argusqa-os 9.7.3 → 9.7.5

package/glama.json

@@ -1,12 +1,12 @@
 {
   "$schema": "https://glama.ai/mcp/schemas/server.json",
   "name": "argus",
-  "description": "AI-powered QA harness that audits web apps via Chrome DevTools Protocol. Catches JS errors, network failures, a11y violations, SEO issues, security headers, CSS regressions, and more — directly from Claude conversations. 9 MCP tools: argus_audit (fast 8-analyzer pass), argus_audit_full (Lighthouse + memory + responsive), argus_compare (dev vs staging diff), argus_last_report (retrieve last JSON report), argus_watch_snapshot (live tab snapshot without navigating), argus_get_context (LLM-optimized context + fix loop with snapshot_id diff), argus_design_audit (Figma design fidelity — 13 finding types), argus_visual_diff (screenshot baseline comparison, updateBaseline flag), argus_pr_validate (PR diff → affected routes → targeted audit → blocked flag). Every finding is post-processed with intelligent baseline filtering (cross-run noise classifier) and root cause linking (recent git commits mapped to new findings). 141 test blocks, 679 hard assertions, 67 detection categories.",
+  "description": "AI-powered QA harness that audits web apps via Chrome DevTools Protocol. Catches JS errors, network failures, a11y violations, SEO issues, security headers, CSS regressions, and more — directly from Claude conversations. 9 MCP tools: argus_audit (fast 8-analyzer pass), argus_audit_full (Lighthouse + memory + responsive), argus_compare (dev vs staging diff), argus_last_report (retrieve last JSON report), argus_watch_snapshot (live tab snapshot without navigating), argus_get_context (LLM-optimized context + fix loop with snapshot_id diff), argus_design_audit (Figma design fidelity — 13 finding types), argus_visual_diff (screenshot baseline comparison, updateBaseline flag), argus_pr_validate (PR diff → affected routes → targeted audit → blocked flag). Every finding is post-processed with intelligent baseline filtering (cross-run noise classifier) and root cause linking (recent git commits mapped to new findings). 144 test blocks, 738 hard assertions, 67 detection categories.",
   "maintainers": ["ironclawdevs27"],
   "tools": [
     {
       "name": "argus_audit",
-      "description": "Fast QA audit — JS errors, network failures (4xx/5xx), API frequency loops, CSS cascade issues, SEO violations, security headers, accessibility, and content. Returns { findings, summary }. Supports cache: true to skip re-crawl on repeat calls."
+      "description": "Fast QA audit — JS errors, network failures (4xx/5xx), CORS, API frequency loops, slow/blocking third-party requests, API contract violations, SEO violations, security headers, content quality, DevTools Issues panel, and HTTPS enforcement. Returns { findings, summary }. Supports cache: true to skip re-crawl on repeat calls."
     },
     {
       "name": "argus_audit_full",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "argusqa-os",
-  "version": "9.7.3",
+  "version": "9.7.5",
   "mcpName": "io.github.ironclawdevs27/argus",
   "description": "Argus — AI-powered automated dev-testing platform using Chrome DevTools MCP and Claude Code",
   "keywords": [
@@ -48,7 +48,7 @@
     "watch": "node src/orchestration/watch-mode.js",
     "server": "node src/server/index.js",
     "harness": "node test-harness/server.js",
-    "harness:staging": "PORT=3101 node test-harness/server.js",
+    "harness:staging": "node test-harness/server.js --port=3101 --staging",
     "test:harness": "node --env-file=test-harness/.env.harness test-harness/validate.js",
     "test:harness:log": "node test-harness/run-with-log.mjs",
     "test:unit": "vitest run test/unit",

package/src/adapters/browser.js

@@ -21,7 +21,24 @@ export class CdpBrowserAdapter {
   constructor(mcp) { this._mcp = mcp; }
 
