Refactor: Restore MCP server, CLI debug commands, and FlowAnalyzer fu…

.github/workflows/code-quality.yml

@@ -1,10 +1,11 @@
+---
 name: Code Quality
 
 on:
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
   push:
-    branches: [ main ]
+    branches: [main]
 
 permissions:
   contents: read

.github/workflows/pr-required.yml

@@ -1,3 +1,4 @@
+---
 name: PR Required
 
 on:

.github/workflows/release.yml

@@ -1,3 +1,4 @@
+---
 name: Release
 
 on:
@@ -37,7 +38,8 @@ jobs:
           echo "" >> release_notes.md
           git log --pretty=format:"* %s (%h)" ${{ steps.semver.outputs.current }}..HEAD >> release_notes.md
           echo "" >> release_notes.md
-          echo "**Full Changelog**: https://github.com/${{ github.repository }}/compare/${{ steps.semver.outputs.current }}...${{ steps.semver.outputs.next }}" >> release_notes.md
+          CHANGELOG_LINE="**Full Changelog**: https://github.com/${{ github.repository }}/compare/${{ steps.semver.outputs.current }}...${{ steps.semver.outputs.next }}"
+          echo "$CHANGELOG_LINE" >> release_notes.md
 
       - name: Update Version File
         if: steps.semver.outputs.next != ''
@@ -66,37 +68,47 @@ jobs:
             fi
           done
 
-          git log --pretty=format:"%s" ${{ steps.semver.outputs.current }}..HEAD | grep -E "^feat(\(.*\))?:" | sed 's/^feat(\(.*\))://' | sed 's/^feat://' | while read -r msg; do
-            echo "- $msg" >> new_section.md
-          done
+          git log --pretty=format:"%s" ${{ steps.semver.outputs.current }}..HEAD \
+            | grep -E "^feat(\(.*\))?:" \
+            | sed 's/^feat(\(.*\))://' \
+            | sed 's/^feat://' \
+            | while read -r msg; do echo "- $msg" >> new_section.md; done
 
           # Check for fixes
           if git log --pretty=format:"%s" ${{ steps.semver.outputs.current }}..HEAD | grep -qE "^fix(\(.*\))?:"; then
             echo "" >> new_section.md
             echo "### Fixed" >> new_section.md
-            git log --pretty=format:"%s" ${{ steps.semver.outputs.current }}..HEAD | grep -E "^fix(\(.*\))?:" | sed 's/^fix(\(.*\))://' | sed 's/^fix://' | while read -r msg; do
-              echo "- $msg" >> new_section.md
-            done
+            git log --pretty=format:"%s" ${{ steps.semver.outputs.current }}..HEAD \
+              | grep -E "^fix(\(.*\))?:" \
+              | sed 's/^fix(\(.*\))://' \
+              | sed 's/^fix://' \
+              | while read -r msg; do echo "- $msg" >> new_section.md; done
           fi
 
           # Check for breaking changes
           if git log --pretty=format:"%B" ${{ steps.semver.outputs.current }}..HEAD | grep -q "BREAKING CHANGE:"; then
             echo "" >> new_section.md
             echo "### BREAKING CHANGES" >> new_section.md
-            git log --pretty=format:"%B" ${{ steps.semver.outputs.current }}..HEAD | grep -A1 "BREAKING CHANGE:" | grep -v "BREAKING CHANGE:" | grep -v "^--$" | while read -r msg; do
-              [ -n "$msg" ] && echo "- $msg" >> new_section.md
-            done
+            git log --pretty=format:"%B" ${{ steps.semver.outputs.current }}..HEAD \
+              | grep -A1 "BREAKING CHANGE:" \
+              | grep -v "BREAKING CHANGE:" \
+              | grep -v "^--$" \
+              | while read -r msg; do [ -n "$msg" ] && echo "- $msg" >> new_section.md; done
           fi
 
           echo "" >> new_section.md
 
           # Insert new section after [Unreleased] section
-          awk '/## \[Unreleased\]/ {print; getline; print; print ""; system("cat new_section.md"); next} 1' CHANGELOG.md > CHANGELOG.tmp
+          awk '/## \[Unreleased\]/ {print; getline; print; print ""; system("cat new_section.md"); next} 1' \
+            CHANGELOG.md > CHANGELOG.tmp
           mv CHANGELOG.tmp CHANGELOG.md
 
           # Update links section
-          echo "[Unreleased]: https://github.com/${{ github.repository }}/compare/v${{ steps.semver.outputs.nextStrict }}...HEAD" >> CHANGELOG.md
-          echo "[${{ steps.semver.outputs.nextStrict }}]: https://github.com/${{ github.repository }}/compare/v${{ steps.semver.outputs.current }}...v${{ steps.semver.outputs.nextStrict }}" >> CHANGELOG.md
+          UNRELEASED_LINK="[Unreleased]: https://github.com/${{ github.repository }}/compare/v${{ steps.semver.outputs.nextStrict }}...HEAD"
+          echo "$UNRELEASED_LINK" >> CHANGELOG.md
+
+          NEXT_VERSION_LINK="[${{ steps.semver.outputs.nextStrict }}]: https://github.com/${{ github.repository }}/compare/v${{ steps.semver.outputs.current }}...v${{ steps.semver.outputs.nextStrict }}"
+          echo "$NEXT_VERSION_LINK" >> CHANGELOG.md
 
           rm new_section.md
 

.github/workflows/security.yml

@@ -1,10 +1,11 @@
+---
 name: Security Checks
 
 on:
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
   push:
-    branches: [ main ]
+    branches: [main]
 
 permissions:
   contents: read
@@ -51,13 +52,15 @@ jobs:
           python -m pip install --upgrade pip
           pip install bandit[toml] safety semgrep
 
