vibecheck-mcp-server 3.1.3 → 3.1.6

package/index.js

@@ -89,6 +89,9 @@ import { TRUTH_FIREWALL_TOOLS, handleTruthFirewallTool } from "./truth-firewall-
 // Import Consolidated Tools (15 focused tools - recommended surface)
 import { CONSOLIDATED_TOOLS, handleConsolidatedTool } from "./consolidated-tools.js";
 
+// Import tier auth for entitlement checking
+import { checkFeatureAccess } from "./tier-auth.js";
+
 // ============================================================================
 // TOOL DEFINITIONS - Public Tools (Clean Product Surface)
 // ============================================================================
@@ -300,7 +303,7 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
   // 3. GATE - Enforce truth in CI
   {
     name: "vibecheck.gate",
-    description: "🚦 Enforce truth in CI — fail builds on policy violations",
+    description: "🚦 Enforce truth in CI — fail builds on policy violations (STARTER tier)",
     inputSchema: {
       type: "object",
       properties: {
@@ -327,7 +330,7 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
   {
     name: "vibecheck.fix",
     description:
-      "🔧 Fix Missions v1 — AI-powered surgical fixes with proof verification loop",
+      "🔧 Fix Missions v1 — AI-powered surgical fixes with proof verification loop. --apply and --autopilot require PRO tier ($99/mo).",
     inputSchema: {
       type: "object",
       properties: {
@@ -396,7 +399,7 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
   // 7. PROVE - One Command Reality Proof (orchestrates ctx → reality → ship → fix)
   {
     name: "vibecheck.prove",
-    description: "🔬 One Command Reality Proof — orchestrates ctx → reality → ship → fix loop until SHIP or stuck",
+    description: "🔬 One Command Reality Proof — orchestrates ctx → reality → ship → fix loop until SHIP or stuck (PRO tier)",
     inputSchema: {
       type: "object",
       properties: {
@@ -593,11 +596,11 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
     },
   },
 
-  // 13. AUTOPILOT PLAN - Generate fix plan (Pro/Compliance)
+  // 13. AUTOPILOT PLAN - Generate fix plan (PRO tier)
   {
     name: "vibecheck.autopilot_plan",
     description:
-      "🤖 Autopilot Plan — scan codebase, group issues into fix packs, estimate risk (Pro/Compliance)",
+      "🤖 Autopilot Plan — scan codebase, group issues into fix packs, estimate risk (PRO tier)",
     inputSchema: {
       type: "object",
       properties: {
@@ -620,11 +623,11 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
     },
   },
 
-  // 14. AUTOPILOT APPLY - Apply fixes (Pro/Compliance)
+  // 14. AUTOPILOT APPLY - Apply fixes (PRO tier)
   {
     name: "vibecheck.autopilot_apply",
     description:
-      "🔧 Autopilot Apply — apply fix packs with verification, re-scan to confirm (Pro/Compliance)",
+      "🔧 Autopilot Apply — apply fix packs with verification, re-scan to confirm (PRO tier)",
     inputSchema: {
       type: "object",
       properties: {
@@ -661,7 +664,7 @@ const TOOLS = USE_CONSOLIDATED_TOOLS ? [
   {
     name: "vibecheck.badge",
     description:
-      "🏅 Ship Badge — generate a badge for README/PR showing scan status",
+      "🏅 Ship Badge — generate a badge for README/PR showing scan status (STARTER tier)",
     inputSchema: {
       type: "object",
       properties: {
@@ -1046,8 +1049,27 @@ class VibecheckMCP {
     return { content: [{ type: "text", text }] };
   }
 
-  error(text) {
-    return { content: [{ type: "text", text: `❌ ${text}` }], isError: true };
+  error(text, options = {}) {
+    const { code, suggestion, nextSteps = [] } = options;
+    
+    let errorText = `❌ ${text}`;
+    
+    if (code) {
+      errorText += `\n\n**Error Code:** \`${code}\``;
+    }
+    
+    if (suggestion) {
+      errorText += `\n\n💡 **Suggestion:** ${suggestion}`;
+    }
+    
+    if (nextSteps.length > 0) {
+      errorText += `\n\n**Next Steps:**\n`;
+      nextSteps.forEach((step, i) => {
+        errorText += `${i + 1}. ${step}\n`;
+      });
+    }
+    
+    return { content: [{ type: "text", text: errorText }], isError: true };
   }
 
