sigmap 8.1.0 → 8.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -10,6 +10,13 @@ Format: [Semantic Versioning](https://semver.org/)
10
10
 
11
11
  ---
12
12
 
13
+ ## [8.2.0] — 2026-07-04
14
+
15
+ Minor release — **`verify_suggestion` MCP tool: the grounding moat, made consumable by agents.** v8.1.0 built local-library grounding inside the `verify-ai-output` CLI; this exposes it as the **18th MCP tool**, so a coding agent can verify its own generated code against the repo **and the libraries actually installed** in `node_modules` — *before it writes* — and get back the flagged issues plus the pinned versions it verified against (D8).
16
+
17
+ ### Added
18
+ - **`verify_suggestion` MCP tool (#409, PR #410):** ground an AI code suggestion before writing it. `verify_suggestion({ code })` runs the Hallucination Guard against the repo signature index **and** the installed-library symbol index (the G5/D5 moat), returning a clean/✗ verdict, one line per issue (fake file / import / symbol / npm-script, with closest-match suggestions), and a **D8** line listing the installed libraries it verified against with pinned versions (`name@version`). Deterministic, offline, zero-dependency. Reuses the shipped `verify()` core; graceful on missing/empty `code`. MCP surface **17 → 18 tools**.
19
+
13
20
  ## [8.1.0] — 2026-07-04
14
21
 
15
22
  Minor release — **v9.0 G5/D5: the local-library signature index (the private-API grounding moat, v1).** SigMap's hallucination guard can now verify AI suggestions against the libraries **actually installed** in `node_modules`, not just declared dependency *names*. This is a capability no competitor offers — Context7 knows only *public* library docs; SigMap grounds against the real installed tree. Local, zero-dependency, deterministic (byte-stable given a fixed installed tree).
package/README.md CHANGED
@@ -98,7 +98,7 @@ Ask → Rank → Context → Validate → Judge → Learn
98
98
 
99
99
  <!--SM:benchmarkBlock-->
100
100
  ```
101
- Benchmark : sigmap-v8.1-main (21 repositories, including R language)
101
+ Benchmark : sigmap-v8.2-main (21 repositories, including R language)
102
102
  Date : 2026-07-04
103
103
 
104
104
  Hit@5 : 86.7% (baseline 13.6% — 6.4× lift)
@@ -198,7 +198,7 @@ Use SigMap with open-source tools and fully self-hosted setups:
198
198
  | **JetBrains** | [Marketplace](https://plugins.jetbrains.com/plugin/31109-sigmap--ai-context-engine/) | [github.com/manojmallick/sigmap-jetbrains](https://github.com/manojmallick/sigmap-jetbrains) | IntelliJ IDEA, WebStorm, PyCharm, GoLand — tool window + actions |
199
199
  | **Neovim** | lazy.nvim / packer / vim-plug | [github.com/manojmallick/sigmap.nvim](https://github.com/manojmallick/sigmap.nvim) | `:SigMap`, `:SigMapQuery` float window, statusline widget |
200
200
 
201
- **MCP server** — 17 on-demand tools for Claude Code and Cursor:
201
+ **MCP server** — 18 on-demand tools for Claude Code and Cursor:
202
202
 
203
203
  ```bash
204
204
  sigmap --mcp
package/gen-context.js CHANGED
@@ -12892,7 +12892,52 @@ __factories["./src/mcp/handlers"] = function(module, exports) {
12892
12892
  }
12893
12893
  }
12894
12894
 
