@gemini-designer/mcp-server 0.1.2 → 0.1.29

package/src/context/builder.ts

@@ -17,217 +17,217 @@ const MAX_CONTEXT_TOKENS = 12500; // ~50k chars
 const MAX_FILE_TOKENS = 2500; // ~10k chars per file
 
 export interface ContextResult {
-    content: string;
-    estimatedTokens: number;
-    filesIncluded: string[];
-    filesSkipped: string[];
-    truncated: boolean;
+  content: string;
+  estimatedTokens: number;
+  filesIncluded: string[];
+  filesSkipped: string[];
+  truncated: boolean;
 }
 
 /**
  * Estimate token count from text
  */
 export function estimateTokens(text: string): number {
-    return Math.ceil(text.length / CHARS_PER_TOKEN);
+  return Math.ceil(text.length / CHARS_PER_TOKEN);
 }
 
 /**
  * Build context from specified file paths with token optimization
  */
 export async function buildContext(paths: string[], config: Config): Promise<string> {
-    const result = await buildContextWithMetadata(paths, config);
-    return result.content;
+  const result = await buildContextWithMetadata(paths, config);
+  return result.content;
 }
 
 /**
  * Build context with full metadata (tokens, files included, etc.)
  */
 export async function buildContextWithMetadata(
-    paths: string[],
-    config: Config
+  paths: string[],
+  config: Config
 ): Promise<ContextResult> {
-    const contents: string[] = [];
-    const filesIncluded: string[] = [];
-    const filesSkipped: string[] = [];
-    let totalTokens = 0;
-    let truncated = false;
-
-    // Sort paths by likely relevance (design tokens first, then components)
-    const sortedPaths = sortByRelevance(paths);
-
-    for (const filePath of sortedPaths) {
-        // Resolve to absolute path
-        const absPath = path.isAbsolute(filePath) ? filePath : path.resolve(process.cwd(), filePath);
-
-        // Security check: path must be in allowed paths
-        if (!isPathAllowed(absPath, config.allowedPaths)) {
-            if (config.debug) {
-                console.error(`[context] Skipping ${filePath}: outside allowed paths`);
-            }
-            filesSkipped.push(`${filePath} (outside allowed paths)`);
-            continue;
-        }
-
-        // Security check: not a sensitive file
-        if (isSensitiveFile(absPath)) {
-            if (config.debug) {
-                console.error(`[context] Skipping ${filePath}: sensitive file`);
-            }
-            filesSkipped.push(`${filePath} (sensitive)`);
-            continue;
-        }
+  const contents: string[] = [];
+  const filesIncluded: string[] = [];
+  const filesSkipped: string[] = [];
+  let totalTokens = 0;
+  let truncated = false;
+
+  // Sort paths by likely relevance (design tokens first, then components)
+  const sortedPaths = sortByRelevance(paths);
+
+  for (const filePath of sortedPaths) {
+    // Resolve to absolute path
+    const absPath = path.isAbsolute(filePath) ? filePath : path.resolve(process.cwd(), filePath);
+
+    // Security check: path must be in allowed paths
+    if (!isPathAllowed(absPath, config.allowedPaths)) {
+      if (config.debug) {
+        console.error(`[context] Skipping ${filePath}: outside allowed paths`);
+      }
+      filesSkipped.push(`${filePath} (outside allowed paths)`);
+      continue;
+    }
 
-        // Check if file exists and is a file
-        if (!fs.existsSync(absPath)) {
-            filesSkipped.push(`${filePath} (not found)`);
-            continue;
-        }
+    // Security check: not a sensitive file
+    if (isSensitiveFile(absPath)) {
+      if (config.debug) {
+        console.error(`[context] Skipping ${filePath}: sensitive file`);
+      }
+      filesSkipped.push(`${filePath} (sensitive)`);
+      continue;
+    }
 
-        const stat = fs.statSync(absPath);
-        if (!stat.isFile()) {
-            filesSkipped.push(`${filePath} (not a file)`);
-            continue;
-        }
+    // Check if file exists and is a file
+    if (!fs.existsSync(absPath)) {
+      filesSkipped.push(`${filePath} (not found)`);
+      continue;
+    }
 
