forgecraft-mcp 0.2.1 → 0.4.0

package/templates/api/skills.yaml

@@ -0,0 +1,54 @@
+tag: API
+section: skills
+skills:
+  - id: api-test-endpoint
+    name: Test API Endpoint
+    filename: api-test-endpoint.md
+    description: "Test an API endpoint with various scenarios"
+    tier: core
+    content: |
+      Test the API endpoint specified in $ARGUMENTS.
+
+      Steps:
+      1. Find the route handler and read the implementation
+      2. Identify the request schema (params, query, body)
+      3. Run these test scenarios:
+         - **Happy path**: valid request with expected response
+         - **Validation**: missing required fields, wrong types, boundary values
+         - **Auth**: unauthenticated, wrong role, expired token (if applicable)
+         - **Edge cases**: empty body, large payload, special characters
+      4. For each scenario, report:
+         - Request: method, path, headers, body
+         - Expected: status code, response shape
+         - Actual: what happened
+         - Verdict: PASS / FAIL
+
+      Use `curl` or the project's test framework. If tests don't exist for this endpoint, offer to create them.
+
+  - id: api-add-endpoint
+    name: Add API Endpoint
+    filename: api-add-endpoint.md
+    description: "Scaffold a new API endpoint following project patterns"
+    tier: recommended
+    content: |
+      Create a new API endpoint. $ARGUMENTS should describe the endpoint (e.g., "POST /api/users - create a user").
+
+      Steps:
+      1. Identify existing endpoint patterns in the project:
+         - Router file structure
+         - Validation approach (Zod, Joi, class-validator, etc.)
+         - Response format conventions
+         - Error handling patterns
+         - Middleware chain
+      2. Create the endpoint following discovered patterns:
+         - Route handler (thin — delegates to service layer)
+         - Input validation schema
+         - Service method with business logic
+         - Error handling with appropriate HTTP status codes
+      3. Add tests:
+         - Happy path test
+         - Validation error test
+         - At least one edge case
+      4. Update any route index/registry if the project uses one
+
+      Follow existing patterns exactly. Do not introduce new patterns or libraries.

package/templates/cli/mcp-servers.yaml

@@ -7,4 +7,5 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-filesystem", "/"]
     tags: [CLI, LIBRARY]
     category: general
+    tier: recommended
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem"

package/templates/data-lineage/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [DATA-LINEAGE, DATA-PIPELINE]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"
@@ -17,4 +18,5 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-filesystem"]
     tags: [DATA-LINEAGE, UNIVERSAL]
     category: filesystem
+    tier: optional
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem"

package/templates/data-pipeline/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [DATA-PIPELINE, API]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"

package/templates/data-pipeline/skills.yaml

@@ -0,0 +1,56 @@
+tag: DATA-PIPELINE
+section: skills
+skills:
+  - id: pipeline-validate-schema
+    name: Validate Pipeline Schema
+    filename: pipeline-validate-schema.md
+    description: "Validate data pipeline schemas and detect drift"
+    tier: core
+    content: |
+      Validate data pipeline schemas for consistency and detect drift.
+
+      Steps:
+      1. **Find schema definitions**: Search for schema files, model definitions, or DDL:
+         - SQL migration files
+         - ORM models (SQLAlchemy, Prisma, TypeORM, etc.)
+         - Avro/Protobuf/JSON Schema definitions
+         - DataFrame column definitions
+      2. **Check for drift**: Compare schemas across pipeline stages:
+         - Source schema vs. ingestion schema
+         - Ingestion schema vs. transformation output
+         - Transformation output vs. serving layer
+      3. **Validate contracts**:
+         - All nullable fields explicitly marked
+         - Default values defined for new columns
+         - Breaking changes (column removal, type change) flagged
+         - Backward/forward compatibility for event schemas
+      4. **Report**:
+         - Schema location and version
+         - Drift detected between stages
+         - Breaking changes that need migration
+
+      If $ARGUMENTS specifies a pipeline or table name, focus on that. Otherwise, scan all schemas.
+
+  - id: pipeline-trace-lineage
+    name: Trace Data Lineage
+    filename: pipeline-trace-lineage.md
+    description: "Trace data lineage from source to destination"
+    tier: recommended
+    content: |
+      Trace the data lineage for the field or table specified in $ARGUMENTS.
+
+      Steps:
+      1. Start from the target field/table
+      2. Trace backward through transformations:
+         - Which upstream tables/sources feed into it?
+         - What transformations are applied (joins, filters, aggregations)?
+         - What business logic modifies the values?
+      3. Trace forward to consumers:
+         - Which downstream tables/reports/APIs consume it?
+         - What would break if the source schema changed?
+      4. Document the lineage:
+         - Source → Transform → Target chain
+         - Data freshness (batch frequency, streaming lag)
+         - Owner/team for each stage
+
+      Output a text-based lineage diagram showing the data flow.