   // Validate project path exists and is accessible
@@ -1055,11 +1077,29 @@ class VibecheckMCP {
     try {
       const stats = require("fs").statSync(projectPath);
       if (!stats.isDirectory()) {
-        return { valid: false, error: `Path is not a directory: ${projectPath}` };
+        return { 
+          valid: false, 
+          error: `Path is not a directory: ${projectPath}`,
+          suggestion: "Provide a directory path, not a file",
+          nextSteps: [
+            "Check the path you provided",
+            "Ensure it points to a project directory",
+          ],
+        };
       }
       return { valid: true };
     } catch (e) {
-      return { valid: false, error: `Cannot access path: ${projectPath} (${e.code || e.message})` };
+      return { 
+        valid: false, 
+        error: `Cannot access path: ${projectPath}`,
+        code: e.code || "PATH_ACCESS_ERROR",
+        suggestion: "Check that the path exists and you have read permissions",
+        nextSteps: [
+          "Verify the path is correct",
+          "Check file permissions",
+          "Ensure the directory exists",
+        ],
+      };
     }
   }
 
@@ -1067,6 +1107,16 @@ class VibecheckMCP {
   // SCAN
   // ============================================================================
   async handleScan(projectPath, args) {
+    // Validate project path first
+    const validation = this.validateProjectPath(projectPath);
+    if (!validation.valid) {
+      return this.error(validation.error, {
+        code: validation.code || "INVALID_PATH",
+        suggestion: validation.suggestion,
+        nextSteps: validation.nextSteps || [],
+      });
+    }
+
     const profile = args?.profile || "quick";
     const format = args?.format || "text";
     const only = args?.only;
@@ -1105,18 +1155,38 @@ class VibecheckMCP {
       }
 
       output += `\n📄 **Report:** .vibecheck/report.html\n`;
+      output += "\n---\n_Context Enhanced by vibecheck AI_\n";
+      return this.success(output);
     } catch (err) {
-      output += `\n⚠️ Scan error: ${err.message}\n`;
+      return this.error(`Scan failed: ${err.message}`, {
+        code: "SCAN_ERROR",
+        suggestion: "Check that the project path is valid and contains scanable code",
+        nextSteps: [
+          "Verify the project path is correct",
+          "Ensure you have read permissions",
+          "Check that required dependencies are installed",
+          "Try running: vibecheck scan --help",
+        ],
+      });
     }
-
-    output += "\n---\n_Context Enhanced by vibecheck AI_\n";
-    return this.success(output);
   }
 
   // ============================================================================
   // GATE
   // ============================================================================
   async handleGate(projectPath, args) {
+    // Check tier access (STARTER tier required)
+    const access = await checkFeatureAccess("gate", args?.apiKey);
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+
     const policy = args?.policy || "strict";
 
     let output = "# 🚦 vibecheck Gate\n\n";
@@ -1148,6 +1218,20 @@ class VibecheckMCP {
   // FIX MISSIONS v1
   // ============================================================================
   async handleFix(projectPath, args) {
+    // Check tier access for --apply and --autopilot (PRO tier required)
+    if (args?.apply || args?.autopilot) {
+      const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+      if (!access.hasAccess) {
+        return {
+          content: [{
+            type: "text",
+            text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}\n\nNote: --prompt-only mode is available for FREE tier.`
+          }],
+          isError: true
+        };
+      }
+    }
+
     const mode = args?.autopilot ? "Autopilot" : 
                  args?.apply ? "Apply" : 
                  args?.promptOnly ? "Prompt Only" : "Plan";
@@ -1319,6 +1403,18 @@ class VibecheckMCP {
   // PROVE - One Command Reality Proof
   // ============================================================================
   async handleProve(projectPath, args) {
+    // Check tier access (PRO tier required)
+    const access = await checkFeatureAccess("prove", args?.apiKey);
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+
     let output = "# 🔬 vibecheck prove\n\n";
     output += `**URL:** ${args?.url || "(static only)"}\n`;
     output += `**Max Fix Rounds:** ${args?.maxFixRounds || 3}\n\n`;
@@ -1787,9 +1883,21 @@ class VibecheckMCP {
   }
 
