npm - @cyanheads/git-mcp-server - Versions diffs - 2.1.0 → 2.1.2 - Mend

@cyanheads/git-mcp-server 2.1.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/README.md +8 -11
package/dist/config/index.js +7 -7
package/dist/index.js +35 -21
package/dist/mcp-server/server.js +72 -56
package/dist/mcp-server/tools/gitAdd/index.js +1 -1
package/dist/mcp-server/tools/gitAdd/logic.js +88 -39
package/dist/mcp-server/tools/gitAdd/registration.js +17 -14
package/dist/mcp-server/tools/gitBranch/index.js +1 -1
package/dist/mcp-server/tools/gitBranch/logic.js +213 -85
package/dist/mcp-server/tools/gitBranch/registration.js +16 -13
package/dist/mcp-server/tools/gitCheckout/index.js +1 -1
package/dist/mcp-server/tools/gitCheckout/logic.js +85 -145
package/dist/mcp-server/tools/gitCheckout/registration.js +16 -14
package/dist/mcp-server/tools/gitCherryPick/index.js +1 -1
package/dist/mcp-server/tools/gitCherryPick/logic.js +100 -41
package/dist/mcp-server/tools/gitCherryPick/registration.js +21 -14
package/dist/mcp-server/tools/gitClean/index.js +1 -1
package/dist/mcp-server/tools/gitClean/logic.js +93 -41
package/dist/mcp-server/tools/gitClean/registration.js +19 -16
package/dist/mcp-server/tools/gitClearWorkingDir/index.js +1 -1
package/dist/mcp-server/tools/gitClearWorkingDir/logic.js +14 -11
package/dist/mcp-server/tools/gitClearWorkingDir/registration.js +19 -13
package/dist/mcp-server/tools/gitClone/index.js +1 -1
package/dist/mcp-server/tools/gitClone/logic.js +89 -30
package/dist/mcp-server/tools/gitClone/registration.js +15 -12
package/dist/mcp-server/tools/gitCommit/index.js +1 -1
package/dist/mcp-server/tools/gitCommit/logic.js +198 -76
package/dist/mcp-server/tools/gitCommit/registration.js +23 -20
package/dist/mcp-server/tools/gitDiff/index.js +1 -1
package/dist/mcp-server/tools/gitDiff/logic.js +124 -44
package/dist/mcp-server/tools/gitDiff/registration.js +16 -14
package/dist/mcp-server/tools/gitFetch/index.js +1 -1
package/dist/mcp-server/tools/gitFetch/logic.js +78 -49
package/dist/mcp-server/tools/gitFetch/registration.js +16 -14
package/dist/mcp-server/tools/gitInit/index.js +1 -1
package/dist/mcp-server/tools/gitInit/logic.js +88 -34
package/dist/mcp-server/tools/gitInit/registration.js +32 -18
package/dist/mcp-server/tools/gitLog/index.js +1 -1
package/dist/mcp-server/tools/gitLog/logic.js +133 -47
package/dist/mcp-server/tools/gitLog/registration.js +16 -14
package/dist/mcp-server/tools/gitMerge/index.js +1 -1
package/dist/mcp-server/tools/gitMerge/logic.js +102 -61
package/dist/mcp-server/tools/gitMerge/registration.js +17 -14
package/dist/mcp-server/tools/gitPull/index.js +1 -1
package/dist/mcp-server/tools/gitPull/logic.js +90 -69
package/dist/mcp-server/tools/gitPull/registration.js +16 -14
package/dist/mcp-server/tools/gitPush/index.js +1 -1
package/dist/mcp-server/tools/gitPush/logic.js +116 -100
package/dist/mcp-server/tools/gitPush/registration.js +16 -14
package/dist/mcp-server/tools/gitRebase/index.js +1 -1
package/dist/mcp-server/tools/gitRebase/logic.js +121 -82
package/dist/mcp-server/tools/gitRebase/registration.js +21 -14
package/dist/mcp-server/tools/gitRemote/index.js +1 -1
package/dist/mcp-server/tools/gitRemote/logic.js +108 -52
package/dist/mcp-server/tools/gitRemote/registration.js +14 -11
package/dist/mcp-server/tools/gitReset/index.js +1 -1
package/dist/mcp-server/tools/gitReset/logic.js +65 -37
package/dist/mcp-server/tools/gitReset/registration.js +14 -12
package/dist/mcp-server/tools/gitSetWorkingDir/index.js +1 -1
package/dist/mcp-server/tools/gitSetWorkingDir/logic.js +74 -34
package/dist/mcp-server/tools/gitSetWorkingDir/registration.js +18 -11
package/dist/mcp-server/tools/gitShow/index.js +1 -1
package/dist/mcp-server/tools/gitShow/logic.js +78 -35
package/dist/mcp-server/tools/gitShow/registration.js +17 -12
package/dist/mcp-server/tools/gitStash/index.js +1 -1
package/dist/mcp-server/tools/gitStash/logic.js +143 -58
