@mp3wizard/figma-console-mcp 1.22.2 → 1.22.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +24 -5
  2. package/dist/apps/design-system-dashboard/mcp-app.html +78 -78
  3. package/dist/apps/token-browser/mcp-app.html +59 -60
  4. package/dist/cloudflare/core/write-tools.js +4 -4
  5. package/dist/core/write-tools.js +4 -4
  6. package/dist/core/write-tools.js.map +1 -1
  7. package/dist/local.js +4 -4
  8. package/dist/local.js.map +1 -1
  9. package/figma-desktop-bridge/code.js +173 -18
  10. package/package.json +1 -102
package/README.md CHANGED
@@ -17,14 +17,13 @@
17
17
 
18
18
  Figma Console MCP connects AI assistants (like Claude) to Figma, enabling:
19
19
 
20
- - **🐛 Plugin debugging** - Capture console logs, errors, and stack traces
21
- - **📸 Visual debugging** - Take screenshots for context
22
20
  - **🎨 Design system extraction** - Pull variables, components, and styles
21
+ - **📸 Visual debugging** - Take screenshots for context
23
22
  - **✏️ Design creation** - Create UI components, frames, and layouts directly in Figma
24
23
  - **🔧 Variable management** - Create, update, rename, and delete design tokens
25
- - **⚡ Real-time monitoring** - Watch logs as plugins execute
24
+ - **⚡ Real-time monitoring** - Watch console logs from the Desktop Bridge plugin
26
25
  - **📌 FigJam boards** - Create stickies, flowcharts, tables, and code blocks on collaborative boards
27
- - **♿ Accessibility scanning** - 13 WCAG design checks, component scorecards, axe-core code scanning, design-to-code parity
26
+ - **♿ Accessibility scanning** - 14 WCAG design checks with conformance level tagging, component scorecards, axe-core code scanning, design-to-code parity
28
27
  - **☁️ Cloud Write Relay** - Web AI clients (Claude.ai, v0, Replit) can design in Figma via cloud pairing
29
28
  - **🔄 Four ways to connect** - Remote SSE, Cloud Mode, NPX, or Local Git
30
29
 
@@ -792,9 +791,11 @@ The architecture supports adding new apps with minimal boilerplate — each app
792
791
 
793
792
  ## 🛤️ Roadmap
794
793
 
795
- **Current Status:** v1.17.0 (Stable) - Production-ready with FigJam + Slides support, Cloud Write Relay, Design System Kit, WebSocket-only connectivity, smart multi-file tracking, 94+ tools, Comments API, and MCP Apps
794
+ **Current Status:** v1.22.4 (Stable) - Production-ready with 14 WCAG accessibility rules, Phase B lint checks (disabled variant context + token misuse detection), FigJam + Slides support, Cloud Write Relay, Design System Kit, WebSocket-only connectivity, smart multi-file tracking, 94+ tools, Comments API, and MCP Apps
796
795
 
797
796
  **Recent Releases:**
797
+ - [x] **v1.22.4** - Security: fix 6 Medium hono/node-server CVEs via package.json overrides (CVE-2026-39406 through CVE-2026-39410, GHSA-26pp-8wgv-hjvm, GHSA-xpcf-pg52-r92g)
798
+ - [x] **v1.22.3** - Phase B accessibility: disabled variant context check, token misuse detection, WCAG interpretation fixes from accessibility consultant review, rule count 13 to 14
798
799
  - [x] **v1.17.0** - Figma Slides Support: 15 new tools for managing presentations — slides, transitions, content, reordering, and navigation. Inspired by Toni Haidamous (PR #11).
799
800
  - [x] **v1.16.0** - FigJam Support: 9 new tools for creating and reading FigJam boards — stickies, flowcharts, tables, code blocks, and connection graphs. Community-contributed by klgral and lukemoderwell.
800
801
  - [x] **v1.12.0** - Cloud Write Relay: web AI clients (Claude.ai, v0, Replit, Lovable) can create and modify Figma designs via cloud relay pairing — no Node.js required
@@ -839,6 +840,24 @@ npm run build
839
840
 
840
841
  ---
841
842
 
843
+ ## 🔒 Network Transparency
844
+
845
+ All outbound network connections made by this MCP server:
846
+
847
+ | Destination | Protocol | Purpose | Data Sent |
848
+ |-------------|----------|---------|-----------|
849
+ | `api.figma.com` | HTTPS | REST API (files, variables, components, styles, images, comments) | File keys, node IDs, API parameters |
850
+ | `www.figma.com` | HTTPS | OAuth 2.0 authorization flow | Client ID, auth codes, refresh tokens |
851
+ | `figma-console-mcp.southleft.com` | WSS/HTTPS | Cloud relay for web AI clients (Cloud Mode only) | Metadata only: fileName, fileKey, currentPage |
852
+ | Figma S3 CDN | HTTPS | Rendered image downloads (temporary URLs) | None (download only) |
853
+ | `localhost:9223-9232` | WS | Desktop Bridge plugin (local only) | Plugin commands/responses |
854
+
855
+ **Not present:** telemetry, analytics, tracking, third-party data services, obfuscated code, or environment variable leakage. Full audit available in [`Security review report/`](Security%20review%20report/).
856
+
857
+ > **Local Mode users:** `src/local.ts` does not connect to the cloud relay — only Figma API and localhost WebSocket.
858
+
859
+ ---
860
+
842
861
  ## 📄 License
843
862
 
844
863
  MIT - See [LICENSE](LICENSE) file for details.