cli4ai 1.2.0 → 1.2.1

package/src/mcp/adapter.ts

@@ -1,131 +0,0 @@
-/**
- * MCP Adapter - Converts CLI tools to MCP tools
- */
-
-import { spawn } from 'child_process';
-import { type Manifest, type CommandDef } from '../core/manifest.js';
-
-export interface McpTool {
-  name: string;
-  description: string;
-  inputSchema: {
-    type: 'object';
-    properties: Record<string, { type: string; description?: string }>;
-    required: string[];
-  };
-}
-
-export interface McpToolResult {
-  content: Array<{ type: 'text'; text: string }>;
-  isError?: boolean;
-}
-
-/**
- * Convert a CLI command definition to MCP tool format
- */
-export function commandToMcpTool(manifest: Manifest, cmdName: string, cmd: CommandDef): McpTool {
-  const properties: Record<string, { type: string; description?: string }> = {};
-  const required: string[] = [];
-
-  // Convert args to JSON Schema properties
-  if (cmd.args) {
-    for (const arg of cmd.args) {
-      properties[arg.name] = {
-        type: 'string',
-        description: arg.description
-      };
-      if (arg.required) {
-        required.push(arg.name);
-      }
-    }
-  }
-
-  return {
-    name: `${manifest.name}_${cmdName}`,
-    description: `${manifest.name}: ${cmd.description || cmdName}`,
-    inputSchema: {
-      type: 'object',
-      properties,
-      required
-    }
-  };
-}
-
-/**
- * Convert all commands in a manifest to MCP tools
- */
-export function manifestToMcpTools(manifest: Manifest): McpTool[] {
-  const tools: McpTool[] = [];
-
-  if (manifest.commands) {
-    for (const [cmdName, cmdDef] of Object.entries(manifest.commands)) {
-      tools.push(commandToMcpTool(manifest, cmdName, cmdDef));
-    }
-  }
-
-  return tools;
-}
-
-/**
- * Execute a CLI tool command and return MCP-formatted result
- */
-export async function executeTool(
-  entryPath: string,
-  runtime: string,
-  command: string,
-  args: Record<string, string>,
-  argOrder?: string[]
-): Promise<McpToolResult> {
-  return new Promise((resolve) => {
-    // Build command arguments
-    const cmdArgs = [command];
-
-    // Prefer manifest-defined arg order (positional), fall back to stable ordering.
-    const orderedKeys = argOrder ?? Object.keys(args).sort();
-    for (const key of orderedKeys) {
-      const value = args[key];
-      if (value !== undefined && value !== '') cmdArgs.push(value);
-    }
-
-    const runtimeArgs =
-      runtime === 'node'
-        ? [entryPath, ...cmdArgs]
-        : ['run', entryPath, ...cmdArgs];
-
-    const proc = spawn(runtime, runtimeArgs, {
-      stdio: ['pipe', 'pipe', 'pipe'],
-      env: { ...process.env }
-    });
-
-    let stdout = '';
-    let stderr = '';
-
-    proc.stdout.on('data', (data) => {
-      stdout += data.toString();
-    });
-
-    proc.stderr.on('data', (data) => {
-      stderr += data.toString();
-    });
-
-    proc.on('close', (code) => {
-      if (code !== 0) {
-        resolve({
-          content: [{ type: 'text', text: stderr || `Command failed with exit code ${code}` }],
-          isError: true
-        });
-      } else {
-        resolve({
-          content: [{ type: 'text', text: stdout || 'Command completed successfully' }]
-        });
-      }
-    });
-
-    proc.on('error', (err) => {
-      resolve({
-        content: [{ type: 'text', text: `Failed to execute: ${err.message}` }],
-        isError: true
-      });
-    });
-  });
-}

package/src/mcp/config-gen.ts

@@ -1,106 +0,0 @@
-/**
- * MCP Config Generator - Generate Claude Code MCP configuration
- */
-
-import { resolve } from 'path';
-import { type Manifest, tryLoadManifest } from '../core/manifest.js';
-import { findPackage, getGlobalPackages, getLocalPackages, type InstalledPackage } from '../core/config.js';
-
-export interface McpServerConfig {
-  command: string;
-  args: string[];
-  env?: Record<string, string>;
-}
-
-export interface ClaudeCodeConfig {
-  mcpServers: Record<string, McpServerConfig>;
-}
-
-/**
- * Generate MCP server config for a single package
- */
-export function generateServerConfig(
-  manifest: Manifest,
-  _packagePath: string
-): McpServerConfig {
-  // Use cli4ai start command which handles the MCP server
-  return {
-    command: 'cli4ai',
-    args: ['start', manifest.name]
-  };
-}
-
-/**
- * Load manifest for an installed package
