@jagilber-org/index-server 1.22.0 → 1.26.1

package/dist/dashboard/server/routes/metrics.routes.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createMetricsRoutes = createMetricsRoutes;
 const express_1 = require("express");
 const registry_js_1 = require("../../../server/registry.js");
+const logger_js_1 = require("../../../services/logger.js");
 function createMetricsRoutes(metricsCollector) {
     const router = (0, express_1.Router)();
     /**
@@ -36,7 +37,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Tools error:', error);
+            (0, logger_js_1.logError)('[API] Tools error:', error);
             res.status(500).json({
                 error: 'Failed to get tools list',
             });
@@ -51,7 +52,7 @@ function createMetricsRoutes(metricsCollector) {
             res.json(snapshot);
         }
         catch (error) {
-            console.error('[API] Metrics error:', error);
+            (0, logger_js_1.logError)('[API] Metrics error:', error);
             res.status(500).json({
                 error: 'Failed to get metrics',
             });
@@ -71,7 +72,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Metrics history error:', error);
+            (0, logger_js_1.logError)('[API] Metrics history error:', error);
             res.status(500).json({
                 error: 'Failed to get metrics history',
             });
@@ -97,7 +98,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Tool metrics error:', error);
+            (0, logger_js_1.logError)('[API] Tool metrics error:', error);
             res.status(500).json({
                 error: 'Failed to get tool metrics',
             });
@@ -121,7 +122,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Performance error:', error);
+            (0, logger_js_1.logError)('[API] Performance error:', error);
             res.status(500).json({
                 error: 'Failed to get performance metrics',
             });
@@ -140,7 +141,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Realtime metrics error:', error);
+            (0, logger_js_1.logError)('[API] Realtime metrics error:', error);
             res.status(500).json({
                 error: 'Failed to get realtime metrics',
             });
@@ -159,7 +160,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Streaming data error:', error);
+            (0, logger_js_1.logError)('[API] Streaming data error:', error);
             res.status(500).json({
                 error: 'Failed to get streaming data',
             });
@@ -181,7 +182,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Tool usage chart error:', error);
+            (0, logger_js_1.logError)('[API] Tool usage chart error:', error);
             res.status(500).json({
                 error: 'Failed to get tool usage chart data',
             });
@@ -203,7 +204,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Performance chart error:', error);
+            (0, logger_js_1.logError)('[API] Performance chart error:', error);
             res.status(500).json({
                 error: 'Failed to get performance chart data',
             });
@@ -234,7 +235,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Time range chart error:', error);
+            (0, logger_js_1.logError)('[API] Time range chart error:', error);
             res.status(500).json({
                 error: 'Failed to get time range data',
             });
@@ -274,7 +275,7 @@ function createMetricsRoutes(metricsCollector) {
             }
         }
         catch (error) {
-            console.error('[API] Chart export error:', error);
+            (0, logger_js_1.logError)('[API] Chart export error:', error);
             res.status(500).json({
                 error: 'Failed to export chart data',
             });
@@ -307,7 +308,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (err) {
-            console.error('[API] Performance detailed error:', err);
+            (0, logger_js_1.logError)('[API] Performance detailed error:', err);
             res.status(500).json({ success: false, error: 'Failed to compute performance metrics' });
         }
     });
@@ -325,7 +326,7 @@ function createMetricsRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Advanced analytics error:', error);
+            (0, logger_js_1.logError)('[API] Advanced analytics error:', error);
             res.status(500).json({
                 error: 'Failed to get advanced analytics',
             });

package/dist/dashboard/server/routes/scripts.routes.js

@@ -14,6 +14,7 @@ exports.createScriptsRoutes = createScriptsRoutes;
 const express_1 = require("express");
 const promises_1 = require("fs/promises");
 const path_1 = __importDefault(require("path"));
+const pathContainment_js_1 = require("../utils/pathContainment.js");
 /** Allowed script files with metadata */
 const AVAILABLE_SCRIPTS = {
     'index-server-client.ps1': {
@@ -58,9 +59,11 @@ function createScriptsRoutes() {
         try {
             const scriptsDir = path_1.default.join(process.cwd(), 'scripts');
             const filePath = path_1.default.join(scriptsDir, meta.file); // nosemgrep: javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal -- path validated below via startsWith check
-            // Verify resolved path is within scripts directory (defense in depth)
-            const resolved = path_1.default.resolve(filePath); // nosemgrep: javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal -- resolved path checked against scriptsDir on next line
-            if (!resolved.startsWith(path_1.default.resolve(scriptsDir))) {
+            let resolved;
+            try {
+                resolved = (0, pathContainment_js_1.validatePathContainment)(path_1.default.resolve(filePath), scriptsDir); // nosemgrep: javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal -- containment validated by shared helper
+            }
+            catch {
                 res.status(400).json({ error: 'Invalid script path' });
                 return;
             }

