brakit 0.7.5 → 0.8.0

package/dist/bin/brakit.js

@@ -1,17 +1,944 @@
 #!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/constants/routes.ts
+var DASHBOARD_API_REQUESTS, DASHBOARD_API_CLEAR, DASHBOARD_API_FETCHES, DASHBOARD_API_ERRORS, DASHBOARD_API_QUERIES, DASHBOARD_API_ACTIVITY, DASHBOARD_API_METRICS_LIVE, DASHBOARD_API_INSIGHTS, DASHBOARD_API_SECURITY, DASHBOARD_API_FINDINGS;
+var init_routes = __esm({
+  "src/constants/routes.ts"() {
+    "use strict";
+    DASHBOARD_API_REQUESTS = "/__brakit/api/requests";
+    DASHBOARD_API_CLEAR = "/__brakit/api/clear";
+    DASHBOARD_API_FETCHES = "/__brakit/api/fetches";
+    DASHBOARD_API_ERRORS = "/__brakit/api/errors";
+    DASHBOARD_API_QUERIES = "/__brakit/api/queries";
+    DASHBOARD_API_ACTIVITY = "/__brakit/api/activity";
+    DASHBOARD_API_METRICS_LIVE = "/__brakit/api/metrics/live";
+    DASHBOARD_API_INSIGHTS = "/__brakit/api/insights";
+    DASHBOARD_API_SECURITY = "/__brakit/api/security";
+    DASHBOARD_API_FINDINGS = "/__brakit/api/findings";
+  }
+});
+
+// src/constants/limits.ts
+var MAX_REQUEST_ENTRIES, MAX_TELEMETRY_ENTRIES;
+var init_limits = __esm({
+  "src/constants/limits.ts"() {
+    "use strict";
+    MAX_REQUEST_ENTRIES = 1e3;
+    MAX_TELEMETRY_ENTRIES = 1e3;
+  }
+});
+
+// src/constants/thresholds.ts
+var OVERFETCH_UNWRAP_MIN_SIZE;
+var init_thresholds = __esm({
+  "src/constants/thresholds.ts"() {
+    "use strict";
+    OVERFETCH_UNWRAP_MIN_SIZE = 3;
+  }
+});
+
+// src/constants/transport.ts
+var init_transport = __esm({
+  "src/constants/transport.ts"() {
+    "use strict";
+  }
+});
+
+// src/constants/metrics.ts
+var METRICS_DIR, PORT_FILE;
+var init_metrics = __esm({
+  "src/constants/metrics.ts"() {
+    "use strict";
+    METRICS_DIR = ".brakit";
+    PORT_FILE = ".brakit/port";
+  }
+});
+
+// src/constants/headers.ts
+var init_headers = __esm({
+  "src/constants/headers.ts"() {
+    "use strict";
+  }
+});
+
+// src/constants/network.ts
+var init_network = __esm({
+  "src/constants/network.ts"() {
+    "use strict";
+  }
+});
+
+// src/constants/mcp.ts
+var MCP_SERVER_NAME, MCP_SERVER_VERSION, INITIAL_DISCOVERY_TIMEOUT_MS, LAZY_DISCOVERY_TIMEOUT_MS, CLIENT_FETCH_TIMEOUT_MS, HEALTH_CHECK_TIMEOUT_MS, DISCOVERY_POLL_INTERVAL_MS, MAX_TIMELINE_EVENTS, MAX_RESOLVED_DISPLAY, ENRICHMENT_SEVERITY_FILTER;
+var init_mcp = __esm({
+  "src/constants/mcp.ts"() {
+    "use strict";
+    MCP_SERVER_NAME = "brakit";
+    MCP_SERVER_VERSION = "0.8.0";
+    INITIAL_DISCOVERY_TIMEOUT_MS = 5e3;
+    LAZY_DISCOVERY_TIMEOUT_MS = 2e3;
+    CLIENT_FETCH_TIMEOUT_MS = 1e4;
+    HEALTH_CHECK_TIMEOUT_MS = 3e3;
+    DISCOVERY_POLL_INTERVAL_MS = 500;
+    MAX_TIMELINE_EVENTS = 20;
+    MAX_RESOLVED_DISPLAY = 5;
+    ENRICHMENT_SEVERITY_FILTER = ["critical", "warning"];
+  }
+});
+
+// src/constants/index.ts
+var init_constants = __esm({
+  "src/constants/index.ts"() {
+    "use strict";
+    init_routes();
+    init_limits();
+    init_thresholds();
+    init_transport();
+    init_metrics();
+    init_headers();
+    init_network();
+    init_mcp();
+  }
+});
+
+// src/store/finding-id.ts
+import { createHash } from "crypto";
+function computeFindingId(finding) {
+  const key = `${finding.rule}:${finding.endpoint}:${finding.desc}`;
+  return createHash("sha256").update(key).digest("hex").slice(0, 16);
+}
+var init_finding_id = __esm({
+  "src/store/finding-id.ts"() {
+    "use strict";
+  }
+});
+
+// src/utils/endpoint.ts
+function parseEndpointKey(endpoint) {
+  const spaceIdx = endpoint.indexOf(" ");
+  if (spaceIdx > 0) {
+    return { method: endpoint.slice(0, spaceIdx), path: endpoint.slice(spaceIdx + 1) };
+  }
+  return { path: endpoint };
+}
+var init_endpoint = __esm({
+  "src/utils/endpoint.ts"() {
+    "use strict";
+  }
+});
+
+// src/mcp/client.ts
+var BrakitClient;
+var init_client = __esm({
+  "src/mcp/client.ts"() {
+    "use strict";
+    init_routes();
+    init_mcp();
+    BrakitClient = class {
+      constructor(baseUrl) {
+        this.baseUrl = baseUrl;
+      }
+      async getRequests(params) {
+        const url = new URL(`${this.baseUrl}${DASHBOARD_API_REQUESTS}`);
+        if (params?.method) url.searchParams.set("method", params.method);
+        if (params?.status) url.searchParams.set("status", params.status);
+        if (params?.search) url.searchParams.set("search", params.search);
+        if (params?.limit) url.searchParams.set("limit", String(params.limit));
+        if (params?.offset) url.searchParams.set("offset", String(params.offset));
+        return this.fetchJson(url);
+      }
+      async getSecurityFindings() {
+        return this.fetchJson(`${this.baseUrl}${DASHBOARD_API_SECURITY}`);
+      }
+      async getInsights() {
+        return this.fetchJson(`${this.baseUrl}${DASHBOARD_API_INSIGHTS}`);
+      }
+      async getQueries(requestId) {
+        const url = new URL(`${this.baseUrl}${DASHBOARD_API_QUERIES}`);
+        if (requestId) url.searchParams.set("requestId", requestId);
+        return this.fetchJson(url);
+      }
+      async getFetches(requestId) {
+        const url = new URL(`${this.baseUrl}${DASHBOARD_API_FETCHES}`);
+        if (requestId) url.searchParams.set("requestId", requestId);
+        return this.fetchJson(url);
+      }
+      async getErrors() {
+        return this.fetchJson(`${this.baseUrl}${DASHBOARD_API_ERRORS}`);
+      }
+      async getActivity(requestId) {
+        const url = new URL(`${this.baseUrl}${DASHBOARD_API_ACTIVITY}`);
+        url.searchParams.set("requestId", requestId);
+        return this.fetchJson(url);
+      }
+      async getLiveMetrics() {
+        return this.fetchJson(`${this.baseUrl}${DASHBOARD_API_METRICS_LIVE}`);
+      }
+      async getFindings(state) {
+        const url = new URL(`${this.baseUrl}${DASHBOARD_API_FINDINGS}`);
+        if (state) url.searchParams.set("state", state);
+        return this.fetchJson(url);
+      }
+      async clearAll() {
+        const res = await fetch(`${this.baseUrl}${DASHBOARD_API_CLEAR}`, {
+          method: "POST",
+          signal: AbortSignal.timeout(CLIENT_FETCH_TIMEOUT_MS)
+        });
+        return res.ok;
+      }
+      async isAlive() {
+        try {
+          const res = await fetch(`${this.baseUrl}${DASHBOARD_API_REQUESTS}?limit=1`, {
+            signal: AbortSignal.timeout(HEALTH_CHECK_TIMEOUT_MS)
