npm - @vibekiln/cutline-mcp-cli - Versions diffs - 0.2.0 → 0.4.0 - Mend

@vibekiln/cutline-mcp-cli 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/commands/setup.js +1 -1
package/dist/index.js +1 -1
package/dist/servers/{chunk-LI4AZPSJ.js → chunk-6Y3AEXE3.js} +1 -1
package/dist/servers/{chunk-UBBAYTW3.js → chunk-IDSVMCGM.js} +4 -2
package/dist/servers/cutline-server.js +155 -10
package/dist/servers/{data-client-PYMN6TQ7.js → data-client-PPEF2XUI.js} +1 -1
package/dist/servers/exploration-server.js +1 -1
package/dist/servers/{graph-metrics-DCNR7JZN.js → graph-metrics-KLHCMDFT.js} +1 -1
package/dist/servers/integrations-server.js +1 -1
package/dist/servers/output-server.js +1 -1
package/dist/servers/premortem-server.js +1 -1
package/dist/servers/tools-server.js +1 -1
package/package.json +1 -1

package/dist/commands/setup.js CHANGED Viewed

@@ -27,7 +27,7 @@ const SERVER_NAMES = [
     'output',
     'integrations',
 ];
-const AUDIT_DIMENSIONS = ['engineering', 'security', 'reliability', 'scalability'];
+const AUDIT_DIMENSIONS = ['engineering', 'security', 'reliability', 'scalability', 'compliance'];
 async function detectTier(options) {
     const refreshToken = await getRefreshToken();
     if (!refreshToken)

package/dist/index.js CHANGED Viewed

@@ -55,7 +55,7 @@ program
     .option('--skip-login', 'Skip authentication (use existing credentials)')
     .option('--project-root <path>', 'Project root directory for IDE rules (default: cwd)')
     .option('--hide-audit-dimension <name>', 'Hide one audit dimension in surfaced code audit output (repeatable)', (value, prev) => [...prev, value], [])
-    .option('--hide-audit-dimensions <csv>', 'Hide multiple audit dimensions (comma-separated: engineering,security,reliability,scalability)')
+    .option('--hide-audit-dimensions <csv>', 'Hide multiple audit dimensions (comma-separated: engineering,security,reliability,scalability,compliance)')
     .action((opts) => setupCommand({
     staging: opts.staging,
     skipLogin: opts.skipLogin,

package/dist/servers/{chunk-LI4AZPSJ.js → chunk-6Y3AEXE3.js} RENAMED Viewed

@@ -287,7 +287,7 @@ async function exchangeRefreshToken(refreshToken, firebaseApiKey, maxRetries = 3
   }
   throw lastError || new Error("Token exchange failed after retries");
 }
-var AUDIT_DIMENSIONS = ["engineering", "security", "reliability", "scalability"];
+var AUDIT_DIMENSIONS = ["engineering", "security", "reliability", "scalability", "compliance"];
 function readLocalCutlineConfig() {
   try {
     const configPath = path.join(os.homedir(), ".cutline-mcp", "config.json");

package/dist/servers/{chunk-UBBAYTW3.js → chunk-IDSVMCGM.js} RENAMED Viewed

@@ -565,7 +565,8 @@ function computeGraphMetrics(entities, edges, constraints, bindings, conflicts,
     gdpr: "GDPR/CCPA",
     owasp: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa: "FERPA/COPPA"
+    ferpa: "FERPA/COPPA",
+    ios: "iOS App Store"
   };
   const detectedFrameworks = /* @__PURE__ */ new Set();
   for (const c of constraints) {
@@ -879,7 +880,8 @@ function computeGenericGraphMetrics(entities, edges, constraints, bindings) {
     gdpr: "GDPR/CCPA",
     owasp: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa: "FERPA/COPPA"
+    ferpa: "FERPA/COPPA",
+    ios: "iOS App Store"
   };
   const detectedFrameworks = /* @__PURE__ */ new Set();
   for (const c of constraints) {