package/dist/dashboard/server/routes/status.routes.js

@@ -13,12 +13,15 @@ const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const v8_1 = __importDefault(require("v8"));
 const runtimeConfig_js_1 = require("../../../config/runtimeConfig.js");
+const logger_js_1 = require("../../../services/logger.js");
 /** Derive short git commit (best-effort; never throws) */
 function getGitCommit() {
     try {
         const head = path_1.default.join(process.cwd(), '.git', 'HEAD');
-        if (!fs_1.default.existsSync(head))
-            return null;
+        if (!fs_1.default.existsSync(head)) {
+            // Fallback: read from deployment-manifest.json (local deploy without .git)
+            return getDeployManifestField('gitCommit');
+        }
         let ref = fs_1.default.readFileSync(head, 'utf8').trim();
         if (ref.startsWith('ref:')) {
             const refPath = path_1.default.join(process.cwd(), '.git', ref.split(' ')[1]);
@@ -40,6 +43,22 @@ function getBuildTime() {
             const stat = fs_1.default.statSync(candidate);
             return new Date(stat.mtimeMs).toISOString();
         }
+        // Fallback: read from deployment-manifest.json (local deploy)
+        return getDeployManifestField('deployedAt');
+    }
+    catch { /* ignore */ }
+    return null;
+}
+/** Read a top-level field from deployment-manifest.json (written by deploy-local.ps1) */
+function getDeployManifestField(field) {
+    try {
+        const manifestPath = path_1.default.join(process.cwd(), 'deployment-manifest.json');
+        if (fs_1.default.existsSync(manifestPath)) {
+            const manifest = JSON.parse(fs_1.default.readFileSync(manifestPath, 'utf8'));
+            const value = manifest?.[field];
+            if (typeof value === 'string' && value && !value.startsWith('<'))
+                return value.substring(0, 64);
+        }
     }
     catch { /* ignore */ }
     return null;
@@ -69,7 +88,7 @@ function createStatusRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Status error:', error);
+            (0, logger_js_1.logError)('[API] Status error:', error);
             res.status(500).json({
                 error: 'Failed to get server status',
             });
@@ -124,7 +143,7 @@ function createStatusRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Health check error:', error);
+            (0, logger_js_1.logError)('[API] Health check error:', error);
             res.status(500).json({
                 status: 'error',
                 error: 'Health check failed',
@@ -145,7 +164,7 @@ function createStatusRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] System health error:', error);
+            (0, logger_js_1.logError)('[API] System health error:', error);
             res.status(500).json({
                 error: 'Failed to get system health',
             });
@@ -168,7 +187,7 @@ function createStatusRoutes(metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] System resources error:', error);
+            (0, logger_js_1.logError)('[API] System resources error:', error);
             res.status(500).json({
                 success: false,
                 error: 'Failed to get system resource history',

package/dist/dashboard/server/routes/synthetic.routes.js

@@ -9,6 +9,7 @@ const express_1 = require("express");
 const registry_js_1 = require("../../../server/registry.js");
 const WebSocketManager_js_1 = require("../WebSocketManager.js");
 const adminAuth_js_1 = require("./adminAuth.js");
+const logger_js_1 = require("../../../services/logger.js");
 function createSyntheticRoutes(_metricsCollector) {
     const router = (0, express_1.Router)();
     router.use(adminAuth_js_1.dashboardAdminAuth);
@@ -72,7 +73,7 @@ function createSyntheticRoutes(_metricsCollector) {
                 if (!available.includes(method))
                     return;
                 const payload = picked[1];
-                const handler = (0, registry_js_1.getLocalHandler)(method);
+                const handler = (0, registry_js_1.getHandler)(method);
                 const started = Date.now();
                 try {
                     syntheticActiveRequests++;
@@ -171,7 +172,7 @@ function createSyntheticRoutes(_metricsCollector) {
             });
         }
         catch (error) {
-            console.error('[API] Synthetic activity error:', error);
+            (0, logger_js_1.logError)('[API] Synthetic activity error:', error);
             res.status(500).json({
                 success: false,
                 error: 'Failed to run synthetic activity',

