sp-rag 0.6.15 → 0.6.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,20 +1,20 @@
1
- # `sp-rag`
2
-
3
- ## Context boundary
4
-
5
- `sp-rag` exists to connect IDEs/agents to SP-RAG evidence for the `seo-booster`
6
- application.
7
-
8
- - `graphrag-core` is the SP-RAG platform and knowledge runtime.
9
- - `seo-booster` is the target application and source workspace for app/business review.
10
- - `GitNexus`/codegraph references are platform internals or artifact sources, not
11
- the project to review unless the task explicitly asks for codegraph debugging.
12
- - For project-scoped installs, use `--cwd <seo-booster-workspace>`.
13
- - Do not install project-scoped VS Code/Cursor/Claude config into `<graphrag-core-workspace>` when the goal is to review `seo-booster`.
14
- - Use `<graphrag-core-workspace>` as `--cwd` only when developing or debugging this SP-RAG platform itself.
15
- - `<seo-booster-workspace>` and `<graphrag-core-workspace>` are placeholders, not literal paths. Replace them with the local checkout path on each machine, or omit `--cwd` when already inside the target repo.
16
-
17
- Canonical boundary doc: [../../docs/runbooks/sp-rag-seo-booster-boundary.md](../../docs/runbooks/sp-rag-seo-booster-boundary.md)
1
+ # `sp-rag`
2
+
3
+ ## Context boundary
4
+
5
+ `sp-rag` exists to connect IDEs/agents to SP-RAG evidence for the `seo-booster`
6
+ application.
7
+
8
+ - `graphrag-core` is the SP-RAG platform and knowledge runtime.
9
+ - `seo-booster` is the target application and source workspace for app/business review.
10
+ - `GitNexus`/codegraph references are platform internals or artifact sources, not
11
+ the project to review unless the task explicitly asks for codegraph debugging.
12
+ - For project-scoped installs, use `--cwd <seo-booster-workspace>`.
13
+ - Do not install project-scoped VS Code/Cursor/Claude config into `<graphrag-core-workspace>` when the goal is to review `seo-booster`.
14
+ - Use `<graphrag-core-workspace>` as `--cwd` only when developing or debugging this SP-RAG platform itself.
15
+ - `<seo-booster-workspace>` and `<graphrag-core-workspace>` are placeholders, not literal paths. Replace them with the local checkout path on each machine, or omit `--cwd` when already inside the target repo.
16
+
17
+ Canonical boundary doc: [../../docs/runbooks/sp-rag-seo-booster-boundary.md](../../docs/runbooks/sp-rag-seo-booster-boundary.md)
18
18
 
19
19
  CLI để setup nhanh SP-RAG theo hướng dev-friendly:
20
20
 
@@ -33,7 +33,8 @@ CLI để setup nhanh SP-RAG theo hướng dev-friendly:
33
33
  ## Trạng thái package
34
34
 
35
35
  - package npm public: `sp-rag`
36
- - version đang publish: `0.6.15`
36
+ - version trong repo: `0.6.17`
37
+ - npm latest hiện tại: `0.6.17`
37
38
  - binary public: `sp-rag`
38
39
 
39
40
  ## Cài từ source trong monorepo
@@ -48,15 +49,15 @@ node dist/index.js doctor
48
49
 
49
50
  ## Cài nhanh qua `npx`
50
51
 
51
- ```bash
52
- npx sp-rag@latest token add --token <grc_pat_...>
53
- npx sp-rag@latest install --client codex --doctor
54
- npx sp-rag@latest install --client cursor --cwd <seo-booster-workspace>
55
- npx sp-rag@latest install --client vscode --cwd <seo-booster-workspace>
56
- npx sp-rag@latest add --client claude-code --scope project --cwd <seo-booster-workspace>
57
- npx sp-rag@latest update --client claude-code --scope project --cwd <seo-booster-workspace>
58
- npx sp-rag@latest uninstall --client claude-code --scope project --cwd <seo-booster-workspace>
59
- npx sp-rag@latest explain --client vscode --scope project --cwd <seo-booster-workspace>
52
+ ```bash
53
+ npx sp-rag@latest token add --token <grc_pat_...>
54
+ npx sp-rag@latest install --client codex --doctor
55
+ npx sp-rag@latest install --client cursor --cwd <seo-booster-workspace>
56
+ npx sp-rag@latest install --client vscode --cwd <seo-booster-workspace>
57
+ npx sp-rag@latest add --client claude-code --scope project --cwd <seo-booster-workspace>
58
+ npx sp-rag@latest update --client claude-code --scope project --cwd <seo-booster-workspace>
59
+ npx sp-rag@latest uninstall --client claude-code --scope project --cwd <seo-booster-workspace>
60
+ npx sp-rag@latest explain --client vscode --scope project --cwd <seo-booster-workspace>
60
61
  npx sp-rag@latest token add --token <grc_pat_...>
61
62
  npx sp-rag@latest token verify --token <grc_pat_...>
62
63
  npx sp-rag@latest mcp add antigravity
@@ -67,13 +68,13 @@ npx sp-rag@latest skill install --client vscode --scope project --cwd <seo-boost
67
68
 