+          });
+          return res.ok;
+        } catch {
+          return false;
+        }
+      }
+      async fetchJson(url) {
+        const res = await fetch(url.toString(), {
+          signal: AbortSignal.timeout(CLIENT_FETCH_TIMEOUT_MS)
+        });
+        if (!res.ok) {
+          throw new Error(`Brakit API error: ${res.status} ${res.statusText}`);
+        }
+        return res.json();
+      }
+    };
+  }
+});
+
+// src/mcp/discovery.ts
+import { readFileSync as readFileSync4, existsSync as existsSync4 } from "fs";
+import { resolve as resolve6 } from "path";
+function discoverBrakitPort(cwd) {
+  const root = cwd ?? process.cwd();
+  const portPath = resolve6(root, PORT_FILE);
+  if (!existsSync4(portPath)) {
+    throw new Error(
+      `Brakit is not running. No port file found at ${portPath}.
+Start your app with brakit enabled first.`
+    );
+  }
+  const raw = readFileSync4(portPath, "utf-8").trim();
+  const port = parseInt(raw, 10);
+  if (isNaN(port) || port < 1 || port > 65535) {
+    throw new Error(`Invalid port in ${portPath}: "${raw}"`);
+  }
+  return { port, baseUrl: `http://localhost:${port}` };
+}
+async function waitForBrakit(cwd, timeoutMs = 1e4, pollMs = DISCOVERY_POLL_INTERVAL_MS) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    try {
+      const result = discoverBrakitPort(cwd);
+      const res = await fetch(`${result.baseUrl}${DASHBOARD_API_REQUESTS}?limit=1`);
+      if (res.ok) return result;
+    } catch {
+    }
+    await new Promise((r) => setTimeout(r, pollMs));
+  }
+  throw new Error(
+    "Timed out waiting for Brakit to start. Is your app running with brakit enabled?"
+  );
+}
+var init_discovery = __esm({
+  "src/mcp/discovery.ts"() {
+    "use strict";
+    init_constants();
+    init_mcp();
+  }
+});
+
+// src/mcp/enrichment.ts
+import { createHash as createHash2 } from "crypto";
+function computeInsightId(type, endpoint, desc) {
+  const key = `${type}:${endpoint}:${desc}`;
+  return createHash2("sha256").update(key).digest("hex").slice(0, 16);
+}
+async function enrichFindings(client) {
+  const [securityData, insightsData] = await Promise.all([
+    client.getSecurityFindings(),
+    client.getInsights()
+  ]);
+  const enriched = [];
+  for (const f of securityData.findings) {
+    let context = "";
+    try {
+      const { path } = parseEndpointKey(f.endpoint);
+      const reqData = await client.getRequests({ search: path, limit: 1 });
+      if (reqData.requests.length > 0) {
+        const req = reqData.requests[0];
+        if (req.id) {
+          const activity = await client.getActivity(req.id);
+          const queryCount = activity.counts?.queries ?? 0;
+          const fetchCount = activity.counts?.fetches ?? 0;
+          context = `Request took ${req.durationMs}ms. ${queryCount} DB queries, ${fetchCount} fetches.`;
+        }
+      }
+    } catch {
+      context = "(context unavailable)";
+    }
+    enriched.push({
+      findingId: computeFindingId(f),
+      severity: f.severity,
+      title: f.title,
+      endpoint: f.endpoint,
+      description: f.desc,
+      hint: f.hint,
+      occurrences: f.count,
+      context
+    });
+  }
+  for (const i of insightsData.insights) {
+    if (!ENRICHMENT_SEVERITY_FILTER.includes(i.severity)) continue;
+    const endpoint = i.nav ?? "global";
+    enriched.push({
+      findingId: computeInsightId(i.type, endpoint, i.desc),
+      severity: i.severity,
+      title: i.title,
+      endpoint,
+      description: i.desc,
+      hint: i.hint,
+      occurrences: 1,
+      context: i.detail ?? ""
+    });
+  }
+  return enriched;
+}
+async function enrichEndpoints(client, sortBy) {
+  const data = await client.getLiveMetrics();
+  const endpoints = data.endpoints.map((ep) => ({
+    ...ep.summary,
+    endpoint: ep.endpoint
+  }));
+  if (sortBy === "error_rate") {
+    endpoints.sort((a, b) => b.errorRate - a.errorRate);
+  } else if (sortBy === "query_count") {
+    endpoints.sort((a, b) => b.avgQueryCount - a.avgQueryCount);
+  } else if (sortBy === "requests") {
+    endpoints.sort((a, b) => b.totalRequests - a.totalRequests);
+  }
+  return endpoints;
+}
+async function enrichRequestDetail(client, opts) {
+  if (opts.requestId) {
+    const data = await client.getRequests({ search: opts.requestId, limit: 1 });
+    if (data.requests.length > 0) {
+      return buildRequestDetail(client, data.requests[0].id);
+    }
+  } else if (opts.endpoint) {
+    const { method, path } = parseEndpointKey(opts.endpoint);
+    const data = await client.getRequests({ method, search: path, limit: 1 });
+    if (data.requests.length > 0) {
+      return buildRequestDetail(client, data.requests[0].id);
+    }
+  }
+  return null;
+}
+async function buildRequestDetail(client, requestId) {
+  const [reqData, activity, queries, fetches] = await Promise.all([
+    client.getRequests({ search: requestId, limit: 1 }),
+    client.getActivity(requestId),
+    client.getQueries(requestId),
+    client.getFetches(requestId)
+  ]);
+  const req = reqData.requests[0];
+  return {
+    id: requestId,
+    method: req.method,
+    url: req.url,
+    statusCode: req.statusCode,
+    durationMs: req.durationMs,
+    queries: queries.entries,
+    fetches: fetches.entries,
+    timeline: activity.timeline
+  };
+}
+var init_enrichment = __esm({
+  "src/mcp/enrichment.ts"() {
+    "use strict";
+    init_mcp();
+    init_finding_id();
+    init_endpoint();
+  }
+});
+
+// src/mcp/tools/get-findings.ts
+var VALID_SEVERITIES, VALID_STATES, getFindings;
+var init_get_findings = __esm({
+  "src/mcp/tools/get-findings.ts"() {
+    "use strict";
+    init_enrichment();
+    VALID_SEVERITIES = /* @__PURE__ */ new Set(["critical", "warning"]);
+    VALID_STATES = /* @__PURE__ */ new Set(["open", "fixing", "resolved"]);
+    getFindings = {
+      name: "get_findings",
+      description: "Get all security findings and performance insights from the running app. Returns enriched findings with actionable fix hints, endpoint context, and evidence. Use this to understand what issues exist in the running application.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          severity: {
+            type: "string",
+            enum: ["critical", "warning"],
+            description: "Filter by severity level"
