npm - @vorim/mcp-server - Versions diffs - 1.1.5 → 1.1.7 - Mend

@vorim/mcp-server 1.1.5 → 1.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/build/index.js +71 -9
package/package.json +1 -1

package/build/index.js CHANGED Viewed

@@ -40,11 +40,41 @@ if (!API_KEY) {
     process.exit(1);
 }
 // ─── HTTP Client ──────────────────────────────────────────────────────────
-// Read the package version once so the User-Agent string and the MCP
-// server's advertised version stay in sync with package.json.
-// require() works in the CommonJS build path; for the ESM-only build
-// we fall back to a constant that must match package.json.
-const MCP_VERSION = "1.1.5";
+// Read the package version once so the User-Agent string and the
+// MCP server's advertised version stay in sync with package.json.
+//
+// Caveats:
+//   1. Bundlers (esbuild / webpack) that inline the source can break
+//      the readFileSync path because import.meta.url no longer points
+//      at the npm install layout. The fallback constant below is the
+//      last-known version and MUST be bumped in lockstep with
+//      package.json — there is NO CI assertion enforcing this today.
+//   2. If readFileSync succeeds but JSON.parse fails (corrupt file),
+//      we log a warning so operators see the silent drift rather
+//      than discovering it via a User-Agent grep weeks later.
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+const MCP_VERSION_FALLBACK = "1.1.7";
+function readMcpVersion() {
+    try {
+        const here = dirname(fileURLToPath(import.meta.url));
+        const pkgPath = join(here, "..", "package.json");
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+        if (typeof pkg.version === "string")
+            return pkg.version;
+        // eslint-disable-next-line no-console
+        console.warn(`[vorim-mcp-server] package.json missing version field — using fallback ${MCP_VERSION_FALLBACK}`);
+    }
+    catch (err) {
+        // eslint-disable-next-line no-console
+        console.warn(`[vorim-mcp-server] could not read package.json (${err.message ?? err}) — ` +
+            `using fallback ${MCP_VERSION_FALLBACK}. If this is a bundled build, bump ` +
+            `MCP_VERSION_FALLBACK in lockstep with the published package.`);
+    }
+    return MCP_VERSION_FALLBACK;
+}
+const MCP_VERSION = readMcpVersion();
 /**
  * URL-encode a user-supplied path segment. Agent ids, scopes, and
  * chain ids all reach the API via path interpolation; raw slashes or
@@ -80,7 +110,19 @@ async function vorimRequest(method, path, body) {
         }
         throw new Error(err?.message || "Vorim API rejected with 403");
     }
-    const json = await response.json();
+    // Be defensive about non-JSON 5xx bodies (nginx 502, gateway HTML).
+    // Without this, response.json() throws "Unexpected token <" and the
+    // user sees an unhelpful parser error.
+    let json;
+    try {
+        json = await response.json();
+    }
+    catch {
+        if (!response.ok) {
+            throw new Error(`Vorim API returned HTTP ${response.status} (non-JSON response — check upstream gateway)`);
+        }
+        throw new Error("Vorim API returned a non-JSON success response");
+    }
     if (!response.ok) {
         const err = json.error;
         throw new Error(err?.message || `HTTP ${response.status}`);
@@ -117,8 +159,16 @@ server.registerTool("vorim_ping", {
     const response = await fetch(`${BASE_URL}/health`, {
         headers: { "User-Agent": `vorim-mcp-server/${MCP_VERSION}` },
     });
-    const data = await response.json();
-    return text(data);
+    if (!response.ok) {
+        throw new Error(`Vorim API health endpoint returned HTTP ${response.status}`);
+    }
+    try {
+        const data = await response.json();
+        return text(data);
+    }
+    catch {
+        throw new Error(`Vorim API returned a non-JSON health response (status ${response.status}); check upstream gateway`);
+    }
 });
 // ─── Agent Identity ───────────────────────────────────────────────────────
 server.registerTool("vorim_register_agent", {
@@ -284,7 +334,19 @@ server.registerTool("vorim_verify_trust", {
     const response = await fetch(`${BASE_URL}/v1/trust/verify/${encId(agent_id)}`, {
         headers: { "User-Agent": `vorim-mcp-server/${MCP_VERSION}` },
     });
-    const json = await response.json();
+    if (!response.ok) {
+        if (response.status === 404) {
+            throw new Error(`Agent ${agent_id} is not registered with Vorim`);
+        }
+        throw new Error(`Vorim trust endpoint returned HTTP ${response.status}`);
+    }
+    let json;
+    try {
+        json = await response.json();
+    }
+    catch {
+        throw new Error(`Vorim trust endpoint returned a non-JSON response (status ${response.status})`);
+    }
     return text(json.data || json);
 });
 // ─── Ephemeral Agents ────────────────────────────────────────────────────

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vorim/mcp-server",
-  "version": "1.1.5",
+  "version": "1.1.7",
   "mcpName": "io.github.Kzino/vorim-mcp-server",
   "description": "MCP server for Vorim AI — AI agent identity, permissions, and audit trails",
   "type": "module",