   // ── Navigation ──────────────────────────────────────────────────────────────
-  navigate(url)            { return withRetry(() => this._mcp.navigate_page({ url }), { label: `navigate(${url})` }); }
+  // navigate_page reports failures as RESOLVED text ("Unable to navigate ...
+  // net::ERR_CONNECTION_REFUSED", "Could not connect to Chrome ..."), never as a
+  // thrown error. Unchecked, a dead target or dead browser produced a "clean"
+  // audit: analyzers ran against chrome-error://chromewebdata and emitted bogus
+  // findings (or none), and CI gates passed with Chrome down. Throw so failures
+  // propagate through the existing crawl error path.
+  navigate(url) {
+    return withRetry(async () => {
+      const resp = await this._mcp.navigate_page({ url });
+      if (typeof resp === 'string' &&
+          (resp.includes('Unable to navigate') ||
+           resp.includes('Could not connect to Chrome') ||
+           resp.includes('A dialog is open'))) {
+        throw new Error(`navigate(${url}) failed: ${resp.split('\n')[0].slice(0, 200)}`);
+      }
+      return resp;
+    }, { label: `navigate(${url})` });
+  }
 
   // ── Evaluation & snapshots ──────────────────────────────────────────────────
   evaluate(fn)             { return this._mcp.evaluate_script({ function: fn }); }
@@ -41,26 +58,71 @@ export class CdpBrowserAdapter {
   hover(uid)               { return this._mcp.hover({ uid }); }
   drag(src, tgt)           { return this._mcp.drag({ from_uid: src, to_uid: tgt }); }
   uploadFile(uid, filePath) { return this._mcp.upload_file({ uid, filePath }); }
-  handleDialog(accept, promptText = '') { return this._mcp.handle_dialog({ accept, promptText }); }
-  waitFor(opts)            { return this._mcp.wait_for(opts); }
+  // handle_dialog wire schema is { action: 'accept'|'dismiss', promptText? } — sending
+  // { accept: bool } is rejected by the tool's input validation (and the rejection comes
+  // back as a resolved error-text response, so the failure was silent in production).
+  handleDialog(accept, promptText = '') {
+    const args = { action: accept ? 'accept' : 'dismiss' };
+    if (promptText) args.promptText = promptText;
+    return this._mcp.handle_dialog(args);
+  }
+  // wait_for requires text as a non-empty string ARRAY. A bare string is rejected by
+  // input validation, and { state: 'networkidle' } is not part of the tool's schema at
+  // all — both shapes used to resolve to error text and silently wait for nothing.
+  waitFor(opts = {})       {
+    if (typeof opts.text === 'string') opts = { ...opts, text: [opts.text] };
+    if (opts.state === 'networkidle') return this.#waitForNetworkIdle();
+    return this._mcp.wait_for(opts);
+  }
+
+  // Bounded network-quiet poll: resolves once the page's resource-timing entry count
+  // is stable across two consecutive 250 ms polls, or after 3 s — whichever is first.
+  async #waitForNetworkIdle() {
+    let prev = -1;
+    for (let i = 0; i < 12; i++) {
+      const raw = await this.evaluate(`() => performance.getEntriesByType('resource').length`);
+      const count = Number(typeof raw === 'object' ? raw?.result ?? 0 : raw) || 0;
+      if (count === prev) return;
+      prev = count;
+      await new Promise(r => setTimeout(r, 250));
+    }
+  }
 
   // ── Viewport ────────────────────────────────────────────────────────────────
   emulate(viewport)              { return this._mcp.emulate({ viewport }); }
   emulateCpu(rate)               { return this._mcp.emulate({ cpuThrottlingRate: rate }); }
   emulateColorScheme(scheme)     { return this._mcp.emulate({ colorScheme: scheme }); }
-  emulateReducedMotion(pref)     { return this._mcp.emulate({ reducedMotion: pref }); }
+  // chrome-devtools-mcp@1.1.1's emulate tool has no reduced-motion capability — the
+  // unsupported argument comes back as RESOLVED error text ("Unknown argument"), not a
+  // thrown error, so callers' graceful-skip catch paths (motion-analyzer) never ran and
+  // analysis proceeded unemulated. Surface it as a real error; if a future upstream
+  // version adds the argument, the call succeeds and emulation lights up automatically.
+  async emulateReducedMotion(pref) {
+    const resp = await this._mcp.emulate({ reducedMotion: pref });
+    if (typeof resp === 'string' && resp.includes('Unknown argument')) {
+      throw new Error(`emulate does not support reducedMotion in this chrome-devtools-mcp version: ${resp.slice(0, 120)}`);
+    }
+    return resp;
+  }
   resize(w, h)                   { return this._mcp.resize_page({ width: w, height: h }); }
 
