@wonderwhy-er/desktop-commander 0.2.12 → 0.2.14

package/dist/oauth/server.js

@@ -0,0 +1,160 @@
+import http from 'http';
+import { URL } from 'url';
+import { OAuthProvider } from './provider.js';
+export class OAuthHttpServer {
+    constructor(config, mcpHandler) {
+        this.oauthProvider = new OAuthProvider(config);
+        this.mcpHandler = mcpHandler;
+        this.server = http.createServer(this.handleRequest.bind(this));
+    }
+    async handleRequest(req, res) {
+        const url = new URL(req.url, `http://${req.headers.host}`);
+        // Enable CORS
+        this.setCorsHeaders(res);
+        if (req.method === 'OPTIONS') {
+            res.writeHead(200);
+            res.end();
+            return;
+        }
+        try {
+            // OAuth endpoints
+            if (url.pathname === '/.well-known/oauth-authorization-server') {
+                return this.handleAuthServerMetadata(res);
+            }
+            if (url.pathname === '/authorize') {
+                return this.handleAuthorize(url, res);
+            }
+            if (url.pathname === '/token' && req.method === 'POST') {
+                return this.handleToken(req, res);
+            }
+            if (url.pathname === '/callback') {
+                return this.handleCallback(url, res);
+            }
+            // Protected MCP endpoints - require authentication
+            if (url.pathname.startsWith('/mcp') || url.pathname === '/sse') {
+                const authHeader = req.headers.authorization;
+                if (!authHeader || !authHeader.startsWith('Bearer ')) {
+                    return this.sendUnauthorized(res);
+                }
+                const token = authHeader.substring(7);
+                const tokenData = this.oauthProvider.validateAccessToken(token);
+                if (!tokenData) {
+                    return this.sendUnauthorized(res);
+                }
+                // Add user info to request for MCP handler
+                req.user = tokenData;
+            }
+            // Forward to MCP handler
+            this.mcpHandler(req, res);
+        }
+        catch (error) {
+            console.error('OAuth server error:', error);
+            res.writeHead(500, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Internal server error' }));
+        }
+    }
+    setCorsHeaders(res) {
+        res.setHeader('Access-Control-Allow-Origin', '*');
+        res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+        res.setHeader('Access-Control-Expose-Headers', 'WWW-Authenticate');
+    }
+    handleAuthServerMetadata(res) {
+        const metadata = this.oauthProvider.getAuthorizationServerMetadata();
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(metadata, null, 2));
+    }
+    handleAuthorize(url, res) {
+        const params = {
+            response_type: url.searchParams.get('response_type'),
+            client_id: url.searchParams.get('client_id'),
+            redirect_uri: url.searchParams.get('redirect_uri'),
+            scope: url.searchParams.get('scope') || undefined,
+            state: url.searchParams.get('state') || undefined,
+            code_challenge: url.searchParams.get('code_challenge'),
+            code_challenge_method: url.searchParams.get('code_challenge_method')
+        };
+        const result = this.oauthProvider.handleAuthorizationRequest(params);
+        if (result.error) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: result.error }));
+            return;
+        }
+        // Redirect to the callback URL with auth code
+        res.writeHead(302, { 'Location': result.authUrl });
+        res.end();
+    }
+    async handleToken(req, res) {
+        const body = await this.getRequestBody(req);
+        const params = new URLSearchParams(body);
+        const tokenRequest = {
+            grant_type: params.get('grant_type'),
+            code: params.get('code'),
+            redirect_uri: params.get('redirect_uri'),
+            client_id: params.get('client_id'),
+            code_verifier: params.get('code_verifier')
+        };
+        const result = await this.oauthProvider.handleTokenRequest(tokenRequest);
+        if ('error' in result) {
+            res.writeHead(400, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(result));
+            return;
+        }
+        res.writeHead(200, { 'Content-Type': 'application/json' });
+        res.end(JSON.stringify(result));
+    }
+    handleCallback(url, res) {
+        const code = url.searchParams.get('code');
+        const state = url.searchParams.get('state');
+        // Simple success page
+        const html = `
+      <!DOCTYPE html>
+      <html>
+        <head><title>Authorization Successful</title></head>
+        <body>
+          <h1>Authorization Successful!</h1>
+          <p>You can now close this window.</p>
+          <script>
+            // Try to close the window (works if opened by script)
+            try { window.close(); } catch(e) {}
+            
+            // Post message to parent if in iframe
+            if (window.opener) {
+              window.opener.postMessage({
+                type: 'oauth_success',
+                code: '${code}',
+                state: '${state}'
+              }, '*');
+            }
+          </script>
+        </body>
+      </html>
+    `;
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(html);
+    }
+    sendUnauthorized(res) {
+        res.writeHead(401, {
+            'Content-Type': 'application/json',
+            'WWW-Authenticate': 'Bearer realm="mcp", error="invalid_token"'
+        });
+        res.end(JSON.stringify({
+            error: 'unauthorized',
+            message: 'Valid access token required'
+        }));
+    }
+    async getRequestBody(req) {
+        return new Promise((resolve, reject) => {
+            let body = '';
+            req.on('data', chunk => body += chunk.toString());
+            req.on('end', () => resolve(body));
+            req.on('error', reject);
+        });
+    }
+    listen(port, callback) {
+        this.server.listen(port, callback);
+    }
+    close(callback) {
+        this.server.close(callback);
+    }
+}

