@pbhamri/quartermaster-mcp 0.2.0 → 0.3.0

package/bin/server.js

@@ -300,6 +300,107 @@ function emitPr({ repoPath, profileId, branch = null, title = null, body = null,
 }
 
 
+// ---- Repo-read surface (since v0.3.0) ----
+// Lets a peer's MCP client read files in the repo where the server runs.
+// Default REPO_ROOT = cwd at launch (overridable via QM_REPO_ROOT env).
+// Always read-only; sensitive segments + filename patterns are denied.
+const QM_REPO_ROOT = path.resolve(process.env.QM_REPO_ROOT || process.cwd());
+const DENY_SEGMENTS = new Set([
+  ".git","node_modules",".env",".copilot",".agency",".azure",".dotnet",
+  ".cache",".docker",".ado_orgs.cache",".azure-devops",".ecs",
+  ".playwright-outlook-session",".playwright-teams-session",
+  "Application Data","Cookies","Local Settings","My Documents",
+  "NetHood","PrintHood","Recent","SendTo","Start Menu","Templates",
+]);
+const DENY_FILE_PATTERNS = [/\.eml$/i, /^email-.*\.md$/i, /token/i, /secret/i, /credentials/i, /\.pem$/, /\.key$/];
+const REPO_MAX_FILE_BYTES = 200 * 1024;
+const REPO_MAX_SEARCH_HITS = 50;
+
+function safeResolve(rel = "") {
+  const cleaned = String(rel || "").replace(/^[\\/]+/, "").replace(/\\/g, "/");
+  const abs = path.resolve(QM_REPO_ROOT, cleaned);
+  if (!abs.startsWith(QM_REPO_ROOT)) throw new Error("path traversal blocked");
+  for (const seg of abs.replace(QM_REPO_ROOT, "").split(/[\\/]+/)) {
+    if (DENY_SEGMENTS.has(seg)) throw new Error(`access denied (segment "${seg}")`);
+  }
+  for (const rx of DENY_FILE_PATTERNS) {
+    if (rx.test(path.basename(abs))) throw new Error("access denied (sensitive filename pattern)");
+  }
+  return abs;
+}
+
+function repoOverview() {
+  let frameworkCount = null;
+  const fwDir = path.join(QM_REPO_ROOT, "competitive-intel-agent", "frameworks");
+  if (fs.existsSync(fwDir)) frameworkCount = fs.readdirSync(fwDir).filter(f => f.endsWith(".js")).length;
+  return {
+    server: "quartermaster-mcp",
+    version: PKG.version,
+    repo_root: QM_REPO_ROOT,
+    framework_count: frameworkCount,
+    note: "Read-only access to files under repo_root. Excluded: secrets, *.eml, .git, node_modules, browser sessions.",
+    overridable_env: "QM_REPO_ROOT",
+  };
+}
+
+function repoListDir({ dir = "" } = {}) {
+  const abs = safeResolve(dir);
+  const stat = fs.statSync(abs);
+  if (!stat.isDirectory()) return { error: "not a directory", path: dir };
+  const entries = fs.readdirSync(abs, { withFileTypes: true })
+    .filter(e => !DENY_SEGMENTS.has(e.name))
+    .map(e => ({ name: e.name, type: e.isDirectory() ? "dir" : "file" }))
+    .sort((a, b) => (a.type === b.type ? a.name.localeCompare(b.name) : a.type === "dir" ? -1 : 1));
+  return { dir: dir || "/", count: entries.length, entries };
+}
+
+function repoReadFile({ file } = {}) {
+  if (!file) throw new Error("file is required");
+  const abs = safeResolve(file);
+  const stat = fs.statSync(abs);
+  if (!stat.isFile()) throw new Error("not a file");
+  if (stat.size > REPO_MAX_FILE_BYTES) {
+    return { file, size: stat.size, truncated: true, content: fs.readFileSync(abs, "utf8").slice(0, REPO_MAX_FILE_BYTES), note: `file is ${stat.size} bytes; only first ${REPO_MAX_FILE_BYTES} returned` };
+  }
+  return { file, size: stat.size, content: fs.readFileSync(abs, "utf8") };
+}
+
+function repoSearch({ query, max = REPO_MAX_SEARCH_HITS } = {}) {
+  if (!query) throw new Error("query is required");
+  const hits = [];
+  const rx = new RegExp(query, "i");
+  function walk(dir) {
+    if (hits.length >= max) return;
+    let entries;
+    try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (DENY_SEGMENTS.has(e.name)) continue;
+      const abs = path.join(dir, e.name);
+      if (e.isDirectory()) { walk(abs); continue; }
+      if (DENY_FILE_PATTERNS.some(p => p.test(e.name))) continue;
+      if (!/\.(md|js|ts|tsx|json|yml|yaml|ps1|html|txt)$/i.test(e.name)) continue;
+      try {
+        const lines = fs.readFileSync(abs, "utf8").split("\n");
+        for (let i = 0; i < lines.length && hits.length < max; i++) {
+          if (rx.test(lines[i])) {
+            hits.push({ file: path.relative(QM_REPO_ROOT, abs).replace(/\\/g, "/"), line: i + 1, text: lines[i].trim().slice(0, 200) });
+          }
+        }
+      } catch {}
+    }
+  }
+  walk(QM_REPO_ROOT);
+  return { query, hit_count: hits.length, hits };
+}
+
+function repoRecentSessions({ limit = 10 } = {}) {
+  const idx = path.join(QM_REPO_ROOT, "knowledge", "sessions.jsonl");
+  if (!fs.existsSync(idx)) return { sessions: [], note: "no knowledge/sessions.jsonl in this repo_root" };
+  const lines = fs.readFileSync(idx, "utf8").split("\n").filter(Boolean).slice(-limit);
+  return { sessions: lines.map(l => { try { return JSON.parse(l); } catch { return { raw: l }; } }) };
+}
+
+
 // ---------------- MCP wiring ----------------
 const server = new Server(
   { name: "quartermaster-mcp", version: "0.1.0" },
@@ -332,6 +433,17 @@ const TOOLS = [
       title: { type:"string" }, body: { type:"string" },
       base: { type:"string", default:"main" }, draft: { type:"boolean", default:false }
     } } },
+  // ---- v0.3.0 read-only repo surface ----
+  { name: "repo_overview", description: "Returns server metadata: repo_root, framework_count (if a competitive-intel-agent/frameworks dir exists), exclusion rules. No args.",
+    inputSchema: { type: "object", properties: {} } },
+  { name: "repo_list_dir", description: "Lists files and folders in a path under repo_root. Args: dir (relative path, default '/').",
+    inputSchema: { type: "object", properties: { dir: { type: "string" } } } },
+  { name: "repo_read_file", description: "Returns the text content of a file under repo_root (200 KB cap; secrets / *.eml / browser sessions blocked).",
+    inputSchema: { type: "object", required: ["file"], properties: { file: { type: "string" } } } },
+  { name: "repo_search", description: "Case-insensitive regex search across .md/.js/.ts/.json/.yml/.ps1/.html/.txt files under repo_root. Args: query (required), max (default 50).",
+    inputSchema: { type: "object", required: ["query"], properties: { query: { type: "string" }, max: { type: "integer" } } } },
+  { name: "repo_recent_sessions", description: "Returns the last N entries from knowledge/sessions.jsonl (cross-model session memory) if present. Args: limit (default 10).",
+    inputSchema: { type: "object", properties: { limit: { type: "integer" } } } },
 ];
 
