npm - @vibekiln/cutline-mcp-cli - Versions diffs - 0.4.3 → 0.5.0 - Mend

@vibekiln/cutline-mcp-cli 0.4.3 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/commands/init.js +3 -3
package/dist/commands/setup.js +3 -3
package/dist/servers/cutline-server.js +191 -6
package/package.json +1 -1

package/dist/commands/init.js CHANGED Viewed

@@ -94,7 +94,7 @@ Skip: Pure styling, docs, formatting, non-security dep bumps.
 ## Magic Phrase
 If the user invokes Cutline naturally (for example: **"use cutline"**, **"use cutline to..."**, **"using cutline..."**, **"with cutline..."**), route automatically based on tier and intent:
-- Free/default intent: run \`code_audit(project_root)\`
+- Free/default intent: run \`code_audit(project_root)\` (aka "security vibe check")
 - Premium product-linked intent: run \`engineering_audit(product_id, project_root)\`
 - Feature implementation intent: run \`rgr_plan(...)\` then \`constraints_auto(...)\`
 `;
@@ -109,7 +109,7 @@ alwaysApply: true
 # Cutline Constraints
-Run \`code_audit(project_root)\` before major implementations to check constraint coverage.
+Run \`code_audit(project_root)\` before major implementations to run a security vibe check on constraint coverage.
 Severity levels:
 - **CRITICAL**: Must address before proceeding
@@ -184,7 +184,7 @@ Skip for: pure styling, docs, formatting, non-security dep bumps.
 ## Magic Phrase
 If the user invokes Cutline naturally (for example: **"use cutline"**, **"use cutline to..."**, **"using cutline..."**, **"with cutline..."**), route automatically based on tier and intent:
-- Free/default intent: \`code_audit(project_root)\`
+- Free/default intent: \`code_audit(project_root)\` (aka "security vibe check")
 - Premium product-linked intent: \`engineering_audit(product_id, project_root)\`
 - Feature implementation intent: \`rgr_plan(...)\` then \`constraints_auto(...)\`
 `;

package/dist/commands/setup.js CHANGED Viewed

@@ -392,8 +392,8 @@ export async function setupCommand(options) {
             { cmd: 'use cutline', desc: 'Magic phrase (also works with "use cutline to...", "using cutline...", "with cutline...") — Cutline infers intent and routes to the right flow' },
             { cmd: 'Run a deep dive on my product idea', desc: 'Pre-mortem analysis — risks, assumptions, experiments' },
             { cmd: 'Plan this feature with constraints from my product', desc: 'RGR plan — constraint-aware implementation roadmap' },
-            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability (generic, not product-linked)' },
-            { cmd: 'Run an engineering audit for my product', desc: 'Premium deep audit — product-linked analysis + RGR remediation plan' },
+            { cmd: 'Run a security vibe check on this codebase', desc: 'Free security vibe check (`code_audit`) — security, reliability, and scalability (generic, not product-linked)' },
+            { cmd: 'Run an engineering vibe check for my product', desc: 'Premium deep vibe check (`engineering_audit`) — product-linked analysis + RGR remediation plan' },
             { cmd: 'Check constraints for src/api/upload.ts', desc: 'Get NFR boundaries for a specific file' },
             { cmd: 'Generate .cutline.md for my product', desc: 'Write the constraint routing engine' },
             { cmd: 'What does my persona think about X?', desc: 'AI persona feedback on features' },
@@ -407,7 +407,7 @@ export async function setupCommand(options) {
     else {
         const items = [
             { cmd: 'use cutline', desc: 'Magic phrase (also works with "use cutline to...", "using cutline...", "with cutline...") — Cutline routes to the highest-value free flow for your intent' },
-            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability scan (3/month free)' },
+            { cmd: 'Run a security vibe check on this codebase', desc: 'Free security vibe check (`code_audit`) — security, reliability, and scalability scan (3/month free)' },
             { cmd: 'Explore a product idea', desc: 'Free 6-act discovery flow to identify pain points and opportunities' },
             { cmd: 'Continue my exploration session', desc: 'Resume and refine an existing free exploration conversation' },
         ];