   // ── Network & performance ───────────────────────────────────────────────────
-  getNetworkRequest(reqId) { return this._mcp.get_network_request({ requestId: reqId }); }
+  // chrome-devtools-mcp expects the wire parameter "reqid" (sending "requestId"
+  // is rejected with an Unknown-argument error). Callers still pass the numeric
+  // requestId parsed from list_network_requests.
+  getNetworkRequest(reqId) { return this._mcp.get_network_request({ reqid: reqId }); }
   lighthouse(url, opts = {}) { return this._mcp.lighthouse_audit({ url, ...opts }); }
   startTrace()             { return this._mcp.performance_start_trace({}); }
   stopTrace()              { return this._mcp.performance_stop_trace({}); }
   analyzeInsight(opts)     { return this._mcp.performance_analyze_insight(opts); }
 
   // ── Tab management ─────────────────────────────────────────────────────────
+  // list_pages returns markdown text ("## Pages\n1: <url> [selected]") like all
+  // MCP responses — callers parse with parseListPagesResponse (mcp-parsers.js).
   listPages()              { return this._mcp.list_pages({}); }
-  selectPage(tabId)        { return this._mcp.select_page({ pageId: tabId }); }
+  // select_page validates pageId as a number — coerce so callers may pass the
+  // string tabId they received from an MCP tool argument.
+  selectPage(tabId)        { return this._mcp.select_page({ pageId: Number(tabId) }); }
 
   // ── Lifecycle ───────────────────────────────────────────────────────────────
   close()                  { return this._mcp.close(); }

package/src/cli/doctor.js

@@ -47,7 +47,7 @@ export function checkMcpConfig(filePath = '.mcp.json') {
   if (!fs.existsSync(filePath)) {
     return {
       ok:     false,
-      detail: `${path.basename(filePath)} not found — run \`argus init\` or copy .mcp.json from the Argus repo`,
+      detail: `${path.basename(filePath)} not found — create it with: {"mcpServers":{"chrome-devtools":{"command":"npx","args":["-y","chrome-devtools-mcp@1.1.1"]}}}`,
     };
   }
   let parsed;
@@ -63,7 +63,7 @@ export function checkMcpConfig(filePath = '.mcp.json') {
     return cmd.includes('chrome-devtools') || args.some(a => a.includes('chrome-devtools'));
   });
   if (!hasCdp) {
-    return { ok: false, detail: 'No chrome-devtools MCP server entry found in mcpServers' };
+    return { ok: false, detail: 'No chrome-devtools entry in mcpServers — add: "chrome-devtools": {"command":"npx","args":["-y","chrome-devtools-mcp@1.1.1"]}' };
   }
   return { ok: true, detail: `${Object.keys(servers).length} server(s) configured` };
 }

package/src/cli/pr-validate.js

@@ -230,6 +230,11 @@ async function main() {
     const files = await fetchPrFiles(prUrl, token);
     changedFiles.push(...files);
     console.log(`[argus] ${files.length} changed file(s)`);
+    if (files.length >= 300) {
+      // CI annotation lives here (CLI owns stdout) — fetchPrFiles itself only
+      // logs to stderr so the MCP server's JSON-RPC stdout stays clean.
+      console.log('::warning::PR has 300+ changed files — Argus analyzed the first 300. Routes affected by later files may be missed.');
+    }
 
     // Step 2: Map changed files to affected routes
     const routes   = await loadRoutes();

package/src/mcp-server.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 /**
- * Argus MCP Server (v9.6.6)
+ * Argus MCP Server
  *
  * Exposes Argus as an MCP server so Claude (or any MCP client) can call
  * argus_audit, argus_audit_full, argus_compare, argus_last_report, and
@@ -24,8 +24,11 @@ import {
 } from '@modelcontextprotocol/sdk/types.js';
 import fs   from 'fs';
 import path from 'path';
+import { createRequire } from 'module';
 
 import { createMcpClient }                    from './utils/mcp-client.js';
+import { childLogger }                        from './utils/logger.js';
+import { parseListPagesResponse }             from './utils/mcp-parsers.js';
 import { crawlRouteCheap, runCrawl }          from './orchestration/crawl-and-report.js';
 import { runComparison }                      from './orchestration/env-comparison.js';
 import { WatchSession }                       from './orchestration/watch-mode.js';
@@ -35,6 +38,13 @@ import { analyzeDesignFidelity }             from './utils/design-fidelity-analy
 import { analyzeVisualRegression }           from './utils/visual-diff-analyzer.js';
 import { fetchPrFiles, mapFilesToRoutes } from './utils/pr-diff-analyzer.js';
 
