claude-crap 0.3.1 → 0.3.4

package/plugin/bundle/launcher.mjs

@@ -0,0 +1,112 @@
+#!/usr/bin/env node
+// @ts-check
+/**
+ * claude-crap :: MCP server launcher — zero-dependency bootstrap wrapper.
+ *
+ * This file is the actual entry point declared in `.mcp.json`. It
+ * ensures the MCP server's runtime dependencies (fastify, pino,
+ * tree-sitter, etc.) are installed before the server's static ESM
+ * `import` statements fire. Without this guard, a clean install from
+ * git would fail with ERR_MODULE_NOT_FOUND because `node_modules/`
+ * is not committed to the repository.
+ *
+ * Design constraints:
+ *
+ *   - ZERO external dependencies — only Node.js builtins.
+ *   - Synchronous check + install so the control flow is linear.
+ *   - All output goes to stderr (fd 2) to preserve the MCP JSON-RPC
+ *     channel on stdout.
+ *   - Must work on macOS, Linux, and Windows.
+ *
+ * After dependencies are guaranteed to exist, this module dynamically
+ * imports `./mcp-server.mjs` which handles the rest of the startup.
+ *
+ * @module launcher
+ */
+
+import { existsSync, readFileSync } from "node:fs";
+import { execFileSync } from "node:child_process";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+/**
+ * The plugin root is one level above `bundle/`. This is where
+ * `package.json` lives and where `npm install` must run.
+ *
+ * In the deployed layout:
+ *   ~/.claude/plugins/cache/<marketplace>/<plugin>/<version>/
+ *     ├── package.json          ← PLUGIN_ROOT
+ *     ├── node_modules/         ← created by ensureDependencies()
+ *     └── bundle/
+ *         ├── launcher.mjs      ← this file
+ *         └── mcp-server.mjs    ← the real entry point
+ */
+const PLUGIN_ROOT = resolve(__dirname, "..");
+
+/**
+ * Check whether all runtime dependencies are installed. When they are
+ * not, run `npm install --omit=dev` synchronously and verify success.
+ *
+ * The check is deliberately simple: if the `node_modules/` directory
+ * exists we assume all packages are present. A more thorough check
+ * would resolve every external, but the cost of a false-positive skip
+ * is a cryptic ERR_MODULE_NOT_FOUND — vs. a ~5s npm install on first
+ * run. Speed wins.
+ */
+function ensureDependencies() {
+  const nodeModulesPath = join(PLUGIN_ROOT, "node_modules");
+  if (existsSync(nodeModulesPath)) return; // fast path — already installed
+
+  // ── Report what we're about to install ────────────────────────────
+  let depsSummary = "(unable to read package.json)";
+  try {
+    const pkgPath = join(PLUGIN_ROOT, "package.json");
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+    const deps = Object.entries(pkg.dependencies || {});
+    depsSummary = deps.map(([n, v]) => `${n}@${v}`).join(", ");
+  } catch {
+    /* proceed anyway — the install itself will surface any real error */
+  }
+
+  process.stderr.write(
+    `[claude-crap] node_modules/ not found — installing runtime dependencies...\n` +
+      `[claude-crap] deps: ${depsSummary}\n`,
+  );
+
+  // ── Run npm install synchronously ─────────────────────────────────
+  try {
+    execFileSync("npm", [
+      "install",
+      "--omit=dev",
+      "--no-audit",
+      "--no-fund",
+      "--no-progress",
+      "--loglevel=error",
+    ], {
+      cwd: PLUGIN_ROOT,
+      stdio: ["ignore", "pipe", "pipe"],
+      timeout: 120_000, // 2 minutes — generous for slow networks
+      env: { ...process.env, NODE_ENV: "production" },
+    });
+    process.stderr.write("[claude-crap] dependencies installed successfully.\n");
+  } catch (err) {
+    const stderr = /** @type {any} */ (err).stderr?.toString?.() ?? "";
+    const lastLines = stderr.split("\n").filter(Boolean).slice(-20).join("\n");
+    process.stderr.write(
+      `[claude-crap] FATAL: npm install failed (exit ${/** @type {any} */ (err).status ?? "unknown"}).\n` +
+        (lastLines ? `${lastLines}\n` : "") +
+        `[claude-crap] Try manually: cd "${PLUGIN_ROOT}" && npm install --omit=dev\n`,
+    );
+    process.exit(1);
+  }
+}
+
+// ── Bootstrap ─────────────────────────────────────────────────────────
+ensureDependencies();
+
+// Now that node_modules/ exists, the static ESM imports inside
+// mcp-server.mjs can resolve. Dynamic import avoids top-level
+// resolution failures.
+await import("./mcp-server.mjs");

