@runsec/mcp 1.0.87 → 1.0.88

package/dist/index.js

@@ -6066,6 +6066,19 @@ function localhostAlternateUploadUrl(url) {
     return null;
   }
 }
+function hubUploadUrlCandidates(primaryUrl) {
+  const urls = [];
+  const add = (candidate) => {
+    const trimmed = candidate?.trim();
+    if (trimmed && !urls.includes(trimmed)) urls.push(trimmed);
+  };
+  add(primaryUrl);
+  const direct = process.env.RUNSEC_HUB_DIRECT_ORIGIN?.trim();
+  if (direct) add(appendUploadPath(direct));
+  add(localhostAlternateUploadUrl(primaryUrl));
+  add(dockerInternalAlternateUploadUrl(primaryUrl));
+  return urls;
+}
 function dockerInternalAlternateUploadUrl(url) {
   if (!isDockerRuntime()) return null;
   try {
@@ -6195,7 +6208,7 @@ function formatHubSyncErrorMessage(error, targetUrl, response, responseBody) {
     message += `. Body: ${responseBody.trim().slice(0, 300)}`;
   }
   if (status === "n/a" && /fetch failed|ECONNRESET|ECONNREFUSED|ENOTFOUND|ETIMEDOUT|CERT|SSL|TLS/i.test(err.message + code)) {
-    message += ". Hint: check network/VPN/firewall, retry the scan, or set RUNSEC_HUB_URL to your Hub origin (NEXT_PUBLIC_APP_URL).";
+    message += ". Hint: if Hub uses Cloudflare Tunnel, set HTTP Host Header to runsec.io (not localhost:3000) in the tunnel public hostname settings, or set RUNSEC_HUB_DIRECT_ORIGIN=http://YOUR_SERVER_IP:3000 in MCP env to bypass the tunnel.";
   }
   return message;
 }
@@ -6213,12 +6226,17 @@ function slimFindingForHubUpload(finding) {
     suppression_reason: finding.suppression_reason
   };
 }
-function buildSuppressedSummaryForHub(findings) {
+function buildSuppressedSummaryForHub(findings, includeLocations) {
   const byReason = {};
-  const locations = [];
   for (const f of findings) {
     const reason = String(f.suppression_reason ?? "cognitive_suppressed");
     byReason[reason] = (byReason[reason] ?? 0) + 1;
+  }
+  const summary = { total: findings.length, by_reason: byReason };
+  if (!includeLocations) return summary;
+  const locations = [];
+  for (const f of findings) {
+    const reason = String(f.suppression_reason ?? "cognitive_suppressed");
     locations.push({
       file_path: f.file_path,
       line: f.line ?? 0,
@@ -6228,7 +6246,8 @@ function buildSuppressedSummaryForHub(findings) {
       severity: f.severity
     });
   }
-  return { total: findings.length, by_reason: byReason, locations };
+  summary.locations = locations;
+  return summary;
 }
 function slimEngineSummaryForHub(engineSummary) {
   if (!engineSummary) return void 0;
@@ -6252,9 +6271,43 @@ function slimReportMetricsForHub(reportMetrics) {
     engine_summary: slimEngineSummaryForHub(engine_summary)
   };
 }
+function minimalRunsecJsonForHubUpload(result, workspacePath, verdict, metrics, compliance, complianceASVS) {
+  return {
+    source: "runsec_mcp",
+    transport: "minimal",
+    standard: result.standard,
+    workspace_path: workspacePath,
+    verdict,
+    metrics,
+    compliance,
+    complianceASVS,
+    duration_ms: result.duration_ms,
+    findings_count: result.findings_count,
+    cognitive_suppressed_count: result.cognitive_suppressed_count,
+    findings_suppressed_summary: buildSuppressedSummaryForHub(result.findings_suppressed, false),
+    cognitive: result.cognitive,
+    engine_summary: slimEngineSummaryForHub(result.engine_summary),
+    verdict_detail: {
+      status: result.verdict?.status,
+      blocking_findings_count: result.verdict?.blocking_findings_count,
+      primary_findings_count: result.verdict?.primary_findings_count
+    }
+  };
+}
 function slimRunsecJsonForHubUpload(result, reportMetrics, workspacePath, verdict, metrics, compliance, complianceASVS) {
+  if (process.env.RUNSEC_HUB_FULL_UPLOAD !== "1") {
+    return minimalRunsecJsonForHubUpload(
+      result,
+      workspacePath,
+      verdict,
+      metrics,
+      compliance,
+      complianceASVS
+    );
+  }
   return {
     source: "runsec_mcp",
+    transport: "full",
     standard: result.standard,
     workspace_path: workspacePath,
     verdict,
@@ -6263,7 +6316,7 @@ function slimRunsecJsonForHubUpload(result, reportMetrics, workspacePath, verdic
     complianceASVS,
     report_metrics: slimReportMetricsForHub(reportMetrics),
     findings: result.findings.map(slimFindingForHubUpload),
-    findings_suppressed_summary: buildSuppressedSummaryForHub(result.findings_suppressed),
+    findings_suppressed_summary: buildSuppressedSummaryForHub(result.findings_suppressed, true),
     findings_suppressed_count: result.findings_suppressed.length,
     duration_ms: result.duration_ms,
     findings_count: result.findings_count,
@@ -6274,6 +6327,32 @@ function slimRunsecJsonForHubUpload(result, reportMetrics, workspacePath, verdic
     verdict_detail: result.verdict
   };
 }
+function toMinimalHubPayload(payload) {
+  const runsecJson = payload.runsecJson ?? {};
+  const minimalJson = {
+    source: "runsec_mcp",
+    transport: "minimal",
+    workspace_path: runsecJson.workspace_path,
+    standard: runsecJson.standard,
+    verdict: payload.verdict,
+    metrics: payload.metrics,
