@bridge_gpt/mcp-server 0.1.16 → 0.2.0

package/build/bridge-config.js

@@ -0,0 +1,404 @@
+/**
+ * Reader and validator for the committed, secret-free `.bridge/config` manifest.
+ *
+ * The manifest is a tiny, hand-written TOML subset — `repo_name` plus repeated
+ * `[[mcp]]` target blocks — committed at the repo root and inherited by every
+ * git worktree. It NEVER contains credentials; this module only resolves repo
+ * identity and which MCP targets a worktree should be provisioned for.
+ *
+ * Everything is dependency-free (no TOML runtime dependency) and dependency
+ * injected (`readFile`, optional `runCommand`) so it is unit-testable without
+ * touching the filesystem or invoking real `git`.
+ */
+import path from "path";
+/**
+ * True if a string contains any ASCII control character (0x00-0x1f or 0x7f).
+ * Keeps identifiers path-safe and free of anything that could smuggle into a
+ * shell argument or filename. Implemented by char-code scan to avoid a
+ * control-character regex literal in source.
+ */
+function hasControlChars(value) {
+    for (let i = 0; i < value.length; i++) {
+        const code = value.charCodeAt(i);
+        if (code <= 0x1f || code === 0x7f)
+            return true;
+    }
+    return false;
+}
+// ---------------------------------------------------------------------------
+// Identifier validation
+// ---------------------------------------------------------------------------
+/**
+ * Validate a repo-name identifier. Requires a trimmed, non-empty string with no
+ * path separators or ASCII control characters. Returns a structured result with
+ * the trimmed value rather than throwing.
+ */
+export function validateRepoName(raw) {
+    if (typeof raw !== "string") {
+        return { ok: false, error: "repo_name must be a string" };
+    }
+    const value = raw.trim();
+    if (value.length === 0) {
+        return { ok: false, error: "repo_name must be a non-empty string" };
+    }
+    if (value.includes("/") || value.includes("\\")) {
+        return { ok: false, error: "repo_name must not contain path separators" };
+    }
+    if (hasControlChars(value)) {
+        return { ok: false, error: "repo_name must not contain control characters" };
+    }
+    return { ok: true, value };
+}
+/**
+ * Validate an MCP target identifier. Same path-safety rules as repo names.
+ * Non-`bapi` targets validate successfully (parsing is not hard-coded to
+ * `bapi`); only `bapi` is acted on elsewhere for this MVP.
+ */
+export function validateMcpTarget(raw) {
+    if (typeof raw !== "string") {
+        return { ok: false, error: "mcp target must be a string" };
+    }
+    const value = raw.trim();
+    if (value.length === 0) {
+        return { ok: false, error: "mcp target must be a non-empty string" };
+    }
+    if (value.includes("/") || value.includes("\\")) {
+        return { ok: false, error: "mcp target must not contain path separators" };
+    }
+    if (hasControlChars(value)) {
+        return { ok: false, error: "mcp target must not contain control characters" };
+    }
+    return { ok: true, value };
+}
+// ---------------------------------------------------------------------------
+// TOML subset parser
+// ---------------------------------------------------------------------------
+/** Extract the inner content of a `"..."` double-quoted string, or null. */
+function parseQuotedString(value) {
+    if (value.length < 2)
+        return null;
+    if (value[0] !== '"' || value[value.length - 1] !== '"')
+        return null;
+    const inner = value.slice(1, -1);
+    // The supported subset does not include escapes or embedded quotes.
+    if (inner.includes('"'))
+        return null;
+    return inner;
+}
+/**
+ * Parse a minimal, dependency-free TOML string array: `[ "a", "b" ]`. Elements
+ * are double-quoted, comma-free strings; whitespace around brackets, commas, and
+ * elements is ignored. An empty `[]` yields `[]`. Returns null on any malformed
+ * input (so callers can emit a secret-safe error that never echoes the value).
+ */
+function parseStringArray(value) {
+    const trimmed = value.trim();
+    if (trimmed.length < 2 || trimmed[0] !== "[" || trimmed[trimmed.length - 1] !== "]") {
+        return null;
+    }
+    const inner = trimmed.slice(1, -1).trim();
+    if (inner.length === 0)
+        return [];
+    const parts = inner.split(",");
+    const out = [];
+    for (const part of parts) {
+        const element = parseQuotedString(part.trim());
+        if (element === null)
+            return null;
+        out.push(element);
+    }
+    return out;
+}
+/**
+ * Parse the supported `.bridge/config` TOML subset:
+ *   - a single top-level `repo_name = "..."`
+ *   - zero or more `[[mcp]]` sections, each with `target = "..."`
+ *   - `#` comments, blank lines, and surrounding whitespace
+ *
+ * Anything outside this subset (other keys, single-bracket tables, unquoted or
+ * unterminated strings, duplicate `repo_name`, `target` outside `[[mcp]]`) is a
+ * structured error. Error messages reference line numbers and key names only —
+ * never the raw manifest content or a value — so secrets can never leak through
+ * a misplaced line.
