@dollhousemcp/mcp-server 2.0.15 → 2.0.17

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dollhousemcp/mcp-server",
-  "version": "2.0.15",
+  "version": "2.0.17",
   "description": "DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.",
   "type": "module",
   "main": "dist/index.js",
@@ -133,6 +133,12 @@
     "dist/**/*.d.ts.map",
     "dist/web/public/**",
     "dist/seed-elements/**",
+    "scripts/pretooluse-dollhouse.sh",
+    "scripts/pretooluse-vscode.sh",
+    "scripts/pretooluse-cursor.sh",
+    "scripts/pretooluse-windsurf.sh",
+    "scripts/pretooluse-gemini.sh",
+    "scripts/pretooluse-codex.sh",
     "data/personas/**/*.md",
     "data/skills/**/*.md",
     "data/templates/**/*.md",
@@ -174,6 +180,7 @@
     "otpauth": "^9.5.0",
     "posthog-node": "^5.24.17",
     "qrcode": "^1.5.4",
+    "smol-toml": "^1.6.1",
     "uuid": "^11.1.0",
     "zod": "^4.3.6"
   },

package/scripts/pretooluse-codex.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# pretooluse-codex.sh — Manual Codex hook wrapper for DollhouseMCP
+
+export DOLLHOUSE_HOOK_PLATFORM="codex"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+exec bash "$SCRIPT_DIR/pretooluse-dollhouse.sh"

package/scripts/pretooluse-cursor.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# pretooluse-cursor.sh — Manual Cursor hook wrapper for DollhouseMCP
+
+export DOLLHOUSE_HOOK_PLATFORM="cursor"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+exec bash "$SCRIPT_DIR/pretooluse-dollhouse.sh"