package/dist/mcp-server/tools/gitStash/registration.js +19 -12
package/dist/mcp-server/tools/gitStatus/index.js +1 -1
package/dist/mcp-server/tools/gitStatus/logic.js +100 -58
package/dist/mcp-server/tools/gitStatus/registration.js +15 -12
package/dist/mcp-server/tools/gitTag/index.js +1 -1
package/dist/mcp-server/tools/gitTag/logic.js +124 -51
package/dist/mcp-server/tools/gitTag/registration.js +14 -11
package/dist/mcp-server/tools/gitWorktree/index.js +1 -1
package/dist/mcp-server/tools/gitWorktree/logic.js +204 -95
package/dist/mcp-server/tools/gitWorktree/registration.js +14 -11
package/dist/mcp-server/tools/gitWrapupInstructions/index.js +1 -1
package/dist/mcp-server/tools/gitWrapupInstructions/logic.js +23 -11
package/dist/mcp-server/tools/gitWrapupInstructions/registration.js +14 -12
package/dist/mcp-server/transports/httpTransport.js +187 -79
package/dist/mcp-server/transports/stdioTransport.js +14 -8
package/dist/types-global/errors.js +9 -4
package/dist/utils/index.js +4 -4
package/dist/utils/internal/errorHandler.js +62 -40
package/dist/utils/internal/index.js +3 -3
package/dist/utils/internal/logger.js +97 -54
package/dist/utils/internal/requestContext.js +7 -5
package/dist/utils/metrics/index.js +1 -1
package/dist/utils/metrics/tokenCounter.js +18 -14
package/dist/utils/parsing/dateParser.js +5 -5
package/dist/utils/parsing/index.js +2 -2
package/dist/utils/parsing/jsonParser.js +20 -11
package/dist/utils/security/idGenerator.js +8 -10
package/dist/utils/security/index.js +3 -3
package/dist/utils/security/rateLimiter.js +16 -14
package/dist/utils/security/sanitization.js +139 -82
package/package.json +45 -23

package/dist/mcp-server/transports/httpTransport.js CHANGED Viewed

@@ -8,15 +8,15 @@
  * Specification Reference:
  * https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/2025-03-26/basic/transports.mdx#streamable-http
  */
-import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js'; // SDK type guard for InitializeRequest
-import express from 'express';
-import http from 'http';
-import { randomUUID } from 'node:crypto';
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js"; // SDK type guard for InitializeRequest
+import express from "express";
+import http from "http";
+import { randomUUID } from "node:crypto";
 // Import config and utils
-import { config } from '../../config/index.js'; // Import the validated config object
-import { logger } from '../../utils/index.js';
-import { mcpAuthMiddleware } from './authentication/authMiddleware.js'; // Import the auth middleware
+import { config } from "../../config/index.js"; // Import the validated config object
+import { logger } from "../../utils/index.js";
+import { mcpAuthMiddleware } from "./authentication/authMiddleware.js"; // Import the auth middleware
 // --- Configuration Constants (Derived from imported config) ---
 /**
  * The port number for the HTTP transport, configured via MCP_HTTP_PORT.
@@ -36,7 +36,7 @@ const HTTP_HOST = config.mcpHttpHost;
  * Supports POST, GET, DELETE, OPTIONS methods.
  * @constant {string} MCP_ENDPOINT_PATH
  */
-const MCP_ENDPOINT_PATH = '/mcp';
+const MCP_ENDPOINT_PATH = "/mcp";
 /**
  * Maximum number of attempts to find an available port if the initial HTTP_PORT is in use.
  * Tries ports sequentially: HTTP_PORT, HTTP_PORT + 1, ...
@@ -66,7 +66,10 @@ export function getHttpSessionWorkingDirectory(sessionId) {
  */
 export function setHttpSessionWorkingDirectory(sessionId, dir) {
     sessionWorkingDirectories.set(sessionId, dir);
-    logger.info(`HTTP session ${sessionId} working directory set to: ${dir}`, { operation: 'setHttpSessionWorkingDirectory', sessionId });
+    logger.info(`HTTP session ${sessionId} working directory set to: ${dir}`, {
+        operation: "setHttpSessionWorkingDirectory",
+        sessionId,
+    });
 }
 /**
  * Checks if an incoming HTTP request's origin header is permissible.