+          },
+          state: {
+            type: "string",
+            enum: ["open", "fixing", "resolved"],
+            description: "Filter by finding state (from finding lifecycle)"
+          }
+        }
+      },
+      async handler(client, args) {
+        const severity = args.severity;
+        const state = args.state;
+        if (severity && !VALID_SEVERITIES.has(severity)) {
+          return { content: [{ type: "text", text: `Invalid severity "${severity}". Use: critical, warning.` }], isError: true };
+        }
+        if (state && !VALID_STATES.has(state)) {
+          return { content: [{ type: "text", text: `Invalid state "${state}". Use: open, fixing, resolved.` }], isError: true };
+        }
+        let findings = await enrichFindings(client);
+        if (severity) {
+          findings = findings.filter((f) => f.severity === severity);
+        }
+        if (state) {
+          const stateful = await client.getFindings(state);
+          const statefulIds = new Set(stateful.findings.map((f) => f.findingId));
+          findings = findings.filter((f) => statefulIds.has(f.findingId));
+        }
+        if (findings.length === 0) {
+          return { content: [{ type: "text", text: "No findings detected. The application looks healthy." }] };
+        }
+        const lines = [`Found ${findings.length} issue(s):
+`];
+        for (const f of findings) {
+          lines.push(`[${f.severity.toUpperCase()}] ${f.title}`);
+          lines.push(`  Endpoint: ${f.endpoint}`);
+          lines.push(`  Issue: ${f.description}`);
+          if (f.context) lines.push(`  Context: ${f.context}`);
+          lines.push(`  Fix: ${f.hint}`);
+          lines.push("");
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/get-endpoints.ts
+var VALID_SORT_KEYS, getEndpoints;
+var init_get_endpoints = __esm({
+  "src/mcp/tools/get-endpoints.ts"() {
+    "use strict";
+    init_enrichment();
+    VALID_SORT_KEYS = /* @__PURE__ */ new Set(["p95", "error_rate", "query_count", "requests"]);
+    getEndpoints = {
+      name: "get_endpoints",
+      description: "Get a summary of all observed API endpoints with performance stats. Shows p95 latency, error rate, query count, and time breakdown for each endpoint. Use this to identify which endpoints need attention.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          sort_by: {
+            type: "string",
+            enum: ["p95", "error_rate", "query_count", "requests"],
+            description: "Sort endpoints by this metric (default: p95 latency)"
+          }
+        }
+      },
+      async handler(client, args) {
+        const sortBy = args.sort_by;
+        if (sortBy && !VALID_SORT_KEYS.has(sortBy)) {
+          return { content: [{ type: "text", text: `Invalid sort_by "${sortBy}". Use: p95, error_rate, query_count, requests.` }], isError: true };
+        }
+        const endpoints = await enrichEndpoints(client, sortBy);
+        if (endpoints.length === 0) {
+          return {
+            content: [{ type: "text", text: "No endpoints observed yet. Make some requests to your app first." }]
+          };
+        }
+        const lines = [`${endpoints.length} endpoint(s) observed:
+`];
+        for (const ep of endpoints) {
+          lines.push(`${ep.endpoint}`);
+          lines.push(`  p95: ${ep.p95Ms}ms | Errors: ${(ep.errorRate * 100).toFixed(1)}% | Queries: ${ep.avgQueryCount}/req | Requests: ${ep.totalRequests}`);
+          lines.push(`  Time breakdown: DB ${ep.avgQueryTimeMs}ms + Fetch ${ep.avgFetchTimeMs}ms + App ${ep.avgAppTimeMs}ms`);
+          lines.push("");
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/get-request-detail.ts
+var getRequestDetail;
+var init_get_request_detail = __esm({
+  "src/mcp/tools/get-request-detail.ts"() {
+    "use strict";
+    init_mcp();
+    init_enrichment();
+    getRequestDetail = {
+      name: "get_request_detail",
+      description: "Get full details of a specific HTTP request including all DB queries it fired, all fetches it made, the response, and a timeline of events. Use this to deeply understand what happens when a specific endpoint is hit.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          request_id: {
+            type: "string",
+            description: "The specific request ID to look up"
+          },
+          endpoint: {
+            type: "string",
+            description: "Alternatively, get the latest request for an endpoint like 'GET /api/users'"
+          }
+        }
+      },
+      async handler(client, args) {
+        const requestId = args.request_id;
+        const endpoint = args.endpoint;
+        if (!requestId && !endpoint) {
+          return {
+            content: [{ type: "text", text: "Please provide either a request_id or an endpoint (e.g. 'GET /api/users')." }]
+          };
+        }
+        const detail = await enrichRequestDetail(client, { requestId, endpoint });
+        if (!detail) {
+          return {
+            content: [{ type: "text", text: `No request found for ${requestId ?? endpoint}.` }]
+          };
+        }
+        const lines = [
+          `Request: ${detail.method} ${detail.url}`,
+          `Status: ${detail.statusCode}`,
+          `Duration: ${detail.durationMs}ms`,
+          ""
+        ];
+        if (detail.queries.length > 0) {
+          lines.push(`DB Queries (${detail.queries.length}):`);
+          for (const q of detail.queries) {
+            const sql = q.sql ?? `${q.operation} ${q.table ?? q.model ?? ""}`;
+            lines.push(`  [${q.durationMs}ms] ${sql}`);
+          }
+          lines.push("");
+        }
+        if (detail.fetches.length > 0) {
+          lines.push(`Outgoing Fetches (${detail.fetches.length}):`);
+          for (const f of detail.fetches) {
+            lines.push(`  [${f.durationMs}ms] ${f.method} ${f.url} \u2192 ${f.statusCode}`);
+          }
+          lines.push("");
+        }
+        if (detail.timeline.length > 0) {
+          lines.push(`Timeline (${detail.timeline.length} events):`);
+          for (const event of detail.timeline.slice(0, MAX_TIMELINE_EVENTS)) {
+            lines.push(`  ${event.type}: ${JSON.stringify(event.data)}`);
+          }
+          if (detail.timeline.length > MAX_TIMELINE_EVENTS) {