package/dist/oauth/types.d.ts

@@ -0,0 +1,54 @@
+export interface OAuthConfig {
+    enabled: boolean;
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    scope: string;
+    issuer: string;
+}
+export interface AuthorizationServerMetadata {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    registration_endpoint?: string;
+    revocation_endpoint?: string;
+    jwks_uri?: string;
+    response_types_supported: string[];
+    grant_types_supported: string[];
+    token_endpoint_auth_methods_supported: string[];
+    code_challenge_methods_supported: string[];
+    scopes_supported?: string[];
+}
+export interface TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+export interface AccessToken {
+    sub: string;
+    aud: string | string[];
+    iss: string;
+    exp: number;
+    iat: number;
+    scope?: string;
+}
+export interface AuthorizationRequest {
+    response_type: 'code';
+    client_id: string;
+    redirect_uri: string;
+    scope?: string;
+    state?: string;
+    code_challenge: string;
+    code_challenge_method: 'S256';
+}
+export interface TokenRequest {
+    grant_type: 'authorization_code';
+    code: string;
+    redirect_uri: string;
+    client_id: string;
+    code_verifier: string;
+}

package/dist/oauth/types.js

@@ -0,0 +1,2 @@
+// OAuth 2.1 types for MCP authorization
+export {};

package/dist/search-manager.d.ts

@@ -30,6 +30,7 @@ export interface SearchSessionOptions {
     contextLines?: number;
     timeout?: number;
     earlyTermination?: boolean;
+    literalSearch?: boolean;
 }
 /**
  * Search Session Manager - handles ripgrep processes like terminal sessions

package/dist/search-manager.js

@@ -212,6 +212,10 @@ import { capture } from './utils/capture.js';
         if (options.searchType === 'content') {
             // Content search mode
             args.push('--json', '--line-number');
+            // Add literal search support for content searches
+            if (options.literalSearch) {
+                args.push('-F'); // Fixed string matching (literal)
+            }
             if (options.contextLines && options.contextLines > 0) {
                 args.push('-C', options.contextLines.toString());
             }

package/dist/server.js

@@ -1,5 +1,5 @@
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ListPromptsRequestSchema, InitializeRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ListResourceTemplatesRequestSchema, ListPromptsRequestSchema, InitializeRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { getSystemInfo, getOSSpecificGuidance, getPathGuidance, getDevelopmentToolGuidance } from './utils/system-info.js';
 // Get system information once at startup
@@ -257,24 +257,72 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
                     description: `
                         Start a streaming search that can return results progressively.
                         
