@wonderwhy-er/desktop-commander 0.2.10 → 0.2.11

package/README.md

@@ -2,6 +2,7 @@
 ### Search, update, manage files and run terminal commands with AI
 
 [![npm downloads](https://img.shields.io/npm/dw/@wonderwhy-er/desktop-commander)](https://www.npmjs.com/package/@wonderwhy-er/desktop-commander)
+[![Trust Score](https://archestra.ai/mcp-catalog/api/badge/quality/wonderwhy-er/DesktopCommanderMCP)](https://archestra.ai/mcp-catalog/wonderwhy-er__desktopcommandermcp)
 [![smithery badge](https://smithery.ai/badge/@wonderwhy-er/desktop-commander)](https://smithery.ai/server/@wonderwhy-er/desktop-commander)
 [![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20A%20Coffee-support-yellow.svg)](https://www.buymeacoffee.com/wonderwhyer)
 
@@ -130,7 +131,7 @@ Add this entry to your claude_desktop_config.json:
       "command": "npx",
       "args": [
         "-y",
-        "@wonderwhy-er/desktop-commander"
+        "@wonderwhy-er/desktop-commander@latest"
       ]
     }
   }
@@ -400,8 +401,10 @@ The server provides a comprehensive set of tools organized into several categori
 | | `create_directory` | Create a new directory or ensure it exists |
 | | `list_directory` | Get detailed listing of files and directories |
 | | `move_file` | Move or rename files and directories |
-| | `search_files` | Find files by name using case-insensitive substring matching |
-| | `search_code` | Search for text/code patterns within file contents using ripgrep |
+| | `start_search` | Start streaming search for files by name or content patterns (unified ripgrep-based search) |
+| | `get_more_search_results` | Get paginated results from active search with offset support |
+| | `stop_search` | Stop an active search gracefully |
+| | `list_searches` | List all active search sessions |
 | | `get_file_info` | Retrieve detailed metadata about a file or directory |
 | **Text Editing** | `edit_block` | Apply targeted text replacements with enhanced prompting for smaller edits (includes character-level diff feedback) |
 | **Analytics** | `get_usage_stats` | Get usage statistics for your own insight |
@@ -564,9 +567,15 @@ For commands that may take a while:
 
 ### ⚠️ Important Security Warnings
 
-1. **Always change configuration in a separate chat window** from where you're doing your actual work. Claude may sometimes attempt to modify configuration settings (like `allowedDirectories`) if it encounters filesystem access restrictions.
+> **For comprehensive security information and vulnerability reporting**: See [SECURITY.md](SECURITY.md)
 
-2. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories. Full terminal sandboxing is on the roadmap.
+1. **Known security limitations**: Directory restrictions and command blocking can be bypassed through various methods including symlinks, command substitution, and absolute paths or code execution
+
+2. **Always change configuration in a separate chat window** from where you're doing your actual work. Claude may sometimes attempt to modify configuration settings (like `allowedDirectories`) if it encounters filesystem access restrictions.
+
+3. **The `allowedDirectories` setting currently only restricts filesystem operations**, not terminal commands. Terminal commands can still access files outside allowed directories.
+
+4. **For production security**: Use the [Docker installation](#option-6-docker-installation-🐳-⭐-auto-updates-no-nodejs-required) which provides complete isolation from your host system.
 
 ### Configuration Tools
 
@@ -853,6 +862,9 @@ Yes, when installed through npx or Smithery, Desktop Commander automatically upd
 ### I'm having trouble installing or using the tool. Where can I get help?
 Join our [Discord server](https://discord.gg/kQ27sNnZr7) for community support, check the [GitHub issues](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) for known problems, or review the [full FAQ](FAQ.md) for troubleshooting tips. You can also visit our [website FAQ section](https://desktopcommander.app#faq) for a more user-friendly experience. If you encounter a new issue, please consider [opening a GitHub issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/new) with details about your problem.
 
