brakit 0.10.0 → 0.10.1

package/dist/api.d.ts

@@ -20,7 +20,7 @@ interface TracedRequest {
 }
 type RequestListener = (req: TracedRequest) => void;
 
-type Framework = "nextjs" | "remix" | "nuxt" | "vite" | "astro" | "flask" | "fastapi" | "django" | "custom" | "unknown";
+type Framework = "nextjs" | "remix" | "nuxt" | "vite" | "astro" | "express" | "fastify" | "koa" | "hono" | "nestjs" | "hapi" | "adonis" | "sails" | "flask" | "fastapi" | "django" | "custom" | "unknown";
 interface DetectedProject {
     framework: Framework;
     devCommand: string;
@@ -227,10 +227,11 @@ declare class IssueStore {
     stop(): void;
     upsert(issue: Issue, source: IssueSource): StatefulIssue;
     /**
-     * Reconcile issues against the current analysis results using evidence-based resolution.
-     *
-     * @param currentIssueIds - IDs of issues detected in the current analysis cycle
-     * @param activeEndpoints - Endpoints that had requests in the current cycle
+     * Evidence-based reconciliation: for each active issue whose endpoint had
+     * traffic but the issue was NOT re-detected, increment cleanHitsSinceLastSeen.
+     * After CLEAN_HITS_FOR_RESOLUTION consecutive clean cycles, auto-resolve.
+     * Issues on endpoints with no recent traffic are marked stale after STALE_ISSUE_TTL_MS.
+     * Resolved and stale issues are pruned after their respective TTLs expire.
      */
     reconcile(currentIssueIds: Set<string>, activeEndpoints: Set<string>): void;
     transition(issueId: string, state: IssueState): boolean;

package/dist/api.js

@@ -232,7 +232,7 @@ var IssueStore = class {
       existing.occurrences++;
       existing.issue = issue;
       existing.cleanHitsSinceLastSeen = 0;
-      if (existing.state === "resolved" || existing.state === "stale") {
+      if (existing.aiStatus !== "wont_fix" && (existing.state === "resolved" || existing.state === "stale")) {
         existing.state = "regressed";
         existing.resolvedAt = null;
       }
@@ -258,10 +258,11 @@ var IssueStore = class {
     return stateful;
   }
   /**
-   * Reconcile issues against the current analysis results using evidence-based resolution.
-   *
-   * @param currentIssueIds - IDs of issues detected in the current analysis cycle
-   * @param activeEndpoints - Endpoints that had requests in the current cycle
+   * Evidence-based reconciliation: for each active issue whose endpoint had
+   * traffic but the issue was NOT re-detected, increment cleanHitsSinceLastSeen.
+   * After CLEAN_HITS_FOR_RESOLUTION consecutive clean cycles, auto-resolve.
+   * Issues on endpoints with no recent traffic are marked stale after STALE_ISSUE_TTL_MS.
+   * Resolved and stale issues are pruned after their respective TTLs expire.
    */
   reconcile(currentIssueIds, activeEndpoints) {
     const now = Date.now();
@@ -391,11 +392,22 @@ import { readFile as readFile3, readdir } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
 import { join as join2, relative } from "path";
 var FRAMEWORKS = [
+  // Meta-frameworks first (they bundle Express/Vite internally)
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
   { name: "nuxt", dep: "nuxt", devCmd: "nuxt dev", bin: "nuxt", defaultPort: 3e3, devArgs: ["dev", "--port"] },
-  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] },
-  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] }
+  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] },
+  { name: "nestjs", dep: "@nestjs/core", devCmd: "nest start", bin: "nest", defaultPort: 3e3, devArgs: ["--watch"] },
+  { name: "adonis", dep: "@adonisjs/core", devCmd: "node ace serve", bin: "ace", defaultPort: 3333, devArgs: ["serve", "--watch"] },
+  { name: "sails", dep: "sails", devCmd: "sails lift", bin: "sails", defaultPort: 1337, devArgs: ["lift"] },
+  // Server frameworks
+  { name: "hono", dep: "hono", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "fastify", dep: "fastify", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "koa", dep: "koa", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "hapi", dep: "@hapi/hapi", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "express", dep: "express", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  // Bundlers (last — likely used alongside a framework above)
+  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] }
 ];
 async function detectProject(rootDir) {
   const pkgPath = join2(rootDir, "package.json");
@@ -1170,14 +1182,10 @@ var DASHBOARD_API_GRAPH = `${DASHBOARD_PREFIX}/api/graph`;
 var VALID_TABS_TUPLE = [
   "overview",
   "actions",
-  "requests",
-  "fetches",
-  "queries",
-  "errors",
-  "logs",
+  "insights",
   "performance",
-  "security",
-  "graph"
+  "graph",
+  "explorer"
 ];
 var VALID_TABS = new Set(VALID_TABS_TUPLE);
 