+            lines.push(`  ... and ${detail.timeline.length - MAX_TIMELINE_EVENTS} more events`);
+          }
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/verify-fix.ts
+var verifyFix;
+var init_verify_fix = __esm({
+  "src/mcp/tools/verify-fix.ts"() {
+    "use strict";
+    verifyFix = {
+      name: "verify_fix",
+      description: "Verify whether a previously found security or performance issue has been resolved. After you fix code, the user should trigger the endpoint again, then call this tool to check if the finding still appears in Brakit's analysis.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          finding_id: {
+            type: "string",
+            description: "The finding ID to verify"
+          },
+          endpoint: {
+            type: "string",
+            description: "Alternatively, check if a specific endpoint still has issues (e.g. 'GET /api/users')"
+          }
+        }
+      },
+      async handler(client, args) {
+        const findingId = args.finding_id;
+        const endpoint = args.endpoint;
+        if (findingId !== void 0 && findingId.trim() === "") {
+          return { content: [{ type: "text", text: "finding_id cannot be empty." }], isError: true };
+        }
+        if (endpoint !== void 0 && endpoint.trim() === "") {
+          return { content: [{ type: "text", text: "endpoint cannot be empty." }], isError: true };
+        }
+        if (findingId) {
+          const data = await client.getFindings();
+          const finding = data.findings.find((f) => f.findingId === findingId);
+          if (!finding) {
+            return {
+              content: [{
+                type: "text",
+                text: `Finding ${findingId} not found. It may have already been resolved and cleaned up.`
+              }]
+            };
+          }
+          if (finding.state === "resolved") {
+            return {
+              content: [{
+                type: "text",
+                text: `RESOLVED: "${finding.finding.title}" on ${finding.finding.endpoint} is no longer detected. The fix worked.`
+              }]
+            };
+          }
+          return {
+            content: [{
+              type: "text",
+              text: [
+                `STILL PRESENT: "${finding.finding.title}" on ${finding.finding.endpoint}`,
+                `  State: ${finding.state}`,
+                `  Last seen: ${new Date(finding.lastSeenAt).toISOString()}`,
+                `  Occurrences: ${finding.occurrences}`,
+                `  Issue: ${finding.finding.desc}`,
+                `  Hint: ${finding.finding.hint}`,
+                "",
+                "Make sure the user has triggered the endpoint again after the fix, so Brakit can re-analyze."
+              ].join("\n")
+            }]
+          };
+        }
+        if (endpoint) {
+          const data = await client.getFindings();
+          const endpointFindings = data.findings.filter(
+            (f) => f.finding.endpoint === endpoint || f.finding.endpoint.endsWith(` ${endpoint}`)
+          );
+          if (endpointFindings.length === 0) {
+            return {
+              content: [{
+                type: "text",
+                text: `No findings found for endpoint "${endpoint}". Either it's clean or it hasn't been analyzed yet.`
+              }]
+            };
+          }
+          const open = endpointFindings.filter((f) => f.state === "open");
+          const resolved = endpointFindings.filter((f) => f.state === "resolved");
+          const lines = [
+            `Endpoint: ${endpoint}`,
+            `Open issues: ${open.length}`,
+            `Resolved: ${resolved.length}`,
+            ""
+          ];
+          for (const f of open) {
+            lines.push(`  [${f.finding.severity}] ${f.finding.title}: ${f.finding.desc}`);
+          }
+          for (const f of resolved) {
+            lines.push(`  [resolved] ${f.finding.title}`);
+          }
+          return { content: [{ type: "text", text: lines.join("\n") }] };
+        }
+        return {
+          content: [{
+            type: "text",
+            text: "Please provide either a finding_id or an endpoint to verify."
+          }]
+        };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/get-report.ts
+var getReport;
+var init_get_report = __esm({
+  "src/mcp/tools/get-report.ts"() {
+    "use strict";
+    init_mcp();
+    getReport = {
+      name: "get_report",
+      description: "Generate a summary report of all findings: total found, open, resolved. Use this to get a high-level overview of the application's health.",
+      inputSchema: {
+        type: "object",
+        properties: {}
+      },
+      async handler(client, _args) {
+        const [findingsData, securityData, insightsData, metricsData] = await Promise.all([
+          client.getFindings(),
+          client.getSecurityFindings(),
+          client.getInsights(),
+          client.getLiveMetrics()
+        ]);
+        const findings = findingsData.findings;
+        const open = findings.filter((f) => f.state === "open");
+        const resolved = findings.filter((f) => f.state === "resolved");
+        const fixing = findings.filter((f) => f.state === "fixing");
+        const criticalOpen = open.filter((f) => f.finding.severity === "critical");
+        const warningOpen = open.filter((f) => f.finding.severity === "warning");
+        const totalRequests = metricsData.endpoints.reduce(
+          (s, ep) => s + ep.summary.totalRequests,
+          0
+        );
+        const lines = [
+          "=== Brakit Report ===",
+          "",
+          `Endpoints observed: ${metricsData.endpoints.length}`,
+          `Total requests captured: ${totalRequests}`,
+          `Active security rules: ${securityData.findings.length} finding(s)`,
+          `Performance insights: ${insightsData.insights.length} insight(s)`,
+          "",
+          "--- Finding Summary ---",
+          `Total: ${findings.length}`,
+          `  Open: ${open.length} (${criticalOpen.length} critical, ${warningOpen.length} warning)`,
+          `  In progress: ${fixing.length}`,
+          `  Resolved: ${resolved.length}`
+        ];
+        if (criticalOpen.length > 0) {
+          lines.push("");
+          lines.push("--- Critical Issues (fix first) ---");
