@yinuo-ngm/mcp-server 0.1.2 → 0.1.3

package/lib/tools/controlled/local-server.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.localServerAvailability = localServerAvailability;
+exports.requireLocalServer = requireLocalServer;
+async function localServerAvailability(context) {
+    if (!context.services.localServer) {
+        return { available: false, reason: "local server client is not configured" };
+    }
+    return context.services.localServer.availability();
+}
+async function requireLocalServer(context) {
+    const availability = await localServerAvailability(context);
+    return {
+        server: availability.available ? context.services.localServer : undefined,
+        availability,
+    };
+}

package/lib/tools/controlled/operation-policy.d.ts

@@ -0,0 +1,22 @@
+import { type OperationRisk, type OperationType } from "./operation-result";
+export declare function requireExecutePolicy(type: OperationType, risk: OperationRisk, safetyMessage: string): {
+    reason: string;
+    errorCode?: import("../../errors/error-codes").McpErrorCode | undefined;
+    operation: {
+        status: import("./operation-result").ControlledStatus;
+        type: OperationType;
+        risk: OperationRisk;
+        safetyMessage: string;
+    };
+} | null;
+export declare function requireWritePolicy(risk: OperationRisk, safetyMessage: string): {
+    reason: string;
+    errorCode?: import("../../errors/error-codes").McpErrorCode | undefined;
+    operation: {
+        status: import("./operation-result").ControlledStatus;
+        type: OperationType;
+        risk: OperationRisk;
+        safetyMessage: string;
+    };
+} | null;
+export declare function requiredEnv(type: OperationType): string[];

package/lib/tools/controlled/operation-policy.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireExecutePolicy = requireExecutePolicy;
+exports.requireWritePolicy = requireWritePolicy;
+exports.requiredEnv = requiredEnv;
+const operation_result_1 = require("./operation-result");
+const error_codes_1 = require("../../errors/error-codes");
+const mcp_tool_error_1 = require("../../errors/mcp-tool-error");
+const permission_service_1 = require("../../services/permission.service");
+const permission = new permission_service_1.PermissionService();
+function toActionType(type) {
+    return type === "write" ? "write" : "execute";
+}
+function blockedByEnvPolicy(type, risk, safetyMessage, error) {
+    const detail = error.detail;
+    const envName = detail?.requires?.[0] ?? (type === "write" ? "NGM_MCP_ALLOW_WRITE" : "NGM_MCP_ALLOW_EXECUTE");
+    return (0, operation_result_1.blocked)(type, risk, safetyMessage, error.message, {
+        requires: detail?.requires ?? [envName],
+        policy: {
+            env: envName,
+            requiredValue: "true",
+            currentValue: process.env[envName] ? "[set-but-not-enabled]" : "[unset]",
+        },
+    }, error.errorCode);
+}
+function requireExecutePolicy(type, risk, safetyMessage) {
+    try {
+        permission.assertAllowed(toActionType(type));
+        return null;
+    }
+    catch (error) {
+        if (error instanceof mcp_tool_error_1.McpToolError)
+            return blockedByEnvPolicy(type, risk, safetyMessage, error);
+        return (0, operation_result_1.blocked)(type, risk, safetyMessage, "confirmed execute operation is not allowed", {}, error_codes_1.McpErrorCodes.EXECUTE_NOT_ALLOWED);
+    }
+}
+function requireWritePolicy(risk, safetyMessage) {
+    try {
+        permission.assertAllowed("write");
+        return null;
+    }
+    catch (error) {
+        if (error instanceof mcp_tool_error_1.McpToolError)
+            return blockedByEnvPolicy("write", risk, safetyMessage, error);
+        return (0, operation_result_1.blocked)("write", risk, safetyMessage, "confirmed write operation is not allowed", {}, error_codes_1.McpErrorCodes.WRITE_NOT_ALLOWED);
+    }
+}
+function requiredEnv(type) {
+    return permission.getRequiredEnv(toActionType(type));
+}