package/dist/servers/cutline-server.js CHANGED Viewed

@@ -75,13 +75,13 @@ import {
   upsertEntities,
   upsertNodes,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 import {
   GraphTraverser,
   computeGenericGraphMetrics,
   computeMetricsFromGraph,
   detectConstraintConflicts
-} from "./chunk-UBBAYTW3.js";
+} from "./chunk-IDSVMCGM.js";
 // ../mcp/dist/mcp/src/cutline-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
@@ -416,6 +416,21 @@ var PATH_PATTERNS = [
     categories: ["compliance", "security"],
     domain: "fedramp",
     priority: "high"
+  },
+  {
+    patterns: [
+      /\/ios/i,
+      /\/swift/i,
+      /\/storekit/i,
+      /\/appstore/i,
+      /\/testflight/i,
+      /\.swift$/i,
+      /Info\.plist$/i
+    ],
+    keywords: ["ios", "app-store", "storekit", "iap", "testflight", "swift", "mobile"],
+    categories: ["compliance", "security", "risk"],
+    domain: "ios_app_store",
+    priority: "high"
   }
 ];
 var CODE_PATTERNS = [
@@ -590,6 +605,20 @@ var CODE_PATTERNS = [
     keywords: ["csa", "ccm", "cloud", "aws", "gcp", "azure", "cloud-security"],
     categories: ["compliance", "security"],
     domain: "csa_ccm"
+  },
+  {
+    patterns: [
+      /StoreKit/i,
+      /SKPaymentQueue/i,
+      /SKProductsRequest/i,
+      /ASAuthorizationAppleID/i,
+      /UIApplicationOpenSettingsURLString/i,
+      /ATTrackingManager/i,
+      /\.swift$/i
+    ],
+    keywords: ["ios", "app-store", "storekit", "iap", "apple-signin", "tracking-consent"],
+    categories: ["compliance", "security"],
+    domain: "ios_app_store"
   }
 ];
 function analyzeFilePaths(paths) {
@@ -2978,7 +3007,8 @@ var FRAMEWORK_ID_PREFIXES = {
   gdpr: "GDPR/CCPA",
   owasp: "OWASP LLM Top 10",
   glba: "GLBA",
-  ferpa: "FERPA/COPPA"
+  ferpa: "FERPA/COPPA",
+  ios: "iOS App Store"
 };
 function resolveFramework(constraintId) {
   if (!constraintId.startsWith("constraint:blueprint:"))
@@ -4335,6 +4365,39 @@ var UNIVERSAL_CONSTRAINTS = [
     file_patterns: ["**/api/auth/**", "**/api/login*", "**/api/callback*", "**/api/checkout*", "**/middleware/**"],
     framework: "baseline"
   },
+  {
+    id_suffix: "sensitive_tokens_not_in_urls",
+    category: "security",
+    summary: "Auth/session/API tokens MUST NOT be passed in URL query parameters during redirects. Sensitive tokens in URLs leak via logs, browser history, and referrers.",
+    keywords: ["token", "query-param", "callback", "returnUrl", "redirect", "referrer", "url-leakage"],
+    severity: "critical",
+    action: "Use Authorization headers or httpOnly cookies for token transport. Validate callback/return URLs against an allowlist and never append bearer/session tokens to redirected URLs.",
+    checklist_ref: "D11",
+    file_patterns: ["**/auth/**", "**/api/auth/**", "**/api/**/checkout*", "**/mcp-auth*", "**/session/**", "**/middleware/**"],
+    framework: "baseline"
+  },
+  {
+    id_suffix: "no_secrets_in_query_params",
+    category: "security",
+    summary: "Secrets (revalidation secrets, API secrets, webhook secrets) MUST NOT be transported via URL query parameters. Query-string secrets are leaked through logs, referrers, and browser history.",
+    keywords: ["secret", "query-param", "url", "revalidate", "webhook", "referrer", "leakage"],
+    severity: "critical",
+    action: "Accept secrets only via headers or signed request bodies. Reject secret-bearing query params in production endpoints. Rotate any secret previously sent in URLs.",
+    checklist_ref: "D12",
+    file_patterns: ["**/api/**", "**/webhooks/**", "**/revalidate/**", "**/middleware/**"],
+    framework: "baseline"
+  },
+  {
+    id_suffix: "no_state_change_get_cookie_auth",
+    category: "security",
+    summary: "State-changing operations MUST NOT be reachable via GET when cookie authentication is accepted. GET + cookie auth creates CSRF risk.",
+    keywords: ["csrf", "get", "state-change", "cookie-auth", "origin-check", "referer", "method-safety"],
+    severity: "critical",