+### How do I report security vulnerabilities?
+Please create a [GitHub Issue](https://github.com/wonderwhy-er/DesktopCommanderMCP/issues) with detailed information about any security vulnerabilities you discover. See our [Security Policy](SECURITY.md) for complete guidelines on responsible disclosure.
+
 ## Data Collection & Privacy
 
 Desktop Commander collects limited anonymous telemetry data to help improve the tool. No personal information, file contents, file paths, or command arguments are collected.

package/dist/custom-stdio.d.ts

@@ -6,7 +6,21 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 export declare class FilteredStdioServerTransport extends StdioServerTransport {
     private originalConsole;
     private originalStdoutWrite;
+    private isInitialized;
+    private messageBuffer;
     constructor();
+    /**
+     * Call this method after MCP initialization is complete to enable JSON-RPC notifications
+     */
+    enableNotifications(): void;
+    /**
+     * Check if notifications are enabled
+     */
+    get isNotificationsEnabled(): boolean;
+    /**
+     * Get the current count of buffered messages
+     */
+    get bufferedMessageCount(): number;
     private setupConsoleRedirection;
     private setupStdoutFiltering;
     private sendLogNotification;

package/dist/custom-stdio.js

@@ -7,6 +7,8 @@ import process from "node:process";
 export class FilteredStdioServerTransport extends StdioServerTransport {
     constructor() {
         super();
+        this.isInitialized = false;
+        this.messageBuffer = [];
         // Store original methods
         this.originalConsole = {
             log: console.log,
@@ -20,24 +22,100 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
         this.setupConsoleRedirection();
         // Setup stdout filtering for any other output
         this.setupStdoutFiltering();
-        // Log initialization to stderr to avoid polluting the JSON stream
-        process.stderr.write(`[desktop-commander] Enhanced FilteredStdioServerTransport initialized\n`);
+        // Send initialization notification
+        this.sendLogNotification('info', ['Enhanced FilteredStdioServerTransport initialized']);
+    }
+    /**
+     * Call this method after MCP initialization is complete to enable JSON-RPC notifications
+     */
+    enableNotifications() {
+        this.isInitialized = true;
+        // Replay all buffered messages in chronological order
+        if (this.messageBuffer.length > 0) {
+            this.sendLogNotification('info', [`Replaying ${this.messageBuffer.length} buffered initialization messages`]);
+            this.messageBuffer
+                .sort((a, b) => a.timestamp - b.timestamp)
+                .forEach(msg => {
+                this.sendLogNotification(msg.level, msg.args);
+            });
+            // Clear the buffer
+            this.messageBuffer = [];
+        }
+        this.sendLogNotification('info', ['JSON-RPC notifications enabled']);
+    }
+    /**
+     * Check if notifications are enabled
+     */
+    get isNotificationsEnabled() {
+        return this.isInitialized;
+    }
+    /**
+     * Get the current count of buffered messages
+     */
+    get bufferedMessageCount() {
+        return this.messageBuffer.length;
     }
     setupConsoleRedirection() {
         console.log = (...args) => {
-            this.sendLogNotification("info", args);
+            if (this.isInitialized) {
+                this.sendLogNotification("info", args);
+            }
+            else {
+                // Buffer for later replay to client
+                this.messageBuffer.push({
+                    level: "info",
+                    args,
+                    timestamp: Date.now()
+                });
+            }
         };
         console.info = (...args) => {
-            this.sendLogNotification("info", args);
+            if (this.isInitialized) {
+                this.sendLogNotification("info", args);
+            }
+            else {
+                this.messageBuffer.push({
+                    level: "info",
+                    args,
+                    timestamp: Date.now()
+                });
+            }
         };
         console.warn = (...args) => {
-            this.sendLogNotification("warning", args);
+            if (this.isInitialized) {
+                this.sendLogNotification("warning", args);
+            }
+            else {
+                this.messageBuffer.push({
+                    level: "warning",
+                    args,
+                    timestamp: Date.now()
+                });
+            }
         };
         console.error = (...args) => {
-            this.sendLogNotification("error", args);
+            if (this.isInitialized) {
+                this.sendLogNotification("error", args);
+            }
+            else {
+                this.messageBuffer.push({
+                    level: "error",
+                    args,