package/templates/fintech/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@stripe/mcp-server"]
     tags: [FINTECH]
     category: general
+    tier: recommended
     env:
       STRIPE_SECRET_KEY: ""
     url: "https://github.com/stripe/agent-toolkit"

package/templates/fintech/skills.yaml

@@ -0,0 +1,35 @@
+tag: FINTECH
+section: skills
+skills:
+  - id: fintech-money-audit
+    name: Money Calculation Audit
+    filename: fintech-money-audit.md
+    description: "Audit codebase for monetary calculation safety"
+    tier: core
+    content: |
+      Audit the codebase for monetary calculation risks.
+
+      Scan for:
+      1. **Floating-point arithmetic on money**:
+         - Any use of `float`, `double`, or JavaScript `number` for currency amounts
+         - Arithmetic operations (+, -, *, /) on money values without decimal/integer cents
+         - Rounding errors in tax, discount, or fee calculations
+      2. **Currency handling**:
+         - Money values stored without currency code
+         - Mixed-currency arithmetic without explicit conversion
+         - Missing exchange rate snapshots for audit trail
+      3. **Rounding**:
+         - Inconsistent rounding modes (banker's rounding vs. standard)
+         - Rounding applied at intermediate steps instead of final result
+         - Missing rounding specification in calculations
+      4. **Overflow / precision**:
+         - Integer cents stored in types too small for large amounts
+         - Multiplication (e.g., interest) without precision guards
+         - Division without remainder handling
+
+      For each finding, report:
+      - **File**: path
+      - **Line**: number
+      - **Risk**: CRITICAL | HIGH | MEDIUM
+      - **Issue**: what could go wrong
+      - **Fix**: recommended change (e.g., use Decimal library, store as integer cents)

package/templates/game/mcp-servers.yaml

@@ -7,4 +7,5 @@ servers:
     args: ["-y", "@anthropic/unity-mcp"]
     tags: [GAME]
     category: game-engine
+    tier: recommended
     url: "https://github.com/CoplayDev/unity-mcp"

package/templates/healthcare/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [DATA-PIPELINE, API, HEALTHCARE]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"

package/templates/healthcare/skills.yaml

@@ -0,0 +1,35 @@
+tag: HEALTHCARE
+section: skills
+skills:
+  - id: healthcare-phi-audit
+    name: PHI Audit
+    filename: healthcare-phi-audit.md
+    description: "Scan codebase for PHI exposure risks"
+    tier: core
+    content: |
+      Audit the codebase for Protected Health Information (PHI) exposure risks.
+
+      Scan for:
+      1. **Logging**: Search for log statements that might include PHI fields:
+         - Patient name, DOB, SSN, MRN, address, phone, email
+         - Diagnosis codes, treatment plans, lab results
+         - Any field from a patient/member/encounter model
+      2. **Error messages**: Check that error responses don't leak PHI in:
+         - API error bodies
+         - Exception messages
+         - Stack traces exposed to clients
+      3. **Storage**: Verify PHI at rest is protected:
+         - Database fields containing PHI are identified and encrypted
+         - File uploads with PHI use encrypted storage
+         - Temporary files are cleaned up
+      4. **Transmission**: Verify PHI in transit:
+         - All endpoints serving PHI require HTTPS
+         - No PHI in URL query parameters (use POST body)
+         - No PHI in client-side analytics or tracking
+
+      Report each finding with:
+      - **File**: path
+      - **Line**: number
+      - **Risk**: HIGH | MEDIUM | LOW
+      - **PHI type**: what data is exposed
+      - **Fix**: recommended remediation

package/templates/hipaa/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [HIPAA, HEALTHCARE, API]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"