68
69
  Tương đương bằng `npm`:
69
70
 
70
- ```bash
71
- npm exec --yes sp-rag@latest token add -- --token <grc_pat_...>
72
- npm exec --yes sp-rag@latest install -- --client codex --doctor
73
- npm exec --yes sp-rag@latest add -- --client claude-code --scope project --cwd <seo-booster-workspace>
74
- npm exec --yes sp-rag@latest update -- --client claude-code --scope project --cwd <seo-booster-workspace>
75
- npm exec --yes sp-rag@latest uninstall -- --client claude-code --scope project --cwd <seo-booster-workspace>
76
- npm exec --yes sp-rag@latest explain -- --client vscode --scope project --cwd <seo-booster-workspace>
71
+ ```bash
72
+ npm exec --yes sp-rag@latest token add -- --token <grc_pat_...>
73
+ npm exec --yes sp-rag@latest install -- --client codex --doctor
74
+ npm exec --yes sp-rag@latest add -- --client claude-code --scope project --cwd <seo-booster-workspace>
75
+ npm exec --yes sp-rag@latest update -- --client claude-code --scope project --cwd <seo-booster-workspace>
76
+ npm exec --yes sp-rag@latest uninstall -- --client claude-code --scope project --cwd <seo-booster-workspace>
77
+ npm exec --yes sp-rag@latest explain -- --client vscode --scope project --cwd <seo-booster-workspace>
77
78
  npm exec --yes sp-rag@latest token add -- --token <grc_pat_...>
78
79
  npm exec --yes sp-rag@latest token verify -- --token <grc_pat_...>
79
80
  ```
@@ -82,32 +83,32 @@ npm exec --yes sp-rag@latest token verify -- --token <grc_pat_...>
82
83
 
83
84
  Flow khuyên dùng sau khi đã có `grc_pat_*`:
84
85
 
85
- 1. chạy `sp-rag token add --token <grc_pat_...>` đúng một lần để lưu token
86
- 2. chạy `install` cho client đầu tiên, không cần kèm `--mcp-token`
87
- 3. từ lần sau, dùng `add --client ...` để cài thêm MCP + skill cho client khác mà không phải nhập lại token
88
- 4. khi muốn cập nhật lại MCP + skill mà giữ token cũ, dùng `update`
89
- 5. khi muốn gỡ sạch MCP + skill + config CLI do `sp-rag` tạo, dùng `uninstall`
90
- 6. khi chỉ muốn làm một nửa, dùng `mcp add` hoặc `skill install`
91
- 7. khi đổi token, chỉ cần `token add`
92
- 8. khi muốn kiểm tra máy đang được cấu hình ra sao, dùng `explain`
86
+ 1. chạy `sp-rag token add --token <grc_pat_...>` đúng một lần để lưu token
87
+ 2. chạy `install` cho client đầu tiên, không cần kèm `--mcp-token`
88
+ 3. từ lần sau, dùng `add --client ...` để cài thêm MCP + skill cho client khác mà không phải nhập lại token
89
+ 4. khi muốn cập nhật lại MCP + skill mà giữ token cũ, dùng `update`
90
+ 5. khi muốn gỡ sạch MCP + skill + config CLI do `sp-rag` tạo, dùng `uninstall`
91
+ 6. khi chỉ muốn làm một nửa, dùng `mcp add` hoặc `skill install`
92
+ 7. khi đổi token, chỉ cần `token add`
93
+ 8. khi muốn kiểm tra máy đang được cấu hình ra sao, dùng `explain`
93
94
 
94
95
  Ghi chú:
95
96
 
96
- - với `cursor` và `vscode` ở `scope project`, nếu Sếpp đang đứng sẵn trong repo thì có thể bỏ `--cwd`
97
- - CLI sẽ tự dùng thư mục hiện tại cho cả MCP lẫn skill
98
- - `update` sẽ tự tính lại target project từ `--cwd` hoặc thư mục hiện tại, không dùng target cũ lệch project nếu user không truyền `--target-dir`
99
- - rule/agent mới route theo intent: feature/domain/docs thì MCP trước, còn edit/debug/current-code thì kiểm tra workspace trước
100
- - skill mới dùng hướng MCP-grounded + workspace-verified: tổng hợp từ `matched_passages`, `top_entities`, `top_relations`, `citations`, không bê nguyên `answer_brief`, và đối chiếu lại `git status --short`/file hiện tại khi cần
97
+ - với `cursor` và `vscode` ở `scope project`, nếu Sếpp đang đứng sẵn trong repo thì có thể bỏ `--cwd`
98
+ - CLI sẽ tự dùng thư mục hiện tại cho cả MCP lẫn skill
99
+ - `update` sẽ tự tính lại target project từ `--cwd` hoặc thư mục hiện tại, không dùng target cũ lệch project nếu user không truyền `--target-dir`
100
+ - rule/agent mới route theo intent: feature/domain/docs thì MCP trước, còn edit/debug/current-code thì kiểm tra workspace trước
101
+ - skill mới dùng hướng MCP-grounded + workspace-verified: tổng hợp từ `matched_passages`, `top_entities`, `top_relations`, `citations`, không bê nguyên `answer_brief`, và đối chiếu lại `git status --short`/file hiện tại khi cần
101
102
 
102
103
  Ví dụ:
103
104
 
104
- ```bash
105
- sp-rag token add --token <grc_pat_...>
106
- sp-rag install --client vscode --cwd <seo-booster-workspace> --doctor
107
- sp-rag add --client cursor --cwd <seo-booster-workspace>
108
- sp-rag update --client vscode --cwd <seo-booster-workspace>
109
- sp-rag uninstall --client claude-code --scope project --cwd <seo-booster-workspace>
110
- sp-rag mcp add antigravity
105
+ ```bash
106
+ sp-rag token add --token <grc_pat_...>
107
+ sp-rag install --client vscode --cwd <seo-booster-workspace> --doctor
108
+ sp-rag add --client cursor --cwd <seo-booster-workspace>
109
+ sp-rag update --client vscode --cwd <seo-booster-workspace>
110
+ sp-rag uninstall --client claude-code --scope project --cwd <seo-booster-workspace>
111
+ sp-rag mcp add antigravity
111
112
  sp-rag skill install --client vscode --scope project --cwd <seo-booster-workspace>
112
113
  sp-rag token add --token <grc_pat_moi>
113
114
  sp-rag explain --client vscode --scope project --cwd <seo-booster-workspace>
@@ -141,7 +142,7 @@ Tự tạo PAT bằng API hiện có:
141
142
  Ví dụ đầy đủ:
142
143
 
143
144
  ```bash
144
- curl -X POST https://sp-rag.secomapp.com/api/v1/account/login \
145
+ curl -X POST https://sb-rag.pielab.io/api/v1/account/login \
145
146
  -H "Content-Type: application/json" \
146
147
  -d '{"email":"dev@example.com","password":"<mật-khẩu>"}'
147
148
  ```
@@ -149,7 +150,7 @@ curl -X POST https://sp-rag.secomapp.com/api/v1/account/login \
149
150
  Lấy `session_token`, rồi gọi tiếp:
150
151
 
151
152
  ```bash
152
- curl -X POST https://sp-rag.secomapp.com/api/v1/account/personal-access-tokens \
153
+ curl -X POST https://sb-rag.pielab.io/api/v1/account/personal-access-tokens \
153
154
  -H "Authorization: Bearer <grc_sess_...>" \
154
155
  -H "Content-Type: application/json" \
155
156
  -d '{"label":"SP-RAG CLI","expires_in_days":30}'
@@ -157,14 +158,14 @@ curl -X POST https://sp-rag.secomapp.com/api/v1/account/personal-access-tokens \
157
158
 
158
159
  Response sẽ trả `generated_token`, chính là token `grc_pat_*` để đưa vào `sp-rag`.
159
160
 
160
- Ví dụ dev lưu token một lần rồi cài client:
161
-
162
- ```bash
163
- npx sp-rag@latest token add --token <grc_pat_...>
164
- npx sp-rag@latest install --client cursor --cwd <seo-booster-workspace>
165
- npx sp-rag@latest token verify --token <grc_pat_...>
166
- npx sp-rag@latest explain --client cursor --scope project --cwd <seo-booster-workspace>
167
- ```
161
+ Ví dụ dev lưu token một lần rồi cài client:
162
+
163
+ ```bash
164
+ npx sp-rag@latest token add --token <grc_pat_...>
165
+ npx sp-rag@latest install --client cursor --cwd <seo-booster-workspace>
166
+ npx sp-rag@latest token verify --token <grc_pat_...>
167
+ npx sp-rag@latest explain --client cursor --scope project --cwd <seo-booster-workspace>
168
+ ```
168
169
 
169
170
  Hoặc dùng biến môi trường:
170
171
 
@@ -216,8 +217,8 @@ Ghi chú:
216
217
  ### Skill / rule / custom agent
217
218
 
218
219
  - `codex`: `~/.codex/skills/sp-rag/SKILL.md`
219
- - `claude-code` project: `.claude/skills/sp-rag/SKILL.md`
220
- - `claude-code` global skill-only override: `~/.claude/skills/sp-rag/SKILL.md`
220
+ - `claude-code` project: `.claude/skills/sp-rag/SKILL.md`
221
+ - `claude-code` global skill-only override: `~/.claude/skills/sp-rag/SKILL.md`
221
222
  - `antigravity`: `~/.gemini/antigravity/skills/sp-rag/SKILL.md`
222
223
  - `opencode`: `~/.config/opencode/skills/sp-rag/SKILL.md`
223
224
  - `cursor` project: `.cursor/rules/sp-rag.mdc`
@@ -226,14 +227,14 @@ Ghi chú:
226
227
 