package/lib/tools/controlled/operation-result.d.ts

@@ -0,0 +1,30 @@
+import type { McpErrorCode } from "../../errors/error-codes";
+export type ControlledStatus = "preview" | "executed" | "blocked" | "failed";
+export type OperationType = "write" | "execute" | "service-control";
+export type OperationRisk = "low" | "medium" | "high";
+export type ControlledAction = "preview" | "write" | "execute";
+export declare function isConfirmed(args: {
+    confirm?: boolean;
+    dryRun?: boolean;
+}): boolean;
+export declare function operation(status: ControlledStatus, type: OperationType, risk: OperationRisk, safetyMessage: string): {
+    status: ControlledStatus;
+    type: OperationType;
+    risk: OperationRisk;
+    safetyMessage: string;
+};
+export declare function controlledFields(type: OperationType, confirmed: boolean, requires?: string[]): {
+    action: ControlledAction;
+    confirmed: boolean;
+    requires?: string[];
+};
+export declare function blocked(type: OperationType, risk: OperationRisk, safetyMessage: string, reason: string, data?: Record<string, unknown>, errorCode?: McpErrorCode): {
+    reason: string;
+    errorCode?: McpErrorCode | undefined;
+    operation: {
+        status: ControlledStatus;
+        type: OperationType;
+        risk: OperationRisk;
+        safetyMessage: string;
+    };
+};

package/lib/tools/controlled/operation-result.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isConfirmed = isConfirmed;
+exports.operation = operation;
+exports.controlledFields = controlledFields;
+exports.blocked = blocked;
+function isConfirmed(args) {
+    return args.confirm === true && args.dryRun !== true;
+}
+function operation(status, type, risk, safetyMessage) {
+    return {
+        status,
+        type,
+        risk,
+        safetyMessage,
+    };
+}
+function controlledFields(type, confirmed, requires = []) {
+    const action = confirmed ? (type === "write" ? "write" : "execute") : "preview";
+    return {
+        action,
+        confirmed,
+        ...(requires.length ? { requires } : {}),
+    };
+}
+function blocked(type, risk, safetyMessage, reason, data, errorCode) {
+    return {
+        operation: operation("blocked", type, risk, safetyMessage),
+        ...(errorCode ? { errorCode } : {}),
+        reason,
+        ...(data ?? {}),
+    };
+}