@@ -2411,7 +2419,7 @@ var AnalysisEngine = class {
 };
 
 // src/index.ts
-var VERSION = "0.10.0";
+var VERSION = "0.10.1";
 export {
   AdapterRegistry,
   AnalysisEngine,

package/dist/bin/brakit.js

@@ -99,14 +99,10 @@ var init_labels = __esm({
     VALID_TABS_TUPLE = [
       "overview",
       "actions",
-      "requests",
-      "fetches",
-      "queries",
-      "errors",
-      "logs",
+      "insights",
       "performance",
-      "security",
-      "graph"
+      "graph",
+      "explorer"
     ];
     VALID_TABS = new Set(VALID_TABS_TUPLE);
     POSTHOG_HOST = "https://us.i.posthog.com";
@@ -140,7 +136,7 @@ var init_features = __esm({
     MAX_TIMELINE_EVENTS = 20;
     MAX_RESOLVED_DISPLAY = 5;
     ENRICHMENT_SEVERITY_FILTER = ["critical", "warning"];
-    MCP_SERVER_VERSION = "0.10.0";
+    MCP_SERVER_VERSION = "0.10.1";
     RECOVERY_WINDOW_MS = 5 * 60 * 1e3;
     PORT_MIN = 1;
     PORT_MAX = 65535;
@@ -366,10 +362,27 @@ async function enrichFindings(client) {
         if (reqData.requests.length > 0) {
           const req = reqData.requests[0];
           if (req.id) {
-            const activity = await client.getActivity(req.id);
-            const queryCount = activity.counts?.queries ?? 0;
-            const fetchCount = activity.counts?.fetches ?? 0;
-            return `Request took ${req.durationMs}ms. ${queryCount} DB queries, ${fetchCount} fetches.`;
+            const [activity, queries, fetches] = await Promise.all([
+              client.getActivity(req.id),
+              client.getQueries(req.id),
+              client.getFetches(req.id)
+            ]);
+            const lines = [`Request took ${req.durationMs}ms.`];
+            if (queries.entries.length > 0) {
+              lines.push(`DB Queries (${queries.entries.length}):`);
+              for (const q of queries.entries.slice(0, 5)) {
+                const sql = q.sql ?? `${q.operation ?? ""} ${q.table ?? q.model ?? ""}`;
+                lines.push(`  [${q.durationMs}ms] ${sql}`);
+              }
+              if (queries.entries.length > 5) lines.push(`  ... and ${queries.entries.length - 5} more`);
+            }
+            if (fetches.entries.length > 0) {
+              lines.push(`Fetches (${fetches.entries.length}):`);
+              for (const f of fetches.entries.slice(0, 3)) {
+                lines.push(`  [${f.durationMs}ms] ${f.method} ${f.url} \u2192 ${f.statusCode}`);
+              }
+            }
+            return lines.join("\n");
           }
         }
       } catch {
@@ -488,6 +501,9 @@ var init_get_findings = __esm({
           return { content: [{ type: "text", text: `Invalid state "${state}". Use: open, fixing, resolved, stale, regressed.` }], isError: true };
         }
         let findings = await enrichFindings(client);
+        if (!state) {
+          findings = findings.filter((f) => f.aiStatus !== "wont_fix");
+        }
         if (severity) {
           findings = findings.filter((f) => f.severity === severity);
         }
@@ -499,21 +515,25 @@ var init_get_findings = __esm({
         if (findings.length === 0) {
           return { content: [{ type: "text", text: "No findings detected. The application looks healthy." }] };
         }
-        const lines = [`Found ${findings.length} issue(s):
-`];
+        const lines = [
+          `Found ${findings.length} issue(s). Full context included below \u2014 no need to call get_request_detail separately.`,
+          `After fixing, call report_fixes ONCE with all results.
+`
+        ];
         for (const f of findings) {
           lines.push(`[${f.severity.toUpperCase()}] ${f.title}`);
           lines.push(`  ID: ${f.findingId}`);
           lines.push(`  Endpoint: ${f.endpoint}`);
           lines.push(`  Issue: ${f.description}`);
-          if (f.context) lines.push(`  Context: ${f.context}`);
+          if (f.context) {
+            for (const ctxLine of f.context.split("\n")) {
+              lines.push(`  ${ctxLine}`);
+            }
+          }
           lines.push(`  Fix: ${f.hint}`);
           if (f.aiStatus === "fixed") {
             lines.push(`  AI Status: fixed (awaiting verification)`);
             if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
-          } else if (f.aiStatus === "wont_fix") {
-            lines.push(`  AI Status: won't fix`);
-            if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
           }
           lines.push("");
         }
@@ -901,6 +921,69 @@ var init_report_fix = __esm({
   }
 });
 