- */
-function loadPackageWithManifest(pkg: InstalledPackage): { name: string; path: string; manifest: Manifest } | null {
-  const manifest = tryLoadManifest(pkg.path);
-  if (!manifest) return null;
-  return { name: pkg.name, path: pkg.path, manifest };
-}
-
-/**
- * Generate Claude Code config for installed packages
- */
-export function generateClaudeCodeConfig(
-  cwd: string,
-  options: { global?: boolean; packages?: string[] } = {}
-): ClaudeCodeConfig {
-  const mcpServers: Record<string, McpServerConfig> = {};
-
-  // Get installed packages
-  let installedPackages: InstalledPackage[] = [];
-
-  if (options.packages && options.packages.length > 0) {
-    // Specific packages requested
-    for (const pkgName of options.packages) {
-      const pkg = findPackage(pkgName, cwd);
-      if (pkg) {
-        installedPackages.push(pkg);
-      }
-    }
-  } else {
-    // All installed packages
-    if (options.global) {
-      installedPackages = getGlobalPackages();
-    } else {
-      installedPackages = [
-        ...getLocalPackages(cwd),
-        ...getGlobalPackages()
-      ];
-    }
-  }
-
-  // Load manifests and filter to MCP-enabled packages
-  for (const pkg of installedPackages) {
-    const pkgWithManifest = loadPackageWithManifest(pkg);
-    if (pkgWithManifest && pkgWithManifest.manifest.mcp?.enabled) {
-      mcpServers[`cli4ai-${pkgWithManifest.name}`] = generateServerConfig(
-        pkgWithManifest.manifest,
-        pkgWithManifest.path
-      );
-    }
-  }
-
-  return { mcpServers };
-}
-
-/**
- * Format config as JSON for Claude Code
- */
-export function formatClaudeCodeConfig(config: ClaudeCodeConfig): string {
-  return JSON.stringify(config, null, 2);
-}
-
-/**
- * Generate config snippet for adding to existing claude_desktop_config.json
- */
-export function generateConfigSnippet(
-  manifest: Manifest,
-  packagePath: string
-): string {
-  const serverConfig = generateServerConfig(manifest, packagePath);
-  const serverName = `cli4ai-${manifest.name}`;
-
-  return `"${serverName}": ${JSON.stringify(serverConfig, null, 2)}`;
-}

package/src/mcp/server.ts

@@ -1,365 +0,0 @@
-/**
- * MCP Server - Expose CLI tools as MCP tools
- *
- * Implements the Model Context Protocol (MCP) over stdio
- * https://modelcontextprotocol.io/
- *
- * SECURITY: Includes execution safeguards:
- * - Audit logging of all tool calls
- * - Rate limiting to prevent abuse
- * - Trust level tracking for packages
- */
-
-import { spawn } from 'child_process';
-import { resolve } from 'path';
-import { appendFileSync, existsSync, mkdirSync } from 'fs';
-import { homedir } from 'os';
-import { type Manifest } from '../core/manifest.js';
-import { manifestToMcpTools, type McpTool } from './adapter.js';
-import { getSecret } from '../core/secrets.js';
-import { loadConfig } from '../core/config.js';
-
-// ═══════════════════════════════════════════════════════════════════════════
-// SECURITY: Audit logging and rate limiting
-// ═══════════════════════════════════════════════════════════════════════════
-
-const AUDIT_LOG_DIR = resolve(homedir(), '.cli4ai', 'logs');
-const RATE_LIMIT_WINDOW_MS = 60000; // 1 minute
-const RATE_LIMIT_MAX_CALLS = 100; // Max calls per minute per tool
-
-interface RateLimitEntry {
-  count: number;
-  windowStart: number;
-}
-
-/**
- * Audit log an MCP tool call for security tracking
- * Can be disabled via `cli4ai config set audit.enabled false`
- */
-function auditLog(
-  packageName: string,
-  toolName: string,
-  args: Record<string, unknown>,
-  result: 'success' | 'error' | 'rate_limited',
-  errorMessage?: string
-): void {
-  try {
-    // Check if audit logging is enabled
-    const config = loadConfig();
-    if (!config.audit?.enabled) {
-      return;
-    }
-
-    if (!existsSync(AUDIT_LOG_DIR)) {
-      mkdirSync(AUDIT_LOG_DIR, { recursive: true });
-    }
-
-    const logEntry = {
-      timestamp: new Date().toISOString(),
-      package: packageName,
-      tool: toolName,
-      // Redact potentially sensitive argument values, keep keys
-      argKeys: Object.keys(args),
-      result,
-      error: errorMessage,
-      pid: process.pid
-    };
-
-    const logFile = resolve(AUDIT_LOG_DIR, `mcp-audit-${new Date().toISOString().slice(0, 10)}.log`);