package/dist/servers/cutline-server.js CHANGED Viewed

@@ -7408,6 +7408,146 @@ var ACT_NAMES = {
   5: "Value Ranking",
   6: "Graduation"
 };
+function assessScopeExpansionIntent(params) {
+  const task = (params.task_description || "").trim();
+  const filePaths = params.file_paths || [];
+  const reasons = [];
+  let confidence = 0;
+  const explicitScopePatterns = [
+    /\b(scope increase|expand(?:ing)? scope|broaden scope|new scope)\b/i,
+    /\b(seed|ingest|add)\b.{0,24}\b(graph|constraint|entity|entities)\b/i,
+    /\b(new feature|new module|new domain|new subsystem)\b/i
+  ];
+  const hasExplicitScopeIntent = explicitScopePatterns.some((rx) => rx.test(task));
+  if (hasExplicitScopeIntent) {
+    confidence += 0.55;
+    reasons.push("Task description includes explicit scope-expansion language.");
+  }
+  const hintedName = params.hinted_entity_name?.trim();
+  const inferredName = hintedName || inferEntityNameFromTask(task);
+  if (inferredName) {
+    confidence += 0.12;
+    reasons.push("Potential new entity name detected from task context.");
+  }
+  if (filePaths.length > 0) {
+    const dirHints = new Set(filePaths.map((p) => p.split("/").filter(Boolean)).filter((parts) => parts.length > 1).map((parts) => parts[parts.length - 2].toLowerCase()).filter((v) => v.length >= 3));
+    if (dirHints.size >= 2) {
+      confidence += 0.08;
+      reasons.push("Multiple code areas touched, indicating potential boundary expansion.");
+    }
+  }
+  if (inferredName && params.known_entity_names?.length) {
+    const norm = normalizeName(inferredName);
+    const known = params.known_entity_names.some((n) => normalizeName(n) === norm);
+    if (!known) {
+      confidence += 0.25;
+      reasons.push("Entity candidate does not match existing graph entities.");
+    } else {
+      confidence -= 0.1;
+      reasons.push("Entity candidate already exists in graph.");
+    }
+  }
+  confidence = Math.max(0, Math.min(1, confidence));
+  const triggered = confidence >= 0.6 || hasExplicitScopeIntent;
+  const recommended_tool_calls = triggered ? [
+    "constraints_learn(product_id, name, entity_type, description, ...)",
+    "graph_bind_codebase(product_id, file_paths)",
+    "graph_bind_confirm(product_id, entity_id, file_patterns)",
+    "graph_metrics(product_id)"
+  ] : [];
+  return {
+    triggered,
+    confidence: Math.round(confidence * 100) / 100,
+    reasons,
+    candidate_name: inferredName,
+    recommended_tool_calls
+  };
+}
+function inferEntityNameFromTask(task) {
+  if (!task)
+    return void 0;
+  const match = task.match(/\b(?:add|build|create|introduce|expand(?:ing)?\s+scope(?:\s+for|\s+to)?)\s+(?:a|an|the)?\s*([a-zA-Z0-9][a-zA-Z0-9 _-]{2,60})/i);
+  if (!match?.[1])
+    return void 0;
+  const candidate = match[1].trim().replace(/\s{2,}/g, " ");
+  if (candidate.length < 3)
+    return void 0;
+  return candidate;
+}
+function normalizeName(value) {
+  return value.toLowerCase().replace(/[^a-z0-9]+/g, "_").replace(/^_|_$/g, "");
+}
+async function seedScopeEntityFromAuto(params) {
+  const { product_id, name: name2, entity_type, description, parent_id, tags, similarity_threshold } = params;
+  const slug = normalizeName(name2).slice(0, 40);
+  const entityId = `${entity_type}:${slug}`;
+  const now = /* @__PURE__ */ new Date();
+  const entity = {
+    id: entityId,
+    type: entity_type,
+    name: name2,
+    aliases: tags ?? [],
+    description,
+    source_id: "ide",
+    source_type: "ide",
+    ingested_at: now
+  };
+  await addEntity(product_id, entity);
+  if (parent_id) {
+    const edgeType = entity_type === "component" ? "REQUIRES" : "DEPENDS_ON";
+    await addEdges(product_id, [{
+      id: `edge:auto_scope:${parent_id}:${entityId}`,
+      source_id: parent_id,
+      source_type: "feature",
+      target_id: entityId,
+      target_type: entity_type,
+      edge_type: edgeType
+    }]);
+  }
+  let embeddingGenerated = false;
+  try {
+    const embedding = await generateEntityEmbedding(entity);
+    if (embedding.some((v) => v !== 0)) {
+      await updateEntityEmbedding(product_id, entityId, embedding);
+      entity.embedding = embedding;
+      embeddingGenerated = true;
+    }
+  } catch {
+  }
+  const similar = embeddingGenerated ? await findSimilarEntities(product_id, entity, {
+    threshold: similarity_threshold ?? 0.65
+  }) : [];
+  let propagatedCount = 0;
+  for (const match of similar) {
