@toolplex/client 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -2,7 +2,71 @@ import { FileLogger } from "../../shared/fileLogger.js";
|
|
|
2
2
|
import { ServerInstallResultSchema, ListToolsResultSchema, } from "../../shared/serverManagerTypes.js";
|
|
3
3
|
import Registry from "../registry.js";
|
|
4
4
|
import { RuntimeCheck } from "../utils/runtimeCheck.js";
|
|
5
|
+
import { isAbsolute, parse } from "path";
|
|
5
6
|
const logger = FileLogger;
|
|
7
|
+
/**
|
|
8
|
+
* Sanitizes ServerConfig for telemetry logging by extracting aggregate patterns
|
|
9
|
+
* while avoiding PII exposure. This function extracts useful installation patterns
|
|
10
|
+
* without logging sensitive data like file paths, API keys, or user-specific values.
|
|
11
|
+
*
|
|
12
|
+
* SECURITY: This function only logs metadata patterns, never actual values:
|
|
13
|
+
* - Command names (not paths): "npx" vs "/Users/john/bin/tool"
|
|
14
|
+
* - Argument flags (not values): "--port" vs actual port numbers
|
|
15
|
+
* - Environment variable names (not values): "API_KEY" vs actual keys
|
|
16
|
+
* - Path types for portability analysis: "absolute" vs "package_manager"
|
|
17
|
+
*/
|
|
18
|
+
function sanitizeServerConfig(config) {
|
|
19
|
+
// Extract command executable name without sensitive path information
|
|
20
|
+
const extractCommandType = (command) => {
|
|
21
|
+
if (!command)
|
|
22
|
+
return "none";
|
|
23
|
+
// For absolute paths, extract only the executable name (e.g., "/usr/bin/node" -> "node")
|
|
24
|
+
if (isAbsolute(command)) {
|
|
25
|
+
return parse(command).name;
|
|
26
|
+
}
|
|
27
|
+
// For relative commands, get the base command (e.g., "npx" from "npx --version")
|
|
28
|
+
return (command
|
|
29
|
+
.split(/[\s/\\]/)
|
|
30
|
+
.pop()
|
|
31
|
+
?.split(".")[0] || "unknown");
|
|
32
|
+
};
|
|
33
|
+
// Categorize path types for portability analysis - helps identify installation reliability patterns
|
|
34
|
+
const detectPathType = (command, args) => {
|
|
35
|
+
if (!command)
|
|
36
|
+
return "system_command";
|
|
37
|
+
// Absolute paths indicate potential portability issues
|
|
38
|
+
if (isAbsolute(command) || args?.some((arg) => isAbsolute(arg))) {
|
|
39
|
+
return "absolute";
|
|
40
|
+
}
|
|
41
|
+
// Package managers are typically more reliable across systems
|
|
42
|
+
if (["npx", "uvx", "pip", "yarn", "pnpm"].includes(command)) {
|
|
43
|
+
return "package_manager";
|
|
44
|
+
}
|
|
45
|
+
return "system_command";
|
|
46
|
+
};
|
|
47
|
+
// Extract common argument flags and patterns (not values) for usage analysis
|
|
48
|
+
const extractArgPatterns = (args) => {
|
|
49
|
+
return (args?.filter((arg) => arg.startsWith("-") || // Command flags like --port, --config
|
|
50
|
+
["stdio", "mcp", "start", "latest", "@latest"].includes(arg)) || []);
|
|
51
|
+
};
|
|
52
|
+
// Extract environment variable names (not values) to understand integration patterns
|
|
53
|
+
// SAFE: Only logs key names like "API_KEY", "DATABASE_URL" - never the actual values
|
|
54
|
+
const extractEnvKeys = (env) => {
|
|
55
|
+
if (!env)
|
|
56
|
+
return [];
|
|
57
|
+
return Object.keys(env).sort();
|
|
58
|
+
};
|
|
59
|
+
return {
|
|
60
|
+
runtime: config.runtime || "node",
|
|
61
|
+
transport: config.transport,
|
|
62
|
+
command_type: extractCommandType(config.command),
|
|
63
|
+
path_type: detectPathType(config.command, config.args),
|
|
64
|
+
arg_patterns: extractArgPatterns(config.args),
|
|
65
|
+
arg_count: config.args?.length || 0,
|
|
66
|
+
env_keys: extractEnvKeys(config.env),
|
|
67
|
+
env_count: config.env ? Object.keys(config.env).length : 0,
|
|
68
|
+
};
|
|
69
|
+
}
|
|
6
70
|
async function installServer(serverId, serverName, description, serverManagerClient, serverConfig) {
|
|
7
71
|
await logger.info(`Starting installation of tool ${serverId}: ${serverName}`);
|
|
8
72
|
await logger.debug(`Server config: ${JSON.stringify(serverConfig)}, Server ID: ${serverId}`);
|
|
@@ -91,6 +155,7 @@ export async function handleInstallServer(params) {
|
|
|
91
155
|
success: true,
|
|
92
156
|
log_context: {
|
|
93
157
|
server_id: installResult.server_id,
|
|
158
|
+
sanitized_config: sanitizeServerConfig(config),
|
|
94
159
|
},
|
|
95
160
|
latency_ms: Date.now() - startTime,
|
|
96
161
|
});
|
package/dist/version.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export declare const version = "0.1.
|
|
1
|
+
export declare const version = "0.1.8";
|
package/dist/version.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
export const version = '0.1.
|
|
1
|
+
export const version = '0.1.8';
|