@@ -81,20 +84,27 @@ export function setHttpSessionWorkingDirectory(sessionId, dir) {
 function isOriginAllowed(req, res) {
     const origin = req.headers.origin;
     const host = req.hostname; // Considers Host header
-    const isLocalhostBinding = ['127.0.0.1', '::1', 'localhost'].includes(host);
+    const isLocalhostBinding = ["127.0.0.1", "::1", "localhost"].includes(host);
     const allowedOrigins = config.mcpAllowedOrigins || []; // Use parsed array from config
-    const context = { operation: 'isOriginAllowed', origin, host, isLocalhostBinding, allowedOrigins };
-    logger.debug('Checking origin allowance', context);
+    const context = {
+        operation: "isOriginAllowed",
+        origin,
+        host,
+        isLocalhostBinding,
+        allowedOrigins,
+    };
+    logger.debug("Checking origin allowance", context);
     // Determine if allowed based on config or localhost binding
-    const allowed = (origin && allowedOrigins.includes(origin)) || (isLocalhostBinding && (!origin || origin === 'null'));
+    const allowed = (origin && allowedOrigins.includes(origin)) ||
+        (isLocalhostBinding && (!origin || origin === "null"));
     if (allowed && origin) {
         // Origin is allowed and present, set specific CORS headers.
-        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader("Access-Control-Allow-Origin", origin);
         // MCP Spec: Streamable HTTP uses POST, GET, DELETE. OPTIONS is for preflight.
-        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+        res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
         // MCP Spec: Requires Mcp-Session-Id. Last-Event-ID for SSE resumption. Content-Type is standard. Authorization for security.
-        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Mcp-Session-Id, Last-Event-ID, Authorization');
-        res.setHeader('Access-Control-Allow-Credentials', 'true'); // Set based on whether auth/cookies are used
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type, Mcp-Session-Id, Last-Event-ID, Authorization");
+        res.setHeader("Access-Control-Allow-Credentials", "true"); // Set based on whether auth/cookies are used
     }
     else if (allowed && !origin) {
         // Allowed (e.g., localhost binding, file:// origin), but no origin header to echo back. No specific CORS needed.
@@ -114,13 +124,13 @@ function isOriginAllowed(req, res) {
  * @returns {Promise<boolean>} True if port is in use (EADDRINUSE), false otherwise.
  */
 async function isPortInUse(port, host, context) {
-    const checkContext = { ...context, operation: 'isPortInUse', port, host };
+    const checkContext = { ...context, operation: "isPortInUse", port, host };
     logger.debug(`Proactively checking port usability...`, checkContext);
     return new Promise((resolve) => {
         const tempServer = http.createServer();
         tempServer
-            .once('error', (err) => {
-            if (err.code === 'EADDRINUSE') {
+            .once("error", (err) => {
+            if (err.code === "EADDRINUSE") {
                 logger.debug(`Proactive check: Port confirmed in use (EADDRINUSE).`, checkContext);
                 resolve(true); // Port is definitely in use
             }
@@ -129,7 +139,7 @@ async function isPortInUse(port, host, context) {
                 resolve(false); // Other error, let main listen attempt handle it
             }
         })
-            .once('listening', () => {
+            .once("listening", () => {
             logger.debug(`Proactive check: Port is available.`, checkContext);
             tempServer.close(() => resolve(false)); // Port is free
         })
@@ -149,29 +159,42 @@ async function isPortInUse(port, host, context) {
  * @throws {Error} Rejects if binding fails after all retries or for non-EADDRINUSE errors.
  */
 function startHttpServerWithRetry(serverInstance, initialPort, host, maxRetries, context) {
-    const startContext = { ...context, operation: 'startHttpServerWithRetry', initialPort, host, maxRetries };
+    const startContext = {
+        ...context,
+        operation: "startHttpServerWithRetry",
+        initialPort,
+        host,
+        maxRetries,
+    };
     logger.debug(`Attempting to start HTTP server...`, startContext);
     return new Promise(async (resolve, reject) => {
         let lastError = null;
         for (let i = 0; i <= maxRetries; i++) {
             const currentPort = initialPort + i;
-            const attemptContext = { ...startContext, port: currentPort, attempt: i + 1, maxAttempts: maxRetries + 1 };
+            const attemptContext = {
+                ...startContext,
+                port: currentPort,
+                attempt: i + 1,
+                maxAttempts: maxRetries + 1,
+            };
             logger.debug(`Attempting port ${currentPort} (${attemptContext.attempt}/${attemptContext.maxAttempts})`, attemptContext);
             // 1. Proactive Check
             if (await isPortInUse(currentPort, host, attemptContext)) {
                 logger.warning(`Proactive check detected port ${currentPort} is in use, retrying...`, attemptContext);
                 lastError = new Error(`EADDRINUSE: Port ${currentPort} detected as in use by proactive check.`);
-                await new Promise(res => setTimeout(res, 100)); // Short delay
+                await new Promise((res) => setTimeout(res, 100)); // Short delay
                 continue; // Try next port
             }
             // 2. Attempt Main Server Bind
             try {
                 await new Promise((listenResolve, listenReject) => {
-                    serverInstance.listen(currentPort, host, () => {