227
228
  ## Luồng khuyên dùng cho dev mới
228
229
 
229
- ```bash
230
- sp-rag token add --token <grc_pat_...>
231
- sp-rag install --client codex --doctor
232
- sp-rag add --client cursor --cwd <seo-booster-workspace>
233
- sp-rag update --client cursor --cwd <seo-booster-workspace>
234
- sp-rag uninstall --client cursor --scope project --cwd <seo-booster-workspace>
235
- sp-rag explain --client codex
236
- sp-rag token verify --token <grc_pat_...>
230
+ ```bash
231
+ sp-rag token add --token <grc_pat_...>
232
+ sp-rag install --client codex --doctor
233
+ sp-rag add --client cursor --cwd <seo-booster-workspace>
234
+ sp-rag update --client cursor --cwd <seo-booster-workspace>
235
+ sp-rag uninstall --client cursor --scope project --cwd <seo-booster-workspace>
236
+ sp-rag explain --client codex
237
+ sp-rag token verify --token <grc_pat_...>
237
238
  sp-rag config show
238
239
  sp-rag codegraph status
239
240
  sp-rag codegraph watch --interval-ms 2000
@@ -245,25 +246,25 @@ sp-rag mcp add vscode --scope project --cwd <seo-booster-workspace>
245
246
  sp-rag mcp add opencode --scope project --cwd <seo-booster-workspace>
246
247
  sp-rag skill install --client codex
247
248
  sp-rag skill install --client cursor --scope project --cwd <seo-booster-workspace>
248
- sp-rag skill install --client vscode --scope project --cwd <seo-booster-workspace>
249
- sp-rag eval run --file ./examples/eval-suite.sample.json
250
- sp-rag update --client vscode --scope project --cwd <seo-booster-workspace>
251
- sp-rag uninstall --client vscode --scope project --cwd <seo-booster-workspace>
249
+ sp-rag skill install --client vscode --scope project --cwd <seo-booster-workspace>
250
+ sp-rag eval run --file ./examples/eval-suite.sample.json
251
+ sp-rag update --client vscode --scope project --cwd <seo-booster-workspace>
252
+ sp-rag uninstall --client vscode --scope project --cwd <seo-booster-workspace>
252
253
  ```
253
254
 
254
255
  ## Lệnh chính
255
256
 
256
- ```bash
257
- sp-rag token add --token <grc_pat_...>
258
- sp-rag install --client codex --doctor
259
- sp-rag add --client cursor --cwd <seo-booster-workspace>
260
- sp-rag explain --client codex
261
- sp-rag token verify --token <grc_pat_...>
262
- sp-rag config show
263
- sp-rag doctor
264
- sp-rag audit install --client codex
265
- sp-rag audit signal --file ./sp-audit-signal.json
266
- sp-rag codegraph status
257
+ ```bash
258
+ sp-rag token add --token <grc_pat_...>
259
+ sp-rag install --client codex --doctor
260
+ sp-rag add --client cursor --cwd <seo-booster-workspace>
261
+ sp-rag explain --client codex
262
+ sp-rag token verify --token <grc_pat_...>
263
+ sp-rag config show
264
+ sp-rag doctor
265
+ sp-rag audit install --client codex
266
+ sp-rag audit signal --file ./sp-audit-signal.json
267
+ sp-rag codegraph status
267
268
  sp-rag codegraph watch --interval-ms 2000
268
269
  sp-rag codegraph runs --limit 10
269
270
  sp-rag codegraph metrics
@@ -277,10 +278,10 @@ sp-rag mcp add opencode --scope project --cwd <seo-booster-workspace>
277
278
  sp-rag skill install --client codex
278
279
  sp-rag skill install --client cursor --scope project --cwd <seo-booster-workspace>
279
280
  sp-rag skill install --client vscode --scope project --cwd <seo-booster-workspace>
280
- sp-rag eval run --file ./examples/eval-suite.sample.json
281
- sp-rag update --client codex
282
- sp-rag update setup --client codex
283
- sp-rag uninstall --client codex
281
+ sp-rag eval run --file ./examples/eval-suite.sample.json
282
+ sp-rag update --client codex
283
+ sp-rag update setup --client codex
284
+ sp-rag uninstall --client codex
284
285
  ```
285
286
 
286
287
  ## `doctor` kiểm gì
@@ -292,6 +293,7 @@ sp-rag uninstall --client codex
292
293
  - IDE đang nhìn vào file nào
293
294
  - server entry nào được match theo alias hoặc theo endpoint
294
295
  - `Authorization` đang là token literal, env var hợp lệ, hay đang thiếu
296
+ - riêng Codex, xác nhận `bearer_token_env_var`/`http_headers` thay vì legacy `[mcp_servers.<alias>.headers]`
295
297
  - khả năng IDE sẽ bật link đăng nhập OAuth
296
298
 
