kunthawat/moreminimore-vibe
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
beb777bd546f930466a80a4352de4ab67392cfde
moreminimore-vibe/testing
History
Will Chen c50527b4c0 Security Panel MVP (#1660) 
TODOs:

- [x] Add documentation
- [x] e2e tests: run security review, update knowledge, and fix issue
- [x] more stringent risk rating


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Introduces a new Security mode with a Security Review panel that runs
reviews, edits rules, parses findings via IPC, and supports fixing
issues, with tests and prompt/runtime support.
> 
> - **UI/Preview Panel**:
> - Add `security` preview mode to `previewModeAtom` and ActionHeader
(Shield button).
> - New `SecurityPanel` showing findings table (sorted by severity), run
review, fix issue flow, and edit `SECURITY_RULES.md` dialog.
>   - Wire into `PreviewPanel` content switch.
> - **Hooks**:
>   - `useSecurityReview(appId)`: fetch latest review via IPC.
> - `useStreamChat`: add `onSettled` callback to invoke refreshes after
streams.
> - **IPC/Main**:
> - `security_handlers`: `get-latest-security-review` parses
`<dyad-security-finding>` from latest assistant message.
>   - Register handler in `ipc_host`; expose channel in `preload`.
>   - `ipc_client`: add `getLatestSecurityReview(appId)`.
> - `chat_stream_handlers`: detect `/security-review`, use dedicated
system prompt, optionally append `SECURITY_RULES.md`, suppress
Supabase-not-available note in this mode.
> - **Prompts**:
> - Add `SECURITY_REVIEW_SYSTEM_PROMPT` with structured finding output.
> - **Supabase**:
> - Enhance schema query to include `rls_enabled`, split policy
`using_clause`/`with_check_clause`.
> - **E2E Tests**:
> - New `security_review.spec.ts` plus snapshots and fixture findings;
update test helper for `security` mode and findings table snapshot.
> - Fake LLM server streams security findings for `/security-review` and
increases batch size.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5022d01e22a2dd929a968eeba0da592e0aeece01. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-10-29 17:32:52 -07:00
..
fake-llm-server
Security Panel MVP (#1660)
2025-10-29 17:32:52 -07:00
fake-stdio-mcp-server.mjs
Add MCP support (#1028)
2025-09-19 15:43:39 -07:00
README.md
Add MCP support (#1028)
2025-09-19 15:43:39 -07:00
run-fake-stdio-mcp-server.sh
Add MCP support (#1028)
2025-09-19 15:43:39 -07:00

README.md

Fake stdio MCP server

This directory contains a minimal stdio MCP server for local testing.

  • Tools:
    • calculator_add: adds two numbers. Inputs: a (number), b (number).
    • print_envs: returns all environment variables visible to the server as pretty JSON.

Requirements

  • Node 20+ (same as the repo engines)
  • Uses the repo dependency @modelcontextprotocol/sdk and zod

Launch

  • Via Node:

    node testing/fake-stdio-mcp-server.mjs

  • Via script (adds a stable entrypoint path):

    testing/run-fake-stdio-mcp-server.sh

Passing environment variables

Environment variables provided when launching (either from your shell or by the app) will be visible to the print_envs tool.

export FOO=bar
export SECRET_TOKEN=example
testing/run-fake-stdio-mcp-server.sh

Integrating with Dyad (stdio MCP)

When adding a stdio MCP server in the app, use:

  • Command: testing/run-fake-stdio-mcp-server.sh (absolute path recommended)
  • Transport: stdio
  • Args: leave empty (not required)
  • Env: optional key/values (e.g., FOO=bar)

Once connected, you should see the two tools listed:

  • calculator_add
  • print_envs