-      - name: Run Bandit
-        run: |
-          bandit -r alicemultiverse -f json -o bandit-report.json -ll --skip B101,B601
-          echo "## Bandit Security Scan Results" >> $GITHUB_STEP_SUMMARY
-          echo '```json' >> $GITHUB_STEP_SUMMARY
-          cat bandit-report.json | python -m json.tool >> $GITHUB_STEP_SUMMARY
-          echo '```' >> $GITHUB_STEP_SUMMARY
+      - name: Run Bandit Security Scan
+        uses: PyCQA/bandit-action@v1
+        with:
+          targets: "alicemultiverse"
+          severity: "medium"  # Equivalent to -ll
+          confidence: "medium"
+          skips: "B101,B601"  # Equivalent to --skip B101,B601
+          # The PyCQA/bandit-action should handle SARIF output for security events.
+          # We remove the manual JSON summary generation.
 
       - name: Check dependencies with Safety
         run: |
@@ -90,7 +93,10 @@ jobs:
       - name: Check for sensitive patterns
         run: |
           echo "## Sensitive Data Scan" >> $GITHUB_STEP_SUMMARY
-          python scripts/security/check_sensitive_patterns.py $(find . -type f -name "*.py" -o -name "*.yaml" -o -name "*.yml" -o -name "*.json" -o -name "*.md" | grep -v ".git" | head -100) || {
+          python scripts/security/check_sensitive_patterns.py \
+            $(find . -type f -name "*.py" -o -name "*.yaml" -o -name "*.yml" -o -name "*.json" -o -name "*.md" \
+            | grep -v ".git" | head -100) \
+            || {
             echo "❌ Sensitive data detected!" >> $GITHUB_STEP_SUMMARY
             exit 1
           }
@@ -100,7 +106,10 @@ jobs:
         run: |
           echo "## Hardcoded Path Check" >> $GITHUB_STEP_SUMMARY
           # Check for hardcoded user paths
-          if grep -r "/Users/[a-zA-Z0-9_-]*/" . --include="*.py" --include="*.yaml" --include="*.yml" --include="*.json" --exclude-dir=.git --exclude-dir=.venv | grep -v "Documents/AI/AliceMultiverse"; then
+          if grep -r "/Users/[a-zA-Z0-9_-]*/" . \
+            --include="*.py" --include="*.yaml" --include="*.yml" --include="*.json" \
+            --exclude-dir=.git --exclude-dir=.venv \
+            | grep -v "Documents/AI/AliceMultiverse"; then
             echo "❌ Hardcoded user paths detected!" >> $GITHUB_STEP_SUMMARY
             exit 1
           else

.github/workflows/tests.yml

@@ -1,10 +1,11 @@
+---
 name: Tests
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 jobs:
   test:
@@ -16,68 +17,73 @@ jobs:
         python-version: ['3.12']
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v5
-      with:
-        python-version: ${{ matrix.python-version }}
-        cache: 'pip'
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
 
-    - name: Install system dependencies (Ubuntu)
-      if: runner.os == 'Linux'
-      run: |
-        sudo apt-get update
-        sudo apt-get install -y ffmpeg
+      - name: Install system dependencies (Ubuntu)
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y ffmpeg
 
-    - name: Install system dependencies (macOS)
-      if: runner.os == 'macOS'
-      run: |
-        brew install ffmpeg
+      - name: Install system dependencies (macOS)
+        if: runner.os == 'macOS'
+        run: |
+          brew install ffmpeg
 
-    - name: Install Python dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install -e ".[quality,secure,dev]"
+      - name: Install Python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[quality,secure,dev]"
 
-    - name: Lint with flake8
-      run: |
-        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=100 --statistics
+      - name: Lint with flake8
+        run: |
+          flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+          flake8 . --count --exit-zero --max-complexity=10 --max-line-length=100 --statistics
 
-    - name: Type check with mypy
-      run: |
-        mypy alicemultiverse --ignore-missing-imports
+      - name: Type check with mypy
+        run: |
+          mypy alicemultiverse --ignore-missing-imports
 
-    - name: Test with pytest
-      run: |
-        pytest tests/ -v --cov=alicemultiverse --cov-report=xml --cov-report=html --cov-report=term-missing --junitxml=junit/test-results.xml
+      - name: Test with pytest
+        run: |
+          pytest tests/ -v \
+            --cov=alicemultiverse \
+            --cov-report=xml \
+            --cov-report=html \
+            --cov-report=term-missing \
+            --junitxml=junit/test-results.xml
 
-    - name: Upload test results
-      uses: actions/upload-artifact@v4
-      if: always()
-      with:
-        name: pytest-results-${{ matrix.os }}-${{ matrix.python-version }}
-        path: junit/test-results.xml
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: pytest-results-${{ matrix.os }}-${{ matrix.python-version }}
+          path: junit/test-results.xml
 
-    - name: Upload coverage reports
-      uses: codecov/codecov-action@v3
-      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
-      with:
-        file: ./coverage.xml
-        fail_ci_if_error: true
+      - name: Upload coverage reports
+        uses: codecov/codecov-action@v3
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: true
 
   security:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v4
 
-    - name: Run Bandit Security Scan
-      uses: gaurav-nelson/bandit-action@v1
-      with:
-        path: "alicemultiverse"
-        level: "medium"
-        confidence: "medium"
-        exit_zero: "true"
+      - name: Run Bandit Security Scan # This was changed in the previous plan
+        uses: PyCQA/bandit-action@v1  # This was changed in the previous plan
+        with:                         # This was changed in the previous plan
+          targets: "alicemultiverse"
+          severity: "medium"
+          confidence: "medium"
+          skips: "B101,B601"

.pre-commit-config.yaml

@@ -1,3 +1,4 @@
+---
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
 repos: