speclock 5.0.2 → 5.2.0

package/src/mcp/http-server.js

@@ -52,6 +52,12 @@ import {
   mapLocksToFiles,
   getModules,
   getCriticalPaths,
+  reviewPatch,
+  reviewPatchAsync,
+  reviewPatchDiff,
+  reviewPatchDiffAsync,
+  reviewPatchUnified,
+  parseUnifiedDiff,
 } from "../core/engine.js";
 import { generateContext, generateContextPack } from "../core/context.js";
 import {
@@ -107,7 +113,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "5.0.0";
+const VERSION = "5.2.0";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();
 
@@ -881,7 +887,7 @@ app.get("/health", (req, res) => {
     status: "healthy",
     version: VERSION,
     uptime: Math.floor((Date.now() - START_TIME) / 1000),
-    tools: 39,
+    tools: 42,
     auditChain: auditStatus,
     authEnabled: isAuthEnabled(PROJECT_ROOT),
     rateLimit: { limit: RATE_LIMIT, windowMs: RATE_WINDOW_MS },
@@ -895,8 +901,8 @@ app.get("/", (req, res) => {
     name: "speclock",
     version: VERSION,
     author: AUTHOR,
-    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints), Code Graph (blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2 with batch checking & SSE streaming. Python SDK + ROS2 integration. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 39 MCP tools. 940 tests, 99.4% accuracy.",
-    tools: 39,
+    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints), Code Graph (blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2 with batch checking & SSE streaming. Python SDK + ROS2 integration. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 42 MCP tools. 940 tests, 99.4% accuracy.",
+    tools: 42,
     mcp_endpoint: "/mcp",
     health_endpoint: "/health",
     npm: "https://www.npmjs.com/package/speclock",
@@ -910,7 +916,7 @@ app.get("/.well-known/mcp/server-card.json", (req, res) => {
   res.json({
     name: "SpecLock",
     version: VERSION,
-    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints via Gemini Flash), Code Graph (dependency parsing, blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2, Python SDK + ROS2 Guardian Node. Hybrid heuristic + Gemini LLM. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 39 MCP tools. 940 tests, 99.4% accuracy. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable.",
+    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints via Gemini Flash), Code Graph (dependency parsing, blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2, Python SDK + ROS2 Guardian Node. Hybrid heuristic + Gemini LLM. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 42 MCP tools. 940 tests, 99.4% accuracy. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable.",
     author: {
       name: "Sandeep Roy",
       url: "https://github.com/sgroy10",
@@ -919,7 +925,7 @@ app.get("/.well-known/mcp/server-card.json", (req, res) => {
     homepage: "https://sgroy10.github.io/speclock/",
     license: "MIT",
     capabilities: {
-      tools: 39,
+      tools: 42,
       categories: [
         "Memory Management",
         "Change Tracking",
@@ -1509,6 +1515,81 @@ app.get("/api/v2/graph/lock-map", (req, res) => {
   }
 });
 