package/dist/dashboard/server/routes/usage.routes.js

@@ -7,6 +7,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createUsageRoutes = createUsageRoutes;
 const express_1 = require("express");
 const indexContext_js_1 = require("../../../services/indexContext.js");
+const logger_js_1 = require("../../../services/logger.js");
 function createUsageRoutes() {
     const router = (0, express_1.Router)();
     /**
@@ -18,7 +19,7 @@ function createUsageRoutes() {
             res.json({ success: true, snapshot: snap, count: Object.keys(snap).length, timestamp: Date.now() });
         }
         catch (error) {
-            console.error('[API] Failed to load usage snapshot:', error);
+            (0, logger_js_1.logError)('[API] Failed to load usage snapshot:', error);
             res.status(500).json({ success: false, error: 'Failed to load usage snapshot' });
         }
     });

package/dist/dashboard/server/utils/escapeHtml.d.ts

@@ -0,0 +1 @@
+export declare function escapeHtml(value: string): string;

package/dist/dashboard/server/utils/escapeHtml.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.escapeHtml = escapeHtml;
+function escapeHtml(value) {
+    return value
+        .replace(/&/g, '&')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}

package/dist/dashboard/server/utils/pathContainment.d.ts

@@ -0,0 +1 @@
+export declare function validatePathContainment(filePath: string, allowedBase: string): string;

package/dist/dashboard/server/utils/pathContainment.js

@@ -0,0 +1,15 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validatePathContainment = validatePathContainment;
+const node_path_1 = __importDefault(require("node:path"));
+function validatePathContainment(filePath, allowedBase) {
+    const resolvedBase = node_path_1.default.resolve(allowedBase);
+    const resolvedFile = node_path_1.default.resolve(filePath);
+    if (resolvedFile === resolvedBase || resolvedFile.startsWith(resolvedBase + node_path_1.default.sep)) {
+        return resolvedFile;
+    }
+    throw new Error(`Path escapes allowed base: ${resolvedFile}`);
+}

package/dist/dashboard/server/wsInit.js

@@ -6,6 +6,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.initWebSocket = initWebSocket;
 exports.startMetricsBroadcast = startMetricsBroadcast;
+const logger_js_1 = require("../../services/logger.js");
 /** Attaches the WebSocket server to an existing HTTP/HTTPS server instance. */
 function initWebSocket(server, wsManager) {
     wsManager.initialize(server);
@@ -28,8 +29,7 @@ function startMetricsBroadcast(wsManager, metricsCollector, intervalMs) {
             });
         }
         catch (e) {
-            // eslint-disable-next-line no-console
-            console.error('[Dashboard] metrics broadcast failed', e);
+            (0, logger_js_1.logError)('[Dashboard] metrics broadcast failed', e);
         }
     }, safeInterval);
 }