297
299
  Ví dụ:
@@ -324,53 +326,57 @@ CLI có thể lưu thêm:
324
326
 
325
327
  Giá trị mặc định:
326
328
 
327
- - base URL: `https://sp-rag.secomapp.com`
328
- - MCP URL: `https://sp-rag.secomapp.com/mcp`
329
- - alias MCP: `sp-rag`
330
-
331
- ## Audit workflow `sp-rag audit`
332
-
333
- `sp-audit` khong phai la CLI moi. No la skill/agent workflow duoc cai bang
334
- CLI hien tai `sp-rag`.
335
-
336
- Lenh chuan de cai audit workflow:
337
-
338
- ```bash
339
- sp-rag audit install --client codex
340
- ```
341
-
342
- Lenh nay:
343
-
344
- - cai MCP config cho client da chon
345
- - cai native skill/rule/custom agent `sp-audit`
346
- - tai su dung config/token cua `sp-rag`
347
- - van la cung binary `sp-rag`, tuong tu `sp-rag add` hay `sp-rag doctor`
348
- - neu token chua duoc luu, chay `sp-rag token add --token <grc_pat_...>` mot lan truoc do
349
- - scope mac dinh suy theo client: `codex` la global, `cursor`/`vscode` la project
350
-
351
- Neu chi muon cai lai skill audit ma khong cham vao MCP config, co the dung
352
- low-level command:
353
-
354
- ```bash
355
- sp-rag skill install --client codex --name sp-audit
356
- ```
357
-
358
- Day JSON signal do `sp-audit` tao ra vao server memory import path:
359
-
360
- ```bash
361
- sp-rag audit signal --file ./sp-audit-signal.json
362
- ```
363
-
364
- Native paths cua audit workflow:
365
-
366
- - Codex: `~/.codex/skills/sp-audit/SKILL.md`
367
- - Claude Code: `.claude/skills/sp-audit/SKILL.md` hoac `~/.claude/skills/sp-audit/SKILL.md`
368
- - Antigravity: `~/.gemini/antigravity/skills/sp-audit/SKILL.md`
369
- - OpenCode: `~/.config/opencode/skills/sp-audit/SKILL.md`
370
- - Cursor: `.cursor/rules/sp-audit.mdc`
371
- - VS Code: `.github/agents/sp-audit.agent.md` hoac `~/.copilot/agents/sp-audit.agent.md`
372
-
373
- Chi tiet: [Runbook `sp-rag audit`](../../docs/runbooks/sp-audit.md).
329
+ - base URL: `https://sb-rag.pielab.io`
330
+ - MCP URL: `https://sb-rag.pielab.io/mcp`
331
+ - alias MCP: `sp-rag`
332
+
333
+ ## Audit workflow `sp-rag audit`
334
+
335
+ `sp-audit` khong phai la CLI moi. No la skill/agent workflow duoc cai bang
336
+ CLI hien tai `sp-rag`.
337
+
338
+ Lenh chuan de cai audit workflow:
339
+
340
+ ```bash
341
+ sp-rag audit install --client codex
342
+ ```
343
+
344
+ Lenh nay:
345
+
346
+ - cai MCP config cho client da chon
347
+ - cai native skill/rule/custom agent `sp-audit`
348
+ - tai su dung config/token cua `sp-rag`
349
+ - van la cung binary `sp-rag`, tuong tu `sp-rag add` hay `sp-rag doctor`
350
+ - neu token chua duoc luu, chay `sp-rag token add --token <grc_pat_...>` mot lan truoc do
351
+ - scope mac dinh suy theo client: `codex` la global, `cursor`/`vscode` la project
352
+
353
+ Neu chi muon cai lai skill audit ma khong cham vao MCP config, co the dung
354
+ low-level command:
355
+
356
+ ```bash
357
+ sp-rag skill install --client codex --name sp-audit
358
+ ```
359
+
360
+ Day JSON signal do `sp-audit` tao ra vao server memory import path:
361
+
362
+ ```bash
363
+ sp-rag audit signal --file ./sp-audit-signal.json
364
+ ```
365
+
366
+ `audit signal` posts through the existing knowledge-source import API with
367
+ `normalizer_provider=heuristic` and `warm_cache=false`, so small audit feedback
368
+ records do not block on AI normalization or semantic-cache materialization.
369
+
370
+ Native paths cua audit workflow:
371
+
372
+ - Codex: `~/.codex/skills/sp-audit/SKILL.md`
373
+ - Claude Code: `.claude/skills/sp-audit/SKILL.md` hoac `~/.claude/skills/sp-audit/SKILL.md`
374
+ - Antigravity: `~/.gemini/antigravity/skills/sp-audit/SKILL.md`
375
+ - OpenCode: `~/.config/opencode/skills/sp-audit/SKILL.md`
376
+ - Cursor: `.cursor/rules/sp-audit.mdc`
377
+ - VS Code: `.github/agents/sp-audit.agent.md` hoac `~/.copilot/agents/sp-audit.agent.md`
378
+
379
+ Chi tiet: [Runbook `sp-rag audit`](../../docs/runbooks/sp-audit.md).
374
380
 
375
381
  ## Evaluation mẫu
376
382
 
@@ -379,7 +385,7 @@ Chi tiet: [Runbook `sp-rag audit`](../../docs/runbooks/sp-audit.md).
379
385
  ## Tài liệu thêm
380
386
 
381
387
  - [Hướng dẫn dev sử dụng SP-RAG](../../docs/runbooks/dev-usage-guide.md)
382
- - [Runbook CLI `sp-rag`](../../docs/runbooks/sp-rag-cli.md)
383
- - [Runbook `sp-rag audit`](../../docs/runbooks/sp-audit.md)
388
+ - [Runbook CLI `sp-rag`](../../docs/runbooks/sp-rag-cli.md)
389
+ - [Runbook `sp-rag audit`](../../docs/runbooks/sp-audit.md)
384
390
  - [Runbook phát hành CLI `sp-rag`](../../docs/runbooks/sp-rag-cli-release.md)
385
391
  - [Runbook MCP Public](../../docs/runbooks/mcp-public-clients.md)
package/dist/cli.js CHANGED
@@ -227,11 +227,11 @@ function helpText() {
227
227
  return `sp-rag - CLI cho setup, MCP, codegraph, eval và skill của SP-RAG
228
228
 