12895
- module.exports = { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview };
12895
+ /**
12896
+ * verify_suggestion({ code }) → string
12897
+ *
12898
+ * Ground an AI code suggestion before it is written: run the Hallucination
12899
+ * Guard against the repo AND the installed-library symbol index (the moat), and
12900
+ * render a verdict + issues + the installed libraries verified against (pinned
12901
+ * versions, D8). Deterministic, offline.
12902
+ */
12903
+ function verifySuggestion(args, cwd) {
12904
+ const code = args && typeof args.code === 'string' ? args.code : '';
12905
+ if (!code.trim()) {
12906
+ return 'Usage: verify_suggestion({ code: "<AI-suggested code or answer>" }) — provide the snippet to verify against the repo + installed libraries.';
12907
+ }
12908
+
12909
+ let result;
12910
+ try {
12911
+ const { verify } = __require('./src/verify/hallucination-guard');
12912
+ result = verify(code, cwd);
12913
+ } catch (err) {
12914
+ return `_verify_suggestion failed: ${err.message}_`;
12915
+ }
12916
+
12917
+ const { issues, summary } = result;
12918
+ const out = [];
12919
+ if (summary.clean) {
12920
+ out.push('✓ Grounded — no fake files, imports, symbols, or scripts detected.');
12921
+ } else {
12922
+ out.push(`✗ ${summary.total} issue(s) found:`);
12923
+ for (const i of issues) {
12924
+ out.push(` L${i.line} [${i.type}] ${i.message}`);
12925
+ if (i.suggestion) out.push(` ↳ ${i.suggestion}`);
12926
+ }
12927
+ }
12928
+
12929
+ // D8: report the installed libraries the suggestion was verified against.
12930
+ const pins = (summary.libraries || []).filter((l) => l.version).map((l) => `${l.name}@${l.version}`);
12931
+ const n = summary.librariesIndexed || 0;
12932
+ out.push('');
12933
+ out.push(
12934
+ `Grounded against ${summary.symbolsIndexed} repo + library symbol(s)` +
12935
+ (n ? ` · ${n} installed librar${n === 1 ? 'y' : 'ies'}${pins.length ? ': ' + pins.join(', ') : ''}` : '')
12936
+ );
12937
+ return out.join('\n');
12938
+ }
12939
+
12940
+ module.exports = { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview, verifySuggestion };
12896
12941
 
12897
12942
  };
12898
12943
 
@@ -13053,17 +13098,17 @@ __factories["./src/mcp/server"] = function(module, exports) {
13053
13098
  *
13054
13099
  * Supported methods:
13055
13100
  * initialize → serverInfo + capabilities
13056
- * tools/list → 17 tool definitions
13101
+ * tools/list → 18 tool definitions
13057
13102
  * tools/call → dispatch to handler, return result
13058
13103
  */
13059
13104
 
13060
13105
  const readline = require('readline');
13061
13106
  const { TOOLS } = __require('./src/mcp/tools');
13062
- const { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview } = __require('./src/mcp/handlers');
13107
+ const { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview, verifySuggestion } = __require('./src/mcp/handlers');
13063
13108
 
13064
13109
  const SERVER_INFO = {
13065
13110
  name: 'sigmap',
13066
- version: '8.1.0',
13111
+ version: '8.2.0',
13067
13112
  description: 'SigMap MCP server — code signatures on demand',
13068
13113
  };
13069
13114
 
@@ -13128,6 +13173,7 @@ __factories["./src/mcp/server"] = function(module, exports) {
13128
13173
  else if (name === 'sigmap_notify_file_deleted') text = notifyFileDeleted(args, cwd);
13129
13174
  else if (name === 'get_diff_context') text = getDiffContext(args, cwd);
13130
13175
  else if (name === 'get_architecture_overview') text = getArchitectureOverview(args, cwd);
13176
+ else if (name === 'verify_suggestion') text = verifySuggestion(args, cwd);
13131
13177
  else {
13132
13178
  respondError(id, -32601, `Unknown tool: ${name}`);
13133
13179
  return;
@@ -13503,6 +13549,26 @@ __factories["./src/mcp/tools"] = function(module, exports) {
13503
13549
  required: [],
13504
13550
  },
13505
13551
  },
13552
+ {
13553
+ name: 'verify_suggestion',
13554
+ description:
13555
+ 'Ground an AI code suggestion before writing it: verify a snippet or answer against the ' +
13556
+ 'repository AND the libraries actually installed in node_modules (the grounding moat). ' +
13557
+ 'Flags fake file paths, unresolvable imports, symbols absent from both the repo index and ' +
13558
+ 'the installed libraries, and non-existent npm scripts — deterministic, offline, no LLM. ' +
13559
+ 'Reports the installed libraries it verified against with pinned versions.',
13560
+ inputSchema: {
13561
+ type: 'object',
13562
+ properties: {
13563
+ code: {
13564
+ type: 'string',
13565
+ description:
13566
+ 'The AI-suggested code snippet or answer text to verify against the repo + installed libraries.',
13567
+ },
13568
+ },
13569
+ required: ['code'],
13570
+ },
13571
+ },
13506
13572
  ];
13507
13573
 