+ */
+export function parseBridgeConfigToml(text) {
+    const lines = text.split("\n");
+    let repoName;
+    let sawRepoName = false;
+    const mcp = [];
+    // null = top-level scope; otherwise points at the in-progress [[mcp]] block.
+    let currentMcp = null;
+    for (let i = 0; i < lines.length; i++) {
+        const lineNo = i + 1;
+        const line = lines[i].trim();
+        if (line.length === 0 || line.startsWith("#"))
+            continue;
+        if (line === "[[mcp]]") {
+            currentMcp = { headerLine: lineNo };
+            mcp.push(currentMcp);
+            continue;
+        }
+        // Any other bracketed table header is unsupported.
+        if (line.startsWith("[")) {
+            return {
+                ok: false,
+                kind: "parse-error",
+                error: `Unsupported table header on line ${lineNo}; only [[mcp]] is allowed`,
+            };
+        }
+        const eq = line.indexOf("=");
+        if (eq === -1) {
+            return {
+                ok: false,
+                kind: "parse-error",
+                error: `Malformed line ${lineNo}; expected key = "value"`,
+            };
+        }
+        const key = line.slice(0, eq).trim();
+        const rawValue = line.slice(eq + 1).trim();
+        if (key.length === 0) {
+            return {
+                ok: false,
+                kind: "parse-error",
+                error: `Malformed line ${lineNo}; missing key`,
+            };
+        }
+        if (currentMcp === null) {
+            // Top-level scope: only repo_name is allowed.
+            if (key === "repo_name") {
+                if (sawRepoName) {
+                    return {
+                        ok: false,
+                        kind: "parse-error",
+                        error: `Duplicate repo_name on line ${lineNo}`,
+                    };
+                }
+                sawRepoName = true;
+                const stringValue = parseQuotedString(rawValue);
+                if (stringValue === null) {
+                    return {
+                        ok: false,
+                        kind: "parse-error",
+                        error: `Expected a double-quoted string for '${key}' on line ${lineNo}`,
+                    };
+                }
+                const validated = validateRepoName(stringValue);
+                if (!validated.ok) {
+                    return { ok: false, kind: "validation-error", error: validated.error };
+                }
+                repoName = validated.value;
+                continue;
+            }
+            if (key === "target") {
+                return {
+                    ok: false,
+                    kind: "parse-error",
+                    error: `target on line ${lineNo} must appear inside an [[mcp]] section`,
+                };
+            }
+            return {
+                ok: false,
+                kind: "parse-error",
+                error: `Unsupported key '${key}' on line ${lineNo}`,
+            };
+        }
+        // Inside an [[mcp]] block: target / command / args / secret_bundle.
+        if (key === "args") {
+            if (currentMcp.args !== undefined) {
+                return { ok: false, kind: "parse-error", error: `Duplicate args on line ${lineNo}` };
+            }
+            const arr = parseStringArray(rawValue);
+            if (arr === null) {
+                return {
+                    ok: false,
+                    kind: "parse-error",
+                    error: `Expected a string array for 'args' on line ${lineNo}`,
+                };
+            }
+            currentMcp.args = arr;
+            continue;
+        }
+        if (key === "target" || key === "command" || key === "secret_bundle") {
+            const stringValue = parseQuotedString(rawValue);
+            if (stringValue === null) {
+                return {
+                    ok: false,
+                    kind: "parse-error",
+                    error: `Expected a double-quoted string for '${key}' on line ${lineNo}`,
+                };
+            }
+            if (key === "target") {
+                if (currentMcp.target !== undefined) {
+                    return { ok: false, kind: "parse-error", error: `Duplicate target on line ${lineNo}` };
+                }
+                const validated = validateMcpTarget(stringValue);
+                if (!validated.ok) {
+                    return { ok: false, kind: "validation-error", error: validated.error };
+                }
+                currentMcp.target = validated.value;
+                continue;
+            }
+            if (key === "command") {
+                if (currentMcp.command !== undefined) {
+                    return { ok: false, kind: "parse-error", error: `Duplicate command on line ${lineNo}` };
+                }
+                currentMcp.command = stringValue;
+                continue;
+            }
+            // secret_bundle
+            if (currentMcp.secretBundle !== undefined) {
+                return { ok: false, kind: "parse-error", error: `Duplicate secret_bundle on line ${lineNo}` };
+            }
+            currentMcp.secretBundle = stringValue;
+            continue;
+        }
+        return {
+            ok: false,
+            kind: "parse-error",
+            error: `Unsupported key '${key}' inside [[mcp]] on line ${lineNo}`,
+        };
+    }
+    if (!sawRepoName || repoName === undefined) {
+        return { ok: false, kind: "validation-error", error: "Missing required repo_name" };
+    }
+    const cleaned = [];
+    for (const entry of mcp) {
+        if (entry.target === undefined) {
+            return {
+                ok: false,
+                kind: "validation-error",
+                error: `An [[mcp]] section on line ${entry.headerLine} is missing its target`,
+            };
+        }
+        if (entry.target !== "bapi") {
+            // Tier-2 targets must declare a launch command, an args array, and the
+            // store bundle that provides their secrets.