   // ============================================================================
-  // AUTOPILOT PLAN - Generate fix plan (Pro/Compliance)
+  // AUTOPILOT PLAN - Generate fix plan (PRO tier)
   // ============================================================================
   async handleAutopilotPlan(projectPath, args) {
+    // Check tier access (PRO tier required)
+    const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+
     let output = "# 🤖 vibecheck Autopilot Plan\n\n";
     output += `**Path:** ${projectPath}\n`;
     output += `**Profile:** ${args?.profile || "ship"}\n\n`;
@@ -1865,9 +1973,21 @@ class VibecheckMCP {
   }
 
   // ============================================================================
-  // AUTOPILOT APPLY - Apply fixes (Pro/Compliance)
+  // AUTOPILOT APPLY - Apply fixes (PRO tier)
   // ============================================================================
   async handleAutopilotApply(projectPath, args) {
+    // Check tier access (PRO tier required)
+    const access = await checkFeatureAccess("fix.apply_patches", args?.apiKey);
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+
     let output = "# 🔧 vibecheck Autopilot Apply\n\n";
     output += `**Path:** ${projectPath}\n`;
     output += `**Profile:** ${args?.profile || "ship"}\n`;
@@ -1919,6 +2039,18 @@ class VibecheckMCP {
   // BADGE - Generate ship badge
   // ============================================================================
   async handleBadge(projectPath, args) {
+    // Check tier access (STARTER tier required)
+    const access = await checkFeatureAccess("badge", args?.apiKey);
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nCurrent tier: ${access.tier}\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+
     const format = args?.format || "svg";
 
     let output = "# 🏅 vibecheck Badge\n\n";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vibecheck-mcp-server",
-  "version": "3.1.3",
+  "version": "3.1.6",
   "description": "Professional MCP server for vibecheck - Intelligent development environment vibechecks",
   "type": "module",
   "main": "index.js",
@@ -21,7 +21,7 @@
     "architecture"
   ],
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^0.5.0"
+    "@modelcontextprotocol/sdk": "^1.0.0"
   },
   "engines": {
     "node": ">=18.0.0"

package/premium-tools.js

@@ -417,19 +417,19 @@ export async function handlePremiumTool(name, args, logger) {
   
   // Map premium tools to required features (all require starter+)
   const featureMap = {
-    'run_ship': 'smells', // ship check requires starter+
-    'run_reality': 'smells', // reality mode requires starter+
-    'run_mockproof': 'smells', // mockproof requires starter+
-    'run_airlock': 'breaking', // supply chain analysis requires pro+
-    'get_last_run': 'verify', // basic access
-    'open_artifact': 'verify', // basic access
-    'rerun_last_check': 'verify', // basic access
-    'run_doctor': 'verify', // basic access
-    'edit_policies': 'breaking', // policy editing requires pro+
-    'explain_finding': 'quality', // explanations require starter+
-    'policy_patch': 'smells', // patching requires starter+
-    'enter_fix_mode': 'smells', // fix mode requires starter+
-    'get_status': 'verify' // status check is free
+    'run_ship': 'ship', // ship check is FREE (static-only)
+    'run_reality': 'reality.preview', // reality preview is FREE, full requires STARTER+
+    'run_mockproof': 'reality.full', // mockproof requires STARTER+
+    'run_airlock': 'prove', // supply chain analysis requires PRO
+    'get_last_run': 'scan', // basic access - FREE
+    'open_artifact': 'scan', // basic access - FREE
+    'rerun_last_check': 'scan', // basic access - FREE
+    'run_doctor': 'doctor', // doctor is FREE
+    'edit_policies': 'gate', // policy editing requires STARTER
+    'explain_finding': 'scan', // explanations are FREE
+    'policy_patch': 'gate', // patching requires STARTER
+    'enter_fix_mode': 'fix.plan_only', // fix mode planning is FREE, apply requires PRO
+    'get_status': 'status' // status check is FREE
   };
 
   const requiredFeature = featureMap[name];

package/tier-auth.js

@@ -8,27 +8,144 @@ import fs from "fs/promises";
 import path from "path";
 import os from "os";
 