+// src/mcp/tools/report-fixes.ts
+var reportFixes;
+var init_report_fixes = __esm({
+  "src/mcp/tools/report-fixes.ts"() {
+    "use strict";
+    init_type_guards();
+    reportFixes = {
+      name: "report_fixes",
+      description: "Report results for multiple findings in a single call. Use this instead of calling report_fix repeatedly \u2014 it's faster and requires only one confirmation. Pass a JSON array string where each item has finding_id, status ('fixed' or 'wont_fix'), and summary.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          fixes: {
+            type: "string",
+            description: 'JSON array of fix reports. Example: [{"finding_id":"abc123","status":"fixed","summary":"Added input validation"}]'
+          }
+        },
+        required: ["fixes"]
+      },
+      async handler(client, args) {
+        let fixes;
+        try {
+          const raw = typeof args.fixes === "string" ? JSON.parse(args.fixes) : args.fixes;
+          if (!Array.isArray(raw) || raw.length === 0) {
+            return { content: [{ type: "text", text: "fixes must be a non-empty JSON array." }], isError: true };
+          }
+          fixes = raw.filter(
+            (item) => typeof item === "object" && item !== null && typeof item.finding_id === "string" && typeof item.status === "string" && typeof item.summary === "string"
+          );
+          if (fixes.length === 0) {
+            return { content: [{ type: "text", text: "No valid fix entries found. Each entry needs finding_id, status, and summary." }], isError: true };
+          }
+        } catch {
+          return { content: [{ type: "text", text: "fixes must be valid JSON." }], isError: true };
+        }
+        const results = [];
+        let errors = 0;
+        for (const fix of fixes) {
+          if (!fix.finding_id || !isValidAiFixStatus(fix.status) || !fix.summary) {
+            results.push(`\u2717 Invalid entry: ${fix.finding_id || "missing ID"}`);
+            errors++;
+            continue;
+          }
+          const ok = await client.reportFix(fix.finding_id, fix.status, fix.summary);
+          if (ok) {
+            const label = fix.status === "fixed" ? "fixed" : "won't fix";
+            results.push(`\u2713 ${fix.finding_id} \u2192 ${label}`);
+          } else {
+            results.push(`\u2717 ${fix.finding_id} \u2192 not found`);
+            errors++;
+          }
+        }
+        const errorSuffix = errors > 0 ? ` (${errors} error${errors !== 1 ? "s" : ""})` : "";
+        const summary = `Processed ${fixes.length} finding(s)${errorSuffix}. Dashboard updated.`;
+        return {
+          content: [{ type: "text", text: summary + "\n\n" + results.join("\n") }],
+          ...errors > 0 ? { isError: true } : {}
+        };
+      }
+    };
+  }
+});
+
 // src/mcp/tools/index.ts
 function getToolDefinitions() {
   return [...TOOL_MAP.values()].map((t) => ({
@@ -930,8 +1013,9 @@ var init_tools = __esm({
     init_get_report();
     init_clear_findings();
     init_report_fix();
+    init_report_fixes();
     TOOL_MAP = new Map(
-      [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix].map((t) => [t.name, t])
+      [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix, reportFixes].map((t) => [t.name, t])
     );
   }
 });
@@ -941,7 +1025,7 @@ var SERVER_INSTRUCTIONS, PROMPTS, PROMPT_MESSAGES;
 var init_prompts = __esm({
   "src/mcp/prompts.ts"() {
     "use strict";