13508
13574
  module.exports = { TOOLS };
@@ -17225,7 +17291,7 @@ function __tryGit(args, opts = {}) {
17225
17291
  catch (_) { return ''; }
17226
17292
  }
17227
17293
 
17228
- const VERSION = '8.1.0';
17294
+ const VERSION = '8.2.0';
17229
17295
  const MARKER = '\n\n## Auto-generated signatures\n<!-- Updated by gen-context.js -->\n';
17230
17296
 
17231
17297
  function requireSourceOrBundled(key) {
package/llms-full.txt CHANGED
@@ -11,13 +11,13 @@ ranking keeps the relevant context in scope (cutting tokens ~97% as a side
11
11
  effect), with no LLM calls, embeddings, or vector database. Works with Claude,
12
12
  Cursor, GitHub Copilot, Aider, Windsurf, local LLMs, and MCP.
13
13
 
14
- # Version: 8.1.0 | Benchmark: sigmap-v8.1-main (2026-07-04)
14
+ # Version: 8.2.0 | Benchmark: sigmap-v8.2-main (2026-07-04)
15
15
  # Source: auto-generated from package.json, version.json, benchmarks/latest.json, src/mcp/tools.js, src/config/defaults.js
16
16
  # Regenerate: npm run generate:llms | Validate: npm run validate:llms
17
17
 
18
18
  ---
19
19
 
20
- ## Core metrics (benchmark: sigmap-v8.1-main, 2026-07-04)
20
+ ## Core metrics (benchmark: sigmap-v8.2-main, 2026-07-04)
21
21
 
22
22
  | Metric | Without SigMap | With SigMap |
23
23
  |--------|----------------|-------------|
@@ -26,7 +26,7 @@ Cursor, GitHub Copilot, Aider, Windsurf, local LLMs, and MCP.
26
26
  | Task success proxy | 10% | 67.8% |
27
27
  | Prompts per task | 2.84 | 1.46 (48.8% fewer) |
28
28
  | Supported languages | — | 33 |
29
- | MCP tools | — | 17 |
29
+ | MCP tools | — | 18 |
30
30
  | npm runtime dependencies | — | 0 |
31
31
 