+const logger = childLogger('mcp-server');
+
+// Read version from package.json so the MCP server always self-reports the
+// published package version (a hardcoded string here drifted in the past).
+const require_ = createRequire(import.meta.url);
+const pkg = require_('../package.json');
+
 const REPORTS_DIR = path.resolve(process.cwd(), 'reports');
 
 // Fix loop: stores up to 20 snapshots keyed by snapshot_id so argus_get_context
@@ -65,7 +75,7 @@ function cacheAudit(url, result) {
 const TOOLS = [
   {
     name: 'argus_audit',
-    description: 'Fast QA audit on a URL via Chrome DevTools Protocol. Runs 8 analyzers in one pass: JS errors, unhandled rejections, network failures (4xx/5xx), API frequency loops, CSS cascade issues, SEO violations, security header checks, and accessibility. Returns { findings: [{severity, type, message, url}], summary: {critical, warning, info} }. Use for CI smoke tests and pre-deploy gates. Pass cache: true to skip re-crawl on repeat calls to the same URL within a session — useful in tight fix loops. For Lighthouse scoring and memory leak detection, use argus_audit_full. Requires Chrome running with --remote-debugging-port=9222.',
+    description: 'Fast QA audit on a URL via Chrome DevTools Protocol. One-pass detection sweep: JS errors, unhandled rejections, network failures (4xx/5xx), CORS errors, API frequency loops, slow APIs and blocking third-party requests, API contract violations, sync XHR, document.write, long tasks, service worker failures, debugger statements, duplicate IDs, SEO violations, security header checks, content quality, Chrome DevTools Issues panel, and HTTPS enforcement. Returns { findings: [{severity, type, message, url}], summary: {critical, warning, info} }. Use for CI smoke tests and pre-deploy gates. Pass cache: true to skip re-crawl on repeat calls to the same URL within a session — useful in tight fix loops. For Lighthouse scoring, CSS analysis, responsive checks, and memory leak detection, use argus_audit_full. Requires Chrome running with --remote-debugging-port=9222.',
     inputSchema: {
       type: 'object',
       properties: {
@@ -181,6 +191,9 @@ async function withMcp(fn) {
 async function handleAudit({ url, critical = false, cache = false }) {
   if (cache && auditCache.has(url)) {
     const { result, ts } = auditCache.get(url);
+    // Refresh recency on read so eviction is true LRU, not insertion-order FIFO.
+    auditCache.delete(url);
+    auditCache.set(url, { result, ts });
     return { content: [{ type: 'text', text: JSON.stringify({ ...result, _cached: true, _cachedAt: new Date(ts).toISOString() }, null, 2) }] };
   }
   return withMcp(async (mcp) => {
@@ -243,12 +256,13 @@ async function handleGetContext({ url, snapshot_id: prevId, tabId } = {}) {
     const { findings, newConsole, newNetwork } = await session.poll();
 
     // List all open tabs so the caller can target a specific tab on the next call.
+    // list_pages returns markdown text ("## Pages\n1: <url> [selected]") — parse
+    // it like every other MCP response; treating it as a structured array left
+    // open_tabs permanently empty.
     let open_tabs = [];
     try {
-      const pages = await browser.listPages();
-      if (Array.isArray(pages)) {
-        open_tabs = pages.map(p => ({ id: p.id ?? p.pageId, url: p.url, title: p.title }));
-      }
+      const pages = parseListPagesResponse(await browser.listPages());
+      open_tabs = pages.map(p => ({ id: p.id, url: p.url, selected: p.selected }));
     } catch { /* list_pages not available in all Chrome configs — degrade gracefully */ }
 
     const newId = Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
@@ -397,8 +411,12 @@ async function handlePrValidate({ prUrl, targetUrl, githubToken, blockOn } = {})
   const allFindings = [];
   const perRoute    = [];
 
