npm - ftp-mcp - Versions diffs - 1.2.0 → 1.2.2 - Mend

ftp-mcp 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -86,7 +86,7 @@ export FTPMCP_AGENT="pageant"
 ### 3. Client Integration
-Register the MCP server directly to your AI Code Editor (Cursor, VSCode with Roo, Windsurf, or Amplitude).
+Register the MCP server directly to your AI Code Editor (Cursor, Cline, Claude Desktop, Windsurf, etc.).
 Example integration:
 - **Command:** `npx`
@@ -151,6 +151,10 @@ Deploy environments utilizing deep comparison trees via `ftp_sync`.
 - Audit Logging is continuously enabled. Ensure the terminal running the MCP protocol maintains structural write-permissions to the local project deployment folder.
 - Ensure any `currentConfig` caching resets are tied exclusively to `ftp_connect` profile pivoting.
+## Changelog
+See [CHANGELOG.md](CHANGELOG.md) for a detailed list of changes in each release.
 ## License
 [MIT](LICENSE)

package/index.js CHANGED Viewed

@@ -27,7 +27,7 @@ const CONFIG_FILE = process.env.FTP_CONFIG_PATH || path.join(process.cwd(), DEFA
 // --init: scaffold .ftpconfig.example into the user's current working directory
 if (process.argv.includes("--init")) {
   try {
-    const { intro, outro, text, password: promptPassword, select, confirm, note } = await import("@clack/prompts");
+    const { intro, outro, text, password: promptPassword, select, confirm, note, isCancel } = await import("@clack/prompts");
     intro('🚀 Welcome to FTP-MCP Initialization Wizard');
@@ -36,30 +36,35 @@ if (process.argv.includes("--init")) {
       placeholder: 'sftp://127.0.0.1',
       validate: (val) => val.length === 0 ? "Host is required!" : undefined,
     });
+    if (isCancel(host)) { outro('Setup cancelled.'); process.exit(0); }
     const user = await text({
       message: 'Enter your Username',
       validate: (val) => val.length === 0 ? "User is required!" : undefined,
     });
+    if (isCancel(user)) { outro('Setup cancelled.'); process.exit(0); }
     const pass = await promptPassword({
       message: 'Enter your Password (optional if using keys)',
     });
+    if (isCancel(pass)) { outro('Setup cancelled.'); process.exit(0); }
     const port = await text({
       message: 'Enter port (optional, defaults to 21 for FTP, 22 for SFTP)',
       placeholder: '22'
     });
+    if (isCancel(port)) { outro('Setup cancelled.'); process.exit(0); }
-    const isSFTP = host.startsWith('sftp://');
+    const isSFTP = typeof host === 'string' && host.startsWith('sftp://');
     let privateKey = '';
     if (isSFTP) {
       const usesKey = await confirm({ message: 'Are you using an SSH Private Key instead of a password?' });
-      if (usesKey) {
+      if (!isCancel(usesKey) && usesKey) {
         privateKey = await text({
           message: 'Path to your private key (e.g. ~/.ssh/id_rsa)',
         });
+        if (isCancel(privateKey)) { outro('Setup cancelled.'); process.exit(0); }
       }
     }
@@ -450,7 +455,7 @@ function releaseClient(config) {
 async function getTreeRecursive(client, useSFTP, remotePath, depth = 0, maxDepth = 10) {
   if (depth > maxDepth) return [];
-  const files = useSFTP ? await client.list(remotePath) : await client.list(remotePath);
+  const files = await client.list(remotePath);
   const results = [];
   for (const file of files) {
@@ -475,12 +480,13 @@ async function getTreeRecursive(client, useSFTP, remotePath, depth = 0, maxDepth
   return results;
 }
-async function syncFiles(client, useSFTP, localPath, remotePath, direction, ignorePatterns = null, basePath = null, extraExclude = [], dryRun = false, useManifest = true) {
+async function syncFiles(client, useSFTP, localPath, remotePath, direction, ignorePatterns = null, basePath = null, extraExclude = [], dryRun = false, useManifest = true, _isTopLevel = false) {
   const stats = { uploaded: 0, downloaded: 0, skipped: 0, errors: [], ignored: 0, filesToChange: [] };
   if (ignorePatterns === null) {
     ignorePatterns = await loadIgnorePatterns(localPath);
     basePath = localPath;
+    _isTopLevel = true;
     if (useManifest) await syncManifestManager.load();
   }
@@ -496,8 +502,8 @@ async function syncFiles(client, useSFTP, localPath, remotePath, direction, igno
       const remoteFilePath = `${remotePath}/${file.name}`;
       // In some environments (like Windows with ftp-srv), rapid transfers cause ECONNRESET.
-      // A slightly longer delay helps stabilize the socket state during sequence.
-      await new Promise(r => setTimeout(r, 250));
+      // A short delay helps stabilize the socket state during sequence (FTP only).
+      if (!useSFTP) await new Promise(r => setTimeout(r, 50));
       // Security check first so we can warn even if it's in .gitignore/.ftpignore