32
32
  ---
@@ -127,7 +127,7 @@ sigmap --version Show version
127
127
 
128
128
  ---
129
129
 
130
- ## MCP server — 17 tools
130
+ ## MCP server — 18 tools
131
131
 
132
132
  Start with `sigmap --mcp` (stdio JSON-RPC). Configure once:
133
133
 
@@ -271,6 +271,14 @@ A high-level map of the codebase in one call: module breakdown (files/tokens), t
271
271
  Input: { } (no arguments)
272
272
  ```
273
273
 
274
+ ### verify_suggestion
275
+
276
+ Ground an AI code suggestion before writing it: verify a snippet or answer against the repository AND the libraries actually installed in node_modules (the grounding moat). Flags fake file paths, unresolvable imports, symbols absent from both the repo index and the installed libraries, and non-existent npm scripts — deterministic, offline, no LLM. Reports the installed libraries it verified against with pinned versions.
277
+
278
+ ```
279
+ Input: { code: string }
280
+ ```
281
+
274
282
  ---
275
283
 
276
284
  ## Configuration (gen-context.config.json)
package/llms.txt CHANGED
@@ -11,7 +11,7 @@ ranking keeps the relevant context in scope (cutting tokens ~97% as a side
11
11
  effect), with no LLM calls, embeddings, or vector database. Works with Claude,
12
12
  Cursor, GitHub Copilot, Aider, Windsurf, local LLMs, and MCP.
13
13
 
14
- # Version: 8.1.0 | Benchmark: sigmap-v8.1-main (2026-07-04)
14
+ # Version: 8.2.0 | Benchmark: sigmap-v8.2-main (2026-07-04)
15
15
  # Source: auto-generated from package.json, version.json, benchmarks/latest.json, src/mcp/tools.js, src/config/defaults.js
16
16
  # Regenerate: npm run generate:llms | Validate: npm run validate:llms
17
17
 
@@ -23,13 +23,13 @@ Cursor, GitHub Copilot, Aider, Windsurf, local LLMs, and MCP.
23
23
  - No blast-radius awareness before editing a hub file — `--impact` shows every file a change touches.
24
24
  - Pasted stack traces, CI logs, and JSON bloat the prompt — `squeeze` minimizes them and enriches the top frame from the symbol index.
25
25
 
26
- ## Core metrics (benchmark: sigmap-v8.1-main, 2026-07-04)
26
+ ## Core metrics (benchmark: sigmap-v8.2-main, 2026-07-04)
27
27
 
28
28
  - hit@5 retrieval: 86.7% vs 13.6% random baseline (6.4× lift)
29
29
  - Token reduction: 97.0% average across benchmark repos
30
30
  - Task success: 67.8% vs 10% without SigMap
31
31
  - Prompts per task: 1.46 vs 2.84 baseline (48.8% fewer)
32
- - Languages: 33 supported · MCP tools: 17
32
+ - Languages: 33 supported · MCP tools: 18
33
33
  - Dependencies: zero npm runtime dependencies · fully offline
34
34
 
35
35
  ## Quick start
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sigmap",
3
- "version": "8.1.0",
3
+ "version": "8.2.0",
4
4
  "description": "97% token reduction for AI coding. Extracts function & class signatures with TF-IDF ranking to feed only the right files to Claude, Cursor, Copilot, Aider, Windsurf, local LLMs & MCP. Zero dependencies, runs offline via npx.",
5
5
  "main": "packages/core/index.js",
6
6
  "exports": {
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sigmap-cli",
3
- "version": "8.1.0",
3
+ "version": "8.2.0",
4
4
  "description": "SigMap CLI wrapper — thin adapter for programmatic CLI invocation",
5
5
  "main": "index.js",
6
6
  "keywords": [
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sigmap-core",
3
- "version": "8.1.0",
3
+ "version": "8.2.0",
4
4
  "description": "SigMap core library — zero-dependency code signature extraction, retrieval, and security scanning",
5
5
  "main": "index.js",
6
6
  "keywords": [
@@ -853,4 +853,49 @@ function getArchitectureOverview(args, cwd) {
853
853
  }
854
854
  }
855
855
 
856
- module.exports = { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview };
856
+ /**
857
+ * verify_suggestion({ code }) → string
858
+ *
859
+ * Ground an AI code suggestion before it is written: run the Hallucination
860
+ * Guard against the repo AND the installed-library symbol index (the moat), and
861
+ * render a verdict + issues + the installed libraries verified against (pinned
862
+ * versions, D8). Deterministic, offline.
