npm - @elliotding/ai-agent-mcp - Versions diffs - 0.1.20 → 0.1.22 - Mend

@elliotding/ai-agent-mcp 0.1.20 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/ai-resource-telemetry.json +1 -1
package/dist/git/multi-source-manager.d.ts.map +1 -1
package/dist/git/multi-source-manager.js +157 -28
package/dist/git/multi-source-manager.js.map +1 -1
package/dist/prompts/generator.d.ts +1 -1
package/dist/prompts/generator.d.ts.map +1 -1
package/dist/prompts/generator.js +2 -0
package/dist/prompts/generator.js.map +1 -1
package/dist/prompts/manager.d.ts.map +1 -1
package/dist/prompts/manager.js +3 -0
package/dist/prompts/manager.js.map +1 -1
package/dist/server/http.d.ts.map +1 -1
package/dist/server/http.js +49 -17
package/dist/server/http.js.map +1 -1
package/dist/tools/sync-resources.d.ts.map +1 -1
package/dist/tools/sync-resources.js +12 -7
package/dist/tools/sync-resources.js.map +1 -1
package/package.json +1 -1
package/src/git/multi-source-manager.ts +164 -39
package/src/prompts/generator.ts +2 -1
package/src/prompts/manager.ts +3 -0
package/src/server/http.ts +65 -19
package/src/tools/sync-resources.ts +13 -8

package/src/server/http.ts CHANGED Viewed

@@ -315,15 +315,69 @@ export class HTTPServer {
       // See config/index.ts for details.
       const basePath = config.http?.basePath ?? '';
       const publicOrigin = config.http?.publicOrigin ?? `http://127.0.0.1:${config.http?.port ?? 3000}`;
-      // We pass only the path to SSEServerTransport so its internal URL
-      // parsing produces a clean relative URL.  After connect() we re-send
-      // an absolute endpoint event so Cursor (which may sit behind a proxy
-      // with a different origin than its SSE connection) uses the correct
-      // public address for all subsequent JSON-RPC POST messages.
       const messagePath = `${basePath}/message`;
-      const transport = new SSEServerTransport(messagePath, reply.raw);
+      // The MCP SDK SSEServerTransport.start() emits an `endpoint` SSE event
+      // whose data is a *relative* path (pathname + ?sessionId=...), stripping
+      // the origin.  When deployed behind nginx, Cursor resolves this relative
+      // path against whatever origin it used to open the SSE connection, which
+      // may differ from our public API origin.  The result is that GetPrompt /
+      // tools/call POST requests go to the wrong address and never arrive.
+      //
+      // Fix: intercept the raw response stream's write() method.  When the SDK
+      // emits the relative endpoint event we replace it on-the-fly with the
+      // full absolute URL so Cursor always uses the correct public address.
+      // Only ONE endpoint event is ever written to the wire this way.
+      const rawRes = reply.raw;
+      const originalWrite = rawRes.write.bind(rawRes);
+      (rawRes as NodeJS.WritableStream & { write: typeof originalWrite }).write = (
+        chunk: unknown,
+        encodingOrCb?: unknown,
+        cb?: unknown,
+      ): boolean => {
+        if (typeof chunk === 'string' && chunk.startsWith('event: endpoint\ndata:')) {
+          // The SDK wrote a relative endpoint event — replace with absolute URL.
+          // We know the sessionId from transport.sessionId (read after construction).
+          // Use a placeholder here; replaced below once we have the transport.
+          // (This interceptor is set before connect(), so the write happens during
+          //  connect() → transport.start().)
+          chunk = chunk.replace(
+            /^(event: endpoint\ndata:).*/,
+            `$1 ${publicOrigin}${messagePath}?sessionId=__SESSION_ID__`,
+          );
+        }
+        if (typeof encodingOrCb === 'function') {
+          return originalWrite(chunk as string, encodingOrCb as () => void);
+        }
+        if (typeof cb === 'function') {
+          return originalWrite(chunk as string, encodingOrCb as BufferEncoding, cb as () => void);
+        }
+        return originalWrite(chunk as string);
+      };
+      const transport = new SSEServerTransport(messagePath, rawRes);
       const sdkSessionId = transport.sessionId;
+      // Now patch the placeholder with the real sessionId that the SDK assigned.
+      // The write interceptor is still active during connect() → start(), so we
+      // swap it out for a version that knows the actual sessionId.
+      (rawRes as NodeJS.WritableStream & { write: typeof originalWrite }).write = (
+        chunk: unknown,
+        encodingOrCb?: unknown,
+        cb?: unknown,
+      ): boolean => {
+        if (typeof chunk === 'string' && chunk.startsWith('event: endpoint\ndata:')) {
+          chunk = `event: endpoint\ndata: ${publicOrigin}${messagePath}?sessionId=${sdkSessionId}\n\n`;
+        }
+        if (typeof encodingOrCb === 'function') {
+          return originalWrite(chunk as string, encodingOrCb as () => void);
+        }
+        if (typeof cb === 'function') {
+          return originalWrite(chunk as string, encodingOrCb as BufferEncoding, cb as () => void);
+        }
+        return originalWrite(chunk as string);
+      };
       this.sseTransports.set(sdkSessionId, transport);
       transport.onclose = () => {
@@ -337,29 +391,21 @@ export class HTTPServer {
         logger.warn({ sdkSessionId, error: err.message }, 'SSE transport error');
       };
-      // Create a per-connection MCP Server and connect it to the transport.
-      // connect() calls transport.start() which writes the initial (relative)
-      // endpoint SSE event.  We then immediately overwrite it with an absolute
-      // URL so Cursor uses the correct public address regardless of how nginx
-      // forwards the SSE connection.
       const mcpServer = this.createMcpServer(
         request.user?.userId,
         request.user?.email,
         request.user?.groups,
         token,
       );
+      // connect() calls transport.start() which triggers the intercepted write()
+      // above — emitting exactly ONE absolute endpoint event to the wire.
       await mcpServer.connect(transport);
-      // Re-send the endpoint event with the full absolute URL.
-      // This overwrites the relative-path event emitted by the SDK and
-      // ensures Cursor POSTs subsequent JSON-RPC messages (prompts/get,
-      // tools/call, etc.) to the correct externally-reachable address.
       const absoluteMessageUrl = `${publicOrigin}${messagePath}?sessionId=${sdkSessionId}`;
-      reply.raw.write(`event: endpoint\ndata: ${absoluteMessageUrl}\n\n`);
       logger.info(
         { sdkSessionId, absoluteMessageUrl, publicOrigin },
-        'SSE stream established — absolute endpoint event sent',
+        'SSE stream established — absolute endpoint URL intercepted and sent',
       );
       // Handle client disconnect