package/lib/tools/controlled/schemas.d.ts

@@ -0,0 +1,159 @@
+import { z } from "zod";
+export declare const confirmSchema: {
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+};
+export declare const runScriptSchema: z.ZodObject<{
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+    projectId: z.ZodString;
+    script: z.ZodString;
+    waitMs: z.ZodOptional<z.ZodNumber>;
+}, "strict", z.ZodTypeAny, {
+    projectId: string;
+    script: string;
+    waitMs?: number | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}, {
+    projectId: string;
+    script: string;
+    waitMs?: number | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}>;
+export declare const projectIdSchema: {
+    projectId: z.ZodString;
+};
+export declare const stopProjectSchema: z.ZodObject<{
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+    projectId: z.ZodOptional<z.ZodString>;
+    taskId: z.ZodOptional<z.ZodString>;
+    script: z.ZodOptional<z.ZodString>;
+}, "strict", z.ZodTypeAny, {
+    projectId?: string | undefined;
+    script?: string | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+    taskId?: string | undefined;
+}, {
+    projectId?: string | undefined;
+    script?: string | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+    taskId?: string | undefined;
+}>;
+export declare const runtimeConfigSchema: z.ZodObject<{
+    type: z.ZodEnum<["system", "managed", "custom"]>;
+    name: z.ZodOptional<z.ZodString>;
+    version: z.ZodOptional<z.ZodString>;
+    nodePath: z.ZodOptional<z.ZodString>;
+    packageManager: z.ZodOptional<z.ZodEnum<["npm", "pnpm", "yarn"]>>;
+}, "strict", z.ZodTypeAny, {
+    type: "custom" | "system" | "managed";
+    version?: string | undefined;
+    name?: string | undefined;
+    nodePath?: string | undefined;
+    packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+}, {
+    type: "custom" | "system" | "managed";
+    version?: string | undefined;
+    name?: string | undefined;
+    nodePath?: string | undefined;
+    packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+}>;
+export declare const setRuntimeSchema: z.ZodObject<{
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+    runtime: z.ZodObject<{
+        type: z.ZodEnum<["system", "managed", "custom"]>;
+        name: z.ZodOptional<z.ZodString>;
+        version: z.ZodOptional<z.ZodString>;
+        nodePath: z.ZodOptional<z.ZodString>;
+        packageManager: z.ZodOptional<z.ZodEnum<["npm", "pnpm", "yarn"]>>;
+    }, "strict", z.ZodTypeAny, {
+        type: "custom" | "system" | "managed";
+        version?: string | undefined;
+        name?: string | undefined;
+        nodePath?: string | undefined;
+        packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+    }, {
+        type: "custom" | "system" | "managed";
+        version?: string | undefined;
+        name?: string | undefined;
+        nodePath?: string | undefined;
+        packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+    }>;
+    projectId: z.ZodString;
+}, "strict", z.ZodTypeAny, {
+    runtime: {
+        type: "custom" | "system" | "managed";
+        version?: string | undefined;
+        name?: string | undefined;
+        nodePath?: string | undefined;
+        packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+    };
+    projectId: string;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}, {
+    runtime: {
+        type: "custom" | "system" | "managed";
+        version?: string | undefined;
+        name?: string | undefined;
+        nodePath?: string | undefined;
+        packageManager?: "npm" | "pnpm" | "yarn" | undefined;
+    };
+    projectId: string;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}>;
+export declare const nginxReloadSchema: z.ZodObject<{
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+}, "strict", z.ZodTypeAny, {
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}, {
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+}>;
+export declare const nginxProxySaveSchema: z.ZodObject<{
+    confirm: z.ZodOptional<z.ZodBoolean>;
+    dryRun: z.ZodOptional<z.ZodBoolean>;
+    serverId: z.ZodOptional<z.ZodString>;
+    name: z.ZodOptional<z.ZodString>;
+    listen: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    domains: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    target: z.ZodString;
+    locationPath: z.ZodOptional<z.ZodString>;
+    enabled: z.ZodOptional<z.ZodBoolean>;
+    reloadAfterSave: z.ZodOptional<z.ZodBoolean>;
+}, "strict", z.ZodTypeAny, {
+    target: string;
+    name?: string | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+    serverId?: string | undefined;
+    listen?: string[] | undefined;
+    domains?: string[] | undefined;
+    locationPath?: string | undefined;
+    enabled?: boolean | undefined;
+    reloadAfterSave?: boolean | undefined;
+}, {
+    target: string;
+    name?: string | undefined;
+    confirm?: boolean | undefined;
+    dryRun?: boolean | undefined;
+    serverId?: string | undefined;
+    listen?: string[] | undefined;
+    domains?: string[] | undefined;
+    locationPath?: string | undefined;
+    enabled?: boolean | undefined;
+    reloadAfterSave?: boolean | undefined;
+}>;
+export type RuntimeConfigArgs = z.infer<typeof runtimeConfigSchema>;
+export type SetRuntimeArgs = z.infer<typeof setRuntimeSchema>;
+export type StopProjectArgs = z.infer<typeof stopProjectSchema>;
+export type NginxProxySaveArgs = z.infer<typeof nginxProxySaveSchema>;