-// Tier definitions
+// Tier definitions - MUST MATCH CLI entitlements-v2.js
 export const TIERS = {
   free: {
-    name: 'Free',
-    features: ['verify', 'quality', 'hallucination'],
-    limits: { scans: 10, projects: 1 }
+    name: 'FREE',
+    price: 0,
+    order: 0,
+    features: [
+      // Core commands
+      'scan', 'ship', 'ship.static',
+      // Setup
+      'init', 'init.local', 'doctor', 'status', 'install', 'preflight', 'watch', 'watch.local',
+      // AI Truth
+      'ctx', 'guard', 'context', 'mdc', 'contracts',
+      // Quality
+      'verify', 'quality', 'polish', 'checkpoint', 'checkpoint.basic',
+      // Fix (plan only)
+      'fix', 'fix.plan_only',
+      // Reality (preview)
+      'reality', 'reality.preview',
+      // MCP (help only)
+      'mcp.help_only',
+      // Report (html/md only)
+      'report', 'report.html_md',
+    ],
+    limits: { 
+      scans: 50, 
+      shipChecks: 20, 
+      realityMaxPages: 5, 
+      realityMaxClicks: 20, 
+      fixApplyPatches: false,
+      mcpRateLimit: 10, // requests per minute
+    },
+    // MCP tools allowed on FREE
+    mcpTools: ['vibecheck.status', 'vibecheck.get_truthpack'],
   },
   starter: {
-    name: 'Starter', 
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking'],
-    limits: { scans: 100, projects: 3 }
+    name: 'STARTER',
+    price: 39, // Updated pricing
+    order: 1,
+    features: [
+      // All FREE features plus...
+      // Init connect
+      'init.connect',
+      // Scan autofix
+      'scan.autofix',
+      // CI/CD
+      'gate', 'pr', 'badge', 'launch', 'dashboard_sync',
+      // Watch PR
+      'watch.pr',
+      // Report formats
+      'report.sarif_csv',
+      // Reality basic
+      'reality.basic',
+      // MCP read-only
+      'mcp', 'mcp.read_only',
+      // Ship full
+      'ship.full',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: 50, 
+      realityMaxClicks: 200, 
+      fixApplyPatches: false,
+      mcpRateLimit: 60, // requests per minute
+    },
+    // MCP tools allowed on STARTER (read-only safe tools)
+    mcpTools: [
+      'vibecheck.status',
+      'vibecheck.get_truthpack',
+      'vibecheck.scan',
+      'vibecheck.list_routes',
+      'vibecheck.list_env',
+      'vibecheck.get_findings',
+      'vibecheck.contracts_diff',
+      'vibecheck.validate_claim',
+      'vibecheck.compile_context',
+    ],
   },
   pro: {
-    name: 'Professional',
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking', 'mdc'],
-    limits: { scans: 1000, projects: 10 }
+    name: 'PRO',
+    price: 99,
+    order: 2,
+    features: [
+      // All STARTER features plus...
+      // Prove
+      'prove',
+      // Fix apply
+      'fix.apply_patches', 'fix.loop',
+      // Checkpoint advanced
+      'checkpoint.hallucination',
+      // Reality advanced
+      'reality.full', 'reality.advanced_auth_boundary',
+      // Premium
+      'replay', 'share', 'ai-test', 'permissions', 'graph',
+      // MCP full
+      'mcp.full',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: -1, 
+      realityMaxClicks: -1, 
+      fixApplyPatches: true,
+      mcpRateLimit: -1, // unlimited
+    },
+    // MCP tools allowed on PRO (full suite)
+    mcpTools: [
+      // All STARTER tools plus...
+      'vibecheck.generate_mission',
+      'vibecheck.verify_patch',
+      'vibecheck.explain_evidence',
+      'vibecheck.fix',
+      'vibecheck.proof',
+      'vibecheck.prove',
+      'vibecheck.ship',
+      'vibecheck.reality',
+      'vibecheck.permissions',
+      'vibecheck.graph',
+    ],
   },
-  enterprise: {
-    name: 'Enterprise',
-    features: ['verify', 'quality', 'hallucination', 'smells', 'breaking', 'mdc'],
-    limits: { scans: -1, projects: -1 } // unlimited
+  compliance: {
+    name: 'COMPLIANCE',
+    price: 0, // Enterprise/on-prem
+    order: 3,
+    features: [
+      // All PRO features plus...
+      'report.compliance_packs',
+    ],
+    limits: { 
+      scans: -1, 
+      shipChecks: -1, 
+      realityMaxPages: -1, 
+      realityMaxClicks: -1, 
+      fixApplyPatches: true,
+      mcpRateLimit: -1,
+    },
+    mcpTools: ['*'], // All tools
   }
 };
 
