@harusame64/desktop-touch-mcp 1.10.2 → 1.10.3

package/README.ja.md

@@ -59,6 +59,21 @@ npm ランチャーは npm package version に厳密に対応する runtime だ
 
 キャッシュの保存先は `DESKTOP_TOUCH_MCP_HOME` で変更できます。
 
+> **共有ネットワークや CI 環境の場合:** 初回起動時に GitHub Releases API を参照して
+> runtime zip を探します。匿名アクセスの上限は IP あたり 60 回/時で、共有グローバル IP
+> （CI ランナー、オフィスの NAT など）ではダウンロード開始前に枯渇することがあります。
+> 環境変数に `GITHUB_TOKEN`（または `GH_TOKEN`）を設定すると API 呼び出しが認証され、
+> 上限が 5,000 回/時に上がります。通常の家庭回線ではトークンは不要です。
+
+> **ソースチェックアウトから launcher を実行する場合:** ソースビルドの
+> `bin/launcher.js` は確定済みの整合性ハッシュではなくプレースホルダ
+> （`sha256: "PENDING"`）を持ちます。検証できない runtime をダウンロードして実行する
+> 代わりに launcher は fail-closed で停止し、誤って publish された／未確定の launcher が
+> 検証されていないコードを黙って起動するのを防ぎます。publish 済みの npm リリースは
+> 常に本物の SHA256 を同梱するため、利用者がこの状態に遭遇することはありません。
+> 意図的にソースから launcher を実行する場合は `DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED=1`
+> を設定すると整合性検証をスキップできます（開発用途のみ）。
+
 ### Claude CLI への登録
 
 `~/.claude.json` の `mcpServers` に追加：

package/README.md

@@ -60,6 +60,23 @@ The npm launcher resolves runtime strictly by npm package version. For package `
 
 Set `DESKTOP_TOUCH_MCP_HOME` to override the cache root directory.
 
+> **On a shared or CI network?** The first run reads the GitHub Releases API to
+> locate the runtime zip. The anonymous limit is 60 requests/hour per IP, which a
+> shared public address (CI runners, office NAT) can exhaust before your download
+> even starts. Set `GITHUB_TOKEN` (or `GH_TOKEN`) in the environment and the
+> launcher authenticates the request, raising the limit to 5,000 requests/hour.
+> No token is needed on an ordinary home connection.
+
+> **Running the launcher from a source checkout?** A source build's
+> `bin/launcher.js` carries a placeholder integrity hash (`sha256: "PENDING"`)
+> instead of a finalized one. Rather than download and run an unverified runtime,
+> the launcher fails closed — this guard stops an accidentally published or
+> unfinalized launcher from silently starting unverified code. Published npm
+> releases always ship a real SHA256, so end users never see this. If you are
+> intentionally running the launcher from source, set
+> `DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED=1` to skip integrity verification
+> (development only).
+
 ### Register with Claude CLI
 
 Add to `~/.claude.json` under `mcpServers`:

package/bin/launcher.js

@@ -18,15 +18,15 @@ import path from "node:path";
 import { Readable } from "node:stream";
 import { pipeline } from "node:stream/promises";
 
-const PACKAGE_VERSION = "1.10.2";
+const PACKAGE_VERSION = "1.10.3";
 const RELEASE_TAG = `v${PACKAGE_VERSION}`;
 const REPO_API_URL = `https://api.github.com/repos/Harusame64/desktop-touch-mcp/releases/tags/${RELEASE_TAG}`;
 const ASSET_NAME = "desktop-touch-mcp-windows.zip";
 const RELEASE_METADATA_FILE = ".desktop-touch-release.json";
 const RELEASE_MANIFEST = {
-  tagName: "v1.10.2",
+  tagName: "v1.10.3",
   assetName: ASSET_NAME,
-  sha256: "178e05165da8fe087509cf00c0ef2754ce2a1d9169aa7efa53a14624c620726a",
+  sha256: "940b518d92f7678d02289560bddd68f34e8813e76ab5d051feb0da31d6865cf1",
 };
 const CACHE_ROOT = process.env.DESKTOP_TOUCH_MCP_HOME
   ? path.resolve(process.env.DESKTOP_TOUCH_MCP_HOME)
@@ -38,11 +38,49 @@ function log(message) {
   console.error(`[desktop-touch-mcp] ${message}`);
 }
 
+function warn(message) {
+  console.error(`[desktop-touch-mcp] WARNING: ${message}`);
+}
+
 function fail(message) {
   console.error(`[desktop-touch-mcp] ${message}`);
   process.exit(1);
 }
 
