@x-code-cli/core 0.2.10 → 0.3.0

package/dist/mcp/config-writer.js

@@ -0,0 +1,138 @@
+// @x-code-cli/core — Read/write `mcpServers` in user / project config.json
+//
+// Drives `/mcp add` and `/mcp remove`. The job is small but error-prone:
+//   - preserve unrelated top-level fields (theme, model, thinking, etc.)
+//   - preserve other mcpServers entries when adding/removing one
+//   - write atomically so a Ctrl-C mid-write can't corrupt the file
+//   - never read once, write later — re-read at write time so we don't
+//     stomp on a concurrent edit (rare but cheap to guard against)
+//
+// The writer validates every config it persists against the same Zod
+// schema the loader uses, so add-json input that would be rejected at
+// load time is rejected here instead — fail-fast at the entry point.
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { getUserConfigPath } from '../config/index.js';
+import { XCODE_DIR } from '../utils.js';
+import { parseServerConfig } from './config-schema.js';
+/** Where each scope's config.json lives. Mirrors the same paths the loader
+ *  reads from, so a write here is guaranteed to be picked up on the next
+ *  load (or `/mcp refresh`). */
+export function getConfigPath(scope, cwd) {
+    if (scope === 'user')
+        return getUserConfigPath();
+    return path.join(cwd, XCODE_DIR, 'config.json');
+}
+/** Read the parsed JSON object at the given scope. Returns `{}` when the
+ *  file doesn't exist, is empty, or is malformed — the caller treats
+ *  those uniformly as "no MCP servers configured here yet". */
+async function readConfigObject(scope, cwd) {
+    const file = getConfigPath(scope, cwd);
+    let raw;
+    try {
+        raw = await fs.readFile(file, 'utf-8');
+    }
+    catch {
+        return {};
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+            return parsed;
+        }
+    }
+    catch {
+        // Malformed JSON. We deliberately don't overwrite without a parse —
+        // bail and let the caller surface an error. Returning {} here would
+        // mask a corrupt config and writing would clobber whatever was there.
+        throw new Error(`Config file at ${file} is not valid JSON. Fix it manually before running /mcp add or /mcp remove.`);
+    }
+    return {};
+}
+/** Atomic JSON write: write to tmp, then rename. Trailing newline + 2-space
+ *  indent matches the convention used elsewhere (saveUserConfig). */
+async function writeConfigObject(scope, cwd, obj) {
+    const file = getConfigPath(scope, cwd);
+    await fs.mkdir(path.dirname(file), { recursive: true });
+    const tmp = file + '.tmp';
+    await fs.writeFile(tmp, JSON.stringify(obj, null, 2) + '\n', 'utf-8');
+    await fs.rename(tmp, file);
+}
+export async function detectScope(name, cwd) {
+    const [user, project] = await Promise.all([serverExists(name, 'user', cwd), serverExists(name, 'project', cwd)]);
+    if (user && project)
+        return { kind: 'both' };
+    if (user)
+        return { kind: 'user' };
+    if (project)
+        return { kind: 'project' };
+    return { kind: 'not-found' };
+}
+export async function serverExists(name, scope, cwd) {
+    const obj = await readConfigObject(scope, cwd);
+    const servers = obj.mcpServers;
+    if (!servers || typeof servers !== 'object' || Array.isArray(servers))
+        return false;
+    return Object.prototype.hasOwnProperty.call(servers, name);
+}
+/** Add a server to the given scope's config.json. Refuses to overwrite —
+ *  caller must check duplicates first via `serverExists` and surface a
+ *  helpful error including current vs. attempted config. */
+export async function writeServerToConfig(name, config, scope, cwd) {
+    // Validate first. Bad JSON via /mcp add-json shouldn't get written and
+    // then explode at next launch — fail at the entry point with a clear
+    // schema error.
+    const validated = parseServerConfig(name, config);
+    const obj = await readConfigObject(scope, cwd);
+    const existing = obj.mcpServers;
+    const servers = existing && typeof existing === 'object' && !Array.isArray(existing)
+        ? { ...existing }
+        : {};
+    servers[name] = validated;
+    obj.mcpServers = servers;
+    await writeConfigObject(scope, cwd, obj);
+    return { path: getConfigPath(scope, cwd) };
+}
+/** Remove a server from the given scope's config.json. Idempotent: returns
+ *  `removed: false` when the name wasn't present (or the file didn't exist).
+ *  Leaves the file with an empty `mcpServers: {}` rather than deleting the
+ *  field — preserves the spot for future adds and avoids churn that would
+ *  surprise users diffing the file in git. */
+export async function removeServerFromConfig(name, scope, cwd) {
+    const file = getConfigPath(scope, cwd);
+    const obj = await readConfigObject(scope, cwd);
+    const existing = obj.mcpServers;
+    if (!existing || typeof existing !== 'object' || Array.isArray(existing)) {
+        return { path: file, removed: false };
+    }
+    const servers = existing;
+    if (!Object.prototype.hasOwnProperty.call(servers, name)) {
+        return { path: file, removed: false };
+    }
+    const next = {};
+    for (const [k, v] of Object.entries(servers)) {
+        if (k !== name)
+            next[k] = v;
+    }
+    obj.mcpServers = next;
+    await writeConfigObject(scope, cwd, obj);
+    return { path: file, removed: true };
+}
+/** Read the current config for `name` from the given scope, for the
+ *  "already exists, here's what's there" path of /mcp add. Returns null
+ *  if not present. Best-effort: a malformed entry returns null rather
+ *  than throwing — the duplicate-check use case shouldn't crash. */
+export async function readServerConfig(name, scope, cwd) {
+    try {
+        const obj = await readConfigObject(scope, cwd);
+        const servers = obj.mcpServers;
+        if (!servers || typeof servers !== 'object' || Array.isArray(servers))
+            return null;
+        const value = servers[name];
+        return value ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=config-writer.js.map