+                    serverInstance
+                        .listen(currentPort, host, () => {
                         const serverAddress = `http://${host}:${currentPort}${MCP_ENDPOINT_PATH}`;
                         logger.info(`HTTP transport successfully listening on host ${host} at ${serverAddress}`, { ...attemptContext, address: serverAddress });
                         listenResolve(); // Success
-                    }).on('error', (err) => {
+                    })
+                        .on("error", (err) => {
                         listenReject(err); // Forward error
                     });
                 });
@@ -181,9 +204,9 @@ function startHttpServerWithRetry(serverInstance, initialPort, host, maxRetries,
             catch (err) {
                 lastError = err;
                 logger.debug(`Listen error on port ${currentPort}: Code=${err.code}, Message=${err.message}`, { ...attemptContext, errorCode: err.code, errorMessage: err.message });
-                if (err.code === 'EADDRINUSE') {
+                if (err.code === "EADDRINUSE") {
                     logger.warning(`Port ${currentPort} already in use (EADDRINUSE), retrying...`, attemptContext);
-                    await new Promise(res => setTimeout(res, 100)); // Short delay before retry
+                    await new Promise((res) => setTimeout(res, 100)); // Short delay before retry
                 }
                 else {
                     logger.error(`Failed to bind to port ${currentPort} due to non-EADDRINUSE error: ${err.message}`, { ...attemptContext, error: err.message });
@@ -194,7 +217,8 @@ function startHttpServerWithRetry(serverInstance, initialPort, host, maxRetries,
         }
         // Loop finished without success
         logger.error(`Failed to bind to any port after ${maxRetries + 1} attempts. Last error: ${lastError?.message}`, { ...startContext, error: lastError?.message });
-        reject(lastError || new Error('Failed to bind to any port after multiple retries.'));
+        reject(lastError ||
+            new Error("Failed to bind to any port after multiple retries."));
     });
 }
 /**
@@ -210,41 +234,51 @@ function startHttpServerWithRetry(serverInstance, initialPort, host, maxRetries,
  */
 export async function startHttpTransport(createServerInstanceFn, context) {
     const app = express();
-    const transportContext = { ...context, transportType: 'HTTP' };
-    logger.debug('Setting up Express app for HTTP transport...', transportContext);
+    const transportContext = { ...context, transportType: "HTTP" };
+    logger.debug("Setting up Express app for HTTP transport...", transportContext);
     // Middleware to parse JSON request bodies. Required for MCP messages.
     app.use(express.json());
     // --- Security Middleware Pipeline ---
     // 1. CORS Preflight (OPTIONS) Handler
     // Handles OPTIONS requests sent by browsers before actual GET/POST/DELETE.
     app.options(MCP_ENDPOINT_PATH, (req, res) => {
-        const optionsContext = { ...transportContext, operation: 'handleOptions', origin: req.headers.origin };
+        const optionsContext = {
+            ...transportContext,
+            operation: "handleOptions",
+            origin: req.headers.origin,
+        };
         logger.debug(`Received OPTIONS request for ${MCP_ENDPOINT_PATH}`, optionsContext);
         if (isOriginAllowed(req, res)) {
             // isOriginAllowed sets necessary Access-Control-* headers.
-            logger.debug('OPTIONS request origin allowed, sending 204.', optionsContext);
+            logger.debug("OPTIONS request origin allowed, sending 204.", optionsContext);
             res.sendStatus(204); // OK, No Content
         }
         else {
             // isOriginAllowed logs the warning.
-            logger.debug('OPTIONS request origin denied, sending 403.', optionsContext);
-            res.status(403).send('Forbidden: Invalid Origin');
+            logger.debug("OPTIONS request origin denied, sending 403.", optionsContext);
+            res.status(403).send("Forbidden: Invalid Origin");
         }
     });
     // 2. General Security Headers & Origin Check Middleware (for non-OPTIONS)
     app.use((req, res, next) => {
-        const securityContext = { ...transportContext, operation: 'securityMiddleware', path: req.path, method: req.method, origin: req.headers.origin };
+        const securityContext = {
+            ...transportContext,
+            operation: "securityMiddleware",
+            path: req.path,
+            method: req.method,
+            origin: req.headers.origin,
+        };
         logger.debug(`Applying security middleware...`, securityContext);
         // Check origin again for non-OPTIONS requests and set CORS headers if allowed.
         if (!isOriginAllowed(req, res)) {
             // isOriginAllowed logs the warning.
-            logger.debug('Origin check failed, sending 403.', securityContext);
-            res.status(403).send('Forbidden: Invalid Origin');
+            logger.debug("Origin check failed, sending 403.", securityContext);
+            res.status(403).send("Forbidden: Invalid Origin");
             return; // Block request
         }
         // Apply standard security headers to all allowed responses.
-        res.setHeader('X-Content-Type-Options', 'nosniff');
-        res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+        res.setHeader("X-Content-Type-Options", "nosniff");
+        res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
         // Basic Content Security Policy (CSP). Adjust if server needs external connections.