package/scripts/pretooluse-dollhouse.sh

@@ -0,0 +1,110 @@
+#!/bin/bash
+# pretooluse-dollhouse.sh — PreToolUse hook for DollhouseMCP permission evaluation
+#
+# Routes permission checks through DollhouseMCP's evaluate_permission endpoint.
+# The DollhouseMCP web server runs alongside the MCP stdio server on a dynamic port.
+# Port discovery via ~/.dollhouse/run/permission-server.port
+#
+# Input:  JSON on stdin. Claude Code uses { tool_name, tool_input }.
+#         Other clients may expose { toolName, toolInput } or { tool, input }.
+# Output: JSON on stdout (platform-specific hook response; Claude Code expects
+# hookSpecificOutput.permissionDecision for PreToolUse)
+#
+# Fail-open: if the server is unreachable or returns an error, the hook allows
+# the action rather than blocking the user.
+#
+# Set DOLLHOUSE_HOOK_DEBUG=1 for debug logging to stderr.
+# Set DOLLHOUSE_HOOK_PLATFORM to override the platform sent to the server.
+
+PORT_FILE="$HOME/.dollhouse/run/permission-server.port"
+MAX_RETRIES=2
+INITIAL_TIMEOUT=5
+HOOK_PLATFORM="${DOLLHOUSE_HOOK_PLATFORM:-claude_code}"
+
+# Debug logging helper — writes to stderr so it doesn't pollute stdout
+debug() {
+  if [[ "${DOLLHOUSE_HOOK_DEBUG:-0}" == "1" ]]; then
+    echo "[pretooluse] $*" >&2
+  fi
+  return 0
+}
+
+# Discover the port from the port file
+if [[ -f "$PORT_FILE" ]]; then
+  PORT=$(cat "$PORT_FILE" 2>/dev/null)
+  debug "Port file found: $PORT"
+else
+  debug "No port file at $PORT_FILE — fail open"
+  exit 0
+fi
+
+# Validate port is a number
+if ! [[ "$PORT" =~ ^[0-9]+$ ]]; then
+  debug "Invalid port value: $PORT — fail open"
+  exit 0
+fi
+
+ENDPOINT="http://127.0.0.1:${PORT}/api/evaluate_permission"
+debug "Endpoint: $ENDPOINT"
+
+# Read the hook input from stdin
+INPUT=$(cat)
+
+# Extract tool_name and tool_input from the hook payload
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // .toolName // .tool // .name // empty' 2>/dev/null)
+TOOL_INPUT=$(echo "$INPUT" | jq -c '.tool_input // .toolInput // .input // {}' 2>/dev/null)
+
+# If we can't parse the input, fail open
+if [[ -z "$TOOL_NAME" ]]; then
+  debug "Could not parse tool_name from input — fail open"
+  exit 0
+fi
+
+debug "Evaluating: $TOOL_NAME"
+debug "Platform: $HOOK_PLATFORM"
+
+if [[ -n "${DOLLHOUSE_SESSION_ID:-}" ]]; then
+  debug "Using DOLLHOUSE_SESSION_ID=${DOLLHOUSE_SESSION_ID}"
+fi
+
+PAYLOAD=$(jq -cn \
+  --arg tool_name "$TOOL_NAME" \
+  --arg platform "$HOOK_PLATFORM" \
+  --arg session_id "${DOLLHOUSE_SESSION_ID:-}" \
+  --argjson input "$TOOL_INPUT" \
+  '{
+    tool_name: $tool_name,
+    input: $input,
+    platform: $platform
+  } + (if ($session_id | length) > 0 then { session_id: $session_id } else {} end)')
+
+# Call the DollhouseMCP permission evaluation endpoint with exponential backoff.
+# Retry on transient failures (connection refused, timeout) but not on HTTP errors.
+ATTEMPT=0
+TIMEOUT=$INITIAL_TIMEOUT
+
+while [[ $ATTEMPT -le $MAX_RETRIES ]]; do
+  RESPONSE=$(curl -s --max-time "$TIMEOUT" -X POST "$ENDPOINT" \
+    -H "Content-Type: application/json" \
+    -d "$PAYLOAD" \
+    2>/dev/null)
+  CURL_EXIT=$?
+
+  if [[ $CURL_EXIT -eq 0 ]] && [[ -n "$RESPONSE" ]]; then
+    debug "Response (attempt $((ATTEMPT+1))): $RESPONSE"
+    echo "$RESPONSE"
+    exit 0
+  fi
+
+  ATTEMPT=$((ATTEMPT + 1))
+  if [[ $ATTEMPT -le $MAX_RETRIES ]]; then
+    BACKOFF=$((TIMEOUT * ATTEMPT))
+    debug "Attempt $ATTEMPT failed (curl exit $CURL_EXIT) — retrying in ${BACKOFF}s (timeout ${TIMEOUT}s → $((TIMEOUT * 2))s)"
+    sleep "$BACKOFF"
+    TIMEOUT=$((TIMEOUT * 2))
+  fi
+done
+
+# All retries exhausted — fail open
+debug "All $((MAX_RETRIES + 1)) attempts failed — fail open"
+exit 0

package/scripts/pretooluse-gemini.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# pretooluse-gemini.sh — Manual Gemini CLI hook wrapper for DollhouseMCP
+
+export DOLLHOUSE_HOOK_PLATFORM="gemini"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+exec bash "$SCRIPT_DIR/pretooluse-dollhouse.sh"