package/templates/hipaa/skills.yaml

@@ -0,0 +1,39 @@
+tag: HIPAA
+section: skills
+skills:
+  - id: hipaa-compliance-check
+    name: HIPAA Compliance Check
+    filename: hipaa-compliance-check.md
+    description: "Verify HIPAA technical safeguard compliance"
+    tier: core
+    content: |
+      Check the project for HIPAA technical safeguard compliance.
+
+      Verify each requirement:
+
+      **Access Controls (§164.312(a))**:
+      - [ ] Unique user identification — every user has a unique ID
+      - [ ] Emergency access procedure — documented break-glass process
+      - [ ] Automatic logoff — session timeout configured
+      - [ ] Encryption/decryption — PHI encrypted at rest
+
+      **Audit Controls (§164.312(b))**:
+      - [ ] Audit logging enabled for all PHI access
+      - [ ] Logs include: who, what, when, where (IP)
+      - [ ] Logs are tamper-evident (append-only, signed, or immutable storage)
+      - [ ] Log retention meets minimum period (6 years)
+
+      **Integrity Controls (§164.312(c))**:
+      - [ ] Data validation on PHI fields
+      - [ ] Checksums or signatures for data integrity verification
+
+      **Transmission Security (§164.312(e))**:
+      - [ ] TLS 1.2+ enforced for all PHI transmission
+      - [ ] No PHI in URL parameters
+      - [ ] Encryption for PHI in message queues or event streams
+
+      For each gap, report:
+      - **Requirement**: HIPAA section reference
+      - **Status**: COMPLIANT | GAP | PARTIAL
+      - **Finding**: what's missing
+      - **Remediation**: specific implementation steps

package/templates/infra/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "mcp-server-docker"]
     tags: [INFRA]
     category: deployment
+    tier: recommended
     url: "https://github.com/ckreiling/mcp-server-docker"
 
   - name: kubernetes
@@ -15,4 +16,5 @@ servers:
     args: ["-y", "mcp-server-kubernetes"]
     tags: [INFRA]
     category: deployment
+    tier: optional
     url: "https://github.com/strowk/mcp-k8s-go"

package/templates/library/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-filesystem", "/"]
     tags: [CLI, LIBRARY]
     category: general
+    tier: recommended
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem"
 
   - name: npm-search
@@ -15,4 +16,5 @@ servers:
     args: ["-y", "mcp-server-npm-search"]
     tags: [LIBRARY]
     category: documentation
+    tier: optional
     url: "https://github.com/nicholasgriffintn/npm-search-mcp-server"

package/templates/medallion-architecture/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [MEDALLION-ARCHITECTURE, DATA-PIPELINE]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"
@@ -17,4 +18,5 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-filesystem"]
     tags: [MEDALLION-ARCHITECTURE, DATA-PIPELINE]
     category: filesystem
+    tier: optional
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem"

package/templates/ml/mcp-servers.yaml

@@ -7,4 +7,5 @@ servers:
     args: ["-y", "mcp-server-jupyter"]
     tags: [ML, DATA-PIPELINE]
     category: ai-ml
+    tier: recommended
     url: "https://github.com/datalayer/jupyter-mcp-server"

package/templates/mobile/mcp-servers.yaml

@@ -7,4 +7,5 @@ servers:
     args: ["-y", "mcp-server-android"]
     tags: [MOBILE]
     category: devtools
+    tier: recommended
     url: "https://github.com/nicholasgriffintn/android-mcp-server"

package/templates/observability-xray/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "mcp-server-cloudwatch"]
     tags: [OBSERVABILITY-XRAY, INFRA]
     category: monitoring
+    tier: recommended
     env:
       AWS_REGION: ""
       AWS_ACCESS_KEY_ID: ""

package/templates/realtime/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "mcp-server-redis"]
     tags: [REALTIME]
     category: database
+    tier: recommended
     env:
       REDIS_URL: "redis://localhost:6379"
     url: "https://github.com/nicholasgriffintn/redis-mcp-server"

package/templates/soc2/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-github"]
     tags: [SOC2, UNIVERSAL]
     category: version-control
+    tier: recommended
     env:
       GITHUB_PERSONAL_ACCESS_TOKEN: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/github"
@@ -17,6 +18,7 @@ servers:
     args: ["-y", "mcp-server-sentry"]
     tags: [SOC2, API]
     category: monitoring
+    tier: optional
     env:
       SENTRY_AUTH_TOKEN: ""
     url: "https://github.com/modelcontextprotocol/servers"