       if (isSecretFile(localFilePath)) {
@@ -602,7 +608,7 @@ async function syncFiles(client, useSFTP, localPath, remotePath, direction, igno
     }
   }
-  if (ignorePatterns === null && useManifest && !dryRun) {
+  if (_isTopLevel && useManifest && !dryRun) {
     await syncManifestManager.save();
   }
@@ -657,7 +663,7 @@ function generateSemanticPreview(filesToChange) {
 const server = new Server(
   {
     name: "ftp-mcp-server",
-    version: "1.2.0",
+    version: "1.2.1",
   },
   {
     capabilities: {
@@ -1182,8 +1188,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
 server.setRequestHandler(CallToolRequestSchema, async (request) => {
   if (request.params.name === "ftp_list_deployments") {
     try {
-      const configPath = path.join(process.cwd(), '.ftpconfig');
-      const configData = await fs.readFile(configPath, 'utf8');
+      const configData = await fs.readFile(CONFIG_FILE, 'utf8');
       const config = JSON.parse(configData);
       if (!config.deployments || Object.keys(config.deployments).length === 0) {
@@ -1216,8 +1221,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
   if (request.params.name === "ftp_deploy") {
     try {
       const { deployment } = request.params.arguments;
-      const configPath = path.join(process.cwd(), '.ftpconfig');
-      const configData = await fs.readFile(configPath, 'utf8');
+      const configData = await fs.readFile(CONFIG_FILE, 'utf8');
       const config = JSON.parse(configData);
       if (!config.deployments || !config.deployments[deployment]) {
@@ -1376,7 +1380,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           let files = getCached(poolKey, 'LIST', path);
           if (!files) {
-            files = useSFTP ? await client.list(path) : await client.list(path);
+            files = await client.list(path);
             files.sort((a, b) => a.name.localeCompare(b.name));
             setCached(poolKey, 'LIST', path, files);
           }
@@ -1655,7 +1659,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           let formatted = "";
           if (contentPattern) {
-            const contentRegex = new RegExp(contentPattern, 'gi');
+            const contentRegex = new RegExp(contentPattern, 'i');
             const contentMatches = [];
             for (const item of sliced) {
@@ -1703,7 +1707,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           const path = request.params.arguments?.path || ".";
           let files = getCached(poolKey, 'LIST', path);
           if (!files) {
-            files = useSFTP ? await client.list(path) : await client.list(path);
+            files = await client.list(path);
             setCached(poolKey, 'LIST', path, files);
           }
@@ -2008,7 +2012,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
             if (recursive) {
               await client.removeDir(path);
             } else {
-              await client.remove(path);
+              await client.send("RMD", path);
             }
           }
@@ -2045,11 +2049,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           const txId = await snapshotManager.createSnapshot(client, useSFTP, [oldPath, newPath]);
-          if (useSFTP) {
-            await client.rename(oldPath, newPath);
-          } else {
-            await client.rename(oldPath, newPath);
-          }
+          await client.rename(oldPath, newPath);
           return {
             content: [{ type: "text", text: `Successfully renamed ${oldPath} to ${newPath}\nTransaction ID: ${txId}` }]

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ftp-mcp",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "description": "Enterprise-grade MCP server providing heavily optimized FTP/SFTP operations with smart sync, patch/chunk streaming, caching, and explicit read-only security mappings for AI code assistants.",
   "type": "module",
   "main": "index.js",

package/policy-engine.js CHANGED Viewed

@@ -10,7 +10,12 @@ export class PolicyEngine {
         if (!this.policies.allowedPaths || this.policies.allowedPaths.length === 0) {
             return true; // No restriction
         }
-        return this.policies.allowedPaths.some(allowed => filePath.startsWith(allowed));
+        return this.policies.allowedPaths.some(allowed => {
+            // Normalize: ensure trailing slash to prevent /var/www matching /var/www-evil
+            const normalizedAllowed = allowed.endsWith('/') ? allowed : allowed + '/';
+            const normalizedPath = filePath.endsWith('/') ? filePath : filePath + '/';
+            return normalizedPath.startsWith(normalizedAllowed) || filePath === allowed;
+        });
     }
     checkBlockedGlob(filePath) {