brakit 0.9.2 → 0.10.1

package/dist/mcp/server.js

@@ -27,16 +27,14 @@ var DASHBOARD_API_SECURITY = `${DASHBOARD_PREFIX}/api/security`;
 var DASHBOARD_API_TAB = `${DASHBOARD_PREFIX}/api/tab`;
 var DASHBOARD_API_FINDINGS = `${DASHBOARD_PREFIX}/api/findings`;
 var DASHBOARD_API_FINDINGS_REPORT = `${DASHBOARD_PREFIX}/api/findings/report`;
+var DASHBOARD_API_GRAPH = `${DASHBOARD_PREFIX}/api/graph`;
 var VALID_TABS_TUPLE = [
   "overview",
   "actions",
-  "requests",
-  "fetches",
-  "queries",
-  "errors",
-  "logs",
+  "insights",
   "performance",
-  "security"
+  "graph",
+  "explorer"
 ];
 var VALID_TABS = new Set(VALID_TABS_TUPLE);
 
@@ -51,7 +49,7 @@ var MAX_DISCOVERY_DEPTH = 5;
 var MAX_TIMELINE_EVENTS = 20;
 var MAX_RESOLVED_DISPLAY = 5;
 var ENRICHMENT_SEVERITY_FILTER = ["critical", "warning"];
-var MCP_SERVER_VERSION = "0.9.2";
+var MCP_SERVER_VERSION = "0.10.1";
 var RECOVERY_WINDOW_MS = 5 * 60 * 1e3;
 var PORT_MIN = 1;
 var PORT_MAX = 65535;
@@ -261,10 +259,27 @@ async function enrichFindings(client) {
         if (reqData.requests.length > 0) {
           const req = reqData.requests[0];
           if (req.id) {
-            const activity = await client.getActivity(req.id);
-            const queryCount = activity.counts?.queries ?? 0;
-            const fetchCount = activity.counts?.fetches ?? 0;
-            return `Request took ${req.durationMs}ms. ${queryCount} DB queries, ${fetchCount} fetches.`;
+            const [activity, queries, fetches] = await Promise.all([
+              client.getActivity(req.id),
+              client.getQueries(req.id),
+              client.getFetches(req.id)
+            ]);
+            const lines = [`Request took ${req.durationMs}ms.`];
+            if (queries.entries.length > 0) {
+              lines.push(`DB Queries (${queries.entries.length}):`);
+              for (const q of queries.entries.slice(0, 5)) {
+                const sql = q.sql ?? `${q.operation ?? ""} ${q.table ?? q.model ?? ""}`;
+                lines.push(`  [${q.durationMs}ms] ${sql}`);
+              }
+              if (queries.entries.length > 5) lines.push(`  ... and ${queries.entries.length - 5} more`);
+            }
+            if (fetches.entries.length > 0) {
+              lines.push(`Fetches (${fetches.entries.length}):`);
+              for (const f of fetches.entries.slice(0, 3)) {
+                lines.push(`  [${f.durationMs}ms] ${f.method} ${f.url} \u2192 ${f.statusCode}`);
+              }
+            }
+            return lines.join("\n");
           }
         }
       } catch {
@@ -380,6 +395,9 @@ var getFindings = {
       return { content: [{ type: "text", text: `Invalid state "${state}". Use: open, fixing, resolved, stale, regressed.` }], isError: true };
     }
     let findings = await enrichFindings(client);
+    if (!state) {
+      findings = findings.filter((f) => f.aiStatus !== "wont_fix");
+    }
     if (severity) {
       findings = findings.filter((f) => f.severity === severity);
     }
@@ -391,21 +409,25 @@ var getFindings = {
     if (findings.length === 0) {
       return { content: [{ type: "text", text: "No findings detected. The application looks healthy." }] };
     }
-    const lines = [`Found ${findings.length} issue(s):
-`];
+    const lines = [
+      `Found ${findings.length} issue(s). Full context included below \u2014 no need to call get_request_detail separately.`,
+      `After fixing, call report_fixes ONCE with all results.
+`
+    ];
     for (const f of findings) {
       lines.push(`[${f.severity.toUpperCase()}] ${f.title}`);
       lines.push(`  ID: ${f.findingId}`);
       lines.push(`  Endpoint: ${f.endpoint}`);
       lines.push(`  Issue: ${f.description}`);
-      if (f.context) lines.push(`  Context: ${f.context}`);
+      if (f.context) {
+        for (const ctxLine of f.context.split("\n")) {
+          lines.push(`  ${ctxLine}`);
+        }
+      }
       lines.push(`  Fix: ${f.hint}`);
       if (f.aiStatus === "fixed") {
         lines.push(`  AI Status: fixed (awaiting verification)`);
         if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
-      } else if (f.aiStatus === "wont_fix") {
-        lines.push(`  AI Status: won't fix`);
-        if (f.aiNotes) lines.push(`  AI Notes: ${f.aiNotes}`);
       }
       lines.push("");
     }
@@ -750,9 +772,65 @@ var reportFix = {
   }
 };
 