+  // Preserve any path prefix in the target URL (e.g. http://host/app) — new URL()
+  // with a leading-slash path would drop it. Mirrors src/cli/pr-validate.js.
+  const baseUrl = String(base).replace(/\/$/, '');
   for (const route of affectedRoutes) {
-    const url = new URL(route.path, base).href;
+    const routePath = String(route.path ?? '/').startsWith('/') ? route.path : `/${route.path}`;
+    const url = `${baseUrl}${routePath}`;
     const res = await handleAudit({ url, critical: route.critical ?? false });
     const data = JSON.parse(res.content[0].text);
     allFindings.push(...(data.findings ?? []));
@@ -447,7 +465,7 @@ async function handleLastReport() {
 // ── Server bootstrap ──────────────────────────────────────────────────────────
 
 const server = new Server(
-  { name: 'argus', version: '9.6.6' },
+  { name: 'argus', version: pkg.version },
   { capabilities: { tools: {} } },
 );
 

package/src/orchestration/orchestrator.js

@@ -370,54 +370,13 @@ function analyzeNetworkPerformance(perfEntries, pageUrl) {
   return bugs;
 }
 
-// ── Performance Budgets ────────────────────────────────────────────────────────
-
-async function checkPerformanceBudgets(browser, url) {
-  const violations = [];
-
-  try {
-    await browser.startTrace();
-    await new Promise(r => setTimeout(r, 3000));
-    const trace    = await browser.stopTrace();
-    const insights = await browser.analyzeInsight({ insightSetId: trace?.insightSetId ?? trace?.id ?? trace });
-
-    const metrics = insights?.metrics ?? insights?.performanceMetrics ?? {};
-
-    const checks = [
-      { key: 'LCP',  value: metrics.largestContentfulPaint ?? metrics.LCP,  budget: thresholds.perf.LCP,  unit: 'ms' },
-      { key: 'CLS',  value: metrics.cumulativeLayoutShift  ?? metrics.CLS,  budget: thresholds.perf.CLS,  unit: ''   },
-      { key: 'FID',  value: metrics.totalBlockingTime ?? metrics.TBT ?? metrics.FID, budget: thresholds.perf.FID, unit: 'ms' },
-      { key: 'TTFB', value: metrics.timeToFirstByte   ?? metrics.TTFB,      budget: thresholds.perf.TTFB, unit: 'ms' },
-    ];
-
-    for (const { key, value, budget, unit } of checks) {
-      if (value == null) continue;
-      if (value > budget) {
-        violations.push({
-          type:      'performance_budget',
-          metric:    key,
-          value:     `${value}${unit}`,
-          budget:    `${budget}${unit}`,
-          message:   `Performance budget exceeded: ${key} = ${value}${unit} (budget: ${budget}${unit})`,
-          severity:  'warning',
-          url,
-        });
-      }
-    }
-  } catch (err) {
-    logger.warn(`[ARGUS] Performance trace skipped for ${url}: ${err.message}`);
-  }
-
-  return violations;
-}
-
 // ── Cheap Crawl (called ×2 for flakiness detection) ───────────────────────────
 
 /**
  * Cheap detections for one route.
  * Runs: console, network, JS errors, blank page, API frequency, contracts,
  *       SEO, security, content, CSS, debugger statements, duplicate ids, screenshot.
- * Does NOT run: Lighthouse, perf budgets, network perf, redirect chain, broken links, cache headers.
+ * Does NOT run: Lighthouse, network perf, redirect chain, broken links, cache headers.
  */
 export async function crawlRouteCheap(route, baseUrl, mcp) {
   const browser = new CdpBrowserAdapter(mcp);
@@ -757,8 +716,11 @@ export async function crawlRouteCheap(route, baseUrl, mcp) {
 
 /**
  * Expensive/deterministic analyzers for one route — called ONCE per route.
- * Runs: network perf, redirect chain, perf budgets, Lighthouse,
+ * Runs: network perf, redirect chain, Lighthouse,
  *       broken internal links, cache headers.
+ * (Core Web Vitals — LCP/CLS/TTFB — are emitted by the web-vitals-analyzer
+ *  registerExpensive plugin, which is headless-compatible; the old trace-based
+ *  perf-budget path was removed as dead + redundant.)
  */
 export async function crawlRouteExpensive(route, baseUrl, mcp) {
   const browser = new CdpBrowserAdapter(mcp);
@@ -805,9 +767,6 @@ export async function crawlRouteExpensive(route, baseUrl, mcp) {
     logger.warn(`[ARGUS] Redirect chain check skipped for ${url}: ${err.message}`);
   }
 
