_llm"|"glba"|"ferpa_coppa"|"csa_ccm"|"ios_app_store", signal: string, confidence: number}?): Detected compliance framework signals. Return [] if none.
 Be concrete and specific. Reference file paths and line numbers where possible. If a checklist item cannot be assessed from the provided files, mark it "not_applicable" and note why. Cover ALL sections A through K.`;
 var FULL_SYSTEM_PROMPT = `You are a product analyst reviewing a codebase. Given file contents, an ecosystem fingerprint, and existing constraints, extract structured product context.
@@ -6156,13 +6235,15 @@ async function seedBlueprintConstraints(productId, ecosystem, deps, blueprintCon
   const FRAMEWORK_LABELS = {
     baseline: "Security Baseline",
     soc2: "SOC 2",
+    csa_ccm: "CSA Controls Matrix",
     pci_dss: "PCI-DSS",
     hipaa: "HIPAA",
     fedramp: "FedRAMP",
     gdpr_ccpa: "GDPR/CCPA",
     owasp_llm: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa_coppa: "FERPA/COPPA"
+    ferpa_coppa: "FERPA/COPPA",
+    ios_app_store: "iOS App Store"
   };
   const newEntities = [];
   const newEdges = [];
@@ -6966,10 +7047,27 @@ function deltaStr(current, previous) {
     return " (no change)";
   return diff > 0 ? ` (**+${diff}** since last scan)` : ` (**${diff}** since last scan)`;
 }
-function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline.ai") {
+function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline.ai", hiddenAuditDimensions = []) {
   const m = result.metrics;
   const p = result.previousMetrics;
   const isRescan = !!p;
+  const hiddenSet = new Set(hiddenAuditDimensions.map((d) => String(d).trim().toLowerCase()));
+  const securityVisible = !hiddenSet.has("security");
+  const inferFindingDimension = (category) => {
+    const c = (category ?? "").toLowerCase();
+    if (["reliability"].includes(c))
+      return "reliability";
+    if (["scalability", "performance"].includes(c))
+      return "scalability";
+    if (["compliance"].includes(c))
+      return "compliance";
+    if (["code_quality", "general"].includes(c))
+      return "engineering";
+    return "security";
+  };
+  const hasComplianceFrameworks = result.frameworksLoaded.length > 0;
+  const complianceCurrent = hasComplianceFrameworks ? Math.round((m.nfr_coverage?.compliance ?? 0) * 100) : void 0;
+  const compliancePrevious = hasComplianceFrameworks ? Math.round((p?.nfr_coverage?.compliance ?? 0) * 100) : void 0;
   const lines = [
     `# Cutline Code Audit`,
     ``,
@@ -6979,8 +7077,50 @@ function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline
   if (result.frameworksLoaded.length > 0) {
     lines.push(`**Compliance frameworks:** ${result.frameworksLoaded.join(", ")}`);
   }
-  lines.push(``, `## Readiness Scores`, ``, `| Pillar | Score |${isRescan ? " Change |" : ""}`, `|--------|-------|${isRescan ? "--------|" : ""}`, `| Engineering | ${m.engineering_readiness_pct ?? 0}% |${isRescan ? deltaStr(m.engineering_readiness_pct, p?.engineering_readiness_pct) + " |" : ""}`, `| Security | ${m.security_readiness_pct ?? 0}% |${isRescan ? deltaStr(m.security_readiness_pct, p?.security_readiness_pct) + " |" : ""}`, `| Reliability | ${m.reliability_readiness_pct ?? 0}% |${isRescan ? deltaStr(m.reliability_readiness_pct, p?.reliability_readiness_pct) + " |" : ""}`, `| Scalability | ${m.scalability_readiness_pct ?? 0}% |${isRescan ? deltaStr(m.scalability_readiness_pct, p?.scalability_readiness_pct) + " |" : ""}`, ``, `**Constraints mapped:** ${m.complexity_factors?.nfr_count ?? 0} (${m.complexity_factors?.critical_nfr_count ?? 0} critical)`, `**Binding coverage:** ${result.bindingHealth.coverage_pct}%`);
-  if (result.scaFindings && result.scaFindings.total > 0) {
+  const scoreRows = [
+    {
+      key: "engineering",
+      label: "Engineering",
+      current: m.engineering_readiness_pct ?? 0,
+      previous: p?.engineering_readiness_pct
+    },
+    {
+      key: "security",
+      label: "Security",
+      current: m.security_readiness_pct ?? 0,
+      previous: p?.security_readiness_pct
+    },
+    {
+      key: "reliability",
+      label: "Reliability",
+      current: m.reliability_readiness_pct ?? 0,
+      previous: p?.reliability_readiness_pct
+    },
+    {
+      key: "scalability",
+      label: "Scalability",
+      current: m.scalability_readiness_pct ?? 0,
+      previous: p?.scalability_readiness_pct
+    },
+    {
+      key: "compliance",
+      label: "Compliance",
+      current: complianceCurrent,
+      previous: compliancePrevious,
+      na: !hasComplianceFrameworks
+    }
+  ].filter((row) => !hiddenSet.has(row.key));
+  lines.push(``, `## Readiness Scores`, ``, `| Pillar | Score |${isRescan ? " Change |" : ""}`, `|--------|-------|${isRescan ? "--------|" : ""}`);
+  if (scoreRows.length > 0) {
+    for (const row of scoreRows) {
+      lines.push(`| ${row.label} | ${row.na ? "N/A" : `${row.current ?? 0}%`} |${isRescan ? row.na ? " (n/a) |" : deltaStr(row.current, row.previous) + " |" : ""}`);
+    }
+    lines.push(``);
+  } else {
+    lines.push(`| _Hidden by local audit visibility settings_ | - |${isRescan ? " - |" : ""}`, ``);
+  }
+  lines.push(`**Constraints mapped:** ${m.complexity_factors?.nfr_count ?? 0} (${m.complexity_factors?.critical_nfr_count ?? 0} critical)`, `**Binding coverage:** ${result.bindingHealth.coverage_pct}%`);
+  if (securityVisible && result.scaFindings && result.scaFindings.total > 0) {
     const sca = result.scaFindings;
     lines.push(``, `## Dependency Vulnerabilities (SCA)`, ``, `**${sca.total} known vulnerabilities** found (${sca.critical} critical, ${sca.high} high)`, ``);
     for (const v of sca.top) {
@@ -6991,12 +7131,13 @@ function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline
       lines.push(`- ...and ${sca.total - sca.top.length} more`);
     }
   }
-  const totalFindings = result.gatedGapDetails.length;
-  const criticalCount = result.gatedGapDetails.filter((g) => g.severity === "critical" || g.severity === "high").length;
+  const visibleFindings = result.gatedGapDetails.filter((g) => !hiddenSet.has(inferFindingDimension(g.category)));
+  const totalFindings = visibleFindings.length;