package/plugin/bundle/mcp-server.mjs

@@ -7236,6 +7236,7 @@ function loadConfig() {
 
 // src/dashboard/server.ts
 import { promises as fs2 } from "node:fs";
+import { createServer as createTcpServer } from "node:net";
 import { dirname as dirname2, resolve as resolve2 } from "node:path";
 import { fileURLToPath as fileURLToPath2 } from "node:url";
 import Fastify from "fastify";
@@ -7414,18 +7415,28 @@ async function startDashboard(options) {
   });
   await fastify.register(fastifyStatic, {
     root: publicRoot,
-    prefix: "/",
-    decorateReply: false
+    prefix: "/"
   });
-  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.1.0" }));
+  fastify.get("/api/health", async () => ({ status: "ok", server: "claude-crap", version: "0.3.4" }));
   fastify.get("/api/score", async () => {
     const stats = await workspaceStatsProvider();
     const score = await buildScore(config, sarifStore, stats, urlOf(fastify, config));
     return score;
   });
   fastify.get("/api/sarif", async () => sarifStore.toSarifDocument());
-  await fastify.listen({ port: config.dashboardPort, host: "127.0.0.1" });
-  const url = `http://127.0.0.1:${config.dashboardPort}`;
+  fastify.get("/", async (_request, reply) => {
+    return reply.sendFile("index.html");
+  });
+  const MAX_PORT_RETRIES = 4;
+  const boundPort = await findFreePort(config.dashboardPort, MAX_PORT_RETRIES, logger2);
+  await fastify.listen({ port: boundPort, host: "127.0.0.1" });
+  const url = `http://127.0.0.1:${boundPort}`;
+  if (boundPort !== config.dashboardPort) {
+    logger2.warn(
+      { url, configuredPort: config.dashboardPort, actualPort: boundPort },
+      "claude-crap dashboard bound to fallback port (configured port was in use)"
+    );
+  }
   logger2.info({ url, publicRoot }, "claude-crap dashboard listening");
   return {
     url,
@@ -7469,6 +7480,34 @@ function urlOf(fastify, config) {
   }
   return `http://127.0.0.1:${config.dashboardPort}`;
 }
+async function findFreePort(startPort, maxRetries, logger2) {
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    const candidatePort = startPort + attempt;
+    const isFree = await new Promise((resolvePromise) => {
+      const probe = createTcpServer();
+      probe.once("error", (err) => {
+        if (err.code === "EADDRINUSE") {
+          resolvePromise(false);
+        } else {
+          resolvePromise(false);
+        }
+      });
+      probe.listen({ port: candidatePort, host: "127.0.0.1" }, () => {
+        probe.close(() => resolvePromise(true));
+      });
+    });
+    if (isFree) return candidatePort;
+    if (attempt < maxRetries) {
+      logger2.info(
+        { port: candidatePort, nextPort: candidatePort + 1 },
+        "dashboard port in use, trying next"
+      );
+    }
+  }
+  throw new Error(
+    `[claude-crap] dashboard: all ports ${startPort}\u2013${startPort + maxRetries} are in use`
+  );
+}
 async function buildScore(config, sarifStore, workspace, dashboardUrl) {
   return computeProjectScore({
     workspaceRoot: config.pluginRoot,
@@ -8083,6 +8122,10 @@ function resolveWithinWorkspace(workspaceRoot, filePath) {
   return candidate;
 }
 