+    action: "Use POST/PUT/DELETE for side effects. If GET fallback is unavoidable, enforce strict same-origin checks (Origin/Referer/sec-fetch-site) and avoid cookie-based auth fallback where possible.",
+    checklist_ref: "D13",
+    file_patterns: ["**/api/**", "**/auth/**", "**/checkout/**", "**/middleware/**"],
+    framework: "baseline"
+  },
   {
     id_suffix: "ai_cost_caps",
     category: "security",
@@ -5406,6 +5469,53 @@ var BLUEPRINT_RULES = [
         framework: "ferpa_coppa"
       }
     ]
+  },
+  // ── iOS App Store Review Guidelines (mobile iOS apps) ──────────────────────
+  {
+    trigger: (eco, ctx) => {
+      const iosSignals = /ios|swift|swiftui|xcode|uikit|storekit|appstore|testflight|cocoapods|xcframework/i;
+      const hasLang = eco.languages.some((l) => /swift|objective-c|objc/i.test(l));
+      const hasFramework = eco.frameworks.some((f) => iosSignals.test(f));
+      const hasDep = eco.all_dependencies.some((d) => iosSignals.test(d));
+      const descMatch = ctx?.productDescription ? /\b(ios|iphone|ipad|app\s*store|testflight|storekit|in-app purchase|apple sign in)\b/i.test(ctx.productDescription) : false;
+      const entityMatch = ctx?.existingEntityNames?.some((n) => /\b(ios|mobile|iphone|ipad|app store|iap|storekit)\b/i.test(n)) ?? false;
+      return hasLang || hasFramework || hasDep || descMatch || entityMatch;
+    },
+    constraints: [
+      {
+        id_suffix: "ios_app_store_privacy_disclosure",
+        category: "compliance",
+        summary: "[iOS App Store 5.1] Apps collecting user data MUST provide accurate privacy disclosures and clear in-app data handling flows.",
+        keywords: ["ios", "app-store", "privacy", "disclosure", "tracking", "app-privacy"],
+        severity: "critical",
+        action: "Document data collection in App Privacy labels and align runtime behavior. Gate tracking behind explicit consent where required.",
+        checklist_ref: "IOS-5.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/privacy*", "**/tracking/**", "**/analytics/**"],
+        framework: "ios_app_store"
+      },
+      {
+        id_suffix: "ios_app_store_iap_policy",
+        category: "compliance",
+        summary: "[iOS App Store 3.1] Digital goods/services sold in-app MUST use Apple's In-App Purchase flows where required.",
+        keywords: ["ios", "app-store", "iap", "storekit", "payments", "digital-goods"],
+        severity: "warning",
+        action: "Use StoreKit for digital purchases in iOS app surfaces. Avoid bypass payment links that violate App Store rules.",
+        checklist_ref: "IOS-3.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/billing/**", "**/payment/**", "**/storekit/**"],
+        framework: "ios_app_store"
+      },
+      {
+        id_suffix: "ios_app_store_account_deletion",
+        category: "compliance",
+        summary: "[iOS App Store 5.1.1(v)] If account creation exists, apps MUST provide in-app account deletion with data handling consistent with policy.",
+        keywords: ["ios", "app-store", "account-deletion", "user-account", "privacy-rights"],
+        severity: "warning",
+        action: "Expose account deletion in-app for iOS users and ensure backend deletion flow is implemented and verifiable.",
+        checklist_ref: "IOS-5.1.1",
+        file_patterns: ["**/ios/**", "**/*.swift", "**/api/account*", "**/api/user*", "**/settings/**"],
+        framework: "ios_app_store"
+      }
+    ]
   }
 ];
 function buildBlueprintConstraints(ecosystem, context) {
@@ -5474,6 +5584,9 @@ D7. Do sensitive actions (account deletion, email change, role escalation) requi
 D8. Is payment/billing logic validated server-side? Can prices or quantities be tampered with client-side?
 D9. Are redirect URLs validated against an allowlist? Can open redirects be exploited for phishing?
 D10. Are webhook signatures verified before processing payment or event data?
+D11. Are auth/session/API tokens kept out of URL query params (including callback/returnUrl redirects) and transported via headers or httpOnly cookies instead?