+                    timestamp: Date.now()
+                });
+            }
         };
         console.debug = (...args) => {
-            this.sendLogNotification("debug", args);
+            if (this.isInitialized) {
+                this.sendLogNotification("debug", args);
+            }
+            else {
+                this.messageBuffer.push({
+                    level: "debug",
+                    args,
+                    timestamp: Date.now()
+                });
+            }
         };
     }
     setupStdoutFiltering() {
@@ -54,7 +132,17 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
                 }
                 else if (trimmed.length > 0) {
                     // Non-JSON-RPC output, wrap it in a log notification
-                    this.sendLogNotification("info", [buffer.replace(/\n$/, '')]);
+                    if (this.isInitialized) {
+                        this.sendLogNotification("info", [buffer.replace(/\n$/, '')]);
+                    }
+                    else {
+                        // Buffer for later replay to client
+                        this.messageBuffer.push({
+                            level: "info",
+                            args: [buffer.replace(/\n$/, '')],
+                            timestamp: Date.now()
+                        });
+                    }
                     if (callback)
                         callback();
                     return true;
@@ -99,8 +187,17 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
             this.originalStdoutWrite.call(process.stdout, JSON.stringify(notification) + '\n');
         }
         catch (error) {
-            // Fallback to stderr if JSON serialization fails
-            process.stderr.write(`[${level.toUpperCase()}] ${args.join(' ')}\n`);
+            // Fallback to a simple JSON-RPC error notification if JSON serialization fails
+            const fallbackNotification = {
+                jsonrpc: "2.0",
+                method: "notifications/message",
+                params: {
+                    level: "error",
+                    logger: "desktop-commander",
+                    data: `Log serialization failed: ${args.join(' ')}`
+                }
+            };
+            this.originalStdoutWrite.call(process.stdout, JSON.stringify(fallbackNotification) + '\n');
         }
     }
     /**
@@ -120,7 +217,17 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
             this.originalStdoutWrite.call(process.stdout, JSON.stringify(notification) + '\n');
         }
         catch (error) {
-            process.stderr.write(`[${level.toUpperCase()}] ${message}\n`);
+            // Fallback to basic JSON-RPC notification
+            const fallbackNotification = {
+                jsonrpc: "2.0",
+                method: "notifications/message",
+                params: {
+                    level: "error",
+                    logger: "desktop-commander",
+                    data: `sendLog failed: ${message}`
+                }
+            };
+            this.originalStdoutWrite.call(process.stdout, JSON.stringify(fallbackNotification) + '\n');
         }
     }
     /**
@@ -140,7 +247,17 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
             this.originalStdoutWrite.call(process.stdout, JSON.stringify(notification) + '\n');
         }
         catch (error) {
-            process.stderr.write(`[PROGRESS] ${token}: ${value}${total ? `/${total}` : ''}\n`);
+            // Fallback to basic JSON-RPC notification for progress
+            const fallbackNotification = {
+                jsonrpc: "2.0",
+                method: "notifications/message",
+                params: {
+                    level: "info",
+                    logger: "desktop-commander",
+                    data: `Progress ${token}: ${value}${total ? `/${total}` : ''}`
+                }
+            };
+            this.originalStdoutWrite.call(process.stdout, JSON.stringify(fallbackNotification) + '\n');
         }
     }
     /**
@@ -156,7 +273,17 @@ export class FilteredStdioServerTransport extends StdioServerTransport {
             this.originalStdoutWrite.call(process.stdout, JSON.stringify(notification) + '\n');
         }
         catch (error) {
-            process.stderr.write(`[NOTIFICATION] ${method}: ${JSON.stringify(params)}\n`);
+            // Fallback to basic JSON-RPC notification for custom notifications
+            const fallbackNotification = {
+                jsonrpc: "2.0",
+                method: "notifications/message",
+                params: {
+                    level: "error",
+                    logger: "desktop-commander",
+                    data: `Custom notification failed: ${method}: ${JSON.stringify(params)}`
+                }
+            };
+            this.originalStdoutWrite.call(process.stdout, JSON.stringify(fallbackNotification) + '\n');
         }
     }
     /**