+    const propagated = await propagateConstraints(product_id, match.entity.id, entityId, match.similarity);
+    propagatedCount += propagated.length;
+  }
+  try {
+    const [entities, edges, constraints, bindings] = await Promise.all([
+      getAllEntities(product_id),
+      getAllEdges(product_id),
+      getAllNodes(product_id),
+      getAllBindings(product_id)
+    ]);
+    const metrics = computeMetricsFromGraph(entities, edges, constraints, bindings);
+    await updateGraphMetadata(product_id, {
+      last_build: now,
+      entity_count: entities.length,
+      edge_count: edges.length,
+      constraint_count: constraints.length,
+      binding_count: bindings.length,
+      sources: ["ide", "deep_dive_pipeline"],
+      metrics
+    });
+    await recordScoreSnapshot(product_id, metrics, "constraint_learn", name2);
+  } catch {
+  }
+  return {
+    entity_id: entityId,
+    propagated_count: propagatedCount,
+    similar_count: similar.length
+  };
+}
 var server = new Server({
   name: "cutline",
   version: "0.2.0"
@@ -7862,7 +8002,14 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
             },
             max_constraints: { type: "number", description: "Max constraints to return (default: 5)" },
             use_semantic: { type: "boolean", description: "Use semantic search if embeddings available (default: true)" },
-            phase: { type: "string", enum: ["test_spec", "functional", "security", "performance", "economics", "full", "auto"], description: "RGR phase filter. 'auto' uses complexity heuristic. Default: 'full'" }
+            phase: { type: "string", enum: ["test_spec", "functional", "security", "performance", "economics", "full", "auto"], description: "RGR phase filter. 'auto' uses complexity heuristic. Default: 'full'" },
+            auto_scope_expand: { type: "boolean", description: "If true, auto-seed a new graph entity when scope expansion intent is confidently detected and entity fields are provided." },
+            scope_entity_name: { type: "string", description: "Optional explicit entity name to seed during scope expansion (for example 'Vibe Check Extension')." },
+            scope_entity_type: { type: "string", enum: ["feature", "component", "data_type"], description: "Entity type for auto scope expansion." },
+            scope_entity_description: { type: "string", description: "1-2 sentence description of the new entity to seed." },
+            scope_entity_tags: { type: "array", items: { type: "string" }, description: "Optional tags/aliases for the new entity." },
+            scope_parent_id: { type: "string", description: "Optional parent graph entity ID for linking this scope expansion." },
+            scope_similarity_threshold: { type: "number", description: "Optional similarity threshold for propagated constraints (default: 0.65)." }
           },
           required: ["product_id"]
         }
@@ -8106,7 +8253,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "code_audit",
-        description: "\u{1F513} FREE - Code audit. Evaluates your codebase against a stack-aware constraint graph covering security, reliability, and scalability. No deep dive or product_id required \u2014 just point at your codebase. Shows aggregate readiness scores and top critical findings; detailed analysis and remediation require Premium. Requires a Cutline account (free). 3 scans/month.",
+        description: "\u{1F513} FREE - Security vibe check (code audit). Evaluates your codebase against a stack-aware constraint graph covering security, reliability, and scalability. No deep dive or product_id required \u2014 just point at your codebase. Shows aggregate readiness scores and top critical findings; detailed analysis and remediation require Premium. Requires a Cutline account (free). 3 scans/month.",
         inputSchema: {
           type: "object",
           properties: {
@@ -8119,7 +8266,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       },
       {
         name: "engineering_audit",
-        description: "\u{1F512} PREMIUM - Engineering audit for your product. Security-focused deep audit that scans local code, cross-references the product constraint graph, extracts security gaps, builds an RGR remediation plan, and optionally queues a deep dive job.",
+        description: "\u{1F512} PREMIUM - Engineering vibe check (engineering audit) for your product. Security-focused deep audit that scans local code, cross-references the product constraint graph, extracts security gaps, builds an RGR remediation plan, and optionally queues a deep dive job.",