package/dist/mcp/config-writer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-writer.js","sourceRoot":"","sources":["../../src/mcp/config-writer.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,iEAAiE;AACjE,oEAAoE;AACpE,uEAAuE;AACvE,mEAAmE;AACnE,EAAE;AACF,qEAAqE;AACrE,sEAAsE;AACtE,qEAAqE;AACrE,OAAO,EAAE,MAAM,kBAAkB,CAAA;AACjC,OAAO,IAAI,MAAM,WAAW,CAAA;AAE5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAKtD;;gCAEgC;AAChC,MAAM,UAAU,aAAa,CAAC,KAAkB,EAAE,GAAW;IAC3D,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,iBAAiB,EAAE,CAAA;IAChD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,CAAC,CAAA;AACjD,CAAC;AAED;;+DAE+D;AAC/D,KAAK,UAAU,gBAAgB,CAAC,KAAkB,EAAE,GAAW;IAC7D,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACtC,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAA;QACzC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,OAAO,MAAiC,CAAA;QAC1C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oEAAoE;QACpE,oEAAoE;QACpE,sEAAsE;QACtE,MAAM,IAAI,KAAK,CAAC,kBAAkB,IAAI,6EAA6E,CAAC,CAAA;IACtH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;qEACqE;AACrE,KAAK,UAAU,iBAAiB,CAAC,KAAkB,EAAE,GAAW,EAAE,GAA4B;IAC5F,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACvD,MAAM,GAAG,GAAG,IAAI,GAAG,MAAM,CAAA;IACzB,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAA;IACrE,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;AAC5B,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAY,EAAE,GAAW;IACzD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,CAAA;IAChH,IAAI,IAAI,IAAI,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;IAC5C,IAAI,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;IACjC,IAAI,OAAO;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IACvC,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAA;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,KAAkB,EAAE,GAAW;IAC9E,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAA;IAC9B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACnF,OAAO,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AAC5D,CAAC;AAED;;4DAE4D;AAC5D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAY,EACZ,MAAuB,EACvB,KAAkB,EAClB,GAAW;IAEX,uEAAuE;IACvE,qEAAqE;IACrE,gBAAgB;IAChB,MAAM,SAAS,GAAG,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IAEjD,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAA;IAC/B,MAAM,OAAO,GACX,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClE,CAAC,CAAC,EAAE,GAAI,QAAoC,EAAE;QAC9C,CAAC,CAAC,EAAE,CAAA;IACR,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAA;IACzB,GAAG,CAAC,UAAU,GAAG,OAAO,CAAA;IACxB,MAAM,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IACxC,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAA;AAC5C,CAAC;AAED;;;;8CAI8C;AAC9C,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAY,EACZ,KAAkB,EAClB,GAAW;IAEX,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IACtC,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAA;IAC/B,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACvC,CAAC;IACD,MAAM,OAAO,GAAG,QAAmC,CAAA;IACnD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IACvC,CAAC;IACD,MAAM,IAAI,GAA4B,EAAE,CAAA;IACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,KAAK,IAAI;YAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IAC7B,CAAC;IACD,GAAG,CAAC,UAAU,GAAG,IAAI,CAAA;IACrB,MAAM,iBAAiB,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IACxC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AACtC,CAAC;AAED;;;oEAGoE;AACpE,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAY,EAAE,KAAkB,EAAE,GAAW;IAClF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,gBAAgB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAA;QAC9B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAA;QAClF,MAAM,KAAK,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAA;QACxD,OAAO,KAAK,IAAI,IAAI,CAAA;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}

