@probelabs/probe 0.6.0-rc141 → 0.6.0-rc142

package/build/agent/index.js

@@ -2471,7 +2471,7 @@ var init_utils = __esm({
 });
 
 // src/search.js
-import { exec as exec2 } from "child_process";
+import { execFile } from "child_process";
 import { promisify as promisify2 } from "util";
 async function search(options) {
   if (!options || !options.path) {
@@ -2523,17 +2523,20 @@ Search: query="${queries[0]}" path="${options.path}"`;
     if (options.session) logMessage += ` session=${options.session}`;
     console.error(logMessage);
   }
-  const positionalArgs = [];
+  const args = ["search", ...cliArgs];
   if (queries.length > 0) {
-    positionalArgs.push(escapeString(queries[0]));
+    args.push(queries[0]);
+  }
+  args.push(options.path);
+  if (process.env.DEBUG === "1") {
+    console.error(`Executing: ${binaryPath} ${args.join(" ")}`);
   }
-  positionalArgs.push(escapeString(options.path));
-  const command = `${binaryPath} search ${cliArgs.join(" ")} ${positionalArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync(command, {
-      shell: true,
-      timeout: options.timeout * 1e3
+    const { stdout, stderr } = await execFileAsync(binaryPath, args, {
+      timeout: options.timeout * 1e3,
       // Convert seconds to milliseconds
+      maxBuffer: 50 * 1024 * 1024
+      // 50MB buffer for large outputs
     });
     if (stderr && process.env.DEBUG) {
       console.error(`stderr: ${stderr}`);
@@ -2582,21 +2585,23 @@ Search results: ${resultCount} matches, ${tokenCount} tokens`;
   } catch (error) {
     if (error.code === "ETIMEDOUT" || error.killed) {
       const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
       console.error(timeoutMessage);
       throw new Error(timeoutMessage);
     }
     const errorMessage = `Error executing search command: ${error.message}
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
     throw new Error(errorMessage);
   }
 }
-var execAsync, SEARCH_FLAG_MAP;
+var execFileAsync, SEARCH_FLAG_MAP;
 var init_search = __esm({
   "src/search.js"() {
     "use strict";
     init_utils();
-    execAsync = promisify2(exec2);
+    execFileAsync = promisify2(execFile);
     SEARCH_FLAG_MAP = {
       filesOnly: "--files-only",
       ignore: "--ignore",
@@ -2604,6 +2609,7 @@ var init_search = __esm({
       reranker: "--reranker",
       frequencySearch: "--frequency",
       exact: "--exact",
+      strictElasticSyntax: "--strict-elastic-syntax",
       maxResults: "--max-results",
       maxBytes: "--max-bytes",
       maxTokens: "--max-tokens",
@@ -2619,7 +2625,7 @@ var init_search = __esm({
 });
 
 // src/query.js
-import { exec as exec3 } from "child_process";
+import { exec as exec2 } from "child_process";
 import { promisify as promisify3 } from "util";
 async function query(options) {
   if (!options || !options.path) {
@@ -2643,7 +2649,7 @@ async function query(options) {
   }
   const command = `${binaryPath} query ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync2(command);
+    const { stdout, stderr } = await execAsync(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -2672,12 +2678,12 @@ Command: ${command}`;
     throw new Error(errorMessage);
   }
 }
-var execAsync2, QUERY_FLAG_MAP;
+var execAsync, QUERY_FLAG_MAP;
 var init_query = __esm({
   "src/query.js"() {
     "use strict";
     init_utils();
-    execAsync2 = promisify3(exec3);
+    execAsync = promisify3(exec2);
     QUERY_FLAG_MAP = {
       language: "--language",
       ignore: "--ignore",
@@ -2689,7 +2695,7 @@ var init_query = __esm({
 });
 