229
229
  Lệnh chính:
230
- sp-rag install --client codex|cursor|claude-code|antigravity|vscode|opencode [--base-url URL] [--mcp-url URL] [--scope global|project] [--mcp-token TOKEN] [--auth-env-var ENV_VAR] [--target-dir PATH] [--doctor]
231
- sp-rag add --client codex|cursor|claude-code|antigravity|vscode|opencode [--scope global|project] [--cwd PATH] [--target-dir PATH]
232
- sp-rag update [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH] [--doctor]
233
- sp-rag uninstall [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH]
234
- sp-rag init [--base-url URL] [--mcp-url URL] [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--auth-env-var ENV_VAR] [--target-dir PATH]
230
+ sp-rag install --client codex|cursor|claude-code|antigravity|vscode|opencode [--base-url URL] [--mcp-url URL] [--scope global|project] [--mcp-token TOKEN] [--auth-env-var ENV_VAR] [--target-dir PATH] [--doctor]
231
+ sp-rag add --client codex|cursor|claude-code|antigravity|vscode|opencode [--scope global|project] [--cwd PATH] [--target-dir PATH]
232
+ sp-rag update [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH] [--doctor]
233
+ sp-rag uninstall [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH]
234
+ sp-rag init [--base-url URL] [--mcp-url URL] [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--auth-env-var ENV_VAR] [--target-dir PATH]
235
235
  sp-rag token add --token TOKEN
236
236
  sp-rag token verify [--token TOKEN] [--base-url URL]
237
237
  sp-rag config show
@@ -244,12 +244,12 @@ Lệnh chính:
244
244
  sp-rag codegraph recover [--base-url URL] [--reason TEXT]
245
245
  sp-rag codegraph sync [--base-url URL] [--branch BRANCH] [--commit-sha SHA] [--force] [--webhook-token TOKEN] [--gitlab-job-token TOKEN]
246
246
  sp-rag docs get <public|function|dev> [--base-url URL] [--format md|json|html]
247
- sp-rag mcp add <codex|cursor|claude-code|antigravity|vscode|opencode> [--url URL] [--scope global|project] [--auth-env-var ENV_VAR] [--mcp-token TOKEN]
248
- sp-rag skill install [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH] [--mcp-url URL] [--docs-url URL]
249
- sp-rag audit install --client codex|cursor|claude-code|antigravity|vscode|opencode [--scope global|project] [--mcp-token TOKEN] [--auth-env-var ENV_VAR] [--target-dir PATH] [--doctor]
250
- sp-rag audit signal --file signal.json [--mcp-token TOKEN] [--external-ref REF] [--title TEXT] [--provider builtin]
251
- sp-rag eval run --file eval-suite.json [--base-url URL]
252
- sp-rag update setup [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--name sp-rag|sp-audit] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--url URL] [--auth-env-var ENV_VAR] [--target-dir PATH]
247
+ sp-rag mcp add <codex|cursor|claude-code|antigravity|vscode|opencode> [--url URL] [--scope global|project] [--auth-env-var ENV_VAR] [--mcp-token TOKEN]
248
+ sp-rag skill install [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--cwd PATH] [--target-dir PATH] [--mcp-url URL] [--docs-url URL]
249
+ sp-rag audit install --client codex|cursor|claude-code|antigravity|vscode|opencode [--scope global|project] [--mcp-token TOKEN] [--auth-env-var ENV_VAR] [--target-dir PATH] [--doctor]
250
+ sp-rag audit signal --file signal.json [--mcp-token TOKEN] [--external-ref REF] [--title TEXT] [--provider builtin]
251
+ sp-rag eval run --file eval-suite.json [--base-url URL]
252
+ sp-rag update setup [--client codex|cursor|claude-code|antigravity|vscode|opencode] [--name sp-rag|sp-audit] [--skill-client codex|cursor|claude-code|antigravity|vscode|opencode] [--scope global|project] [--url URL] [--auth-env-var ENV_VAR] [--target-dir PATH]
253
253
  `;
254
254
  }
255
255
  function buildCliConfig(defaults) {
@@ -655,6 +655,8 @@ async function runAuditSignal(parsed) {
655
655
  content_type: 'application/json',
656
656
  title_hint: titleHint,
657
657
  provider: optionString(parsed, 'provider') ?? 'builtin',
658
+ normalizer_provider: 'heuristic',
659
+ warm_cache: 'false',
658
660
  });
659
661
  const result = await fetchJson(`${defaults.baseUrl.replace(/\/+$/, '')}/api/v1/import/knowledge-source/file?${params.toString()}`, {
660
662
  method: 'POST',
@@ -62,7 +62,16 @@ function parseTomlEntries(raw) {
62
62
  const headersMatch = line.match(/^\[mcp_servers\.(?:"([^"]+)"|([^\].]+))\.headers\]$/);
63
63
  if (headersMatch) {
64
64
  currentAlias = headersMatch[1] || headersMatch[2];
65
- currentSection = 'headers';
65
+ currentSection = 'legacy_headers';
66
+ if (!entries.has(currentAlias)) {
67
+ entries.set(currentAlias, { alias: currentAlias });
68
+ }
69
+ continue;
70
+ }
71
+ const httpHeadersMatch = line.match(/^\[mcp_servers\.(?:"([^"]+)"|([^\].]+))\.http_headers\]$/);
72
+ if (httpHeadersMatch) {
73
+ currentAlias = httpHeadersMatch[1] || httpHeadersMatch[2];
74
+ currentSection = 'http_headers';
66
75
  if (!entries.has(currentAlias)) {
67
76
  entries.set(currentAlias, { alias: currentAlias });
68
77
  }
@@ -89,12 +98,21 @@ function parseTomlEntries(raw) {
89
98
  if (currentSection === 'server' && key === 'url') {
90
99
  entry.endpoint = normalizeEndpoint(value);
91
100
  }
92
- if (currentSection === 'headers') {
101
+ if (currentSection === 'server' && key === 'bearer_token_env_var') {
102
+ entry.bearerTokenEnvVar = value;
103
+ }
104
+ if (currentSection === 'http_headers') {
93
105
  entry.headers = {
94
106
  ...(entry.headers ?? {}),
95
107
  [key]: value,
96
108
  };
97
109
  }
110
+ if (currentSection === 'legacy_headers') {
111
+ entry.legacyHeaders = {
112
+ ...(entry.legacyHeaders ?? {}),
113
+ [key]: value,
114
+ };
115
+ }
98
116
  entries.set(currentAlias, entry);
99
117
  }
100
118
  return [...entries.values()];
@@ -186,6 +204,12 @@ function analyzeAuthorization(headerValue) {
186
204
  likelyOAuthLogin: true,
187
205
  };
188
206
  }
207
+ function analyzeEntryAuthorization(entry) {
208
+ if (entry.bearerTokenEnvVar?.trim()) {
209
+ return analyzeAuthorization(`Bearer \${${entry.bearerTokenEnvVar.trim()}}`);
210
+ }
211
+ return analyzeAuthorization(entry.headers?.Authorization ?? entry.headers?.authorization);
212
+ }
189
213
  function entriesForClient(raw, client) {
190
214
  if (client === 'codex') {
191
215
  return parseTomlEntries(raw);
@@ -233,8 +257,11 @@ export async function diagnoseMcpConfig(options) {
233
257
  ],
234
258
  };
235
259
  }
236
- const authorization = analyzeAuthorization(entry.headers?.Authorization ?? entry.headers?.authorization);
260
+ const authorization = analyzeEntryAuthorization(entry);
237
261
  const issues = [...baseResult.issues];
262
+ if (options.client === 'codex' && entry.legacyHeaders) {
263
+ issues.push('Codex config đang dùng legacy [mcp_servers.<alias>.headers]. Streamable HTTP MCP cần http_headers, env_http_headers hoặc bearer_token_env_var; legacy headers có thể không expose tools.');
264
+ }
238
265
  if (authorization.authorizationState === 'missing') {
239
266
  issues.push('Thiếu Authorization header. IDE rất dễ rơi sang luồng đăng nhập OAuth.');
240
267
  }
@@ -124,38 +124,48 @@ export function defaultMcpServerAlias() {
124
124
  return 'sp-rag';
125
125
  }
126
126
  export function defaultMcpUrl() {
127
- return process.env['SP_RAG_MCP_URL']?.trim() || 'https://sp-rag.secomapp.com/mcp';
127
+ return process.env['SP_RAG_MCP_URL']?.trim() || 'https://sb-rag.pielab.io/mcp';
128
128
  }
129
129
  export function defaultBaseUrl() {
130
- return process.env['SP_RAG_BASE_URL']?.trim() || 'https://sp-rag.secomapp.com';
130
+ return process.env['SP_RAG_BASE_URL']?.trim() || 'https://sb-rag.pielab.io';
131
131
  }
132
132
  export function upsertCodexConfig(existing, options) {
133
133
  const alias = options.serverAlias.trim();
134
134
  const aliasPattern = escapeRegex(alias);
135
135
  const cleaned = existing
136
136
  .replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\.headers\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), '')
137
+ .replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\.http_headers\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), '')
137
138
  .replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), '')
138
139
  .trimEnd();
139
140
  const lines = [
140
141
  `[mcp_servers.${quotedTomlKey(alias)}]`,
141
142
  `url = "${options.url}"`,
142
143
  ];
143
- const headers = bearerHeader(options.authToken, options.authEnvVar, 'shell');
144
- if (headers?.Authorization) {
145
- lines.push('', `[mcp_servers.${quotedTomlKey(alias)}.headers]`);
146
- lines.push(`Authorization = "${headers.Authorization.replace(/"/g, '\\"')}"`);
144
+ const literalHeaders = bearerHeader(options.authToken, undefined, 'shell');
145
+ if (literalHeaders?.Authorization) {
146
+ lines.push('', `[mcp_servers.${quotedTomlKey(alias)}.http_headers]`);
147
+ lines.push(`Authorization = "${literalHeaders.Authorization.replace(/"/g, '\\"')}"`);
148
+ }
149
+ else if (options.authEnvVar?.trim()) {
150
+ lines.push(`bearer_token_env_var = "${options.authEnvVar.trim().replace(/"/g, '\\"')}"`);
147
151
  }
148
152
  return `${cleaned ? `${cleaned}\n\n` : ''}${lines.join('\n')}\n`;
149
153
  }
150
- export function removeCodexConfigContent(existing, serverAlias) {
151
- const alias = serverAlias.trim();
152
- const aliasPattern = escapeRegex(alias);
154
+ function removeCodexSubtable(existing, aliasPattern, subtable) {
153
155
  let removed = false;
154
- const withoutHeaders = existing.replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\.headers\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), () => {
156
+ const content = existing.replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\.${subtable}\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), () => {
155
157
  removed = true;
156
158
  return '';
157
159
  });
158
- const cleaned = withoutHeaders.replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), () => {
160
+ return { content, removed };
161
+ }
162
+ export function removeCodexConfigContent(existing, serverAlias) {
163
+ const alias = serverAlias.trim();
164
+ const aliasPattern = escapeRegex(alias);
165
+ const withoutLegacyHeaders = removeCodexSubtable(existing, aliasPattern, 'headers');
166
+ const withoutHttpHeaders = removeCodexSubtable(withoutLegacyHeaders.content, aliasPattern, 'http_headers');
167
+ let removed = withoutLegacyHeaders.removed || withoutHttpHeaders.removed;
168
+ const cleaned = withoutHttpHeaders.content.replace(new RegExp(`(?:^|\\n)\\[mcp_servers\\.(?:"${aliasPattern}"|${aliasPattern})\\][\\s\\S]*?(?=(?:\\n\\[[^\\n]+\\])|$)`, 'g'), () => {
159
169
  removed = true;
160
170
  return '';
161
171
  });
package/dist/lib/skill.js CHANGED
@@ -93,8 +93,8 @@ export function defaultSkillDir(client = 'codex', cwd, scope, skillName = 'sp-ra
93
93
  }
94
94
  }
95
95
  function renderSkillMarkdown(context) {
96
- return `---
97
- name: sp-rag
96
+ return `---
97
+ name: sp-rag
98
98
  description: Use SP-RAG for seo-booster codebase, feature, domain, rendered-docs, import-inventory, or codegraph freshness work that needs grounded evidence.
99
99
  ---
100
100
 