package/dist/lib/mcpStdioLogging.d.ts

@@ -0,0 +1,165 @@
+/**
+ * mcpStdioLogging — Generic MCP stdio transport logging solution.
+ *
+ * Drop-in module for ANY MCP server using stdio transport that wants proper
+ * log-level display in VS Code (or any MCP client that reads stderr).
+ *
+ * ## Problem
+ *
+ * VS Code's MCP host (`extHostMcpNode.ts`) hardcodes ALL stderr output as
+ * `LogLevel.Warning` with prefix `[server stderr]`. There is no configuration,
+ * no level detection, no opt-out. Every byte on stderr becomes a warning.
+ *
+ * The MCP protocol provides `notifications/message` with a `level` field.
+ * VS Code's `translateMcpLogMessage()` correctly maps those levels to proper
+ * log output (debug, info, warning, error). Other clients (Claude Desktop,
+ * Cursor, etc.) also respect `notifications/message` levels.
+ *
+ * ## Solution
+ *
+ * 1. Intercept `process.stderr.write` at module import time (before any other
+ *    module can write to stderr).
+ * 2. Buffer all pre-handshake stderr lines in memory.
+ * 3. After the MCP handshake completes, replay the buffer through
+ *    `server.sendLoggingMessage()` and route all future stderr the same way.
+ * 4. Infer severity from content (NDJSON level field, keyword patterns).
+ * 5. On transport failure, deactivate and restore original stderr.
+ *
+ * ## Usage (3 steps)
+ *
+ * ```typescript
+ * // 1. Import FIRST — before any module that writes to stderr
+ * import { McpStdioLogger } from './lib/mcpStdioLogging';
+ * const logger = new McpStdioLogger({ serverName: 'my-server' });
+ *
+ * // 2. After creating the MCP SDK server, register it
+ * const server = new Server({ name: 'my-server', version }, { capabilities: { logging: {} } });
+ * logger.registerServer(server);
+ *
+ * // 3. After the handshake completes (initialize response sent), activate
+ * logger.activate();
+ * ```
+ *
+ * ## Requirements
+ *
+ * - Server must declare `logging: {}` in capabilities so clients know to
+ *   accept `notifications/message`.
+ * - Server object must have `sendLoggingMessage({ level, logger?, data })`.
+ * - Module must be imported before `logPrefix` or any other stderr-producing module.
+ *
+ * @module mcpStdioLogging
+ */
+/** MCP LoggingLevel values (RFC 5424 syslog mapping used by the MCP spec). */
+export type McpLoggingLevel = 'debug' | 'info' | 'notice' | 'warning' | 'error' | 'critical' | 'alert' | 'emergency';
+/** Minimal interface for the MCP SDK server's logging method. */
+export interface McpLoggable {
+    sendLoggingMessage(params: {
+        level: McpLoggingLevel;
+        logger?: string;
+        data: unknown;
+    }): void;
+}
+/** Configuration options for McpStdioLogger. */
+export interface McpStdioLoggerOptions {
+    /**
+     * Name shown in the `logger` field of MCP notifications/message.
+     * Typically matches the server name (e.g., 'index-server', 'my-tool').
+     * @default 'mcp-server'
+     */
+    serverName?: string;
+    /**
+     * Maximum number of lines to buffer before the handshake completes.
+     * Prevents unbounded memory growth if activation never happens.
+     * Oldest lines are discarded when the limit is reached.
+     * @default 500
+     */
+    maxBufferSize?: number;
+    /**
+     * Custom level inference function. Given a raw stderr line, return the
+     * MCP logging level. If not provided, the built-in heuristic is used
+     * (checks NDJSON `"level"` field, then keyword patterns).
+     */
+    inferLevel?: (line: string) => McpLoggingLevel;
+    /**
+     * If true, start intercepting stderr immediately on construction.
+     * If false, you must call `interceptStderr()` manually.
+     * @default true
+     */
+    interceptImmediately?: boolean;
+}
+/**
+ * Infer MCP logging level from a raw stderr line.
+ *
+ * Priority:
+ * 1. NDJSON with `"level"` field → map to MCP level
+ * 2. Keyword patterns (ERROR, WARN, DEBUG, trace) → corresponding level
+ * 3. Default → 'info'
+ */
+export declare function defaultInferLevel(line: string): McpLoggingLevel;
+/**
+ * Manages stderr interception, buffering, and MCP protocol log routing
+ * for any MCP server using stdio transport.
+ *
+ * Designed to be instantiated once, as early as possible in the server's
+ * entry point, before any module writes to stderr.
+ */
+export declare class McpStdioLogger {
+    private _server;
+    private _active;
+    private _intercepting;
+    private readonly _buffer;
+    private readonly _originalStderrWrite;
+    private readonly _serverName;
+    private readonly _maxBufferSize;
+    private readonly _inferLevel;
+    constructor(options?: McpStdioLoggerOptions);
+    /**
+     * Start intercepting process.stderr.write.
+     * Called automatically on construction unless `interceptImmediately: false`.
+     * Safe to call multiple times (idempotent).
+     */
+    interceptStderr(): void;
+    /**
+     * Register the MCP SDK server instance.
+     * Must be called after server creation but before activation.
+     * The server must have a `sendLoggingMessage()` method.
+     */
+    registerServer(server: McpLoggable): void;
+    /**
+     * Activate the bridge: replay buffered stderr and route all future
+     * output through `server.sendLoggingMessage()`.
+     *
+     * Call this after the MCP handshake completes (initialize response sent).
+     * No-op if server is not registered or lacks sendLoggingMessage.
+     */
+    activate(): void;
+    /**
+     * Returns true when the bridge is active and logs route through MCP protocol.
+     */
+    get isActive(): boolean;
+    /**
+     * Send a structured log message through the MCP protocol.
+     * Use this from your application logger instead of console.error/stderr.
+     * No-op if the bridge is not active.
+     *
+     * @param level - MCP logging level
+     * @param data  - Log payload (string or object)
+     */
+    log(level: McpLoggingLevel, data: unknown): void;
+    /**
+     * Write directly to the ORIGINAL process.stderr, bypassing the interceptor.
+     * Use this when you need stderr output visible to VS Code's Output panel
+     * without triggering the MCP routing/buffering pipeline.
+     */
+    writeOriginalStderr(data: string): void;
+    /**
+     * Restore original stderr and deactivate the bridge.
+     * Useful for testing cleanup or graceful shutdown.
+     */
+    restore(): void;
+    /**
+     * Get the number of currently buffered lines (pre-handshake).
+     */
+    get bufferSize(): number;
+    private _replayBuffer;
+}