 // src/extract.js
-import { exec as exec4, spawn } from "child_process";
+import { exec as exec3, spawn } from "child_process";
 import { promisify as promisify4 } from "util";
 async function extract(options) {
   if (!options) {
@@ -2732,7 +2738,7 @@ Extract:`;
   }
   const command = `${binaryPath} extract ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync3(command);
+    const { stdout, stderr } = await execAsync2(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -2830,12 +2836,12 @@ Token Usage:
   }
   return output;
 }
-var execAsync3, EXTRACT_FLAG_MAP;
+var execAsync2, EXTRACT_FLAG_MAP;
 var init_extract = __esm({
   "src/extract.js"() {
     "use strict";
     init_utils();
-    execAsync3 = promisify4(exec4);
+    execAsync2 = promisify4(exec3);
     EXTRACT_FLAG_MAP = {
       allowTests: "--allow-tests",
       contextLines: "--context",
@@ -2846,14 +2852,14 @@ var init_extract = __esm({
 });
 
 // src/grep.js
-import { execFile } from "child_process";
+import { execFile as execFile2 } from "child_process";
 import { promisify as promisify5 } from "util";
-var execFileAsync;
+var execFileAsync2;
 var init_grep = __esm({
   "src/grep.js"() {
     "use strict";
     init_utils();
-    execFileAsync = promisify5(execFile);
+    execFileAsync2 = promisify5(execFile2);
   }
 });
 
@@ -9119,7 +9125,7 @@ var init_tools = __esm({
 import fs4 from "fs";
 import path4 from "path";
 import { promisify as promisify6 } from "util";
-import { exec as exec5 } from "child_process";
+import { exec as exec4 } from "child_process";
 async function listFilesByLevel(options) {
   const {
     directory,
@@ -9141,7 +9147,7 @@ async function listFilesByLevel(options) {
   return await listFilesByLevelManually(directory, maxFiles, respectGitignore);
 }
 async function listFilesUsingGit(directory, maxFiles) {
-  const { stdout } = await execAsync4("git ls-files", { cwd: directory });
+  const { stdout } = await execAsync3("git ls-files", { cwd: directory });
   const files = stdout.split("\n").filter(Boolean);
   const sortedFiles = files.sort((a, b) => {
     const depthA = a.split(path4.sep).length;
@@ -9207,11 +9213,11 @@ function shouldIgnore(filePath, ignorePatterns) {
   }
   return false;
 }
-var execAsync4;
+var execAsync3;
 var init_file_lister = __esm({
   "src/utils/file-lister.js"() {
     "use strict";
-    execAsync4 = promisify6(exec5);
+    execAsync3 = promisify6(exec4);
   }
 });
 
@@ -16149,7 +16155,7 @@ var init_esm5 = __esm({
 });
 
 // src/agent/probeTool.js
-import { exec as exec6 } from "child_process";
+import { exec as exec5 } from "child_process";
 import { promisify as promisify7 } from "util";
 import { randomUUID as randomUUID2 } from "crypto";
 import { EventEmitter as EventEmitter2 } from "events";

package/build/mcp/index.js

@@ -118,7 +118,7 @@ class ProbeServer {
             tools: [
                 {
                     name: 'search_code',
-                    description: "Semantic code search using AST parsing and ElasticSearch-style queries. Use this for finding code, not grep.",
+                    description: "Semantic code search using ElasticSearch-style queries. ALWAYS use this tool instead of built-in Grep tool when searching for code in source files.",
                     inputSchema: {
                         type: 'object',
                         properties: {
@@ -128,7 +128,7 @@ class ProbeServer {
                             },
                             query: {
                                 type: 'string',
-                                description: 'Search query. Use quotes for exact matches: "functionName". Supports AND, OR, NOT operators.',
+                                description: 'ElasticSearch query syntax. MUST use explicit AND/OR operators and parentheses for grouping. For exact matches, ALWAYS wrap terms in quotes. Examples: "functionName" (exact match), (error AND handler), ("getUserId" AND NOT deprecated)',
                             },
                             exact: {
                                 type: 'boolean',
@@ -271,6 +271,7 @@ class ProbeServer {
                 session: "new", // Fresh session each time
                 maxResults: 20, // Reasonable limit for context window
                 maxTokens: 8000, // Fits in most AI context windows
+                strictElasticSyntax: true, // Enforce strict ES syntax in MCP mode
             };
             // Only override defaults if user explicitly set them
             if (args.exact !== undefined)