package/dist/mcp/env-safety.d.ts

@@ -0,0 +1,12 @@
+export declare class UnsafeEnvError extends Error {
+    readonly key: string;
+    constructor(key: string);
+}
+/** Throw {@link UnsafeEnvError} if `env` contains a denylisted key.
+ *
+ *  Comparison is case-insensitive: Windows env names are case-insensitive
+ *  at the OS level, so rejecting `NODE_OPTIONS` while allowing
+ *  `Node_Options` would be theatre. POSIX env names are case-sensitive but
+ *  no legitimate config uses non-uppercase variants of these keys. */
+export declare function assertSafeEnv(env: Record<string, string> | undefined): void;
+//# sourceMappingURL=env-safety.d.ts.map

package/dist/mcp/env-safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-safety.d.ts","sourceRoot":"","sources":["../../src/mcp/env-safety.ts"],"names":[],"mappings":"AAuDA,qBAAa,cAAe,SAAQ,KAAK;aACX,GAAG,EAAE,MAAM;gBAAX,GAAG,EAAE,MAAM;CASxC;AAED;;;;;sEAKsE;AACtE,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,GAAG,IAAI,CAO3E"}

package/dist/mcp/env-safety.js

@@ -0,0 +1,80 @@
+// @x-code-cli/core — Reject env vars that are runtime code-injection vectors
+//
+// MCP stdio servers inherit an `env` map straight through to spawn(). That
+// map can come from three sources:
+//   1. the user typing `xc mcp add --env KEY=VAL`
+//   2. the project / user mcp.json file
+//   3. a plugin manifest declaring its own mcpServers
+//
+// (3) is the one this module exists to defend. Plugins run with the trust
+// the user gave them at install time, but a key like `NODE_OPTIONS=--require
+// ./evil.js` would let a plugin turn any node-based MCP server into
+// arbitrary code execution the next time it starts — escalating from
+// "manifest install" to "RCE under the user's account". The same trick
+// works on Linux (LD_PRELOAD) and macOS (DYLD_INSERT_LIBRARIES), and on
+// Python/Perl/Ruby runtimes via their respective *STARTUP / *OPT names.
+//
+// We sit at the spawn boundary (registry.connectOneServer) so every source
+// is covered by one check, not just the CLI parser.
+//
+// This is a denylist, not an allowlist: legitimate MCP servers need to
+// accept arbitrary env keys for API tokens / app config, so an allowlist
+// would be unworkable. The denylist is short and targeted at names whose
+// only legitimate purpose is "load this code on start".
+/** Env names that runtimes interpret as "load this code on start".
+ *  Compared case-insensitively (see {@link assertSafeEnv}). */
+const DANGEROUS_ENV_KEYS = new Set([
+    // Node
+    'NODE_OPTIONS',
+    // Linux dynamic linker
+    'LD_PRELOAD',
+    'LD_LIBRARY_PATH',
+    'LD_AUDIT',
+    // macOS dynamic linker
+    'DYLD_INSERT_LIBRARIES',
+    'DYLD_LIBRARY_PATH',
+    'DYLD_FRAMEWORK_PATH',
+    'DYLD_FALLBACK_LIBRARY_PATH',
+    'DYLD_FALLBACK_FRAMEWORK_PATH',
+    // Shell init / per-command hooks. BASH_ENV runs on non-interactive bash;
+    // ENV runs on POSIX sh; PROMPT_COMMAND on every interactive prompt.
+    'BASH_ENV',
+    'ENV',
+    'PROMPT_COMMAND',
+    // Python
+    'PYTHONSTARTUP',
+    'PYTHONPATH',
+    // Perl
+    'PERL5OPT',
+    'PERL5LIB',
+    // Ruby
+    'RUBYOPT',
+    'RUBYLIB',
+]);
+export class UnsafeEnvError extends Error {
+    key;
+    constructor(key) {
+        super(`Env key "${key}" is blocked by the MCP env safety check: it is a runtime ` +
+            `code-loading hook (NODE_OPTIONS / LD_PRELOAD-class) and would let an MCP ` +
+            `config or plugin manifest run arbitrary code at server start. If you ` +
+            `really need this, export it in the shell that launches xc instead.`);
+        this.key = key;
+        this.name = 'UnsafeEnvError';
+    }
+}
+/** Throw {@link UnsafeEnvError} if `env` contains a denylisted key.
+ *
+ *  Comparison is case-insensitive: Windows env names are case-insensitive
+ *  at the OS level, so rejecting `NODE_OPTIONS` while allowing
+ *  `Node_Options` would be theatre. POSIX env names are case-sensitive but
+ *  no legitimate config uses non-uppercase variants of these keys. */
+export function assertSafeEnv(env) {
+    if (!env)
+        return;
+    for (const k of Object.keys(env)) {
+        if (DANGEROUS_ENV_KEYS.has(k.toUpperCase())) {
+            throw new UnsafeEnvError(k);
+        }
+    }
+}
+//# sourceMappingURL=env-safety.js.map