+D12. Are secrets (revalidate/API/webhook/etc.) kept out of URL query params and accepted only via headers or signed bodies?
+D13. Are side-effecting endpoints using non-GET methods, and are cookie-auth GET fallbacks protected with strict same-origin checks?
 ### E. Security Rules & Infrastructure
 E1. For Firestore/database rules: do they enforce per-user data isolation?
@@ -5505,6 +5618,7 @@ Flag if the codebase contains signals that would require specific compliance fra
 - **OWASP LLM**: OpenAI, Anthropic, LangChain, vector DBs (Pinecone, Weaviate), RAG pipelines, AI agents
 - **GLBA**: Plaid, banking SDKs, KYC/AML, lending/mortgage/wealth management code
 - **FERPA/COPPA**: EdTech integrations (Clever, Canvas), student/minor data, classroom/school references
+- **iOS App Store**: iOS/Swift codepaths, App Store/TestFlight distribution, StoreKit/IAP, mobile app privacy policies
 For each detected signal, note:
 - H1. Which framework(s) apply and why
@@ -5551,8 +5665,8 @@ Return a JSON object with exactly these fields:
 - targetUsers (string): Who uses this product, from a security perspective.
 - referenceClasses (string[]): Security frameworks or standards that apply (e.g., "OWASP Top 10 2021", "SOC 2 Type II").
 - constraints (object?): Resource constraints \u2014 team, budget_usd, deadline_days, must_ship_scope.
-- checklist_summary (object): Keys are checklist IDs (A1-A8, B1-B6, C1-C7, D1-D8, E1-E4, F1-F3, G-*, H1-H3, I1-I8, J1-J6, K1-K8), values are "pass"|"fail"|"warn"|"not_applicable". This forces systematic coverage.
-- compliance_signals (array of {framework: "pci_dss"|"hipaa"|"fedramp"|"gdpr_ccpa"|"owasp_llm"|"glba"|"ferpa_coppa"|"csa_ccm", signal: string, confidence: number}?): Detected compliance framework signals. Return [] if none.
+- checklist_summary (object): Keys are checklist IDs (A1-A8, B1-B6, C1-C8, D1-D13, E1-E7, F1-F4, G-*, H1-H3, I1-I8, J1-J6, K1-K8), values are "pass"|"fail"|"warn"|"not_applicable". This forces systematic coverage.
+- compliance_signals (array of {framework: "pci_dss"|"hipaa"|"fedramp"|"gdpr_ccpa"|"owasp_llm"|"glba"|"ferpa_coppa"|"csa_ccm"|"ios_app_store", signal: string, confidence: number}?): Detected compliance framework signals. Return [] if none.
 Be concrete and specific. Reference file paths and line numbers where possible. If a checklist item cannot be assessed from the provided files, mark it "not_applicable" and note why. Cover ALL sections A through K.`;
 var FULL_SYSTEM_PROMPT = `You are a product analyst reviewing a codebase. Given file contents, an ecosystem fingerprint, and existing constraints, extract structured product context.
@@ -5777,6 +5891,11 @@ var SECURITY_PATH_PATTERNS = [
   /\/permissions?/i,
   /\/roles?/i,
   /\/tokens?/i,
+  /\/redirect/i,
+  /\/callback/i,
+  /returnurl/i,
+  /\/mcp-auth/i,
+  /checkout-link/i,
   /\/csrf/i,
   /\/rate-limit/i,
   /\/encrypt/i,
@@ -6157,13 +6276,15 @@ async function seedBlueprintConstraints(productId, ecosystem, deps, blueprintCon
   const FRAMEWORK_LABELS = {
     baseline: "Security Baseline",
     soc2: "SOC 2",
+    csa_ccm: "CSA Controls Matrix",
     pci_dss: "PCI-DSS",
     hipaa: "HIPAA",
     fedramp: "FedRAMP",
     gdpr_ccpa: "GDPR/CCPA",
     owasp_llm: "OWASP LLM Top 10",
     glba: "GLBA",
-    ferpa_coppa: "FERPA/COPPA"
+    ferpa_coppa: "FERPA/COPPA",
+    ios_app_store: "iOS App Store"
   };
   const newEntities = [];
   const newEdges = [];
@@ -6458,6 +6579,11 @@ var SECURITY_PATH_PATTERNS2 = [
   /billing/i,
   /stripe/i,
   /webhook/i,
+  /redirect/i,
+  /callback/i,
+  /returnurl/i,
+  /mcp-auth/i,
+  /checkout-link/i,
   // Scalability & reliability patterns
   /\/db\//i,
   /queries?\//i,
@@ -6979,10 +7105,15 @@ function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline
       return "reliability";
     if (["scalability", "performance"].includes(c))
       return "scalability";
+    if (["compliance"].includes(c))