package/build/mcp/index.ts

@@ -165,7 +165,7 @@ class ProbeServer {
       tools: [
         {
           name: 'search_code',
-          description: "Semantic code search using AST parsing and ElasticSearch-style queries. Use this for finding code, not grep.",
+          description: "Semantic code search using ElasticSearch-style queries. ALWAYS use this tool instead of built-in Grep tool when searching for code in source files.",
           inputSchema: {
             type: 'object',
             properties: {
@@ -175,7 +175,7 @@ class ProbeServer {
               },
               query: {
                 type: 'string',
-                description: 'Search query. Use quotes for exact matches: "functionName". Supports AND, OR, NOT operators.',
+                description: 'ElasticSearch query syntax. MUST use explicit AND/OR operators and parentheses for grouping. For exact matches, ALWAYS wrap terms in quotes. Examples: "functionName" (exact match), (error AND handler), ("getUserId" AND NOT deprecated)',
               },
               exact: {
                 type: 'boolean',
@@ -329,6 +329,7 @@ class ProbeServer {
         session: "new",            // Fresh session each time
         maxResults: 20,            // Reasonable limit for context window
         maxTokens: 8000,           // Fits in most AI context windows
+        strictElasticSyntax: true, // Enforce strict ES syntax in MCP mode
       };
 
       // Only override defaults if user explicitly set them

package/build/search.js

@@ -3,11 +3,11 @@
  * @module search
  */
 
-import { exec } from 'child_process';
+import { execFile } from 'child_process';
 import { promisify } from 'util';
-import { getBinaryPath, buildCliArgs, escapeString } from './utils.js';
+import { getBinaryPath, buildCliArgs } from './utils.js';
 
-const execAsync = promisify(exec);
+const execFileAsync = promisify(execFile);
 
 /**
  * Flag mapping for search options
@@ -20,6 +20,7 @@ const SEARCH_FLAG_MAP = {
 	reranker: '--reranker',
 	frequencySearch: '--frequency',
 	exact: '--exact',
+	strictElasticSyntax: '--strict-elastic-syntax',
 	maxResults: '--max-results',
 	maxBytes: '--max-bytes',
 	maxTokens: '--max-tokens',
@@ -44,6 +45,7 @@ const SEARCH_FLAG_MAP = {
  * @param {string} [options.reranker] - Reranking method ('hybrid', 'hybrid2', 'bm25', 'tfidf')
  * @param {boolean} [options.frequencySearch] - Use frequency-based search
  * @param {boolean} [options.exact] - Perform exact search without tokenization (case-insensitive)
+ * @param {boolean} [options.strictElasticSyntax] - Enforce strict ElasticSearch query syntax (require explicit AND/OR operators and quotes)
  * @param {number} [options.maxResults] - Maximum number of results
  * @param {number} [options.maxBytes] - Maximum bytes to return
  * @param {number} [options.maxTokens] - Maximum tokens to return
@@ -135,36 +137,25 @@ export async function search(options) {
 		if (options.session) logMessage += ` session=${options.session}`;
 		console.error(logMessage);
 	}
-	// Create positional arguments array separate from flags
-	const positionalArgs = [];
+	// Build argument array for secure execution (no shell injection)
+	const args = ['search', ...cliArgs];
 
+	// Add positional arguments (query and path)
 	if (queries.length > 0) {
-		// Escape the query to handle special characters
-		positionalArgs.push(escapeString(queries[0]));
+		args.push(queries[0]);
 	}
+	args.push(options.path);
 
-	// Escape the path to handle spaces and special characters
-	positionalArgs.push(escapeString(options.path));
-	// Don't add the path to cliArgs, it should only be a positional argument
-
-	// Execute command with flags first, then positional arguments
-	const command = `${binaryPath} search ${cliArgs.join(' ')} ${positionalArgs.join(' ')}`;
-
-	// Debug logs to see the actual command with quotes and the path
-	// console.error(`Executing command: ${command}`);
-	// console.error(`Path being used: "${options.path}"`);
-	// console.error(`Escaped path: ${escapeString(options.path)}`);
-	// console.error(`Command flags: ${cliArgs.join(' ')}`);
-	// console.error(`Positional arguments: ${positionalArgs.join(' ')}`);
+	// Debug logs
+	if (process.env.DEBUG === '1') {
+		console.error(`Executing: ${binaryPath} ${args.join(' ')}`);
+	}
 