+          for (const f of criticalOpen) {
+            lines.push(`  [CRITICAL] ${f.finding.title} \u2014 ${f.finding.endpoint}`);
+            lines.push(`    ${f.finding.desc}`);
+            lines.push(`    Fix: ${f.finding.hint}`);
+          }
+        }
+        if (resolved.length > 0) {
+          lines.push("");
+          lines.push("--- Recently Resolved ---");
+          for (const f of resolved.slice(0, MAX_RESOLVED_DISPLAY)) {
+            lines.push(`  \u2713 ${f.finding.title} \u2014 ${f.finding.endpoint}`);
+          }
+          if (resolved.length > MAX_RESOLVED_DISPLAY) {
+            lines.push(`  ... and ${resolved.length - MAX_RESOLVED_DISPLAY} more`);
+          }
+        }
+        return { content: [{ type: "text", text: lines.join("\n") }] };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/clear-findings.ts
+var clearFindings;
+var init_clear_findings = __esm({
+  "src/mcp/tools/clear-findings.ts"() {
+    "use strict";
+    clearFindings = {
+      name: "clear_findings",
+      description: "Reset finding history for a fresh session. Use this when you want to start tracking findings from scratch.",
+      inputSchema: {
+        type: "object",
+        properties: {}
+      },
+      async handler(client, _args) {
+        const ok = await client.clearAll();
+        if (!ok) {
+          return {
+            content: [{ type: "text", text: "Failed to clear findings. Is the app still running?" }]
+          };
+        }
+        return {
+          content: [{ type: "text", text: "All findings and captured data have been cleared. Start making requests to capture fresh data." }]
+        };
+      }
+    };
+  }
+});
+
+// src/mcp/tools/index.ts
+function getToolDefinitions() {
+  return [...TOOL_MAP.values()].map((t) => ({
+    name: t.name,
+    description: t.description,
+    inputSchema: t.inputSchema
+  }));
+}
+function handleToolCall(client, name, args) {
+  const tool = TOOL_MAP.get(name);
+  if (!tool) {
+    return Promise.resolve({
+      content: [{ type: "text", text: `Unknown tool: ${name}` }],
+      isError: true
+    });
+  }
+  return tool.handler(client, args);
+}
+var TOOL_MAP;
+var init_tools = __esm({
+  "src/mcp/tools/index.ts"() {
+    "use strict";
+    init_get_findings();
+    init_get_endpoints();
+    init_get_request_detail();
+    init_verify_fix();
+    init_get_report();
+    init_clear_findings();
+    TOOL_MAP = new Map(
+      [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings].map((t) => [t.name, t])
+    );
+  }
+});
+
+// src/mcp/prompts.ts
+var PROMPTS, PROMPT_MESSAGES;
+var init_prompts = __esm({
+  "src/mcp/prompts.ts"() {
+    "use strict";
+    PROMPTS = [
+      {
+        name: "check-app",
+        description: "Check your running app for security vulnerabilities and performance issues"
+      },
+      {
+        name: "fix-findings",
+        description: "Find all open brakit findings and fix them one by one"
+      }
+    ];
+    PROMPT_MESSAGES = {
+      "check-app": [
+        "Check my running app for security and performance issues using brakit.",
+        "First get all findings, then get the endpoint summary.",
+        "For any critical or warning findings, get the request detail to understand the root cause.",
+        "Give me a clear report of what's wrong and offer to fix each issue."
+      ].join(" "),
+      "fix-findings": [
+        "Get all open brakit findings.",
+        "For each finding, get the request detail to understand the exact issue.",
+        "Then find the source code responsible and fix it.",
+        "After fixing, ask me to re-trigger the endpoint so you can verify the fix with brakit."
+      ].join(" ")
+    };
+  }
+});
+
+// src/mcp/server.ts
+var server_exports = {};
+__export(server_exports, {
+  startMcpServer: () => startMcpServer
+});
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema,
+  ListPromptsRequestSchema,
+  GetPromptRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+async function startMcpServer() {
+  let discovery;
+  try {
+    discovery = await waitForBrakit(void 0, INITIAL_DISCOVERY_TIMEOUT_MS);
+  } catch {
+    discovery = null;
+  }
+  let cachedClient = discovery ? new BrakitClient(discovery.baseUrl) : null;
+  const server = new Server(
+    { name: MCP_SERVER_NAME, version: MCP_SERVER_VERSION },
+    { capabilities: { tools: {}, prompts: {} } }
+  );
+  server.setRequestHandler(ListPromptsRequestSchema, async () => ({
+    prompts: [...PROMPTS]
+  }));
+  server.setRequestHandler(GetPromptRequestSchema, async (request) => ({
+    description: PROMPTS.find((p) => p.name === request.params.name)?.description,
+    messages: [{
+      role: "user",
+      content: {
+        type: "text",
+        text: PROMPT_MESSAGES[request.params.name] ?? "Check my app for issues."
+      }
+    }]
+  }));
+  server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: getToolDefinitions()
+  }));
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    let activeClient = cachedClient;
+    if (!activeClient) {
+      try {
+        const disc = await waitForBrakit(void 0, LAZY_DISCOVERY_TIMEOUT_MS);
+        activeClient = new BrakitClient(disc.baseUrl);
+        cachedClient = activeClient;
+      } catch {
+        return {
+          content: [{
+            type: "text",
+            text: "Brakit is not running. Start your app with brakit enabled first."
+          }],
+          isError: true
+        };
+      }
+    }
+    const alive = await activeClient.isAlive();
+    if (!alive) {
+      return {
+        content: [{
+          type: "text",
+          text: "Brakit appears to be down. Is your app still running?"
+        }],
+        isError: true
+      };
+    }
+    try {
+      return await handleToolCall(activeClient, name, args ?? {});
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return {
+        content: [{
+          type: "text",
+          text: `Error calling ${name}: ${message}`
+        }],
+        isError: true
+      };
+    }
+  });
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+var init_server = __esm({
+  "src/mcp/server.ts"() {
+    "use strict";
+    init_client();
+    init_discovery();
+    init_tools();
+    init_mcp();
+    init_prompts();
+  }
+});
+
 // bin/brakit.ts
 import { runMain } from "citty";
 
