npm - @liangshanli/mcp-server-project-standards - Versions diffs - 1.0.0 → 1.1.0 - Mend

@liangshanli/mcp-server-project-standards 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -2,6 +2,43 @@
 A MCP (Model Context Protocol) server for project standards management, designed for AI-assisted development to help teams maintain unified development standards and specifications across multiple machines.
+## 📋 Version Updates
+### v1.1.0 (2024-12-19)
+#### 🆕 New Features
+- **API Debug Tool Environment Variable Support**:
+  - `API_DEBUG_ALLOWED_METHODS` - Control allowed request methods (default: GET)
+  - `API_DEBUG_LOGIN_URL` - Set login API URL (default: /api/login)
+  - `API_DEBUG_LOGIN_METHOD` - Set login request method (default: POST)
+  - `API_DEBUG_LOGIN_BODY` - Set login request body (default: {"username":"","password":""})
+  - `API_DEBUG_LOGIN_DESCRIPTION` - Set login API description (default: Save returned token to common headers in debug tool, field name Authorization, field value Bearer token)
+#### 🔧 Feature Improvements
+- **Smart Login API Recognition**:
+  - Support for full URL and relative path matching
+  - Automatic login API recognition using environment variable configuration
+  - Non-login APIs strictly follow allowed method restrictions
+- **Error Handling Optimization**:
+  - Only request-related errors are saved to api.json
+  - Method validation errors don't pollute execution records
+  - More precise error classification and handling
+- **Dynamic Tool Description**:
+  - Display login authentication information based on environment variable configuration
+  - Real-time display of allowed request methods and usage instructions
+#### 🛡️ Security Enhancements
+- **Request Method Restrictions**: Default only allows GET requests to prevent accidental operations
+- **Login API Exception**: Login APIs can use methods configured in environment variables
+- **Flexible Configuration**: Can open more request methods as needed
+#### 📚 Documentation Updates
+- Added environment variable configuration instructions
+- Updated API debug tool usage guide
+- Improved login authentication flow documentation
 ## 🚀 Core Advantages
 ### 🎯 Solving Multi-Machine Development Chaos
@@ -73,9 +110,14 @@ The server uses the `./.setting/` directory to store configuration files by defa
 ### Environment Variables
-| Variable | Default | Description |
-|----------|---------|-------------|
-| CONFIG_DIR | ./.setting | Configuration file directory (contains config.json and api.json) |
+| Variable | Default | Description | Example |
+|----------|---------|-------------|---------|
+| CONFIG_DIR | ./.setting | Configuration file directory (contains config.json and api.json) | `export CONFIG_DIR="./config"` |
+| API_DEBUG_ALLOWED_METHODS | GET | Control allowed request methods (supports: GET,POST,PUT,DELETE,PATCH, etc.) | `export API_DEBUG_ALLOWED_METHODS="GET,POST"` |
+| API_DEBUG_LOGIN_URL | /api/login | Set login API URL | `export API_DEBUG_LOGIN_URL="/api/auth/login"` |
+| API_DEBUG_LOGIN_METHOD | POST | Set login request method | `export API_DEBUG_LOGIN_METHOD="POST"` |
+| API_DEBUG_LOGIN_BODY | {"username":"","password":""} | Set login request body | `export API_DEBUG_LOGIN_BODY='{"mobile":"","password":""}'` |
+| API_DEBUG_LOGIN_DESCRIPTION | Save returned token to common headers in debug tool, field name Authorization, field value Bearer token | Set login API description | `export API_DEBUG_LOGIN_DESCRIPTION="User Login API"` |