+                        SEARCH STRATEGY GUIDE:
+                        Choose the right search type based on what the user is looking for:
+                        
+                        USE searchType="files" WHEN:
+                        - User asks for specific files: "find package.json", "locate config files"
+                        - Pattern looks like a filename: "*.js", "README.md", "test-*.tsx" 
+                        - User wants to find files by name/extension: "all TypeScript files", "Python scripts"
+                        - Looking for configuration/setup files: ".env", "dockerfile", "tsconfig.json"
+                        
+                        USE searchType="content" WHEN:
+                        - User asks about code/logic: "authentication logic", "error handling", "API calls"
+                        - Looking for functions/variables: "getUserData function", "useState hook"
+                        - Searching for text/comments: "TODO items", "FIXME comments", "documentation"
+                        - Finding patterns in code: "console.log statements", "import statements"
+                        - User describes functionality: "components that handle login", "files with database queries"
+                        
+                        WHEN UNSURE OR USER REQUEST IS AMBIGUOUS:
+                        Run TWO searches in parallel - one for files and one for content:
+                        
+                        Example approach for ambiguous queries like "find authentication stuff":
+                        1. Start file search: searchType="files", pattern="auth"
+                        2. Simultaneously start content search: searchType="content", pattern="authentication"  
+                        3. Present combined results: "Found 3 auth-related files and 8 files containing authentication code"
+                        
                         SEARCH TYPES:
                         - searchType="files": Find files by name (pattern matches file names)
                         - searchType="content": Search inside files for text patterns
                         
+                        PATTERN MATCHING MODES:
+                        - Default (literalSearch=false): Patterns are treated as regular expressions
+                        - Literal (literalSearch=true): Patterns are treated as exact strings
+                        
+                        WHEN TO USE literalSearch=true:
+                        Use literal search when searching for code patterns with special characters:
+                        - Function calls with parentheses and quotes
+                        - Array access with brackets
+                        - Object methods with dots and parentheses
+                        - File paths with backslashes
+                        - Any pattern containing: . * + ? ^ $ { } [ ] | \\ ( )
+                        
                         IMPORTANT PARAMETERS:
                         - pattern: What to search for (file names OR content text)
+                        - literalSearch: Use exact string matching instead of regex (default: false)
                         - filePattern: Optional filter to limit search to specific file types (e.g., "*.js", "package.json")
                         - ignoreCase: Case-insensitive search (default: true). Works for both file names and content.
                         - earlyTermination: Stop search early when exact filename match is found (optional: defaults to true for file searches, false for content searches)
                         
-                        EXAMPLES:
-                        - Find package.json files: searchType="files", pattern="package.json", filePattern="package.json"
-                        - Find all JS files: searchType="files", pattern="*.js" (or use filePattern="*.js")
-                        - Search for "TODO" in code: searchType="content", pattern="TODO", filePattern="*.js|*.ts"
-                        - Case-sensitive file search: searchType="files", pattern="README", ignoreCase=false
-                        - Case-insensitive file search: searchType="files", pattern="readme", ignoreCase=true
-                        - Find exact file, stop after first match: searchType="files", pattern="config.json", earlyTermination=true
-                        - Find all matching files: searchType="files", pattern="test.js", earlyTermination=false
+                        DECISION EXAMPLES:
+                        - "find package.json" → searchType="files", pattern="package.json" (specific file)
+                        - "find authentication components" → searchType="content", pattern="authentication" (looking for functionality)
+                        - "locate all React components" → searchType="files", pattern="*.tsx" or "*.jsx" (file pattern)
+                        - "find TODO comments" → searchType="content", pattern="TODO" (text in files)
+                        - "show me login files" → AMBIGUOUS → run both: files with "login" AND content with "login"
+                        - "find config" → AMBIGUOUS → run both: config files AND files containing config code
+                        
+                        COMPREHENSIVE SEARCH EXAMPLES:
+                        - Find package.json files: searchType="files", pattern="package.json"
+                        - Find all JS files: searchType="files", pattern="*.js"
+                        - Search for TODO in code: searchType="content", pattern="TODO", filePattern="*.js|*.ts"
+                        - Search for exact code: searchType="content", pattern="toast.error('test')", literalSearch=true
+                        - Ambiguous request "find auth stuff": Run two searches:
+                          1. searchType="files", pattern="auth"
+                          2. searchType="content", pattern="authentication"
+                        
+                        PRO TIP: When user requests are ambiguous about whether they want files or content,
+                        run both searches concurrently and combine results for comprehensive coverage.
                         
                         Unlike regular search tools, this starts a background search process and returns
                         immediately with a session ID. Use get_more_search_results to get results as they
@@ -635,6 +683,10 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
                         These IDs are for your reference only. Show users only the prompt titles and descriptions.
                         The IDs will be provided in the response metadata for your use.
                         
