@wonderwhy-er/desktop-commander 0.1.35 → 0.1.37

package/dist/utils.js

@@ -1,6 +1,7 @@
 import { platform } from 'os';
-import { createHash } from 'crypto';
+import { randomUUID } from 'crypto';
 import * as https from 'https';
+import { configManager } from './config-manager.js';
 let VERSION = 'unknown';
 try {
     const versionModule = await import('./version.js');
@@ -13,38 +14,106 @@ catch {
 const GA_MEASUREMENT_ID = 'G-NGGDNL0K4L'; // Replace with your GA4 Measurement ID
 const GA_API_SECRET = '5M0mC--2S_6t94m8WrI60A'; // Replace with your GA4 API Secret
 const GA_BASE_URL = `https://www.google-analytics.com/mp/collect?measurement_id=${GA_MEASUREMENT_ID}&api_secret=${GA_API_SECRET}`;
-// Set default tracking state
-const isTrackingEnabled = true;
+const GA_DEBUG_BASE_URL = `https://www.google-analytics.com/debug/mp/collect?measurement_id=${GA_MEASUREMENT_ID}&api_secret=${GA_API_SECRET}`;
+// Will be initialized when needed
 let uniqueUserId = 'unknown';
-// Try to generate a unique user ID without breaking if dependencies aren't available
-try {
-    // Dynamic import to prevent crashing if dependency isn't available
-    import('node-machine-id').then((machineIdModule) => {
-        // Access the default export from the module
-        uniqueUserId = machineIdModule.default.machineIdSync();
-    }).catch(() => {
-        // Fallback to a semi-random ID if machine-id isn't available
-        uniqueUserId = createHash('sha256')
-            .update(`${platform()}-${process.env.USER || process.env.USERNAME || 'user'}-${Date.now()}`)
-            .digest('hex');
-    });
+// Function to get or create a persistent UUID
+async function getOrCreateUUID() {
+    try {
+        // Try to get the UUID from the config
+        let clientId = await configManager.getValue('clientId');
+        // If it doesn't exist, create a new one and save it
+        if (!clientId) {
+            clientId = randomUUID();
+            await configManager.setValue('clientId', clientId);
+        }
+        return clientId;
+    }
+    catch (error) {
+        // Fallback to a random UUID if config operations fail
+        return randomUUID();
+    }
 }
-catch {
-    // Fallback to a semi-random ID if import fails
-    uniqueUserId = createHash('sha256')
-        .update(`${platform()}-${process.env.USER || process.env.USERNAME || 'user'}-${Date.now()}`)
-        .digest('hex');
+/**
+ * Sanitizes error objects to remove potentially sensitive information like file paths
+ * @param error Error object or string to sanitize
+ * @returns An object with sanitized message and optional error code
+ */
+export function sanitizeError(error) {
+    let errorMessage = '';
+    let errorCode = undefined;
+    if (error instanceof Error) {
+        // Extract just the error name and message without stack trace
+        errorMessage = error.name + ': ' + error.message;
+        // Extract error code if available (common in Node.js errors)
+        if ('code' in error) {
+            errorCode = error.code;
+        }
+    }
+    else if (typeof error === 'string') {
+        errorMessage = error;
+    }
+    else {
+        errorMessage = 'Unknown error';
+    }
+    // Remove any file paths using regex
+    // This pattern matches common path formats including Windows and Unix-style paths
+    errorMessage = errorMessage.replace(/(?:\/|\\)[\w\d_.-\/\\]+/g, '[PATH]');
+    errorMessage = errorMessage.replace(/[A-Za-z]:\\[\w\d_.-\/\\]+/g, '[PATH]');
+    return {
+        message: errorMessage,
+        code: errorCode
+    };
 }
 /**
  * Send an event to Google Analytics
  * @param event Event name
  * @param properties Optional event properties
  */
-export const capture = (event, properties) => {
-    if (!isTrackingEnabled || !GA_MEASUREMENT_ID || !GA_API_SECRET) {
-        return;
-    }
+export const capture = async (event, properties) => {
     try {
+        // Check if telemetry is enabled in config (defaults to true if not set)
+        const telemetryEnabled = await configManager.getValue('telemetryEnabled');
+        // If telemetry is explicitly disabled or GA credentials are missing, don't send
+        if (telemetryEnabled === false || !GA_MEASUREMENT_ID || !GA_API_SECRET) {
+            return;
+        }
+        // Get or create the client ID if not already initialized
+        if (uniqueUserId === 'unknown') {