@@ -47,20 +164,25 @@ async function loadUserConfig() {
 
 /**
  * Determine tier from API key
+ * Matches CLI entitlements-v2.js logic
  */
 function getTierFromApiKey(apiKey) {
   if (!apiKey) return 'free';
   
+  // Check API key prefix patterns (matches CLI)
   if (apiKey.startsWith('gr_starter_')) return 'starter';
   if (apiKey.startsWith('gr_pro_')) return 'pro';
-  if (apiKey.startsWith('gr_ent_')) return 'enterprise';
+  if (apiKey.startsWith('gr_compliance_') || apiKey.startsWith('gr_ent_')) return 'compliance';
   if (apiKey.startsWith('gr_free_')) return 'free';
   
+  // Try to fetch from API (same as CLI)
+  // For now, default to free - API lookup would happen in production
   return 'free'; // default for unknown keys
 }
 
 /**
  * Check if user has access to a specific feature
+ * Matches CLI entitlements-v2.js logic
  */
 export async function checkFeatureAccess(featureName, providedApiKey = null) {
   // Try to load user config
@@ -76,25 +198,47 @@ export async function checkFeatureAccess(featureName, providedApiKey = null) {
     };
   }
   
-  const tier = getTierFromApiKey(apiKey);
-  const tierConfig = TIERS[tier];
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
   
-  if (!tierConfig.features.includes(featureName)) {
-    const requiredTier = Object.entries(TIERS).find(([_, config]) => 
-      config.features.includes(featureName)
-    )?.[0];
-    
+  // Find which tier has this feature
+  let requiredTier = null;
+  let requiredTierConfig = null;
+  
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.features.includes(featureName)) {
+      requiredTier = tierName;
+      requiredTierConfig = tierConfig;
+      break;
+    }
+  }
+  
+  // If feature not found in any tier, deny access
+  if (!requiredTier) {
     return {
       hasAccess: false,
-      tier,
-      reason: `${featureName} requires ${requiredTier} tier or higher`,
+      tier: currentTier,
+      reason: `${featureName} is not available in any tier`,
+      upgradeUrl: 'https://vibecheckai.dev/pricing'
+    };
+  }
+  
+  // Check if current tier meets minimum requirement (using order)
+  const hasAccess = currentTierConfig.order >= requiredTierConfig.order;
+  
+  if (!hasAccess) {
+    return {
+      hasAccess: false,
+      tier: currentTier,
+      requiredTier,
+      reason: `${featureName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo) or higher. Current tier: ${currentTierConfig.name}`,
       upgradeUrl: 'https://vibecheckai.dev/pricing'
     };
   }
   
   return {
     hasAccess: true,
-    tier,
+    tier: currentTier,
     reason: 'Access granted'
   };
 }
@@ -122,6 +266,93 @@ export function withTierCheck(featureName, handler) {
   };
 }
 