+// ========================================
+// PATCH GATEWAY (v5.1)
+// ========================================
+
+app.post("/api/v2/gateway/review", async (req, res) => {
+  setCorsHeaders(res);
+
+  const clientIp = req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.socket?.remoteAddress || "unknown";
+  if (!checkRateLimit(clientIp)) {
+    return res.status(429).json({ error: "Rate limit exceeded", api_version: "v2" });
+  }
+
+  const { description, files, useLLM } = req.body || {};
+  if (!description || typeof description !== "string") {
+    return res.status(400).json({ error: "Missing 'description' field (describe what the change does)", api_version: "v2" });
+  }
+
+  try {
+    ensureInit(PROJECT_ROOT);
+    const fileList = Array.isArray(files) ? files : [];
+    const result = useLLM
+      ? await reviewPatchAsync(PROJECT_ROOT, { description, files: fileList })
+      : reviewPatch(PROJECT_ROOT, { description, files: fileList });
+
+    return res.json({ ...result, api_version: "v2" });
+  } catch (err) {
+    return res.status(500).json({ error: err.message, api_version: "v2" });
+  }
+});
+
+app.post("/api/v2/gateway/review-diff", async (req, res) => {
+  setCorsHeaders(res);
+
+  const clientIp = req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.socket?.remoteAddress || "unknown";
+  if (!checkRateLimit(clientIp)) {
+    return res.status(429).json({ error: "Rate limit exceeded", api_version: "v2" });
+  }
+
+  const { description, files, diff, useLLM, options } = req.body || {};
+  if (!description || typeof description !== "string") {
+    return res.status(400).json({ error: "Missing 'description' field", api_version: "v2" });
+  }
+  if (!diff || typeof diff !== "string") {
+    return res.status(400).json({ error: "Missing 'diff' field (provide git diff output)", api_version: "v2" });
+  }
+
+  try {
+    ensureInit(PROJECT_ROOT);
+    const fileList = Array.isArray(files) ? files : [];
+    const result = useLLM
+      ? await reviewPatchDiffAsync(PROJECT_ROOT, { description, files: fileList, diff, options })
+      : reviewPatchUnified(PROJECT_ROOT, { description, files: fileList, diff, options });
+
+    return res.json({ ...result, api_version: "v2" });
+  } catch (err) {
+    return res.status(500).json({ error: err.message, api_version: "v2" });
+  }
+});
+
+app.post("/api/v2/gateway/parse-diff", (req, res) => {
+  setCorsHeaders(res);
+
+  const { diff } = req.body || {};
+  if (!diff || typeof diff !== "string") {
+    return res.status(400).json({ error: "Missing 'diff' field", api_version: "v2" });
+  }
+
+  try {
+    const parsed = parseUnifiedDiff(diff);
+    return res.json({ ...parsed, api_version: "v2" });
+  } catch (err) {
+    return res.status(500).json({ error: err.message, api_version: "v2" });
+  }
+});
+
 // ========================================
 // SSO ENDPOINTS (v3.5)
 // ========================================

package/src/mcp/server.js

@@ -57,6 +57,12 @@ import {
   mapLocksToFiles,
   getModules,
   getCriticalPaths,
+  reviewPatch,
+  reviewPatchAsync,
+  reviewPatchDiff,
+  reviewPatchDiffAsync,
+  reviewPatchUnified,
+  parseUnifiedDiff,
 } from "../core/engine.js";
 import { generateContext, generateContextPack } from "../core/context.js";
 import {
@@ -114,7 +120,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 
 // --- MCP Server ---
-const VERSION = "5.0.0";
+const VERSION = "5.2.0";
 const AUTHOR = "Sandeep Roy";
 
 const server = new McpServer(
@@ -1716,6 +1722,179 @@ server.tool(
   }
 );
 
