@harness-engineering/mcp-server 0.5.2 → 0.5.3

package/dist/src/tools/persona.js

@@ -29,8 +29,15 @@ export const generatePersonaArtifactsDefinition = {
     },
 };
 export async function handleGeneratePersonaArtifacts(input) {
+    if (!/^[a-z0-9][a-z0-9._-]*$/i.test(input.name)) {
+        return resultToMcpResponse(Err(new Error(`Invalid persona name: ${input.name}`)));
+    }
     const { loadPersona, generateRuntime, generateAgentsMd, generateCIWorkflow } = await import('@harness-engineering/cli');
-    const filePath = path.join(resolvePersonasDir(), `${input.name}.yaml`);
+    const personasDir = resolvePersonasDir();
+    const filePath = path.join(personasDir, `${input.name}.yaml`);
+    if (!filePath.startsWith(personasDir)) {
+        return resultToMcpResponse(Err(new Error(`Invalid persona path: ${input.name}`)));
+    }
     const personaResult = loadPersona(filePath);
     if (!personaResult.ok)
         return resultToMcpResponse(personaResult);
@@ -81,8 +88,15 @@ export const runPersonaDefinition = {
     },
 };
 export async function handleRunPersona(input) {
+    if (!/^[a-z0-9][a-z0-9._-]*$/i.test(input.persona)) {
+        return resultToMcpResponse(Err(new Error(`Invalid persona name: ${input.persona}`)));
+    }
     const { loadPersona, runPersona, executeSkill } = await import('@harness-engineering/cli');
-    const filePath = path.join(resolvePersonasDir(), `${input.persona}.yaml`);
+    const personasDir = resolvePersonasDir();
+    const filePath = path.join(personasDir, `${input.persona}.yaml`);
+    if (!filePath.startsWith(personasDir)) {
+        return resultToMcpResponse(Err(new Error(`Invalid persona path: ${input.persona}`)));
+    }
     const personaResult = loadPersona(filePath);
     if (!personaResult.ok)
         return resultToMcpResponse(personaResult);

package/dist/src/tools/skill.js

@@ -24,7 +24,13 @@ export const runSkillDefinition = {
 };
 export async function handleRunSkill(input) {
     const skillsDir = resolveSkillsDir();
+    if (!/^[a-z0-9][a-z0-9._-]*$/i.test(input.skill)) {
+        return resultToMcpResponse(Err(new Error(`Invalid skill name: ${input.skill}`)));
+    }
     const skillDir = path.join(skillsDir, input.skill);
+    if (!skillDir.startsWith(skillsDir)) {
+        return resultToMcpResponse(Err(new Error(`Invalid skill path: ${input.skill}`)));
+    }
     if (!fs.existsSync(skillDir)) {
         return resultToMcpResponse(Err(new Error(`Skill not found: ${input.skill}`)));
     }

package/package.json

@@ -1,14 +1,14 @@
 {
   "name": "@harness-engineering/mcp-server",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "description": "MCP server for Harness Engineering toolkit",
   "type": "module",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
+  "main": "./dist/src/index.js",
+  "types": "./dist/src/index.d.ts",
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
+      "types": "./dist/src/index.d.ts",
+      "import": "./dist/src/index.js"
     }
   },
   "bin": {
@@ -24,15 +24,15 @@
     "yaml": "^2.3.0",
     "handlebars": "^4.7.0",
     "@harness-engineering/core": "0.8.0",
-    "@harness-engineering/cli": "1.6.2",
-    "@harness-engineering/graph": "0.2.1",
-    "@harness-engineering/linter-gen": "0.1.0",
-    "@harness-engineering/types": "0.1.0"
+    "@harness-engineering/graph": "0.2.2",
+    "@harness-engineering/types": "0.1.0",
+    "@harness-engineering/cli": "1.7.0",
+    "@harness-engineering/linter-gen": "0.1.1"
   },
   "devDependencies": {
-    "@types/node": "^20.0.0",
-    "typescript": "^5.0.0",
-    "vitest": "^2.0.0"
+    "@types/node": "^22.0.0",
+    "typescript": "^5.3.3",
+    "vitest": "^4.0.18"
   },
   "license": "MIT",
   "publishConfig": {