+/**
+ * Check if user has access to a specific MCP tool
+ * MCP tools have specific tier requirements separate from CLI features
+ */
+export async function checkMcpToolAccess(toolName, providedApiKey = null) {
+  const userConfig = await loadUserConfig();
+  const apiKey = providedApiKey || userConfig?.apiKey;
+  
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
+  
+  // Check if tool is allowed for current tier
+  const allowedTools = [];
+  
+  // Accumulate tools from current tier and all lower tiers
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.order <= currentTierConfig.order) {
+      if (tierConfig.mcpTools) {
+        if (tierConfig.mcpTools.includes('*')) {
+          // Compliance tier - all tools allowed
+          return {
+            hasAccess: true,
+            tier: currentTier,
+            reason: 'Full MCP access'
+          };
+        }
+        allowedTools.push(...tierConfig.mcpTools);
+      }
+    }
+  }
+  
+  // Check if tool is in allowed list
+  const hasAccess = allowedTools.includes(toolName);
+  
+  if (!hasAccess) {
+    // Find which tier has this tool
+    let requiredTier = null;
+    for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+      if (tierConfig.mcpTools?.includes(toolName) || tierConfig.mcpTools?.includes('*')) {
+        requiredTier = tierName;
+        break;
+      }
+    }
+    
+    const requiredTierConfig = requiredTier ? TIERS[requiredTier] : null;
+    
+    return {
+      hasAccess: false,
+      tier: currentTier,
+      requiredTier,
+      reason: requiredTierConfig 
+        ? `${toolName} requires ${requiredTierConfig.name} tier ($${requiredTierConfig.price}/mo). Current: ${currentTierConfig.name}`
+        : `${toolName} is not available`,
+      upgradeUrl: 'https://vibecheckai.dev/pricing'
+    };
+  }
+  
+  return {
+    hasAccess: true,
+    tier: currentTier,
+    reason: 'Access granted'
+  };
+}
+
+/**
+ * Middleware for MCP tool handlers with tool-specific checking
+ */
+export function withMcpToolCheck(toolName, handler) {
+  return async (args) => {
+    const access = await checkMcpToolAccess(toolName, args?.apiKey);
+    
+    if (!access.hasAccess) {
+      return {
+        content: [{
+          type: "text",
+          text: `🚫 UPGRADE REQUIRED\n\n${access.reason}\n\nUpgrade at: ${access.upgradeUrl}`
+        }],
+        isError: true
+      };
+    }
+    
+    // Add tier info to args for the handler
+    args._tier = access.tier;
+    return handler(args);
+  };
+}
+
 /**
  * Get current user info
  */
@@ -136,12 +367,46 @@ export async function getUserInfo() {
   }
   
   const tier = getTierFromApiKey(config.apiKey);
+  const tierConfig = TIERS[tier];
+  
   return {
     authenticated: true,
     tier,
     email: config.email,
     authenticatedAt: config.authenticatedAt,
-    features: TIERS[tier].features,
-    limits: TIERS[tier].limits
+    features: tierConfig.features,
+    limits: tierConfig.limits,
+    mcpTools: tierConfig.mcpTools,
+  };
+}
+
+/**
+ * Get list of MCP tools available for current tier
+ */
+export async function getAvailableMcpTools(providedApiKey = null) {
+  const userConfig = await loadUserConfig();
+  const apiKey = providedApiKey || userConfig?.apiKey;
+  
+  const currentTier = getTierFromApiKey(apiKey);
+  const currentTierConfig = TIERS[currentTier];
+  
+  const allowedTools = new Set();
+  
+  // Accumulate tools from current tier and all lower tiers
+  for (const [tierName, tierConfig] of Object.entries(TIERS)) {
+    if (tierConfig.order <= currentTierConfig.order) {
+      if (tierConfig.mcpTools) {
+        if (tierConfig.mcpTools.includes('*')) {
+          return { tier: currentTier, tools: ['*'], unlimited: true };
+        }
+        tierConfig.mcpTools.forEach(t => allowedTools.add(t));
+      }
+    }
+  }
+  
+  return {
+    tier: currentTier,
+    tools: Array.from(allowedTools),
+    unlimited: false
   };
 }

package/vibecheck-tools.js

@@ -278,16 +278,16 @@ export const VIBECHECK_TOOLS = [
 export async function handleVibecheckTool(toolName, args) {
   const projectPath = path.resolve(args.projectPath || ".");
 
-  // Map tools to required features
+  // Map tools to required features (matches CLI entitlements-v2.js)
   const featureMap = {
-    "vibecheck.verify": "verify",
-    "vibecheck.quality": "quality", 
-    "vibecheck.smells": "smells",
-    "vibecheck.hallucination": "hallucination",
-    "vibecheck.breaking": "breaking",
-    "vibecheck.mdc": "mdc",
-    "vibecheck.coverage": "quality", // map to quality tier
-    "vibecheck.autofix": "smells" // map to smells tier (fix requires starter+)
+    "vibecheck.verify": "verify", // FREE
+    "vibecheck.quality": "quality", // FREE
+    "vibecheck.smells": "smells", // STARTER
+    "vibecheck.hallucination": "hallucination", // FREE
+    "vibecheck.breaking": "breaking", // STARTER
+    "vibecheck.mdc": "mdc", // FREE
+    "vibecheck.coverage": "quality", // FREE
+    "vibecheck.autofix": "fix.apply_patches" // PRO (auto-apply requires PRO)
   };
 
   const requiredFeature = featureMap[toolName];