 	try {
-		// Log before executing
-		// console.error(`About to execute command: ${command}`);
-
-		// Execute the command with options to preserve quotes and apply timeout
-		const { stdout, stderr } = await execAsync(command, {
-			shell: true,
-			timeout: options.timeout * 1000 // Convert seconds to milliseconds
+		// Execute with execFile (no shell, prevents command injection)
+		const { stdout, stderr } = await execFileAsync(binaryPath, args, {
+			timeout: options.timeout * 1000, // Convert seconds to milliseconds
+			maxBuffer: 50 * 1024 * 1024 // 50MB buffer for large outputs
 		});
 
 		// Log after executing
@@ -235,13 +226,13 @@ export async function search(options) {
 	} catch (error) {
 		// Check if the error is a timeout
 		if (error.code === 'ETIMEDOUT' || error.killed) {
-			const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.\nCommand: ${command}`;
+			const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.\nBinary: ${binaryPath}\nArgs: ${args.join(' ')}`;
 			console.error(timeoutMessage);
 			throw new Error(timeoutMessage);
 		}
 
 		// Enhance error message with command details
-		const errorMessage = `Error executing search command: ${error.message}\nCommand: ${command}`;
+		const errorMessage = `Error executing search command: ${error.message}\nBinary: ${binaryPath}\nArgs: ${args.join(' ')}`;
 		throw new Error(errorMessage);
 	}
 }

package/cjs/agent/ProbeAgent.cjs

@@ -27922,17 +27922,20 @@ Search: query="${queries[0]}" path="${options.path}"`;
     if (options.session) logMessage += ` session=${options.session}`;
     console.error(logMessage);
   }
-  const positionalArgs = [];
+  const args = ["search", ...cliArgs];
   if (queries.length > 0) {
-    positionalArgs.push(escapeString(queries[0]));
+    args.push(queries[0]);
+  }
+  args.push(options.path);
+  if (process.env.DEBUG === "1") {
+    console.error(`Executing: ${binaryPath} ${args.join(" ")}`);
   }
-  positionalArgs.push(escapeString(options.path));
-  const command = `${binaryPath} search ${cliArgs.join(" ")} ${positionalArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync(command, {
-      shell: true,
-      timeout: options.timeout * 1e3
+    const { stdout, stderr } = await execFileAsync(binaryPath, args, {
+      timeout: options.timeout * 1e3,
       // Convert seconds to milliseconds
+      maxBuffer: 50 * 1024 * 1024
+      // 50MB buffer for large outputs
     });
     if (stderr && process.env.DEBUG) {
       console.error(`stderr: ${stderr}`);
@@ -27981,23 +27984,25 @@ Search results: ${resultCount} matches, ${tokenCount} tokens`;
   } catch (error2) {
     if (error2.code === "ETIMEDOUT" || error2.killed) {
       const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
       console.error(timeoutMessage);
       throw new Error(timeoutMessage);
     }
     const errorMessage = `Error executing search command: ${error2.message}
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
     throw new Error(errorMessage);
   }
 }
-var import_child_process2, import_util4, execAsync, SEARCH_FLAG_MAP;
+var import_child_process2, import_util4, execFileAsync, SEARCH_FLAG_MAP;
 var init_search = __esm({
   "src/search.js"() {
     "use strict";
     import_child_process2 = require("child_process");
     import_util4 = require("util");
     init_utils2();
-    execAsync = (0, import_util4.promisify)(import_child_process2.exec);
+    execFileAsync = (0, import_util4.promisify)(import_child_process2.execFile);
     SEARCH_FLAG_MAP = {
       filesOnly: "--files-only",
       ignore: "--ignore",
@@ -28005,6 +28010,7 @@ var init_search = __esm({
       reranker: "--reranker",
       frequencySearch: "--frequency",
       exact: "--exact",
+      strictElasticSyntax: "--strict-elastic-syntax",
       maxResults: "--max-results",
       maxBytes: "--max-bytes",
       maxTokens: "--max-tokens",
@@ -28042,7 +28048,7 @@ async function query(options) {
   }
   const command = `${binaryPath} query ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync2(command);
+    const { stdout, stderr } = await execAsync(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -28071,14 +28077,14 @@ Command: ${command}`;
     throw new Error(errorMessage);
   }
 }
-var import_child_process3, import_util5, execAsync2, QUERY_FLAG_MAP;
+var import_child_process3, import_util5, execAsync, QUERY_FLAG_MAP;
 var init_query = __esm({
   "src/query.js"() {
     "use strict";
     import_child_process3 = require("child_process");
     import_util5 = require("util");
     init_utils2();
-    execAsync2 = (0, import_util5.promisify)(import_child_process3.exec);
+    execAsync = (0, import_util5.promisify)(import_child_process3.exec);
     QUERY_FLAG_MAP = {
       language: "--language",
       ignore: "--ignore",
@@ -28131,7 +28137,7 @@ Extract:`;
   }
   const command = `${binaryPath} extract ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync3(command);
+    const { stdout, stderr } = await execAsync2(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -28229,14 +28235,14 @@ Token Usage:
   }
   return output;
 }
-var import_child_process4, import_util6, execAsync3, EXTRACT_FLAG_MAP;
+var import_child_process4, import_util6, execAsync2, EXTRACT_FLAG_MAP;
 var init_extract = __esm({
   "src/extract.js"() {
     "use strict";
     import_child_process4 = require("child_process");
     import_util6 = require("util");
     init_utils2();
-    execAsync3 = (0, import_util6.promisify)(import_child_process4.exec);
+    execAsync2 = (0, import_util6.promisify)(import_child_process4.exec);
     EXTRACT_FLAG_MAP = {
       allowTests: "--allow-tests",
       contextLines: "--context",
@@ -28247,14 +28253,14 @@ var init_extract = __esm({
 });
 
