Strict Mode

Changelog

What’s shipped.

Releases land here as they go out. The recipes update server-side; you don’t need to do anything to receive them.

  1. 0.3.0

    May 7, 2026

    • Capability-based plans. Recipes used to name MCP tool ids directly (“Stripe: create_webhook_endpoint”), which silently broke when the connected MCP exposed different tools. Plans now describe the action in plain English and let your agent pick the matching tool from the connected provider's MCP. Stripe, Neon, Vercel, PostHog, and Resend are still named, but specific tool ids are gone.
    • Forced elicitation. init_project and add_copy now use a dedicated elicit_user step that the agent must pause for, even in auto/yolo mode. Previous runs were silently auto-filling the positioning interview and shipping fabricated copy.
    • Deployment via git push, not vercel deploy. Recipes set env vars on Vercel via the dashboard or Vercel MCP, then push to the connected branch. Strict Mode never runs vercel deploy or vercel env add directly.
    • No accent borders in landing-page recipes. add_landing now bans coloured top/left card borders explicitly. They look amateur and AI-generated; whitespace and weight do the work instead.
    • context7 wired in as a first-class plan step. Every recipe that authors SDK code now emits a consult_docs step before the author_file, so agents pull current API surfaces from context7 instead of training data.
    • agent-browser install hints. Verification steps that need a real browser snapshot (homepage 12-second test, cookie banner test) start with a which agent-browser check and a brew install agent-browser hint if missing.
    • add_legal writes a recovery checklist first. Interrupted runs now leave a docs/legal-checklist.md so partial scaffolds are recoverable.
    • add_payments preflight refuses read-only Stripe keys. The most expensive failure mode in the previous version was a read-only key falling back to the Stripe CLI and creating duplicate live products. The plan now requires write access up front.

  2. 0.2.0

    May 7, 2026

    • Adversarial security review. The new audit_security recipe runs an explicit category checklist (logic, edge cases, error handling, security, data integrity) and auto-fixes anything CRITICAL or HIGH inline before reporting back.
    • Marketing-grade copy. add_copy runs a positioning interview to pin down your one-line pitch, drafts under a stickiness filter, then makes a humaniser pass with an embedded vocabulary blocklist so the result doesn’t read like AI wrote it.
    • Landing page scaffolding. add_landing builds a Hero, Features, Pricing, FAQ, and Footer with the visual hierarchy, scannable copy density, and CTAs that hold up to a senior designer’s review.
    • Observability wired up. add_observability scaffolds PostHog (browser provider with App Router pageview tracking, server client with per-event flush) and Vercel Analytics through the official PostHog MCP.
    • Legal templates. add_legal scaffolds terms, privacy policy, contact page, cookie banner, and an optional GDPR data-deletion endpoint. Each page ships with a yellow review banner that asks you to send templates past a lawyer in your jurisdiction.
    • Hardened agentic-quality setup. init_project now adds knip dead-code detection, a tsconfig with noUncheckedIndexedAccess, and a two-speed lint pattern (lint:quick after every edit, full check before commit).

  3. 0.1.0

    May 6, 2026

    • Strict Mode is live. The MCP server is deployed; your agent can connect today.
    • Initial scaffolding recipes: Next.js app, Stripe checkout, Neon database, Vercel deploy. All orchestrated through your authenticated MCPs.
    • Compatible with any MCP-speaking agent: Claude Code, Cursor, Codex, Claude Desktop, GitHub Copilot, Gemini CLI, OpenCode, Windsurf.
    • Idempotent re-runs: scaffolding tools detect existing state and skip finished work.
    • Secrets stay local. Strict Mode never reads, stores, or transmits your keys.