@probelabs/probe 0.6.0-rc207 → 0.6.0-rc209

package/src/agent/ProbeAgent.js

@@ -210,7 +210,8 @@ export class ProbeAgent {
     this.maxIterations = options.maxIterations || null;
     this.disableMermaidValidation = !!options.disableMermaidValidation;
     this.disableJsonValidation = !!options.disableJsonValidation;
-    this.enableSkills = options.disableSkills ? false : (options.enableSkills !== undefined ? !!options.enableSkills : true);
+    // Skills are disabled by default; enable via allowSkills or enableSkills
+    this.enableSkills = options.disableSkills ? false : !!(options.allowSkills || options.enableSkills);
     if (Array.isArray(options.skillDirs)) {
       this.skillDirs = options.skillDirs;
     } else if (typeof options.skillDirs === 'string') {

package/src/agent/bashPermissions.js

@@ -85,9 +85,11 @@ export class BashPermissionChecker {
    * @param {boolean} [config.disableDefaultAllow] - Disable default allow list
    * @param {boolean} [config.disableDefaultDeny] - Disable default deny list
    * @param {boolean} [config.debug] - Enable debug logging
+   * @param {Object} [config.tracer] - Optional tracer for telemetry
    */
   constructor(config = {}) {
     this.debug = config.debug || false;
+    this.tracer = config.tracer || null;
     
     // Build allow patterns
     this.allowPatterns = [];
@@ -122,6 +124,27 @@ export class BashPermissionChecker {
     if (this.debug) {
       console.log(`[BashPermissions] Total patterns - Allow: ${this.allowPatterns.length}, Deny: ${this.denyPatterns.length}`);
     }
+
+    // Record initialization event
+    this.recordBashEvent('permissions.initialized', {
+      allowPatternCount: this.allowPatterns.length,
+      denyPatternCount: this.denyPatterns.length,
+      hasCustomAllowPatterns: !!(config.allow && config.allow.length > 0),
+      hasCustomDenyPatterns: !!(config.deny && config.deny.length > 0),
+      disableDefaultAllow: !!config.disableDefaultAllow,
+      disableDefaultDeny: !!config.disableDefaultDeny
+    });
+  }
+
+  /**
+   * Record a bash telemetry event if tracer is available
+   * @param {string} eventType - Event type (e.g., 'permission.checked', 'permission.denied')
+   * @param {Object} data - Event data
+   */
+  recordBashEvent(eventType, data = {}) {
+    if (this.tracer && typeof this.tracer.recordBashEvent === 'function') {
+      this.tracer.recordBashEvent(eventType, data);
+    }
   }
 
   /**
@@ -131,11 +154,17 @@ export class BashPermissionChecker {
    */
   check(command) {
     if (!command || typeof command !== 'string') {
-      return {
+      const result = {
         allowed: false,
         reason: 'Invalid or empty command',
         command: command
       };
+      this.recordBashEvent('permission.denied', {
+        command: String(command),
+        reason: result.reason,
+        isComplex: false
+      });
+      return result;
     }
 
     // Check if this is a complex command
@@ -150,19 +179,32 @@ export class BashPermissionChecker {
     const parsed = parseCommand(command);
 
     if (parsed.error) {
-      return {
+      const result = {
         allowed: false,
         reason: parsed.error,
         command: command
       };
+      this.recordBashEvent('permission.denied', {
+        command,
+        reason: result.reason,
+        isComplex: false,
+        parseError: true
+      });
+      return result;
     }
 
     if (!parsed.command) {
-      return {
+      const result = {
         allowed: false,
         reason: 'No valid command found',
         command: command
       };
+      this.recordBashEvent('permission.denied', {
+        command,
+        reason: result.reason,
+        isComplex: false
+      });
+      return result;
     }
 
     if (this.debug) {
@@ -173,24 +215,39 @@ export class BashPermissionChecker {
     // Check deny patterns first (deny takes precedence)
     if (matchesAnyPattern(parsed, this.denyPatterns)) {
       const matchedPatterns = this.denyPatterns.filter(pattern => matchesPattern(parsed, pattern));
-      return {
+      const result = {
         allowed: false,
         reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
         command: command,
         parsed: parsed,
         matchedPatterns: matchedPatterns
       };
+      this.recordBashEvent('permission.denied', {
+        command,
+        parsedCommand: parsed.command,
+        reason: 'matches_deny_pattern',
+        matchedPattern: matchedPatterns[0],
+        isComplex: false
+      });
+      return result;
     }
 