+            if (entry.command === undefined || entry.command.trim().length === 0) {
+                return {
+                    ok: false,
+                    kind: "validation-error",
+                    error: `[[mcp]] target '${entry.target}' on line ${entry.headerLine} requires a non-empty command`,
+                };
+            }
+            if (entry.args === undefined) {
+                return {
+                    ok: false,
+                    kind: "validation-error",
+                    error: `[[mcp]] target '${entry.target}' on line ${entry.headerLine} requires an args array`,
+                };
+            }
+            if (entry.secretBundle === undefined || entry.secretBundle.trim().length === 0) {
+                return {
+                    ok: false,
+                    kind: "validation-error",
+                    error: `[[mcp]] target '${entry.target}' on line ${entry.headerLine} requires a non-empty secret_bundle`,
+                };
+            }
+        }
+        const clean = { target: entry.target };
+        if (entry.command !== undefined)
+            clean.command = entry.command;
+        if (entry.args !== undefined)
+            clean.args = entry.args;
+        if (entry.secretBundle !== undefined)
+            clean.secretBundle = entry.secretBundle;
+        cleaned.push(clean);
+    }
+    return { ok: true, manifest: { repoName, mcp: cleaned } };
+}
+// ---------------------------------------------------------------------------
+// Reading + identity resolution
+// ---------------------------------------------------------------------------
+/** Absolute path to a project root's committed manifest. */
+export function bridgeConfigPath(projectRoot) {
+    return path.join(projectRoot, ".bridge", "config");
+}
+/**
+ * Read and parse `<projectRoot>/.bridge/config`. A missing file is the common,
+ * non-fatal case (`kind: "missing"`); malformed/invalid content surfaces as a
+ * structured error. Raw manifest content is never echoed back.
+ */
+export async function readBridgeConfig(projectRoot, deps) {
+    const filePath = bridgeConfigPath(projectRoot);
+    let raw;
+    try {
+        raw = await deps.readFile(filePath);
+    }
+    catch (err) {
+        if (err && typeof err === "object" && err.code === "ENOENT") {
+            return { ok: false, kind: "missing" };
+        }
+        return { ok: false, kind: "parse-error", error: "Unable to read .bridge/config" };
+    }
+    return parseBridgeConfigToml(raw);
+}
+/** True only when the manifest contains an exact target match (e.g. `"bapi"`). */
+export function hasMcpTarget(manifest, target) {
+    return manifest.mcp.some((entry) => entry.target === target);
+}
+/**
+ * Derive the repo name from `git rev-parse --git-common-dir`, run with the
+ * passed `projectRoot` as `cwd` (so a worktree resolves to its parent repo's
+ * identity). The common dir is the directory immediately before the `.git`
+ * path segment, e.g. `<repo>/bapi/.git` and `<repo>/bapi/.git/worktrees/X` both
+ * derive `bapi`.
+ */
+export async function deriveRepoNameFromGitCommonDir(projectRoot, deps) {
+    if (!deps.runCommand) {
+        return { ok: false, error: "Cannot derive repo name: no command runner available" };
+    }
+    let result;
+    try {
+        result = await deps.runCommand("git", ["rev-parse", "--git-common-dir"], {
+            cwd: projectRoot,
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { ok: false, error: `git rev-parse --git-common-dir failed: ${message}` };
+    }
+    if (result.exitCode !== 0) {
+        const reason = (result.stderr || result.stdout || "").trim();
+        return {
+            ok: false,
+            error: `git rev-parse --git-common-dir failed${reason ? `: ${reason}` : ""}`,
+        };
+    }
+    const commonDir = result.stdout.trim();
+    if (commonDir.length === 0) {
+        return { ok: false, error: "git rev-parse --git-common-dir returned no output" };
+    }
+    const resolved = path.isAbsolute(commonDir)
+        ? commonDir
+        : path.resolve(projectRoot, commonDir);
+    const segments = resolved.split(/[\\/]+/).filter((s) => s.length > 0);
+    const gitIndex = segments.lastIndexOf(".git");
+    if (gitIndex < 1) {
+        return {
+            ok: false,
+            error: "Unable to derive repo name from git common dir",
+        };
+    }
+    const derived = segments[gitIndex - 1];
+    const validated = validateRepoName(derived);
+    if (!validated.ok) {
+        return { ok: false, error: `Derived repo name is invalid: ${validated.error}` };
+    }
+    return { ok: true, value: validated.value };
+}
+/**
+ * Resolve the repo name for a project root. A valid manifest `repo_name` wins;
+ * a *missing* manifest falls back to the git-common-dir derivation; a malformed
+ * or invalid manifest returns a structured error rather than silently falling
+ * back (so a broken committed file is never papered over by git guessing).
+ */
+export async function resolveRepoNameForProjectRoot(projectRoot, deps) {
+    const read = await readBridgeConfig(projectRoot, deps);
+    if (read.ok) {
+        return { ok: true, value: read.manifest.repoName };
+    }
+    if (read.kind === "missing") {
+        return deriveRepoNameFromGitCommonDir(projectRoot, deps);
+    }
+    return { ok: false, error: read.error };
+}