@vibekiln/cutline-mcp-cli 0.11.1 → 0.11.2

package/dist/servers/cutline-server.js

@@ -4455,17 +4455,6 @@ var UNIVERSAL_CONSTRAINTS = [
     file_patterns: ["**/auth/**", "**/api/session*", "**/api/login*", "**/middleware/**", "**/config/**"],
     framework: "baseline"
   },
-  {
-    id_suffix: "password_reset_token_expiry",
-    category: "security",
-    summary: "Password reset tokens/links MUST be single-use and time-limited. Expired or reused reset tokens must fail closed.",
-    keywords: ["password-reset", "token", "expiry", "single-use", "account-takeover"],
-    severity: "critical",
-    action: "Enforce reset token TTL and one-time use semantics. Invalidate outstanding reset tokens after successful password change.",
-    checklist_ref: "A10",
-    file_patterns: ["**/auth/**", "**/api/reset*", "**/api/forgot*", "**/api/password*"],
-    framework: "baseline"
-  },
   {
     id_suffix: "backup_testing",
     category: "stability",
@@ -4711,83 +4700,6 @@ var RELIABILITY_CONSTRAINTS = [
     checklist_ref: "J10",
     file_patterns: ["**/utils/**", "**/lib/**", "**/services/**", "**/api/**"],
     framework: "baseline"
-  },
-  {
-    id_suffix: "startup_env_schema_validation",
-    category: "stability",
-    summary: "Runtime environment variables MUST be validated against an explicit schema at startup, and app boot must fail fast on invalid critical config.",
-    keywords: ["env", "startup", "schema", "validation", "fail-fast", "configuration"],
-    severity: "critical",
-    action: "Create startup env schema checks for server and public runtime variables. Crash startup when required production config is missing or malformed.",
-    checklist_ref: "J11",
-    file_patterns: ["**/config/**", "**/env/**", "**/server/**", "**/.env*"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "ui_error_boundaries",
-    category: "stability",
-    summary: "Critical user-facing UI surfaces MUST be wrapped in error boundaries to prevent full-app white screens during component crashes.",
-    keywords: ["error-boundary", "react", "ui", "crash", "fallback", "reliability"],
-    severity: "warning",
-    action: "Add error boundaries around major routes/layouts and high-risk widgets. Provide fallback UI and telemetry when boundaries catch errors.",
-    checklist_ref: "J12",
-    file_patterns: ["**/components/**", "**/pages/**", "**/app/**", "**/*error*"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "health_readiness_endpoints",
-    category: "stability",
-    summary: "Services MUST expose dedicated liveness and readiness endpoints (e.g., /api/health and /api/readyz) for monitoring and deployment safety checks.",
-    keywords: ["health", "readyz", "liveness", "readiness", "monitoring", "probe"],
-    severity: "critical",
-    action: "Implement lightweight health/readiness endpoints with no sensitive payload data. Integrate endpoints into uptime monitoring and deployment probes.",
-    checklist_ref: "J13",
-    file_patterns: ["**/api/health*", "**/api/ready*", "**/monitoring/**", "**/deploy/**"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "structured_production_logging",
-    category: "stability",
-    summary: "Production logging MUST be structured and include correlation/request IDs, with automatic redaction of tokens, API keys, and credentials.",
-    keywords: ["logging", "structured", "correlation-id", "request-id", "redaction", "observability"],
-    severity: "critical",
-    action: "Emit JSON logs in production and propagate request/correlation IDs across handlers and background jobs. Apply secret-redaction middleware before log emission.",
-    checklist_ref: "J14",
-    file_patterns: ["**/logger/**", "**/api/**", "**/middleware/**", "**/monitoring/**"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "typed_ai_generated_code",
-    category: "stability",
-    summary: "AI-generated production code MUST use TypeScript (or equivalent static typing) and pass strict type-check gates before merge.",
-    keywords: ["ai-generated", "typescript", "typing", "typecheck", "ci-gate", "quality"],
-    severity: "warning",
-    action: "Require strict type-check in CI for generated code changes and block merges on type errors. Prefer typed templates for agent-generated modules.",
-    checklist_ref: "J15",
-    file_patterns: ["**/*.ts", "**/*.tsx", "**/ai/**", "**/agents/**", "**/.github/**"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "async_email_dispatch",
-    category: "performance",
-    summary: "Transactional emails SHOULD be dispatched asynchronously (queue/background workers) so request handlers do not block on provider latency.",
-    keywords: ["email", "async", "queue", "worker", "latency", "smtp", "request-path"],
-    severity: "warning",
-    action: "Move email delivery to async jobs/queues and return request responses before provider completion. Add retry/backoff for transient send failures.",
-    checklist_ref: "J16",
-    file_patterns: ["**/api/**", "**/jobs/**", "**/workers/**", "**/email/**", "**/notifications/**"],
-    framework: "baseline"
-  },
-  {
-    id_suffix: "cdn_media_delivery",
-    category: "performance",
-    summary: "User-uploaded media MUST be stored in object storage and delivered through CDN caching, not served directly from app servers.",
-    keywords: ["cdn", "media", "uploads", "object-storage", "cache", "bandwidth"],
-    severity: "warning",
-    action: "Store uploads in object storage (S3/GCS/etc.) and serve via CDN URLs with cache headers. Keep app servers out of large media delivery paths.",
-    checklist_ref: "J17",
-    file_patterns: ["**/api/upload*", "**/storage/**", "**/media/**", "**/cdn/**", "**/config/**"],
-    framework: "baseline"
   }
 ];
 var IAC_CONSTRAINTS = [

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@vibekiln/cutline-mcp-cli",
-    "version": "0.11.1",
+    "version": "0.11.2",
     "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
     "type": "module",
     "main": "dist/index.js",