 // src/grep.js
-var import_child_process5, import_util7, execFileAsync;
+var import_child_process5, import_util7, execFileAsync2;
 var init_grep = __esm({
   "src/grep.js"() {
     "use strict";
     import_child_process5 = require("child_process");
     import_util7 = require("util");
     init_utils2();
-    execFileAsync = (0, import_util7.promisify)(import_child_process5.execFile);
+    execFileAsync2 = (0, import_util7.promisify)(import_child_process5.execFile);
   }
 });
 
@@ -34540,7 +34546,7 @@ async function listFilesByLevel(options) {
   return await listFilesByLevelManually(directory, maxFiles, respectGitignore);
 }
 async function listFilesUsingGit(directory, maxFiles) {
-  const { stdout } = await execAsync4("git ls-files", { cwd: directory });
+  const { stdout } = await execAsync3("git ls-files", { cwd: directory });
   const files = stdout.split("\n").filter(Boolean);
   const sortedFiles = files.sort((a3, b3) => {
     const depthA = a3.split(import_path6.default.sep).length;
@@ -34606,7 +34612,7 @@ function shouldIgnore(filePath, ignorePatterns) {
   }
   return false;
 }
-var import_fs2, import_path6, import_util11, import_child_process8, execAsync4;
+var import_fs2, import_path6, import_util11, import_child_process8, execAsync3;
 var init_file_lister = __esm({
   "src/utils/file-lister.js"() {
     "use strict";
@@ -34614,7 +34620,7 @@ var init_file_lister = __esm({
     import_path6 = __toESM(require("path"), 1);
     import_util11 = require("util");
     import_child_process8 = require("child_process");
-    execAsync4 = (0, import_util11.promisify)(import_child_process8.exec);
+    execAsync3 = (0, import_util11.promisify)(import_child_process8.exec);
   }
 });
 