package/dist/mcp/env-safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env-safety.js","sourceRoot":"","sources":["../../src/mcp/env-safety.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,EAAE;AACF,2EAA2E;AAC3E,mCAAmC;AACnC,kDAAkD;AAClD,wCAAwC;AACxC,sDAAsD;AACtD,EAAE;AACF,0EAA0E;AAC1E,6EAA6E;AAC7E,oEAAoE;AACpE,qEAAqE;AACrE,uEAAuE;AACvE,wEAAwE;AACxE,wEAAwE;AACxE,EAAE;AACF,2EAA2E;AAC3E,oDAAoD;AACpD,EAAE;AACF,uEAAuE;AACvE,yEAAyE;AACzE,yEAAyE;AACzE,wDAAwD;AAExD;+DAC+D;AAC/D,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAS;IACzC,OAAO;IACP,cAAc;IACd,uBAAuB;IACvB,YAAY;IACZ,iBAAiB;IACjB,UAAU;IACV,uBAAuB;IACvB,uBAAuB;IACvB,mBAAmB;IACnB,qBAAqB;IACrB,4BAA4B;IAC5B,8BAA8B;IAC9B,yEAAyE;IACzE,oEAAoE;IACpE,UAAU;IACV,KAAK;IACL,gBAAgB;IAChB,SAAS;IACT,eAAe;IACf,YAAY;IACZ,OAAO;IACP,UAAU;IACV,UAAU;IACV,OAAO;IACP,SAAS;IACT,SAAS;CACV,CAAC,CAAA;AAEF,MAAM,OAAO,cAAe,SAAQ,KAAK;IACX;IAA5B,YAA4B,GAAW;QACrC,KAAK,CACH,YAAY,GAAG,4DAA4D;YACzE,2EAA2E;YAC3E,uEAAuE;YACvE,oEAAoE,CACvE,CAAA;QANyB,QAAG,GAAH,GAAG,CAAQ;QAOrC,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAA;IAC9B,CAAC;CACF;AAED;;;;;sEAKsE;AACtE,MAAM,UAAU,aAAa,CAAC,GAAuC;IACnE,IAAI,CAAC,GAAG;QAAE,OAAM;IAChB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,IAAI,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,cAAc,CAAC,CAAC,CAAC,CAAA;QAC7B,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/mcp/expand-env.d.ts

@@ -0,0 +1,14 @@
+/** Thrown when a ${VAR} reference can't be resolved. The loader catches
+ *  this and marks the server `failed` so the rest of the CLI keeps going. */
+export declare class EnvExpansionError extends Error {
+    varName: string;
+    constructor(varName: string);
+}
+/** Expand all ${VAR} references in a single string. */
+export declare function expandEnvString(input: string, env?: NodeJS.ProcessEnv): string;
+/** Recursively walk a config value and expand strings. Arrays / plain
+ *  objects are traversed; numbers/booleans/null pass through unchanged.
+ *  Returns a deep copy — never mutates the input (important: the input
+ *  may come straight from a cached parsed config object). */
+export declare function expandEnvDeep<T>(value: T, env?: NodeJS.ProcessEnv): T;
+//# sourceMappingURL=expand-env.d.ts.map

package/dist/mcp/expand-env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"expand-env.d.ts","sourceRoot":"","sources":["../../src/mcp/expand-env.ts"],"names":[],"mappings":"AAUA;6EAC6E;AAC7E,qBAAa,iBAAkB,SAAQ,KAAK;IACvB,OAAO,EAAE,MAAM;gBAAf,OAAO,EAAE,MAAM;CAInC;AAID,uDAAuD;AACvD,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CAO3F;AAED;;;6DAG6D;AAC7D,wBAAgB,aAAa,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,CAAC,CAelF"}