+      return "compliance";
     if (["code_quality", "general"].includes(c))
       return "engineering";
     return "security";
   };
+  const hasComplianceFrameworks = result.frameworksLoaded.length > 0;
+  const complianceCurrent = hasComplianceFrameworks ? Math.round((m.nfr_coverage?.compliance ?? 0) * 100) : void 0;
+  const compliancePrevious = hasComplianceFrameworks ? Math.round((p?.nfr_coverage?.compliance ?? 0) * 100) : void 0;
   const lines = [
     `# Cutline Code Audit`,
     ``,
@@ -7016,12 +7147,19 @@ function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline
       label: "Scalability",
       current: m.scalability_readiness_pct ?? 0,
       previous: p?.scalability_readiness_pct
+    },
+    {
+      key: "compliance",
+      label: "Compliance",
+      current: complianceCurrent,
+      previous: compliancePrevious,
+      na: !hasComplianceFrameworks
     }
   ].filter((row) => !hiddenSet.has(row.key));
   lines.push(``, `## Readiness Scores`, ``, `| Pillar | Score |${isRescan ? " Change |" : ""}`, `|--------|-------|${isRescan ? "--------|" : ""}`);
   if (scoreRows.length > 0) {
     for (const row of scoreRows) {
-      lines.push(`| ${row.label} | ${row.current}% |${isRescan ? deltaStr(row.current, row.previous) + " |" : ""}`);
+      lines.push(`| ${row.label} | ${row.na ? "N/A" : `${row.current ?? 0}%`} |${isRescan ? row.na ? " (n/a) |" : deltaStr(row.current, row.previous) + " |" : ""}`);
     }
     lines.push(``);
   } else {
@@ -8279,6 +8417,8 @@ Why AI: ${idea.whyAI}`
             return "reliability";
           if (["scalability", "performance"].includes(c))
             return "scalability";
+          if (["compliance"].includes(c))
+            return "compliance";
           if (["code_quality", "general"].includes(c))
             return "engineering";
           return "security";
@@ -8332,6 +8472,9 @@ Why AI: ${idea.whyAI}`
           if (!hiddenSet.has("scalability")) {
             reportMetrics.scalability_readiness_pct = result.metrics.scalability_readiness_pct ?? 0;
           }
+          if (!hiddenSet.has("compliance")) {
+            reportMetrics.compliance_readiness_pct = result.frameworksLoaded.length > 0 ? Math.round((result.metrics.nfr_coverage?.compliance ?? 0) * 100) : null;
+          }
           const visibleFindings = result.gatedGapDetails.filter((f) => !hiddenSet.has(inferFindingDimension(f.category)));
           const saved = await saveScanReport({
             metrics: reportMetrics,
@@ -9011,7 +9154,8 @@ Meta: ${JSON.stringify(output.meta)}` }
             gdpr: "GDPR/CCPA",
             owasp: "OWASP LLM Top 10",
             glba: "GLBA",
-            ferpa: "FERPA/COPPA"
+            ferpa: "FERPA/COPPA",
+            ios: "iOS App Store"
           };
           const formattedConstraints = topConstraints.map((c) => {
             const framework = detectFramework2(c.id);
@@ -10001,7 +10145,7 @@ ${JSON.stringify(metrics, null, 2)}` }
             getAllNodes(product_id),
             getAllBindings(product_id)
           ]);
-          const { computeMetricsFromGraph: computeMetricsFromGraph2 } = await import("./graph-metrics-DCNR7JZN.js");
+          const { computeMetricsFromGraph: computeMetricsFromGraph2 } = await import("./graph-metrics-KLHCMDFT.js");
           const updatedMetrics = computeMetricsFromGraph2(rgrEntities, rgrEdges, rgrConstraints, rgrBindings, updatedPhases);
           await updateGraphMetadata(product_id, {
             ...meta ?? {
@@ -10427,7 +10571,8 @@ Meta: ${JSON.stringify({
                 gdpr_ccpa: "GDPR/CCPA",
                 owasp_llm: "OWASP LLM Top 10",
                 glba: "GLBA",
-                ferpa_coppa: "FERPA/COPPA"
+                ferpa_coppa: "FERPA/COPPA",
+                ios_app_store: "iOS App Store"
               };
               const names = result.frameworksLoaded.map((f) => fwLabels[f] || f);
               sections.push(`- Compliance frameworks loaded: **${names.join(", ")}**`);