-  // Performance budget check
-  errors.push(...(await checkPerformanceBudgets(browser, url)));
-
   // Full Lighthouse audit (capped at LIGHTHOUSE_TIMEOUT_MS to prevent indefinite hang)
   errors.push(...(await Promise.race([
     checkLighthouse(browser, url),

package/src/orchestration/watch-mode.js

@@ -298,6 +298,13 @@ function classifyNetworkReq(req, url) {
  * the interval-based runWatchMode() entry point.
  */
 export class WatchSession {
+  // Long-run safety caps: a watch session left running for hours against an app
+  // with cache-busted polling URLs would otherwise grow the dedup sets without
+  // bound. When a set exceeds its cap the oldest fifth is evicted (Sets iterate
+  // in insertion order) — worst case a very old message is re-reported once.
+  static MAX_SEEN_KEYS    = 5000;
+  static MAX_ALL_FINDINGS = 2000;
+
   constructor(browser, baseUrl) {
     this._browser     = browser;
     this._baseUrl     = baseUrl;
@@ -306,6 +313,14 @@ export class WatchSession {
     this._allFindings = [];
   }
 
+  /** Evict the oldest 20% of a dedup set once it exceeds the cap. */
+  static _trimSeen(set) {
+    if (set.size <= WatchSession.MAX_SEEN_KEYS) return;
+    const drop = Math.floor(WatchSession.MAX_SEEN_KEYS / 5);
+    const it = set.values();
+    for (let i = 0; i < drop; i++) set.delete(it.next().value);
+  }
+
   /**
    * Run one poll cycle.
    *
@@ -350,6 +365,11 @@ export class WatchSession {
     findings.push(...analyzeSecurityNetwork(newNetwork, this._baseUrl));
 
     this._allFindings.push(...findings);
+    if (this._allFindings.length > WatchSession.MAX_ALL_FINDINGS) {
+      this._allFindings = this._allFindings.slice(-WatchSession.MAX_ALL_FINDINGS);
+    }
+    WatchSession._trimSeen(this._seenConsole);
+    WatchSession._trimSeen(this._seenNetwork);
     return { findings, newConsole, newNetwork };
   }
 

package/src/utils/contract-validator.js

@@ -125,6 +125,32 @@ function loadSchema(contract) {
   return null;
 }
 
+/**
+ * Extract and JSON-parse the response body from a get_network_request result.
+ *
+ * chrome-devtools-mcp returns the request detail as markdown text with the
+ * body under a "### Response Body" section — the dominant production shape.
+ * Structured shapes ({ responseBody } / { body }) are kept for legacy clients.
+ *
+ * @param {any} raw - Raw value returned by browser.getNetworkRequest()
+ * @returns {any|null} Parsed JSON body, or null when absent
+ * @throws {SyntaxError} when a body section exists but is not valid JSON
+ */
+export function extractResponseBody(raw) {
+  if (raw == null) return null;
+  if (typeof raw === 'object') {
+    const text = raw.responseBody ?? raw.body ?? null;
+    if (text == null) return null;
+    return typeof text === 'string' ? JSON.parse(text) : text;
+  }
+  const text = String(raw);
+  const m = text.match(/### Response Body\s*\n([\s\S]*?)(?=\n###? |$)/);
+  if (!m) return null;
+  const section = m[1].trim();
+  if (!section) return null;
+  return JSON.parse(section);
+}
+
 /**
  * Validate captured network requests against apiContracts[].
  * For each request that matches a contract, fetches the response body via
@@ -153,8 +179,7 @@ export async function validateApiContracts(networkReqs, browser, contracts, page
       let body = null;
       try {
         const raw = await browser.getNetworkRequest(req.id ?? req.requestId);
-        const text = raw?.responseBody ?? raw?.body ?? null;
-        if (text) body = JSON.parse(text);
+        body = extractResponseBody(raw);
       } catch {
         continue; // body unavailable — skip validation for this request
       }