package/scripts/pretooluse-vscode.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+# pretooluse-vscode.sh — VS Code / Copilot hook wrapper for DollhouseMCP
+#
+# VS Code supports Claude-compatible PreToolUse hooks, but its tool names and
+# tool_input field names differ from Claude Code. This adapter normalizes the
+# most relevant built-in tool names into Dollhouse's existing permission model.
+
+PORT_FILE="$HOME/.dollhouse/run/permission-server.port"
+MAX_RETRIES=2
+INITIAL_TIMEOUT=5
+HOOK_PLATFORM="vscode"
+
+debug() {
+  if [[ "${DOLLHOUSE_HOOK_DEBUG:-0}" == "1" ]]; then
+    echo "[pretooluse-vscode] $*" >&2
+  fi
+  return 0
+}
+
+if [[ -f "$PORT_FILE" ]]; then
+  PORT=$(cat "$PORT_FILE" 2>/dev/null)
+else
+  debug "No port file at $PORT_FILE — fail open"
+  exit 0
+fi
+
+if ! [[ "$PORT" =~ ^[0-9]+$ ]]; then
+  debug "Invalid port value: $PORT — fail open"
+  exit 0
+fi
+
+ENDPOINT="http://127.0.0.1:${PORT}/api/evaluate_permission"
+INPUT=$(cat)
+
+RAW_TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // .toolName // .tool // .name // empty' 2>/dev/null)
+TOOL_NAME="$RAW_TOOL_NAME"
+TOOL_INPUT=$(echo "$INPUT" | jq -c '.tool_input // .toolInput // .input // {}' 2>/dev/null)
+
+case "$RAW_TOOL_NAME" in
+  runTerminalCommand|run_terminal_command|run_in_terminal|terminal_command)
+    TOOL_NAME='Bash'
+    TOOL_INPUT=$(echo "$INPUT" | jq -c '
+      . as $root
+      | {
+        command: (
+          $root.tool_input.command
+          // $root.tool_input.commandLine
+          // $root.toolInput.command
+          // $root.toolInput.commandLine
+          // $root.input.command
+          // $root.input.commandLine
+          // ""
+        )
+      }
+      | if ($root.cwd // $root.working_directory // $root.workingDirectory) != null
+          then . + { cwd: ($root.cwd // $root.working_directory // $root.workingDirectory) }
+          else .
+        end
+    ' 2>/dev/null)
+    ;;
+  createFile|create_file|writeFile|write_file)
+    TOOL_NAME='Write'
+    ;;
+  editFile|edit_file|editFiles|replace_string_in_file|multi_edit)
+    TOOL_NAME='Edit'
+    ;;
+  readFile|read_file|openFile|open_file)
+    TOOL_NAME='Read'
+    ;;
+  findFiles|find_files|glob_search)
+    TOOL_NAME='Glob'
+    ;;
+  searchWorkspace|search_workspace|searchInFiles|grep_search)
+    TOOL_NAME='Grep'
+    ;;
+  fetchWebPage|fetch_web_page|fetch_webpage)
+    TOOL_NAME='WebFetch'
+    ;;
+  searchWeb|search_web)
+    TOOL_NAME='WebSearch'
+    ;;
+  *)
+    ;;
+esac
+
+if [[ -z "$TOOL_NAME" ]]; then
+  debug "Could not parse VS Code tool name — fail open"
+  exit 0
+fi
+
+if [[ -z "$TOOL_INPUT" ]]; then
+  TOOL_INPUT='{}'
+fi
+
+PAYLOAD=$(jq -cn \
+  --arg tool_name "$TOOL_NAME" \
+  --arg platform "$HOOK_PLATFORM" \
+  --arg session_id "${DOLLHOUSE_SESSION_ID:-}" \
+  --argjson input "$TOOL_INPUT" \
+  '{
+    tool_name: $tool_name,
+    input: $input,
+    platform: $platform
+  } + (if ($session_id | length) > 0 then { session_id: $session_id } else {} end)')
+
+ATTEMPT=0
+TIMEOUT=$INITIAL_TIMEOUT
+
+while [[ $ATTEMPT -le $MAX_RETRIES ]]; do
+  RESPONSE=$(curl -s --max-time "$TIMEOUT" -X POST "$ENDPOINT" \
+    -H "Content-Type: application/json" \
+    -d "$PAYLOAD" \
+    2>/dev/null)
+  CURL_EXIT=$?
+
+  if [[ $CURL_EXIT -eq 0 ]] && [[ -n "$RESPONSE" ]]; then
+    HOOK_RESPONSE=$(echo "$RESPONSE" | jq -c '
+      def decision_from_response:
+        if (.hookSpecificOutput.permissionDecision? | type) == "string" then .hookSpecificOutput.permissionDecision
+        elif (.decision? | type) == "string" then .decision
+        elif (.allowed? == true) then "allow"
+        elif (.allowed? == false) then "deny"
+        else empty
+        end;
+      def reason_from_response:
+        .hookSpecificOutput.permissionDecisionReason
+        // .reason
+        // .hookSpecificOutput.reason
+        // empty;
+
+      (decision_from_response) as $decision
+      | if ($decision | type) == "string" and ($decision | length) > 0 then
+          {
+            hookSpecificOutput:
+              ({
+                hookEventName: "PreToolUse",
+                permissionDecision: $decision
+              } + (if (reason_from_response | type) == "string" and (reason_from_response | length) > 0
+                    then { permissionDecisionReason: reason_from_response }
+                    else {}
+                    end))
+          }
+        else empty
+        end
+    ' 2>/dev/null)
+
+    if [[ -n "$HOOK_RESPONSE" ]]; then
+      echo "$HOOK_RESPONSE"
+    else
+      debug "Permission evaluation returned an unrecognized response — fail open"
+    fi
+    exit 0
+  fi
+
+  ATTEMPT=$((ATTEMPT + 1))
+  if [[ $ATTEMPT -le $MAX_RETRIES ]]; then
+    sleep $((TIMEOUT * ATTEMPT))
+    TIMEOUT=$((TIMEOUT * 2))
+  fi
+done
+
+debug "Permission evaluation failed — fail open"
+exit 0