+// src/scanner/auto-scan.ts
+import { existsSync as existsSync4 } from "node:fs";
+import { join as join9 } from "node:path";
+
 // src/scanner/detector.ts
 import { existsSync, readFileSync as readFileSync2 } from "node:fs";
 import { join as join6 } from "node:path";
@@ -8264,7 +8307,8 @@ function runScanner(scanner, workspaceRoot) {
       },
       (err, stdout, stderr) => {
         const durationMs = Date.now() - start;
-        if (err && !cmd.nonZeroIsNormal) {
+        const isFatalError = cmd.nonZeroIsNormal && err && (!stdout?.trim() || stderr?.includes("Oops!") || stderr?.includes("couldn't find"));
+        if (err && (!cmd.nonZeroIsNormal || isFatalError)) {
           if (cmd.outputFile && existsSync2(cmd.outputFile)) {
             try {
               const fileOutput = readFileSync3(cmd.outputFile, "utf-8");
@@ -8375,7 +8419,14 @@ export default tseslint.config(
   js.configs.recommended,
   ...tseslint.configs.recommended,
   {
-    ignores: ["dist/", "node_modules/", "coverage/"],
+    ignores: [
+      "dist/",
+      "node_modules/",
+      "coverage/",
+      "**/bundle/",
+      "**/vendor/",
+      "**/*.min.js",
+    ],
   },
 );
 `;
@@ -8385,7 +8436,14 @@ export default tseslint.config(
 export default [
   js.configs.recommended,
   {
-    ignores: ["dist/", "node_modules/", "coverage/"],
+    ignores: [
+      "dist/",
+      "node_modules/",
+      "coverage/",
+      "**/bundle/",
+      "**/vendor/",
+      "**/*.min.js",
+    ],
   },
 ];
 `;
@@ -8475,7 +8533,8 @@ function getRecommendation(projectType) {
 async function bootstrapScanner(workspaceRoot, sarifStore, logger2) {
   const detections = await detectScanners(workspaceRoot);
   const available = detections.filter((d) => d.available);
-  if (available.length > 0) {
+  const eslintNeedsConfig = available.some((d) => d.scanner === "eslint") && !detections.some((d) => d.scanner === "eslint" && d.configPath);
+  if (available.length > 0 && !eslintNeedsConfig) {
     const existingScanners = available.map((d) => d.scanner);
     logger2.info(
       { existingScanners },
@@ -8500,13 +8559,23 @@ async function bootstrapScanner(workspaceRoot, sarifStore, logger2) {
   );
   if (recommendation.canAutoInstall) {
     const isTypeScript = projectType === "typescript";
-    const packages = isTypeScript ? ["eslint", "@eslint/js", "typescript-eslint"] : ["eslint", "@eslint/js"];
-    const installStep = await npmInstall(workspaceRoot, packages);
-    steps.push(installStep);
-    if (installStep.success) {
-      const configStep = writeEslintConfigFile(workspaceRoot, isTypeScript);
-      steps.push(configStep);
+    const eslintAlreadyInstalled = available.some((d) => d.scanner === "eslint");
+    if (!eslintAlreadyInstalled) {
+      const packages = isTypeScript ? ["eslint", "@eslint/js", "typescript-eslint"] : ["eslint", "@eslint/js"];
+      const installStep = await npmInstall(workspaceRoot, packages);
+      steps.push(installStep);
+      if (!installStep.success) {
+        return buildResult(projectType, steps, null);
+      }
+    } else {
+      steps.push({
+        action: "npm install eslint",
+        success: true,
+        detail: "eslint already in package.json \u2014 skipped install"
+      });
     }
+    const configStep = writeEslintConfigFile(workspaceRoot, isTypeScript);
+    steps.push(configStep);
   } else {
     steps.push({
       action: `suggest ${recommendation.scanner} install`,
@@ -8570,17 +8639,21 @@ async function bootstrapScanner(workspaceRoot, sarifStore, logger2) {
       );
     }
   }
+  return buildResult(projectType, steps, autoScanResult, recommendation);
+}
+function buildResult(projectType, steps, autoScanResult, recommendation) {
+  const success = steps.every((s) => s.success);
   const findings = autoScanResult?.totalFindings ?? 0;
-  const scannerInstalled = recommendation.canAutoInstall && installSucceeded;
+  const scanner = recommendation?.scanner ?? "unknown";
   let summary;
-  if (scannerInstalled && autoScanResult) {
-    summary = `Installed ${recommendation.scanner} for ${projectType} project. Auto-scan found ${findings} finding(s).`;
-  } else if (scannerInstalled) {
-    summary = `Installed ${recommendation.scanner} for ${projectType} project. Auto-scan did not run.`;
-  } else if (!recommendation.canAutoInstall) {
-    summary = `Detected ${projectType} project. Install ${recommendation.scanner} manually: ${recommendation.installInstructions}`;
+  if (success && autoScanResult) {
+    summary = `Configured ${scanner} for ${projectType} project. Scan found ${findings} finding(s).`;
+  } else if (success && recommendation && !recommendation.canAutoInstall) {
+    summary = `Detected ${projectType} project. Install ${scanner} manually: ${recommendation.installInstructions}`;
+  } else if (success) {
+    summary = `Configured ${scanner} for ${projectType} project.`;
   } else {
-    summary = `Failed to install ${recommendation.scanner}. Check the error details in the steps.`;
+    summary = `Failed to configure ${scanner}. Check the error details in the steps.`;
   }
   return {
     projectType,
@@ -8588,7 +8661,7 @@ async function bootstrapScanner(workspaceRoot, sarifStore, logger2) {
     existingScanners: [],
     steps,
     autoScanResult,
-    success: installSucceeded,
+    success,
     summary
   };
 }
@@ -8616,6 +8689,35 @@ async function autoScan(workspaceRoot, sarifStore, logger2) {
     },
     "auto-scan: detection complete"
   );
+  const eslintConfigFiles = [
+    "eslint.config.js",
+    "eslint.config.mjs",
+    "eslint.config.cjs",
+    "eslint.config.ts",
+    "eslint.config.mts",
+    "eslint.config.cts",
+    ".eslintrc.js",
+    ".eslintrc.cjs",
+    ".eslintrc.yaml",
+    ".eslintrc.yml",
+    ".eslintrc.json"
+  ];
+  const eslintDetected = available.some((d) => d.scanner === "eslint");
+  const hasEslintConfig = eslintConfigFiles.some((f) => existsSync4(join9(workspaceRoot, f)));
+  if (eslintDetected && !hasEslintConfig) {
+    logger2.info("auto-scan: ESLint detected but no config \u2014 running bootstrap");
+    try {
+      const bootstrapResult = await bootstrapScanner(workspaceRoot, sarifStore, logger2);
+      if (bootstrapResult.autoScanResult) {
+        return bootstrapResult.autoScanResult;
+      }
+    } catch (err) {
+      logger2.warn(
+        { err: err.message },
+        "auto-scan: bootstrap config creation failed"
+      );
+    }
+  }
   if (available.length === 0) {
     logger2.info("auto-scan: no scanners found, attempting bootstrap");
     try {