+// src/mcp/tools/report-fixes.ts
+var reportFixes = {
+  name: "report_fixes",
+  description: "Report results for multiple findings in a single call. Use this instead of calling report_fix repeatedly \u2014 it's faster and requires only one confirmation. Pass a JSON array string where each item has finding_id, status ('fixed' or 'wont_fix'), and summary.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      fixes: {
+        type: "string",
+        description: 'JSON array of fix reports. Example: [{"finding_id":"abc123","status":"fixed","summary":"Added input validation"}]'
+      }
+    },
+    required: ["fixes"]
+  },
+  async handler(client, args) {
+    let fixes;
+    try {
+      const raw = typeof args.fixes === "string" ? JSON.parse(args.fixes) : args.fixes;
+      if (!Array.isArray(raw) || raw.length === 0) {
+        return { content: [{ type: "text", text: "fixes must be a non-empty JSON array." }], isError: true };
+      }
+      fixes = raw.filter(
+        (item) => typeof item === "object" && item !== null && typeof item.finding_id === "string" && typeof item.status === "string" && typeof item.summary === "string"
+      );
+      if (fixes.length === 0) {
+        return { content: [{ type: "text", text: "No valid fix entries found. Each entry needs finding_id, status, and summary." }], isError: true };
+      }
+    } catch {
+      return { content: [{ type: "text", text: "fixes must be valid JSON." }], isError: true };
+    }
+    const results = [];
+    let errors = 0;
+    for (const fix of fixes) {
+      if (!fix.finding_id || !isValidAiFixStatus(fix.status) || !fix.summary) {
+        results.push(`\u2717 Invalid entry: ${fix.finding_id || "missing ID"}`);
+        errors++;
+        continue;
+      }
+      const ok = await client.reportFix(fix.finding_id, fix.status, fix.summary);
+      if (ok) {
+        const label = fix.status === "fixed" ? "fixed" : "won't fix";
+        results.push(`\u2713 ${fix.finding_id} \u2192 ${label}`);
+      } else {
+        results.push(`\u2717 ${fix.finding_id} \u2192 not found`);
+        errors++;
+      }
+    }
+    const errorSuffix = errors > 0 ? ` (${errors} error${errors !== 1 ? "s" : ""})` : "";
+    const summary = `Processed ${fixes.length} finding(s)${errorSuffix}. Dashboard updated.`;
+    return {
+      content: [{ type: "text", text: summary + "\n\n" + results.join("\n") }],
+      ...errors > 0 ? { isError: true } : {}
+    };
+  }
+};
+
 // src/mcp/tools/index.ts
 var TOOL_MAP = new Map(
-  [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix].map((t) => [t.name, t])
+  [getFindings, getEndpoints, getRequestDetail, verifyFix, getReport, clearFindings, reportFix, reportFixes].map((t) => [t.name, t])
 );
 function getToolDefinitions() {
   return [...TOOL_MAP.values()].map((t) => ({
@@ -773,7 +851,7 @@ function handleToolCall(client, name, args) {
 }
 
 // src/mcp/prompts.ts
-var SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing any brakit finding, always call the report_fix tool with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did. This updates the dashboard in real-time so the developer can track AI-driven fixes.";
+var SERVER_INSTRUCTIONS = "Brakit is a dev tool that monitors your running app for security vulnerabilities, performance issues, and query problems. IMPORTANT: After fixing brakit findings, call report_fixes (batch) with all results at once instead of calling report_fix individually. This is faster and requires only one confirmation.";
 var PROMPTS = [
   {
     name: "check-app",
@@ -785,8 +863,8 @@ var PROMPTS = [
   }
 ];
 var PROMPT_MESSAGES = {
-  "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing any issue, call report_fix with the finding_id, status, and summary.",
-  "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Call report_fix with the finding_id, status ('fixed' or 'wont_fix'), and a brief summary of what you did\n4. Move to the next finding\n\nAfter all findings are processed, ask me to re-trigger the endpoints so brakit can verify the fixes."
+  "check-app": "Check my running app for security and performance issues using brakit. First get all findings, then get the endpoint summary. For any critical or warning findings, get the request detail to understand the root cause. Give me a clear report of what's wrong and offer to fix each issue. After fixing issues, call report_fixes once with all results.",
+  "fix-findings": "Get all open brakit findings. For each finding:\n1. Get the request detail to understand the exact issue\n2. Find the source code responsible and fix it\n3. Track the finding_id, status ('fixed' or 'wont_fix'), and a brief summary\n\nAfter processing ALL findings, call report_fixes ONCE with the full array of results. Do not call report_fix individually for each finding.\n\nAfter reporting, ask me to re-trigger the endpoints so brakit can verify the fixes."
 };
 
 // src/mcp/server.ts