@@ -135,138 +135,139 @@ Docs URL: \`${context.docsUrl}\`
135
135
  - Expand through related symbols, callers, services, controllers, jobs, routes, models, components, and tests using workspace search when needed.
136
136
  - Prefer rendered docs when they answer business behavior, but verify current code before making implementation claims.
137
137
 
138
- ## Guardrails
139
-
140
- ${seoBoosterProjectGuard}
141
- ${seoBoosterReportGuard}
142
- - Find root cause before fixing bugs.
143
- - Use evidence before conclusions; do not claim completion without verification.
144
- - For behavior changes, write or update tests before implementation when feasible.
138
+ ## Guardrails
139
+
140
+ ${seoBoosterProjectGuard}
141
+ ${seoBoosterReportGuard}
142
+ - Codex streamable HTTP MCP config must use \`http_headers\`, \`env_http_headers\`, or \`bearer_token_env_var\`; \`[mcp_servers.<alias>.headers]\` is legacy-invalid and will not expose tools.
143
+ - Find root cause before fixing bugs.
144
+ - Use evidence before conclusions; do not claim completion without verification.
145
+ - For behavior changes, write or update tests before implementation when feasible.
145
146
  - If evidence may be stale, say so clearly and mention that the graph or docs may need a refresh.
146
147
  - Do not trigger sync or import actions unless the user asked for it or the workflow truly requires it.
147
148
  - When rendered docs already answer the question, cite or summarize those docs, then check current code if the answer depends on implementation details.
148
149
  `;
149
150
  }
150
151
  function renderSpAuditMarkdown(context) {
151
- return `---
152
- name: sp-audit
153
- description: Use when reviewing seo-booster or SP-RAG audit reports, scoring report quality, extracting optimization signals, or preparing admin-agent feedback loops.
154
- ---
155
-
156
- # SP-AUDIT
157
-
158
- Target client: ${clientLabel(context.client)}
159
- Default MCP server alias: \`${context.serverAlias}\`
160
- MCP URL: \`${context.mcpUrl}\`
161
- Docs URL: \`${context.docsUrl}\`
162
-
163
- ## When To Use This Skill
164
-
165
- - Use this after an AI agent returns an audit or review report for seo-booster.
166
- - Use it to score the report quality, identify missing verification, and extract optimization signals.
167
- - Use it when the user asks to audit MCP/RAG-assisted answers, improve prompts, or make the system learn from weak reports.
168
- - Do not use it as a replacement for the original source audit. This skill audits the audit result.
169
-
170
- ## Hard Boundaries
171
-
172
- ${seoBoosterProjectGuard}
173
- - Do not grade SP-RAG, MCP, GitNexus, or codegraph quality unless the report explicitly evaluates platform quality.
174
- - If the report is supposed to audit seo-booster, the final score must judge report quality for seo-booster, not MCP quality.
175
- - Report file paths must be repo-relative. Do not include machine-specific absolute workspace paths in the final answer.
176
- - Tra loi bang tieng Viet. Keep code symbols, file paths, route names, and JSON keys unchanged.
177
-
178
- ## Required Input
179
-
180
- Before scoring, identify:
181
-
182
- 1. Target workflow or feature under review.
183
- 2. Claims made by the audit report.
184
- 3. MCP evidence the report used, if any.
185
- 4. Workspace source evidence the report verified.
186
- 5. Bugs, risks, tests, or gaps the report found.
187
-
188
- If the report lacks enough evidence, score it down and say exactly what evidence is missing.
189
-
190
- ## Scoring Rubric
191
-
192
- Start from 100 and subtract only for concrete gaps:
193
-
194
- - Target and repo boundary: 10 points.
195
- - MCP usage and provenance: 10 points.
196
- - Source coverage across routes, controllers, services, jobs, models, database, frontend, and tests: 25 points.
197
- - Evidence quality with repo-relative paths, symbols, line ranges when available, and confidence: 20 points.
198
- - Risk quality with severity, what can go wrong, why current source suggests it, and verification limits: 15 points.
199
- - No overclaiming, no local absolute paths, and no accidental MCP/platform grading: 10 points.
200
- - Optimization signal clarity: 10 points.
201
-
202
- Verdict bands:
203
-
204
- - 90-100: pass.
205
- - 70-89: needs optimization.
206
- - 0-69: fail.
207
-
208
- ## Required Output
209
-
210
- Use this exact structure:
211
-
212
- ## 1. Audit score
213
- - Score: X/100
214
- - Verdict: pass | needs optimization | fail
215
-
216
- ## 2. What the report did well
217
-
218
- ## 3. Issues in the report
219
-
220
- ## 4. Required improvements
221
-
222
- Separate improvements into:
223
- - Prompt or skill guardrails.
224
- - MCP retrieval or indexing.
225
- - Source-inspection checklist.
226
- - Tests or evaluation cases.
227
-
228
- ## 5. Optimization signals for server memory
229
-
230
- Return one compact JSON object:
231
-
232
- ~~~json
233
- {
234
- "target_app": "seo-booster",
235
- "flow": "short workflow name",
236
- "score": 0,
237
- "verdict": "pass | needs_optimization | fail",
238
- "missing_checks": [],
239
- "prompt_guardrail_gaps": [],
240
- "mcp_retrieval_gaps": [],
241
- "source_index_gaps": [],
242
- "recommended_actions": [],
243
- "requires_admin_agent": false
244
- }
245
- ~~~
246
-
247
- ## 6. Admin-agent fallback command
248
-
249
- If a dedicated server-side audit-signal ingestion endpoint is available, send the JSON signal there and mention the trace/id returned.
250
-
251
- If server-side self-evolution is not available, do not claim it happened. If token is already saved in \`sp-rag\`, tell the admin to run:
252
-
253
- \`sp-rag audit install --client <codex|cursor|claude-code|antigravity|vscode|opencode>\`
254
-
255
- If this is the first setup on the machine, save the token once with:
256
-
257
- \`sp-rag token add --token <token>\`
258
-
259
- Then run the audit install command above. The admin AI agent should use the installed \`sp-audit\` skill to review new audit outputs. To persist the JSON signal through the existing server memory import path, save the JSON object and run:
260
-
261
- \`sp-rag audit signal --file <signal.json>\`
262
-
263
- Feed the same JSON signal into the next prompt, eval suite, retrieval tuning task, or reviewed server-side memory import.
264
-
265
- ## Evolution Policy
266
-
267
- - Self-evolution must be review-gated. Do not let the server silently rewrite prompts, skills, indexes, or production settings from one weak report.
268
- - If the same optimization signal repeats across reports, propose a durable change: prompt guardrail, skill update, eval case, retrieval query rewrite, docs import, or index refresh.
269
- - Prefer measurable changes: a failing eval case before prompt/retrieval changes, then a passing eval after the fix.
152
+ return `---
153
+ name: sp-audit
154
+ description: Use when reviewing seo-booster or SP-RAG audit reports, scoring report quality, extracting optimization signals, or preparing admin-agent feedback loops.
155
+ ---
156
+
157
+ # SP-AUDIT
158
+
159
+ Target client: ${clientLabel(context.client)}
160
+ Default MCP server alias: \`${context.serverAlias}\`
161
+ MCP URL: \`${context.mcpUrl}\`
162
+ Docs URL: \`${context.docsUrl}\`
163
+
164
+ ## When To Use This Skill
165
+
166
+ - Use this after an AI agent returns an audit or review report for seo-booster.
167
+ - Use it to score the report quality, identify missing verification, and extract optimization signals.
168
+ - Use it when the user asks to audit MCP/RAG-assisted answers, improve prompts, or make the system learn from weak reports.
169
+ - Do not use it as a replacement for the original source audit. This skill audits the audit result.
170
+
171
+ ## Hard Boundaries
172
+
173
+ ${seoBoosterProjectGuard}
174
+ - Do not grade SP-RAG, MCP, GitNexus, or codegraph quality unless the report explicitly evaluates platform quality.
175
+ - If the report is supposed to audit seo-booster, the final score must judge report quality for seo-booster, not MCP quality.
176
+ - Report file paths must be repo-relative. Do not include machine-specific absolute workspace paths in the final answer.
177
+ - Tra loi bang tieng Viet. Keep code symbols, file paths, route names, and JSON keys unchanged.
178
+
179
+ ## Required Input
180
+
181
+ Before scoring, identify:
182
+
183
+ 1. Target workflow or feature under review.
184
+ 2. Claims made by the audit report.
185
+ 3. MCP evidence the report used, if any.
186
+ 4. Workspace source evidence the report verified.
187
+ 5. Bugs, risks, tests, or gaps the report found.
188
+
189
+ If the report lacks enough evidence, score it down and say exactly what evidence is missing.
190
+
191
+ ## Scoring Rubric
192
+
193
+ Start from 100 and subtract only for concrete gaps:
194
+
195
+ - Target and repo boundary: 10 points.
196
+ - MCP usage and provenance: 10 points.
197
+ - Source coverage across routes, controllers, services, jobs, models, database, frontend, and tests: 25 points.
198
+ - Evidence quality with repo-relative paths, symbols, line ranges when available, and confidence: 20 points.
199
+ - Risk quality with severity, what can go wrong, why current source suggests it, and verification limits: 15 points.
200
+ - No overclaiming, no local absolute paths, and no accidental MCP/platform grading: 10 points.
201
+ - Optimization signal clarity: 10 points.
202
+
203
+ Verdict bands:
204
+
205
+ - 90-100: pass.
206
+ - 70-89: needs optimization.
207
+ - 0-69: fail.
208
+
209
+ ## Required Output
210
+
211
+ Use this exact structure:
212
+
213
+ ## 1. Audit score
214
+ - Score: X/100
215
+ - Verdict: pass | needs optimization | fail
216
+
217
+ ## 2. What the report did well
218
+
219
+ ## 3. Issues in the report
220
+
221
+ ## 4. Required improvements
222
+
223
+ Separate improvements into:
224
+ - Prompt or skill guardrails.
225
+ - MCP retrieval or indexing.
226
+ - Source-inspection checklist.
227
+ - Tests or evaluation cases.
228
+
229
+ ## 5. Optimization signals for server memory
230
+
231
+ Return one compact JSON object:
232
+
233
+ ~~~json
234
+ {
235
+ "target_app": "seo-booster",
236
+ "flow": "short workflow name",
237
+ "score": 0,
238
+ "verdict": "pass | needs_optimization | fail",
239
+ "missing_checks": [],
240
+ "prompt_guardrail_gaps": [],
241
+ "mcp_retrieval_gaps": [],
242
+ "source_index_gaps": [],
243
+ "recommended_actions": [],
244
+ "requires_admin_agent": false
245
+ }
246
+ ~~~
247
+
248
+ ## 6. Admin-agent fallback command
249
+
250
+ If a dedicated server-side audit-signal ingestion endpoint is available, send the JSON signal there and mention the trace/id returned.
251
+
252
+ If server-side self-evolution is not available, do not claim it happened. If token is already saved in \`sp-rag\`, tell the admin to run:
253
+
254
+ \`sp-rag audit install --client <codex|cursor|claude-code|antigravity|vscode|opencode>\`
255
+
256
+ If this is the first setup on the machine, save the token once with:
257
+
258
+ \`sp-rag token add --token <token>\`
259
+
260
+ Then run the audit install command above. The admin AI agent should use the installed \`sp-audit\` skill to review new audit outputs. To persist the JSON signal through the existing server memory import path, save the JSON object and run:
261
+
262
+ \`sp-rag audit signal --file <signal.json>\`
263
+
264
+ Feed the same JSON signal into the next prompt, eval suite, retrieval tuning task, or reviewed server-side memory import.
265
+
266
+ ## Evolution Policy
267
+
268
+ - Self-evolution must be review-gated. Do not let the server silently rewrite prompts, skills, indexes, or production settings from one weak report.
269
+ - If the same optimization signal repeats across reports, propose a durable change: prompt guardrail, skill update, eval case, retrieval query rewrite, docs import, or index refresh.
270
+ - Prefer measurable changes: a failing eval case before prompt/retrieval changes, then a passing eval after the fix.
270
271
  `;
271
272
  }
272
273
  function withoutYamlFrontmatter(markdown) {
@@ -280,19 +281,19 @@ function withoutYamlFrontmatter(markdown) {
280
281
  return markdown.slice(endIndex + '\n---\n'.length);
281
282
  }
282
283
  function renderCursorRule(context) {
283
- return `---
284
- description: Use SP-RAG when the request is about this codebase, internal business workflows, rendered docs, import inventory, or codegraph sync status.
284
+ return `---
285
+ description: Use SP-RAG when the request is about this codebase, internal business workflows, rendered docs, import inventory, or codegraph sync status.
285
286
  globs:
286
287
  alwaysApply: true
287
288
  ---
288
289
 