 ### Configuration Files
@@ -166,7 +208,12 @@ npm run dev
       "command": "npx",
       "args": ["@liangshanli/mcp-server-project-standards"],
       "env": {
-        "CONFIG_DIR": "./.setting"
+        "CONFIG_DIR": "./.setting",
+        "API_DEBUG_ALLOWED_METHODS": "GET,POST,PUT,DELETE",
+        "API_DEBUG_LOGIN_URL": "/api/login",
+        "API_DEBUG_LOGIN_METHOD": "POST",
+        "API_DEBUG_LOGIN_BODY": "{\"username\":\"\",\"password\":\"\"}",
+        "API_DEBUG_LOGIN_DESCRIPTION": "Save returned token to common headers in debug tool, field name Authorization, field value Bearer token"
       }
     }
   }
@@ -185,7 +232,12 @@ npm run dev
       "command": "npx",
       "args": ["@liangshanli/mcp-server-project-standards"],
       "env": {
-        "CONFIG_DIR": "./.setting"
+        "CONFIG_DIR": "./.setting",
+        "API_DEBUG_ALLOWED_METHODS": "GET,POST,PUT,DELETE",
+        "API_DEBUG_LOGIN_URL": "/api/login",
+        "API_DEBUG_LOGIN_METHOD": "POST",
+        "API_DEBUG_LOGIN_BODY": "{\"username\":\"\",\"password\":\"\"}",
+        "API_DEBUG_LOGIN_DESCRIPTION": "Save returned token to common headers in debug tool, field name Authorization, field value Bearer token"
       }
     }
   }

package/README.zh-CN.md CHANGED Viewed

@@ -2,6 +2,43 @@
 一个基于 MCP（Model Context Protocol）协议的项目标准管理工具，专为 AI 辅助开发而设计，帮助团队在多台机器上保持统一的开发标准和规范。
+## 📋 版本更新说明
+### v1.1.0 (2024-12-19)
+#### 🆕 新增功能
+- **API 调试工具环境变量支持**：
+  - `API_DEBUG_ALLOWED_METHODS` - 控制允许的请求方法（默认：GET，支持：GET,POST,PUT,DELETE,PATCH等）
+  - `API_DEBUG_LOGIN_URL` - 设置登录接口 URL（默认：/api/login）
+  - `API_DEBUG_LOGIN_METHOD` - 设置登录请求方法（默认：POST）
+  - `API_DEBUG_LOGIN_BODY` - 设置登录请求体（默认：{"username":"","password":""}）
+  - `API_DEBUG_LOGIN_DESCRIPTION` - 设置登录接口说明（默认：将返回的token保存到调试工具中的公共header，字段名Authorization，字段值是Bearer token）
+#### 🔧 功能优化
+- **登录接口智能识别**：
+  - 支持完整 URL 和相对路径匹配
+  - 自动识别登录接口并使用环境变量配置
+  - 非登录接口严格遵循允许的方法限制
+- **错误处理优化**：
+  - 只有请求相关错误才保存到 api.json
+  - 方法验证错误不污染执行记录
+  - 更精确的错误分类和处理
+- **工具描述动态显示**：
+  - 根据环境变量配置显示登录认证信息
+  - 实时显示允许的请求方法和使用说明
+#### 🛡️ 安全增强
+- **请求方法限制**：默认只允许 GET 请求，防止误操作
+- **登录接口例外**：登录接口可使用环境变量中配置的方法
+- **灵活配置**：可根据需要开放更多请求方法
+#### 📚 文档更新
+- 添加了环境变量配置说明
+- 更新了 API 调试工具使用指南
+- 完善了登录认证流程文档
 ## 🚀 核心优势
 ### 🎯 解决多机器开发混乱问题
@@ -73,9 +110,14 @@ npm install
 ### 环境变量
-| 变量名 | 默认值 | 描述 |
-|--------|--------|------|
-| CONFIG_DIR | ./.setting | 配置文件目录（包含 config.json 和 api.json） |
+| 变量名 | 默认值 | 描述 | 示例 |
+|--------|--------|------|------|
+| CONFIG_DIR | ./.setting | 配置文件目录（包含 config.json 和 api.json） | `export CONFIG_DIR="./config"` |
+| API_DEBUG_ALLOWED_METHODS | GET | 控制允许的请求方法（支持：GET,POST,PUT,DELETE,PATCH等） | `export API_DEBUG_ALLOWED_METHODS="GET,POST"` |
+| API_DEBUG_LOGIN_URL | /api/login | 设置登录接口 URL | `export API_DEBUG_LOGIN_URL="/api/auth/login"` |
+| API_DEBUG_LOGIN_METHOD | POST | 设置登录请求方法 | `export API_DEBUG_LOGIN_METHOD="POST"` |
+| API_DEBUG_LOGIN_BODY | {"username":"","password":""} | 设置登录请求体 | `export API_DEBUG_LOGIN_BODY='{"mobile":"","password":""}'` |
+| API_DEBUG_LOGIN_DESCRIPTION | 将返回的token保存到调试工具中的公共header，字段名Authorization，字段值是Bearer token | 设置登录接口说明 | `export API_DEBUG_LOGIN_DESCRIPTION="用户登录接口"` |
 ### 配置文件
@@ -166,7 +208,12 @@ npm run dev
       "command": "npx",
       "args": ["@liangshanli/mcp-server-project-standards"],
       "env": {