+// --- Patch Gateway (v5.1) ---
+
+server.tool(
+  "speclock_review_patch",
+  "Review a proposed code change and get an ALLOW/WARN/BLOCK verdict. Combines semantic conflict detection, lock-to-file mapping, blast radius analysis, and typed constraint awareness into a single risk assessment. The patch-time decision engine that gates every change.",
+  {
+    description: z.string().describe("What the change does (e.g. 'Add social login to auth page')"),
+    files: z.array(z.string()).optional().default([]).describe("Files being changed (project-relative paths, e.g. ['src/auth/login.js'])"),
+    useLLM: z.boolean().optional().default(false).describe("If true, uses LLM for enhanced conflict detection on ambiguous cases"),
+  },
+  async ({ description, files, useLLM }) => {
+    const perm = requirePermission("speclock_review_patch");
+    if (!perm.allowed) return { content: [{ type: "text", text: perm.error }], isError: true };
+
+    const result = useLLM
+      ? await reviewPatchAsync(PROJECT_ROOT, { description, files })
+      : reviewPatch(PROJECT_ROOT, { description, files });
+
+    if (result.verdict === "ERROR") {
+      return { content: [{ type: "text", text: result.error }], isError: true };
+    }
+
+    const lines = [
+      `Patch Gateway Verdict: ${result.verdict}`,
+      `Risk Score: ${result.riskScore}/100`,
+      `Source: ${result.source || "heuristic"}`,
+      `Active Locks: ${result.lockCount}`,
+      `Files Reviewed: ${result.fileCount}`,
+      ``,
+      result.summary,
+    ];
+
+    if (result.reasons.length > 0) {
+      lines.push(``, `Reasons:`);
+      for (const r of result.reasons) {
+        const icon = r.severity === "block" ? "BLOCK" : r.severity === "warn" ? "WARN" : "INFO";
+        lines.push(`  [${icon}] ${r.type}: "${r.lockText || r.details?.[0] || ""}" (confidence: ${r.confidence}%)`);
+        if (r.details && r.details.length > 0) {
+          r.details.forEach(d => lines.push(`    - ${d}`));
+        }
+      }
+    }
+
+    if (result.blastRadius) {
+      lines.push(``, `Blast Radius:`);
+      for (const b of result.blastRadius.files) {
+        lines.push(`  ${b.file}: ${b.transitiveDependents} dependents (${b.impactPercent.toFixed(1)}% impact)`);
+      }
+    }
+
+    if (result.lockFileOverlaps) {
+      lines.push(``, `Lock-File Overlaps:`);
+      for (const o of result.lockFileOverlaps) {
+        lines.push(`  Lock: "${o.lockText}" → Files: ${o.overlappingFiles.join(", ")}`);
+      }
+    }
+
+    return {
+      content: [{ type: "text", text: lines.join("\n") }],
+      isError: result.verdict === "BLOCK",
+    };
+  }
+);
+
+// --- Diff-Native Patch Review (v5.2) ---
+
+server.tool(
+  "speclock_review_patch_diff",
+  "Review a code change using actual diff content (git diff output). Analyzes interface breaks, protected symbol edits, dependency drift, schema changes, and public API impact. Returns ALLOW/WARN/BLOCK with per-signal scoring. When diff is provided, runs unified review (intent + diff merged, 35/65 weight).",
+  {
+    description: z.string().describe("What the change does"),
+    files: z.array(z.string()).optional().default([]).describe("Files being changed"),
+    diff: z.string().describe("Raw unified diff (git diff output)"),
+    useLLM: z.boolean().optional().default(false).describe("Use LLM for enhanced detection"),
+    options: z.object({
+      includeSymbolAnalysis: z.boolean().optional().default(true),
+      includeDependencyAnalysis: z.boolean().optional().default(true),
+      includeSchemaAnalysis: z.boolean().optional().default(true),
+      includeApiAnalysis: z.boolean().optional().default(true),
+    }).optional().default({}),
+  },
+  async ({ description, files, diff, useLLM, options }) => {
+    const perm = requirePermission("speclock_review_patch_diff");
+    if (!perm.allowed) return { content: [{ type: "text", text: perm.error }], isError: true };
+
+    const result = useLLM
+      ? await reviewPatchDiffAsync(PROJECT_ROOT, { description, files, diff, options })