     // Check allow patterns
     if (this.allowPatterns.length > 0) {
       if (!matchesAnyPattern(parsed, this.allowPatterns)) {
-        return {
+        const result = {
           allowed: false,
           reason: 'Command not in allow list',
           command: command,
           parsed: parsed
         };
+        this.recordBashEvent('permission.denied', {
+          command,
+          parsedCommand: parsed.command,
+          reason: 'not_in_allow_list',
+          isComplex: false
+        });
+        return result;
       }
     }
 
@@ -206,6 +263,12 @@ export class BashPermissionChecker {
       console.log(`[BashPermissions] ALLOWED - command passed all checks`);
     }
 
+    this.recordBashEvent('permission.allowed', {
+      command,
+      parsedCommand: parsed.command,
+      isComplex: false
+    });
+
     return result;
   }
 
@@ -235,13 +298,20 @@ export class BashPermissionChecker {
         if (this.debug) {
           console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
         }
-        return {
+        const result = {
           allowed: false,
           reason: `Command matches deny pattern: ${pattern}`,
           command: command,
           isComplex: true,
           matchedPatterns: [pattern]
         };
+        this.recordBashEvent('permission.denied', {
+          command,
+          reason: 'matches_deny_pattern',
+          matchedPattern: pattern,
+          isComplex: true
+        });
+        return result;
       }
     }
 
@@ -251,12 +321,18 @@ export class BashPermissionChecker {
         if (this.debug) {
           console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
         }
-        return {
+        const result = {
           allowed: true,
           command: command,
           isComplex: true,
           matchedPattern: pattern
         };
+        this.recordBashEvent('permission.allowed', {
+          command,
+          matchedPattern: pattern,
+          isComplex: true
+        });
+        return result;
       }
     }
 
@@ -264,6 +340,11 @@ export class BashPermissionChecker {
     if (this.debug) {
       console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
     }
+    this.recordBashEvent('permission.denied', {
+      command,
+      reason: 'no_matching_complex_pattern',
+      isComplex: true
+    });
     return {
       allowed: false,
       reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',

package/src/agent/index.js

@@ -138,7 +138,7 @@ function parseArgs() {
     noMermaidValidation: false, // New flag to disable mermaid validation
     allowedTools: null, // Tool filtering: ['*'] = all, [] = none, ['tool1', 'tool2'] = specific
     disableTools: false, // Convenience flag to disable all tools
-    disableSkills: false, // Disable skill discovery and activation
+    allowSkills: false, // Enable skill discovery and activation (disabled by default)
     skillDirs: null, // Comma-separated list of repo-relative skill directories
     // Task management
     enableTasks: false, // Enable task tracking for progress management
@@ -212,8 +212,8 @@ function parseArgs() {
     } else if (arg === '--disable-tools') {
       // Convenience flag to disable all tools (raw AI mode)
       config.disableTools = true;
-    } else if (arg === '--no-skills') {
-      config.disableSkills = true;
+    } else if (arg === '--allow-skills') {
+      config.allowSkills = true;
     } else if (arg === '--skills-dir' && i + 1 < args.length) {
       config.skillDirs = args[++i].split(',').map(dir => dir.trim()).filter(Boolean);
     } else if (arg === '--allow-tasks') {
@@ -280,8 +280,8 @@ Options:
                                    Supports exclusion: '*,!bash' (all except bash)
   --disable-tools                  Disable all tools (raw AI mode, no code analysis)
                                    Convenience flag equivalent to --allowed-tools none
+  --allow-skills                   Enable skill discovery and activation (disabled by default)
   --skills-dir <dirs>              Comma-separated list of repo-relative skill directories to scan
-  --no-skills                      Disable skill discovery and activation
   --allow-tasks                    Enable task management for tracking multi-step progress
   --verbose                        Enable verbose output
   --outline                        Use outline-xml format for code search results
@@ -841,7 +841,7 @@ async function main() {
       disableMermaidValidation: config.noMermaidValidation,
       allowedTools: config.allowedTools,
       disableTools: config.disableTools,
-      enableSkills: !config.disableSkills,
+      allowSkills: config.allowSkills,
       skillDirs: config.skillDirs,
       enableBash: config.enableBash,
       bashConfig: bashConfig,

package/src/agent/mcp/client.js

@@ -9,6 +9,47 @@ import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
 import { WebSocketClientTransport } from '@modelcontextprotocol/sdk/client/websocket.js';
 import { loadMCPConfiguration, parseEnabledServers, DEFAULT_TIMEOUT } from './config.js';
 
