@1presence/bridge 0.23.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/claude.js +12 -1
- package/package.json +1 -1
package/dist/claude.js
CHANGED
|
@@ -232,7 +232,18 @@ function spawnClaude(params) {
|
|
|
232
232
|
// --setting-sources "") are supposed to make this unreachable. If we see a
|
|
233
233
|
// non-1Presence tool here anyway, something has bypassed those guards — kill
|
|
234
234
|
// immediately so any side effect already in flight is the only damage done.
|
|
235
|
-
|
|
235
|
+
//
|
|
236
|
+
// Valid forms:
|
|
237
|
+
// mcp__1presence__<name> — namespaced MCP form
|
|
238
|
+
// <snake_case_name> — bare form; Claude Code may omit the prefix in
|
|
239
|
+
// stream-json output. Safe because --strict-mcp-config
|
|
240
|
+
// limits MCP to the 1presence server only.
|
|
241
|
+
// Invalid (real violations):
|
|
242
|
+
// PascalCase (Bash, Read, Write, …) — Claude Code built-ins
|
|
243
|
+
// mcp__<other>__* — tools from a different MCP server
|
|
244
|
+
const isMcp1presence = toolName.startsWith('mcp__1presence__');
|
|
245
|
+
const isBareName = /^[a-z][a-z0-9_]*$/.test(toolName);
|
|
246
|
+
if (!isMcp1presence && !isBareName) {
|
|
236
247
|
killedForViolation = true;
|
|
237
248
|
const violation = `bridge tool violation: ${toolName} is not allowed in Local Mode`;
|
|
238
249
|
process.stderr.write(`[bridge] FATAL ${violation} — killing\n`);
|