package/src/utils/mcp-client.js

@@ -181,11 +181,14 @@ export async function createMcpClient() {
         // MCP returns { content: [{ type, text|data }] } — extract the value
         const content = result?.content;
         if (Array.isArray(content) && content.length > 0) {
-          const item = content[0];
-          if (item.type === 'image') {
-            // take_screenshot returns base64 image data — return in a shape callers expect
-            return { data: item.data, mimeType: item.mimeType ?? 'image/png' };
+          // take_screenshot returns [text caption, image] — the image is NOT content[0],
+          // so scan the whole array for it. Reading only content[0] returned the caption
+          // string and starved every screenshot consumer of image data.
+          const img = content.find(c => c.type === 'image');
+          if (img) {
+            return { data: img.data, mimeType: img.mimeType ?? 'image/png' };
           }
+          const item = content[0];
           if (item.type === 'text') {
             const text = item.text;
             // chrome-devtools-mcp wraps evaluate_script results in a markdown code block:

package/src/utils/mcp-parsers.js

@@ -55,3 +55,23 @@ export function parseNetworkReqResponse(raw) {
   }
   return reqs;
 }
+
+/**
+ * Parse the text response from list_pages.
+ * Format: "## Pages\n1: http://host/page.html [selected]\n2: about:blank"
+ * The numeric prefix is the pageId that select_page expects (as a number).
+ * @param {any} raw - Raw value returned by the MCP tool
+ * @returns {Array<{ id: number, url: string, selected: boolean }>}
+ */
+export function parseListPagesResponse(raw) {
+  if (!raw) return [];
+  if (Array.isArray(raw)) return raw;
+  if (typeof raw !== 'string') return [];
+  const pages = [];
+  const re = /^(\d+):\s+(\S+)(\s+\[selected\])?\s*$/gm;
+  let m;
+  while ((m = re.exec(raw)) !== null) {
+    pages.push({ id: Number(m[1]), url: m[2], selected: Boolean(m[3]) });
+  }
+  return pages;
+}

package/src/utils/pr-diff-analyzer.js

@@ -7,8 +7,16 @@
  *
  * Pure functions + one async fetch — no Chrome, no MCP, no AI verdict.
  * AI verdict logic ships separately in the private argus-pro repo.
+ *
+ * This module is imported by the MCP server — nothing here may write to
+ * stdout (reserved for JSON-RPC). CI annotations are emitted by the CLI
+ * entry point (src/cli/pr-validate.js), which owns stdout.
  */
 
+import { childLogger } from './logger.js';
+
+const logger = childLogger('pr-diff-analyzer');
+
 /**
  * Parse a GitHub PR URL into its owner/repo/prNumber components.
  *
@@ -59,7 +67,7 @@ export async function fetchPrFiles(prUrl, githubToken) {
   }
 
   if (allFiles.length >= 300) {
-    console.log('::warning::PR has 300+ changed files — Argus analyzed the first 300. Routes affected by later files may be missed.');
+    logger.warn('[ARGUS] PR has 300+ changed files — Argus analyzed the first 300. Routes affected by later files may be missed.');
   }
 
   return allFiles;

package/src/utils/root-cause-linker.js

@@ -56,13 +56,19 @@ export function getRecentChanges(repoDir = process.env.ARGUS_SOURCE_DIR || proce
   const changes = [];
   let current = null;
   for (const line of out.split('\n')) {
-    const trimmed = line.trimEnd();
-    if (!trimmed) continue;
-    if (trimmed.includes('\t')) {
-      const [hash, ...subjectParts] = trimmed.split('\t');
+    // Detect commit lines on the RAW line — an empty commit subject leaves a
+    // trailing tab ("abc1234\t") that trimEnd() would strip, misclassifying
+    // the hash as a file path. File lines never contain raw tabs: git quotes
+    // paths with special characters (core.quotePath octal escapes).
+    if (line.includes('\t')) {
+      const [hash, ...subjectParts] = line.trimEnd().split('\t');
       current = { hash, subject: subjectParts.join('\t'), files: [] };
       changes.push(current);
-    } else if (current) {
+      continue;
+    }
+    const trimmed = line.trimEnd();
+    if (!trimmed) continue;
+    if (current) {
       // Git emits paths with forward slashes on every platform
       current.files.push(trimmed);
     }