         // 'connect-src 'self'' allows connections back to the server's own origin (needed for SSE).
         res.setHeader("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'self'");
@@ -252,7 +286,7 @@ export async function startHttpTransport(createServerInstanceFn, context) {
         // if (config.environment === 'production') {
         //   res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains'); // 1 year
         // }
-        logger.debug('Security middleware passed.', securityContext);
+        logger.debug("Security middleware passed.", securityContext);
         next(); // Proceed to next middleware/handler
     });
     // 3. MCP Authentication Middleware (Optional, based on config)
@@ -264,18 +298,35 @@ export async function startHttpTransport(createServerInstanceFn, context) {
     // MCP Spec: Server responds 202 for notification/response-only, or JSON/SSE for requests.
     app.post(MCP_ENDPOINT_PATH, async (req, res) => {
         // Define base context for this request
-        const basePostContext = { ...transportContext, operation: 'handlePost', method: 'POST' };
-        logger.debug(`Received POST request on ${MCP_ENDPOINT_PATH}`, { ...basePostContext, headers: req.headers, bodyPreview: JSON.stringify(req.body).substring(0, 100) });
+        const basePostContext = {
+            ...transportContext,
+            operation: "handlePost",
+            method: "POST",
+        };
+        logger.debug(`Received POST request on ${MCP_ENDPOINT_PATH}`, {
+            ...basePostContext,
+            headers: req.headers,
+            bodyPreview: JSON.stringify(req.body).substring(0, 100),
+        });
         // MCP Spec: Session ID MUST be included by client after initialization.
-        const sessionId = req.headers['mcp-session-id'];
+        const sessionId = req.headers["mcp-session-id"];
         // Log extracted session ID, adding it to the context for this specific log message
-        logger.debug(`Extracted session ID: ${sessionId}`, { ...basePostContext, sessionId });
+        logger.debug(`Extracted session ID: ${sessionId}`, {
+            ...basePostContext,
+            sessionId,
+        });
         let transport = sessionId ? httpTransports[sessionId] : undefined;
         // Log transport lookup result, adding sessionId to context
-        logger.debug(`Found existing transport for session ID: ${!!transport}`, { ...basePostContext, sessionId });
+        logger.debug(`Found existing transport for session ID: ${!!transport}`, {
+            ...basePostContext,
+            sessionId,
+        });
         // Check if it's an InitializeRequest using SDK helper.
         const isInitReq = isInitializeRequest(req.body);
-        logger.debug(`Is InitializeRequest: ${isInitReq}`, { ...basePostContext, sessionId });
+        logger.debug(`Is InitializeRequest: ${isInitReq}`, {
+            ...basePostContext,
+            sessionId,
+        });
         const requestId = req.body?.id || null; // For potential error responses
         try {
             // --- Handle Initialization Request ---
@@ -283,11 +334,14 @@ export async function startHttpTransport(createServerInstanceFn, context) {
                 if (transport) {
                     // Client sent Initialize on an existing session - likely an error or recovery attempt.
                     // Close the old session cleanly before creating a new one.
-                    logger.warning('Received InitializeRequest on an existing session ID. Closing old session and creating new.', { ...basePostContext, sessionId });
+                    logger.warning("Received InitializeRequest on an existing session ID. Closing old session and creating new.", { ...basePostContext, sessionId });
                     await transport.close(); // Ensure cleanup
                     delete httpTransports[sessionId];
                 }
-                logger.info('Handling Initialize Request: Creating new session...', { ...basePostContext, sessionId });
+                logger.info("Handling Initialize Request: Creating new session...", {
+                    ...basePostContext,
+                    sessionId,
+                });
                 // Create new SDK transport instance for this session.
                 transport = new StreamableHTTPServerTransport({
                     // MCP Spec: Server MAY assign session ID on InitializeResponse via Mcp-Session-Id header.
@@ -300,7 +354,10 @@ export async function startHttpTransport(createServerInstanceFn, context) {
                         // Store the transport instance once the session ID is confirmed and sent to client.
                         logger.debug(`Session initialized callback triggered for ID: ${newId}`, { ...basePostContext, newSessionId: newId });
                         httpTransports[newId] = transport; // Store by the generated ID
-                        logger.info(`HTTP Session created: ${newId}`, { ...basePostContext, newSessionId: newId });
+                        logger.info(`HTTP Session created: ${newId}`, {
+                            ...basePostContext,
+                            newSessionId: newId,
+                        });
                     },
                 });
                 // Define cleanup logic when the transport closes (client disconnect, DELETE, error).
@@ -314,23 +371,27 @@ export async function startHttpTransport(createServerInstanceFn, context) {
                         logger.info(`HTTP Session closed and state cleaned: ${closedSessionId}`, { ...basePostContext, closedSessionId });
                     }
                     else {
-                        logger.debug('onclose handler triggered for transport without session ID (likely init failure).', basePostContext);
+                        logger.debug("onclose handler triggered for transport without session ID (likely init failure).", basePostContext);
                     }
                 };
                 // Create a dedicated McpServer instance for this new session.
-                logger.debug('Creating McpServer instance for new session...', basePostContext);
+                logger.debug("Creating McpServer instance for new session...", basePostContext);
                 const server = await createServerInstanceFn();
                 // Connect the server logic to the transport layer.
-                logger.debug('Connecting McpServer to new transport...', basePostContext);
+                logger.debug("Connecting McpServer to new transport...", basePostContext);
                 await server.connect(transport);
-                logger.debug('McpServer connected to transport.', basePostContext);
+                logger.debug("McpServer connected to transport.", basePostContext);
                 // NOTE: SDK's connect/handleRequest handles sending the InitializeResult.
             }
             else if (!transport) {
                 // --- Handle Non-Initialize Request without Valid Session ---
                 // MCP Spec: Server SHOULD respond 400/404 if session ID is missing/invalid for non-init requests.
-                logger.warning('Invalid or missing session ID for non-initialize POST request.', { ...basePostContext, sessionId });
-                res.status(404).json({ jsonrpc: '2.0', error: { code: -32004, message: 'Invalid or expired session ID' }, id: requestId });
+                logger.warning("Invalid or missing session ID for non-initialize POST request.", { ...basePostContext, sessionId });
+                res.status(404).json({
+                    jsonrpc: "2.0",
+                    error: { code: -32004, message: "Invalid or expired session ID" },
+                    id: requestId,
+                });
                 return; // Stop processing
             }
             // --- Handle Request Content (Initialize or Subsequent Message) ---
@@ -341,8 +402,15 @@ export async function startHttpTransport(createServerInstanceFn, context) {
             // The SDK transport handles returning 202 for notification/response-only POSTs internally.
             // --- Type modification for req.auth compatibility ---
             const tempReqPost = req; // Allow modification
-            if (tempReqPost.auth && (typeof tempReqPost.auth === 'string' || (typeof tempReqPost.auth === 'object' && 'devMode' in tempReqPost.auth))) {
-                logger.debug('Sanitizing req.auth for SDK compatibility (POST)', { ...basePostContext, sessionId: currentSessionId, originalAuthType: typeof tempReqPost.auth });
+            if (tempReqPost.auth &&
+                (typeof tempReqPost.auth === "string" ||
+                    (typeof tempReqPost.auth === "object" &&
+                        "devMode" in tempReqPost.auth))) {
+                logger.debug("Sanitizing req.auth for SDK compatibility (POST)", {
+                    ...basePostContext,
+                    sessionId: currentSessionId,
+                    originalAuthType: typeof tempReqPost.auth,
+                });
                 tempReqPost.auth = undefined;
             }
             // --- End modification ---
@@ -353,21 +421,35 @@ export async function startHttpTransport(createServerInstanceFn, context) {
             // Catch-all for errors during POST handling.
             // Include sessionId if available in the transport object at this point
             const errorSessionId = transport?.sessionId || sessionId; // Use extracted or from transport if available
-            logger.error('Error handling POST request', {
+            logger.error("Error handling POST request", {
                 ...basePostContext,
                 sessionId: errorSessionId, // Add sessionId to error context
                 isInitReq, // Include isInitReq flag
                 error: err instanceof Error ? err.message : String(err),
-                stack: err instanceof Error ? err.stack : undefined
+                stack: err instanceof Error ? err.stack : undefined,
             });
             if (!res.headersSent) {
                 // Send generic JSON-RPC error if possible.
-                res.status(500).json({ jsonrpc: '2.0', error: { code: -32603, message: 'Internal server error during POST handling' }, id: requestId });
+                res.status(500).json({
+                    jsonrpc: "2.0",
+                    error: {
+                        code: -32603,
+                        message: "Internal server error during POST handling",
+                    },
+                    id: requestId,
+                });
             }
             // Ensure transport is cleaned up if an error occurred during initialization before session ID assigned.
             if (isInitReq && transport && !transport.sessionId) {
-                logger.debug('Cleaning up transport after initialization failure.', { ...basePostContext, sessionId: errorSessionId });
-                await transport.close().catch(closeErr => logger.error('Error closing transport after init failure', { ...basePostContext, sessionId: errorSessionId, closeError: closeErr }));
+                logger.debug("Cleaning up transport after initialization failure.", {
+                    ...basePostContext,
+                    sessionId: errorSessionId,
+                });
+                await transport.close().catch((closeErr) => logger.error("Error closing transport after init failure", {
+                    ...basePostContext,
+                    sessionId: errorSessionId,
+                    closeError: closeErr,
+                }));
             }
         }
     });
@@ -375,19 +457,35 @@ export async function startHttpTransport(createServerInstanceFn, context) {
     const handleSessionReq = async (req, res) => {
         const method = req.method; // GET or DELETE
         // Define base context for this request
-        const baseSessionReqContext = { ...transportContext, operation: `handle${method}`, method };
-        logger.debug(`Received ${method} request on ${MCP_ENDPOINT_PATH}`, { ...baseSessionReqContext, headers: req.headers });
+        const baseSessionReqContext = {
+            ...transportContext,
+            operation: `handle${method}`,
+            method,
+        };
+        logger.debug(`Received ${method} request on ${MCP_ENDPOINT_PATH}`, {
+            ...baseSessionReqContext,
+            headers: req.headers,
+        });
         // MCP Spec: Client MUST include Mcp-Session-Id header (after init).