+    compliance: runsecJson.compliance,
+    complianceASVS: runsecJson.complianceASVS,
+    cognitive: runsecJson.cognitive,
+    findings_suppressed_summary: runsecJson.findings_suppressed_summary,
+    findings_suppressed_count: runsecJson.findings_suppressed_count,
+    duration_ms: runsecJson.duration_ms,
+    findings_count: runsecJson.findings_count,
+    engine_summary: runsecJson.engine_summary,
+    verdict_detail: runsecJson.verdict_detail
+  };
+  return {
+    projectId: payload.projectId,
+    verdict: payload.verdict,
+    metrics: payload.metrics,
+    runsecJson: minimalJson
+  };
+}
 function logHubSyncFailure(message, error, targetUrl) {
   if (error != null && targetUrl) {
     dumpHubNetworkError(error, targetUrl);
@@ -6427,39 +6506,44 @@ async function uploadScanResultsToHub(payload, apiKey) {
     console.warn("[runsec] Hub telemetry skipped: API key missing");
     return { success: false, message: "Sync failed: API key missing" };
   }
-  const url = resolveHubUploadUrl();
-  const payloadBytes = Buffer.byteLength(JSON.stringify(payload), "utf8");
-  console.error(`[runsec] Hub telemetry upload \u2192 ${url} (${payloadBytes} bytes)`);
-  const attemptUpload = async (targetUrl) => {
-    const errors = [];
-    const urls = [targetUrl];
-    const localhostAlt = localhostAlternateUploadUrl(targetUrl);
-    if (localhostAlt && localhostAlt !== targetUrl) urls.push(localhostAlt);
-    const dockerAlt = dockerInternalAlternateUploadUrl(targetUrl);
-    if (dockerAlt && !urls.includes(dockerAlt)) urls.push(dockerAlt);
-    let lastError = new Error("No upload attempts made");
-    for (let i = 0; i < urls.length; i++) {
-      const tryUrl = urls[i];
-      if (i > 0) {
-        console.error(`[runsec] Hub telemetry retry \u2192 ${tryUrl}`);
-      }
-      try {
-        return await postHubUpload(tryUrl, trimmedKey, payload);
-      } catch (err) {
-        lastError = err;
-        errors.push(err);
-        dumpHubNetworkError(err, tryUrl);
-      }
-    }
-    throw lastError;
-  };
+  const primaryUrl = resolveHubUploadUrl();
+  const uploadUrls = hubUploadUrlCandidates(primaryUrl);
+  const payloadVariants = [
+    { label: "minimal", body: payload },
+    { label: "minimal-fallback", body: toMinimalHubPayload(payload) }
+  ];
+  const seenPayloads = /* @__PURE__ */ new Set();
+  const uniqueVariants = payloadVariants.filter((variant) => {
+    const key = JSON.stringify(variant.body);
+    if (seenPayloads.has(key)) return false;
+    seenPayloads.add(key);
+    return true;
+  });
+  console.error(
+    `[runsec] Hub telemetry upload targets: ${uploadUrls.join(" \u2192 ")} (${uniqueVariants[0] ? Buffer.byteLength(JSON.stringify(uniqueVariants[0].body), "utf8") : 0} bytes, mode=${String(uniqueVariants[0]?.body.runsecJson.transport ?? "minimal")})`
+  );
+  let lastNetworkError = new Error("No upload attempts made");
+  let lastTryUrl = primaryUrl;
   try {
     let response;
-    try {
-      response = await attemptUpload(url);
-    } catch (networkError) {
-      const message = formatHubSyncErrorMessage(networkError, url);
-      logHubSyncFailure(message, networkError, url);
+    outer: for (const variant of uniqueVariants) {
+      for (const tryUrl of uploadUrls) {
+        lastTryUrl = tryUrl;
+        const bytes = Buffer.byteLength(JSON.stringify(variant.body), "utf8");
+        console.error(`[runsec] Hub upload attempt (${variant.label}, ${bytes} bytes) \u2192 ${tryUrl}`);
+        try {
+          response = await postHubUpload(tryUrl, trimmedKey, variant.body);
+          break outer;
+        } catch (err) {
+          lastNetworkError = err;
+          dumpHubNetworkError(err, tryUrl);
+          if (!isRetryableHubNetworkError(err)) break;
+        }
+      }
+    }
+    if (!response) {
+      const message = formatHubSyncErrorMessage(lastNetworkError, lastTryUrl);
+      logHubSyncFailure(message, lastNetworkError, lastTryUrl);
       return { success: false, message };
     }
     if (!response.ok) {
@@ -6469,11 +6553,11 @@ async function uploadScanResultsToHub(payload, apiKey) {
       const httpMessage = detailSnippet || statusLabel;
       const message = formatHubSyncErrorMessage(
         new Error(httpMessage),
-        url,
+        lastTryUrl,
         response,
         detailSnippet
       );
-      logHubSyncFailure(message, new Error(httpMessage), url);
+      logHubSyncFailure(message, new Error(httpMessage), lastTryUrl);
       return {
         success: false,
         message
@@ -6492,8 +6576,8 @@ async function uploadScanResultsToHub(payload, apiKey) {
       projectId
     };
   } catch (error) {
-    const message = formatHubSyncErrorMessage(error, url);
-    logHubSyncFailure(message, error, url);
+    const message = formatHubSyncErrorMessage(error, lastTryUrl);
+    logHubSyncFailure(message, error, lastTryUrl);
     return { success: false, message };
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runsec/mcp",
-  "version": "1.0.87",
+  "version": "1.0.88",
   "main": "dist/index.js",
   "files": [
     "package.json",