-        "CONFIG_DIR": "./.setting"
+        "CONFIG_DIR": "./.setting",
+        "API_DEBUG_ALLOWED_METHODS": "GET,POST,PUT,DELETE",
+        "API_DEBUG_LOGIN_URL": "/api/login",
+        "API_DEBUG_LOGIN_METHOD": "POST",
+        "API_DEBUG_LOGIN_BODY": "{\"username\":\"\",\"password\":\"\"}",
+        "API_DEBUG_LOGIN_DESCRIPTION": "将返回的token保存到调试工具中的公共header，字段名Authorization，字段值是Bearer token"
       }
     }
   }
@@ -185,7 +232,12 @@ npm run dev
       "command": "npx",
       "args": ["@liangshanli/mcp-server-project-standards"],
       "env": {
-        "CONFIG_DIR": "./.setting"
+        "CONFIG_DIR": "./.setting",
+        "API_DEBUG_ALLOWED_METHODS": "GET,POST,PUT,DELETE",
+        "API_DEBUG_LOGIN_URL": "/api/login",
+        "API_DEBUG_LOGIN_METHOD": "POST",
+        "API_DEBUG_LOGIN_BODY": "{\"username\":\"\",\"password\":\"\"}",
+        "API_DEBUG_LOGIN_DESCRIPTION": "将返回的token保存到调试工具中的公共header，字段名Authorization，字段值是Bearer token"
       }
     }
   }
@@ -348,6 +400,10 @@ npm run dev
 - **执行记录**：无论成功失败都记录执行历史
 - **搜索功能**：支持按 URL 或描述搜索 API
 - **参数管理**：支持查询参数、请求体、自定义请求头等
+- **环境变量控制**：通过环境变量控制允许的请求方法和登录接口配置
+- **请求方法限制**：默认只允许 GET 请求，防止误操作
+- **登录接口智能识别**：自动识别登录接口并使用环境变量配置
+- **动态工具描述**：根据环境变量配置实时显示工具说明
 **🔐 特别说明 - 登录认证流程：**

package/bin/cli.js CHANGED Viewed

@@ -28,9 +28,20 @@ function startServer() {
   const env = {
     ...process.env,
     // Set CONFIG_DIR if specified, otherwise use default
-    CONFIG_DIR: process.env.CONFIG_DIR || './.setting'
+    CONFIG_DIR: process.env.CONFIG_DIR || './.setting',
+    // API Debug environment variables
+    API_DEBUG_ALLOWED_METHODS: process.env.API_DEBUG_ALLOWED_METHODS || 'GET',
+    API_DEBUG_LOGIN_URL: process.env.API_DEBUG_LOGIN_URL || '/api/login',
+    API_DEBUG_LOGIN_METHOD: process.env.API_DEBUG_LOGIN_METHOD || 'POST',
+    API_DEBUG_LOGIN_BODY: process.env.API_DEBUG_LOGIN_BODY || '{"username":"","password":""}',
+    API_DEBUG_LOGIN_DESCRIPTION: process.env.API_DEBUG_LOGIN_DESCRIPTION || 'Save returned token to common headers in debug tool, field name Authorization, field value Bearer token'
   };
+  // Convert allowed methods to uppercase if specified
+  if (env.API_DEBUG_ALLOWED_METHODS) {
+    env.API_DEBUG_ALLOWED_METHODS = env.API_DEBUG_ALLOWED_METHODS.toUpperCase();
+  }
   writeLog('INFO', 'Starting MCP Project Standards server');
   server = spawn('node', [serverPath], {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@liangshanli/mcp-server-project-standards",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "MCP Project Standards server with project info, structure, API standards, development standards and custom tools",
   "main": "bin/cli.js",
   "bin": {

package/src/server-final.js CHANGED Viewed

@@ -498,9 +498,40 @@ class ProjectStandardsMCPServer {
               }
             );
+          // 构建 API 调试工具描述
+          let apiDebugDescription = 'API debugging tool for testing and executing API requests';
+          // 检查是否设置了登录接口环境变量
+          const loginUrl = process.env.API_DEBUG_LOGIN_URL;
+          const loginMethod = process.env.API_DEBUG_LOGIN_METHOD;
+          const loginDescription = process.env.API_DEBUG_LOGIN_DESCRIPTION;
+          const allowedMethods = process.env.API_DEBUG_ALLOWED_METHODS;
+          if (loginUrl || loginMethod || allowedMethods) {
+            apiDebugDescription += '\n\n🔐 Login Authentication Configuration:';