package/lib/tools/controlled/schemas.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.nginxProxySaveSchema = exports.nginxReloadSchema = exports.setRuntimeSchema = exports.runtimeConfigSchema = exports.stopProjectSchema = exports.projectIdSchema = exports.runScriptSchema = exports.confirmSchema = void 0;
+const zod_1 = require("zod");
+exports.confirmSchema = {
+    confirm: zod_1.z.boolean().optional(),
+    dryRun: zod_1.z.boolean().optional(),
+};
+exports.runScriptSchema = zod_1.z.object({
+    projectId: zod_1.z.string().trim().min(1),
+    script: zod_1.z.string().trim().min(1),
+    waitMs: zod_1.z.number().int().min(0).max(10000).optional(),
+    ...exports.confirmSchema,
+}).strict();
+exports.projectIdSchema = {
+    projectId: zod_1.z.string().trim().min(1),
+};
+exports.stopProjectSchema = zod_1.z.object({
+    projectId: zod_1.z.string().trim().min(1).optional(),
+    taskId: zod_1.z.string().trim().min(1).optional(),
+    script: zod_1.z.string().trim().min(1).optional(),
+    ...exports.confirmSchema,
+}).strict();
+exports.runtimeConfigSchema = zod_1.z.object({
+    type: zod_1.z.enum(["system", "managed", "custom"]),
+    name: zod_1.z.string().trim().min(1).optional(),
+    version: zod_1.z.string().trim().min(1).optional(),
+    nodePath: zod_1.z.string().trim().min(1).optional(),
+    packageManager: zod_1.z.enum(["npm", "pnpm", "yarn"]).optional(),
+}).strict();
+exports.setRuntimeSchema = zod_1.z.object({
+    ...exports.projectIdSchema,
+    runtime: exports.runtimeConfigSchema,
+    ...exports.confirmSchema,
+}).strict();
+exports.nginxReloadSchema = zod_1.z.object({
+    ...exports.confirmSchema,
+}).strict();
+exports.nginxProxySaveSchema = zod_1.z.object({
+    serverId: zod_1.z.string().trim().min(1).optional(),
+    name: zod_1.z.string().trim().min(1).optional(),
+    listen: zod_1.z.array(zod_1.z.string().trim().min(1)).min(1).optional(),
+    domains: zod_1.z.array(zod_1.z.string().trim().min(1)).min(1).optional(),
+    target: zod_1.z.string().trim().min(1),
+    locationPath: zod_1.z.string().trim().min(1).optional(),
+    enabled: zod_1.z.boolean().optional(),
+    reloadAfterSave: zod_1.z.boolean().optional(),
+    ...exports.confirmSchema,
+}).strict();

package/lib/tools/controlled.tools.d.ts

@@ -0,0 +1 @@
+export { controlledTools } from "./controlled";

package/lib/tools/controlled.tools.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.controlledTools = void 0;
+var controlled_1 = require("./controlled");
+Object.defineProperty(exports, "controlledTools", { enumerable: true, get: function () { return controlled_1.controlledTools; } });

package/lib/tools/file-write.tools.d.ts

@@ -0,0 +1,2 @@
+import type { McpToolDefinition } from "./index";
+export declare function fileWriteTools(): McpToolDefinition[];