package/dist/mcp/expand-env.js

@@ -0,0 +1,52 @@
+// @x-code-cli/core — Environment variable expansion for MCP configs
+//
+// Supports two forms inside any string field of an MCP server config:
+//   ${VAR}             — expand or throw if VAR is unset
+//   ${VAR:-fallback}   — expand or use the literal fallback
+//
+// We intentionally do NOT support arbitrary shell expansion (no `$VAR`
+// without braces, no command substitution, no nested `${${A}}`). Anything
+// fancier should be done in user-land before X-Code launches.
+/** Thrown when a ${VAR} reference can't be resolved. The loader catches
+ *  this and marks the server `failed` so the rest of the CLI keeps going. */
+export class EnvExpansionError extends Error {
+    varName;
+    constructor(varName) {
+        super(`Required environment variable not set: ${varName}`);
+        this.varName = varName;
+        this.name = 'EnvExpansionError';
+    }
+}
+const REF_RE = /\$\{([A-Za-z_][A-Za-z0-9_]*)(?::-([^}]*))?\}/g;
+/** Expand all ${VAR} references in a single string. */
+export function expandEnvString(input, env = process.env) {
+    return input.replace(REF_RE, (match, name, fallback) => {
+        const v = env[name];
+        if (v !== undefined && v !== '')
+            return v;
+        if (fallback !== undefined)
+            return fallback;
+        throw new EnvExpansionError(name);
+    });
+}
+/** Recursively walk a config value and expand strings. Arrays / plain
+ *  objects are traversed; numbers/booleans/null pass through unchanged.
+ *  Returns a deep copy — never mutates the input (important: the input
+ *  may come straight from a cached parsed config object). */
+export function expandEnvDeep(value, env = process.env) {
+    if (typeof value === 'string') {
+        return expandEnvString(value, env);
+    }
+    if (Array.isArray(value)) {
+        return value.map((v) => expandEnvDeep(v, env));
+    }
+    if (value !== null && typeof value === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = expandEnvDeep(v, env);
+        }
+        return out;
+    }
+    return value;
+}
+//# sourceMappingURL=expand-env.js.map

package/dist/mcp/expand-env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"expand-env.js","sourceRoot":"","sources":["../../src/mcp/expand-env.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,EAAE;AACF,sEAAsE;AACtE,yDAAyD;AACzD,4DAA4D;AAC5D,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAC1E,8DAA8D;AAE9D;6EAC6E;AAC7E,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACvB;IAAnB,YAAmB,OAAe;QAChC,KAAK,CAAC,0CAA0C,OAAO,EAAE,CAAC,CAAA;QADzC,YAAO,GAAP,OAAO,CAAQ;QAEhC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAA;IACjC,CAAC;CACF;AAED,MAAM,MAAM,GAAG,+CAA+C,CAAA;AAE9D,uDAAuD;AACvD,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,MAAyB,OAAO,CAAC,GAAG;IACjF,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,IAAY,EAAE,QAAiB,EAAE,EAAE;QACtE,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,CAAA;QACnB,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,CAAC,CAAA;QACzC,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,QAAQ,CAAA;QAC3C,MAAM,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;6DAG6D;AAC7D,MAAM,UAAU,aAAa,CAAI,KAAQ,EAAE,MAAyB,OAAO,CAAC,GAAG;IAC7E,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,eAAe,CAAC,KAAK,EAAE,GAAG,CAAiB,CAAA;IACpD,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAiB,CAAA;IAChE,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAA;QACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;QAChC,CAAC;QACD,OAAO,GAAmB,CAAA;IAC5B,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC"}