package/src/tools/sync-resources.ts CHANGED Viewed

@@ -580,12 +580,15 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
         }
         // ── Rule resource ─────────────────────────────────────────────────────
-        // Return write_file actions; the AI writes the files locally.
-        // Each action carries content_hash so the AI can skip the write when
-        // the local file already has identical content.
+        // Return write_file actions; the AI Agent executes them on the user's
+        // LOCAL machine.  Each action carries content_hash (SHA-256) so the AI
+        // can compare against the existing local file and skip the write when
+        // the digests match — avoiding unnecessary disk I/O.  If the local file
+        // is missing or has different content, the AI writes it unconditionally,
+        // which also recovers files that were accidentally deleted by the user.
         if (sub.type === 'rule') {
           const typeDir = getCursorTypeDirForClient(sub.type);
-          const writeActions: string[] = [];
+          const writeActions: Array<{ destPath: string; hash: string; contentLength: number }> = [];
           for (const file of resourceFiles) {
             const normalised = path.normalize(file.path);
@@ -594,13 +597,14 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
               continue;
             }
             const destPath = `${typeDir}/${normalised}`;
+            const contentHash = sha256(file.content);
             localActions.push({
               action: 'write_file',
               path: destPath,
               content: file.content,
-              content_hash: sha256(file.content),
+              content_hash: contentHash,
             });
-            writeActions.push(destPath);
+            writeActions.push({ destPath, hash: contentHash, contentLength: file.content.length });
           }
           logger.info(
@@ -609,9 +613,10 @@ export async function syncResources(params: unknown): Promise<ToolResult<SyncRes
               resourceName: sub.name,
               typeDir,
               fileCount: writeActions.length,
-              destPaths: writeActions,
+              files: writeActions,
+              clientSideNote: 'AI will compare content_hash against local file SHA-256; write is skipped if equal, executed if different or file missing',
             },
-            'sync_resources: Rule — write_file actions queued for AI',
+            'sync_resources: Rule — write_file actions queued for AI (client-side hash comparison)',
           );
           tally.synced++;