npm - @aiwerk/mcp-bridge - Versions diffs - 2.6.4 → 2.6.5 - Mend

@aiwerk/mcp-bridge 2.6.4 → 2.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/src/config.js +19 -5
package/dist/src/mcp-router.js +1 -1
package/dist/src/security.js +9 -5
package/dist/src/standalone-server.js +1 -1
package/dist/src/transport-sse.js +4 -3
package/dist/src/transport-stdio.js +16 -1
package/dist/src/transport-streamable-http.js +4 -4
package/package.json +1 -1

package/dist/src/config.js CHANGED Viewed

@@ -48,16 +48,30 @@ export function parseEnvFile(content) {
         if (eqIdx === -1)
             continue;
         const key = trimmed.substring(0, eqIdx).trim();
-        let value = trimmed.substring(eqIdx + 1).trim();
+        const rawValue = trimmed.substring(eqIdx + 1).trim();
+        let value;
+        let wasQuoted = false;
         // Strip surrounding quotes and handle escaped quotes within
-        if ((value.startsWith('"') && value.endsWith('"')) ||
-            (value.startsWith("'") && value.endsWith("'"))) {
-            const quote = value[0];
-            value = value.slice(1, -1);
+        if ((rawValue.startsWith('"') && rawValue.endsWith('"')) ||
+            (rawValue.startsWith("'") && rawValue.endsWith("'"))) {
+            const quote = rawValue[0];
+            value = rawValue.slice(1, -1);
             // Unescape escaped quotes: \" → " or \' → '
             value = value.replace(new RegExp(`\\\\${quote}`, "g"), quote);
             // Unescape escaped backslashes: \\ → \
             value = value.replace(/\\\\/g, "\\");
+            wasQuoted = true;
+        }
+        else {
+            value = rawValue;
+        }
+        // Strip inline comments (KEY=value # comment) for unquoted values only.
+        // Quoted values preserve # characters literally: KEY="val#ue" → val#ue
+        if (!wasQuoted) {
+            const hashIdx = value.indexOf(" #");
+            if (hashIdx !== -1) {
+                value = value.substring(0, hashIdx).trimEnd();
+            }
         }
         if (key)
             env[key] = value;

package/dist/src/mcp-router.js CHANGED Viewed

@@ -200,7 +200,7 @@ export class McpRouter {
                 }
             }
             if (normalizedAction !== "call") {
-                return this.error("invalid_params", `action must be one of: list, call, batch, refresh, schema, intent`);
+                return this.error("invalid_params", `action must be one of: list, call, batch, refresh, schema, intent, status, promotions`);
             }
             if (!tool) {
                 return this.error("invalid_params", "tool is required for action=call");

package/dist/src/security.js CHANGED Viewed

@@ -213,16 +213,20 @@ export function processResult(result, serverName, serverConfig, clientConfig) {
     const wasTruncated = processed !== null && typeof processed === "object" && processed._truncated === true;
     // Sanitize step (only for trust=sanitize, handled inside applyTrustLevel)
     processed = applyTrustLevel(processed, serverName, serverConfig);
-    // If both truncated and untrusted, flatten the metadata to top level
+    // If both truncated and untrusted/sanitize, flatten the metadata to top level
+    // to avoid double-wrapping ({ _trust, result: { _truncated, result: actual } })
     const trust = serverConfig.trust ?? "trusted";
-    if (wasTruncated && trust === "untrusted") {
-        return {
-            _trust: "untrusted",
-            _server: serverName,
+    if (wasTruncated && (trust === "untrusted" || trust === "sanitize")) {
+        const flat = {
             _truncated: true,
             _originalLength: processed.result?._originalLength,
             result: processed.result?.result,
         };
+        if (trust === "untrusted") {
+            flat._trust = "untrusted";
+            flat._server = serverName;
+        }
+        return flat;
     }
     return processed;
 }

package/dist/src/standalone-server.js CHANGED Viewed

@@ -28,7 +28,7 @@ export class StandaloneServer {
         this.logger = logger;
         this.tokenManager = new OAuth2TokenManager(logger, new FileTokenStore());
         if (this.isRouterMode()) {
-            this.router = new McpRouter(config.servers || {}, config, logger);
+            this.router = new McpRouter(config.servers ?? {}, config, logger);
         }
     }
     isRouterMode() {

