@vibekiln/cutline-mcp-cli 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/setup.js +54 -10
- package/dist/servers/cutline-server.js +9 -2
- package/package.json +1 -1
package/dist/commands/setup.js
CHANGED
|
@@ -67,12 +67,12 @@ async function fetchProducts(idToken, options) {
|
|
|
67
67
|
headers: { Authorization: `Bearer ${idToken}` },
|
|
68
68
|
});
|
|
69
69
|
if (!res.ok)
|
|
70
|
-
return [];
|
|
70
|
+
return { products: [], requestOk: false };
|
|
71
71
|
const data = await res.json();
|
|
72
|
-
return data.products ?? [];
|
|
72
|
+
return { products: data.products ?? [], requestOk: true };
|
|
73
73
|
}
|
|
74
74
|
catch {
|
|
75
|
-
return [];
|
|
75
|
+
return { products: [], requestOk: false };
|
|
76
76
|
}
|
|
77
77
|
}
|
|
78
78
|
function prompt(question) {
|
|
@@ -237,12 +237,51 @@ export async function setupCommand(options) {
|
|
|
237
237
|
const projectRoot = resolve(options.projectRoot ?? process.cwd());
|
|
238
238
|
const configPath = join(projectRoot, '.cutline', 'config.json');
|
|
239
239
|
const hasExistingConfig = existsSync(configPath);
|
|
240
|
-
let
|
|
241
|
-
|
|
240
|
+
let existingConfig = null;
|
|
241
|
+
let hasUsableExistingConfig = false;
|
|
242
|
+
let graphConnected = false;
|
|
243
|
+
if (hasExistingConfig) {
|
|
244
|
+
try {
|
|
245
|
+
existingConfig = JSON.parse(readFileSync(configPath, 'utf-8'));
|
|
246
|
+
hasUsableExistingConfig = Boolean(existingConfig?.product_id);
|
|
247
|
+
graphConnected = hasUsableExistingConfig;
|
|
248
|
+
}
|
|
249
|
+
catch {
|
|
250
|
+
existingConfig = null;
|
|
251
|
+
hasUsableExistingConfig = false;
|
|
252
|
+
graphConnected = false;
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
// Validate that an existing binding is visible to the current account.
|
|
256
|
+
// This prevents showing "connected" when the repo has a product_id from
|
|
257
|
+
// a different account.
|
|
258
|
+
if (hasUsableExistingConfig && idToken) {
|
|
259
|
+
const currentEmail = (email ?? '').trim().toLowerCase();
|
|
260
|
+
const boundEmail = String(existingConfig?.linked_email ?? '').trim().toLowerCase();
|
|
261
|
+
if (boundEmail && currentEmail && boundEmail !== currentEmail) {
|
|
262
|
+
graphConnected = false;
|
|
263
|
+
hasUsableExistingConfig = false;
|
|
264
|
+
console.log(chalk.yellow(` Existing product binding is for ${existingConfig?.linked_email}, not ${email}.`));
|
|
265
|
+
console.log(chalk.dim(' Will not use this graph for the current account.\n'));
|
|
266
|
+
}
|
|
267
|
+
else {
|
|
268
|
+
const { products, requestOk } = await fetchProducts(idToken, { staging: options.staging });
|
|
269
|
+
if (requestOk) {
|
|
270
|
+
const canAccessBoundProduct = products.some((p) => p.id === existingConfig?.product_id);
|
|
271
|
+
if (!canAccessBoundProduct) {
|
|
272
|
+
graphConnected = false;
|
|
273
|
+
hasUsableExistingConfig = false;
|
|
274
|
+
console.log(chalk.yellow(` Existing product graph is not accessible from ${email}.`));
|
|
275
|
+
console.log(chalk.dim(' Re-linking is required for this account.\n'));
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
if (tier === 'premium' && idToken && !hasUsableExistingConfig) {
|
|
242
281
|
const productSpinner = ora('Fetching your product graphs...').start();
|
|
243
|
-
const products = await fetchProducts(idToken, { staging: options.staging });
|
|
282
|
+
const { products, requestOk } = await fetchProducts(idToken, { staging: options.staging });
|
|
244
283
|
productSpinner.stop();
|
|
245
|
-
if (products.length > 0) {
|
|
284
|
+
if (requestOk && products.length > 0) {
|
|
246
285
|