+                        DESKTOP COMMANDER INTRODUCTION: If a user asks "what is Desktop Commander?" or similar questions 
+                        about what Desktop Commander can do, answer that there are example use cases and tutorials 
+                        available, then call get_prompts with action='list_prompts' and category='onboarding' to show them.
+                        
                         ACTIONS:
                         - list_categories: Show all available prompt categories
                         - list_prompts: List prompts (optionally filtered by category)  
@@ -673,6 +725,17 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         if (name === 'set_config_value' && args && typeof args === 'object' && 'key' in args) {
             telemetryData.set_config_value_key_name = args.key;
         }
+        if (name === 'get_prompts' && args && typeof args === 'object') {
+            const promptArgs = args;
+            telemetryData.action = promptArgs.action;
+            if (promptArgs.category) {
+                telemetryData.category = promptArgs.category;
+                telemetryData.has_category_filter = true;
+            }
+            if (promptArgs.promptId) {
+                telemetryData.prompt_id = promptArgs.promptId;
+            }
+        }
         capture_call_tool('server_call_tool', telemetryData);
         // Track tool call
         trackToolCall(name, args);
@@ -719,6 +782,70 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             case "get_prompts":
                 try {
                     result = await getPrompts(args || {});
+                    // Capture detailed analytics for all successful get_prompts actions
+                    if (args && typeof args === 'object' && !result.isError) {
+                        const action = args.action;
+                        try {
+                            if (action === 'get_prompt' && args.promptId) {
+                                // Existing get_prompt analytics
+                                const { loadPromptsData } = await import('./tools/prompts.js');
+                                const promptsData = await loadPromptsData();
+                                const prompt = promptsData.prompts.find(p => p.id === args.promptId);
+                                if (prompt) {
+                                    await capture('server_get_prompt', {
+                                        prompt_id: prompt.id,
+                                        prompt_title: prompt.title,
+                                        category: prompt.categories[0] || 'uncategorized',
+                                        author: prompt.author,
+                                        verified: prompt.verified
+                                    });
+                                }
+                            }
+                            else if (action === 'list_categories') {
+                                // New analytics for category browsing
+                                const { loadPromptsData } = await import('./tools/prompts.js');
+                                const promptsData = await loadPromptsData();
+                                // Extract unique categories and count prompts in each
+                                const categoryMap = new Map();
+                                promptsData.prompts.forEach(prompt => {
+                                    prompt.categories.forEach(category => {
+                                        categoryMap.set(category, (categoryMap.get(category) || 0) + 1);
+                                    });
+                                });
+                                await capture('server_list_prompt_categories', {
+                                    total_categories: categoryMap.size,
+                                    total_prompts: promptsData.prompts.length,
+                                    categories_available: Array.from(categoryMap.keys())
+                                });
+                            }
+                            else if (action === 'list_prompts') {
+                                // New analytics for prompt list browsing
+                                const { loadPromptsData } = await import('./tools/prompts.js');
+                                const promptsData = await loadPromptsData();
+                                const category = args.category;
+                                let filteredPrompts = promptsData.prompts;
+                                if (category) {
+                                    filteredPrompts = promptsData.prompts.filter(prompt => prompt.categories.includes(category));
+                                }
+                                await capture('server_list_category_prompts', {
+                                    category_filter: category || 'all',
+                                    has_category_filter: !!category,
+                                    prompts_shown: filteredPrompts.length,
+                                    total_prompts_available: promptsData.prompts.length,
+                                    prompt_ids_shown: filteredPrompts.map(p => p.id)
+                                });
+                            }
+                        }
+                        catch (error) {
+                            // Don't fail the request if analytics fail
+                        }
+                    }
+                    // Track if user used get_prompts after seeing onboarding invitation (for state management only)
+                    const onboardingState = await usageTracker.getOnboardingState();
+                    if (onboardingState.attemptsShown > 0 && !onboardingState.promptsUsed) {
+                        // Mark that they used prompts after seeing onboarding (stops future onboarding messages)
+                        await usageTracker.markOnboardingPromptsUsed();
+                    }
                 }
                 catch (error) {
                     capture('server_request_error', { message: `Error in get_prompts handler: ${error}` });
@@ -816,6 +943,40 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         else {
             await usageTracker.trackSuccess(name);
             console.log(`[FEEDBACK DEBUG] Tool ${name} succeeded, checking feedback...`);
+            // Check if should show onboarding (before feedback - first-time users are priority)
+            const shouldShowOnboarding = await usageTracker.shouldShowOnboarding();
+            console.log(`[ONBOARDING DEBUG] Should show onboarding: ${shouldShowOnboarding}`);
+            if (shouldShowOnboarding) {
+                console.log(`[ONBOARDING DEBUG] Generating onboarding message...`);
+                const onboardingResult = await usageTracker.getOnboardingMessage();
+                console.log(`[ONBOARDING DEBUG] Generated variant: ${onboardingResult.variant}`);
+                // Capture onboarding prompt injection event
+                const stats = await usageTracker.getStats();
+                await capture('server_onboarding_shown', {
+                    trigger_tool: name,
+                    total_calls: stats.totalToolCalls,
+                    successful_calls: stats.successfulCalls,
+                    days_since_first_use: Math.floor((Date.now() - stats.firstUsed) / (1000 * 60 * 60 * 24)),
+                    total_sessions: stats.totalSessions,
+                    message_variant: onboardingResult.variant
+                });
+                // Inject onboarding message for the LLM
+                if (result.content && result.content.length > 0 && result.content[0].type === "text") {
+                    const currentContent = result.content[0].text || '';
+                    result.content[0].text = `${currentContent}${onboardingResult.message}`;
+                }
+                else {
+                    result.content = [
+                        ...(result.content || []),
+                        {
+                            type: "text",
+                            text: onboardingResult.message
+                        }
+                    ];
+                }
+                // Mark that we've shown onboarding (to prevent spam)
+                await usageTracker.markOnboardingShown(onboardingResult.variant);
+            }
             // Check if should prompt for feedback (only on successful operations)
             const shouldPrompt = await usageTracker.shouldPromptForFeedback();
             console.log(`[FEEDBACK DEBUG] Should prompt for feedback: ${shouldPrompt}`);
@@ -869,3 +1030,5 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         };
     }
 });
+// Add no-op handlers so Visual Studio initialization succeeds
+server.setRequestHandler(ListResourceTemplatesRequestSchema, async () => ({ resourceTemplates: [] }));