-    appendFileSync(logFile, JSON.stringify(logEntry) + '\n');
-  } catch {
-    // Don't fail tool execution if logging fails
-  }
-}
-
-interface JsonRpcRequest {
-  jsonrpc: '2.0';
-  id: number | string;
-  method: string;
-  params?: Record<string, unknown>;
-}
-
-interface JsonRpcResponse {
-  jsonrpc: '2.0';
-  id: number | string;
-  result?: unknown;
-  error?: { code: number; message: string; data?: unknown };
-}
-
-/**
- * MCP Server that wraps a CLI tool
- */
-export class McpServer {
-  private manifest: Manifest;
-  private packagePath: string;
-  private tools: McpTool[];
-  private rateLimits: Map<string, RateLimitEntry> = new Map();
-  private totalCallCount: number = 0;
-
-  constructor(manifest: Manifest, packagePath: string) {
-    this.manifest = manifest;
-    this.packagePath = packagePath;
-    this.tools = manifestToMcpTools(manifest);
-  }
-
-  /**
-   * SECURITY: Check if a tool call should be rate limited
-   */
-  private checkRateLimit(toolName: string): { allowed: boolean; retryAfterMs?: number } {
-    const now = Date.now();
-    const entry = this.rateLimits.get(toolName);
-
-    if (!entry || now - entry.windowStart >= RATE_LIMIT_WINDOW_MS) {
-      // Start new window
-      this.rateLimits.set(toolName, { count: 1, windowStart: now });
-      return { allowed: true };
-    }
-
-    if (entry.count >= RATE_LIMIT_MAX_CALLS) {
-      const retryAfterMs = RATE_LIMIT_WINDOW_MS - (now - entry.windowStart);
-      return { allowed: false, retryAfterMs };
-    }
-
-    entry.count++;
-    return { allowed: true };
-  }
-
-  /**
-   * Start the MCP server (stdio mode)
-   */
-  async start(): Promise<void> {
-    process.stdin.setEncoding('utf8');
-
-    let buffer = '';
-
-    process.stdin.on('data', (chunk: string) => {
-      buffer += chunk;
-
-      // Try to parse complete JSON-RPC messages
-      const lines = buffer.split('\n');
-      buffer = lines.pop() || '';
-
-      for (const line of lines) {
-        if (line.trim()) {
-          this.handleMessage(line.trim());
-        }
-      }
-    });
-
-    process.stdin.on('end', () => {
-      process.exit(0);
-    });
-  }
-
-  private handleMessage(message: string): void {
-    try {
-      const request = JSON.parse(message) as JsonRpcRequest;
-      this.handleRequest(request);
-    } catch (err) {
-      this.sendError(null, -32700, 'Parse error');
-    }
-  }
-
-  private async handleRequest(request: JsonRpcRequest): Promise<void> {
-    const { id, method, params } = request;
-
-    try {
-      switch (method) {
-        case 'initialize':
-          this.sendResult(id, {
-            protocolVersion: '2024-11-05',
-            capabilities: {
-              tools: {}
-            },
-            serverInfo: {
-              name: `cli4ai-${this.manifest.name}`,
-              version: this.manifest.version
-            }
-          });
-          break;
-
-        case 'initialized':
-          // No response needed
-          break;
-
-        case 'tools/list':
-          this.sendResult(id, {
-            tools: this.tools.map(t => ({
-              name: t.name,
-              description: t.description,
-              inputSchema: t.inputSchema
-            }))
-          });
-          break;
-
-        case 'tools/call':
-          await this.handleToolCall(id, params as { name: string; arguments?: Record<string, string> });
-          break;
-
-        case 'ping':
-          this.sendResult(id, {});
-          break;
-
-        default:
-          this.sendError(id, -32601, `Method not found: ${method}`);
-      }
-    } catch (err) {
-      this.sendError(id, -32603, (err as Error).message);
-    }
-  }
-
-  private async handleToolCall(
-    id: number | string,
-    params: { name: string; arguments?: Record<string, string> }
-  ): Promise<void> {
-    const { name, arguments: args = {} } = params;
-
-    // SECURITY: Rate limiting
-    const rateCheck = this.checkRateLimit(name);
-    if (!rateCheck.allowed) {
-      auditLog(this.manifest.name, name, args, 'rate_limited');
-      this.sendError(id, -32000, `Rate limit exceeded. Retry after ${Math.ceil((rateCheck.retryAfterMs || 0) / 1000)}s`);
-      return;
-    }
-
-    // Track total calls for monitoring
-    this.totalCallCount++;
-
-    // Parse tool name: package_command
-    const parts = name.split('_');