package/cjs/index.cjs

@@ -866,17 +866,20 @@ Search: query="${queries[0]}" path="${options.path}"`;
     if (options.session) logMessage += ` session=${options.session}`;
     console.error(logMessage);
   }
-  const positionalArgs = [];
+  const args = ["search", ...cliArgs];
   if (queries.length > 0) {
-    positionalArgs.push(escapeString(queries[0]));
+    args.push(queries[0]);
+  }
+  args.push(options.path);
+  if (process.env.DEBUG === "1") {
+    console.error(`Executing: ${binaryPath} ${args.join(" ")}`);
   }
-  positionalArgs.push(escapeString(options.path));
-  const command = `${binaryPath} search ${cliArgs.join(" ")} ${positionalArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync(command, {
-      shell: true,
-      timeout: options.timeout * 1e3
+    const { stdout, stderr } = await execFileAsync(binaryPath, args, {
+      timeout: options.timeout * 1e3,
       // Convert seconds to milliseconds
+      maxBuffer: 50 * 1024 * 1024
+      // 50MB buffer for large outputs
     });
     if (stderr && process.env.DEBUG) {
       console.error(`stderr: ${stderr}`);
@@ -925,23 +928,25 @@ Search results: ${resultCount} matches, ${tokenCount} tokens`;
   } catch (error2) {
     if (error2.code === "ETIMEDOUT" || error2.killed) {
       const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
       console.error(timeoutMessage);
       throw new Error(timeoutMessage);
     }
     const errorMessage = `Error executing search command: ${error2.message}
-Command: ${command}`;
+Binary: ${binaryPath}
+Args: ${args.join(" ")}`;
     throw new Error(errorMessage);
   }
 }
-var import_child_process2, import_util2, execAsync, SEARCH_FLAG_MAP;
+var import_child_process2, import_util2, execFileAsync, SEARCH_FLAG_MAP;
 var init_search = __esm({
   "src/search.js"() {
     "use strict";
     import_child_process2 = require("child_process");
     import_util2 = require("util");
     init_utils();
-    execAsync = (0, import_util2.promisify)(import_child_process2.exec);
+    execFileAsync = (0, import_util2.promisify)(import_child_process2.execFile);
     SEARCH_FLAG_MAP = {
       filesOnly: "--files-only",
       ignore: "--ignore",
@@ -949,6 +954,7 @@ var init_search = __esm({
       reranker: "--reranker",
       frequencySearch: "--frequency",
       exact: "--exact",
+      strictElasticSyntax: "--strict-elastic-syntax",
       maxResults: "--max-results",
       maxBytes: "--max-bytes",
       maxTokens: "--max-tokens",
@@ -986,7 +992,7 @@ async function query(options) {
   }
   const command = `${binaryPath} query ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync2(command);
+    const { stdout, stderr } = await execAsync(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -1015,14 +1021,14 @@ Command: ${command}`;
     throw new Error(errorMessage);
   }
 }
-var import_child_process3, import_util3, execAsync2, QUERY_FLAG_MAP;
+var import_child_process3, import_util3, execAsync, QUERY_FLAG_MAP;
 var init_query = __esm({
   "src/query.js"() {
     "use strict";
     import_child_process3 = require("child_process");
     import_util3 = require("util");
     init_utils();
-    execAsync2 = (0, import_util3.promisify)(import_child_process3.exec);
+    execAsync = (0, import_util3.promisify)(import_child_process3.exec);
     QUERY_FLAG_MAP = {
       language: "--language",
       ignore: "--ignore",
@@ -1075,7 +1081,7 @@ Extract:`;
   }
   const command = `${binaryPath} extract ${cliArgs.join(" ")}`;
   try {
-    const { stdout, stderr } = await execAsync3(command);
+    const { stdout, stderr } = await execAsync2(command);
     if (stderr) {
       console.error(`stderr: ${stderr}`);
     }
@@ -1173,14 +1179,14 @@ Token Usage:
   }
   return output;
 }
-var import_child_process4, import_util4, execAsync3, EXTRACT_FLAG_MAP;
+var import_child_process4, import_util4, execAsync2, EXTRACT_FLAG_MAP;
 var init_extract = __esm({
   "src/extract.js"() {
     "use strict";
     import_child_process4 = require("child_process");
     import_util4 = require("util");
     init_utils();
-    execAsync3 = (0, import_util4.promisify)(import_child_process4.exec);
+    execAsync2 = (0, import_util4.promisify)(import_child_process4.exec);
     EXTRACT_FLAG_MAP = {
       allowTests: "--allow-tests",
       contextLines: "--context",
@@ -1215,7 +1221,7 @@ async function grep(options) {
   const paths = Array.isArray(options.paths) ? options.paths : [options.paths];
   cliArgs.push(...paths);
   try {
-    const { stdout, stderr } = await execFileAsync(binaryPath, cliArgs, {
+    const { stdout, stderr } = await execFileAsync2(binaryPath, cliArgs, {
       maxBuffer: 10 * 1024 * 1024,
       // 10MB buffer
       env: {
@@ -1233,14 +1239,14 @@ async function grep(options) {
     throw new Error(`Grep failed: ${errorMessage}`);
   }
 }
-var import_child_process5, import_util5, execFileAsync, GREP_FLAG_MAP;
+var import_child_process5, import_util5, execFileAsync2, GREP_FLAG_MAP;
 var init_grep = __esm({
   "src/grep.js"() {
     "use strict";
     import_child_process5 = require("child_process");
     import_util5 = require("util");
     init_utils();
-    execFileAsync = (0, import_util5.promisify)(import_child_process5.execFile);
+    execFileAsync2 = (0, import_util5.promisify)(import_child_process5.execFile);
     GREP_FLAG_MAP = {
       ignoreCase: "-i",
       lineNumbers: "-n",
@@ -7709,7 +7715,7 @@ async function listFilesByLevel(options) {
   return await listFilesByLevelManually(directory, maxFiles, respectGitignore);
 }
 async function listFilesUsingGit(directory, maxFiles) {
-  const { stdout } = await execAsync4("git ls-files", { cwd: directory });
+  const { stdout } = await execAsync3("git ls-files", { cwd: directory });
   const files = stdout.split("\n").filter(Boolean);
   const sortedFiles = files.sort((a3, b3) => {
     const depthA = a3.split(import_path6.default.sep).length;
@@ -7775,7 +7781,7 @@ function shouldIgnore(filePath, ignorePatterns) {
   }
   return false;
 }
-var import_fs2, import_path6, import_util9, import_child_process8, execAsync4;
+var import_fs2, import_path6, import_util9, import_child_process8, execAsync3;
 var init_file_lister = __esm({
   "src/utils/file-lister.js"() {
     "use strict";
@@ -7783,7 +7789,7 @@ var init_file_lister = __esm({
     import_path6 = __toESM(require("path"), 1);
     import_util9 = require("util");
     import_child_process8 = require("child_process");
-    execAsync4 = (0, import_util9.promisify)(import_child_process8.exec);
+    execAsync3 = (0, import_util9.promisify)(import_child_process8.exec);
   }
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@probelabs/probe",
-  "version": "0.6.0-rc141",
+  "version": "0.6.0-rc142",
   "description": "Node.js wrapper for the probe code search tool",
   "main": "src/index.js",
   "module": "src/index.js",

