Code-MCP

import { z } from "zod"; /** * Project Tracker Tool * Tracks project structure, files, and architecture */ export const trackProjectSchema = { name: "track_project", description: "Analyzes and tracks project structure, keeping inventory of all files, folders, and their purposes. Use at project start and after major changes.", inputSchema: z.object({ projectPath: z.string().describe("Root path of the project"), projectName: z.string().describe("Name of the project"), techStack: z.array(z.string()).optional().describe("Technologies used") }) }; export function trackProjectHandler(args: any) { const { projectPath, projectName, techStack = [] } = args; const tracking = `# Project Tracking: ${projectName} ## Project Root \`${projectPath}\` ## Tech Stack ${techStack.length > 0 ? techStack.map((t: string) => `- ${t}`).join("\n") : "Not specified"} --- ## Recommended Structure ### For Web Projects \`\`\` ${projectName}/ ├── src/ # Source code │ ├── components/ # UI components │ ├── pages/ # Page components │ ├── hooks/ # Custom hooks │ ├── utils/ # Utility functions │ ├── services/ # API services │ ├── types/ # TypeScript types │ └── styles/ # Global styles ├── public/ # Static assets ├── tests/ # Test files ├── docs/ # Documentation ├── .github/ # GitHub config │ └── workflows/ # GitHub Actions ├── package.json ├── tsconfig.json ├── README.md └── .gitignore \`\`\` ### For API Projects \`\`\` ${projectName}/ ├── src/ │ ├── controllers/ # Route handlers │ ├── services/ # Business logic │ ├── models/ # Data models │ ├── middleware/ # Custom middleware │ ├── routes/ # Route definitions │ ├── utils/ # Helpers │ └── config/ # Configuration ├── tests/ ├── migrations/ # Database migrations ├── docs/ └── docker-compose.yml \`\`\` ## File Tracking Checklist - [ ] README.md - Project documentation - [ ] package.json - Dependencies & scripts - [ ] .gitignore - Git ignore patterns - [ ] .env.example - Environment template - [ ] tsconfig.json - TypeScript config - [ ] Dockerfile - Container definition - [ ] docker-compose.yml - Container orchestration ## Best Practices 1. Keep related files together (feature-based) 2. Separate concerns (logic, UI, data) 3. Use consistent naming conventions 4. Document as you go 5. Track all new files added `; return { content: [{ type: "text", text: tracking }] }; } /** * Check Dependencies Tool * Monitors dependencies for issues */ export const checkDependenciesSchema = { name: "check_dependencies", description: "Analyzes project dependencies for security vulnerabilities, deprecations, and outdated packages. Essential for maintaining healthy projects.", inputSchema: z.object({ packageManager: z.enum(["npm", "yarn", "pnpm", "pip", "cargo"]).describe("Package manager to check"), packageFile: z.string().optional().describe("Path to package file (package.json, requirements.txt, etc.)") }) }; export function checkDependenciesHandler(args: any) { const { packageManager } = args; const commands: Record<string, { audit: string; outdated: string; update: string }> = { npm: { audit: "npm audit", outdated: "npm outdated", update: "npm update" }, yarn: { audit: "yarn audit", outdated: "yarn outdated", update: "yarn upgrade" }, pnpm: { audit: "pnpm audit", outdated: "pnpm outdated", update: "pnpm update" }, pip: { audit: "pip-audit", outdated: "pip list --outdated", update: "pip install --upgrade" }, cargo: { audit: "cargo audit", outdated: "cargo outdated", update: "cargo update" } }; const cmds = commands[packageManager]; const check = `# Dependency Health Check ## Package Manager: ${packageManager} --- ## Commands to Run ### 1. Security Audit \`\`\`bash ${cmds.audit} \`\`\` Checks for known vulnerabilities in dependencies. ### 2. Check Outdated \`\`\`bash ${cmds.outdated} \`\`\` Lists packages with newer versions available. ### 3. Update Dependencies \`\`\`bash ${cmds.update} \`\`\` Updates to latest compatible versions. --- ## Dependency Best Practices ### Security - [ ] Run audit before every release - [ ] Enable Dependabot/Renovate for automatic updates - [ ] Review changelogs before major updates - [ ] Pin versions in production ### Maintenance - [ ] Update dependencies monthly - [ ] Remove unused dependencies - [ ] Avoid deprecated packages - [ ] Lock file committed to git ### Automated Tools - **Snyk**: Free security scanning - **Dependabot**: Auto-update PRs - **Renovate**: Advanced dependency management - **npm-check**: Interactive updates ## Docker Security Scanning \`\`\`bash docker scout cves <image> # Scan for vulnerabilities docker scout quickview <image> # Quick security overview docker scout recommendations # Get fix recommendations \`\`\` ## GitHub Actions Integration Add to \`.github/workflows/security.yml\`: \`\`\`yaml name: Security Scan on: [push, pull_request] jobs: audit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: npm audit --audit-level=high \`\`\` `; return { content: [{ type: "text", text: check }] }; } /** * Generate GitHub Actions Tool * Creates CI/CD workflows */ export const generateGitHubActionsSchema = { name: "generate_github_actions", description: "Generates GitHub Actions workflow files for CI/CD, testing, security scanning, and deployment.", inputSchema: z.object({ projectType: z.enum(["node", "python", "rust", "go", "docker"]).describe("Type of project"), features: z.array(z.enum(["test", "lint", "build", "deploy", "security", "release"])).describe("Features to include") }) }; export function generateGitHubActionsHandler(args: any) { const { projectType, features } = args; const workflows: string[] = []; if (features.includes("test") || features.includes("lint") || features.includes("build")) { const ciSteps = []; if (projectType === "node") { ciSteps.push(` - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: '20' cache: 'npm' - run: npm ci`); if (features.includes("lint")) ciSteps.push(` - run: npm run lint`); if (features.includes("test")) ciSteps.push(` - run: npm test`); if (features.includes("build")) ciSteps.push(` - run: npm run build`); } else if (projectType === "python") { ciSteps.push(` - uses: actions/checkout@v4 - uses: actions/setup-python@v5 with: python-version: '3.12' - run: pip install -r requirements.txt`); if (features.includes("lint")) ciSteps.push(` - run: ruff check .`); if (features.includes("test")) ciSteps.push(` - run: pytest`); } workflows.push(`# .github/workflows/ci.yml name: CI on: push: branches: [main] pull_request: branches: [main] jobs: build: runs-on: ubuntu-latest steps: ${ciSteps.join("\n")}`); } if (features.includes("security")) { workflows.push(`# .github/workflows/security.yml name: Security Scan on: push: branches: [main] schedule: - cron: '0 0 * * 0' # Weekly jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run security audit run: ${projectType === "node" ? "npm audit --audit-level=high" : projectType === "python" ? "pip-audit" : "cargo audit"} - name: Dependency review uses: actions/dependency-review-action@v4 if: github.event_name == 'pull_request'`); } const result = `# GitHub Actions Workflows ## Generated Workflows for ${projectType} ${workflows.join("\n\n---\n\n")} --- ## Additional Recommended Workflows ### Dependabot Config Create \`.github/dependabot.yml\`: \`\`\`yaml version: 2 updates: - package-ecosystem: "${projectType === "node" ? "npm" : projectType === "python" ? "pip" : projectType}" directory: "/" schedule: interval: "weekly" open-pull-requests-limit: 10 \`\`\` ### Branch Protection Enable in GitHub Settings: - Require PR reviews - Require status checks (CI must pass) - Require up-to-date branches `; return { content: [{ type: "text", text: result }] }; } /** * Full Stack Scaffold Tool * Creates complete project structures */ export const fullStackScaffoldSchema = { name: "full_stack_scaffold", description: "Generates a complete full-stack project structure with all necessary files and configurations. One command to create a production-ready project.", inputSchema: z.object({ projectName: z.string().describe("Name of the project"), frontend: z.enum(["react", "vue", "svelte", "next", "none"]).describe("Frontend framework"), backend: z.enum(["express", "fastapi", "django", "nestjs", "none"]).describe("Backend framework"), database: z.enum(["postgresql", "mongodb", "sqlite", "none"]).describe("Database"), features: z.array(z.string()).optional().describe("Additional features") }) }; export function fullStackScaffoldHandler(args: any) { const { projectName, frontend, backend, database, features = [] } = args; const scaffold = `# Full Stack Scaffold: ${projectName} ## Stack Configuration - **Frontend**: ${frontend} - **Backend**: ${backend} - **Database**: ${database} - **Features**: ${features.join(", ") || "Standard"} --- ## Project Structure \`\`\` ${projectName}/ ├── frontend/ # ${frontend !== "none" ? frontend.toUpperCase() + " App" : "N/A"} ${frontend !== "none" ? `│ ├── src/ │ ├── public/ │ ├── package.json │ └── vite.config.ts` : ""} ├── backend/ # ${backend !== "none" ? backend.toUpperCase() + " API" : "N/A"} ${backend !== "none" ? `│ ├── src/ │ │ ├── controllers/ │ │ ├── services/ │ │ ├── models/ │ │ └── routes/ │ ├── tests/ │ └── package.json` : ""} ├── database/ # ${database !== "none" ? database + " Config" : "N/A"} ${database !