 // src/cli/commands/install.ts
 import { defineCommand } from "citty";
-import { resolve as resolve3, join as join2 } from "path";
-import { readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
+import { resolve as resolve4, join as join2 } from "path";
+import { readFile as readFile3, writeFile as writeFile4 } from "fs/promises";
 import { execSync } from "child_process";
 import pc from "picocolors";
 
-// src/detect/project.ts
-import { readFile as readFile2 } from "fs/promises";
-import { join } from "path";
+// src/store/finding-store.ts
+init_constants();
+import {
+  readFileSync as readFileSync2,
+  writeFileSync as writeFileSync2,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  renameSync
+} from "fs";
+import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
+import { resolve as resolve2 } from "path";
 
 // src/utils/fs.ts
 import { access } from "fs/promises";
@@ -26,7 +953,12 @@ async function fileExists(path) {
   }
 }
 
+// src/store/finding-store.ts
+init_finding_id();
+
 // src/detect/project.ts
+import { readFile as readFile2 } from "fs/promises";
+import { join } from "path";
 var FRAMEWORKS = [
   { name: "nextjs", dep: "next", devCmd: "next dev", bin: "next", defaultPort: 3e3, devArgs: ["dev", "--port"] },
   { name: "remix", dep: "@remix-run/dev", devCmd: "remix dev", bin: "remix", defaultPort: 3e3, devArgs: ["dev"] },
@@ -386,6 +1318,31 @@ var corsCredentialsRule = {
   }
 };
 
+// src/utils/response.ts
+init_thresholds();
+function unwrapResponse(parsed) {
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
+  const obj = parsed;
+  const keys = Object.keys(obj);
+  if (keys.length > 3) return parsed;
+  let best = null;
+  let bestSize = 0;
+  for (const key of keys) {
+    const val = obj[key];
+    if (Array.isArray(val) && val.length > bestSize) {
+      best = val;
+      bestSize = val.length;
+    } else if (val && typeof val === "object" && !Array.isArray(val)) {
+      const size = Object.keys(val).length;
+      if (size > bestSize) {
+        best = val;
+        bestSize = size;
+      }
+    }
+  }
+  return best && bestSize >= OVERFETCH_UNWRAP_MIN_SIZE ? best : parsed;
+}
+
 // src/analysis/rules/response-pii-leak.ts
 var WRITE_METHODS = /* @__PURE__ */ new Set(["POST", "PUT", "PATCH"]);
 var FULL_RECORD_MIN_FIELDS = 5;
@@ -430,28 +1387,6 @@ function hasInternalIds(obj) {
   }
   return false;
 }
-function unwrapResponse(parsed) {
-  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return parsed;
-  const obj = parsed;
-  const keys = Object.keys(obj);
-  if (keys.length > 3) return parsed;
-  let best = null;
-  let bestSize = 0;
-  for (const key of keys) {
-    const val = obj[key];
-    if (Array.isArray(val) && val.length > bestSize) {
-      best = val;
-      bestSize = val.length;
-    } else if (val && typeof val === "object" && !Array.isArray(val)) {
-      const size = Object.keys(val).length;
-      if (size > bestSize) {
-        best = val;
-        bestSize = size;
-      }
-    }
-  }
-  return best && bestSize >= 3 ? best : parsed;
-}
 function detectPII(method, reqBody, resBody) {
   const target = unwrapResponse(resBody);
   if (WRITE_METHODS.has(method) && reqBody && typeof reqBody === "object") {
@@ -537,9 +1472,8 @@ var responsePiiLeakRule = {
   }
 };
 