package/dist/handlers/edit-search-handlers.d.ts

@@ -1,11 +1,6 @@
 import { handleEditBlock } from '../tools/edit.js';
-import { ServerResult } from '../types.js';
 /**
  * Handle edit_block command
  * Uses the enhanced implementation with multiple occurrence support and fuzzy matching
  */
 export { handleEditBlock };
-/**
- * Handle search_code command
- */
-export declare function handleSearchCode(args: unknown): Promise<ServerResult>;

package/dist/handlers/edit-search-handlers.js

@@ -1,88 +1,6 @@
-import { searchTextInFiles } from '../tools/search.js';
-import { SearchCodeArgsSchema } from '../tools/schemas.js';
 import { handleEditBlock } from '../tools/edit.js';
-import { capture } from '../utils/capture.js';
-import { withTimeout } from '../utils/withTimeout.js';
 /**
  * Handle edit_block command
  * Uses the enhanced implementation with multiple occurrence support and fuzzy matching
  */
 export { handleEditBlock };
-/**
- * Handle search_code command
- */
-export async function handleSearchCode(args) {
-    const parsed = SearchCodeArgsSchema.parse(args);
-    const timeoutMs = parsed.timeoutMs || 30000; // 30 seconds default
-    // Limit maxResults to prevent overwhelming responses
-    const safeMaxResults = parsed.maxResults ? Math.min(parsed.maxResults, 5000) : 2000; // Default to 2000 instead of 1000
-    // Apply timeout at the handler level
-    const searchOperation = async () => {
-        return await searchTextInFiles({
-            rootPath: parsed.path,
-            pattern: parsed.pattern,
-            filePattern: parsed.filePattern,
-            ignoreCase: parsed.ignoreCase,
-            maxResults: safeMaxResults,
-            includeHidden: parsed.includeHidden,
-            contextLines: parsed.contextLines,
-            // Don't pass timeoutMs down to the implementation
-        });
-    };
-    // Use withTimeout at the handler level
-    const results = await withTimeout(searchOperation(), timeoutMs, 'Code search operation', [] // Empty array as default on timeout
-    );
-    // If timeout occurred, try to terminate the ripgrep process
-    if (results.length === 0 && globalThis.currentSearchProcess) {
-        try {
-            console.log(`Terminating timed out search process (PID: ${globalThis.currentSearchProcess.pid})`);
-            globalThis.currentSearchProcess.kill();
-            delete globalThis.currentSearchProcess;
-        }
-        catch (error) {
-            capture('server_request_error', {
-                error: 'Error terminating search process'
-            });
-        }
-    }
-    if (results.length === 0) {
-        if (timeoutMs > 0) {
-            return {
-                content: [{ type: "text", text: `No matches found or search timed out after ${timeoutMs}ms.` }],
-            };
-        }
-        return {
-            content: [{ type: "text", text: "No matches found" }],
-        };
-    }
-    // Format the results in a VS Code-like format with early truncation
-    let currentFile = "";
-    let formattedResults = "";
-    const MAX_RESPONSE_SIZE = 900000; // 900KB limit - well below the 1MB API limit
-    let resultsProcessed = 0;
-    let totalResults = results.length;
-    for (const result of results) {
-        // Check if adding this result would exceed our limit
-        const newFileHeader = result.file !== currentFile ? `\n${result.file}:\n` : '';
-        const newLine = `  ${result.line}: ${result.match}\n`;
-        const potentialAddition = newFileHeader + newLine;
-        // If adding this would exceed the limit, truncate here
-        if (formattedResults.length + potentialAddition.length > MAX_RESPONSE_SIZE) {
-            const remainingResults = totalResults - resultsProcessed;
-            const avgResultLength = formattedResults.length / Math.max(resultsProcessed, 1);
-            const estimatedRemainingChars = remainingResults * avgResultLength;
-            const truncationMessage = `\n\n[Results truncated - ${remainingResults} more results available (approximately ${Math.round(estimatedRemainingChars).toLocaleString()} more characters). Try refining your search pattern or using a more specific file pattern to get fewer results.]`;
-            formattedResults += truncationMessage;
-            break;
-        }
-        if (result.file !== currentFile) {
-            formattedResults += newFileHeader;
-            currentFile = result.file;
-        }
-        formattedResults += newLine;
-        resultsProcessed++;
-    }
-    return {
-        content: [{ type: "text", text: formattedResults.trim() }],
-    };
-}