package/lib/tools/file-write.tools.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fileWriteTools = fileWriteTools;
+const zod_1 = require("zod");
+const operation_result_1 = require("./controlled/operation-result");
+const operation_policy_1 = require("./controlled/operation-policy");
+const project_files_1 = require("../filesystem/project-files");
+const result_1 = require("../utils/result");
+const path_guard_service_1 = require("../services/path-guard.service");
+const project_resolver_service_1 = require("../services/project-resolver.service");
+const errors_1 = require("../utils/errors");
+const tool_names_1 = require("../registry/tool-names");
+const fileWriteSchema = zod_1.z.object({
+    projectId: zod_1.z.string().trim().min(1),
+    relativePath: zod_1.z.string().trim().min(1),
+    content: zod_1.z.string(),
+    confirm: zod_1.z.boolean().optional(),
+    dryRun: zod_1.z.boolean().optional(),
+}).strict();
+function pathGuard(context) {
+    return context.services.pathGuard ?? new path_guard_service_1.PathGuardService();
+}
+function projectResolver(context) {
+    return context.services.projectResolver ?? new project_resolver_service_1.ProjectResolverService(context.services.core.project);
+}
+function fileWriteTools() {
+    return [
+        {
+            name: tool_names_1.MCP_TOOL_NAMES.NGM_FILE_WRITE,
+            description: "Controlled write for text files inside a registered ng-manager project. Use this instead of direct filesystem writes when the target is an ng-manager project: it accepts projectId plus project-relative relativePath only, rejects absolute paths and traversal, previews by default, and confirmed writes require NGM_MCP_ALLOW_WRITE=true and are audit logged.",
+            riskLevel: "write",
+            allowPreviewWhenBlocked: true,
+            deferPolicyToHandler: true,
+            isConfirmed: operation_result_1.isConfirmed,
+            inputSchema: fileWriteSchema,
+            async handler(args, context) {
+                const confirmed = (0, operation_result_1.isConfirmed)(args);
+                const project = await projectResolver(context).resolveProject(args.projectId);
+                const safetyMessage = `Write project file "${args.relativePath}" for managed project "${project.name}".`;
+                let target;
+                try {
+                    target = pathGuard(context).resolveInsideProject(project.root, args.relativePath);
+                }
+                catch (error) {
+                    return (0, result_1.fail)(tool_names_1.MCP_TOOL_NAMES.NGM_FILE_WRITE, (0, errors_1.errorMessage)(error), (0, errors_1.errorMetadata)(error));
+                }
+                const relativePath = (0, project_files_1.projectRelativePath)(project.root, target);
+                const preview = {
+                    ...(0, operation_result_1.controlledFields)("write", confirmed, (0, operation_policy_1.requiredEnv)("write")),
+                    operation: (0, operation_result_1.operation)("preview", "write", "medium", safetyMessage),
+                    project: { id: project.id, name: project.name, path: project.root },
+                    relativePath,
+                    bytes: Buffer.byteLength(args.content, "utf-8"),
+                };
+                if (!confirmed)
+                    return (0, result_1.ok)(tool_names_1.MCP_TOOL_NAMES.NGM_FILE_WRITE, preview);
+                const policyBlock = (0, operation_policy_1.requireWritePolicy)("medium", safetyMessage);
+                if (policyBlock)
+                    return (0, result_1.ok)(tool_names_1.MCP_TOOL_NAMES.NGM_FILE_WRITE, policyBlock);
+                await (0, project_files_1.writeTextFile)(target, args.content);
+                return (0, result_1.ok)(tool_names_1.MCP_TOOL_NAMES.NGM_FILE_WRITE, {
+                    ...preview,
+                    ...(0, operation_result_1.controlledFields)("write", true, (0, operation_policy_1.requiredEnv)("write")),
+                    operation: (0, operation_result_1.operation)("executed", "write", "medium", safetyMessage),
+                    changedFiles: [relativePath],
+                });
+            },
+        },
+    ];
+}