-// src/constants/limits.ts
-var MAX_REQUEST_ENTRIES = 1e3;
-var MAX_TELEMETRY_ENTRIES = 1e3;
+// src/store/request-store.ts
+init_constants();
 
 // src/utils/static-patterns.ts
 var STATIC_PATTERNS = [
@@ -624,6 +1558,7 @@ var RequestStore = class {
 var defaultStore = new RequestStore();
 
 // src/store/telemetry-store.ts
+init_constants();
 import { randomUUID } from "crypto";
 var TelemetryStore = class {
   constructor(maxEntries = MAX_TELEMETRY_ENTRIES) {
@@ -677,25 +1612,79 @@ var QueryStore = class extends TelemetryStore {
 var defaultQueryStore = new QueryStore();
 
 // src/store/metrics/metrics-store.ts
+init_constants();
 import { randomUUID as randomUUID2 } from "crypto";
+init_endpoint();
 
 // src/store/metrics/persistence.ts
+init_constants();
 import {
-  readFileSync as readFileSync2,
-  writeFileSync as writeFileSync2,
-  mkdirSync as mkdirSync2,
-  existsSync as existsSync2,
+  readFileSync as readFileSync3,
+  writeFileSync as writeFileSync3,
+  mkdirSync as mkdirSync3,
+  existsSync as existsSync3,
   unlinkSync,
-  renameSync
+  renameSync as renameSync2
 } from "fs";
-import { writeFile as writeFile2, mkdir, rename } from "fs/promises";
-import { resolve as resolve2 } from "path";
+import { writeFile as writeFile3, mkdir as mkdir2, rename as rename2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
 
 // src/analysis/group.ts
+init_constants();
 import { randomUUID as randomUUID3 } from "crypto";
 
+// src/analysis/label.ts
+init_constants();
+
+// src/analysis/transforms.ts
+init_constants();
+
+// src/analysis/insights/prepare.ts
+init_endpoint();
+init_constants();
+
+// src/analysis/insights/rules/n1.ts
+init_endpoint();
+init_thresholds();
+
+// src/analysis/insights/rules/cross-endpoint.ts
+init_endpoint();
+init_thresholds();
+
+// src/analysis/insights/rules/redundant-query.ts
+init_endpoint();
+init_thresholds();
+
+// src/analysis/insights/rules/error-hotspot.ts
+init_thresholds();
+
+// src/analysis/insights/rules/duplicate.ts
+init_thresholds();
+
+// src/analysis/insights/rules/slow.ts
+init_thresholds();
+
+// src/analysis/insights/rules/query-heavy.ts
+init_thresholds();
+
+// src/analysis/insights/rules/select-star.ts
+init_thresholds();
+
+// src/analysis/insights/rules/high-rows.ts
+init_thresholds();
+
+// src/analysis/insights/rules/response-overfetch.ts
+init_endpoint();
+init_thresholds();
+
+// src/analysis/insights/rules/large-response.ts
+init_thresholds();
+
+// src/analysis/insights/rules/regression.ts
+init_thresholds();
+
 // src/index.ts
-var VERSION = "0.7.5";
+var VERSION = "0.8.0";
 
 // src/cli/commands/install.ts
 var IMPORT_LINE = `import "brakit";`;
@@ -715,7 +1704,7 @@ var install_default = defineCommand({
     }
   },
   async run({ args }) {
-    const rootDir = resolve3(args.dir);
+    const rootDir = resolve4(args.dir);
     const pkgPath = join2(rootDir, "package.json");
     if (!await fileExists(pkgPath)) {
       console.error(pc.red("  No package.json found. Run this from your project root."));
@@ -753,6 +1742,12 @@ var install_default = defineCommand({
     } else {
       printManualInstructions(project.framework);
     }
+    const mcpResult = await setupMcp(rootDir);
+    if (mcpResult === "created" || mcpResult === "updated") {
+      console.log(pc.green("  \u2713 Configured MCP for Claude Code / Cursor"));
+    } else if (mcpResult === "exists") {
+      console.log(pc.dim("  \u2713 MCP already configured"));
+    }
     console.log();
     console.log(pc.dim("  Start your app and visit:"));
     console.log(pc.bold("  http://localhost:<port>/__brakit"));
@@ -809,7 +1804,7 @@ async function setupNextjs(rootDir) {
     `}`,
     ``
   ].join("\n");
-  await writeFile3(absPath, content);
+  await writeFile4(absPath, content);
   return { action: "created", file: relPath, content };
 }
 async function setupNuxt(rootDir) {
@@ -825,9 +1820,9 @@ async function setupNuxt(rootDir) {
   const content = `${IMPORT_LINE}
 `;
   const dir = join2(rootDir, "server/plugins");
-  const { mkdirSync: mkdirSync3 } = await import("fs");
-  mkdirSync3(dir, { recursive: true });
-  await writeFile3(absPath, content);
+  const { mkdirSync: mkdirSync4 } = await import("fs");
+  mkdirSync4(dir, { recursive: true });
+  await writeFile4(absPath, content);
   return { action: "created", file: relPath, content };
 }
 async function setupPrepend(rootDir, ...candidates) {
@@ -838,7 +1833,7 @@ async function setupPrepend(rootDir, ...candidates) {
     if (content.includes(IMPORT_MARKER)) {
       return { action: "exists", file: relPath };
     }
-    await writeFile3(absPath, `${IMPORT_LINE}
+    await writeFile4(absPath, `${IMPORT_LINE}
 ${content}`);
     return { action: "prepended", file: relPath };
   }
@@ -872,6 +1867,45 @@ async function setupGeneric(rootDir) {
   if (result.action !== "manual") return result;
   return { action: "manual", file: null };
 }
+var MCP_CONFIG = {
+  mcpServers: {
+    brakit: {
+      command: "npx",
+      args: ["brakit", "mcp"]
+    }
+  }
+};
+async function setupMcp(rootDir) {
+  const mcpPath = join2(rootDir, ".mcp.json");
+  if (await fileExists(mcpPath)) {
+    const raw = await readFile3(mcpPath, "utf-8");
+    try {
+      const config = JSON.parse(raw);
+      if (config?.mcpServers?.brakit) return "exists";
+      config.mcpServers = { ...config.mcpServers, ...MCP_CONFIG.mcpServers };
+      await writeFile4(mcpPath, JSON.stringify(config, null, 2) + "\n");
+      await ensureGitignoreMcp(rootDir);
+      return "updated";
+    } catch {
+    }
+  }
+  await writeFile4(mcpPath, JSON.stringify(MCP_CONFIG, null, 2) + "\n");
+  await ensureGitignoreMcp(rootDir);
+  return "created";
+}
+async function ensureGitignoreMcp(rootDir) {
+  const gitignorePath = join2(rootDir, ".gitignore");
+  try {
+    if (await fileExists(gitignorePath)) {
+      const content = await readFile3(gitignorePath, "utf-8");
+      if (content.split("\n").some((l) => l.trim() === ".mcp.json")) return;
+      await writeFile4(gitignorePath, content.trimEnd() + "\n.mcp.json\n");
+    } else {
+      await writeFile4(gitignorePath, ".mcp.json\n");
+    }
+  } catch {
+  }
+}
 function printManualInstructions(framework) {
   console.log(pc.yellow("  \u26A0 Could not auto-detect entry file."));
   console.log();
@@ -891,10 +1925,11 @@ function printManualInstructions(framework) {
 