+            if (loginUrl) {
+              apiDebugDescription += `\n- Login URL: ${loginUrl}`;
+            }
+            if (loginMethod) {
+              apiDebugDescription += `\n- Login Method: ${loginMethod}`;
+            }
+            if (loginDescription) {
+              apiDebugDescription += `\n- Login Description: ${loginDescription}`;
+            }
+            if (allowedMethods) {
+              apiDebugDescription += `\n- Allowed Methods: ${allowedMethods}`;
+            }
+            apiDebugDescription += '\n\n💡 Usage Instructions:';
+            apiDebugDescription += '\n- Login API automatically uses environment variable configuration';
+            apiDebugDescription += '\n- Non-login APIs must use allowed methods only';
+            apiDebugDescription += '\n- Common request headers are automatically updated after successful login';
+          }
           tools.push({
             name: 'api_debug',
-            description: 'API debugging tool for testing and executing API requests',
+            description: apiDebugDescription,
             inputSchema: {
               type: 'object',
               properties: {

package/src/utils/api_debug.js CHANGED Viewed

@@ -1,6 +1,32 @@
 const fs = require('fs-extra');
 const path = require('path');
+// Get allowed methods from environment variable
+const getAllowedMethods = () => {
+  const allowedMethods = process.env.API_DEBUG_ALLOWED_METHODS || 'GET';
+  return allowedMethods.split(',').map(method => method.trim().toUpperCase());
+};
+// Get login URL from environment variable
+const getLoginUrl = () => {
+  return process.env.API_DEBUG_LOGIN_URL || '/api/login';
+};
+// Get login method from environment variable
+const getLoginMethod = () => {
+  return (process.env.API_DEBUG_LOGIN_METHOD || 'POST').toUpperCase();
+};
+// Get login body from environment variable
+const getLoginBody = () => {
+  return process.env.API_DEBUG_LOGIN_BODY || '{"username":"","password":""}';
+};
+// Get login description from environment variable
+const getLoginDescription = () => {
+  return process.env.API_DEBUG_LOGIN_DESCRIPTION || 'Save returned token to common headers in debug tool, field name Authorization, field value Bearer token';
+};
 // Get API debug config file path
 const getApiConfigPath = () => {
   const configDir = process.env.CONFIG_DIR || './.setting';
@@ -228,6 +254,43 @@ async function api_debug(params, config, saveConfig) {
       const baseUrl = apiDebugConfig.baseUrl || '';
       const commonHeaders = apiDebugConfig.headers || {};
+      // 验证请求方法是否被允许
+      const allowedMethods = getAllowedMethods();
+      const requestMethod = (apiItem.method || 'GET').toUpperCase();
+      const loginUrl = getLoginUrl();
+      // 判断是否为登录接口 - 支持完整 URL 和相对路径匹配
+      const isLoginRequest = (() => {
+        const apiUrl = apiItem.url;
+        const loginUrlPattern = loginUrl;
+        // 如果登录 URL 是完整 URL，提取路径部分进行匹配
+        if (loginUrlPattern.startsWith('http://') || loginUrlPattern.startsWith('https://')) {
+          try {
+            const url = new URL(loginUrlPattern);
+            const loginPath = url.pathname;
+            // 匹配完整路径或去掉前导斜杠的路径
+            return apiUrl === loginPath || apiUrl === loginPath.replace(/^\//, '') || apiUrl === loginUrlPattern;
+          } catch (e) {
+            // 如果 URL 解析失败，回退到字符串匹配
+            return apiUrl === loginUrlPattern;
+          }