863
+ */
864
+ function verifySuggestion(args, cwd) {
865
+ const code = args && typeof args.code === 'string' ? args.code : '';
866
+ if (!code.trim()) {
867
+ return 'Usage: verify_suggestion({ code: "<AI-suggested code or answer>" }) — provide the snippet to verify against the repo + installed libraries.';
868
+ }
869
+
870
+ let result;
871
+ try {
872
+ const { verify } = require('../verify/hallucination-guard');
873
+ result = verify(code, cwd);
874
+ } catch (err) {
875
+ return `_verify_suggestion failed: ${err.message}_`;
876
+ }
877
+
878
+ const { issues, summary } = result;
879
+ const out = [];
880
+ if (summary.clean) {
881
+ out.push('✓ Grounded — no fake files, imports, symbols, or scripts detected.');
882
+ } else {
883
+ out.push(`✗ ${summary.total} issue(s) found:`);
884
+ for (const i of issues) {
885
+ out.push(` L${i.line} [${i.type}] ${i.message}`);
886
+ if (i.suggestion) out.push(` ↳ ${i.suggestion}`);
887
+ }
888
+ }
889
+
890
+ // D8: report the installed libraries the suggestion was verified against.
891
+ const pins = (summary.libraries || []).filter((l) => l.version).map((l) => `${l.name}@${l.version}`);
892
+ const n = summary.librariesIndexed || 0;
893
+ out.push('');
894
+ out.push(
895
+ `Grounded against ${summary.symbolsIndexed} repo + library symbol(s)` +
896
+ (n ? ` · ${n} installed librar${n === 1 ? 'y' : 'ies'}${pins.length ? ': ' + pins.join(', ') : ''}` : '')
897
+ );
898
+ return out.join('\n');
899
+ }
900
+
901
+ module.exports = { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview, verifySuggestion };
package/src/mcp/server.js CHANGED
@@ -8,17 +8,17 @@
8
8
  *
9
9
  * Supported methods:
10
10
  * initialize → serverInfo + capabilities
11
- * tools/list → 17 tool definitions
11
+ * tools/list → 18 tool definitions
12
12
  * tools/call → dispatch to handler, return result
13
13
  */
14
14
 
15
15
  const readline = require('readline');
16
16
  const { TOOLS } = require('./tools');
17
- const { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview } = require('./handlers');
17
+ const { readContext, searchSignatures, getMap, createCheckpoint, getRouting, explainFile, listModules, queryContext, getImpact, getLines, readMemory, getCalleeSignatures, notifyFileCreated, notifySymbolAdded, notifyFileDeleted, getDiffContext, getArchitectureOverview, verifySuggestion } = require('./handlers');
18
18
 
19
19
  const SERVER_INFO = {
20
20
  name: 'sigmap',
21
- version: '8.1.0',
21
+ version: '8.2.0',
22
22
  description: 'SigMap MCP server — code signatures on demand',
23
23
  };
24
24
 
@@ -83,6 +83,7 @@ function dispatch(msg, cwd) {
83
83
  else if (name === 'sigmap_notify_file_deleted') text = notifyFileDeleted(args, cwd);
84
84
  else if (name === 'get_diff_context') text = getDiffContext(args, cwd);
85
85
  else if (name === 'get_architecture_overview') text = getArchitectureOverview(args, cwd);
86
+ else if (name === 'verify_suggestion') text = verifySuggestion(args, cwd);
86
87
  else {
87
88
  respondError(id, -32601, `Unknown tool: ${name}`);
88
89
  return;
package/src/mcp/tools.js CHANGED
@@ -316,6 +316,26 @@ const TOOLS = [
316
316
  required: [],
317
317
  },
318
318
  },
319
+ {
320
+ name: 'verify_suggestion',
321
+ description:
322
+ 'Ground an AI code suggestion before writing it: verify a snippet or answer against the ' +
323
+ 'repository AND the libraries actually installed in node_modules (the grounding moat). ' +
324
+ 'Flags fake file paths, unresolvable imports, symbols absent from both the repo index and ' +
325
+ 'the installed libraries, and non-existent npm scripts — deterministic, offline, no LLM. ' +
326
+ 'Reports the installed libraries it verified against with pinned versions.',
327
+ inputSchema: {
328
+ type: 'object',
329
+ properties: {
330
+ code: {
331
+ type: 'string',
332
+ description:
333
+ 'The AI-suggested code snippet or answer text to verify against the repo + installed libraries.',
334
+ },
335
+ },
336
+ required: ['code'],
337
+ },
338
+ },
319
339
  ];
320
340
 
321
341
  module.exports = { TOOLS };