npm - general-coding-tools-mcp - Versions diffs - 1.0.9 → 1.1.1 - Mend

general-coding-tools-mcp 1.0.9 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,8 +1,98 @@
-# MCP server
+# General Coding Tools MCP
-This directory is the General Coding Tools MCP server. The [root README](../README.md) describes each skill and subagent and how to use the server.
+MCP server that exposes **skills** and **subagents** for general coding workflows. Add it in Cursor, Claude Desktop, or any MCP client to get structured guidance for debugging, audits, planning, testing, docs, research, and verification.
-**Build:** `npm install && npm run build`
+## Setup
+```json
+{
+  "mcpServers": {
+    "gct": {
+      "command": "npx",
+      "args": ["-y", "general-coding-tools-mcp"]
+    }
+  }
+}
+```
+Using `gct` as the server name gives you short slash commands like `/gct:security-audit`. You can use any name you prefer.
+If you use a local clone instead of npm, point `command` to `node` and `args` to the path to `dist/index.js`.
+---
+## Skills
+Structured processes and checklists the model can follow when you ask for that kind of help.
+| Skill | What it does |
+|-------|----------------|
+| **systematic-debugging** | Guides root-cause analysis: reproduce, isolate, hypothesize, verify, fix. Use when something is broken or you're investigating a failure. |
+| **correctness-audit** | Reviews code for correctness bugs, uncaught edge cases, and scalability issues (logic, null/async, types, resources, N+1, etc.). |
+| **security-audit** | Audits against OWASP Top 10, API Security Top 10, CWE, GDPR, PCI-DSS. Cites standards and gives concrete fixes. |
+| **best-practices-audit** | Audits against DRY, SOLID, KISS, YAGNI, Clean Code, and similar. |
+| **feature-planning** | Plans a feature before coding: context, requirements, design (behavior, data, API, state), implementation steps, and quality/risk. |
+| **test-deno** | Writes and reviews Deno integration tests for Supabase Edge Functions. Enforces sanitizers, assertions, mocking, HTTP testing, and environment isolation. |
+| **test-frontend** | Writes and reviews React tests using Vitest and React Testing Library. Enforces RTL query priority, Vitest mocking, Zustand/TanStack Query testing. |
+| **test-pgtap** | Writes and reviews pgTAP database tests for Supabase SQL migrations. Enforces transaction isolation, plan counts, assertion selection, RLS verification. |
+| **migration-audit** | Audits PL/pgSQL migration files for NULL traps, race conditions (TOCTOU), missing constraints, error handling gaps, JSONB pitfalls, volatility mismarks, financial safety, and security (SECURITY DEFINER, search_path, REVOKE/GRANT). |
+| **ui-audit** | Audits React/Tailwind UI for WCAG 2.2 accessibility violations and structural anti-patterns (component duplication, separation of concerns). |
+Each skill is available three ways:
+- **Slash command** — `/gct:security-audit` (or whatever server name you chose) — select from the command palette with an optional task/scope argument
+- **Tool** — the model calls `apply_skill` automatically when it recognizes the need
+- **Resource** — fetch raw content via `get_skill`
+---
+## Subagents
+Focused agents for specific tasks. Available as slash commands (`/gct:deep-research`), tools (`apply_subagent`), or resources (`get_subagent`).
+| Subagent | What it does |
+|----------|----------------|
+| **deep-research** | Deep research and literature review. Uses web/Exa and AlphaXiv (when available). Synthesizes answers with pros/cons and sources. |
+| **update-docs** | Keeps project documentation in sync with the code — architecture, setup, deploy, contributing, README, docstrings. |
+| **verifier** | Checks that completed work matches what was claimed. Verifies deliverables exist and work, flags unstated changes. |
+---
+## Recommended Workflow
+**For every new code addition:**
+1. **Plan first** — use `feature-planning` before writing any code
+2. **Audit correctness** — use `correctness-audit` on the implementation
+3. **Audit migrations** — use `migration-audit` on any SQL migration files (PL/pgSQL functions, DDL)
+4. **Audit security** — use `security-audit` if the change touches auth, payments, APIs, or user data
+5. **Audit best practices** — use `best-practices-audit` as a final pass
+**Always get a second opinion:** have a second agent verify audit findings, OR dispatch the audit as a subagent and have the main agent review the results. This catches false positives and ensures nothing is missed.
+---
+## Tools
+| Tool | Purpose |
+|------|---------|
+| `list_skills` | List all available skills |
+| `list_subagents` | List all available subagents |
+| `get_skill` | Fetch the full content of a skill |
+| `get_subagent` | Fetch the full content of a subagent |
+| `apply_skill` | Apply a skill to a user request |
+| `apply_subagent` | Apply a subagent to a user request |
+**Resources:** URIs like `general-coding-tools-mcp://skill/systematic-debugging` and `general-coding-tools-mcp://subagent/deep-research` for direct reads.
+---
+## Development
+**Build:** `npm install && npm run build`
 **Run:** `npm start` or `node dist/index.js`
 Content lives in `skills/` and `subagents/` and is bundled into `dist/content.json` at build time.
+## License
+MIT.