package/dist/servers/{data-client-PYMN6TQ7.js → data-client-PPEF2XUI.js} RENAMED Viewed

@@ -78,7 +78,7 @@ import {
   upsertEdges,
   upsertEntities,
   upsertNodes
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 export {
   addEdges,
   addEntity,

package/dist/servers/exploration-server.js CHANGED Viewed

@@ -14,7 +14,7 @@ import {
   requirePremiumWithAutoAuth,
   updateExplorationSession,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/exploration-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/{graph-metrics-DCNR7JZN.js → graph-metrics-KLHCMDFT.js} RENAMED Viewed

@@ -3,7 +3,7 @@ import {
   computeGenericGraphMetrics,
   computeGraphMetrics,
   computeMetricsFromGraph
-} from "./chunk-UBBAYTW3.js";
+} from "./chunk-IDSVMCGM.js";
 export {
   applyGenericPrior,
   computeGenericGraphMetrics,

package/dist/servers/integrations-server.js CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   requirePremiumWithAutoAuth,
   validateAuth,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/integrations-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/output-server.js CHANGED Viewed

@@ -13,7 +13,7 @@ import {
   mapErrorToMcp,
   requirePremiumWithAutoAuth,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/output-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/premortem-server.js CHANGED Viewed

@@ -27,7 +27,7 @@ import {
   updatePremortem,
   validateAuth,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/premortem-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/servers/tools-server.js CHANGED Viewed

@@ -21,7 +21,7 @@ import {
   requirePremiumWithAutoAuth,
   validateAuth,
   validateRequestSize
-} from "./chunk-LI4AZPSJ.js";
+} from "./chunk-6Y3AEXE3.js";
 // ../mcp/dist/mcp/src/tools-server.js
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@vibekiln/cutline-mcp-cli",
-    "version": "0.2.0",
+    "version": "0.4.0",
     "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
     "type": "module",
     "main": "dist/index.js",