289
290
  # SP-RAG
290
291
 
291
- ${seoBoosterProjectGuard}
292
- ${seoBoosterReportGuard}
293
- - Route by intent before choosing tools.
294
- - Use the \`${context.serverAlias}\` MCP server first for feature, domain, architecture, workflow, docs, and "what does this do" questions.
295
- - Use workspace search first for current-code, edit, bug, and test-failure work.
292
+ ${seoBoosterProjectGuard}
293
+ ${seoBoosterReportGuard}
294
+ - Route by intent before choosing tools.
295
+ - Use the \`${context.serverAlias}\` MCP server first for feature, domain, architecture, workflow, docs, and "what does this do" questions.
296
+ - Use workspace search first for current-code, edit, bug, and test-failure work.
296
297
  - Verify MCP evidence against \`git status --short\` and current workspace files before making implementation claims.
297
298
  - Use rendered docs from \`${context.docsUrl}\` when documentation already answers the question.
298
299
  - Treat \`answer_brief\` only as a hint. Build the final answer from \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\`.
@@ -303,18 +304,18 @@ ${seoBoosterReportGuard}
303
304
  `;
304
305
  }
305
306
  function renderSpAuditCursorRule(context) {
306
- return `---
307
- description: Use SP-AUDIT when reviewing seo-booster audit reports, scoring report quality, or extracting optimization signals.
308
- globs:
309
- alwaysApply: false
310
- ---
311
-
312
- ${withoutYamlFrontmatter(renderSpAuditMarkdown(context))}
307
+ return `---
308
+ description: Use SP-AUDIT when reviewing seo-booster audit reports, scoring report quality, or extracting optimization signals.
309
+ globs:
310
+ alwaysApply: false
311
+ ---
312
+
313
+ ${withoutYamlFrontmatter(renderSpAuditMarkdown(context))}
313
314
  `;
314
315
  }
315
316
  function renderVsCodeAgent(context) {
316
- return `---
317
- name: SP-RAG
317
+ return `---
318
+ name: SP-RAG
318
319
  description: Use this custom agent whenever the request is about this codebase, internal business workflows, rendered docs, import inventory, or codegraph sync status.
319
320
  tools: ['${context.serverAlias}/*']
320
321
  ---
@@ -337,38 +338,38 @@ Route by intent before choosing tools. MCP gives the semantic map; the current w
337
338
 
338
339
  ## Guardrails
339
340
 
340
- ${seoBoosterProjectGuard}
341
- ${seoBoosterReportGuard}
342
- - Prefer MCP-grounded evidence before answering from memory, but current workspace files override MCP evidence when they differ.
343
- - Treat \`answer_brief\` as a hint. Prefer the richer evidence in \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\` when writing the final answer.
344
- - When evidence may be stale, say so clearly and mention that a refresh might be needed.
341
+ ${seoBoosterProjectGuard}
342
+ ${seoBoosterReportGuard}
343
+ - Prefer MCP-grounded evidence before answering from memory, but current workspace files override MCP evidence when they differ.
344
+ - Treat \`answer_brief\` as a hint. Prefer the richer evidence in \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\` when writing the final answer.
345
+ - When evidence may be stale, say so clearly and mention that a refresh might be needed.
345
346
  - Do not trigger sync or import actions unless the workflow truly requires it.
346
347
  - When rendered docs already answer the question, summarize those docs instead of rewriting everything from scratch.
347
348
  - Find root cause before fixes, write or update tests for behavior changes when feasible, and verify before claiming completion.
348
349
  `;
349
350
  }
350
351
  function renderSpAuditVsCodeAgent(context) {
351
- return `---
352
- name: SP-AUDIT
353
- description: Use this custom agent to score seo-booster audit reports and extract optimization signals.
354
- tools: ['${context.serverAlias}/*']
355
- ---
356
-
357
- You are the SP-AUDIT custom agent for this workspace.
358
-
359
- Use the \`${context.serverAlias}\` MCP server only when you need to verify freshness, citations, rendered docs, or retrieval gaps. Your primary job is to audit the audit result.
360
-
361
- ${withoutYamlFrontmatter(renderSpAuditMarkdown(context))}
352
+ return `---
353
+ name: SP-AUDIT
354
+ description: Use this custom agent to score seo-booster audit reports and extract optimization signals.
355
+ tools: ['${context.serverAlias}/*']
356
+ ---
357
+
358
+ You are the SP-AUDIT custom agent for this workspace.
359
+
360
+ Use the \`${context.serverAlias}\` MCP server only when you need to verify freshness, citations, rendered docs, or retrieval gaps. Your primary job is to audit the audit result.
361
+
362
+ ${withoutYamlFrontmatter(renderSpAuditMarkdown(context))}
362
363
  `;
363
364
  }
364
365
  function renderVsCodeAlwaysOnInstructions(context) {
365
- return `# SP-RAG workspace instructions
366
+ return `# SP-RAG workspace instructions
366
367
 
367
- ${seoBoosterProjectGuard}
368
- ${seoBoosterReportGuard}
369
- - Route by intent before choosing tools.
370
- - Use the \`${context.serverAlias}\` MCP server first for feature, domain, architecture, workflow, docs, and "what does this do" questions.
371
- - Use workspace inspection first for current-code, edit, debug, failing-test, and local-error work.
368
+ ${seoBoosterProjectGuard}
369
+ ${seoBoosterReportGuard}
370
+ - Route by intent before choosing tools.
371
+ - Use the \`${context.serverAlias}\` MCP server first for feature, domain, architecture, workflow, docs, and "what does this do" questions.
372
+ - Use workspace inspection first for current-code, edit, debug, failing-test, and local-error work.
372
373
  - Verify MCP evidence against current workspace state, including \`git status --short\` and current file contents when implementation details matter.
373
374
  - Start with \`healthz\` only when connectivity is uncertain or the session is new.
374
375
  - When \`query_context\` returns, synthesize the final answer from \`matched_passages\`, \`top_entities\`, \`top_relations\`, and \`citations\`.
@@ -422,8 +423,8 @@ function createSkillContext(options = {}, client) {
422
423
  client: client ?? options.client ?? 'codex',
423
424
  skillName: options.skillName ?? 'sp-rag',
424
425
  serverAlias: options.serverAlias?.trim() || 'sp-rag',
425
- mcpUrl: options.mcpUrl?.trim() || 'https://sp-rag.secomapp.com/mcp',
426
- docsUrl: options.docsUrl?.trim() || 'https://sp-rag.secomapp.com/codegraph/docs/public?format=md',
426
+ mcpUrl: options.mcpUrl?.trim() || 'https://sb-rag.pielab.io/mcp',
427
+ docsUrl: options.docsUrl?.trim() || 'https://sb-rag.pielab.io/codegraph/docs/public?format=md',
427
428
  };
428
429
  }
429
430
  function resolveAdditionalSkillArtifacts(options, resolved, context) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sp-rag",
3
- "version": "0.6.15",
3
+ "version": "0.6.17",
4
4
  "description": "CLI cho setup MCP, codegraph GitNexus và skill của SP-RAG",
5
5
  "type": "module",
6
6
  "files": [