== "none" ? `│ ├── migrations/ │ └── seeds/` : ""} ├── docker/ │ ├── Dockerfile.frontend │ ├── Dockerfile.backend │ └── docker-compose.yml ├── .github/ │ └── workflows/ │ ├── ci.yml │ └── deploy.yml ├── docs/ │ ├── api.md │ └── setup.md ├── .env.example ├── .gitignore ├── README.md └── Makefile \`\`\` ## Setup Commands \`\`\`bash # Create project mkdir ${projectName} && cd ${projectName} # Initialize ${frontend !== "none" ? `npm create vite@latest frontend -- --template ${frontend === "react" ? "react-ts" : frontend}` : ""} ${backend === "express" ? `mkdir backend && cd backend && npm init -y && npm i express typescript @types/express` : ""} ${backend === "fastapi" ? `mkdir backend && cd backend && python -m venv venv && pip install fastapi uvicorn` : ""} # Database ${database === "postgresql" ? "docker run -d --name postgres -e POSTGRES_PASSWORD=secret -p 5432:5432 postgres" : ""} ${database === "mongodb" ? "docker run -d --name mongo -p 27017:27017 mongo" : ""} \`\`\` ## Docker Compose \`\`\`yaml version: '3.8' services: ${frontend !== "none" ? ` frontend: build: ./docker/Dockerfile.frontend ports: - "3000:3000" depends_on: - backend` : ""} ${backend !== "none" ? ` backend: build: ./docker/Dockerfile.backend ports: - "8000:8000" environment: - DATABASE_URL=\${DATABASE_URL}` : ""} ${database !== "none" ? ` database: image: ${database} ports: - "${database === "postgresql" ? "5432:5432" : database === "mongodb" ? "27017:27017" : ""}"\n volumes: - db_data:/var/lib/${database === "postgresql" ? "postgresql/data" : database === "mongodb" ? "mongodb" : "data"}` : ""} volumes: db_data: \`\`\` ## Next Steps 1. [ ] Clone/create repository 2. [ ] Set up environment variables 3. [ ] Install dependencies 4. [ ] Set up database 5. [ ] Run development servers 6. [ ] Configure CI/CD `; return { content: [{ type: "text", text: scaffold }] }; } /** * Developer Rules Tool * Enforces best practices */ export const developerRulesSchema = { name: "developer_rules", description: "Provides comprehensive developer rules and checklists for maintaining high-quality, secure code.", inputSchema: z.object({ category: z.enum(["security", "performance", "maintainability", "all"]).describe("Category of rules") }) }; export function developerRulesHandler(args: any) { const { category } = args; const rules = `# Developer Rules & Best Practices ## Category: ${category} --- ${category === "security" || category === "all" ? ` ## 🔒 Security Rules ### Dependencies - [ ] Run \`npm audit\` before every release - [ ] Enable automated security updates (Dependabot) - [ ] Never use deprecated packages - [ ] Review dependency changelogs before updating - [ ] Pin production dependencies to exact versions ### Code Security - [ ] Validate ALL user inputs (server-side) - [ ] Use parameterized queries (prevent SQL injection) - [ ] Escape output (prevent XSS) - [ ] Implement proper authentication (OAuth, JWT) - [ ] Use HTTPS everywhere - [ ] Set security headers (CSP, HSTS, X-Frame-Options) ### Secrets - [ ] NEVER commit secrets to git - [ ] Use environment variables - [ ] Rotate keys regularly - [ ] Use secret managers (Vault, AWS Secrets) ### Docker Security - [ ] Scan images: \`docker scout cves <image>\` - [ ] Use official base images - [ ] Run as non-root user - [ ] Keep images minimal (Alpine) ` : ""} ${category === "performance" || category === "all" ? ` ## ⚡ Performance Rules ### Code - [ ] Profile before optimizing - [ ] Use appropriate data structures - [ ] Avoid N+1 queries - [ ] Implement caching where appropriate - [ ] Lazy load heavy resources ### Frontend - [ ] Bundle & minify assets - [ ] Optimize images (WebP, lazy loading) - [ ] Use CDN for static assets - [ ] Implement code splitting - [ ] Add proper caching headers ### Backend - [ ] Use connection pooling - [ ] Implement request rate limiting - [ ] Add database indexes - [ ] Use async/await properly - [ ] Monitor memory usage ` : ""} ${category === "maintainability" || category === "all" ? ` ## 🔧 Maintainability Rules ### Code Quality - [ ] Follow language style guides - [ ] Use linters (ESLint, Pylint, etc.) - [ ] Write self-documenting code - [ ] Keep functions small (<50 lines) - [ ] DRY - Don't Repeat Yourself ### Documentation - [ ] Maintain README.md - [ ] Document public APIs - [ ] Write clear commit messages - [ ] Create Architecture Decision Records ### Testing - [ ] Write tests before/with code - [ ] Aim for >80% coverage - [ ] Test edge cases - [ ] Run tests in CI/CD ### Git - [ ] Use feature branches - [ ] Write descriptive PRs - [ ] Review code before merging - [ ] Keep commits atomic ` : ""} --- ## Automated Enforcement ### Pre-commit Hooks \`\`\`bash npx husky install npx husky add .husky/pre-commit "npm run lint && npm test" \`\`\` ### CI/CD Checks - Lint on every push - Test on every PR - Security scan weekly - Dependency updates automated `; return { content: [{ type: "text", text: rules }] }; }