-        const sessionId = req.headers['mcp-session-id'];
+        const sessionId = req.headers["mcp-session-id"];
         // Log extracted session ID, adding it to the context for this specific log message
-        logger.debug(`Extracted session ID: ${sessionId}`, { ...baseSessionReqContext, sessionId });
+        logger.debug(`Extracted session ID: ${sessionId}`, {
+            ...baseSessionReqContext,
+            sessionId,
+        });
         const transport = sessionId ? httpTransports[sessionId] : undefined;
         // Log transport lookup result, adding sessionId to context
-        logger.debug(`Found existing transport for session ID: ${!!transport}`, { ...baseSessionReqContext, sessionId });
+        logger.debug(`Found existing transport for session ID: ${!!transport}`, {
+            ...baseSessionReqContext,
+            sessionId,
+        });
         if (!transport) {
             // MCP Spec: Server MUST respond 404 if session ID invalid/expired.
-            logger.warning(`Session not found for ${method} request`, { ...baseSessionReqContext, sessionId });
-            res.status(404).send('Session not found or expired');
+            logger.warning(`Session not found for ${method} request`, {
+                ...baseSessionReqContext,
+                sessionId,
+            });
+            res.status(404).send("Session not found or expired");
             return;
         }
         try {
@@ -399,8 +497,15 @@ export async function startHttpTransport(createServerInstanceFn, context) {
             // This implementation supports DELETE via the SDK transport's handleRequest.
             // --- Type modification for req.auth compatibility ---
             const tempReqSession = req; // Allow modification
-            if (tempReqSession.auth && (typeof tempReqSession.auth === 'string' || (typeof tempReqSession.auth === 'object' && 'devMode' in tempReqSession.auth))) {
-                logger.debug(`Sanitizing req.auth for SDK compatibility (${method})`, { ...baseSessionReqContext, sessionId, originalAuthType: typeof tempReqSession.auth });
+            if (tempReqSession.auth &&
+                (typeof tempReqSession.auth === "string" ||
+                    (typeof tempReqSession.auth === "object" &&
+                        "devMode" in tempReqSession.auth))) {
+                logger.debug(`Sanitizing req.auth for SDK compatibility (${method})`, {
+                    ...baseSessionReqContext,
+                    sessionId,
+                    originalAuthType: typeof tempReqSession.auth,
+                });
                 tempReqSession.auth = undefined;
             }
             // --- End modification ---
@@ -414,11 +519,11 @@ export async function startHttpTransport(createServerInstanceFn, context) {
                 ...baseSessionReqContext,
                 sessionId, // Add sessionId here
                 error: err instanceof Error ? err.message : String(err),
-                stack: err instanceof Error ? err.stack : undefined
+                stack: err instanceof Error ? err.stack : undefined,
             });
             if (!res.headersSent) {
                 // Generic error if response hasn't started (e.g., error before SSE connection).
-                res.status(500).send('Internal Server Error');
+                res.status(500).send("Internal Server Error");
             }
             // The SDK transport's handleRequest should manage errors occurring *during* an SSE stream.
         }
@@ -427,20 +532,23 @@ export async function startHttpTransport(createServerInstanceFn, context) {
     app.get(MCP_ENDPOINT_PATH, handleSessionReq);
     app.delete(MCP_ENDPOINT_PATH, handleSessionReq);
     // --- Start HTTP Server ---
-    logger.debug('Creating HTTP server instance...', transportContext);
+    logger.debug("Creating HTTP server instance...", transportContext);
     const serverInstance = http.createServer(app);
     try {
-        logger.debug('Attempting to start HTTP server with retry logic...', transportContext);
+        logger.debug("Attempting to start HTTP server with retry logic...", transportContext);
         // Use configured host and port, with retry logic.
         const actualPort = await startHttpServerWithRetry(serverInstance, config.mcpHttpPort, config.mcpHttpHost, MAX_PORT_RETRIES, transportContext);
         // Determine protocol for logging (basic assumption based on HSTS possibility)
-        const protocol = config.environment === 'production' ? 'https' : 'http';
+        const protocol = config.environment === "production" ? "https" : "http";
         const serverAddress = `${protocol}://${config.mcpHttpHost}:${actualPort}${MCP_ENDPOINT_PATH}`;
         // Use logger.notice for startup message to ensure MCP compliance and proper handling by clients.
         logger.notice(`\n🚀 MCP Server running in HTTP mode at: ${serverAddress}\n   (MCP Spec: 2025-03-26 Streamable HTTP Transport)\n`, transportContext);
     }
     catch (err) {
-        logger.fatal('HTTP server failed to start after multiple port retries.', { ...transportContext, error: err instanceof Error ? err.message : String(err) });
+        logger.fatal("HTTP server failed to start after multiple port retries.", {
+            ...transportContext,
+            error: err instanceof Error ? err.message : String(err),
+        });
         throw err; // Propagate error to stop the application
     }
 }

package/dist/mcp-server/transports/stdioTransport.js CHANGED Viewed

@@ -16,9 +16,9 @@
  *
  * @see {@link https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/docs/specification/2025-03-26/basic/authorization.mdx | MCP Authorization Specification}
  */
-import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 // Import core utilities: ErrorHandler for centralized error management and logger for logging.