         inputSchema: {
           type: "object",
           properties: {
@@ -9035,7 +9182,7 @@ Meta: ${JSON.stringify(output.meta)}` }
             return void 0;
           };
           var detectFramework = detectFramework2;
-          const { product_id, file_paths, code_snippet, task_description, mode = "auto", max_constraints = 5, use_semantic = true, phase: autoPhase = "full" } = args;
+          const { product_id, file_paths, code_snippet, task_description, mode = "auto", max_constraints = 5, use_semantic = true, phase: autoPhase = "full", auto_scope_expand = false, scope_entity_name, scope_entity_type, scope_entity_description, scope_entity_tags, scope_parent_id, scope_similarity_threshold } = args;
           if (!product_id) {
             throw new McpError(ErrorCode.InvalidParams, "product_id is required");
           }
@@ -9061,6 +9208,34 @@ Meta: ${JSON.stringify(output.meta)}` }
             };
           }
           const analysis = analyzeFileContext(fileContext);
+          let knownEntityNames = [];
+          if (task_description || scope_entity_name) {
+            try {
+              const entities = await getAllEntities(product_id);
+              knownEntityNames = entities.map((e) => e.name);
+            } catch {
+            }
+          }
+          const scopeExpansion = assessScopeExpansionIntent({
+            task_description,
+            file_paths,
+            known_entity_names: knownEntityNames,
+            hinted_entity_name: scope_entity_name
+          });
+          let scopeSeedResult;
+          const hasSeedPayload = !!scope_entity_name && !!scope_entity_type && !!scope_entity_description;
+          const shouldAutoSeed = auto_scope_expand && scopeExpansion.triggered && hasSeedPayload;
+          if (shouldAutoSeed) {
+            scopeSeedResult = await seedScopeEntityFromAuto({
+              product_id,
+              name: scope_entity_name,
+              entity_type: scope_entity_type,
+              description: scope_entity_description,
+              parent_id: scope_parent_id,
+              tags: scope_entity_tags,
+              similarity_threshold: scope_similarity_threshold
+            });
+          }
           const actualMode = mode === "auto" ? analysis.suggested_mode : mode;
           if (actualMode === "silent") {
             return {
@@ -9074,7 +9249,9 @@ Meta: ${JSON.stringify(output.meta)}` }
                     mode: "silent",
                     detected_domains: analysis.detected_domains,
                     signal_strength: Math.round(analysis.confidence * 100) / 100,
-                    keywords_detected: analysis.signal.keywords?.slice(0, 5)
+                    keywords_detected: analysis.signal.keywords?.slice(0, 5),
+                    scope_expansion: scopeExpansion,
+                    scope_seeded: scopeSeedResult || void 0
                   }
                 })
               }]
@@ -9229,6 +9406,12 @@ Meta: ${JSON.stringify(output.meta)}` }
    \u2192 You may need to prioritize one over the other.`;
               }).join("\n\n");
             }
+            if (scopeExpansion.triggered) {
+              const recommendation = shouldAutoSeed ? `\u2705 Scope expansion detected and entity seeded: ${scopeSeedResult?.entity_id ?? "(created)"}` : `\u{1F9ED} Scope expansion detected. Recommended next tool: constraints_learn(...)`;
+              humanReadable += `
+${recommendation}`;
+            }
           }
           return {
             content: [{
@@ -9249,7 +9432,9 @@ Meta: ${JSON.stringify(output.meta)}` }
                   used_semantic: use_semantic && finalResults.some((r) => r.match_type === "semantic" || r.match_type === "hybrid"),
                   used_category_prefilter: usePreFilter,
                   phase: autoPhase,
-                  rgr_plan: autoRgrPlan || void 0
+                  rgr_plan: autoRgrPlan || void 0,
+                  scope_expansion: scopeExpansion,
+                  scope_seeded: scopeSeedResult || void 0
                 }
               })
             }]

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@vibekiln/cutline-mcp-cli",
-    "version": "0.4.3",
+    "version": "0.5.0",
     "description": "CLI and MCP servers for Cutline — authenticate, then run constraint-aware MCP servers in Cursor or any MCP client.",
     "type": "module",
     "main": "dist/index.js",