package/dist/src/transport-sse.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { OAuth2TokenManager } from "./oauth2-token-manager.js";
-import { BaseTransport, isAuthCodeOAuth2, resolveOAuth2Config, resolveServerHeaders, resolveServerHeadersAsync, warnIfNonTlsRemoteUrl, } from "./transport-base.js";
+import { BaseTransport, isAuthCodeOAuth2, isDeviceCodeOAuth2, resolveOAuth2Config, resolveServerHeaders, resolveServerHeadersAsync, warnIfNonTlsRemoteUrl, } from "./transport-base.js";
 export class SseTransport extends BaseTransport {
     endpointUrl = null;
     sseAbortController = null;
@@ -65,7 +65,8 @@ export class SseTransport extends BaseTransport {
         if (this.config.auth?.type !== "oauth2") {
             return;
         }
-        if (isAuthCodeOAuth2(this.config.auth)) {
+        // Auth code and device code flows use the token store, not the in-memory cache
+        if (isAuthCodeOAuth2(this.config.auth) || isDeviceCodeOAuth2(this.config.auth)) {
             return;
         }
         const oauth2Config = resolveOAuth2Config(this.config, undefined, this.clientConfig.envFallback);
@@ -111,7 +112,7 @@ export class SseTransport extends BaseTransport {
                 if (done)
                     break;
                 buffer += decoder.decode(value, { stream: true });
-                const lines = buffer.split("\n");
+                const lines = buffer.split(/\r?\n/);
                 buffer = lines.pop() || "";
                 for (const line of lines) {
                     this.processEventLine(line, state);

package/dist/src/transport-stdio.js CHANGED Viewed

@@ -122,7 +122,22 @@ export class StdioTransport extends BaseTransport {
                 cleanup();
                 reject(error);
             };
-            const onFirstData = () => settleResolve();
+            const onFirstData = (chunk) => {
+                // Validate that first data looks like JSON-RPC (starts with { or Content-Length).
+                // Some servers write banner text to stdout instead of stderr, which would
+                // cause a false-positive connect (we'd think the transport is ready).
+                const text = chunk.toString().trim();
+                // Accept empty/whitespace readiness signals (common in lightweight stdio MCP servers),
+                // JSON messages, or LSP framing headers.
+                if (text === "" || text.startsWith("{") || text.startsWith("Content-Length")) {
+                    settleResolve();
+                }
+                else {
+                    this.logger.warn(`[mcp-bridge] Stdio process sent non-JSON data on stdout: ${text.substring(0, 80)}`);
+                    // Still listen for valid data — don't reject yet, the next chunk might be valid
+                    this.process?.stdout?.once("data", onFirstData);
+                }
+            };
             const onProcessError = (error) => settleReject(error);
             const onProcessExit = () => settleReject(new Error("MCP server exited before stdout became ready"));
             this.process.stdout.once("data", onFirstData);

package/dist/src/transport-streamable-http.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { OAuth2TokenManager } from "./oauth2-token-manager.js";
-import { BaseTransport, isAuthCodeOAuth2, resolveOAuth2Config, resolveServerHeaders, resolveServerHeadersAsync, warnIfNonTlsRemoteUrl, } from "./transport-base.js";
+import { BaseTransport, isAuthCodeOAuth2, isDeviceCodeOAuth2, resolveOAuth2Config, resolveServerHeaders, resolveServerHeadersAsync, warnIfNonTlsRemoteUrl, } from "./transport-base.js";
 export class StreamableHttpTransport extends BaseTransport {
     sessionId;
     resolvedHeaders = null;
@@ -48,8 +48,8 @@ export class StreamableHttpTransport extends BaseTransport {
         if (this.config.auth?.type !== "oauth2") {
             return;
         }
-        // authorization_code tokens are managed via TokenStore, not the in-memory cache
-        if (isAuthCodeOAuth2(this.config.auth)) {
+        // Auth code and device code tokens are managed via TokenStore, not the in-memory cache
+        if (isAuthCodeOAuth2(this.config.auth) || isDeviceCodeOAuth2(this.config.auth)) {
             return;
         }
         const oauth2Config = resolveOAuth2Config(this.config, undefined, this.clientConfig.envFallback);
@@ -146,7 +146,7 @@ export class StreamableHttpTransport extends BaseTransport {
                                     if (done)
                                         break;
                                     partial += decoder.decode(value, { stream: true });
-                                    const lines = partial.split("\n");
+                                    const lines = partial.split(/\r?\n/);
                                     // Keep the last (potentially incomplete) line in partial
                                     partial = lines.pop() || "";
                                     for (const line of lines) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiwerk/mcp-bridge",
-  "version": "2.6.4",
+  "version": "2.6.5",
   "description": "Standalone MCP server that multiplexes multiple MCP servers into one interface",
   "type": "module",
   "main": "./dist/src/index.js",