package/scripts/pretooluse-windsurf.sh

@@ -0,0 +1,168 @@
+#!/bin/bash
+# pretooluse-windsurf.sh — Windsurf hook wrapper for DollhouseMCP
+#
+# Windsurf pre-hooks are binary: exit 0 to allow, exit 2 to block.
+# This wrapper translates Windsurf hook events into Dollhouse permission
+# evaluations and then maps the response back to Windsurf exit codes.
+
+PORT_FILE="$HOME/.dollhouse/run/permission-server.port"
+MAX_RETRIES=2
+INITIAL_TIMEOUT=5
+HOOK_PLATFORM="windsurf"
+
+debug() {
+  if [[ "${DOLLHOUSE_HOOK_DEBUG:-0}" == "1" ]]; then
+    echo "[pretooluse-windsurf] $*" >&2
+  fi
+  return 0
+}
+
+if [[ -f "$PORT_FILE" ]]; then
+  PORT=$(cat "$PORT_FILE" 2>/dev/null)
+else
+  debug "No port file at $PORT_FILE — fail open"
+  exit 0
+fi
+
+if ! [[ "$PORT" =~ ^[0-9]+$ ]]; then
+  debug "Invalid port value: $PORT — fail open"
+  exit 0
+fi
+
+ENDPOINT="http://127.0.0.1:${PORT}/api/evaluate_permission"
+INPUT=$(cat)
+
+EVENT_NAME=$(echo "$INPUT" | jq -r '
+  .hook_event_name
+  // .hookEventName
+  // .event_name
+  // .eventName
+  // .event
+  // empty
+' 2>/dev/null)
+
+TOOL_NAME=''
+TOOL_INPUT='{}'
+
+case "$EVENT_NAME" in
+  pre_run_command)
+    TOOL_NAME='Bash'
+    TOOL_INPUT=$(echo "$INPUT" | jq -c '
+      . as $root
+      | {
+        command: (
+          $root.tool_info.command_line
+          // $root.toolInfo.commandLine
+          // $root.command_line
+          // $root.commandLine
+          // $root.command
+          // $root.input.command
+          // $root.tool_input.command
+          // ""
+        )
+      }
+      | if ($root.cwd // $root.working_directory // $root.workingDirectory // $root.tool_info.cwd // $root.toolInfo.cwd) != null
+          then . + { cwd: ($root.cwd // $root.working_directory // $root.workingDirectory // $root.tool_info.cwd // $root.toolInfo.cwd) }
+          else .
+        end
+    ' 2>/dev/null)
+    ;;
+  pre_mcp_tool_use)
+    TOOL_NAME=$(echo "$INPUT" | jq -r '
+      .tool_name
+      // .toolName
+      // .tool.name
+      // .tool_info.name
+      // .toolInfo.name
+      // .name
+      // .mcp_tool_name
+      // empty
+    ' 2>/dev/null)
+    TOOL_INPUT=$(echo "$INPUT" | jq -c '
+      . as $root
+      | (
+          $root.tool_arguments
+          // $root.toolArgs
+          // $root.input.arguments
+          // $root.arguments
+          // $root.tool_input
+          // $root.input
+          // {}
+        )
+      | if ($root.server_name // $root.serverName // $root.mcp_server_name) != null
+          then . + { server_name: ($root.server_name // $root.serverName // $root.mcp_server_name) }
+          else .
+        end
+    ' 2>/dev/null)
+    ;;