+  const criticalCount = visibleFindings.filter((g) => g.severity === "critical" || g.severity === "high").length;
   if (totalFindings > 0) {
-    const topFinding = result.gatedGapDetails[0];
+    const topFinding = visibleFindings[0];
     lines.push(``, `## #1 Finding \u2014 Fix This Now`, ``, `**[${topFinding.severity.toUpperCase()}] ${topFinding.title}**`, `*Category: ${topFinding.category}*`, ``, topFinding.description || "Address this finding to improve your readiness scores.", ``, `> Fix this issue, then re-run \`code_audit\` to see your scores improve.`);
-    const remaining = result.gatedGapDetails.slice(1);
+    const remaining = visibleFindings.slice(1);
     if (remaining.length > 0) {
       lines.push(``, `## ${remaining.length} More Finding${remaining.length > 1 ? "s" : ""} Detected`);
       const teaserLimit = Math.min(remaining.length, 5);
@@ -8222,6 +8363,20 @@ Why AI: ${idea.whyAI}`
         }
         const freeAuth = await resolveAuthContextFree(scanArgs.auth_token);
         const uid = freeAuth.effectiveUid;
+        const hiddenAuditDimensions = getHiddenAuditDimensions();
+        const hiddenSet = new Set(hiddenAuditDimensions);
+        const inferFindingDimension = (category) => {
+          const c = (category ?? "").toLowerCase();
+          if (["reliability"].includes(c))
+            return "reliability";
+          if (["scalability", "performance"].includes(c))
+            return "scalability";
+          if (["compliance"].includes(c))
+            return "compliance";
+          if (["code_quality", "general"].includes(c))
+            return "engineering";
+          return "security";
+        };
         {
           const rateInfo = await getScanRateLimit();
           const now = /* @__PURE__ */ new Date();
@@ -8258,24 +8413,36 @@ Why AI: ${idea.whyAI}`
         let reportId;
         let reportSiteUrl = "https://thecutline.ai";
         try {
+          const reportMetrics = {};
+          if (!hiddenSet.has("engineering")) {
+            reportMetrics.engineering_readiness_pct = result.metrics.engineering_readiness_pct ?? 0;
+          }
+          if (!hiddenSet.has("security")) {
+            reportMetrics.security_readiness_pct = result.metrics.security_readiness_pct ?? 0;
+          }
+          if (!hiddenSet.has("reliability")) {
+            reportMetrics.reliability_readiness_pct = result.metrics.reliability_readiness_pct ?? 0;
+          }
+          if (!hiddenSet.has("scalability")) {
+            reportMetrics.scalability_readiness_pct = result.metrics.scalability_readiness_pct ?? 0;
+          }
+          if (!hiddenSet.has("compliance")) {
+            reportMetrics.compliance_readiness_pct = result.frameworksLoaded.length > 0 ? Math.round((result.metrics.nfr_coverage?.compliance ?? 0) * 100) : null;
+          }
+          const visibleFindings = result.gatedGapDetails.filter((f) => !hiddenSet.has(inferFindingDimension(f.category)));
           const saved = await saveScanReport({
-            metrics: {
-              engineering_readiness_pct: result.metrics.engineering_readiness_pct ?? 0,
-              security_readiness_pct: result.metrics.security_readiness_pct ?? 0,
-              reliability_readiness_pct: result.metrics.reliability_readiness_pct ?? 0,
-              scalability_readiness_pct: result.metrics.scalability_readiness_pct ?? 0
-            },
+            metrics: reportMetrics,
             ecosystem: result.ecosystem,
             binding_coverage_pct: result.bindingHealth.coverage_pct,
             frameworks_loaded: result.frameworksLoaded,
             sensitive_data_count: result.sensitiveDataCount,
-            findings: result.gatedGapDetails.map((f) => ({
+            findings: visibleFindings.map((f) => ({
               title: f.title,
               severity: f.severity,
               category: f.category,
               description: f.description
             })),
-            sca_summary: result.scaFindings ? {
+            sca_summary: !hiddenSet.has("security") && result.scaFindings ? {
               total: result.scaFindings.total,
               critical: result.scaFindings.critical,
               high: result.scaFindings.high
@@ -8287,7 +8454,7 @@ Why AI: ${idea.whyAI}`
           console.error("[code_audit] Report persistence failed (non-fatal):", e);
         }
         return {
-          content: [{ type: "text", text: formatAuditOutput(result, reportId, reportSiteUrl) }]
+          content: [{ type: "text", text: formatAuditOutput(result, reportId, reportSiteUrl, hiddenAuditDimensions) }]
         };
       }
       const authCtx = await resolveAuthContext(args.auth_token);
@@ -8941,7 +9108,8 @@ Meta: ${JSON.stringify(output.meta)}` }
             gdpr: "GDPR/CCPA",
             owasp: "OWASP LLM Top 10",
             glba: "GLBA",
-            ferpa: "FERPA/COPPA"
+            ferpa: "FERPA/COPPA",
+            ios: "iOS App Store"
           };
           const formattedConstraints = topConstraints.map((c) => {
             const framework = detectFramework2(c.id);
@@ -9931,7 +10099,7 @@ ${JSON.stringify(metrics, null, 2)}` }
             getAllNodes(product_id),
             getAllBindings(product_id)
           ]);
-          const { computeMetricsFromGraph: computeMetricsFromGraph2 } = await import("./graph-metrics-DCNR7JZN.js");
+          const { computeMetricsFromGraph: computeMetricsFromGraph2 } = await import("./graph-metrics-KLHCMDFT.js");
           const updatedMetrics = computeMetricsFromGraph2(rgrEntities, rgrEdges, rgrConstraints, rgrBindings, updatedPhases);
           await updateGraphMetadata(product_id, {
             ...meta ?? {
@@ -10357,7 +10525,8 @@ Meta: ${JSON.stringify({
                 gdpr_ccpa: "GDPR/CCPA",
                 owasp_llm: "OWASP LLM Top 10",
                 glba: "GLBA",
-                ferpa_coppa: "FERPA/COPPA"
+                ferpa_coppa: "FERPA/COPPA",
+                ios_app_store: "iOS App Store"
               };
               const names = result.frameworksLoaded.map((f) => fwLabels[f] || f);
               sections.push(`- Compliance frameworks loaded: **${names.join(", ")}**`);