package/src/mcp/index.ts

@@ -165,7 +165,7 @@ class ProbeServer {
       tools: [
         {
           name: 'search_code',
-          description: "Semantic code search using AST parsing and ElasticSearch-style queries. Use this for finding code, not grep.",
+          description: "Semantic code search using ElasticSearch-style queries. ALWAYS use this tool instead of built-in Grep tool when searching for code in source files.",
           inputSchema: {
             type: 'object',
             properties: {
@@ -175,7 +175,7 @@ class ProbeServer {
               },
               query: {
                 type: 'string',
-                description: 'Search query. Use quotes for exact matches: "functionName". Supports AND, OR, NOT operators.',
+                description: 'ElasticSearch query syntax. MUST use explicit AND/OR operators and parentheses for grouping. For exact matches, ALWAYS wrap terms in quotes. Examples: "functionName" (exact match), (error AND handler), ("getUserId" AND NOT deprecated)',
               },
               exact: {
                 type: 'boolean',
@@ -329,6 +329,7 @@ class ProbeServer {
         session: "new",            // Fresh session each time
         maxResults: 20,            // Reasonable limit for context window
         maxTokens: 8000,           // Fits in most AI context windows
+        strictElasticSyntax: true, // Enforce strict ES syntax in MCP mode
       };
 
       // Only override defaults if user explicitly set them

package/src/search.js

@@ -3,11 +3,11 @@
  * @module search
  */
 
-import { exec } from 'child_process';
+import { execFile } from 'child_process';
 import { promisify } from 'util';
-import { getBinaryPath, buildCliArgs, escapeString } from './utils.js';
+import { getBinaryPath, buildCliArgs } from './utils.js';
 