 server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
@@ -348,6 +460,11 @@ server.setRequestHandler(CallToolRequestSchema, async (req) => {
       case "qm_apply_profile":   result = await timed("qm.apply_profile",   { profileId: args.profileId }, async () => applyProfile(args)); break;
       case "qm_telemetry":       result = readTelemetry(args); break;
       case "qm_emit_pr":         result = await timed("qm.emit_pr",         { profileId: args.profileId }, async () => emitPr(args)); break;
+      case "repo_overview":         result = repoOverview(); break;
+      case "repo_list_dir":         result = repoListDir(args); break;
+      case "repo_read_file":        result = repoReadFile(args); break;
+      case "repo_search":           result = repoSearch(args); break;
+      case "repo_recent_sessions":  result = repoRecentSessions(args); break;
       default: throw new Error(`unknown tool: ${name}`);
     }
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@pbhamri/quartermaster-mcp",
-  "version": "0.2.0",
-  "description": "MCP server that seeds any repo with the Quartermaster PM kit (profiles, prompts, AGENTS.md, command center). No folder dependency — callable from any Copilot/Claude/Cursor session.",
+  "version": "0.3.0",
+  "description": "MCP server that seeds any repo with the Quartermaster PM kit AND exposes a read-only repo surface (repo_overview, repo_list_dir, repo_read_file, repo_search, repo_recent_sessions). One-command share with any MS PM peer: npx -y @pbhamri/quartermaster-mcp",
   "type": "module",
   "bin": {
     "quartermaster-mcp": "bin/server.js"