npm - @pbhamri/quartermaster-mcp - Versions diffs - 0.2.0 → 0.3.1 - Mend

@pbhamri/quartermaster-mcp 0.2.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/server.js +118 -1
package/package.json +2 -2

package/bin/server.js CHANGED Viewed

@@ -300,9 +300,110 @@ function emitPr({ repoPath, profileId, branch = null, title = null, body = null,
 }
+// ---- Repo-read surface (since v0.3.0) ----
+// Lets a peer's MCP client read files in the repo where the server runs.
+// Default REPO_ROOT = cwd at launch (overridable via QM_REPO_ROOT env).
+// Always read-only; sensitive segments + filename patterns are denied.
+const QM_REPO_ROOT = path.resolve(process.env.QM_REPO_ROOT || process.cwd());
+const DENY_SEGMENTS = new Set([
+  ".git","node_modules",".env",".copilot",".agency",".azure",".dotnet",
+  ".cache",".docker",".ado_orgs.cache",".azure-devops",".ecs",
+  ".playwright-outlook-session",".playwright-teams-session",
+  "Application Data","Cookies","Local Settings","My Documents",
+  "NetHood","PrintHood","Recent","SendTo","Start Menu","Templates",
+]);
+const DENY_FILE_PATTERNS = [/\.eml$/i, /^email-.*\.md$/i, /token/i, /secret/i, /credentials/i, /\.pem$/, /\.key$/];
+const REPO_MAX_FILE_BYTES = 200 * 1024;
+const REPO_MAX_SEARCH_HITS = 50;
+function safeResolve(rel = "") {
+  const cleaned = String(rel || "").replace(/^[\\/]+/, "").replace(/\\/g, "/");
+  const abs = path.resolve(QM_REPO_ROOT, cleaned);
+  if (!abs.startsWith(QM_REPO_ROOT)) throw new Error("path traversal blocked");
+  for (const seg of abs.replace(QM_REPO_ROOT, "").split(/[\\/]+/)) {
+    if (DENY_SEGMENTS.has(seg)) throw new Error(`access denied (segment "${seg}")`);
+  }
+  for (const rx of DENY_FILE_PATTERNS) {
+    if (rx.test(path.basename(abs))) throw new Error("access denied (sensitive filename pattern)");
+  }
+  return abs;
+}
+function repoOverview() {
+  let frameworkCount = null;
+  const fwDir = path.join(QM_REPO_ROOT, "competitive-intel-agent", "frameworks");
+  if (fs.existsSync(fwDir)) frameworkCount = fs.readdirSync(fwDir).filter(f => f.endsWith(".js")).length;
+  return {
+    server: "quartermaster-mcp",
+    version: PKG.version,
+    repo_root: QM_REPO_ROOT,
+    framework_count: frameworkCount,
+    note: "Read-only access to files under repo_root. Excluded: secrets, *.eml, .git, node_modules, browser sessions.",
+    overridable_env: "QM_REPO_ROOT",
+  };
+}
+function repoListDir({ dir = "" } = {}) {
+  const abs = safeResolve(dir);
+  const stat = fs.statSync(abs);
+  if (!stat.isDirectory()) return { error: "not a directory", path: dir };
+  const entries = fs.readdirSync(abs, { withFileTypes: true })
+    .filter(e => !DENY_SEGMENTS.has(e.name))
+    .map(e => ({ name: e.name, type: e.isDirectory() ? "dir" : "file" }))
+    .sort((a, b) => (a.type === b.type ? a.name.localeCompare(b.name) : a.type === "dir" ? -1 : 1));
+  return { dir: dir || "/", count: entries.length, entries };
+}
+function repoReadFile({ file } = {}) {
+  if (!file) throw new Error("file is required");
+  const abs = safeResolve(file);
+  const stat = fs.statSync(abs);
+  if (!stat.isFile()) throw new Error("not a file");
+  if (stat.size > REPO_MAX_FILE_BYTES) {
+    return { file, size: stat.size, truncated: true, content: fs.readFileSync(abs, "utf8").slice(0, REPO_MAX_FILE_BYTES), note: `file is ${stat.size} bytes; only first ${REPO_MAX_FILE_BYTES} returned` };
+  }
+  return { file, size: stat.size, content: fs.readFileSync(abs, "utf8") };
+}
+function repoSearch({ query, max = REPO_MAX_SEARCH_HITS } = {}) {
+  if (!query) throw new Error("query is required");
+  const hits = [];
+  const rx = new RegExp(query, "i");
+  function walk(dir) {
+    if (hits.length >= max) return;
+    let entries;
+    try { entries = fs.readdirSync(dir, { withFileTypes: true }); } catch { return; }
+    for (const e of entries) {
+      if (DENY_SEGMENTS.has(e.name)) continue;
+      const abs = path.join(dir, e.name);
+      if (e.isDirectory()) { walk(abs); continue; }
+      if (DENY_FILE_PATTERNS.some(p => p.test(e.name))) continue;
+      if (!/\.(md|js|ts|tsx|json|yml|yaml|ps1|html|txt)$/i.test(e.name)) continue;
+      try {
+        const lines = fs.readFileSync(abs, "utf8").split("\n");