+        } else {
+          // 相对路径匹配
+          return apiUrl === loginUrlPattern ||
+                 apiUrl === loginUrlPattern.replace(/^\//, '') ||
+                 apiUrl.endsWith(loginUrlPattern) ||
+                 apiUrl.endsWith(loginUrlPattern.replace(/^\//, ''));
+        }
+      })();
+      if (!allowedMethods.includes(requestMethod)) {
+        // 如果是登录接口，继续执行；否则返回错误
+        if (!isLoginRequest) {
+          throw new Error(`Method ${requestMethod} is not allowed. Allowed methods: ${allowedMethods.join(', ')}`);
+        }
+      }
       // 构建完整 URL
       const fullUrl = baseUrl + apiItem.url;
@@ -291,64 +354,113 @@ async function api_debug(params, config, saveConfig) {
       const finalUrl = queryString ? `${fullUrl}?${queryString}` : fullUrl;
+      let success = true;
       let response;
       let responseData;
       let error = null;
-      let success = true;
+      // 请求处理部分 - 只有这部分出错才会保存到 api.json
       try {
-        // 执行请求
-        response = await fetch(finalUrl, {
-          method: apiItem.method || 'GET',
-          headers: headers,
-          body: body
-        });
-        // 获取响应数据
-        const contentType = response.headers.get('content-type');
+        // 如果是登录接口且方法不被允许，使用环境变量中的登录配置
+        if (isLoginRequest && !allowedMethods.includes(requestMethod)) {
+          const loginMethod = getLoginMethod();
+          const loginBody = getLoginBody();
+          // 更新请求方法和请求体
+          apiItem.method = loginMethod;
+          if (loginBody) {
+            apiItem.body = loginBody;
+          }
+          // 更新最终 URL 和方法
+          const updatedFinalUrl = queryString ? `${fullUrl}?${queryString}` : fullUrl;
+          try {
+            response = await fetch(updatedFinalUrl, {
+              method: loginMethod,
+              headers: headers,
+              body: loginBody
+            });
+          } catch (fetchError) {
+            error = fetchError.message;
+            success = false;
+            response = null;
+          }
+        } else {
+          try {
+            // 执行请求
+            response = await fetch(finalUrl, {
+              method: apiItem.method || 'GET',
+              headers: headers,
+              body: body
+            });
+          } catch (fetchError) {
+            error = fetchError.message;
+            success = false;
+            response = null;
+          }
+        }
-        if (contentType && contentType.includes('application/json')) {
-          responseData = await response.json();
+        if (response) {
+          // 获取响应数据
+          const contentType = response.headers.get('content-type');
+          if (contentType && contentType.includes('application/json')) {
+            responseData = await response.json();
+          } else {
+            responseData = await response.text();
+          }
+          // 判断请求是否成功（HTTP 状态码 200-299 为成功）
+          const isHttpSuccess = response.status >= 200 && response.status < 300;
+          success = isHttpSuccess;
+          // 记录响应信息
+          apiDebugConfig.list[index].data = responseData;
+          apiDebugConfig.list[index].status = response.status;
+          apiDebugConfig.list[index].statusText = response.statusText;
+          apiDebugConfig.list[index].responseHeaders = Object.fromEntries(response.headers.entries());
+          apiDebugConfig.list[index].lastExecuted = new Date().toISOString();