-        try {
-            let content = fs.readFileSync(absPath, 'utf-8');
+    const stat = fs.statSync(absPath);
+    if (!stat.isFile()) {
+      filesSkipped.push(`${filePath} (not a file)`);
+      continue;
+    }
 
-            // Sanitize content to remove any secrets
-            content = sanitizeContent(content);
+    try {
+      let content = fs.readFileSync(absPath, 'utf-8');
 
-            // Calculate tokens for this file
-            let fileTokens = estimateTokens(content);
-            const maxFileChars = MAX_FILE_TOKENS * CHARS_PER_TOKEN;
+      // Sanitize content to remove any secrets
+      content = sanitizeContent(content);
 
-            // Truncate large files
-            if (fileTokens > MAX_FILE_TOKENS) {
-                content = smartTruncate(content, maxFileChars);
-                fileTokens = MAX_FILE_TOKENS;
-            }
+      // Calculate tokens for this file
+      let fileTokens = estimateTokens(content);
+      const maxFileChars = MAX_FILE_TOKENS * CHARS_PER_TOKEN;
 
-            // Check if adding this would exceed total limit
-            if (totalTokens + fileTokens > MAX_CONTEXT_TOKENS) {
-                if (config.debug) {
-                    console.error(`[context] Stopping: token limit reached`);
-                }
-                truncated = true;
-                break;
-            }
+      // Truncate large files
+      if (fileTokens > MAX_FILE_TOKENS) {
+        content = smartTruncate(content, maxFileChars);
+        fileTokens = MAX_FILE_TOKENS;
+      }
 
-            const ext = path.extname(absPath);
-            const header = `/* File: ${path.basename(absPath)} (${ext}) - ~${fileTokens} tokens */`;
-            contents.push(`${header}\n${content}`);
-            filesIncluded.push(filePath);
-            totalTokens += fileTokens;
-        } catch (error) {
-            if (config.debug) {
-                console.error(`[context] Error reading ${filePath}:`, error);
-            }
-            filesSkipped.push(`${filePath} (read error)`);
+      // Check if adding this would exceed total limit
+      if (totalTokens + fileTokens > MAX_CONTEXT_TOKENS) {
+        if (config.debug) {
+          console.error(`[context] Stopping: token limit reached`);
         }
+        truncated = true;
+        break;
+      }
+
+      const ext = path.extname(absPath);
+      const header = `/* File: ${path.basename(absPath)} (${ext}) - ~${fileTokens} tokens */`;
+      contents.push(`${header}\n${content}`);
+      filesIncluded.push(filePath);
+      totalTokens += fileTokens;
+    } catch (error) {
+      if (config.debug) {
+        console.error(`[context] Error reading ${filePath}:`, error);
+      }
+      filesSkipped.push(`${filePath} (read error)`);
     }
-
-    return {
-        content: contents.length > 0 ? contents.join('\n\n---\n\n') : '',
-        estimatedTokens: totalTokens,
-        filesIncluded,
-        filesSkipped,
-        truncated,
-    };
+  }
+
+  return {
+    content: contents.length > 0 ? contents.join('\n\n---\n\n') : '',
+    estimatedTokens: totalTokens,
+    filesIncluded,
+    filesSkipped,
+    truncated,
+  };
 }
 
 /**
  * Sort paths by relevance (design tokens and variables first)
  */
 function sortByRelevance(paths: string[]): string[] {
-    const priority: Record<string, number> = {
-        tokens: 0,
-        variables: 0,
-        theme: 1,
-        design: 1,
-        colors: 2,
-        typography: 2,
-        styles: 3,
-        css: 4,
-    };
-
-    return [...paths].sort((a, b) => {
-        const aName = path.basename(a).toLowerCase();
-        const bName = path.basename(b).toLowerCase();
-
-        let aPriority = 10;
-        let bPriority = 10;
-
-        for (const [key, value] of Object.entries(priority)) {
-            if (aName.includes(key)) aPriority = Math.min(aPriority, value);
-            if (bName.includes(key)) bPriority = Math.min(bPriority, value);
-        }
+  const priority: Record<string, number> = {
+    tokens: 0,
+    variables: 0,
+    theme: 1,
+    design: 1,
+    colors: 2,
+    typography: 2,
+    styles: 3,
+    css: 4,
+  };
+
+  return [...paths].sort((a, b) => {
+    const aName = path.basename(a).toLowerCase();
+    const bName = path.basename(b).toLowerCase();
+
+    let aPriority = 10;
+    let bPriority = 10;
+
+    for (const [key, value] of Object.entries(priority)) {
+      if (aName.includes(key)) aPriority = Math.min(aPriority, value);
+      if (bName.includes(key)) bPriority = Math.min(bPriority, value);
+    }
 