package/templates/social/mcp-servers.yaml

@@ -7,6 +7,7 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-postgres"]
     tags: [DATA-PIPELINE, API, SOCIAL]
     category: database
+    tier: recommended
     env:
       POSTGRES_CONNECTION_STRING: ""
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/postgres"
@@ -17,6 +18,7 @@ servers:
     args: ["-y", "mcp-server-redis"]
     tags: [REALTIME, SOCIAL]
     category: database
+    tier: optional
     env:
       REDIS_URL: "redis://localhost:6379"
     url: "https://github.com/nicholasgriffintn/redis-mcp-server"

package/templates/state-machine/mcp-servers.yaml

@@ -7,4 +7,5 @@ servers:
     args: ["-y", "@modelcontextprotocol/server-sequential-thinking"]
     tags: [UNIVERSAL, STATE-MACHINE]
     category: general
+    tier: optional
     url: "https://github.com/modelcontextprotocol/servers/tree/main/src/sequentialthinking"

package/templates/universal/hooks.yaml

@@ -182,6 +182,69 @@ hooks:
       fi
       echo "🔍 Production quality scan passed"
 
+  - name: function-length
+    trigger: pre-commit
+    description: "Warn when staged functions exceed the configured maximum line count"
+    filename: pre-commit-function-length.sh
+    script: |
+      #!/bin/bash
+      MAX_LENGTH={{max_function_length | default: 50}}
+      STAGED=$(git diff --cached --name-only --diff-filter=ACM)
+      SOURCE_FILES=$(echo "$STAGED" | grep -E '\.(ts|tsx|js|jsx)$' | grep -vE '(\.test\.|\.spec\.|__tests__|tests/)')
+      if [ -z "$SOURCE_FILES" ]; then exit 0; fi
+      WARNINGS=0
+      for file in $SOURCE_FILES; do
+        # Heuristic: find function/method declarations and count lines to next declaration or closing brace
+        awk -v max="$MAX_LENGTH" -v fname="$file" '
+          /^[[:space:]]*(export )?(async )?(function |const [a-zA-Z]+ = (async )?\(|[a-zA-Z]+\(.*\) \{|[a-zA-Z]+\(.*\): )/ {
+            if (start > 0 && NR - start > max) {
+              printf "  ⚠️  %s:%d — function starting here is %d lines (max %d)\n", fname, start, NR - start, max
+              warnings++
+            }
+            start = NR
+          }
+          END {
+            if (start > 0 && NR - start > max) {
+              printf "  ⚠️  %s:%d — function starting here is %d lines (max %d)\n", fname, start, NR - start, max
+              warnings++
+            }
+          }
+        ' "$file"
+        WARNINGS=$((WARNINGS + $?))
+      done
+      # Warning only — does not block commit since bash heuristics aren't perfect
+      exit 0
+
+  - name: import-cycle-detector
+    trigger: pre-commit
+    description: "Detect circular import dependencies in TypeScript and Python projects"
+    filename: pre-commit-import-cycles.sh
+    script: |
+      #!/bin/bash
+      echo "🔄 Checking for circular imports..."
+      if [ -f "tsconfig.json" ]; then
+        if command -v npx &> /dev/null; then
+          RESULT=$(npx --yes madge --circular --extensions ts src/ 2>&1)
+          if echo "$RESULT" | grep -q "Found.*circular"; then
+            echo "❌ Circular imports detected in TypeScript:"
+            echo "$RESULT"
+            exit 1
+          fi
+          echo "  ✅ No circular imports (TypeScript)"
+        fi
+      fi
+      if [ -f "pyproject.toml" ] || [ -f "setup.py" ]; then
+        if command -v lint-imports &> /dev/null; then
+          lint-imports 2>&1
+          if [ $? -ne 0 ]; then
+            echo "❌ Circular imports detected in Python"
+            exit 1
+          fi
+          echo "  ✅ No circular imports (Python)"
+        fi
+      fi
+      echo "🔄 Import cycle check passed"
+
   - name: code-review
     trigger: pre-commit
     description: "AI assistant reviews diff against project standards"