npm - karukia-mcp - Versions diffs - 3.0.4 → 3.0.6 - Mend

karukia-mcp 3.0.4 → 3.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/LICENSE CHANGED Viewed

@@ -1,7 +1,7 @@
 Business Source License 1.1
 Licensor:             KARUK IA (contact@karukia.com)
-Licensed Work:        karukia-mcp v3.0.4
+Licensed Work:        karukia-mcp v3.0.5
                       The Licensed Work is (c) 2026 KARUK IA
 Change Date:          March 6, 2028
 Change License:       Apache License, Version 2.0

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 **The complete AI-assisted development methodology, delivered via MCP.**
-**Latest: v3.0.4** — 26 tools, 19 skills, 1673+ checkpoints across 11 audit dimensions.
+**Latest: v3.0.5** — 26 tools, 19 skills, 1797+ checkpoints across 11 audit dimensions.
 ```
@@ -15,7 +15,7 @@
    AI methodology for highly regulated industries · Made in Guadeloupe 🇬🇵
 ```
-26 tools, 19 skills, 1673+ checkpoints across 11 audit dimensions. Works with any AI platform (Claude Code, Cursor, Windsurf, Copilot...) through the Model Context Protocol.
+26 tools, 19 skills, 1797+ checkpoints across 11 audit dimensions. Works with any AI platform (Claude Code, Cursor, Windsurf, Copilot...) through the Model Context Protocol.
 ---
@@ -41,7 +41,7 @@ You: "Run a security audit"
 ```
 SECURITY  → Neo (445 pts)      "Is my code secure?"
-QUALITY   → Opquast (245 pts)  "Is my app well-built?"
+QUALITY   → Certix (369 pts)   "Is my app well-built?"
 OFFENSIVE → Viper (245+ tests) "How would a hacker break in?"
 TS        → ts_quality (118)   "Is my TypeScript clean?"
 CSS       → css_quality (55)   "Is my design system maintainable?"
@@ -155,8 +155,8 @@ Each skill returns a complete prompt that transforms your AI into a specialist.
 | `neo` | Security Auditor | Defensive audit against 6 frameworks (OWASP, HDS, ISO 27001, SOC 2, PCI-DSS, HIPAA) |
 | `viper` | Pentest Brigade | Offensive testing with 16 agents, CVSS v4 scoring, MITRE ATT&CK mapping |
 | `jeffrey` | Full-Stack Architect | Feature implementation with TDD and security validation |
-| `opo` | Quality Validator | Web quality against 245 Opquast rules |
-| `audit_opquast` | Quality Auditor | Deep Opquast compliance audit with 14 thematic checklists |
+| `opo` | Quality Validator | Web quality against 369 Certix rules |
+| `audit_certix` | Quality Auditor | Deep Certix compliance audit with 5 profile checklists |
 | `ebios_rm_audit` | Risk Analyst | EBIOS Risk Manager methodology (ANSSI) — formal risk analysis |
 | `security_hardening` | Hardening Planner | Security improvement chantiers |
 | `doc_refactor` | Doc Auditor | Documentation accuracy audit vs actual code |
@@ -171,7 +171,7 @@ Each skill returns a complete prompt that transforms your AI into a specialist.
 | `test_coverage` | 68 | Test inventory — frontend/backend coverage quality |
 | `perf` | 90 | Performance — frontend, backend, build/bundle |
 | `debt` | 55 | Technical debt — dead code, dependency health, code smells |
-| `karukia_scan` | 1673+ | **Global scan** — all 11 dimensions in parallel |
+| `karukia_scan` | 1797+ | **Global scan** — all 11 dimensions in parallel |
 | `audit_expert_hds` | 200+ | Expert HDS 2.0/ISO 27001 — 8 domains, certification readiness |
 | `change_report` | — | Change management report (ISO 27001 A.8.32) |
@@ -179,7 +179,7 @@ Each skill returns a complete prompt that transforms your AI into a specialist.
 | Tool | Description |
 |------|-------------|
-| `list_checklists` | Browse all 31 checklists by category |
+| `list_checklists` | Browse all 22 checklists by category |
 | `suggest_checklists` | Describe your project — get a prioritized audit plan |
 | `generate_report` | Compile audit results into a scored Markdown report |
@@ -193,7 +193,7 @@ Each skill returns a complete prompt that transforms your AI into a specialist.
 ---
-## 31 Checklists
+## 22 Checklists