-import { ErrorHandler, logger } from '../../utils/index.js';
+import { ErrorHandler, logger } from "../../utils/index.js";
 // --- Stdio Session State ---
 // Since stdio typically involves a single, persistent connection managed by a parent,
 // we manage a single working directory state for the entire process.
@@ -36,7 +36,9 @@ export function getStdioWorkingDirectory() {
  */
 export function setStdioWorkingDirectory(dir) {
     currentWorkingDirectory = dir;
-    logger.info(`Stdio working directory set to: ${dir}`, { operation: 'setStdioWorkingDirectory' });
+    logger.info(`Stdio working directory set to: ${dir}`, {
+        operation: "setStdioWorkingDirectory",
+    });
 }
 /**
  * Connects a given McpServer instance to the Stdio transport. (Asynchronous)
@@ -60,20 +62,24 @@ export function setStdioWorkingDirectory(dir) {
  */
 export async function connectStdioTransport(server, context) {
     // Add a specific operation name to the context for better log filtering.
-    const operationContext = { ...context, operation: 'connectStdioTransport', transportType: 'Stdio' };
-    logger.debug('Attempting to connect stdio transport...', operationContext);
+    const operationContext = {
+        ...context,
+        operation: "connectStdioTransport",
+        transportType: "Stdio",
+    };
+    logger.debug("Attempting to connect stdio transport...", operationContext);
     try {
-        logger.debug('Creating StdioServerTransport instance...', operationContext);
+        logger.debug("Creating StdioServerTransport instance...", operationContext);
         // Instantiate the transport provided by the SDK for standard I/O communication.
         // This class encapsulates the logic for reading from stdin and writing to stdout
         // according to the MCP stdio spec.
         const transport = new StdioServerTransport();
-        logger.debug('Connecting McpServer instance to StdioServerTransport...', operationContext);
+        logger.debug("Connecting McpServer instance to StdioServerTransport...", operationContext);
         // Establish the link between the server's core logic and the transport layer.
         // This internally starts the necessary listeners on process.stdin.
         await server.connect(transport);
         // Log successful connection. The server is now ready to process messages via stdio.
-        logger.info('MCP Server connected and listening via stdio transport.', operationContext);
+        logger.info("MCP Server connected and listening via stdio transport.", operationContext);
         // Use logger.notice for startup message to ensure MCP compliance and proper handling by clients.
         logger.notice(`\n🚀 MCP Server running in STDIO mode.\n   (MCP Spec: 2025-03-26 Stdio Transport)\n`, operationContext);
     }

package/dist/types-global/errors.js CHANGED Viewed

@@ -49,7 +49,7 @@ export class McpError extends Error {
         this.code = code;
         this.details = details;
         // Set the error name for identification
-        this.name = 'McpError';
+        this.name = "McpError";
         // Ensure the prototype chain is correct
         Object.setPrototypeOf(this, McpError.prototype);
     }
@@ -58,11 +58,16 @@ export class McpError extends Error {
  * Zod schema for validating error objects, potentially used for parsing
  * error responses or validating error structures internally.
  */
-export const ErrorSchema = z.object({
+export const ErrorSchema = z
+    .object({
     /** The error code, corresponding to BaseErrorCode enum values. */
     code: z.nativeEnum(BaseErrorCode).describe("Standardized error code"),
     /** A human-readable description of the error. */
     message: z.string().describe("Detailed error message"),
     /** Optional additional details or context about the error. */
-    details: z.record(z.unknown()).optional().describe("Optional structured error details")
-}).describe("Schema for validating structured error objects.");
+    details: z
+        .record(z.unknown())
+        .optional()
+        .describe("Optional structured error details"),
+})
+    .describe("Schema for validating structured error objects.");

package/dist/utils/index.js CHANGED Viewed

@@ -1,8 +1,8 @@
 // Re-export all utilities from their categorized subdirectories
-export * from './internal/index.js';
-export * from './parsing/index.js';
-export * from './security/index.js';
-export * from './metrics/index.js';
+export * from "./internal/index.js";
+export * from "./parsing/index.js";
+export * from "./security/index.js";
+export * from "./metrics/index.js";
 // It's good practice to have index.ts files in each subdirectory
 // that export the contents of that directory.
 // Assuming those will be created or already exist.