package/dist/servers/{data-client-2YBU5KRO.js → data-client-PPEF2XUI.js} RENAMED Viewed

@@ -78,7 +78,7 @@ import {
   upsertEdges,
   upsertEntities,
   upsertNodes
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 export {
   addEdges,
   addEntity,

package/dist/servers/exploration-server.js CHANGED Viewed

@@ -14,7 +14,7 @@ import {
   requirePremiumWithAutoAuth,
   updateExplorationSession,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/exploration-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/{graph-metrics-DCNR7JZN.js → graph-metrics-KLHCMDFT.js} RENAMED Viewed

@@ -3,7 +3,7 @@ import {
   computeGenericGraphMetrics,
   computeGraphMetrics,
   computeMetricsFromGraph
-} from "./chunk-UBBAYTW3.js";
+} from "./chunk-IDSVMCGM.js";
 export {
   applyGenericPrior,
   computeGenericGraphMetrics,

package/dist/servers/integrations-server.js CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   requirePremiumWithAutoAuth,
   validateAuth,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/integrations-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/output-server.js CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   mapErrorToMcp,
   requirePremiumWithAutoAuth,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/output-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/premortem-server.js CHANGED Viewed

@@ -27,7 +27,7 @@ import {
   updatePremortem,
   validateAuth,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/premortem-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/tools-server.js CHANGED Viewed

@@ -21,7 +21,7 @@ import {
   requirePremiumWithAutoAuth,
   validateAuth,
   validateRequestSize
-} from "./chunk-WWTNBUIX.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/tools-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@vibekiln/cutline-mcp-cli",
-    "version": "0.1.2",
+    "version": "0.3.0",
     "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
     "type": "module",
     "main": "dist/index.js",