package/dist/mcp/loader.d.ts

@@ -0,0 +1,81 @@
+import { type ConnectResult, McpRegistry, type OAuthProviderFactory, type RegisteredServer } from './registry.js';
+import { type McpResourceEntry, type McpServerConfig, type McpToolEntry } from './types.js';
+export type { OAuthProviderFactory };
+export type { RegisteredServer, ConnectResult };
+export type { McpResourceEntry, McpToolEntry };
+export interface LoadOptions {
+    /** mcpServers from ~/.x-code/config.json. Trusted implicitly. */
+    userServers: Record<string, McpServerConfig> | undefined;
+    /** mcpServers from <project>/.x-code/config.json. Requires consent. */
+    projectServers: Record<string, McpServerConfig> | undefined;
+    /** mcpServers contributed by enabled plugins. Trusted implicitly —
+     *  the user already consented to the plugin at install time, so
+     *  re-running the project-MCP trust dialog for plugin servers would
+     *  be a duplicate prompt. Merged at the same precedence as
+     *  `userServers` (project entries still override on name collision). */
+    extraServers?: Record<string, McpServerConfig>;
+    /** Absolute project path (cwd at CLI start). Used as the trust key. */
+    projectPath: string;
+    /** Renders the trust dialog. Same shape as `AgentCallbacks.onAskUser`. */
+    askUser: (question: string, options: Array<{
+        label: string;
+        description: string;
+    }>) => Promise<string>;
+    /** Factory for OAuth providers. Optional — pass undefined to disable
+     *  OAuth (HTTP servers requiring auth will be marked `needs_auth`). */
+    oauthProviderFor?: OAuthProviderFactory;
+    /** Called after the loader decides to terminate the process — the CLI
+     *  layer wires this to a clean shutdown path. Defaults to no-op
+     *  (caller is responsible). */
+    onExitRequested?: () => void;
+}
+export interface LoadResult {
+    registry: McpRegistry;
+    /** Configuration / parse errors collected before any server was even
+     *  contacted. Surfaced in `/mcp list` so users see typos in their
+     *  config alongside actual connection failures. */
+    configErrors: Array<{
+        name: string;
+        message: string;
+    }>;
+    /** True iff project-level mcpServers were skipped because the user
+     *  declined trust. The CLI uses this to print a heads-up message. */
+    projectSkipped: boolean;
+}
+/** Load the standard config files from disk + invoke the loader.
+ *  Convenience wrapper used by the CLI entry point so it doesn't have
+ *  to know about file paths. */
+export declare function loadMcpFromDisk(opts: {
+    cwd: string;
+    askUser: LoadOptions['askUser'];
+    oauthProviderFor?: OAuthProviderFactory;
+    onExitRequested?: () => void;
+    /** Plugin-contributed mcpServers — already-trusted, merged into the
+     *  effective config alongside user-level servers. Built by
+     *  packages/core/src/plugins/integration.ts. */
+    extraServers?: Record<string, McpServerConfig>;
+}): Promise<LoadResult>;
+/** Re-read configs from disk + apply the trust gate, but DON'T spawn any
+ *  servers. Used by `/mcp refresh` so the caller can hand the resulting
+ *  merged map to `registry.restartAll(...)` — that mutates the existing
+ *  registry in place rather than allocating a parallel one. */
+export declare function loadMergedConfigsFromDisk(opts: {
+    cwd: string;
+    askUser: LoadOptions['askUser'];
+    /** Plugin-contributed mcpServers (from `buildPluginIntegration().mcpServers`).
+     *  Merged between user and project, matching the precedence in
+     *  [[loadMcpServers]]. Pass these on `/mcp refresh` and `/plugin refresh`
+     *  so plugin-contributed servers aren't silently dropped during a reload. */
+    extraServers?: Record<string, McpServerConfig>;
+}): Promise<{
+    configs: Map<string, McpServerConfig>;
+    configErrors: Array<{
+        name: string;
+        message: string;
+    }>;
+    projectSkipped: boolean;
+}>;
+/** Pure loader (no disk I/O on configs — caller injects them).
+ *  Easier to test and lets the CLI control config sourcing. */
+export declare function loadMcpServers(options: LoadOptions): Promise<LoadResult>;
+//# sourceMappingURL=loader.d.ts.map

package/dist/mcp/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/mcp/loader.ts"],"names":[],"mappings":"AAeA,OAAO,EACL,KAAK,aAAa,EAClB,WAAW,EACX,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EAGtB,MAAM,eAAe,CAAA;AAEtB,OAAO,EAAE,KAAK,gBAAgB,EAAE,KAAK,eAAe,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAA;AAG3F,YAAY,EAAE,oBAAoB,EAAE,CAAA;AACpC,YAAY,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAA;AAC/C,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAA;AAE9C,MAAM,WAAW,WAAW;IAC1B,iEAAiE;IACjE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,CAAA;IACxD,uEAAuE;IACvE,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,CAAA;IAC3D;;;;4EAIwE;IACxE,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IAC9C,uEAAuE;IACvE,WAAW,EAAE,MAAM,CAAA;IACnB,0EAA0E;IAC1E,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACtG;2EACuE;IACvE,gBAAgB,CAAC,EAAE,oBAAoB,CAAA;IACvC;;mCAE+B;IAC/B,eAAe,CAAC,EAAE,MAAM,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,WAAW,CAAA;IACrB;;uDAEmD;IACnD,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACtD;yEACqE;IACrE,cAAc,EAAE,OAAO,CAAA;CACxB;AAED;;gCAEgC;AAChC,wBAAsB,eAAe,CAAC,IAAI,EAAE;IAC1C,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,CAAA;IAC/B,gBAAgB,CAAC,EAAE,oBAAoB,CAAA;IACvC,eAAe,CAAC,EAAE,MAAM,IAAI,CAAA;IAC5B;;oDAEgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;CAC/C,GAAG,OAAO,CAAC,UAAU,CAAC,CAYtB;AAED;;;+DAG+D;AAC/D,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,CAAA;IAC/B;;;iFAG6E;IAC7E,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;CAC/C,GAAG,OAAO,CAAC;IACV,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACrC,YAAY,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACtD,cAAc,EAAE,OAAO,CAAA;CACxB,CAAC,CAmDD;AAED;+DAC+D;AAC/D,wBAAsB,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CA8G9E"}