-    if (parts.length < 2 || parts[0] !== this.manifest.name) {
-      auditLog(this.manifest.name, name, args, 'error', 'Unknown tool');
-      this.sendError(id, -32602, `Unknown tool: ${name}`);
-      return;
-    }
-
-    const command = parts.slice(1).join('_');
-    const cmdDef = this.manifest.commands?.[command];
-
-    if (!cmdDef) {
-      auditLog(this.manifest.name, name, args, 'error', 'Unknown command');
-      this.sendError(id, -32602, `Unknown command: ${command}`);
-      return;
-    }
-
-    // Build command arguments in order
-    const cmdArgs: string[] = [command];
-    if (cmdDef.args) {
-      for (const argDef of cmdDef.args) {
-        const value = args[argDef.name];
-        if (value !== undefined && value !== '') {
-          cmdArgs.push(String(value));
-        } else if (argDef.required) {
-          auditLog(this.manifest.name, name, args, 'error', `Missing required argument: ${argDef.name}`);
-          this.sendError(id, -32602, `Missing required argument: ${argDef.name}`);
-          return;
-        }
-      }
-    }
-
-    // Execute the CLI tool
-    const entryPath = resolve(this.packagePath, this.manifest.entry);
-
-    try {
-      const result = await this.executeCommand(entryPath, cmdArgs);
-      auditLog(this.manifest.name, name, args, 'success');
-      this.sendResult(id, {
-        content: [{ type: 'text', text: result }]
-      });
-    } catch (err) {
-      const errorMessage = (err as Error).message;
-      auditLog(this.manifest.name, name, args, 'error', errorMessage);
-      this.sendResult(id, {
-        content: [{ type: 'text', text: errorMessage }],
-        isError: true
-      });
-    }
-  }
-
-  private executeCommand(entryPath: string, args: string[]): Promise<string> {
-    return new Promise((resolve, reject) => {
-      // Use tsx for TypeScript files, node for JavaScript
-      let cmd: string;
-      let cmdArgs: string[];
-      if (entryPath.endsWith('.ts') || entryPath.endsWith('.tsx')) {
-        cmd = 'npx';
-        cmdArgs = ['tsx', entryPath, ...args];
-      } else {
-        cmd = 'node';
-        cmdArgs = [entryPath, ...args];
-      }
-
-      // Inject secrets from manifest env definitions
-      // SECURITY: Use package-scoped secret lookup (tries scoped first, then global)
-      const secretsEnv: Record<string, string> = {};
-      if (this.manifest.env) {
-        for (const key of Object.keys(this.manifest.env)) {
-          const value = getSecret(key, this.manifest.name);
-          if (value) {
-            secretsEnv[key] = value;
-          }
-        }
-      }
-
-      const proc = spawn(cmd, cmdArgs, {
-        stdio: ['pipe', 'pipe', 'pipe'],
-        env: { ...process.env, ...secretsEnv }
-      });
-
-      let stdout = '';
-      let stderr = '';
-
-      proc.stdout.on('data', (data) => {
-        stdout += data.toString();
-      });
-
-      proc.stderr.on('data', (data) => {
-        stderr += data.toString();
-      });
-
-      proc.on('close', (code) => {
-        if (code !== 0) {
-          reject(new Error(stderr || `Exit code ${code}`));
-        } else {
-          resolve(stdout);
-        }
-      });
-
-      proc.on('error', (err) => {
-        reject(err);
-      });
-    });
-  }
-
-  private sendResult(id: number | string | null, result: unknown): void {
-    if (id === null) return;
-
-    const response: JsonRpcResponse = {
-      jsonrpc: '2.0',
-      id,
-      result
-    };
-    console.log(JSON.stringify(response));
-  }
-
-  private sendError(id: number | string | null, code: number, message: string): void {
-    // Per JSON-RPC 2.0 spec, error responses for parse errors should include id: null
-    // For other errors where id is null (shouldn't happen), we skip the response
-    if (id === null && code !== -32700) return;
-
-    const response: JsonRpcResponse = {
-      jsonrpc: '2.0',
-      id: id as number | string, // For parse errors (-32700), this will be cast from null
-      error: { code, message }
-    };
-    console.log(JSON.stringify(response));
-  }
-}
-
-/**
- * Start MCP server for a package
- */
-export async function startMcpServer(manifest: Manifest, packagePath: string): Promise<void> {
-  const server = new McpServer(manifest, packagePath);
-  await server.start();
-}