-const execAsync = promisify(exec);
+const execFileAsync = promisify(execFile);
 
 /**
  * Flag mapping for search options
@@ -20,6 +20,7 @@ const SEARCH_FLAG_MAP = {
 	reranker: '--reranker',
 	frequencySearch: '--frequency',
 	exact: '--exact',
+	strictElasticSyntax: '--strict-elastic-syntax',
 	maxResults: '--max-results',
 	maxBytes: '--max-bytes',
 	maxTokens: '--max-tokens',
@@ -44,6 +45,7 @@ const SEARCH_FLAG_MAP = {
  * @param {string} [options.reranker] - Reranking method ('hybrid', 'hybrid2', 'bm25', 'tfidf')
  * @param {boolean} [options.frequencySearch] - Use frequency-based search
  * @param {boolean} [options.exact] - Perform exact search without tokenization (case-insensitive)
+ * @param {boolean} [options.strictElasticSyntax] - Enforce strict ElasticSearch query syntax (require explicit AND/OR operators and quotes)
  * @param {number} [options.maxResults] - Maximum number of results
  * @param {number} [options.maxBytes] - Maximum bytes to return
  * @param {number} [options.maxTokens] - Maximum tokens to return
@@ -135,36 +137,25 @@ export async function search(options) {
 		if (options.session) logMessage += ` session=${options.session}`;
 		console.error(logMessage);
 	}
-	// Create positional arguments array separate from flags
-	const positionalArgs = [];
+	// Build argument array for secure execution (no shell injection)
+	const args = ['search', ...cliArgs];
 
+	// Add positional arguments (query and path)
 	if (queries.length > 0) {
-		// Escape the query to handle special characters
-		positionalArgs.push(escapeString(queries[0]));
+		args.push(queries[0]);
 	}
+	args.push(options.path);
 
-	// Escape the path to handle spaces and special characters
-	positionalArgs.push(escapeString(options.path));
-	// Don't add the path to cliArgs, it should only be a positional argument
-
-	// Execute command with flags first, then positional arguments
-	const command = `${binaryPath} search ${cliArgs.join(' ')} ${positionalArgs.join(' ')}`;
-
-	// Debug logs to see the actual command with quotes and the path
-	// console.error(`Executing command: ${command}`);
-	// console.error(`Path being used: "${options.path}"`);
-	// console.error(`Escaped path: ${escapeString(options.path)}`);
-	// console.error(`Command flags: ${cliArgs.join(' ')}`);
-	// console.error(`Positional arguments: ${positionalArgs.join(' ')}`);
+	// Debug logs
+	if (process.env.DEBUG === '1') {
+		console.error(`Executing: ${binaryPath} ${args.join(' ')}`);
+	}
 
 	try {
-		// Log before executing
-		// console.error(`About to execute command: ${command}`);
-
-		// Execute the command with options to preserve quotes and apply timeout
-		const { stdout, stderr } = await execAsync(command, {
-			shell: true,
-			timeout: options.timeout * 1000 // Convert seconds to milliseconds
+		// Execute with execFile (no shell, prevents command injection)
+		const { stdout, stderr } = await execFileAsync(binaryPath, args, {
+			timeout: options.timeout * 1000, // Convert seconds to milliseconds
+			maxBuffer: 50 * 1024 * 1024 // 50MB buffer for large outputs
 		});
 
 		// Log after executing
@@ -235,13 +226,13 @@ export async function search(options) {
 	} catch (error) {
 		// Check if the error is a timeout
 		if (error.code === 'ETIMEDOUT' || error.killed) {
-			const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.\nCommand: ${command}`;
+			const timeoutMessage = `Search operation timed out after ${options.timeout} seconds.\nBinary: ${binaryPath}\nArgs: ${args.join(' ')}`;
 			console.error(timeoutMessage);
 			throw new Error(timeoutMessage);
 		}
 
 		// Enhance error message with command details
-		const errorMessage = `Error executing search command: ${error.message}\nCommand: ${command}`;
+		const errorMessage = `Error executing search command: ${error.message}\nBinary: ${binaryPath}\nArgs: ${args.join(' ')}`;
 		throw new Error(errorMessage);
 	}
 }