+/**
+ * Check if a method is allowed based on server's method filter configuration
+ * Supports wildcard patterns (e.g., "*_read", "search_*", "prefix_*_suffix")
+ * @param {string} methodName - The method name to check
+ * @param {string[]|null} allowedMethods - Array of allowed method patterns (null = all allowed)
+ * @param {string[]|null} blockedMethods - Array of blocked method patterns (null = none blocked)
+ * @returns {boolean} Whether the method is allowed
+ */
+export function isMethodAllowed(methodName, allowedMethods, blockedMethods) {
+  /**
+   * Check if a method name matches a pattern
+   * Supports * wildcard which matches any characters
+   * @param {string} name - Method name to check
+   * @param {string} pattern - Pattern to match against (may contain *)
+   * @returns {boolean} Whether the name matches the pattern
+   */
+  const matchesPattern = (name, pattern) => {
+    if (!pattern.includes('*')) {
+      return name === pattern;
+    }
+    // Convert pattern to regex: escape special chars, replace * with .*
+    const regexPattern = pattern
+      .replace(/[.+?^${}()|[\]\\]/g, '\\$&')  // Escape special regex chars
+      .replace(/\*/g, '.*');                    // Replace * with .*
+    return new RegExp(`^${regexPattern}$`).test(name);
+  };
+
+  // If allowedMethods is specified (whitelist mode), only those methods are allowed
+  if (allowedMethods && allowedMethods.length > 0) {
+    return allowedMethods.some(pattern => matchesPattern(methodName, pattern));
+  }
+
+  // If blockedMethods is specified (blacklist mode), all methods except those are allowed
+  if (blockedMethods && blockedMethods.length > 0) {
+    return !blockedMethods.some(pattern => matchesPattern(methodName, pattern));
+  }
+
+  // No filter specified - all methods are allowed
+  return true;
+}
+
 /**
  * Create transport based on configuration
  * @param {Object} serverConfig - Server configuration
@@ -117,6 +158,18 @@ export class MCPClientManager {
     this.tools = new Map();
     this.debug = options.debug || process.env.DEBUG_MCP === '1';
     this.config = null;
+    this.tracer = options.tracer || null;
+  }
+
+  /**
+   * Record an MCP telemetry event if tracer is available
+   * @param {string} eventType - Event type (e.g., 'server.connect', 'tool.discovered')
+   * @param {Object} data - Event data
+   */
+  recordMcpEvent(eventType, data = {}) {
+    if (this.tracer && typeof this.tracer.recordMcpEvent === 'function') {
+      this.tracer.recordMcpEvent(eventType, data);
+    }
   }
 
   /**
@@ -128,12 +181,24 @@ export class MCPClientManager {
     this.config = config || loadMCPConfiguration();
     const servers = parseEnabledServers(this.config);
 
+    // Record initialization start
+    this.recordMcpEvent('initialization.started', {
+      serverCount: servers.length,
+      serverNames: servers.map(s => s.name)
+    });
+
     // Always log the number of servers found
     console.error(`[MCP INFO] Found ${servers.length} enabled MCP server${servers.length !== 1 ? 's' : ''}`);
 
     if (servers.length === 0) {
       console.error('[MCP INFO] No MCP servers configured or enabled');
       console.error('[MCP INFO] 0 MCP tools available');
+      this.recordMcpEvent('initialization.completed', {
+        connected: 0,
+        total: 0,
+        toolCount: 0,
+        tools: []
+      });
       return {
         connected: 0,
         total: 0,
@@ -178,10 +243,19 @@ export class MCPClientManager {
       });
     }
 
+    // Record initialization completion
+    const toolNames = Array.from(this.tools.keys());
+    this.recordMcpEvent('initialization.completed', {
+      connected: connectedCount,
+      total: servers.length,
+      toolCount: this.tools.size,
+      tools: toolNames
+    });
+
     return {
       connected: connectedCount,
       total: servers.length,
-      tools: Array.from(this.tools.keys())
+      tools: toolNames
     };
   }
 
@@ -192,6 +266,14 @@ export class MCPClientManager {
   async connectToServer(serverConfig) {
     const { name } = serverConfig;
 
+    // Record connection attempt
+    this.recordMcpEvent('server.connecting', {
+      serverName: name,
+      transport: serverConfig.transport,
+      hasAllowedMethods: !!(serverConfig.allowedMethods && serverConfig.allowedMethods.length > 0),
+      hasBlockedMethods: !!(serverConfig.blockedMethods && serverConfig.blockedMethods.length > 0)
+    });
+
     try {
       if (this.debug) {
         console.error(`[MCP DEBUG] Connecting to ${name} via ${serverConfig.transport}...`);
@@ -223,10 +305,34 @@ export class MCPClientManager {
 