package/dist/mcp/loader.js

@@ -0,0 +1,223 @@
+// @x-code-cli/core — MCP startup loader
+//
+// One-shot orchestration called from the CLI entry: read user + project
+// configs, apply the trust gate to anything project-level, expand env
+// vars, spawn / dial every enabled server in parallel, build a registry
+// that can later be mutated by `/mcp refresh` and `/mcp auth`. Failures
+// on individual servers are recorded but never abort the boot —
+// `/mcp list` is the user's window into what went wrong.
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { getUserConfigPath } from '../config/index.js';
+import { XCODE_DIR, debugLog } from '../utils.js';
+import { parseServersBlock } from './config-schema.js';
+import { buildCallableName as buildCallable } from './name-mangling.js';
+import { McpRegistry, connectOneServer, emptyRegistry, } from './registry.js';
+import { buildServerPreview, isProjectTrusted, promptForTrust, trustProject } from './trust.js';
+/** Load the standard config files from disk + invoke the loader.
+ *  Convenience wrapper used by the CLI entry point so it doesn't have
+ *  to know about file paths. */
+export async function loadMcpFromDisk(opts) {
+    const userServers = await readMcpServersFromFile(getUserConfigPath());
+    const projectServers = await readMcpServersFromFile(path.join(opts.cwd, XCODE_DIR, 'config.json'));
+    return loadMcpServers({
+        userServers,
+        projectServers,
+        extraServers: opts.extraServers,
+        projectPath: opts.cwd,
+        askUser: opts.askUser,
+        oauthProviderFor: opts.oauthProviderFor,
+        onExitRequested: opts.onExitRequested,
+    });
+}
+/** Re-read configs from disk + apply the trust gate, but DON'T spawn any
+ *  servers. Used by `/mcp refresh` so the caller can hand the resulting
+ *  merged map to `registry.restartAll(...)` — that mutates the existing
+ *  registry in place rather than allocating a parallel one. */
+export async function loadMergedConfigsFromDisk(opts) {
+    const userServers = await readMcpServersFromFile(getUserConfigPath());
+    const projectServers = await readMcpServersFromFile(path.join(opts.cwd, XCODE_DIR, 'config.json'));
+    const configErrors = [];
+    let projectSkipped = false;
+    const userParsed = parseServersBlock(userServers);
+    configErrors.push(...userParsed.errors.map((e) => ({ name: `user:${e.name}`, message: e.message })));
+    const projectParsed = parseServersBlock(projectServers);
+    configErrors.push(...projectParsed.errors.map((e) => ({ name: `project:${e.name}`, message: e.message })));
+    let projectServersToUse = projectParsed.servers;
+    if (Object.keys(projectServersToUse).length > 0) {
+        const trusted = await isProjectTrusted(opts.cwd);
+        if (!trusted) {
+            const choice = await askForTrust({
+                // Synthesise just enough of a LoadOptions for askForTrust —
+                // only projectPath + askUser are read.
+                userServers,
+                projectServers,
+                projectPath: opts.cwd,
+                askUser: opts.askUser,
+            }, projectServersToUse);
+            if (choice === 'exit') {
+                // /mcp refresh deliberately ignores 'exit' — bailing the whole
+                // CLI from a slash command is too violent. We treat it as
+                // 'skip' so the user can pick again on a real restart.
+                projectServersToUse = {};
+                projectSkipped = true;
+            }
+            else if (choice === 'skip') {
+                projectServersToUse = {};
+                projectSkipped = true;
+            }
+            else if (choice === 'trust') {
+                await trustProject(opts.cwd).catch((err) => {
+                    debugLog('mcp.trust-write-failed', String(err));
+                });
+            }
+        }
+    }
+    // Merge order user → plugin → project, matching the precedence enforced by
+    // loadMcpServers (initial boot). Plugin-contributed entries sit between
+    // user and project so a project-level same-name entry still wins.
+    const merged = new Map(Object.entries({ ...userParsed.servers, ...(opts.extraServers ?? {}), ...projectServersToUse }));
+    return { configs: merged, configErrors, projectSkipped };
+}
+/** Pure loader (no disk I/O on configs — caller injects them).
+ *  Easier to test and lets the CLI control config sourcing. */
+export async function loadMcpServers(options) {
+    const configErrors = [];
+    let projectSkipped = false;
+    // Validate both blocks up front. parseServersBlock tolerates `undefined`
+    // and returns empty maps + zero errors in that case, so users with no
+    // mcpServers configured pay nothing.
+    const userParsed = parseServersBlock(options.userServers);
+    configErrors.push(...userParsed.errors.map((e) => ({ name: `user:${e.name}`, message: e.message })));
+    const projectParsed = parseServersBlock(options.projectServers);
+    configErrors.push(...projectParsed.errors.map((e) => ({ name: `project:${e.name}`, message: e.message })));
+    // Project-level trust gate. If the project has zero servers we skip the
+    // prompt entirely — there's nothing to consent to.
+    let projectServersToUse = projectParsed.servers;