-    SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing any brakit finding, always call the report_fix tool with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did. This updates the dashboard in real-time so the developer can track AI-driven fixes.";
+    SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing brakit findings, call report_fixes (batch) with all results at once instead of calling report_fix individually. This is faster and requires only one confirmation.";
     PROMPTS = [
       {
         name: "check-app",
@@ -953,8 +1037,8 @@ var init_prompts = __esm({
       }
     ];
     PROMPT_MESSAGES = {
-      "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing any issue, call report_fix with the finding_id, status, and summary.",
-      "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Call report_fix with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did\n4. Move to the next finding\n\nAfter all findings are processed, ask me to re-trigger the endpoints so brakit can verify the fixes."
+      "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing issues, call report_fixes once with all results.",
+      "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Track the finding_id, status ('fixed' or 'wont_fix'), and a brief summary\n\nAfter processing ALL findings, call report_fixes ONCE with the full array of results. Do not call report_fix individually for each finding.\n\nAfter reporting, ask me to re-trigger the endpoints so brakit can verify the fixes."
     };
   }
 });
@@ -1123,11 +1207,22 @@ import { readFile as readFile3, readdir } from "fs/promises";
 import { existsSync as existsSync4 } from "fs";
 import { join as join2, relative } from "path";
 var FRAMEWORKS = [
+  // Meta-frameworks first (they bundle Express/Vite internally)
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
   { name: "nuxt", dep: "nuxt", devCmd: "nuxt dev", bin: "nuxt", defaultPort: 3e3, devArgs: ["dev", "--port"] },
-  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] },
-  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] }
+  { name: "astro", dep: "astro", devCmd: "astro dev", bin: "astro", defaultPort: 4321, devArgs: ["dev", "--port"] },
+  { name: "nestjs", dep: "@nestjs/core", devCmd: "nest start", bin: "nest", defaultPort: 3e3, devArgs: ["--watch"] },
+  { name: "adonis", dep: "@adonisjs/core", devCmd: "node ace serve", bin: "ace", defaultPort: 3333, devArgs: ["serve", "--watch"] },
+  { name: "sails", dep: "sails", devCmd: "sails lift", bin: "sails", defaultPort: 1337, devArgs: ["lift"] },
+  // Server frameworks
+  { name: "hono", dep: "hono", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "fastify", dep: "fastify", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "koa", dep: "koa", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "hapi", dep: "@hapi/hapi", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  { name: "express", dep: "express", devCmd: "node", bin: "node", defaultPort: 3e3 },
+  // Bundlers (last — likely used alongside a framework above)
+  { name: "vite", dep: "vite", devCmd: "vite", bin: "vite", defaultPort: 5173, devArgs: ["--port"] }
 ];
 async function detectProject(rootDir) {
   const pkgPath = join2(rootDir, "package.json");
@@ -1910,7 +2005,7 @@ init_constants();
 init_endpoint();
 
 // src/index.ts
-var VERSION = "0.10.0";
+var VERSION = "0.10.1";
 
 // src/cli/commands/install.ts
 init_constants();