package/dist/handlers/filesystem-handlers.d.ts

@@ -23,10 +23,6 @@ export declare function handleListDirectory(args: unknown): Promise<ServerResult
  * Handle move_file command
  */
 export declare function handleMoveFile(args: unknown): Promise<ServerResult>;
-/**
- * Handle search_files command
- */
-export declare function handleSearchFiles(args: unknown): Promise<ServerResult>;
 /**
  * Handle get_file_info command
  */

package/dist/handlers/filesystem-handlers.js

@@ -1,8 +1,8 @@
-import { readFile, readMultipleFiles, writeFile, createDirectory, listDirectory, moveFile, searchFiles, getFileInfo } from '../tools/filesystem.js';
+import { readFile, readMultipleFiles, writeFile, createDirectory, listDirectory, moveFile, getFileInfo } from '../tools/filesystem.js';
 import { withTimeout } from '../utils/withTimeout.js';
 import { createErrorResponse } from '../error-handlers.js';
 import { configManager } from '../config-manager.js';
-import { ReadFileArgsSchema, ReadMultipleFilesArgsSchema, WriteFileArgsSchema, CreateDirectoryArgsSchema, ListDirectoryArgsSchema, MoveFileArgsSchema, SearchFilesArgsSchema, GetFileInfoArgsSchema } from '../tools/schemas.js';
+import { ReadFileArgsSchema, ReadMultipleFilesArgsSchema, WriteFileArgsSchema, CreateDirectoryArgsSchema, ListDirectoryArgsSchema, MoveFileArgsSchema, GetFileInfoArgsSchema } from '../tools/schemas.js';
 /**
  * Helper function to check if path contains an error
  */
@@ -193,40 +193,6 @@ export async function handleMoveFile(args) {
         return createErrorResponse(errorMessage);
     }
 }
-/**
- * Handle search_files command
- */
-export async function handleSearchFiles(args) {
-    try {
-        const parsed = SearchFilesArgsSchema.parse(args);
-        const timeoutMs = parsed.timeoutMs || 30000; // 30 seconds default
-        // Apply timeout at the handler level
-        const searchOperation = async () => {
-            return await searchFiles(parsed.path, parsed.pattern);
-        };
-        // Use withTimeout at the handler level
-        const results = await withTimeout(searchOperation(), timeoutMs, 'File search operation', [] // Empty array as default on timeout
-        );
-        if (results.length === 0) {
-            // Similar approach as in handleSearchCode
-            if (timeoutMs > 0) {
-                return {
-                    content: [{ type: "text", text: `No matches found or search timed out after ${timeoutMs}ms.` }],
-                };
-            }
-            return {
-                content: [{ type: "text", text: "No matches found" }],
-            };
-        }
-        return {
-            content: [{ type: "text", text: results.join('\n') }],
-        };
-    }
-    catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        return createErrorResponse(errorMessage);
-    }
-}
 /**
  * Handle get_file_info command
  */

package/dist/handlers/index.d.ts

@@ -2,3 +2,4 @@ export * from './filesystem-handlers.js';
 export * from './terminal-handlers.js';
 export * from './process-handlers.js';
 export * from './edit-search-handlers.js';
+export * from './search-handlers.js';

package/dist/handlers/index.js

@@ -3,3 +3,4 @@ export * from './filesystem-handlers.js';
 export * from './terminal-handlers.js';
 export * from './process-handlers.js';
 export * from './edit-search-handlers.js';
+export * from './search-handlers.js';

package/dist/handlers/search-handlers.d.ts

@@ -0,0 +1,17 @@
+import { ServerResult } from '../types.js';
+/**
+ * Handle start_search command
+ */
+export declare function handleStartSearch(args: unknown): Promise<ServerResult>;
+/**
+ * Handle get_more_search_results command
+ */
+export declare function handleGetMoreSearchResults(args: unknown): Promise<ServerResult>;
+/**
+ * Handle stop_search command
+ */
+export declare function handleStopSearch(args: unknown): Promise<ServerResult>;
+/**
+ * Handle list_searches command
+ */
+export declare function handleListSearches(): Promise<ServerResult>;