console.log(chalk.bold(' Connect to a product graph\n'));
|
|
247
286
|
products.forEach((p, i) => {
|
|
248
287
|
const date = p.createdAt ? chalk.dim(` (${new Date(p.createdAt).toLocaleDateString()})`) : '';
|
|
@@ -260,6 +299,7 @@ export async function setupCommand(options) {
|
|
|
260
299
|
writeFileSync(configPath, JSON.stringify({
|
|
261
300
|
product_id: selected.id,
|
|
262
301
|
product_name: selected.name,
|
|
302
|
+
linked_email: email ?? null,
|
|
263
303
|
}, null, 2) + '\n');
|
|
264
304
|
console.log(chalk.green(`\n ✓ Connected to "${selected.name}"`));
|
|
265
305
|
console.log(chalk.dim(` ${configPath}\n`));
|
|
@@ -269,16 +309,20 @@ export async function setupCommand(options) {
|
|
|
269
309
|
console.log(chalk.dim('\n Skipped. Run `cutline-mcp setup` again to connect later.\n'));
|
|
270
310
|
}
|
|
271
311
|
}
|
|
272
|
-
else {
|
|
312
|
+
else if (requestOk) {
|
|
273
313
|
console.log(chalk.dim(' No completed product graphs found.'));
|
|
274
314
|
console.log(chalk.dim(' Ask your AI agent to "Run a deep dive on my product idea" first,'));
|
|
275
315
|
console.log(chalk.dim(' then re-run'), chalk.cyan('cutline-mcp setup'), chalk.dim('to connect it.'));
|
|
276
316
|
console.log();
|
|
277
317
|
}
|
|
318
|
+
else {
|
|
319
|
+
console.log(chalk.yellow(' Could not verify product graphs (network/auth issue).'));
|
|
320
|
+
console.log(chalk.dim(' Re-run'), chalk.cyan('cutline-mcp setup'), chalk.dim('after auth/network is healthy.\n'));
|
|
321
|
+
}
|
|
278
322
|
}
|
|
279
|
-
else if (
|
|
323
|
+
else if (hasUsableExistingConfig) {
|
|
280
324
|
try {
|
|
281
|
-
const existing = JSON.parse(readFileSync(configPath, 'utf-8'));
|
|
325
|
+
const existing = existingConfig ?? JSON.parse(readFileSync(configPath, 'utf-8'));
|
|
282
326
|
console.log(chalk.green(` ✓ Connected to product graph:`), chalk.white(existing.product_name || existing.product_id));
|
|
283
327
|
console.log();
|
|
284
328
|
}
|
|
@@ -7076,6 +7076,12 @@ async function handleSecurityScan(genericGraphId, uid, args, deps) {
|
|
|
7076
7076
|
total: scaFindings.length,
|
|
7077
7077
|
critical: scaFindings.filter((f) => f.severity === "critical").length,
|
|
7078
7078
|
high: scaFindings.filter((f) => f.severity === "high").length,
|
|
7079
|
+
all: scaFindings.map((f) => ({
|
|
7080
|
+
id: f.id,
|
|
7081
|
+
package: `${f.package_name}@${f.package_version}`,
|
|
7082
|
+
severity: f.severity,
|
|
7083
|
+
fix: f.fixed_version ? `Upgrade to ${f.fixed_version}` : void 0
|
|
7084
|
+
})),
|
|
7079
7085
|
top: scaFindings.slice(0, 5).map((f) => ({
|
|
7080
7086
|
id: f.id,
|
|
7081
7087
|
package: `${f.package_name}@${f.package_version}`,
|
|
@@ -7169,11 +7175,12 @@ function formatAuditOutput(result, reportId, publicSiteUrl = "https://thecutline
|
|
|
7169
7175
|
if (securityVisible && result.scaFindings && result.scaFindings.total > 0) {
|
|
7170
7176
|
const sca = result.scaFindings;
|
|
7171
7177
|
lines.push(``, `## Dependency Vulnerabilities (SCA)`, ``, `**${sca.total} known vulnerabilities** found (${sca.critical} critical, ${sca.high} high)`, ``);
|
|
7172
|
-
|
|
7178
|
+
const scaEntries = fullReport && sca.all?.length ? sca.all : sca.top;
|
|
7179
|
+
for (const v of scaEntries) {
|
|
7173
7180
|
const fix = v.fix ? ` \u2192 ${v.fix}` : "";
|
|
7174
7181
|
lines.push(`- **[${v.severity.toUpperCase()}]** ${v.package}: ${v.id}${fix}`);
|
|
7175
7182
|
}
|
|
7176
|
-
if (sca.total > sca.top.length) {
|
|
7183
|
+
if (!fullReport && sca.total > sca.top.length) {
|
|
7177
7184
|
lines.push(`- ...and ${sca.total - sca.top.length} more`);
|
|
7178
7185
|
}
|
|
7179
7186
|
}
|
package/package.json
CHANGED