-        return aPriority - bPriority;
-    });
+    return aPriority - bPriority;
+  });
 }
 
 /**
  * Smart truncate: keep beginning and end, with clear indicator
  */
 function smartTruncate(content: string, maxChars: number): string {
-    if (content.length <= maxChars) return content;
+  if (content.length <= maxChars) return content;
 
-    const keepStart = Math.floor(maxChars * 0.7);
-    const keepEnd = Math.floor(maxChars * 0.2);
+  const keepStart = Math.floor(maxChars * 0.7);
+  const keepEnd = Math.floor(maxChars * 0.2);
 
-    const start = content.slice(0, keepStart);
-    const end = content.slice(-keepEnd);
+  const start = content.slice(0, keepStart);
+  const end = content.slice(-keepEnd);
 
-    return `${start}\n\n/* ... [${Math.round((content.length - maxChars) / 1000)}k chars truncated] ... */\n\n${end}`;
+  return `${start}\n\n/* ... [${Math.round((content.length - maxChars) / 1000)}k chars truncated] ... */\n\n${end}`;
 }
 
 /**
  * Automatically discover relevant UI files in a directory
  */
 export async function discoverUIFiles(directory: string, config: Config): Promise<string[]> {
-    const uiPatterns = [
-        /\.(css|scss|less|sass)$/,
-        /\.(tsx|jsx)$/,
-        /\.(vue|svelte)$/,
-        /theme\./,
-        /design[-_]?tokens?\./,
-        /tailwind\.config\./,
-    ];
-
-    const files: string[] = [];
-
-    function scan(dir: string, depth: number = 0) {
-        if (depth > 3) return; // Max depth
-
-        try {
-            const entries = fs.readdirSync(dir, { withFileTypes: true });
-
-            for (const entry of entries) {
-                const fullPath = path.join(dir, entry.name);
-
-                // Skip node_modules, .git, etc.
-                if (entry.isDirectory()) {
-                    if (['node_modules', '.git', 'dist', 'build', '.next', '.nuxt'].includes(entry.name)) {
-                        continue;
-                    }
-                    scan(fullPath, depth + 1);
-                } else if (entry.isFile()) {
-                    // Check if matches UI patterns
-                    if (uiPatterns.some((pattern) => pattern.test(entry.name))) {
-                        if (isPathAllowed(fullPath, config.allowedPaths) && !isSensitiveFile(fullPath)) {
-                            files.push(fullPath);
-                        }
-                    }
-                }
+  const uiPatterns = [
+    /\.(css|scss|less|sass)$/,
+    /\.(tsx|jsx)$/,
+    /\.(vue|svelte)$/,
+    /theme\./,
+    /design[-_]?tokens?\./,
+    /tailwind\.config\./,
+  ];
+
+  const files: string[] = [];
+
+  function scan(dir: string, depth: number = 0) {
+    if (depth > 3) return; // Max depth
+
+    try {
+      const entries = fs.readdirSync(dir, { withFileTypes: true });
+
+      for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+
+        // Skip node_modules, .git, etc.
+        if (entry.isDirectory()) {
+          if (['node_modules', '.git', 'dist', 'build', '.next', '.nuxt'].includes(entry.name)) {
+            continue;
+          }
+          scan(fullPath, depth + 1);
+        } else if (entry.isFile()) {
+          // Check if matches UI patterns
+          if (uiPatterns.some((pattern) => pattern.test(entry.name))) {
+            if (isPathAllowed(fullPath, config.allowedPaths) && !isSensitiveFile(fullPath)) {
+              files.push(fullPath);
             }
-        } catch {
-            // Skip directories we can't read
+          }
         }
+      }
+    } catch {
+      // Skip directories we can't read
     }
+  }
 
-    scan(directory);
+  scan(directory);
 