       // Fetch and register tools
       const toolsResponse = await client.listTools();
-      const toolCount = toolsResponse?.tools?.length || 0;
+      const totalToolCount = toolsResponse?.tools?.length || 0;
+      let registeredCount = 0;
+      let filteredCount = 0;
+      const registeredTools = [];
+      const filteredTools = [];
 
       if (toolsResponse && toolsResponse.tools) {
+        const { allowedMethods, blockedMethods } = serverConfig;
+        const allToolNames = toolsResponse.tools.map(t => t.name);
+
+        // Record tools discovered from server
+        this.recordMcpEvent('tools.discovered', {
+          serverName: name,
+          toolCount: totalToolCount,
+          tools: allToolNames
+        });
+
         for (const tool of toolsResponse.tools) {
+          // Apply method filtering based on server config
+          if (!isMethodAllowed(tool.name, allowedMethods, blockedMethods)) {
+            filteredCount++;
+            filteredTools.push(tool.name);
+            if (this.debug) {
+              console.error(`[MCP DEBUG]     Filtered out tool: ${tool.name} (not allowed by method filter)`);
+            }
+            continue;
+          }
+
           // Add server prefix to avoid conflicts
           const qualifiedName = `${name}_${tool.name}`;
           this.tools.set(qualifiedName, {
@@ -234,14 +340,68 @@ export class MCPClientManager {
             serverName: name,
             originalName: tool.name
           });
+          registeredCount++;
+          registeredTools.push(qualifiedName);
 
           if (this.debug) {
             console.error(`[MCP DEBUG]     Registered tool: ${qualifiedName}`);
           }
         }
+
+        // Record method filtering results if any filtering was applied
+        if (filteredCount > 0) {
+          this.recordMcpEvent('tools.filtered', {
+            serverName: name,
+            filteredCount,
+            filteredTools,
+            allowedMethods: allowedMethods || [],
+            blockedMethods: blockedMethods || []
+          });
+        }
+
+        // Check for unmatched patterns in allowedMethods and warn users
+        if (allowedMethods && allowedMethods.length > 0) {
+          const unmatchedPatterns = allowedMethods.filter(pattern => {
+            // Check if this pattern matches at least one tool
+            return !allToolNames.some(toolName => isMethodAllowed(toolName, [pattern], null));
+          });
+
+          if (unmatchedPatterns.length > 0) {
+            console.error(`[MCP WARN] Server '${name}': The following allowedMethods patterns did not match any tools: ${unmatchedPatterns.join(', ')}`);
+            console.error(`[MCP WARN] Available methods from '${name}': ${allToolNames.join(', ')}`);
+          }
+        }
+
+        // Check for unmatched patterns in blockedMethods and warn users
+        if (blockedMethods && blockedMethods.length > 0) {
+          const unmatchedPatterns = blockedMethods.filter(pattern => {
+            // Check if this pattern matches at least one tool
+            return !allToolNames.some(toolName => !isMethodAllowed(toolName, null, [pattern]));
+          });
+
+          if (unmatchedPatterns.length > 0) {
+            console.error(`[MCP WARN] Server '${name}': The following blockedMethods patterns did not match any tools: ${unmatchedPatterns.join(', ')}`);
+            console.error(`[MCP WARN] Available methods from '${name}': ${allToolNames.join(', ')}`);
+          }
+        }
+      }
+
+      // Log connection result with filtering info
+      if (filteredCount > 0) {
+        console.error(`[MCP INFO] Connected to ${name}: ${registeredCount} tool${registeredCount !== 1 ? 's' : ''} loaded (${filteredCount} filtered out)`);
+      } else {
+        console.error(`[MCP INFO] Connected to ${name}: ${registeredCount} tool${registeredCount !== 1 ? 's' : ''} loaded`);
       }
 