 // src/cli/commands/uninstall.ts
 import { defineCommand as defineCommand2 } from "citty";
-import { resolve as resolve4, join as join3 } from "path";
-import { readFile as readFile4, writeFile as writeFile4, unlink } from "fs/promises";
+import { resolve as resolve5, join as join3 } from "path";
+import { readFile as readFile4, writeFile as writeFile5, unlink, rm } from "fs/promises";
 import { execSync as execSync2 } from "child_process";
 import pc2 from "picocolors";
+init_constants();
 var IMPORT_LINE2 = `import "brakit";`;
 var CREATED_FILES = [
   "src/instrumentation.ts",
@@ -932,7 +1967,7 @@ var uninstall_default = defineCommand2({
     }
   },
   async run({ args }) {
-    const rootDir = resolve4(args.dir);
+    const rootDir = resolve5(args.dir);
     let project = null;
     try {
       project = await detectProject(rootDir);
@@ -970,7 +2005,7 @@ var uninstall_default = defineCommand2({
         const content = await readFile4(absPath, "utf-8");
         if (!content.includes(IMPORT_LINE2)) continue;
         const updated = content.split("\n").filter((line) => line.trim() !== IMPORT_LINE2.trim()).join("\n");
-        await writeFile4(absPath, updated);
+        await writeFile5(absPath, updated);
         console.log(pc2.green(`  \u2713 Removed brakit import from ${relPath}`));
         removed = true;
         break;
@@ -979,6 +2014,18 @@ var uninstall_default = defineCommand2({
     if (!removed) {
       console.log(pc2.dim("  No brakit instrumentation files found."));
     }
+    const mcpRemoved = await removeMcpConfig(rootDir);
+    if (mcpRemoved) {
+      console.log(pc2.green("  \u2713 Removed brakit MCP configuration"));
+    }
+    const dataRemoved = await removeBrakitData(rootDir);
+    if (dataRemoved) {
+      console.log(pc2.green("  \u2713 Removed .brakit directory"));
+    }
+    const gitignoreCleaned = await cleanGitignore(rootDir);
+    if (gitignoreCleaned) {
+      console.log(pc2.green("  \u2713 Removed .brakit from .gitignore"));
+    }
     const pm = project?.packageManager ?? "npm";
     const uninstalled = await uninstallPackage(rootDir, pm);
     if (uninstalled) {
@@ -987,6 +2034,24 @@ var uninstall_default = defineCommand2({
     console.log();
   }
 });
+async function removeMcpConfig(rootDir) {
+  const mcpPath = join3(rootDir, ".mcp.json");
+  if (!await fileExists(mcpPath)) return false;
+  try {
+    const raw = await readFile4(mcpPath, "utf-8");
+    const config = JSON.parse(raw);
+    if (!config?.mcpServers?.brakit) return false;
+    delete config.mcpServers.brakit;
+    if (Object.keys(config.mcpServers).length === 0) {
+      await unlink(mcpPath);
+    } else {
+      await writeFile5(mcpPath, JSON.stringify(config, null, 2) + "\n");
+    }
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function uninstallPackage(rootDir, pm) {
   try {
     const pkgRaw = await readFile4(join3(rootDir, "package.json"), "utf-8");
@@ -1009,12 +2074,42 @@ async function uninstallPackage(rootDir, pm) {
   }
   return true;
 }
+async function removeBrakitData(rootDir) {
+  const dataDir = join3(rootDir, METRICS_DIR);
+  if (!await fileExists(dataDir)) return false;
+  try {
+    await rm(dataDir, { recursive: true, force: true });
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function cleanGitignore(rootDir) {
+  const gitignorePath = join3(rootDir, ".gitignore");
+  if (!await fileExists(gitignorePath)) return false;
+  try {
+    const content = await readFile4(gitignorePath, "utf-8");
+    const lines = content.split("\n");
+    const filtered = lines.filter((line) => line.trim() !== METRICS_DIR);
+    if (filtered.length === lines.length) return false;
+    await writeFile5(gitignorePath, filtered.join("\n"));
+    return true;
+  } catch {
+    return false;
+  }
+}
 
 // bin/brakit.ts
 var sub = process.argv[2];
 if (sub === "uninstall") {
   process.argv.splice(2, 1);
   runMain(uninstall_default);
+} else if (sub === "mcp") {
+  Promise.resolve().then(() => (init_server(), server_exports)).then(({ startMcpServer: startMcpServer2 }) => startMcpServer2()).catch((err) => {
+    process.stderr.write(`[brakit] MCP server failed: ${err.message}
+`);
+    process.exitCode = 1;
+  });
 } else {
   if (sub === "install") process.argv.splice(2, 1);
   runMain(install_default);