@misterhuydo/cairn-mcp 1.6.9 → 1.6.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@misterhuydo/cairn-mcp",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.10",
|
|
4
4
|
"description": "MCP server that gives Claude Code persistent memory across sessions. Index your codebase once, search symbols, bundle source, scan for vulnerabilities, and checkpoint/resume work — across Java, TypeScript, Vue, Python, SQL and more.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "index.js",
|
|
@@ -8,7 +8,7 @@ export const VULN_PATTERNS = [
|
|
|
8
8
|
|
|
9
9
|
{ id: 'CWE-89', lang: ['java'], severity: 'HIGH',
|
|
10
10
|
name: 'SQL Injection',
|
|
11
|
-
pattern: /"SELECT|INSERT|UPDATE|DELETE.*"\s*\+/i,
|
|
11
|
+
pattern: /"(SELECT|INSERT|UPDATE|DELETE)\b.*"\s*\+/i,
|
|
12
12
|
fix: 'Use PreparedStatement with parameterized queries' },
|
|
13
13
|
|
|
14
14
|
{ id: 'CWE-326', lang: ['java'], severity: 'HIGH',
|
|
@@ -34,7 +34,7 @@ export const VULN_PATTERNS = [
|
|
|
34
34
|
|
|
35
35
|
{ id: 'CWE-89', lang: ['javascript', 'typescript'], severity: 'HIGH',
|
|
36
36
|
name: 'SQL Injection (JS)',
|
|
37
|
-
pattern: /`\s*(SELECT|INSERT|UPDATE|DELETE).*\$\{/i,
|
|
37
|
+
pattern: /`\s*(SELECT|INSERT|UPDATE|DELETE)\b.*\$\{/i,
|
|
38
38
|
fix: 'Use parameterized queries or an ORM' },
|
|
39
39
|
|
|
40
40
|
{ id: 'CWE-798', lang: ['javascript', 'typescript', 'vue'], severity: 'HIGH',
|
package/src/tools/checkpoint.js
CHANGED
|
@@ -3,6 +3,11 @@ import path from 'path';
|
|
|
3
3
|
import { getCairnDir } from '../graph/cwd.js';
|
|
4
4
|
|
|
5
5
|
export function checkpoint(_db, { message, active_files = [], notes = [] }) {
|
|
6
|
+
// Coerce notes to array in case the caller passed a pre-serialized JSON string
|
|
7
|
+
if (typeof notes === 'string') {
|
|
8
|
+
try { notes = JSON.parse(notes); } catch { notes = notes ? [notes] : []; }
|
|
9
|
+
}
|
|
10
|
+
if (!Array.isArray(notes)) notes = [];
|
|
6
11
|
const cairnDir = getCairnDir();
|
|
7
12
|
const sessionPath = path.join(cairnDir, 'session.json');
|
|
8
13
|
|
package/src/tools/resume.js
CHANGED
|
@@ -31,6 +31,11 @@ export async function resume(db) {
|
|
|
31
31
|
}
|
|
32
32
|
|
|
33
33
|
const session = JSON.parse(fs.readFileSync(sessionPath, 'utf8'));
|
|
34
|
+
// Guard against double-serialized notes (stored as JSON string instead of array)
|
|
35
|
+
if (typeof session.notes === 'string') {
|
|
36
|
+
try { session.notes = JSON.parse(session.notes); } catch { session.notes = []; }
|
|
37
|
+
}
|
|
38
|
+
if (!Array.isArray(session.notes)) session.notes = [];
|
|
34
39
|
|
|
35
40
|
// Detect and auto-repair project relocation before any path comparisons
|
|
36
41
|
let relocation = null;
|