+/**
+ * Opt-in escape hatch for running the launcher from a source tree whose
+ * RELEASE_MANIFEST.sha256 is still the "PENDING" placeholder (i.e. the
+ * release workflow has not finalized the manifest). Published npm packages
+ * always ship a real SHA256, so end users never need this.
+ */
+function allowUnverifiedRelease() {
+  return process.env.DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED === "1";
+}
+
+/**
+ * Reads the GitHub token from the environment.
+ * Supports both GITHUB_TOKEN (GitHub Actions standard) and GH_TOKEN (gh CLI).
+ */
+function getGitHubToken() {
+  return process.env.GITHUB_TOKEN || process.env.GH_TOKEN || null;
+}
+
+/**
+ * Returns headers for GitHub API and release download requests.
+ * Includes Authorization when a token is available to avoid rate limits.
+ */
+function getGitHubHeaders(extra = {}) {
+  const headers = {
+    "User-Agent": "desktop-touch-mcp-launcher",
+    ...extra,
+  };
+  const token = getGitHubToken();
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
+  return headers;
+}
+
 export function isDisconnectError(error) {
   return error?.code === "EPIPE" || error?.code === "ERR_STREAM_DESTROYED";
 }
@@ -130,13 +168,29 @@ function expectedReleaseSpec() {
   if (!RELEASE_MANIFEST.sha256 || RELEASE_MANIFEST.assetName !== ASSET_NAME) {
     throw new Error(`Missing release manifest for ${RELEASE_TAG}`);
   }
-  if (!/^[a-f0-9]{64}$/i.test(RELEASE_MANIFEST.sha256)) {
+  // "PENDING" is the pre-release placeholder set in source. The release
+  // workflow (scripts/update-sha.mjs) replaces it with the real zip SHA256
+  // before npm publish, so a PENDING manifest at runtime means this launcher
+  // was not finalized — fail closed by default so an accidentally published
+  // launcher can never silently run an unverified runtime zip. Developers
+  // running straight from source can opt in to skipping verification with
+  // DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED=1.
+  const isPending = RELEASE_MANIFEST.sha256 === "PENDING";
+  if (isPending && !allowUnverifiedRelease()) {
+    throw new Error(
+      `Release SHA256 manifest for ${RELEASE_TAG} is PENDING — this launcher was not finalized by the release workflow. ` +
+      `Published npm packages always ship a real SHA256. If you are intentionally running the launcher from source, ` +
+      `set DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED=1 to skip integrity verification (development only).`
+    );
+  }
+  if (!isPending && !/^[a-f0-9]{64}$/i.test(RELEASE_MANIFEST.sha256)) {
     throw new Error(`Invalid release SHA256 manifest for ${RELEASE_TAG}`);
   }
   return {
     tagName: RELEASE_MANIFEST.tagName,
     assetName: RELEASE_MANIFEST.assetName,
-    sha256: String(RELEASE_MANIFEST.sha256).toLowerCase(),
+    sha256: isPending ? null : String(RELEASE_MANIFEST.sha256).toLowerCase(),
+    sha256Pending: isPending,
   };
 }
 
@@ -153,11 +207,12 @@ async function isInstalled(releaseDir, expected) {
   if (!existsSync(path.join(releaseDir, "dist", "index.js"))) return false;
   const metadata = await readReleaseMetadata(releaseDir);
   if (!metadata) return false;
-  return (
-    metadata.tagName === expected.tagName &&
-    metadata.assetName === expected.assetName &&
-    String(metadata.sha256 || "").toLowerCase() === expected.sha256
-  );
+  if (metadata.tagName !== expected.tagName || metadata.assetName !== expected.assetName) return false;
+  // Skip SHA256 check when the manifest is still PENDING.
+  if (expected.sha256 !== null) {
+    if (String(metadata.sha256 || "").toLowerCase() !== expected.sha256) return false;
+  }
+  return true;
 }
 
 async function readCurrentRelease(expected) {
@@ -167,7 +222,7 @@ async function readCurrentRelease(expected) {
     if (typeof parsed?.tagName !== "string") return null;
     if (parsed.tagName !== expected.tagName) return null;
     if (parsed.assetName !== expected.assetName) return null;
-    if (String(parsed.sha256 || "").toLowerCase() !== expected.sha256) return null;
+    if (expected.sha256 !== null && String(parsed.sha256 || "").toLowerCase() !== expected.sha256) return null;
     const releaseDir = releaseDirForTag(parsed.tagName);
     if (!(await isInstalled(releaseDir, expected))) return null;
     return { tagName: parsed.tagName, releaseDir };
@@ -195,10 +250,9 @@ async function writeCurrentRelease(expected) {
 
 async function fetchReleaseByTag(expected) {
   const response = await fetch(REPO_API_URL, {
-    headers: {
+    headers: getGitHubHeaders({
       "Accept": "application/vnd.github+json",
-      "User-Agent": "desktop-touch-mcp-launcher",
-    },
+    }),
   });
 
   if (!response.ok) {
@@ -249,9 +303,7 @@ async function verifySha256(filePath, expectedSha256) {
 
 async function downloadFile(url, destination) {
   const response = await fetch(url, {
-    headers: {
-      "User-Agent": "desktop-touch-mcp-launcher",
-    },
+    headers: getGitHubHeaders(),
   });
 
   if (!response.ok) {
@@ -314,7 +366,12 @@ async function installRelease(release, expected) {
   try {
     log(`Downloading ${ASSET_NAME} from ${release.tagName}`);
     await downloadFile(release.assetUrl, zipPath);
-    await verifySha256(zipPath, expected.sha256);
+    if (expected.sha256 !== null) {
+      await verifySha256(zipPath, expected.sha256);
+    } else {
+      warn("SHA256 manifest is PENDING and DESKTOP_TOUCH_MCP_ALLOW_UNVERIFIED=1 is set — " +
+           "skipping integrity verification of the downloaded zip. Development use only.");
+    }
     await mkdir(extractDir, { recursive: true });
     await expandZip(zipPath, extractDir);
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@harusame64/desktop-touch-mcp",
-  "version": "1.10.2",
+  "version": "1.10.3",
   "mcpName": "io.github.Harusame64/desktop-touch-mcp",
   "description": "Let Claude, Cursor, or any MCP client see and operate your Windows 10/11 desktop. 29 tools for screenshots, UI Automation, Chrome CDP, keyboard/mouse, terminal, with semantic discover-then-act targeting and per-action perception guards that avoid wrong-window typing and stale-coordinate clicks.",
   "keywords": [
@@ -107,7 +107,7 @@
     "@modelcontextprotocol/sdk": "^1.10.0",
     "@napi-rs/cli": "^3.7.0",
     "@nut-tree-fork/nut-js": "^4.2.6",
-    "@types/node": "^25.9.1",
+    "@types/node": "^25.9.2",
     "@types/ws": "^8.18.1",
     "eslint": "^10.4.1",
     "fast-check": "^4.8.0",