npm - @aiwerk/mcp-bridge - Versions diffs - 2.6.6 → 2.6.8 - Mend

@aiwerk/mcp-bridge 2.6.6 → 2.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/src/security.js +20 -9
package/dist/src/standalone-server.js +8 -0
package/dist/src/transport-base.js +2 -0
package/package.json +1 -1
package/servers/firecrawl/recipe.json +64 -0

package/dist/src/security.js CHANGED Viewed

@@ -155,6 +155,18 @@ function truncateJsonAware(value, limit) {
     return null;
 }
 function truncateArray(arr, limit) {
+    // For very large arrays, skip binary search (too many JSON.stringify calls)
+    // and use progressive halving instead
+    if (arr.length > 1000) {
+        let count = arr.length;
+        while (count > 1) {
+            count = Math.ceil(count / 2);
+            if (JSON.stringify(arr.slice(0, count)).length <= limit) {
+                return arr.slice(0, count);
+            }
+        }
+        return arr.slice(0, 1);
+    }
     // Binary search for the number of elements that fit
     let lo = 0;
     let hi = arr.length;
@@ -213,20 +225,19 @@ export function processResult(result, serverName, serverConfig, clientConfig) {
     const wasTruncated = processed !== null && typeof processed === "object" && processed._truncated === true;
     // Sanitize step (only for trust=sanitize, handled inside applyTrustLevel)
     processed = applyTrustLevel(processed, serverName, serverConfig);
-    // If both truncated and untrusted/sanitize, flatten the metadata to top level
-    // to avoid double-wrapping ({ _trust, result: { _truncated, result: actual } })
+    // If both truncated and untrusted, flatten the metadata to top level
+    // to avoid double-wrapping ({ _trust, result: { _truncated, result: actual } }).
+    // Note: sanitize mode does NOT wrap — it sanitizes in-place, so the truncation
+    // markers (_truncated, _originalLength) are already at the right level.
     const trust = serverConfig.trust ?? "trusted";
-    if (wasTruncated && (trust === "untrusted" || trust === "sanitize")) {
-        const flat = {
+    if (wasTruncated && trust === "untrusted") {
+        return {
+            _trust: "untrusted",
+            _server: serverName,
             _truncated: true,
             _originalLength: processed.result?._originalLength,
             result: processed.result?.result,
         };
-        if (trust === "untrusted") {
-            flat._trust = "untrusted";
-            flat._server = serverName;
-        }
-        return flat;
     }
     return processed;
 }

package/dist/src/standalone-server.js CHANGED Viewed

@@ -30,6 +30,14 @@ export class StandaloneServer {
         if (this.isRouterMode()) {
             this.router = new McpRouter(config.servers ?? {}, config, logger);
         }
+        else {
+            // Warn if security config is used in direct mode where processResult() doesn't run
+            const hasSecurityConfig = Object.values(config.servers ?? {}).some(s => s.trust && s.trust !== "trusted" || s.maxResultChars || s.toolFilter);
+            if (hasSecurityConfig || config.maxResultChars) {
+                logger.warn("[mcp-bridge] Security config (trust/maxResultChars/toolFilter) detected in direct mode. " +
+                    "These settings only apply in router mode. Consider switching to mode: \"router\".");
+            }
+        }
     }
     isRouterMode() {
         return (this.config.mode ?? "router") === "router";

package/dist/src/transport-base.js CHANGED Viewed

@@ -106,6 +106,8 @@ export class BaseTransport {
                 this.scheduleReconnect();
             }
         }, reconnectInterval);
+        // Allow Node.js process to exit gracefully even if reconnect is pending
+        this.reconnectTimer.unref();
     }
     /** Cancel any scheduled reconnection timer. */
     cleanupReconnectTimer() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiwerk/mcp-bridge",
-  "version": "2.6.6",
+  "version": "2.6.8",
   "description": "Standalone MCP server that multiplexes multiple MCP servers into one interface",
   "type": "module",
   "main": "./dist/src/index.js",

package/servers/firecrawl/recipe.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "schemaVersion": 2,
+  "id": "firecrawl",
+  "name": "Firecrawl",
+  "description": "Web scraping, crawling, search, and structured data extraction — turn any website into clean markdown or structured data for AI agents",
+  "repository": "https://github.com/firecrawl/firecrawl-mcp-server",
+  "transports": [
+    {
+      "type": "stdio",
+      "command": "npx",
+      "args": [
+        "-y",
+        "firecrawl-mcp@3.12.1"
+      ],
+      "env": {
+        "FIRECRAWL_API_KEY": "${FIRECRAWL_API_KEY}"
+      }
+    }
+  ],
+  "auth": {
+    "required": true,
+    "type": "api-key",
+    "envVars": [
+      "FIRECRAWL_API_KEY"
+    ],
+    "credentialsUrl": "https://www.firecrawl.dev/app/api-keys",
+    "instructions": "Sign up at firecrawl.dev and copy your API key from the dashboard."
+  },
+  "install": {
+    "method": "npx",
+    "package": "firecrawl-mcp",
+    "version": "3.12.1"
+  },
+  "metadata": {
+    "homepage": "https://www.firecrawl.dev/",
+    "author": "Firecrawl (Mendable)",
+    "tags": [
+      "scraping",
+      "crawling",
+      "web",
+      "extraction",
+      "search",
+      "markdown"
+    ],
+    "category": "data",
+    "pricing": "byok",
+    "maturity": "stable",
+    "subcategory": "web-scraping",
+    "origin": "official",
+    "countries": [
+      "global"
+    ],
+    "audience": "developer",
+    "selfHosted": true,
+    "sideEffects": "read-only",
+    "authSummary": "api-key"
+  },
+  "capabilities": {
+    "tools": true,
+    "resources": false,
+    "prompts": false,
+    "sampling": false
+  }
+}