+            uniqueUserId = await getOrCreateUUID();
+        }
+        // Create a deep copy of properties to avoid modifying the original objects
+        // This ensures we don't alter error objects that are also returned to the AI
+        let sanitizedProperties;
+        try {
+            sanitizedProperties = properties ? JSON.parse(JSON.stringify(properties)) : {};
+        }
+        catch (e) {
+            sanitizedProperties = {};
+        }
+        // Sanitize error objects if present
+        if (sanitizedProperties.error) {
+            // Handle different types of error objects
+            if (typeof sanitizedProperties.error === 'object' && sanitizedProperties.error !== null) {
+                const sanitized = sanitizeError(sanitizedProperties.error);
+                sanitizedProperties.error = sanitized.message;
+                if (sanitized.code) {
+                    sanitizedProperties.errorCode = sanitized.code;
+                }
+            }
+            else if (typeof sanitizedProperties.error === 'string') {
+                sanitizedProperties.error = sanitizeError(sanitizedProperties.error).message;
+            }
+        }
+        // Remove any properties that might contain paths
+        const sensitiveKeys = ['path', 'filePath', 'directory', 'file_path', 'sourcePath', 'destinationPath', 'fullPath', 'rootPath'];
+        for (const key of Object.keys(sanitizedProperties)) {
+            const lowerKey = key.toLowerCase();
+            if (sensitiveKeys.some(sensitiveKey => lowerKey.includes(sensitiveKey)) &&
+                lowerKey !== 'fileextension') { // keep fileExtension as it's safe
+                delete sanitizedProperties[key];
+            }
+        }
         // Prepare standard properties
         const baseProperties = {
             timestamp: new Date().toISOString(),
@@ -52,10 +121,10 @@ export const capture = (event, properties) => {
             app_version: VERSION,
             engagement_time_msec: "100"
         };
-        // Combine with custom properties
+        // Combine with sanitized properties
         const eventProperties = {
             ...baseProperties,
-            ...(properties || {})
+            ...sanitizedProperties
         };
         // Prepare GA4 payload
         const payload = {
@@ -115,6 +184,7 @@ export const capture = (event, properties) => {
  * @returns Promise that resolves with the operation result or the default value on timeout
  */
 export function withTimeout(operation, timeoutMs, operationName, defaultValue) {
+    // Don't sanitize operation name for logs - only telemetry will sanitize if needed
     return new Promise((resolve, reject) => {
         let isCompleted = false;
         // Set up timeout
@@ -125,6 +195,8 @@ export function withTimeout(operation, timeoutMs, operationName, defaultValue) {
                     resolve(defaultValue);
                 }
                 else {
+                    // Keep the original operation name in the error message
+                    // Telemetry sanitization happens at the capture level
                     reject(`__ERROR__: ${operationName} timed out after ${timeoutMs / 1000} seconds`);
                 }
             }
@@ -146,6 +218,7 @@ export function withTimeout(operation, timeoutMs, operationName, defaultValue) {
                     resolve(defaultValue);
                 }
                 else {
+                    // Pass the original error unchanged - sanitization for telemetry happens in capture
                     reject(error);
                 }
             }

package/dist/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "0.1.35";
+export declare const VERSION = "0.1.37";

package/dist/version.js

@@ -1 +1 @@
-export const VERSION = '0.1.35';
+export const VERSION = '0.1.37';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wonderwhy-er/desktop-commander",
-  "version": "0.1.35",
+  "version": "0.1.37",
   "description": "MCP server for terminal operations and file editing",
   "license": "MIT",
   "author": "Eduards Ruzga",
@@ -62,8 +62,8 @@
     "@modelcontextprotocol/sdk": "^1.8.0",
     "@vscode/ripgrep": "^1.15.9",
     "cross-fetch": "^4.1.0",
+    "fastest-levenshtein": "^1.0.16",
     "glob": "^10.3.10",
-    "node-machine-id": "^1.1.12",
     "zod": "^3.24.1",
     "zod-to-json-schema": "^3.23.5"
   },