package/dist/tools/config.js

@@ -81,20 +81,22 @@ export async function setConfigValue(args) {
             if ((parsed.data.key === 'allowedDirectories' || parsed.data.key === 'blockedCommands') &&
                 !Array.isArray(valueToStore)) {
                 if (typeof valueToStore === 'string') {
+                    const originalString = valueToStore;
                     try {
-                        valueToStore = JSON.parse(valueToStore);
+                        const parsedValue = JSON.parse(originalString);
+                        valueToStore = parsedValue;
                     }
                     catch (parseError) {
                         console.error(`Failed to parse string as array for ${parsed.data.key}: ${parseError}`);
                         // If parsing failed and it's a single value, convert to an array with one item
-                        if (!valueToStore.includes('[')) {
-                            valueToStore = [valueToStore];
+                        if (!originalString.includes('[')) {
+                            valueToStore = [originalString];
                         }
                     }
                 }
-                else {
-                    // If not a string or array, convert to an array with one item
-                    valueToStore = [valueToStore];
+                else if (valueToStore !== null) {
+                    // If not a string or array (and not null), convert to an array with one item
+                    valueToStore = [String(valueToStore)];
                 }
                 // Ensure the value is an array after all our conversions
                 if (!Array.isArray(valueToStore)) {

package/dist/tools/pdf-processor.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/pdf-processor.js

@@ -0,0 +1,3 @@
+export {};
+// PDF processing is no longer needed - PDFs are handled like images as base64 documents
+// This file is kept for potential future enhancements but currently unused

package/dist/tools/prompts.d.ts

@@ -1,5 +1,28 @@
 import { ServerResult } from '../types.js';
+interface Prompt {
+    id: string;
+    title: string;
+    description: string;
+    prompt: string;
+    categories: string[];
+    secondaryTag?: string;
+    votes: number;
+    gaClicks: number;
+    icon: string;
+    author: string;
+    verified: boolean;
+}
+export interface PromptsData {
+    version: string;
+    description: string;
+    prompts: Prompt[];
+}
+/**
+ * Load prompts data from JSON file with caching
+ */
+export declare function loadPromptsData(): Promise<PromptsData>;
 /**
  * Get prompts - main entry point for the tool
  */
 export declare function getPrompts(params: any): Promise<ServerResult>;
+export {};