 ### Defensive Security (Neo) — 6 checklists, 445 controls
@@ -206,11 +206,9 @@ Each skill returns a complete prompt that transforms your AI into a specialist.
 | **PCI-DSS v4.0** | 97 | Payment processing |
 | **HIPAA** | 67 | Health data, US |
-### Web Quality (Opquast) — 14 checklists, 245 rules
+### Web Quality (Certix) — 5 checklists, 369 rules
-Content, personal data, e-commerce, forms, identity, images, internationalization, links, navigation, newsletter, presentation, security UX, server performance, and code structure.
-Based on [Opquast](https://www.opquast.com/) — the French web quality reference used by 15,000+ professionals.
+Five profile-based checklists covering all aspects of web quality: DEV (development), UX (user experience), CONT (content), OPS (operations), and JUR (legal/compliance).
 ### Offensive Security (Viper) — 4 checklists, 245+ tests
@@ -285,7 +283,7 @@ Built from the experience of securing a healthcare SaaS application for HDS 2.0
 KARUKIA is a structured AI-assisted development methodology built around three principles:
 1. **Separation of concerns** — Security, quality, and implementation are separate disciplines handled by separate AI personas.
-2. **Formal checkpoints over gut feeling** — 1673+ documented checkpoints beat "I think it's fine."
+2. **Formal checkpoints over gut feeling** — 1797+ documented checkpoints beat "I think it's fine."
 3. **Defense in depth** — Defensive audit first, quality validation second, offensive testing last.
 Built from real-world experience securing a healthcare SaaS application to HDS 2.0 / ISO 27001 standards.
@@ -294,11 +292,9 @@ Built from real-world experience securing a healthcare SaaS application to HDS 2
 ## Privacy & Data Handling
-- **KARUKIA MCP does not store any user data server-side.** In stdio mode (default via `npx`), the server is stateless — no data leaves your machine.
-- **Generated prompts** are returned to your AI client (Claude, GPT, Cursor, etc.). Do not include real health data, credentials, or sensitive personal information in tool call arguments (e.g., the `scope`, `task`, or `period` fields).
-- **HTTP mode** (`start:http`): request logs contain session metadata (tool name, duration, HTTP status) but never the content of requests or generated prompts. Sensitive headers (`Authorization`, `Mcp-Session-Id`) are automatically redacted in logs.
-- **Session memory files** (stored in `karukia/memory/sessions/` on your machine): follow the retention policy documented in [`karukia/config/session-retention.md`](./karukia/config/session-retention.md). For teams in regulated sectors: do not store real patient data or PHI in session files.
-- **For teams in regulated sectors (healthcare, finance)**: use stdio mode (local) for maximum data isolation, or contact contact@karukia.com for the managed offering.
+- **KARUKIA runs 100% locally on your machine.** No server, no account, no telemetry. Nothing leaves your machine.
+- **Generated prompts** are returned to your AI client (Claude, Cursor, Windsurf, etc.). Do not include real health data, credentials, or sensitive personal information in tool call arguments.
+- **Session memory files** (stored locally in `karukia/memory/sessions/`): these are on your machine only. For teams in regulated sectors: do not store real patient data or PHI in session files.
 ---
@@ -322,7 +318,7 @@ If your company or consulting firm uses KARUKIA for production work or deploys i
 | **Business** | 12 000 | Up to 50 developers |
 | **Enterprise** | 20 000 | Unlimited developers + priority support |
-All plans include: full access to all 26 tools, 19 skills, 1673+ checkpoints across 11 audit dimensions, and all updates for the license duration. Annual license, renewable.
+All plans include: full access to all 26 tools, 19 skills, 1797+ checkpoints across 11 audit dimensions, and all updates for the license duration. Annual license, renewable.
 **Contact:** contact@karukia.com