+    const projectServerNames = Object.keys(projectServersToUse);
+    if (projectServerNames.length > 0) {
+        const trusted = await isProjectTrusted(options.projectPath);
+        if (!trusted) {
+            const choice = await askForTrust(options, projectServersToUse);
+            if (choice === 'exit') {
+                options.onExitRequested?.();
+                // Even if the CLI doesn't shut down, returning an empty registry
+                // keeps the rest of the loader well-defined.
+                return { registry: emptyRegistry(), configErrors, projectSkipped: true };
+            }
+            if (choice === 'skip') {
+                projectServersToUse = {};
+                projectSkipped = true;
+            }
+            if (choice === 'trust') {
+                await trustProject(options.projectPath).catch((err) => {
+                    debugLog('mcp.trust-write-failed', String(err));
+                });
+            }
+        }
+    }
+    // Merge order: user → plugin → project. Plugin-contributed servers
+    // (`extraServers`) sit between user and project on purpose:
+    //   - They're already-trusted (consent happened at plugin install) so
+    //     they don't need to pass the trust dialog above, but
+    //   - A name collision with a project-level entry still gives the
+    //     project entry the win (project config is authored by the same
+    //     person whose CLI is running and they may want to override a
+    //     plugin's server choice).
+    const merged = {
+        ...userParsed.servers,
+        ...(options.extraServers ?? {}),
+        ...projectServersToUse,
+    };
+    // No servers configured anywhere → fast-path with an empty registry.
+    // We still pass the oauthFactory so a later /mcp refresh (after the
+    // user adds servers to config + restarts the CLI) would have it —
+    // although in practice the empty-registry path is only hit when both
+    // configs are empty at boot, and a later refresh rebuilds from disk
+    // via the CLI's own loadMcpFromDisk call.
+    if (Object.keys(merged).length === 0) {
+        return {
+            registry: new McpRegistry({ servers: [], tools: [], resources: [], oauthFactory: options.oauthProviderFor }),
+            configErrors,
+            projectSkipped,
+        };
+    }
+    // Spawn / dial in parallel. Each per-server promise is wrapped in
+    // .then/.catch so one timeout doesn't trip the whole boot.
+    const tasks = Object.entries(merged).map(async ([name, rawConfig]) => {
+        return connectOneServer(name, rawConfig, options.oauthProviderFor);
+    });
+    const results = await Promise.all(tasks);
+    // Assemble the registry. Tool name collisions are resolved in
+    // insertion order (first wins; subsequent get hash suffixes), so we
+    // sort by server name for stability — otherwise the order would
+    // depend on which connect() resolved first.
+    results.sort((a, b) => a.server.name.localeCompare(b.server.name));
+    const tools = [];
+    const resources = [];
+    const taken = new Set();
+    for (const r of results) {
+        for (const t of r.tools) {
+            const callable = buildCallable(r.server.name, t.name, taken);
+            taken.add(callable);
+            tools.push({
+                callableName: callable,
+                rawName: t.name,
+                serverName: r.server.name,
+                description: t.description ?? '',
+                inputSchema: t.inputSchema,
+            });
+        }
+        for (const res of r.resources)
+            resources.push(res);
+    }
+    const configs = new Map(Object.entries(merged));
+    const registry = new McpRegistry({
+        servers: results.map((r) => r.server),
+        tools,
+        resources,
+        configs,
+        oauthFactory: options.oauthProviderFor,
+    });
+    return { registry, configErrors, projectSkipped };
+}
+async function askForTrust(options, projectServers) {
+    const summaries = Object.entries(projectServers).map(([name, cfg]) => ({
+        name,
+        preview: buildServerPreview(cfg),
+    }));
+    try {
+        return await promptForTrust(options.projectPath, summaries, options.askUser);
+    }
+    catch (err) {
+        // If the prompt machinery itself fails (no TTY etc.), err on the
+        // safe side: skip project config. Logged for debugging.
+        debugLog('mcp.trust-prompt-failed', String(err));
+        return 'skip';
+    }
+}
+/** Read just the `mcpServers` field out of a JSON config file. Returns
+ *  undefined for missing file / parse error / missing field — all of
+ *  which mean "no MCP servers configured here", never an error to
+ *  surface upward. */
+async function readMcpServersFromFile(filePath) {
+    let raw;
+    try {
+        raw = await fs.readFile(filePath, 'utf-8');
+    }
+    catch {
+        return undefined;
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        if (parsed && typeof parsed === 'object' && parsed.mcpServers) {
+            return parsed.mcpServers;
+        }
+        return undefined;
+    }
+    catch (err) {
+        debugLog('mcp.config-parse-failed', `${filePath}: ${String(err)}`);
+        return undefined;
+    }
+}
+//# sourceMappingURL=loader.js.map