npm - @sanctuary-framework/mcp-server - Versions diffs - 0.5.2 → 0.5.3 - Mend

@sanctuary-framework/mcp-server 0.5.2 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -38,6 +38,8 @@ interface SanctuaryConfig {
         host: string;
         /** Bearer token for dashboard auth. If "auto", one is generated at startup. */
         auth_token?: string;
+        /** Auto-open dashboard in default browser on startup. Default: true for localhost. */
+        auto_open?: boolean;
         /** TLS cert/key paths for HTTPS dashboard. */
         tls?: {
             cert_path: string;
@@ -1986,6 +1988,8 @@ interface DashboardConfig {
         cert_path: string;
         key_path: string;
     };
+    /** Auto-open the dashboard in the default browser on startup. Default: true for localhost. */
+    auto_open?: boolean;
 }
 declare class DashboardApprovalChannel implements ApprovalChannel {
     private config;
@@ -2133,6 +2137,12 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Broadcast current protection status to connected dashboards.
      */
     broadcastProtectionStatus(data: Record<string, unknown>): void;
+    /**
+     * Open a URL in the system's default browser.
+     * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
+     * Fails silently — dashboard still works via terminal URL.
+     */
+    private openInBrowser;
     /**
      * Create a pre-authenticated URL for the dashboard.
      * Used by the sanctuary_dashboard_open tool and at startup.

package/dist/index.d.ts CHANGED Viewed

@@ -38,6 +38,8 @@ interface SanctuaryConfig {
         host: string;
         /** Bearer token for dashboard auth. If "auto", one is generated at startup. */
         auth_token?: string;
+        /** Auto-open dashboard in default browser on startup. Default: true for localhost. */
+        auto_open?: boolean;
         /** TLS cert/key paths for HTTPS dashboard. */
         tls?: {
             cert_path: string;
@@ -1986,6 +1988,8 @@ interface DashboardConfig {
         cert_path: string;
         key_path: string;
     };
+    /** Auto-open the dashboard in the default browser on startup. Default: true for localhost. */
+    auto_open?: boolean;
 }
 declare class DashboardApprovalChannel implements ApprovalChannel {
     private config;
@@ -2133,6 +2137,12 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Broadcast current protection status to connected dashboards.
      */
     broadcastProtectionStatus(data: Record<string, unknown>): void;
+    /**
+     * Open a URL in the system's default browser.
+     * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
+     * Fails silently — dashboard still works via terminal URL.
+     */
+    private openInBrowser;
     /**
      * Create a pre-authenticated URL for the dashboard.
      * Used by the sanctuary_dashboard_open tool and at startup.

package/dist/index.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { sha256 } from '@noble/hashes/sha256';
 import { hmac } from '@noble/hashes/hmac';
 import { readFile, mkdir, writeFile, stat, unlink, readdir, chmod, access } from 'fs/promises';
 import { join } from 'path';
-import { homedir } from 'os';
+import { platform, homedir } from 'os';
 import { createRequire } from 'module';
 import { randomBytes as randomBytes$1, createHmac } from 'crypto';
 import { gcm } from '@noble/ciphers/aes.js';
@@ -14,7 +14,7 @@ import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprot
 import { createServer as createServer$2 } from 'http';
 import { createServer as createServer$1 } from 'https';
 import { readFileSync, statSync } from 'fs';
-import { execSync } from 'child_process';
+import { exec, execSync } from 'child_process';
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -290,6 +290,12 @@ async function loadConfig(configPath) {
   if (process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN) {
     config.dashboard.auth_token = process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN;
   }
+  if (process.env.SANCTUARY_DASHBOARD_AUTO_OPEN === "true") {
+    config.dashboard.auto_open = true;
+  }
+  if (process.env.SANCTUARY_DASHBOARD_AUTO_OPEN === "false") {
+    config.dashboard.auto_open = false;
+  }
   if (process.env.SANCTUARY_DASHBOARD_TLS_CERT && process.env.SANCTUARY_DASHBOARD_TLS_KEY) {
     config.dashboard.tls = {
       cert_path: process.env.SANCTUARY_DASHBOARD_TLS_CERT,
@@ -5712,26 +5718,26 @@ var DashboardApprovalChannel = class {
       const protocol = this.useTLS ? "https" : "http";
       const baseUrl = `${protocol}://${this.config.host}:${this.config.port}`;
       this.httpServer.listen(this.config.port, this.config.host, () => {
+        const sessionUrl = this.authToken ? this.createSessionUrl() : baseUrl;
         process.stderr.write(
           `
   Sanctuary Principal Dashboard: ${baseUrl}
 `
         );
         if (this.authToken) {
-          const sessionUrl = this.createSessionUrl();
-          process.stderr.write(
-            `  Quick open: ${sessionUrl}
-`
-          );
           const hint = this.authToken.slice(0, 4) + "..." + this.authToken.slice(-4);
           process.stderr.write(
             `  Auth token: ${hint}
 `
           );
-        } else {
-          process.stderr.write(`
+        }
+        process.stderr.write(`
 `);
+        const isTest = !!(process.env.VITEST || process.env.NODE_ENV === "test" || process.env.CI);
+        const isLocalhost = this.config.host === "127.0.0.1" || this.config.host === "localhost" || this.config.host === "::1";
+        const shouldAutoOpen = !isTest && (this.config.auto_open ?? isLocalhost);
+        if (shouldAutoOpen) {
+          this.openInBrowser(sessionUrl);
         }
         resolve();
       });
@@ -6263,6 +6269,31 @@ data: ${JSON.stringify(data)}
   broadcastProtectionStatus(data) {
     this.broadcastSSE("protection-status", data);
   }
+  /**
+   * Open a URL in the system's default browser.
+   * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
+   * Fails silently — dashboard still works via terminal URL.
+   */
+  openInBrowser(url) {
+    const os = platform();
+    let cmd;
+    if (os === "darwin") {
+      cmd = `open "${url}"`;
+    } else if (os === "win32") {
+      cmd = `start "" "${url}"`;
+    } else {
+      cmd = `xdg-open "${url}"`;
+    }
+    exec(cmd, (err) => {
+      if (err) {
+        process.stderr.write(
+          `  (Could not auto-open browser. Open the URL above manually.)
+`
+        );
+      }
+    });
+  }
   /**
    * Create a pre-authenticated URL for the dashboard.
    * Used by the sanctuary_dashboard_open tool and at startup.
@@ -12109,7 +12140,8 @@ async function createSanctuaryServer(options) {
       timeout_seconds: policy.approval_channel.timeout_seconds,
       // SEC-002: auto_deny removed — timeout always denies
       auth_token: authToken,
-      tls: config.dashboard.tls
+      tls: config.dashboard.tls,
+      auto_open: config.dashboard.auto_open
     });
     dashboard.setDependencies({ policy, baseline, auditLog });
     await dashboard.start();