-    // Sort by relevance
-    return sortByRelevance(files);
+  // Sort by relevance
+  return sortByRelevance(files);
 }

package/src/context/filter.ts

@@ -11,124 +11,130 @@ import * as path from 'node:path';
  * Files/directories that should NEVER be included in context
  */
 const SENSITIVE_PATTERNS = [
-    // Environment and secrets
-    /\.env/i,
-    /secrets?\./i,
-    /\.pem$/i,
-    /\.key$/i,
-    /\.crt$/i,
-    /credentials/i,
-    /\.htpasswd/i,
-
-    // Private keys and certificates
-    /id_rsa/i,
-    /id_ed25519/i,
-    /\.p12$/i,
-    /\.pfx$/i,
-
-    // Config with potential secrets
-    /\.npmrc$/i,
-    /\.pypirc$/i,
-    /kubeconfig/i,
-    /\.docker\/config\.json$/i,
-
-    // Database
-    /\.sqlite$/i,
-    /\.db$/i,
-    /migrations?\//i,
-    /seeds?\//i,
-
-    // Backend/server code (when isolating UI)
-    /\/api\//i,
-    /\/server\//i,
-    /\/backend\//i,
-    /\/functions\//i, // Serverless
-    /\/lambda\//i,
-    /\/middleware\//i,
-
-    // Auth-related
-    /\/auth\//i,
-    /passport/i,
-    /jwt/i,
-
-    // System and dependencies
-    /node_modules\//i,
-    /\.git\//i,
-    /vendor\//i,
-    /\.cache\//i,
-    /\.next\//i,
-    /\.nuxt\//i,
-    /dist\//i,
-    /build\//i,
+  // Environment and secrets
+  /\.env/i,
+  /secrets?\./i,
+  /\.pem$/i,
+  /\.key$/i,
+  /\.crt$/i,
+  /credentials/i,
+  /\.htpasswd/i,
+
+  // Private keys and certificates
+  /id_rsa/i,
+  /id_ed25519/i,
+  /\.p12$/i,
+  /\.pfx$/i,
+
+  // Config with potential secrets
+  /\.npmrc$/i,
+  /\.pypirc$/i,
+  /kubeconfig/i,
+  /\.docker\/config\.json$/i,
+
+  // Database
+  /\.sqlite$/i,
+  /\.db$/i,
+  /migrations?\//i,
+  /seeds?\//i,
+
+  // Backend/server code (when isolating UI)
+  /\/api\//i,
+  /\/server\//i,
+  /\/backend\//i,
+  /\/functions\//i, // Serverless
+  /\/lambda\//i,
+  /\/middleware\//i,
+
+  // Auth-related
+  /\/auth\//i,
+  /passport/i,
+  /jwt/i,
+
+  // System and dependencies
+  /node_modules\//i,
+  /\.git\//i,
+  /vendor\//i,
+  /\.cache\//i,
+  /\.next\//i,
+  /\.nuxt\//i,
+  /dist\//i,
+  /build\//i,
 ];
 
 /**
  * UI-relevant file patterns (for auto-discovery)
  */
 export const UI_INCLUDE_PATTERNS = [
-    // Stylesheets
-    /\.(css|scss|less|sass|styl)$/i,
-
-    // Components
-    /\.(tsx|jsx)$/i,
-    /\.(vue|svelte)$/i,
-
-    // Design tokens
-    /theme\./i,
-    /tokens?\./i,
-    /variables\./i,
-    /design[-_]?system/i,
-
-    // Config files for styling
-    /tailwind\.config/i,
-    /postcss\.config/i,
-    /styled-components/i,
+  // Stylesheets
+  /\.(css|scss|less|sass|styl)$/i,
+
+  // Components
+  /\.(tsx|jsx)$/i,
+  /\.(vue|svelte)$/i,
+
+  // Design tokens
+  /theme\./i,
+  /tokens?\./i,
+  /variables\./i,
+  /design[-_]?system/i,
+
+  // Config files for styling
+  /tailwind\.config/i,
+  /postcss\.config/i,
+  /styled-components/i,
 ];
 
 /**
  * Check if a file path matches sensitive patterns
  */
 export function isSensitiveFile(filePath: string): boolean {
-    const normalized = filePath.replace(/\\/g, '/');
+  const normalized = filePath.replace(/\\/g, '/');
 