package/lib/tools/git.tools.js

@@ -3,6 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.gitTools = gitTools;
 const zod_1 = require("zod");
 const result_1 = require("../utils/result");
+const project_files_1 = require("../filesystem/project-files");
+const frontend_standard_service_1 = require("../standard/frontend-standard.service");
+const git_validator_1 = require("../standard/validators/git.validator");
 const gitProjectSchema = zod_1.z.object({
     projectId: zod_1.z.string().trim().min(1).optional(),
     projectPath: zod_1.z.string().trim().min(1).optional(),
@@ -10,26 +13,124 @@ const gitProjectSchema = zod_1.z.object({
 const gitDiffSchema = gitProjectSchema.extend({
     maxBytes: zod_1.z.number().int().min(1).max(200000).optional(),
 }).strict();
+const branchNameSchema = gitProjectSchema.extend({
+    branchName: zod_1.z.string().trim().min(1),
+}).strict();
+const commitMessageSchema = gitProjectSchema.extend({
+    message: zod_1.z.string().trim().min(1),
+}).strict();
+const generateCommitMessageSchema = gitProjectSchema.extend({
+    type: zod_1.z.string().trim().min(1).optional(),
+    scope: zod_1.z.string().trim().min(1).optional(),
+    summary: zod_1.z.string().trim().min(1),
+}).strict();
+const reviewSummarySchema = gitProjectSchema.extend({
+    changedFiles: zod_1.z.array(zod_1.z.string().trim().min(1)).optional(),
+}).strict();
+async function normalizeGitArgs(context, args) {
+    if (!args.projectId)
+        return args;
+    const project = await (0, project_files_1.resolveProjectRoot)(context, args);
+    return { projectId: args.projectId, projectPath: project.projectRoot };
+}
+async function standardFor(context, args) {
+    const project = await (0, project_files_1.resolveProjectRoot)(context, args);
+    return (0, frontend_standard_service_1.loadFrontendStandard)(project);
+}
+async function optionalGitValue(read, fallback) {
+    if (!read)
+        return fallback;
+    try {
+        return await read();
+    }
+    catch {
+        return fallback;
+    }
+}
 function gitTools() {
     return [
         {
-            name: "ngm.git.status",
-            description: "Read Git working tree status for a project. This MVP uses a core Git service stub.",
+            name: "ngm_git_status",
+            description: "Read Git working tree status for a project using fixed read-only git status/branch commands.",
             riskLevel: "read",
             inputSchema: gitProjectSchema,
             async handler(args, context) {
-                const data = await context.services.git.status(args);
-                return (0, result_1.ok)("ngm.git.status", data);
+                const data = await context.services.git.status(await normalizeGitArgs(context, args));
+                return (0, result_1.ok)("ngm_git_status", data);
             },
         },
         {
-            name: "ngm.git.diff",
-            description: "Read Git diff for a project. This MVP uses a core Git service stub.",
+            name: "ngm_git_diff",
+            description: "Read Git diff for a project using a fixed read-only git diff command.",
             riskLevel: "read",
             inputSchema: gitDiffSchema,
             async handler(args, context) {
-                const data = await context.services.git.diff(args);
-                return (0, result_1.ok)("ngm.git.diff", data);
+                const data = await context.services.git.diff(await normalizeGitArgs(context, args));
+                return (0, result_1.ok)("ngm_git_diff", data);
+            },
+        },
+        {
+            name: "ngm_git_validate_branch_name",
+            description: "Validate a branch name against the configured frontend standard.",
+            riskLevel: "read",
+            inputSchema: branchNameSchema,
+            async handler(args, context) {
+                const loaded = await standardFor(context, args);
+                return (0, result_1.ok)("ngm_git_validate_branch_name", {
+                    standardSource: loaded.source,
+                    ...(0, git_validator_1.validateBranchName)(args.branchName, loaded.standard),
+                });
+            },
+        },
+        {
+            name: "ngm_git_validate_commit_message",
+            description: "Validate a commit message against the configured frontend standard.",
+            riskLevel: "read",
+            inputSchema: commitMessageSchema,
+            async handler(args, context) {
+                const loaded = await standardFor(context, args);
+                return (0, result_1.ok)("ngm_git_validate_commit_message", {
+                    standardSource: loaded.source,
+                    ...(0, git_validator_1.validateCommitMessage)(args.message, loaded.standard),
+                });
+            },
+        },
+        {
+            name: "ngm_git_generate_commit_message",
+            description: "Generate a commit message that follows the configured frontend standard.",
+            riskLevel: "read",
+            inputSchema: generateCommitMessageSchema,
+            async handler(args, context) {
+                const loaded = await standardFor(context, args);
+                const message = (0, git_validator_1.generateCommitMessage)({
+                    type: args.type,
+                    scope: args.scope,
+                    summary: args.summary,
+                }, loaded.standard);
+                return (0, result_1.ok)("ngm_git_generate_commit_message", {
+                    message,
+                    validation: (0, git_validator_1.validateCommitMessage)(message, loaded.standard),
+                });
+            },
+        },
+        {
+            name: "ngm_git_generate_review_summary",
+            description: "Generate a compact review summary from changed files and read-only Git context.",
+            riskLevel: "read",
+            inputSchema: reviewSummarySchema,
+            async handler(args, context) {
+                const gitArgs = await normalizeGitArgs(context, args);
+                const changedFiles = args.changedFiles ?? await optionalGitValue(context.services.git.changedFiles ? () => context.services.git.changedFiles(gitArgs) : undefined, []);
+                const branch = await optionalGitValue(context.services.git.currentBranch ? () => context.services.git.currentBranch(gitArgs) : undefined, undefined);
+                const latest = await optionalGitValue(context.services.git.latestLog ? () => context.services.git.latestLog(gitArgs) : undefined, undefined);
+                return (0, result_1.ok)("ngm_git_generate_review_summary", {
+                    branch,
+                    latest,
+                    changedFiles,
+                    summary: changedFiles.length
+                        ? `Review ${changedFiles.length} changed file(s): ${changedFiles.slice(0, 8).join(", ")}${changedFiles.length > 8 ? "..." : ""}`
+                        : "No changed files detected.",
+                });
             },
         },
     ];