+          apiDebugConfig.list[index].success = isHttpSuccess;
+          apiDebugConfig.list[index].error = isHttpSuccess ? null : `HTTP ${response.status}: ${response.statusText}`;
         } else {
-          responseData = await response.text();
+          // 记录失败信息
+          success = false;
+          apiDebugConfig.list[index].data = null;
+          apiDebugConfig.list[index].status = null;
+          apiDebugConfig.list[index].statusText = null;
+          apiDebugConfig.list[index].responseHeaders = null;
+          apiDebugConfig.list[index].lastExecuted = new Date().toISOString();
+          apiDebugConfig.list[index].success = false;
+          apiDebugConfig.list[index].error = error;
         }
-        // 记录成功信息
-        apiDebugConfig.list[index].data = responseData;
-        apiDebugConfig.list[index].status = response.status;
-        apiDebugConfig.list[index].statusText = response.statusText;
-        apiDebugConfig.list[index].responseHeaders = Object.fromEntries(response.headers.entries());
-        apiDebugConfig.list[index].lastExecuted = new Date().toISOString();
-        apiDebugConfig.list[index].success = true;
-        apiDebugConfig.list[index].error = null;
+        // 去重处理：相同的 URL 只保留一份（保留最新的执行结果）
+        const urlMap = new Map();
+        apiDebugConfig.list.forEach(item => {
+          if (item.url) {
+            urlMap.set(item.url, item);
+          }
+        });
+        apiDebugConfig.list = Array.from(urlMap.values());
-      } catch (fetchError) {
-        // 记录失败信息
-        error = fetchError.message;
-        success = false;
+        // 无论成功还是失败，都保存配置
+        saveApiConfig(apiDebugConfig);
-        apiDebugConfig.list[index].data = null;
-        apiDebugConfig.list[index].status = null;
-        apiDebugConfig.list[index].statusText = null;
-        apiDebugConfig.list[index].responseHeaders = null;
-        apiDebugConfig.list[index].lastExecuted = new Date().toISOString();
-        apiDebugConfig.list[index].success = false;
-        apiDebugConfig.list[index].error = error;
-      }
-      // 去重处理：相同的 URL 只保留一份（保留最新的执行结果）
-      const urlMap = new Map();
-      apiDebugConfig.list.forEach(item => {
-        if (item.url) {
-          urlMap.set(item.url, item);
+      } catch (requestError) {
+        // 只有请求相关的错误才保存到 api.json
+        try {
+          apiDebugConfig.list[index].lastExecuted = new Date().toISOString();
+          apiDebugConfig.list[index].success = false;
+          apiDebugConfig.list[index].error = requestError.message;
+          saveApiConfig(apiDebugConfig);
+        } catch (saveErr) {
+          console.error('Failed to save request error information:', saveErr.message);
         }
-      });
-      apiDebugConfig.list = Array.from(urlMap.values());
-      // 无论成功还是失败，都保存配置
-      saveApiConfig(apiDebugConfig);
+      }
-      if (success) {
+      if (success && response) {
         return {
           success: true,
           message: `Successfully executed API: ${apiItem.description || apiItem.url}`,
@@ -376,7 +488,7 @@ async function api_debug(params, config, saveConfig) {
             headers: headers,
             body: body
           },
-          error: error,
+          error: error || (response ? `HTTP ${response.status}: ${response.statusText}` : 'Request failed'),
           timestamp: new Date().toISOString()
         };
       }