-    for (const pattern of SENSITIVE_PATTERNS) {
-        if (pattern.test(normalized)) {
-            return true;
-        }
+  for (const pattern of SENSITIVE_PATTERNS) {
+    if (pattern.test(normalized)) {
+      return true;
     }
+  }
 
-    return false;
+  return false;
 }
 
 /**
  * Check if a file path is within allowed paths
  */
 export function isPathAllowed(filePath: string, allowedPaths: string[]): boolean {
-    const absPath = path.resolve(filePath);
-
-    for (const allowed of allowedPaths) {
-        const absAllowed = path.resolve(allowed);
-        if (absPath.startsWith(absAllowed)) {
-            return true;
-        }
+  const absPath = path.resolve(filePath);
+
+  for (const allowed of allowedPaths) {
+    const absAllowed = path.resolve(allowed);
+    const rel = path.relative(absAllowed, absPath);
+    // IMPORTANT: use a path-segment-aware check; `startsWith('..')` is not enough
+    // because legitimate paths like `.../file` would be incorrectly blocked.
+    if (
+      rel === '' ||
+      (!rel.startsWith(`..${path.sep}`) && rel !== '..' && !path.isAbsolute(rel))
+    ) {
+      return true;
     }
+  }
 
-    return false;
+  return false;
 }
 
 /**
  * Check if a file is UI-relevant
  */
 export function isUIRelevant(filePath: string): boolean {
-    const normalized = filePath.replace(/\\/g, '/');
+  const normalized = filePath.replace(/\\/g, '/');
 
-    for (const pattern of UI_INCLUDE_PATTERNS) {
-        if (pattern.test(normalized)) {
-            return true;
-        }
+  for (const pattern of UI_INCLUDE_PATTERNS) {
+    if (pattern.test(normalized)) {
+      return true;
     }
+  }
 
-    return false;
+  return false;
 }
 
 /**
@@ -136,29 +142,29 @@ export function isUIRelevant(filePath: string): boolean {
  * This is a best-effort filter for dynamic content
  */
 export function sanitizeContent(content: string): string {
-    // Remove common secret patterns
-    const patterns = [
-        // API keys (generic patterns)
-        /(['"`])?(api[_-]?key|apikey|secret|password|token|auth)(['"`])?[\s]*[:=][\s]*['"`][^'"`]+['"`]/gi,
+  // Remove common secret patterns
+  const patterns = [
+    // API keys (generic patterns)
+    /(['"`])?(api[_-]?key|apikey|secret|password|token|auth)(['"`])?[\s]*[:=][\s]*['"`][^'"`]+['"`]/gi,
 
-        // Bearer tokens
-        /Bearer\s+[A-Za-z0-9\-_=]+\.[A-Za-z0-9\-_=]+\.?[A-Za-z0-9\-_.+/=]*/gi,
+    // Bearer tokens
+    /Bearer\s+[A-Za-z0-9\-_=]+\.[A-Za-z0-9\-_=]+\.?[A-Za-z0-9\-_.+/=]*/gi,
 
-        // AWS keys
-        /AKIA[0-9A-Z]{16}/g,
+    // AWS keys
+    /AKIA[0-9A-Z]{16}/g,
 
-        // Private keys
-        /-----BEGIN[\s\w]+PRIVATE KEY-----[\s\S]+?-----END[\s\w]+PRIVATE KEY-----/g,
+    // Private keys
+    /-----BEGIN[\s\w]+PRIVATE KEY-----[\s\S]+?-----END[\s\w]+PRIVATE KEY-----/g,
 
-        // Connection strings
-        /(mongodb|postgresql|mysql|redis):\/\/[^\s'"]+/gi,
-    ];
+    // Connection strings
+    /(mongodb|postgresql|mysql|redis):\/\/[^\s'"]+/gi,
+  ];
 
-    let result = content;
+  let result = content;
 
-    for (const pattern of patterns) {
-        result = result.replace(pattern, '[REDACTED]');
-    }
+  for (const pattern of patterns) {
+    result = result.replace(pattern, '[REDACTED]');
+  }
 
-    return result;
+  return result;
 }