package/lib/tools/hub-v2/client.d.ts

@@ -1,4 +1,4 @@
-import type { HubV2ResolvedContext } from "./config";
+import type { HubV2ResolvedContext } from "./config/index";
 export type HttpMethod = "GET" | "POST" | "PATCH" | "DELETE";
 export declare class HubV2Client {
     private readonly context;
@@ -9,6 +9,11 @@ export declare class HubV2Client {
         preserveNull?: boolean;
     }): Promise<T>;
     multipart<T = unknown>(method: "POST", url: string, body: FormData): Promise<T>;
+    raw(method: "GET", url: string): Promise<{
+        content: Buffer;
+        contentType: string;
+        contentDisposition: string | null;
+    }>;
     private queryUrl;
 }
 export declare function compact(values: Record<string, unknown>): Record<string, unknown>;

package/lib/tools/hub-v2/client.js

@@ -42,6 +42,21 @@ class HubV2Client {
         }
         return (parsed ?? { code: "OK", data: null });
     }
+    async raw(method, url) {
+        const response = await fetch(url, {
+            method,
+            headers: { Authorization: `Bearer ${this.context.token}` },
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            throw (0, errors_1.toHubV2HttpError)(response.status, response.statusText, parseResponseBody(text));
+        }
+        return {
+            content: Buffer.from(await response.arrayBuffer()),
+            contentType: response.headers.get("content-type") ?? "application/octet-stream",
+            contentDisposition: response.headers.get("content-disposition"),
+        };
+    }
     queryUrl(prefix, suffix, query) {
         let url = `${this.context.baseUrl}/${prefix}/projects/${encodeURIComponent(this.context.projectKey)}${suffix}`;
         const queryString = toQueryString(query ?? {});

package/lib/tools/hub-v2/config/config-paths.d.ts

@@ -0,0 +1,2 @@
+export declare function resolveAgentConnectionsPath(): string;
+export declare function configSearchPaths(pathValue?: string): string[];

package/lib/tools/hub-v2/config/config-paths.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveAgentConnectionsPath = resolveAgentConnectionsPath;
+exports.configSearchPaths = configSearchPaths;
+const os_1 = require("os");
+const path_1 = require("path");
+const env_1 = require("./env");
+function resolveAgentConnectionsPath() {
+    const envConfig = (0, env_1.envValue)("HUB_V2_CONFIG");
+    if (envConfig) {
+        return (0, path_1.resolve)(envConfig);
+    }
+    return (0, path_1.join)((0, os_1.homedir)(), ".ng-manager", "agent-connections.json");
+}
+function configSearchPaths(pathValue) {
+    return pathValue ? [(0, path_1.resolve)(pathValue)] : [resolveAgentConnectionsPath()];
+}

package/lib/tools/hub-v2/config/env.d.ts

@@ -0,0 +1 @@
+export declare function envValue(...names: string[]): string | undefined;