+      : reviewPatchUnified(PROJECT_ROOT, { description, files, diff, options });
+
+    if (result.verdict === "ERROR") {
+      return { content: [{ type: "text", text: result.error }], isError: true };
+    }
+
+    const lines = [
+      `Patch Review Verdict: ${result.verdict}`,
+      `Risk Score: ${result.riskScore}/100`,
+      `Review Mode: ${result.reviewMode}`,
+      `Source: ${result.source || "diff-native"}`,
+      ``,
+      result.summary,
+    ];
+
+    if (result.intentVerdict) {
+      lines.push(``, `Layer Breakdown:`, `  Intent: ${result.intentVerdict} (${result.intentRisk}/100)`, `  Diff: ${result.diffVerdict} (${result.diffRisk}/100)`);
+    }
+
+    if (result.parsedDiff) {
+      lines.push(``, `Diff Stats:`, `  Files: ${result.parsedDiff.filesChanged}`, `  Additions: +${result.parsedDiff.additions}`, `  Deletions: -${result.parsedDiff.deletions}`, `  Hunks: ${result.parsedDiff.hunks}`);
+    }
+
+    if (result.signals) {
+      const activeSignals = Object.entries(result.signals).filter(([_, s]) => s.score > 0);
+      if (activeSignals.length > 0) {
+        lines.push(``, `Active Signals:`);
+        for (const [name, sig] of activeSignals) {
+          lines.push(`  ${name}: ${sig.score} pts`);
+        }
+      }
+    }
+
+    if (result.reasons && result.reasons.length > 0) {
+      lines.push(``, `Reasons:`);
+      for (const r of result.reasons) {
+        const icon = r.severity === "critical" ? "CRITICAL" : r.severity === "high" ? "HIGH" : r.severity === "medium" ? "MEDIUM" : "LOW";
+        lines.push(`  [${icon}] ${r.type}: ${r.message} (conf: ${typeof r.confidence === "number" ? (r.confidence > 1 ? r.confidence + "%" : Math.round(r.confidence * 100) + "%") : "N/A"})`);
+      }
+    }
+
+    if (result.recommendation) {
+      lines.push(``, `Recommendation: ${result.recommendation.action}`, `  ${result.recommendation.why}`);
+    }
+
+    return {
+      content: [{ type: "text", text: lines.join("\n") }],
+      isError: result.verdict === "BLOCK",
+    };
+  }
+);
+
+server.tool(
+  "speclock_parse_diff",
+  "Parse a raw unified diff into structured changes. Shows imports added/removed, exports changed, symbols touched, route changes, and schema file detection. Useful for debugging, observability, and inspecting what SpecLock thinks changed.",
+  {
+    diff: z.string().describe("Raw unified diff (git diff output)"),
+  },
+  async ({ diff }) => {
+    const parsed = parseUnifiedDiff(diff);
+
+    const lines = [
+      `Parsed Diff:`,
+      `  Files Changed: ${parsed.stats.filesChanged}`,
+      `  Additions: +${parsed.stats.additions}`,
+      `  Deletions: -${parsed.stats.deletions}`,
+      `  Hunks: ${parsed.stats.hunks}`,
+    ];
+
+    for (const file of parsed.files) {
+      lines.push(``, `File: ${file.path} (${file.language})`);
+      lines.push(`  +${file.additions} / -${file.deletions}`);
+      if (file.importsAdded.length > 0) lines.push(`  Imports Added: ${file.importsAdded.join(", ")}`);
+      if (file.importsRemoved.length > 0) lines.push(`  Imports Removed: ${file.importsRemoved.join(", ")}`);
+      if (file.exportsAdded.length > 0) lines.push(`  Exports Added: ${file.exportsAdded.map(e => e.symbol).join(", ")}`);
+      if (file.exportsRemoved.length > 0) lines.push(`  Exports Removed: ${file.exportsRemoved.map(e => e.symbol).join(", ")}`);
+      if (file.exportsModified.length > 0) lines.push(`  Exports Modified: ${file.exportsModified.map(e => e.symbol).join(", ")}`);
+      if (file.symbolsTouched.length > 0) lines.push(`  Symbols Touched: ${file.symbolsTouched.map(s => `${s.symbol} (${s.changeType})`).join(", ")}`);
+      if (file.routeChanges.length > 0) lines.push(`  Route Changes: ${file.routeChanges.map(r => `${r.method} ${r.path} [${r.changeType}]`).join(", ")}`);
+      if (file.isSchemaFile) lines.push(`  ** Schema/Migration File **`);
+    }
+
+    return { content: [{ type: "text", text: lines.join("\n") }] };
+  }
+);
+
 // --- Smithery sandbox export ---
 export default function createSandboxServer() {
   return server;