-      console.error(`[MCP INFO] Connected to ${name}: ${toolCount} tool${toolCount !== 1 ? 's' : ''} loaded`);
+      // Record successful connection
+      this.recordMcpEvent('server.connected', {
+        serverName: name,
+        transport: serverConfig.transport,
+        totalToolCount,
+        registeredCount,
+        filteredCount,
+        registeredTools
+      });
 
       return true;
     } catch (error) {
@@ -249,6 +409,14 @@ export class MCPClientManager {
       if (this.debug) {
         console.error(`[MCP DEBUG] Full error details:`, error);
       }
+
+      // Record connection failure
+      this.recordMcpEvent('server.connection_failed', {
+        serverName: name,
+        transport: serverConfig.transport,
+        error: error.message
+      });
+
       return false;
     }
   }
@@ -261,14 +429,32 @@ export class MCPClientManager {
   async callTool(toolName, args) {
     const tool = this.tools.get(toolName);
     if (!tool) {
+      this.recordMcpEvent('tool.call_failed', {
+        toolName,
+        error: 'Unknown tool'
+      });
       throw new Error(`Unknown tool: ${toolName}`);
     }
 
     const clientInfo = this.clients.get(tool.serverName);
     if (!clientInfo) {
+      this.recordMcpEvent('tool.call_failed', {
+        toolName,
+        serverName: tool.serverName,
+        error: 'Server not connected'
+      });
       throw new Error(`Server ${tool.serverName} not connected`);
     }
 
+    const startTime = Date.now();
+
+    // Record tool call start
+    this.recordMcpEvent('tool.call_started', {
+      toolName,
+      serverName: tool.serverName,
+      originalToolName: tool.originalName
+    });
+
     try {
       if (this.debug) {
         console.error(`[MCP DEBUG] Calling ${toolName} with args:`, JSON.stringify(args, null, 2));
@@ -288,24 +474,48 @@ export class MCPClientManager {
       });
 
       // Race between the actual call and timeout
+      // Pass timeout to SDK's callTool to override its default 60s timeout
       const result = await Promise.race([
         clientInfo.client.callTool({
           name: tool.originalName,
           arguments: args
-        }),
+        }, undefined, { timeout }),
         timeoutPromise
       ]);
 
+      const durationMs = Date.now() - startTime;
+
       if (this.debug) {
         console.error(`[MCP DEBUG] Tool ${toolName} executed successfully`);
       }
 
+      // Record successful tool call
+      this.recordMcpEvent('tool.call_completed', {
+        toolName,
+        serverName: tool.serverName,
+        originalToolName: tool.originalName,
+        durationMs
+      });
+
       return result;
     } catch (error) {
+      const durationMs = Date.now() - startTime;
+
       console.error(`[MCP ERROR] Error calling tool ${toolName}:`, error.message);
       if (this.debug) {
         console.error(`[MCP DEBUG] Full error details:`, error);
       }
+
+      // Record failed tool call
+      this.recordMcpEvent('tool.call_failed', {
+        toolName,
+        serverName: tool.serverName,
+        originalToolName: tool.originalName,
+        error: error.message,
+        durationMs,
+        isTimeout: error.message.includes('timeout')
+      });
+
       throw error;
     }
   }
@@ -357,6 +567,7 @@ export class MCPClientManager {
    */
   async disconnect() {
     const disconnectPromises = [];
+    const serverNames = Array.from(this.clients.keys());
 
     if (this.clients.size === 0) {
       if (this.debug) {
@@ -365,6 +576,12 @@ export class MCPClientManager {
       return;
     }
 
+    // Record disconnection start
+    this.recordMcpEvent('disconnection.started', {
+      serverCount: this.clients.size,
+      serverNames
+    });
+
     if (this.debug) {
       console.error(`[MCP DEBUG] Disconnecting from ${this.clients.size} MCP server${this.clients.size !== 1 ? 's' : ''}...`);
     }
@@ -376,9 +593,16 @@ export class MCPClientManager {
             if (this.debug) {
               console.error(`[MCP DEBUG] Disconnected from ${name}`);
             }
+            this.recordMcpEvent('server.disconnected', {
+              serverName: name
+            });
           })
           .catch(error => {
             console.error(`[MCP ERROR] Error disconnecting from ${name}:`, error.message);
+            this.recordMcpEvent('server.disconnect_failed', {
+              serverName: name,
+              error: error.message
+            });
           })
       );
     }
@@ -387,6 +611,12 @@ export class MCPClientManager {
     this.clients.clear();
     this.tools.clear();
 
+    // Record disconnection completion
+    this.recordMcpEvent('disconnection.completed', {
+      serverCount: serverNames.length,
+      serverNames
+    });
+
     if (this.debug) {
       console.error('[MCP DEBUG] All MCP connections closed');
     }
@@ -405,5 +635,6 @@ export async function createMCPManager(options = {}) {
 export default {
   MCPClientManager,
   createMCPManager,
-  createTransport
+  createTransport,
+  isMethodAllowed
 };