+  *)
+    TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // .toolName // .tool // .name // empty' 2>/dev/null)
+    TOOL_INPUT=$(echo "$INPUT" | jq -c '.tool_input // .toolInput // .input // {}' 2>/dev/null)
+    ;;
+esac
+
+if [[ -z "$TOOL_NAME" ]]; then
+  debug "Could not parse Windsurf tool name — fail open"
+  exit 0
+fi
+
+PAYLOAD=$(jq -cn \
+  --arg tool_name "$TOOL_NAME" \
+  --arg platform "$HOOK_PLATFORM" \
+  --arg session_id "${DOLLHOUSE_SESSION_ID:-}" \
+  --argjson input "$TOOL_INPUT" \
+  '{
+    tool_name: $tool_name,
+    input: $input,
+    platform: $platform
+  } + (if ($session_id | length) > 0 then { session_id: $session_id } else {} end)')
+
+ATTEMPT=0
+TIMEOUT=$INITIAL_TIMEOUT
+
+while [[ $ATTEMPT -le $MAX_RETRIES ]]; do
+  RESPONSE=$(curl -s --max-time "$TIMEOUT" -X POST "$ENDPOINT" \
+    -H "Content-Type: application/json" \
+    -d "$PAYLOAD" \
+    2>/dev/null)
+  CURL_EXIT=$?
+
+  if [[ $CURL_EXIT -eq 0 ]] && [[ -n "$RESPONSE" ]]; then
+    ALLOWED=$(echo "$RESPONSE" | jq -r '
+      if .allowed == true then "true"
+      elif .allowed == false then "false"
+      elif .decision == "allow" then "true"
+      elif .decision == "deny" or .decision == "ask" then "false"
+      elif .hookSpecificOutput.permissionDecision == "allow" then "true"
+      elif .hookSpecificOutput.permissionDecision == "deny" or .hookSpecificOutput.permissionDecision == "ask" then "false"
+      else "unknown"
+      end
+    ' 2>/dev/null)
+
+    if [[ "$ALLOWED" == "true" ]]; then
+      exit 0
+    fi
+
+    if [[ "$ALLOWED" == "false" ]]; then
+      REASON=$(echo "$RESPONSE" | jq -r '
+        .reason
+        // .hookSpecificOutput.reason
+        // .hookSpecificOutput.permissionDecisionReason
+        // empty
+      ' 2>/dev/null)
+      if [[ -n "$REASON" ]]; then
+        echo "$REASON" >&2
+      fi
+      exit 2
+    fi
+  fi
+
+  ATTEMPT=$((ATTEMPT + 1))
+  if [[ $ATTEMPT -le $MAX_RETRIES ]]; then
+    sleep $((TIMEOUT * ATTEMPT))
+    TIMEOUT=$((TIMEOUT * 2))
+  fi
+done
+
+debug "Permission evaluation failed — fail open"
+exit 0

package/server.json

@@ -3,7 +3,7 @@
   "name": "io.github.DollhouseMCP/mcp-server",
   "title": "DollhouseMCP",
   "description": "OSS to create Personas, Skills, Templates, Agents, and Memories to customize your AI experience.",
-  "version": "2.0.15",
+  "version": "2.0.17",
   "homepage": "https://dollhousemcp.com",
   "repository": {
     "type": "git",
@@ -29,7 +29,7 @@
     {
       "registryType": "npm",
       "identifier": "@dollhousemcp/mcp-server",
-      "version": "2.0.15",
+      "version": "2.0.17",
       "transport": {
         "type": "stdio"
       }