+        for (let i = 0; i < lines.length && hits.length < max; i++) {
+          if (rx.test(lines[i])) {
+            hits.push({ file: path.relative(QM_REPO_ROOT, abs).replace(/\\/g, "/"), line: i + 1, text: lines[i].trim().slice(0, 200) });
+          }
+        }
+      } catch {}
+    }
+  }
+  walk(QM_REPO_ROOT);
+  return { query, hit_count: hits.length, hits };
+}
+function repoRecentSessions({ limit = 10 } = {}) {
+  const idx = path.join(QM_REPO_ROOT, "knowledge", "sessions.jsonl");
+  if (!fs.existsSync(idx)) return { sessions: [], note: "no knowledge/sessions.jsonl in this repo_root" };
+  const lines = fs.readFileSync(idx, "utf8").split("\n").filter(Boolean).slice(-limit);
+  return { sessions: lines.map(l => { try { return JSON.parse(l); } catch { return { raw: l }; } }) };
+}
 // ---------------- MCP wiring ----------------
 const server = new Server(
-  { name: "quartermaster-mcp", version: "0.1.0" },
+  { name: "quartermaster-mcp", version: PKG.version },
   { capabilities: { tools: {}, resources: {} } }
 );
@@ -332,6 +433,17 @@ const TOOLS = [
       title: { type:"string" }, body: { type:"string" },
       base: { type:"string", default:"main" }, draft: { type:"boolean", default:false }
     } } },
+  // ---- v0.3.0 read-only repo surface ----
+  { name: "repo_overview", description: "Returns server metadata: repo_root, framework_count (if a competitive-intel-agent/frameworks dir exists), exclusion rules. No args.",
+    inputSchema: { type: "object", properties: {} } },
+  { name: "repo_list_dir", description: "Lists files and folders in a path under repo_root. Args: dir (relative path, default '/').",
+    inputSchema: { type: "object", properties: { dir: { type: "string" } } } },
+  { name: "repo_read_file", description: "Returns the text content of a file under repo_root (200 KB cap; secrets / *.eml / browser sessions blocked).",
+    inputSchema: { type: "object", required: ["file"], properties: { file: { type: "string" } } } },
+  { name: "repo_search", description: "Case-insensitive regex search across .md/.js/.ts/.json/.yml/.ps1/.html/.txt files under repo_root. Args: query (required), max (default 50).",
+    inputSchema: { type: "object", required: ["query"], properties: { query: { type: "string" }, max: { type: "integer" } } } },
+  { name: "repo_recent_sessions", description: "Returns the last N entries from knowledge/sessions.jsonl (cross-model session memory) if present. Args: limit (default 10).",
+    inputSchema: { type: "object", properties: { limit: { type: "integer" } } } },
 ];
 server.setRequestHandler(ListToolsRequestSchema, async () => ({ tools: TOOLS }));
@@ -348,6 +460,11 @@ server.setRequestHandler(CallToolRequestSchema, async (req) => {
       case "qm_apply_profile":   result = await timed("qm.apply_profile",   { profileId: args.profileId }, async () => applyProfile(args)); break;
       case "qm_telemetry":       result = readTelemetry(args); break;
       case "qm_emit_pr":         result = await timed("qm.emit_pr",         { profileId: args.profileId }, async () => emitPr(args)); break;
+      case "repo_overview":         result = repoOverview(); break;
+      case "repo_list_dir":         result = repoListDir(args); break;
+      case "repo_read_file":        result = repoReadFile(args); break;
+      case "repo_search":           result = repoSearch(args); break;
+      case "repo_recent_sessions":  result = repoRecentSessions(args); break;
       default: throw new Error(`unknown tool: ${name}`);
     }
     return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@pbhamri/quartermaster-mcp",
-  "version": "0.2.0",
-  "description": "MCP server that seeds any repo with the Quartermaster PM kit (profiles, prompts, AGENTS.md, command center). No folder dependency — callable from any Copilot/Claude/Cursor session.",
+  "version": "0.3.1",
+  "description": "MCP server that seeds any repo with the Quartermaster PM kit AND exposes a read-only repo surface (repo_overview, repo_list_dir, repo_read_file, repo_search, repo_recent_sessions). One-command share with any MS PM peer: npx -y @pbhamri/quartermaster-mcp",
   "type": "module",
   "bin": {
     "quartermaster-mcp": "bin/server.js"